diff --git a/.github/workflows/spectro-release.yaml b/.github/workflows/spectro-release.yaml new file mode 100644 index 00000000..05076f4c --- /dev/null +++ b/.github/workflows/spectro-release.yaml @@ -0,0 +1,67 @@ +name: Spectro Release +run-name: Release for Kube-VIP ${{ github.event.inputs.release_version }} +on: + workflow_dispatch: + inputs: + release_version: + description: 'Version to Build' + required: true + default: '0.0.0' +jobs: + builder: + # edge-runner machine group is a bunch of machines in US Datacenter + runs-on: ubuntu-latest + # Initialize all secrets required for the job + # Ensure that the credentials are provided as encrypted secrets + env: + SPECTRO_VERSION: ${{ github.event.inputs.release_version }} + steps: + - + uses: mukunku/tag-exists-action@v1.2.0 + id: checkTag + with: + tag: spectro-v${{ github.event.inputs.release_version }} + - + if: ${{ steps.checkTag.outputs.exists == 'true' }} + run: | + echo "Tag already exists for spectro-v${{ github.event.inputs.release_version }}..." + exit 1 + - + uses: actions/checkout@v3 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Login to private registry + uses: docker/login-action@v1 + with: + registry: ${{ secrets.REGISTRY_URL }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + - + name: Build Image + env: + REGISTRY: gcr.io/spectro-images-public/release/kube-vip + run: | + make docker + - + name: Build Image - FIPS Mode + env: + FIPS_ENABLE: yes + REGISTRY: gcr.io/spectro-images-public/release-fips/kube-vip + run: | + make docker + - + name: Create Release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: spectro-v${{ github.event.inputs.release_version }} + release_name: Release spectro-v${{ github.event.inputs.release_version }} + body: | + Release version ${{ github.event.inputs.release_version }} + draft: false + prerelease: false + diff --git a/Dockerfile b/Dockerfile index 90bf9a6c..1a998d9c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,10 @@ # syntax=docker/dockerfile:experimental FROM golang:1.19.8-alpine3.17 as dev +# FIPS +ARG CRYPTO_LIB +ENV GOEXPERIMENT=${CRYPTO_LIB:+boringcrypto} + RUN apk add --no-cache git ca-certificates make RUN adduser -D appuser COPY . /src/ @@ -16,4 +20,4 @@ FROM scratch COPY --from=dev /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt # Add kube-vip binary COPY --from=dev /src/kube-vip / -ENTRYPOINT ["/kube-vip"] \ No newline at end of file +ENTRYPOINT ["/kube-vip"] diff --git a/Makefile b/Makefile index f6fff929..6102e5bf 100644 --- a/Makefile +++ b/Makefile @@ -4,8 +4,18 @@ SHELL := /bin/sh TARGET := kube-vip .DEFAULT_GOAL: $(TARGET) +# Fips Flags +FIPS_ENABLE ?= "" + +RELEASE_LOC := release +ifeq ($(FIPS_ENABLE),yes) + CGO_ENABLED := 1 + RELEASE_LOC := release-fips +endif + # These will be provided to the target VERSION := v0.4.0 +SPECTRO_VERSION ?= 4.0.0-dev BUILD := `git rev-parse HEAD` # Operating System Default (LINUX) @@ -17,9 +27,9 @@ DOCKERTAG ?= $(VERSION) REPOSITORY = plndr IMAGE_NAME := kube-vip -IMG_URL ?= gcr.io/spectro-dev-public/release -IMG_TAG ?= spectro-v0.4.0-v1beta1-20230502 -IMG ?= ${IMG_URL}/${IMAGE_NAME}:${IMG_TAG} +REGISTRY ?= gcr.io/spectro-dev-public/$(USER)/${RELEASE_LOC} +IMG_TAG ?= v0.4.0-spectro-${SPECTRO_VERSION} +IMG ?= ${REGISTRY}/${IMAGE_NAME}:${IMG_TAG} RELEASE_REGISTRY := gcr.io/spectro-images-public/release/kube-vip RELEASE_CONTROLLER_IMG := $(RELEASE_REGISTRY)/$(IMAGE_NAME) @@ -49,7 +59,7 @@ fmt: demo: @cd demo - @docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7,linux/ppc64le --push -t $(REPOSITORY)/$(TARGET):$(DOCKERTAG) . + @docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7,linux/ppc64le --push -t ${IMG} . @echo New Multi Architecture Docker image created @cd .. @@ -73,7 +83,7 @@ release-dockerx86: docker: @-rm ./kube-vip - @docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7,linux/ppc64le --push -t $(REPOSITORY)/$(TARGET):$(DOCKERTAG) . + @docker buildx build --build-arg CRYPTO_LIB=${FIPS_ENABLE} --platform linux/amd64 --push -t ${IMG} . @echo New Multi Architecture Docker image created ## Local (docker load of images)