diff --git a/.gitignore b/.gitignore index f31afa8..ba048e4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,5 @@ /bin -/dist \ No newline at end of file +/dist +/tools +/.trivy +.mktools/ \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index c4cc7d1..e2bb5a8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ # This source code is licensed under the MIT license found in the # LICENSE file in the root directory of this source tree. -FROM golang:1.13-alpine AS build +FROM golang:1.21-alpine AS build ARG VERSION ARG GOPROXY diff --git a/Jenkinsfile b/Jenkinsfile index c05efba..7dccbd5 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,50 +1,31 @@ @Library('cadoles') _ -pipeline { - agent { - dockerfile { - label 'docker' - filename 'Dockerfile' - dir 'misc/ci' - } - } +// Utilisation du pipeline "standard" +// Voir https://forge.cadoles.com/Cadoles/Jenkins/src/branch/master/doc/tutorials/standard-make-pipeline.md +standardMakePipeline([ + 'dockerfileExtension': ''' + RUN apt-get update \ + && apt-get install -y zip - stages { - stage('Build and publish packages') { - when { - anyOf { - branch 'master' - branch 'develop' + RUN wget https://go.dev/dl/go1.21.5.linux-amd64.tar.gz \ + && rm -rf /usr/local/go \ + && tar -C /usr/local -xzf go1.21.5.linux-amd64.tar.gz + + ENV PATH="${PATH}:/usr/local/go/bin" + ''', + 'hooks': [ + 'pre-release': { + // Login into docker registry + sh ''' + make .mktools + echo "$DOCKER_REGISTRY_PASSWORD" | docker login --username "$DOCKER_REGISTRY_USERNAME" --password-stdin reg.cadoles.com + ''' } - } - steps { - script { - List packagers = ['deb', 'rpm'] - packagers.each { pkgr -> - sh "make NFPM_PACKAGER='${pkgr}' build package" - } - - List attachments = sh(returnStdout: true, script: "find dist -type f -name '*.deb' -or -name '*.rpm' -or -name '*.ipk'").split(' ') - String releaseVersion = sh(returnStdout: true, script: "git describe --always | rev | cut -d '/' -f 1 | rev").trim() - - String releaseBody = """ - _Publication automatisée réalisée par Jenkins._ [Voir le job](${env.RUN_DISPLAY_URL}) - """ - - gitea.release('forge-jenkins', 'Cadoles', 'hydra-werther', [ - 'attachments': attachments, - 'body': releaseBody, - 'releaseName': "${releaseVersion}", - 'releaseVersion': "${releaseVersion}" - ]) - } - } - } - } - - post { - always { - cleanWs() - } - } -} \ No newline at end of file + ], + // Use credentials to push images to registry and pubish gitea release + 'credentials': [ + usernamePassword(credentialsId: 'kipp-credentials', usernameVariable: 'DOCKER_REGISTRY_USERNAME', passwordVariable: 'DOCKER_REGISTRY_PASSWORD'), + usernamePassword(credentialsId: 'kipp-credentials', usernameVariable: 'GITEA_RELEASE_USERNAME', passwordVariable: 'GITEA_RELEASE_PASSWORD') + ], + 'releaseBranches': ['jenkins-release'] +]) \ No newline at end of file diff --git a/Makefile b/Makefile index 8344dde..b46d731 100644 --- a/Makefile +++ b/Makefile @@ -1,23 +1,77 @@ -PACKAGE_VERSION ?= $(shell git describe --always | rev | cut -d '/' -f 1 | rev) -NFPM_PACKAGER ?= deb +SHELL := /bin/bash -build: clean generate +IMAGE_NAME := reg.cadoles.com/cadoles/hydra-werther + +NFPM_VERSION ?= 2.20.0 +NFPM_PACKAGERS ?= deb rpm + +MKT_GITEA_RELEASE_ORG ?= Cadoles +MKT_GITEA_RELEASE_PROJECT ?= hydra-werther +MKT_GITEA_RELEASE_VERSION ?= $(MKT_PROJECT_VERSION) + +build: build-bin build-image + +build-bin: clean generate CGO_ENABLED=0 misc/script/build +test: scan + generate: go generate ./... clean: - rm -rf bin - -package: dist - PACKAGE_VERSION=$(PACKAGE_VERSION) \ - nfpm package \ - --config misc/packaging/nfpm.yml \ - --target ./dist \ - --packager $(NFPM_PACKAGER) + rm -rf bin dist dist: mkdir -p dist -.PHONY: build \ No newline at end of file +package: clean build-bin $(foreach p,$(NFPM_PACKAGERS), package-$(p)) + +package-%: dist tools/nfpm/bin/nfpm + PACKAGE_VERSION=$(MKT_PROJECT_VERSION) \ + tools/nfpm/bin/nfpm package \ + --config misc/packaging/nfpm.yml \ + --target ./dist \ + --packager $* + +tools/nfpm/bin/nfpm: + mkdir -p tools/nfpm/bin + curl -L --output tools/nfpm/nfpm_$(NFPM_VERSION)_Linux_x86_64.tar.gz https://github.com/goreleaser/nfpm/releases/download/v$(NFPM_VERSION)/nfpm_$(NFPM_VERSION)_Linux_x86_64.tar.gz \ + && tar -xzf tools/nfpm/nfpm_$(NFPM_VERSION)_Linux_x86_64.tar.gz -C tools/nfpm/bin \ + && chmod +x tools/nfpm/bin/nfpm \ + && rm -f tools/nfpm/nfpm_$(NFPM_VERSION)_Linux_x86_64.tar.gz + +build-image: + docker build \ + -t "${IMAGE_NAME}:latest" \ + . + +scan: build-image tools/trivy/bin/trivy + mkdir -p .trivy + tools/trivy/bin/trivy --cache-dir .trivy/.cache image --ignorefile .trivyignore.yaml $(TRIVY_ARGS) $(IMAGE_NAME):latest + +tools/trivy/bin/trivy: + mkdir -p tools/trivy/bin + curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.47.0 + +release: release-image release-gitea + +release-gitea: .mktools package + @[ ! -z "$(MKT_PROJECT_VERSION)" ] || ( echo "Just downloaded mktools. Please re-run command."; exit 1 ) + $(MAKE) MKT_GITEA_RELEASE_ATTACHMENTS="$$(find dist/* -type f -printf '%p ')" mkt-gitea-release + +release-image: .mktools + @[ ! -z "$(MKT_PROJECT_VERSION)" ] || ( echo "Just downloaded mktools. Please re-run command."; exit 1 ) + docker tag "${IMAGE_NAME}:latest" "${IMAGE_NAME}:$(MKT_PROJECT_VERSION)" + docker tag "${IMAGE_NAME}:latest" "${IMAGE_NAME}:$(MKT_PROJECT_SHORT_VERSION)" + docker tag "${IMAGE_NAME}:latest" "${IMAGE_NAME}:$(MKT_PROJECT_VERSION_CHANNEL)-latest" + + docker push "${IMAGE_NAME}:$(MKT_PROJECT_VERSION)" + docker push "${IMAGE_NAME}:$(MKT_PROJECT_SHORT_VERSION)" + docker push "${IMAGE_NAME}:$(MKT_PROJECT_VERSION_CHANNEL)-latest" + +.mktools: + rm -rf .mktools + curl -q https://forge.cadoles.com/Cadoles/mktools/raw/branch/master/install.sh | TASKS="version gitea" $(SHELL) + +-include .mktools/*.mk \ No newline at end of file diff --git a/go.mod b/go.mod index 972b929..53af331 100644 --- a/go.mod +++ b/go.mod @@ -1,11 +1,8 @@ module github.com/i-core/werther require ( - github.com/OneOfOne/xxhash v1.2.2 // indirect github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 - github.com/cespare/xxhash v1.0.0 // indirect github.com/coocood/freecache v1.0.1 - github.com/davecgh/go-spew v1.1.1 // indirect github.com/elazarl/go-bindata-assetfs v1.0.0 github.com/go-ldap/ldap/v3 v3.2.3 github.com/i-core/rlog v1.0.0 @@ -14,10 +11,24 @@ require ( github.com/kelseyhightower/envconfig v1.3.0 github.com/kevinburke/go-bindata v3.13.0+incompatible github.com/pkg/errors v0.8.1 - github.com/sergi/go-diff v1.0.0 // indirect - github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72 // indirect go.uber.org/zap v1.10.0 golang.org/x/text v0.3.2 ) -go 1.13 +require ( + github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c // indirect + github.com/OneOfOne/xxhash v1.2.2 // indirect + github.com/cespare/xxhash v1.0.0 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/go-asn1-ber/asn1-ber v1.5.1 // indirect + github.com/gofrs/uuid v3.2.0+incompatible // indirect + github.com/julienschmidt/httprouter v1.2.0 // indirect + github.com/justinas/alice v0.0.0-20171023064455-03f45bd4b7da // indirect + github.com/sergi/go-diff v1.0.0 // indirect + github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72 // indirect + go.uber.org/atomic v1.4.0 // indirect + go.uber.org/multierr v1.1.0 // indirect + golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 // indirect +) + +go 1.21 diff --git a/misc/ci/Dockerfile b/misc/ci/Dockerfile deleted file mode 100644 index c51c3be..0000000 --- a/misc/ci/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM alpine:3.16 - -RUN apk add --no-cache make git curl jq bash openssl go zip - -RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash - -RUN wget https://github.com/goreleaser/nfpm/releases/download/v2.20.0/nfpm_2.20.0_Linux_x86_64.tar.gz \ - && tar -xzf nfpm_2.20.0_Linux_x86_64.tar.gz -C /usr/local/bin \ - && chmod +x /usr/local/bin/nfpm \ No newline at end of file diff --git a/misc/packaging/nfpm.yml b/misc/packaging/nfpm.yml index 741ca43..7f57d07 100644 --- a/misc/packaging/nfpm.yml +++ b/misc/packaging/nfpm.yml @@ -10,6 +10,7 @@ description: | vendor: "Cadoles" homepage: "https://forge.cadoles.com/Cadoles/postgres-backup" license: "AGPL-3.0" +version_schema: none contents: - src: bin/werther_linux_amd64 dst: /usr/bin/hydra-werther