deployment: add debug image for all releases (#3001)

2025-08-04 01:09:36 +02:00 · 2022-02-08 07:27:43 -05:00 · 2022-02-08 07:27:43 -05:00 · 1b179139be
commit 1b179139be
parent 634f9f2ff0
7 changed files with 125 additions and 4 deletions
--- a/.github/Dockerfile-release
+++ b/.github/Dockerfile-release
@ -11,7 +11,7 @@ RUN touch /config.yaml
 FROM gcr.io/distroless/base-debian10:latest-${TARGETARCH:-amd64}
 ENV AUTOCERT_DIR /data/autocert
 WORKDIR /pomerium
-COPY pomerium* /bin/
+COPY pomerium /bin/
 COPY --from=build /config.yaml /pomerium/config.yaml
 COPY --from=casource /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 ENTRYPOINT [ "/bin/pomerium" ]
--- a/.github/Dockerfile-release-debug
+++ b/.github/Dockerfile-release-debug
@ -0,0 +1,18 @@
+# build our own root trust store from current stable
+FROM debian:stable as casource
+RUN apt-get update && apt-get install -y ca-certificates
+# Remove expired root (https://github.com/pomerium/pomerium/issues/2653)
+RUN rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt && update-ca-certificates
+
+
+FROM busybox:latest as build
+RUN touch /config.yaml
+
+FROM gcr.io/distroless/base-debian10:debug-${TARGETARCH:-amd64}
+ENV AUTOCERT_DIR /data/autocert
+WORKDIR /pomerium
+COPY pomerium /bin/
+COPY --from=build /config.yaml /pomerium/config.yaml
+COPY --from=casource /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+ENTRYPOINT [ "/bin/pomerium" ]
+CMD ["-config","/pomerium/config.yaml"]
--- a/.github/Dockerfile-release-debug-nonroot
+++ b/.github/Dockerfile-release-debug-nonroot
@ -0,0 +1,18 @@
+# build our own root trust store from current stable
+FROM debian:stable as casource
+RUN apt-get update && apt-get install -y ca-certificates
+# Remove expired root (https://github.com/pomerium/pomerium/issues/2653)
+RUN rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt && update-ca-certificates
+
+
+FROM busybox:latest as build
+RUN touch /config.yaml
+
+FROM gcr.io/distroless/base-debian10:debug-nonroot-${TARGETARCH:-amd64}
+ENV AUTOCERT_DIR /data/autocert
+WORKDIR /pomerium
+COPY pomerium /bin/
+COPY --from=build /config.yaml /pomerium/config.yaml
+COPY --from=casource /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+ENTRYPOINT [ "/bin/pomerium" ]
+CMD ["-config","/pomerium/config.yaml"]
--- a/.github/Dockerfile-release-nonroot
+++ b/.github/Dockerfile-release-nonroot
@ -11,7 +11,7 @@ RUN touch /config.yaml
 FROM gcr.io/distroless/base-debian10:nonroot-${TARGETARCH:-amd64}
 ENV AUTOCERT_DIR /data/autocert
 WORKDIR /pomerium
-COPY pomerium* /bin/
+COPY pomerium /bin/
 COPY --from=build /config.yaml /pomerium/config.yaml
 COPY --from=casource /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 ENTRYPOINT [ "/bin/pomerium" ]
--- a/.github/goreleaser.yaml
+++ b/.github/goreleaser.yaml
@ -92,6 +92,37 @@ dockers:
      - "--label=repository=http://github.com/pomerium/pomerium"
      - "--label=homepage=http://www.pomerium.io"

+  - image_templates:
+      - "pomerium/pomerium:debug-amd64-{{ .Tag }}"
+    dockerfile: .github/Dockerfile-release-debug
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--platform=linux/amd64"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--label=repository=http://github.com/pomerium/pomerium"
+      - "--label=homepage=http://www.pomerium.io"
+
+  - image_templates:
+      - "pomerium/pomerium:debug-nonroot-amd64-{{ .Tag }}"
+    dockerfile: .github/Dockerfile-release-debug-nonroot
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--platform=linux/amd64"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--label=repository=http://github.com/pomerium/pomerium"
+      - "--label=homepage=http://www.pomerium.io"
+
+
  - image_templates:
      - "gcr.io/pomerium-io/pomerium:{{ .Tag }}-cloudrun"
    dockerfile: .github/Dockerfile-cloudrun
@ -138,6 +169,38 @@ dockers:
      - "--label=repository=http://github.com/pomerium/pomerium"
      - "--label=homepage=http://www.pomerium.io"

+  - goarch: arm64
+    image_templates:
+      - "pomerium/pomerium:debug-arm64v8-{{ .Tag }}"
+    dockerfile: .github/Dockerfile-release-debug
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--platform=linux/arm64"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--label=repository=http://github.com/pomerium/pomerium"
+      - "--label=homepage=http://www.pomerium.io"
+
+  - goarch: arm64
+    image_templates:
+      - "pomerium/pomerium:debug-nonroot-arm64v8-{{ .Tag }}"
+    dockerfile: .github/Dockerfile-release-debug-nonroot
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--platform=linux/arm64"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--label=repository=http://github.com/pomerium/pomerium"
+      - "--label=homepage=http://www.pomerium.io"
+
 docker_manifests:
  - name_template: "pomerium/pomerium:{{ .Tag }}"
    image_templates:
@ -149,6 +212,16 @@ docker_manifests:
      - pomerium/pomerium:nonroot-arm64v8-{{ .Tag }}
      - pomerium/pomerium:nonroot-amd64-{{ .Tag }}

+  - name_template: "pomerium/pomerium:debug-{{ .Tag }}"
+    image_templates:
+      - pomerium/pomerium:debug-arm64v8-{{ .Tag }}
+      - pomerium/pomerium:debug-amd64-{{ .Tag }}
+
+  - name_template: "pomerium/pomerium:debug-nonroot-{{ .Tag }}"
+    image_templates:
+      - pomerium/pomerium:debug-nonroot-arm64v8-{{ .Tag }}
+      - pomerium/pomerium:debug-nonroot-amd64-{{ .Tag }}
+
 brews:
  - # Name template of the recipe
    name: pomerium
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -94,6 +94,12 @@ jobs:
          docker manifest create -a pomerium/pomerium:nonroot pomerium/pomerium:nonroot-amd64-${{ steps.tagName.outputs.tag }} pomerium/pomerium:nonroot-arm64v8-${{ steps.tagName.outputs.tag }}
          docker manifest push pomerium/pomerium:nonroot

+          docker manifest create -a pomerium/pomerium:debug pomerium/pomerium:debug-amd64-${{ steps.tagName.outputs.tag }} pomerium/pomerium:debug-arm64v8-${{ steps.tagName.outputs.tag }}
+          docker manifest push pomerium/pomerium:debug
+
+          docker manifest create -a pomerium/pomerium:debug-nonroot pomerium/pomerium:debug-nonroot-amd64-${{ steps.tagName.outputs.tag }} pomerium/pomerium:debug-nonroot-arm64v8-${{ steps.tagName.outputs.tag }}
+          docker manifest push pomerium/pomerium:debug-nonroot
+
  deploy:
    runs-on: ubuntu-latest
    needs: goreleaser