build
ci/woodpecker/manual/build Pipeline failed
Details
ci/woodpecker/manual/build Pipeline failed
Details
parent
6c57f77ac9
commit
22c4ed742b
|
|
@ -0,0 +1,108 @@
|
|||
|
||||
|
||||
variables:
|
||||
- &golang_image 'golang:1.20-alpine'
|
||||
- &goproxy_override ''
|
||||
- &goproxy_setup |-
|
||||
if [ -n "$${GOPROXY_OVERRIDE:-}" ]; then
|
||||
export GOPROXY="$${GOPROXY_OVERRIDE}";
|
||||
echo "Using goproxy from goproxy_override \"$${GOPROXY}\"";
|
||||
elif [ -n "$${GOPROXY_DEFAULT:-}" ]; then
|
||||
export GOPROXY="$${GOPROXY_DEFAULT}";
|
||||
echo "Using goproxy from goproxy_default (secret) not displaying";
|
||||
else
|
||||
export GOPROXY="https://proxy.golang.org,direct";
|
||||
echo "No goproxy overrides or defaults given, using \"$${GOPROXY}\"";
|
||||
fi
|
||||
- &buildx_image 'woodpeckerci/plugin-docker-buildx:2.2.1'
|
||||
- &platforms 'linux/amd64'
|
||||
|
||||
workspace:
|
||||
base: /go
|
||||
path: go-import-redirector
|
||||
|
||||
steps:
|
||||
deps:
|
||||
image: *golang_image
|
||||
pull: true
|
||||
environment:
|
||||
GOPROXY_OVERRIDE: *goproxy_override
|
||||
secrets:
|
||||
- goproxy_default
|
||||
commands:
|
||||
- *goproxy_setup
|
||||
- make vendor
|
||||
- make checks
|
||||
- make lint
|
||||
|
||||
build:
|
||||
image: *golang_image
|
||||
environment:
|
||||
GOPROXY_OVERRIDE: *goproxy_override
|
||||
secrets:
|
||||
- goproxy_default
|
||||
commands:
|
||||
- *goproxy_setup
|
||||
- make release
|
||||
- make dockerize
|
||||
|
||||
build-docker-next:
|
||||
image: *buildx_image
|
||||
pull: true
|
||||
settings:
|
||||
platforms: *platforms
|
||||
dockerfile: Dockerfile
|
||||
context: dist/docker/
|
||||
registry:
|
||||
from_secret: registry_domain
|
||||
repo:
|
||||
from_secret: target_image_name
|
||||
password:
|
||||
from_secret: registry_token
|
||||
username:
|
||||
from_secret: registry_user
|
||||
auto_tag: true
|
||||
tag: [next, "next-${CI_COMMIT_SHA:0:8}"]
|
||||
when:
|
||||
branch: ${CI_REPO_DEFAULT_BRANCH}
|
||||
event: push
|
||||
|
||||
build-docker-branch:
|
||||
image: *buildx_image
|
||||
pull: true
|
||||
settings:
|
||||
platforms: *platforms
|
||||
dockerfile: Dockerfile
|
||||
context: dist/docker/
|
||||
registry:
|
||||
from_secret: registry_domain
|
||||
repo:
|
||||
from_secret: target_image_name
|
||||
password:
|
||||
from_secret: registry_token
|
||||
username:
|
||||
from_secret: registry_user
|
||||
auto_tag: true
|
||||
tag: ["${CI_COMMIT_BRANCH}", "${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}"]
|
||||
when:
|
||||
event: [push, manual]
|
||||
|
||||
build-docker-tag:
|
||||
image: *buildx_image
|
||||
pull: true
|
||||
settings:
|
||||
platforms: *platforms
|
||||
dockerfile: Dockerfile
|
||||
context: dist/docker/
|
||||
registry:
|
||||
from_secret: registry_domain
|
||||
repo:
|
||||
from_secret: target_image_name
|
||||
password:
|
||||
from_secret: registry_token
|
||||
username:
|
||||
from_secret: registry_user
|
||||
auto_tag: true
|
||||
tag: [latest, "${CI_COMMIT_TAG}", "tag-${CI_COMMIT_SHA:0:8}"]
|
||||
when:
|
||||
event: [tag]
|
||||
|
|
@ -0,0 +1,176 @@
|
|||
GO_PACKAGE ?= git.kle.li/tools/go-import-redirector
|
||||
BINARY_BASE_NAME ?= $(shell echo ${GO_PACKAGE} | rev | cut -d'/' -f1 | rev)
|
||||
|
||||
DIST := dist
|
||||
DIST_BIN_DIR := $(DIST)/binaries
|
||||
DIST_RELEASE_DIR := $(DIST)/release
|
||||
DIST_DOCKER_DIR := $(DIST)/docker
|
||||
DIST_DIRS := $(DIST_BIN_DIR) $(DIST_RELEASE_DIR) $(DIST_DOCKER_DIR)
|
||||
|
||||
# Tool packages
|
||||
GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@latest
|
||||
XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
|
||||
GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@latest
|
||||
GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11
|
||||
|
||||
# Allow overriding the go binary
|
||||
GO ?= go
|
||||
|
||||
SHASUM ?= shasum -a 256
|
||||
|
||||
# Construct the version strings
|
||||
|
||||
# VERSION default to dev or in CI next
|
||||
ifneq ($(CI),)
|
||||
# in CI
|
||||
VERSION ?= next
|
||||
else
|
||||
# not in CI
|
||||
VERSION ?= dev
|
||||
endif
|
||||
|
||||
# VERSION_NUMBER semver compliant without the v prefix
|
||||
VERSION_NUMBER ?= 0.0.0
|
||||
|
||||
# Use CI_COMMIT_TAG from CI if set as version and version number
|
||||
ifneq ($(CI_COMMIT_TAG),)
|
||||
VERSION := $(CI_COMMIT_TAG:v%=%)
|
||||
VERSION_NUMBER := ${VERSION}
|
||||
endif
|
||||
|
||||
# Use CI provided SHA, else use git
|
||||
ifneq ($(CI_COMMIT_SHA),)
|
||||
SOURCE_SHA := $(CI_COMMIT_SHA)
|
||||
endif
|
||||
|
||||
SOURCE_SHA ?= $(shell git rev-parse HEAD)
|
||||
SOURCE_SHA_SHORT := $(shell echo ${SOURCE_SHA} | head -c 8)
|
||||
|
||||
# VERSIONED_BINARY is the base output name for xgo
|
||||
VERSIONED_BINARY := $(BINARY_BASE_NAME)-$(VERSION)
|
||||
|
||||
# https://docs.gitlab.com/ee/ci/variables/predefined_variables.html
|
||||
# https://woodpecker-ci.org/docs/next/usage/environment
|
||||
# gl GITLAB_CI CI CI_COMMIT_TAG CI_DEFAULT_BRANCH CI_COMMIT_SHA CI_COMMIT_SHORT_SHA CI_MERGE_REQUEST_IID CI_PIPELINE_SOURCE
|
||||
# WP CI=woodpecker CI_COMMIT_TAG CI_REPO_DEFAULT_BRANCH CI_COMMIT_SHA CI_COMMIT_PULL_REQUEST
|
||||
|
||||
# Default LDFlags, stripping, dwarfing, statically linking and adding the version and commit to pkg/meta, extendable via LDFLAGS
|
||||
LDFLAGS := $(LDFLAGS) -s -w -X ${GO_PACKAGE}/pkg/meta.version=${VERSION} -X ${GO_PACKAGE}/pkg/meta.commit=${SOURCE_SHA}
|
||||
# Disable cgo, but overridable
|
||||
CGO_ENABLED ?= 0
|
||||
|
||||
HAS_GO = $(shell hash go > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
|
||||
ifeq ($(HAS_GO),GO)
|
||||
GOPATH ?= $(shell $(GO) env GOPATH)
|
||||
export PATH := $(GOPATH)/bin:$(PATH)
|
||||
CGO_CFLAGS ?= $(shell $(GO) env CGO_CFLAGS) $(CGO_EXTRA_CFLAGS)
|
||||
endif
|
||||
|
||||
GOFLAGS := -v -trimpath
|
||||
EXECUTABLE ?= $(BINARY_BASE_NAME)
|
||||
|
||||
# Release packagin stuffs...
|
||||
STORED_VERSION_FILE := VERSION
|
||||
TAR_EXCLUDES := .git $(EXECUTABLE) $(DIST)
|
||||
|
||||
# just print the help instead of running any builds...
|
||||
all: help
|
||||
|
||||
##@ Prerequisites
|
||||
|
||||
.PHONY: go-check
|
||||
go-check: ## Check Go version >= go.mod version
|
||||
$(eval MIN_GO_VERSION_STR := $(shell grep -Eo '^go\s+[0-9]+\.[0-9]+' go.mod | cut -d' ' -f2))
|
||||
$(eval MIN_GO_VERSION := $(shell printf "%03d%03d" $(shell echo '$(MIN_GO_VERSION_STR)' | tr '.' ' ')))
|
||||
$(eval GO_VERSION := $(shell printf "%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9]+' | tr '.' ' ');))
|
||||
@if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \
|
||||
echo "This project requires Go $(MIN_GO_VERSION_STR) or greater to build. You can get it at https://go.dev/dl/"; \
|
||||
exit 1; \
|
||||
fi
|
||||
|
||||
##@ Convention Checking
|
||||
|
||||
.PHONY: checks ## Run all checks
|
||||
checks: tidy-check security-check
|
||||
|
||||
.PHONY: tidy-check
|
||||
tidy-check: tidy ## Check that mods have been cleaned up before checking in
|
||||
@diff=$$(git diff --color=always go.mod go.sum); \
|
||||
if [ -n "$$diff" ]; then \
|
||||
echo "Please run 'make tidy' and commit the result:"; \
|
||||
echo "$${diff}"; \
|
||||
exit 1; \
|
||||
fi
|
||||
|
||||
.PHONY: security-check
|
||||
security-check:
|
||||
go run $(GOVULNCHECK_PACKAGE) ./...
|
||||
|
||||
##@ Linting
|
||||
|
||||
.PHONY: lint
|
||||
lint: ## Lint code
|
||||
@echo "Running golangci-lint"
|
||||
go run $(GOLANGCI_LINT_PACKAGE) run --timeout 10m
|
||||
|
||||
##@ Others
|
||||
|
||||
# Help prints all targets (identified by ##) and categories (identified by ##@)
|
||||
.PHONY: help
|
||||
help: ## Display this help.
|
||||
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
|
||||
|
||||
.PHONY: clean
|
||||
clean: ## Cleanup
|
||||
$(GO) clean -i ./...
|
||||
rm -rf $(EXECUTABLE) $(DIST) vendor
|
||||
|
||||
.PHONY: tidy
|
||||
tidy: ## Tidy mods
|
||||
$(eval MIN_GO_VERSION := $(shell grep -Eo '^go\s+[0-9]+\.[0-9.]+' go.mod | cut -d' ' -f2))
|
||||
$(GO) mod tidy -compat=$(MIN_GO_VERSION)
|
||||
|
||||
vendor: go.mod go.sum ## Download mods to vendor
|
||||
$(GO) mod vendor
|
||||
@touch vendor
|
||||
|
||||
.PHONY: build
|
||||
build: go-check build-linux ## Build the binary matching the local system
|
||||
|
||||
$(DIST_DIRS):
|
||||
mkdir -p $(DIST_DIRS)
|
||||
|
||||
.PHONY: build-linux
|
||||
build-linux: | $(DIST_DIRS)
|
||||
CGO_ENABLED="$(CGO_ENABLED)" CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) -tags 'netgo osusergo tzdata $(TAGS)' -ldflags '$(LDFLAGS)' -o $(DIST_BIN_DIR)/$(VERSIONED_BINARY)
|
||||
|
||||
.PHONY: release-copy
|
||||
release-copy: | $(DIST_DIRS)
|
||||
cd $(DIST); for file in `find . -type f -name "*"`; do cp $${file} ./release/; done;
|
||||
|
||||
.PHONY: release-check
|
||||
release-check: | $(DIST_DIRS)
|
||||
cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "checksumming $${file}" && $(SHASUM) `echo $${file} | sed 's/^..//'` > $${file}.sha256; done;
|
||||
|
||||
.PHONY: release-compress
|
||||
release-compress: | $(DIST_DIRS)
|
||||
cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && $(GO) run $(GXZ_PAGAGE) -k -9 $${file}; done;
|
||||
|
||||
.PHONY: release-sources
|
||||
release-sources: | $(DIST_DIRS)
|
||||
echo $(VERSION) > $(STORED_VERSION_FILE)
|
||||
# bsdtar needs a ^ to prevent matching subdirectories
|
||||
$(eval EXCL := --exclude=$(shell tar --help | grep -q bsdtar && echo "^")./)
|
||||
# use transform to a add a release-folder prefix; in bsdtar the transform parameter equivalent is -s
|
||||
$(eval TRANSFORM := $(shell tar --help | grep -q bsdtar && echo "-s '/^./$(BINARY_BASE_NAME)-src-$(VERSION)/'" || echo "--transform 's|^./|$(BINARY_BASE_NAME)-src-$(VERSION)/|'"))
|
||||
tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) $(TRANSFORM) -czf $(DIST)/release/$(BINARY_BASE_NAME)-src-$(VERSION).tar.gz .
|
||||
rm -f $(STORED_VERSION_FILE)
|
||||
|
||||
.PHONY: release ## Prepare a full release
|
||||
release: build-linux release-copy release-compress vendor release-sources release-check
|
||||
|
||||
.PHONY: dockerize
|
||||
dockerize: | $(DIST_DIRS)
|
||||
cp -R docker/fscopy/* $(DIST_DOCKER_DIR)/
|
||||
cp $(DIST_BIN_DIR)/$(VERSIONED_BINARY) $(DIST_DOCKER_DIR)/bin/$(BINARY_BASE_NAME)
|
||||
docker/make_dockerfile.sh > $(DIST_DOCKER_DIR)/Dockerfile
|
||||
|
|
@ -0,0 +1 @@
|
|||
root:x:0:randomuser
|
||||
|
|
@ -0,0 +1 @@
|
|||
randomuser:x:1000:0:randomuser:/home/randomuser:/bin/false
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
#!/bin/bash
|
||||
|
||||
cat <<EOF
|
||||
FROM alpine:latest AS fsprep
|
||||
COPY ./ /container/
|
||||
RUN cp /bin/false /container/bin/ \\
|
||||
&& chown 0:0 -R /container \\
|
||||
&& chmod 755 -R /container/bin \\
|
||||
&& chmod 775 /container/etc /container/home \\
|
||||
&& chmod 644 /container/etc/passwd /container/etc/group \\
|
||||
&& chown 1000:0 -R /container/home/randomuser && chmod g=u /container/home/randomuser
|
||||
|
||||
FROM scratch
|
||||
EXPOSE 3000/tcp
|
||||
ENTRYPOINT ["/bin/go-import-redirector"]
|
||||
WORKDIR /home/randomuser
|
||||
LABEL org.opencontainers.image.created="$(date --rfc-3339=seconds -u)" \\
|
||||
org.opencontaienrs.image.url="${CI_REPO_URL:-https://git.kle.li/tools/go-import-redirector}" \\
|
||||
org.opencontainers.image.source="${CI_REPO_CLONE_URL:-dirty-build}" \\
|
||||
org.opencontainers.image.revision="${CI_COMMIT_SHA:-dirty}" \\
|
||||
org.opencontainers.image.base.name=scratch \\
|
||||
org.opencontainers.image.title="Go Import Redirector" \\
|
||||
org.opencontainers.image.description="Utilize vanity URLs for your go packages..."
|
||||
COPY --from=fsprep /container/ /
|
||||
USER 1000:0
|
||||
EOF
|
||||
Loading…
Reference in New Issue