(ci): automated releasing with goreleaser (#5)

Signed-off-by: Bryce Palmer <bpalmer@redhat.com>

Author: everettraven

.github/workflows/release.yml

@@ -0,0 +1,62 @@
+name: release
+
+on:
+  workflow_dispatch:
+  merge_group:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+    - main
+
+jobs:
+  goreleaser:
+    name: goreleaser
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Install Go
+      uses: actions/setup-go@v4
+      with:
+        go-version-file: "go.mod"
+
+    - name: Docker Login
+      if: ${{ github.event_name != 'pull_request' }}
+      uses: docker/login-action@v2
+      with:
+        registry: quay.io
+        username: ${{ secrets.QUAY_USERNAME }}
+        password: ${{ secrets.QUAY_PASSWORD }}
+    
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+
+    - name: Set the release related variables
+      run: |
+        if [[ "${GITHUB_REF}" == "refs/tags/*" ]]; then
+          # Release tags.
+          echo IMAGE_TAG="${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+          echo GORELEASER_ARGS="--clean --timeout=60m" >> $GITHUB_ENV
+          echo ENABLE_RELEASE_PIPELINE=true >> $GITHUB_ENV
+        elif [[ "${GITHUB_REF}" == "refs/heads/*" ]]; then
+          # Branch build.
+          echo IMAGE_TAG="$(echo "${GITHUB_REF#refs/heads/}" | sed -r 's|/+|-|g')" >> $GITHUB_ENV
+          echo GORELEASER_ARGS="--clean --skip-validate --timeout=60m" >> $GITHUB_ENV
+        elif [[ "${GITHUB_REF}" == "refs/pull/*" ]]; then
+          # PR build.
+          echo IMAGE_TAG="pr-$(echo "${GITHUB_REF}" | sed -E 's|refs/pull/([^/]+)/?.*|\1|')" >> $GITHUB_ENV
+        else
+          echo IMAGE_TAG="$(git describe --tags --always)" >> $GITHUB_ENV
+        fi
+
+    - name: Run goreleaser
+      run: make release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}

.gitignore

@@ -5,6 +5,7 @@
 /build
 /dist
 **/bin/
+ansible-operator
 
 # Test artifacts
 **/testbin/

.goreleaser.yml

@@ -0,0 +1,73 @@
+before:
+  hooks:
+    - go mod tidy
+    - go mod download
+builds:
+  - id: binary
+    main: ./cmd/ansible-operator/
+    binary: ansible-operator
+    asmflags: "{{ .Env.GO_BUILD_ASMFLAGS }}"
+    gcflags: "{{ .Env.GO_BUILD_GCFLAGS }}"
+    ldflags: "{{ .Env.GO_BUILD_LDFLAGS }}"
+    mod_timestamp: "{{ .CommitTimestamp }}"
+    goos:
+    - linux
+    goarch:
+    - amd64
+    - arm64
+    - ppc64le
+    - s390x
+dockers:
+- image_templates:
+  - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-amd64"
+  dockerfile: images/ansible-operator/Dockerfile
+  goos: linux
+  goarch: amd64
+  use: buildx
+  build_flag_templates:
+    - "--platform=linux/amd64"
+  extra_files:
+    - "images/ansible-operator/Pipfile"
+    - "images/ansible-operator/Pipfile.lock"
+- image_templates:
+    - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-arm64"
+  dockerfile: images/ansible-operator/Dockerfile
+  goos: linux
+  goarch: arm64
+  use: buildx
+  build_flag_templates:
+    - "--platform=linux/arm64"
+  extra_files:
+    - "images/ansible-operator/Pipfile"
+    - "images/ansible-operator/Pipfile.lock"
+- image_templates:
+    - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-ppc64le"
+  dockerfile: images/ansible-operator/Dockerfile
+  goos: linux
+  goarch: ppc64le
+  use: buildx
+  build_flag_templates:
+    - "--platform=linux/ppc64le"
+  extra_files:
+    - "images/ansible-operator/Pipfile"
+    - "images/ansible-operator/Pipfile.lock"
+- image_templates:
+    - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-s390x"
+  dockerfile: images/ansible-operator/Dockerfile
+  goos: linux
+  goarch: s390x
+  use: buildx
+  build_flag_templates:
+    - "--platform=linux/s390x"
+  extra_files:
+    - "images/ansible-operator/Pipfile"
+    - "images/ansible-operator/Pipfile.lock"
+docker_manifests:
+- name_template: "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}"
+  image_templates:
+    - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-amd64"
+    - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-arm64"
+    - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-ppc64le"
+    - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-s390x"
+release:
+  disable: '{{ ne .Env.ENABLE_RELEASE_PIPELINE "true" }}'

Makefile

@@ -4,34 +4,38 @@ SHELL = /bin/bash
 # This value must be updated to the release tag of the most recent release, a change that must
 # occur in the release commit. IMAGE_VERSION will be removed once each subproject that uses this
 # version is moved to a separate repo and release process.
-export IMAGE_VERSION = v1.31.0
+export IMAGE_VERSION = v0.0.0
 # Build-time variables to inject into binaries
-# export SIMPLE_VERSION = $(shell (test "$(shell git describe --tags)" = "$(shell git describe --tags --abbrev=0)" && echo $(shell git describe --tags)) || echo $(shell git describe --tags --abbrev=0)+git)
-# export GIT_VERSION = $(shell git describe --dirty --tags --always)
-# export GIT_COMMIT = $(shell git rev-parse HEAD)
+export SIMPLE_VERSION = $(shell (test "$(shell git describe --tags)" = "$(shell git describe --tags --abbrev=0)" && echo $(shell git describe --tags)) || echo $(shell git describe --tags --abbrev=0)+git)
+export GIT_VERSION = $(shell git describe --dirty --tags --always)
+export GIT_COMMIT = $(shell git rev-parse HEAD)
 export K8S_VERSION = 1.26.0
 
 # Build settings
 export TOOLS_DIR = tools/bin
 export SCRIPTS_DIR = tools/scripts
 REPO = $(shell go list -m)
-BUILD_DIR = build
-GO_ASMFLAGS = -asmflags "all=-trimpath=$(shell dirname $(PWD))"
-GO_GCFLAGS = -gcflags "all=-trimpath=$(shell dirname $(PWD))"
-GO_BUILD_ARGS = \
-  $(GO_GCFLAGS) $(GO_ASMFLAGS) \
-  -ldflags " \
+BUILD_DIR = .
+export GO_BUILD_ASMFLAGS = all=-trimpath=$(shell dirname $(PWD))
+export GO_BUILD_GCFLAGS = all=-trimpath=$(shell dirname $(PWD))
+export GO_BUILD_LDFLAGS =  \
     -X '$(REPO)/internal/version.Version=$(SIMPLE_VERSION)' \
     -X '$(REPO)/internal/version.GitVersion=$(GIT_VERSION)' \
     -X '$(REPO)/internal/version.GitCommit=$(GIT_COMMIT)' \
     -X '$(REPO)/internal/version.KubernetesVersion=v$(K8S_VERSION)' \
     -X '$(REPO)/internal/version.ImageVersion=$(IMAGE_VERSION)' \
-  " \
+ \
+
+GO_BUILD_ARGS = \
+  -gcflags "$(GO_BUILD_GCFLAGS)" -asmflags "$(GO_BUILD_ASMFLAGS)" -ldflags "$(GO_BUILD_LDFLAGS)"
 
 export GO111MODULE = on
 export CGO_ENABLED = 0
 export PATH := $(PWD)/$(BUILD_DIR):$(PWD)/$(TOOLS_DIR):$(PATH)
 
+export IMAGE_REPO = quay.io/operator-framework/ansible-operator-plugins
+export IMAGE_TAG = dev
+
 ##@ Development
 
 .PHONY: generate
@@ -79,12 +83,7 @@ build/ansible-operator:
 # Convenience wrapper for building all remotely hosted images.
 .PHONY: image-build
 IMAGE_TARGET_LIST = ansible-operator
-image-build: $(foreach i,$(IMAGE_TARGET_LIST),image/$(i)) ## Build all images.
-
-# Convenience wrapper for building dependency base images.
-.PHONY: image-build-base
-IMAGE_BASE_TARGET_LIST = ansible-operator
-image-build-base: $(foreach i,$(IMAGE_BASE_TARGET_LIST),image-base/$(i)) ## Build all images.
+image-build: build $(foreach i,$(IMAGE_TARGET_LIST),image/$(i)) ## Build all images.
 
 # Build an image.
 BUILD_IMAGE_REPO = quay.io/operator-framework
@@ -94,11 +93,7 @@ DOCKER_PROGRESS = --progress plain
 endif
 image/%: export DOCKER_CLI_EXPERIMENTAL = enabled
 image/%:
-	docker buildx build $(DOCKER_PROGRESS) -t $(BUILD_IMAGE_REPO)/$*:dev -f ./images/$*/Dockerfile --load .
-
-image-base/%: export DOCKER_CLI_EXPERIMENTAL = enabled
-image-base/%:
-	docker buildx build $(DOCKER_PROGRESS) -t $(BUILD_IMAGE_REPO)/$*-base:dev -f ./images/$*/base.Dockerfile --load images/$*
+	docker buildx build $(DOCKER_PROGRESS) -t $(BUILD_IMAGE_REPO)/$*-plugins:dev -f ./images/$*/Dockerfile --load . --no-cache
 ##@ Release
 
 ## TODO: Add release targets here
@@ -169,6 +164,22 @@ test-e2e-ansible-molecule:: install dev-install image/ansible-operator ## Run mo
 	go run ./hack/generate/samples/molecule/generate.go
 	./hack/tests/e2e-ansible-molecule.sh
 
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+GORELEASER := $(abspath $(LOCALBIN)/goreleaser)
+GORELEASER_VERSION       ?= v1.16.2
+goreleaser: $(LOCALBIN) ## Build a local copy of goreleaser
+	GOBIN=$(LOCALBIN) go install github.com/goreleaser/goreleaser@$(GORELEASER_VERSION)
+
+export ENABLE_RELEASE_PIPELINE ?= false
+export GORELEASER_ARGS         ?= --snapshot --clean --timeout=60m
+release: IMAGE_TAG = $(GIT_VERSION)
+release: goreleaser ## Runs goreleaser. By default, this will run only as a snapshot and will not publish any artifacts unless it is run with different arguments. To override the arguments, run with "GORELEASER_ARGS=...". When run as a github action from a tag, this target will publish a full release.
+	$(GORELEASER) $(GORELEASER_ARGS)
+
 .DEFAULT_GOAL := help
 .PHONY: help
 help: ## Show this help screen.

hack/generate/samples/ansible/advanced_molecule.go

@@ -201,8 +201,8 @@ func updateDockerfile(dir string) {
 	log.Info("replacing project Dockerfile to use ansible base image with the dev tag")
 	err := kbutil.ReplaceRegexInFile(
 		filepath.Join(dir, "Dockerfile"),
-		"quay.io/operator-framework/ansible-operator:.*",
-		"quay.io/operator-framework/ansible-operator:dev")
+		"quay.io/operator-framework/ansible-operator-plugins:.*",
+		"quay.io/operator-framework/ansible-operator-plugins:dev")
 	pkg.CheckError("replacing Dockerfile", err)
 
 	log.Info("inserting code to Dockerfile")

hack/generate/samples/ansible/memcached_molecule.go

@@ -77,7 +77,7 @@ func ImplementMemcachedMolecule(sample sample.Sample, image string) {
 	}
 
 	log.Info("replacing project Dockerfile to use ansible base image with the dev tag")
-	err := kbutil.ReplaceRegexInFile(filepath.Join(sample.Dir(), "Dockerfile"), "quay.io/operator-framework/ansible-operator:.*", "quay.io/operator-framework/ansible-operator:dev")
+	err := kbutil.ReplaceRegexInFile(filepath.Join(sample.Dir(), "Dockerfile"), "quay.io/operator-framework/ansible-operator-plugins:.*", "quay.io/operator-framework/ansible-operator-plugins:dev")
 	pkg.CheckError("replacing Dockerfile", err)
 
 	log.Info("adding RBAC permissions")

images/ansible-operator/Dockerfile

@@ -1,23 +1,66 @@
-# Build the manager binary
-FROM --platform=$BUILDPLATFORM golang:1.19 as builder
+# This Dockerfile defines the base image for the ansible-operator image.
+# It is built with dependencies that take a while to download, thus speeding
+# up ansible deploy jobs.
+
+FROM registry.access.redhat.com/ubi8/ubi:8.8-1032 AS basebuilder
+
+# Install Rust so that we can ensure backwards compatibility with installing/building the cryptography wheel across all platforms
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+ENV PATH="/root/.cargo/bin:${PATH}"
+RUN rustc --version
+
+# Copy python dependencies (including ansible) to be installed using Pipenv
+COPY images/ansible-operator/Pipfile* ./
+# Instruct pip(env) not to keep a cache of installed packages,
+# to install into the global site-packages and
+# to clear the pipenv cache as well
+ENV PIP_NO_CACHE_DIR=1 \
+    PIPENV_SYSTEM=1 \
+    PIPENV_CLEAR=1
+# Ensure fresh metadata rather than cached metadata, install system and pip python deps,
+# and remove those not needed at runtime.
+RUN set -e && yum clean all && rm -rf /var/cache/yum/* \
+  && yum update -y \
+  && yum install -y libffi-devel openssl-devel python39-devel gcc python39-pip python39-setuptools \
+  && pip3 install --upgrade pip~=23.1.2 \
+  && pip3 install pipenv==2023.6.26 \
+  && pipenv install --deploy \
+  && pipenv check \
+  && yum remove -y gcc libffi-devel openssl-devel python39-devel \
+  && yum clean all \
+  && rm -rf /var/cache/yum
+
+FROM registry.access.redhat.com/ubi8/ubi:8.8-1032 as base
 ARG TARGETARCH
 
-WORKDIR /workspace
-# Copy the Go Modules manifests
-COPY go.mod go.mod
-COPY go.sum go.sum
-# cache deps before building and copying source so that we don't need to re-download as much
-# and so that source changes don't invalidate our downloaded layer
-RUN go mod download
+# Label this image with the repo and commit that built it, for freshmaking purposes.
+ARG GIT_COMMIT=devel
+LABEL git_commit=$GIT_COMMIT
+
+RUN mkdir -p /etc/ansible \
+  && echo "localhost ansible_connection=local" > /etc/ansible/hosts \
+  && echo '[defaults]' > /etc/ansible/ansible.cfg \
+  && echo 'roles_path = /opt/ansible/roles' >> /etc/ansible/ansible.cfg \
+  && echo 'library = /usr/share/ansible/openshift' >> /etc/ansible/ansible.cfg
+
+RUN set -e && yum clean all && rm -rf /var/cache/yum/* \
+  && yum update -y \
+  && yum install -y python39-pip python39-setuptools \
+  && pip3 install --upgrade pip~=23.1.2 \
+  && pip3 install pipenv==2023.6.26 \
+  && yum clean all \
+  && rm -rf /var/cache/yum
 
-# Copy the go source
-COPY . .
+COPY --from=basebuilder /usr/local/lib64/python3.9/site-packages /usr/local/lib64/python3.9/site-packages
+COPY --from=basebuilder /usr/local/lib/python3.9/site-packages /usr/local/lib/python3.9/site-packages
+COPY --from=basebuilder /usr/local/bin /usr/local/bin
 
-# Build
-RUN GOOS=linux GOARCH=$TARGETARCH make build/ansible-operator
+ENV TINI_VERSION=v0.19.0
+RUN curl -L -o /tini https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-${TARGETARCH} \
+  && chmod +x /tini && /tini --version
 
 # Final image.
-FROM quay.io/operator-framework/ansible-operator-base:master-50c6ac03746ff4edf582feb9a71d2a7ea6ae6c40
+FROM base
 
 ENV HOME=/opt/ansible \
     USER_NAME=ansible \
@@ -32,6 +75,6 @@ RUN echo "${USER_NAME}:x:${USER_UID}:0:${USER_NAME} user:${HOME}:/sbin/nologin"
 WORKDIR ${HOME}
 USER ${USER_UID}
 
-COPY --from=builder /workspace/build/ansible-operator /usr/local/bin/ansible-operator
+COPY ansible-operator /usr/local/bin/ansible-operator
 
 ENTRYPOINT ["/tini", "--", "/usr/local/bin/ansible-operator", "run", "--watches-file=./watches.yaml"]