feat(fips): add centralized image building workflow (#89)

rajrohanyadav · web-flow · commit b4940ae5d3da · 2024-11-21T17:07:47.000+05:30
* add workflow for building and publishing builder image

* add go matrix to build images for multiple go versions

* add ubuntu matrix to build images for multiple base os versions

* allow manual run for the workflow

* simplify workflow

* add comment for buildvcs

* add go bin path to the os path in dockerfile
diff --git a/.github/workflows/build_publish_builder_image.yaml b/.github/workflows/build_publish_builder_image.yaml
@@ -0,0 +1,42 @@
+name: Build and Push Builder Image
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-and-push:
+    name: Build and Push Builder Image
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        go-version: [1.22.9, 1.23.2]
+        ubuntu-version: [16.04]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: build/Dockerfile
+          build-args: |
+            GO_VERSION=${{ matrix.go-version }}
+            UBUNTU_VERSION=${{ matrix.ubuntu-version }}
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:latest-go${{ matrix.go-version }}-ubuntu${{ matrix.ubuntu-version }}
diff --git a/build/Dockerfile b/build/Dockerfile
@@ -0,0 +1,51 @@
+ARG UBUNTU_VERSION=16.04
+
+# Use Ubuntu as the base image
+FROM ubuntu:${UBUNTU_VERSION}
+
+ARG GO_VERSION=1.23.2
+ARG ARCH='amd64'
+ARG GH_VERSION='2.61.0'
+
+# Install dependencies
+RUN apt-get update && apt-get install -y \
+    gnupg-agent \
+    unzip \
+    zip \
+    curl \
+    wget \
+    expect \
+    git \
+    tar \
+    gcc \
+    jq \
+    g++ \
+    gnupg2 \
+    gnupg-agent \
+    debsigs \
+    rpm \
+    build-essential \
+    software-properties-common \
+    python-software-properties \
+    gcc-arm-linux-gnueabi \
+    dpkg-sig \
+    gcc-aarch64-linux-gnu
+
+# Install Go
+RUN curl -sSL https://golang.org/dl/go${GO_VERSION}.linux-${ARCH}.tar.gz -o go${GO_VERSION}.linux-${ARCH}.tar.gz && \
+    tar -C /usr/local -xzf go${GO_VERSION}.linux-${ARCH}.tar.gz && \
+    rm go${GO_VERSION}.linux-${ARCH}.tar.gz
+
+# Set Go environment variables
+ENV PATH="/usr/local/go/bin:/go/bin:${PATH}"
+ENV GOPATH="/go"
+
+# Default value of -buildvcs is auto, more info:
+# https://github.com/kubernetes-sigs/gateway-api/pull/2302#issuecomment-1855818388
+ENV GOFLAGS="-buildvcs=false"
+
+# Since the user does not match the owners of the repo "git rev-parse --is-inside-work-tree" fails and goreleaser does not populate projectName
+# https://stackoverflow.com/questions/72978485/git-submodule-update-failed-with-fatal-detected-dubious-ownership-in-repositor
+RUN git config --global --add safe.directory '*'
+RUN curl -L https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_amd64.deb -o gh_${GH_VERSION}_linux_amd64.deb
+RUN dpkg -i gh_${GH_VERSION}_linux_amd64.deb
