Build a versioned OCI image in CI build workflow

isambard-sc · Aug 7, 2024 · ce6f951 · ce6f951
1 parent a70c13c
commit ce6f951
Show file tree

Hide file tree

Showing 7 changed files with 99 additions and 2 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -28,6 +28,8 @@ jobs:
         uses: dtolnay/rust-toolchain@stable
       - name: Build
         run: cargo build --release
+      - name: Build OCI image
+        run: oci/build.sh --release
       - name: Store build artefacts
         uses: actions/upload-artifact@v4
         with:

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -6,6 +6,7 @@ name = "conch"
 version = "0.0.0"
 edition = "2021"
 license = "MIT"
+build = "build.rs"
 
 [dependencies]
 anyhow = "1.0"
@@ -26,6 +27,9 @@ tracing = "0.1"
 tracing-subscriber = "0.3"
 url = "2.5.2"
 
+[build-dependencies]
+built = { version = "0.7", default-features = false, features = ["git2"] }
+
 [lints.rust]
 unsafe_code = "forbid"
 unused_crate_dependencies = "warn"

diff --git a/build.rs b/build.rs
@@ -0,0 +1,7 @@
+// SPDX-FileCopyrightText: © 2024 Matt Williams <[email protected]>
+// SPDX-License-Identifier: MIT
+
+fn main() {
+    #[allow(clippy::expect_used)]
+    built::write_built_file().expect("Failed to acquire build-time information");
+}
diff --git a/oci/Containerfile b/oci/Containerfile
@@ -2,5 +2,8 @@
 # SPDX-License-Identifier: MIT
 
 FROM gcr.io/distroless/cc-debian12
+LABEL org.opencontainers.image.source=https://github.com/isambard-sc/conch
+LABEL org.opencontainers.image.description="Conch SSH CA"
+LABEL org.opencontainers.image.licenses=MIT
 COPY conch /
 ENTRYPOINT ["/conch"]
diff --git a/oci/build.sh b/oci/build.sh
@@ -14,7 +14,8 @@ cp "$(artifact_path "${out}" "conch")" oci
 
 cd oci
 
-image_id=$(podman build . --tag=conch | tee /dev/fd/2 | tail -n1)
+version=$(./conch --version | tail -n1 | cut -d' ' -f 2)
+image_id=$(podman build . --tag=conch:latest --tag=conch:"${version}" | tee /dev/fd/2 | tail -n1)
 rm conch
 echo "Built conch image:" 1>&2
 echo "${image_id}"
diff --git a/src/main.rs b/src/main.rs
@@ -26,8 +26,16 @@ use serde_json::json;
 use tokio_retry::{strategy::FixedInterval, Retry};
 use tracing::info;
 
+pub mod built_info {
+    include!(concat!(env!("OUT_DIR"), "/built.rs"));
+}
+
+fn version() -> &'static str {
+    built_info::GIT_VERSION.unwrap_or(built_info::PKG_VERSION)
+}
+
 #[derive(Parser)]
-#[command(version, about, long_about = None)]
+#[command(version = version(), about, long_about = None)]
 /// Conch SSH CA
 struct Args {
     /// the config file