Ver código fonte

chore: Clean up docker builds, support attestation with provinence and sboms

jamesread 4 meses atrás
pai
commit
5b9f2beccd
5 arquivos alterados com 35 adições e 97 exclusões
  1. 20 63
      .goreleaser.yml
  2. 0 27
      Dockerfile.armv7
  3. 11 3
      Dockerfile.multiarches
  4. 2 2
      Dockerfile.singlearch
  5. 2 2
      Makefile

+ 20 - 63
.goreleaser.yml

@@ -74,7 +74,8 @@ archives:
       - config.yaml
       - LICENSE
       - README.md
-      - Dockerfile
+      - src: Dockerfile.singlearch
+        dst: Dockerfile
       - webui
       - ./var/
     name_template: "{{ .ProjectName }}-{{ .Os }}-{{ .Arch }}{{ .Arm }}"
@@ -83,73 +84,29 @@ archives:
       - goos: windows
         formats: zip
 
-dockers:
-  - image_templates:
-      - "docker.io/jamesread/olivetin:{{ .Tag }}-amd64"
-      - "ghcr.io/olivetin/olivetin:{{ .Tag }}-amd64"
-    dockerfile: Dockerfile
-    goos: linux
-    goarch: amd64
-    skip_push: false
-    build_flag_templates:
-      - "--platform=linux/amd64"
-      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-      - "--label=org.opencontainers.image.version={{.Tag}}"
+# dockers_v2: single multi-platform build with buildx; keeps default provenance + SBOM.
+# Replaces legacy dockers + docker_manifests (avoids "is a manifest list" when attestations are on).
+dockers_v2:
+  - dockerfile: Dockerfile.multiarches
+    images:
+      - docker.io/jamesread/olivetin
+      - ghcr.io/olivetin/olivetin
+    tags:
+      - "{{ .Tag }}"
+      - latest
+      - latest-3k
+    platforms:
+      - linux/amd64
+      - linux/arm64
     extra_files:
       - webui/
       - var/entities/
       - config.yaml
       - var/helper-actions/
-
-  - image_templates:
-      - "docker.io/jamesread/olivetin:{{ .Tag }}-arm64"
-      - "ghcr.io/olivetin/olivetin:{{ .Tag }}-arm64"
-    dockerfile: Dockerfile.arm64
-    goos: linux
-    goarch: arm64
-    skip_push: false
-    build_flag_templates:
-      - "--platform=linux/arm64"
-      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-      - "--label=org.opencontainers.image.version={{.Tag}}"
-    extra_files:
-      - webui/
-      - var/entities/
-      - config.yaml
-      - var/helper-actions/
-
-docker_manifests:
-  - name_template: docker.io/jamesread/olivetin:{{ .Version }}
-    image_templates:
-      - docker.io/jamesread/olivetin:{{ .Version }}-amd64
-      - docker.io/jamesread/olivetin:{{ .Version }}-arm64
-
-  - name_template: docker.io/jamesread/olivetin:latest
-    image_templates:
-      - docker.io/jamesread/olivetin:{{ .Version }}-amd64
-      - docker.io/jamesread/olivetin:{{ .Version }}-arm64
-
-  - name_template: docker.io/jamesread/olivetin:latest-3k
-    image_templates:
-      - docker.io/jamesread/olivetin:{{ .Version }}-amd64
-      - docker.io/jamesread/olivetin:{{ .Version }}-arm64
-
-
-  - name_template: ghcr.io/olivetin/olivetin:{{ .Version }}
-    image_templates:
-      - ghcr.io/olivetin/olivetin:{{ .Version }}-amd64
-      - ghcr.io/olivetin/olivetin:{{ .Version }}-arm64
-
-  - name_template: ghcr.io/olivetin/olivetin:latest
-    image_templates:
-      - ghcr.io/olivetin/olivetin:{{ .Version }}-amd64
-      - ghcr.io/olivetin/olivetin:{{ .Version }}-arm64
-
-  - name_template: ghcr.io/olivetin/olivetin:latest-3k
-    image_templates:
-      - ghcr.io/olivetin/olivetin:{{ .Version }}-amd64
-      - ghcr.io/olivetin/olivetin:{{ .Version }}-arm64
-
+    labels:
+      org.opencontainers.image.revision: "{{ .FullCommit }}"
+      org.opencontainers.image.version: "{{ .Tag }}"
+    sbom: true
 
 nfpms:
   - id: default

+ 0 - 27
Dockerfile.armv7

@@ -1,27 +0,0 @@
-FROM --platform=linux/armhfp registry.fedoraproject.org/fedora-minimal:36-armhfp
-
-LABEL org.opencontainers.image.source https://github.com/OliveTin/OliveTin
-LABEL org.opencontainers.image.title=OliveTin
-
-RUN mkdir -p /config /config/entities /var/www/olivetin \
-    && \
-    microdnf install -y --nodocs --noplugins --setopt=keepcache=0 --setopt=install_weak_deps=0 \
-		iputils \
-		shadow-utils \
-		openssh-clients
-
-RUN useradd --system --create-home olivetin -u 1000
-
-EXPOSE 1337/tcp
-
-COPY config.yaml /config
-COPY var/entities/* /config/entities/
-VOLUME /config
-
-COPY OliveTin /usr/bin/OliveTin
-COPY webui /var/www/olivetin/
-COPY var/helper-actions/* /usr/bin/
-
-USER olivetin
-
-ENTRYPOINT [ "/usr/bin/OliveTin" ]

+ 11 - 3
Dockerfile.arm64 → Dockerfile.multiarches

@@ -1,10 +1,17 @@
-FROM --platform=linux/arm64 registry.fedoraproject.org/fedora-minimal:42-aarch64 AS olivetin-tmputils
+# Multi-arch Dockerfile for GoReleaser (dockers_v2).
+# Base image :43 is used without arch suffix so the registry can supply the right
+# platform (manifest list). TARGETPLATFORM is set by BuildKit for COPY.
+# For custom/local single-arch builds, use Dockerfile.singlearch instead.
+
+ARG TARGETPLATFORM
+
+FROM registry.fedoraproject.org/fedora-minimal:43 AS olivetin-tmputils
 
 RUN microdnf -y install dnf-plugins-core && \
 	dnf-3 config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo && \
 	microdnf install -y docker-ce-cli docker-compose-plugin && microdnf clean all
 
-FROM --platform=linux/arm64 registry.fedoraproject.org/fedora-minimal:42-aarch64
+FROM registry.fedoraproject.org/fedora-minimal:43
 
 LABEL org.opencontainers.image.source https://github.com/OliveTin/OliveTin
 LABEL org.opencontainers.image.title OliveTin
@@ -37,7 +44,8 @@ COPY config.yaml /config
 COPY var/entities/* /config/entities/
 VOLUME /config
 
-COPY OliveTin /usr/bin/OliveTin
+ARG TARGETPLATFORM
+COPY $TARGETPLATFORM/OliveTin /usr/bin/OliveTin
 COPY webui /var/www/olivetin/
 COPY var/helper-actions/* /usr/bin/
 

+ 2 - 2
Dockerfile → Dockerfile.singlearch

@@ -1,10 +1,10 @@
-FROM --platform=linux/amd64 registry.fedoraproject.org/fedora-minimal:42-x86_64 AS olivetin-tmputils
+FROM --platform=linux/amd64 registry.fedoraproject.org/fedora-minimal:43-x86_64 AS olivetin-tmputils
 
 RUN microdnf -y install dnf-plugins-core && \
 	dnf-3 config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo && \
 	microdnf install -y docker-ce-cli docker-compose-plugin && microdnf clean all
 
-FROM --platform=linux/amd64 registry.fedoraproject.org/fedora-minimal:42-x86_64
+FROM --platform=linux/amd64 registry.fedoraproject.org/fedora-minimal:43-x86_64
 
 LABEL org.opencontainers.image.source https://github.com/OliveTin/OliveTin
 LABEL org.opencontainers.image.title OliveTin

+ 2 - 2
Makefile

@@ -31,7 +31,7 @@ dist:
 
 
 podman-image:
-	buildah bud -t olivetin
+	buildah bud -f Dockerfile.singlearch -t olivetin
 
 podman-container:
 	podman kill olivetin || true
@@ -41,7 +41,7 @@ podman-container:
 
 integration-tests-docker-image:
 	docker rm -f olivetin && docker rmi -f olivetin
-	docker build -t olivetin:latest .
+	docker build -f Dockerfile.singlearch -t olivetin:latest .
 	docker create --name olivetin -p 1337:1337 -v `pwd`/integration-tests/configs/:/config/ olivetin
 
 devrun: compile