diff --git a/.github/Dockerfile-release b/.github/Dockerfile-release new file mode 100644 index 000000000..490a374da --- /dev/null +++ b/.github/Dockerfile-release @@ -0,0 +1,9 @@ +FROM busybox:latest as build +RUN touch /config.yaml + +FROM gcr.io/distroless/static +WORKDIR /pomerium +COPY pomerium* /bin/ +COPY --from=build /config.yaml /pomerium/config.yaml +ENTRYPOINT [ "/bin/pomerium" ] +CMD ["-config","/pomerium/config.yaml"] diff --git a/.github/Dockerfile-release.arm32v6 b/.github/Dockerfile-release.arm32v6 new file mode 100644 index 000000000..940eb4d0a --- /dev/null +++ b/.github/Dockerfile-release.arm32v6 @@ -0,0 +1,11 @@ +FROM busybox:latest as build +RUN touch /config.yaml + +FROM arm32v7/alpine +WORKDIR /pomerium +COPY --from=multiarch/qemu-user-static /usr/bin/qemu-aarch64-static /usr/bin/ +RUN apk --no-cache add ca-certificates +COPY pomerium* /bin/ +COPY --from=build /config.yaml /pomerium/config.yaml +ENTRYPOINT [ "/bin/pomerium" ] +CMD ["-config","/pomerium/config.yaml"] diff --git a/.github/Dockerfile-release.arm32v7 b/.github/Dockerfile-release.arm32v7 new file mode 100644 index 000000000..940eb4d0a --- /dev/null +++ b/.github/Dockerfile-release.arm32v7 @@ -0,0 +1,11 @@ +FROM busybox:latest as build +RUN touch /config.yaml + +FROM arm32v7/alpine +WORKDIR /pomerium +COPY --from=multiarch/qemu-user-static /usr/bin/qemu-aarch64-static /usr/bin/ +RUN apk --no-cache add ca-certificates +COPY pomerium* /bin/ +COPY --from=build /config.yaml /pomerium/config.yaml +ENTRYPOINT [ "/bin/pomerium" ] +CMD ["-config","/pomerium/config.yaml"] diff --git a/.github/Dockerfile-release.arm64v8 b/.github/Dockerfile-release.arm64v8 new file mode 100644 index 000000000..fa98cc92d --- /dev/null +++ b/.github/Dockerfile-release.arm64v8 @@ -0,0 +1,11 @@ +FROM busybox:latest as build +RUN touch /config.yaml + +FROM arm64v8/alpine +WORKDIR /pomerium +COPY --from=multiarch/qemu-user-static /usr/bin/qemu-aarch64-static /usr/bin/ +RUN apk --no-cache add ca-certificates +COPY pomerium* /bin/ +COPY --from=build /config.yaml /pomerium/config.yaml +ENTRYPOINT [ "/bin/pomerium" ] +CMD ["-config","/pomerium/config.yaml"] diff --git a/.github/goreleaser.yaml b/.github/goreleaser.yaml new file mode 100644 index 000000000..f76c0c14b --- /dev/null +++ b/.github/goreleaser.yaml @@ -0,0 +1,166 @@ +project_name: pomerium + +release: + github: + owner: pomerium + name: pomerium + name_template: "v{{.Version}}" + +before: + hooks: + - go mod download + +builds: + - id: pomerium + main: cmd/pomerium/main.go + binary: pomerium + env: + - CGO_ENABLED=0 + goarch: + - amd64 + - arm + - arm64 + goos: + - linux + - darwin + - windows + - freebsd + goarm: + - 6 + - 7 + ignore: + - goos: freebsd + goarch: arm64 + - goos: freebsd + goarch: arm + + ldflags: + - -s -w + - -X github.com/pomerium/pomerium/internal/version.Version={{.Version}} + - -X github.com/pomerium/pomerium/internal/version.GitCommit={{.ShortCommit}} + - -X github.com/pomerium/pomerium/internal/version.BuildMeta={{.Timestamp}} + - -X github.com/pomerium/pomerium/internal/version.ProjectName=pomerium + - -X github.com/pomerium/pomerium/internal/version.ProjectURL=https://wwww.pomerium.io + + - id: pomerium-cli + main: cmd/pomerium-cli/cli.go + binary: pomerium-cli + env: + - CGO_ENABLED=0 + goarch: + - amd64 + - arm + - arm64 + goos: + - linux + - darwin + - windows + - freebsd + goarm: + - 6 + - 7 + ignore: + - goos: freebsd + goarch: arm64 + - goos: freebsd + goarch: arm + + ldflags: + - -s -w + - -X github.com/pomerium/pomerium/internal/version.Version={{.Version}} + - -X github.com/pomerium/pomerium/internal/version.GitCommit={{.ShortCommit}} + - -X github.com/pomerium/pomerium/internal/version.BuildMeta={{.Timestamp}} + - -X github.com/pomerium/pomerium/internal/version.ProjectName=pomerium + - -X github.com/pomerium/pomerium/internal/version.ProjectURL=https://wwww.pomerium.io + +archives: + - name_template: "{{ .ProjectName }}-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" + builds: + - pomerium + - pomerium-cli + files: + - none* + format_overrides: + - goos: windows + format: zip + +checksum: + name_template: "{{ .ProjectName }}_checksums.txt" + +snapshot: + name_template: "{{ .Tag }}+next" + +dockers: + - image_templates: + - "pomerium/pomerium:{{ .Tag }}" + - "pomerium/pomerium:latest" + dockerfile: .github/Dockerfile-release + binaries: + - pomerium + - pomerium-cli + build_flag_templates: + - "--pull" + - "--label=org.opencontainers.image.created={{.Date}}" + - "--label=org.opencontainers.image.name={{.ProjectName}}" + - "--label=org.opencontainers.image.revision={{.FullCommit}}" + - "--label=org.opencontainers.image.version={{.Version}}" + - "--label=org.opencontainers.image.source={{.GitURL}}" + - "--label=repository=http://github.com/pomerium/pomerium" + - "--label=homepage=http://www.pomerium.io" + + - goarch: arm64 + image_templates: + - "pomerium/pomerium:arm64v8-{{ .Tag }}" + - "pomerium/pomerium:arm64v8-latest" + dockerfile: .github/Dockerfile-release.arm64v8 + binaries: + - pomerium + - pomerium-cli + build_flag_templates: + - "--pull" + - "--label=org.opencontainers.image.created={{.Date}}" + - "--label=org.opencontainers.image.name={{.ProjectName}}" + - "--label=org.opencontainers.image.revision={{.FullCommit}}" + - "--label=org.opencontainers.image.version={{.Version}}" + - "--label=org.opencontainers.image.source={{.GitURL}}" + - "--label=repository=http://github.com/pomerium/pomerium" + - "--label=homepage=http://www.pomerium.io" + + - goarch: arm + goarm: 7 + image_templates: + - "pomerium/pomerium:arm32v7-{{ .Tag }}" + - "pomerium/pomerium:arm32v7-latest" + dockerfile: .github/Dockerfile-release.arm32v7 + binaries: + - pomerium + - pomerium-cli + + build_flag_templates: + - "--pull" + - "--label=org.opencontainers.image.created={{.Date}}" + - "--label=org.opencontainers.image.name={{.ProjectName}}" + - "--label=org.opencontainers.image.revision={{.FullCommit}}" + - "--label=org.opencontainers.image.version={{.Version}}" + - "--label=org.opencontainers.image.source={{.GitURL}}" + - "--label=repository=http://github.com/pomerium/pomerium" + - "--label=homepage=http://www.pomerium.io" + + - goarch: arm + goarm: 6 + image_templates: + - "pomerium/pomerium:arm32v6-{{ .Tag }}" + - "pomerium/pomerium:arm32v6-latest" + dockerfile: .github/Dockerfile-release.arm32v6 + binaries: + - pomerium + - pomerium-cli + build_flag_templates: + - "--pull" + - "--label=org.opencontainers.image.created={{.Date}}" + - "--label=org.opencontainers.image.name={{.ProjectName}}" + - "--label=org.opencontainers.image.revision={{.FullCommit}}" + - "--label=org.opencontainers.image.version={{.Version}}" + - "--label=org.opencontainers.image.source={{.GitURL}}" + - "--label=repository=http://github.com/pomerium/pomerium" + - "--label=homepage=http://www.pomerium.io" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 000000000..f8ca67bf4 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,32 @@ +name: Release + +on: + release: + types: + - published + +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Unshallow + run: git fetch --prune --unshallow + - name: Set up Go + uses: actions/setup-go@v1 + with: + go-version: 1.14.x + - name: Set up Docker + run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + - uses: azure/docker-login@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v1 + with: + version: latest + args: release --config .github/goreleaser.yaml + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 7220df752..000000000 --- a/.travis.yml +++ /dev/null @@ -1,123 +0,0 @@ -stages: - - name: test - if: fork = false AND type = push - - name: "Docker Build and Publish" - if: fork = false AND type = push - -language: go -go: - - 1.x - - tip -cache: - directories: - - $HOME/.cache/go-build - - $HOME/gopath/pkg/mod - -before_script: - - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter - - chmod +x ./cc-test-reporter - - ./cc-test-reporter before-build - -script: - - env GOPROXY=https://proxy.golang.org GO111MODULE=on make all - - env GO111MODULE=on make cover - - env GO111MODULE=on make release - - env GOPROXY=https://proxy.golang.org GO111MODULE=on go test ./... -coverprofile c.out - -after_success: - - bash <(curl -s https://codecov.io/bash) - - ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT - -deploy: - provider: releases - api_key: - secure: LhWnZHIilCFItgLJUfWUvbJSLFLpzlANj80Ji8y/MnzHGfnn5baYQpYA6eUnOkO6oXU1Uca+KLEQjDa4ySg6++B+5+jkmkWS4PWtj084dgXcKVIrBOt0CX46z8212Fii4WxGKY+Cukw3HejGq5XZmExxcAWbAGDklGedOvZWQImId62/nWjAJc5GLbXgz++i+67d7Uqfcd2wqZfWXsy8OIAG6VnjEP7spUALgaDt4HJaHZU4M9yDxkLX+3eKMuEl5DAJplmEsyDz1xYTcuYRQ7kFv3krXWyb5q9YQhGi8hwv7O93Q1iKMS2lk1rq9TTsr4AlW8lTrms7nvhKNWQWfdGmB2TEyBL/yZ3oaVO45oJoXhd0ff0ufa4VI05o+4WAEeYMkyFEnPxzbRZzPmz28zv9VLWuhS0qav9OnJgBVjFPhCrCYVyCZ6HP/alhrHjepr9hM5DLKwSzNkXWWMsJ4sraRFXQvAXTUbOE3qaeM3WYZ0TXwMNCfwGqE9tx6lXPZNirXZ6UH3qa5CGGyE3S73wUOo6Wo1yG7yBpuGHs485p+QJK+j3dhsJi+PAr4KShUhT7VvLNgidRkeaLGUCcrVf4J+UMCwWSoh5QGEy2lj1Ur4D8+dzXI9BOhL/EvtB3fozzycJ7ZJHLkPfFGnKfY83Q7A3oZ5MXDaWXBNSzTp4= - on: - tags: true - file: - - dist/pomerium-darwin-amd64 - - dist/pomerium-darwin-amd64.md5 - - dist/pomerium-darwin-amd64.sha256 - - dist/pomerium-linux-amd64 - - dist/pomerium-linux-amd64.md5 - - dist/pomerium-linux-amd64.sha256 - - dist/pomerium-windows-amd64 - - dist/pomerium-windows-amd64.md5 - - dist/pomerium-windows-amd64.sha256 - skip_cleanup: true - -docker_setup: &docker_setup - - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - - - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" - - sudo apt-get update - - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce - - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - -docker_login: &docker_login - - echo ${DOCKER_PASSWORD} | docker login -u ${DOCKER_USERNAME} --password-stdin - -matrix: - allow_failures: - - go: tip - fast_finish: true - include: - - name: "Build Master amd64" - stage: "Docker Build and Publish" - if: branch = master - install: *docker_setup - before_script: *docker_login - go: 1.x - script: - - .travis/docker_build.sh ${TRAVIS_REPO_SLUG}:master Dockerfile - - docker push ${TRAVIS_REPO_SLUG} - - - name: "Build Master arm64v8" - if: branch = master - install: *docker_setup - before_script: *docker_login - go: 1.x - script: - - .travis/docker_build.sh ${TRAVIS_REPO_SLUG}:arm64v8-master Dockerfile.arm64v8 - - docker push ${TRAVIS_REPO_SLUG} - - - name: "Build Tag amd64" - if: tag =~ /^v([0-9.]+)$/ - install: *docker_setup - before_script: *docker_login - go: 1.x - script: - - .travis/docker_build.sh ${TRAVIS_REPO_SLUG}:${TRAVIS_TAG} Dockerfile - - docker tag ${TRAVIS_REPO_SLUG}:${TRAVIS_TAG} ${TRAVIS_REPO_SLUG}:latest - - docker tag ${TRAVIS_REPO_SLUG}:${TRAVIS_TAG} ${TRAVIS_REPO_SLUG}:amd64-latest - - docker tag ${TRAVIS_REPO_SLUG}:${TRAVIS_TAG} ${TRAVIS_REPO_SLUG}:amd64-${TRAVIS_TAG} - - docker push ${TRAVIS_REPO_SLUG} - - - name: "Build Tag arm64v8" - if: tag =~ /^v([0-9.]+)$/ - install: *docker_setup - before_script: *docker_login - go: 1.x - script: - - .travis/docker_build.sh ${TRAVIS_REPO_SLUG}:arm64v8-${TRAVIS_TAG} Dockerfile.arm64v8 - - docker tag ${TRAVIS_REPO_SLUG}:arm64v8-${TRAVIS_TAG} ${TRAVIS_REPO_SLUG}:arm64v8-latest - - docker push ${TRAVIS_REPO_SLUG} - - - name: "Build Tag arm32v7" - if: tag =~ /^v([0-9.]+)$/ - install: *docker_setup - before_script: *docker_login - go: 1.x - script: - - .travis/docker_build.sh ${TRAVIS_REPO_SLUG}:arm32v7-${TRAVIS_TAG} Dockerfile.arm32v7 - - docker tag ${TRAVIS_REPO_SLUG}:arm32v7-${TRAVIS_TAG} ${TRAVIS_REPO_SLUG}:arm32v7-latest - - docker push ${TRAVIS_REPO_SLUG} - - - name: "Build Tag arm32v6" - if: tag =~ /^v([0-9.]+)$/ - install: *docker_setup - before_script: *docker_login - go: 1.x - script: - - .travis/docker_build.sh ${TRAVIS_REPO_SLUG}:arm32v6-${TRAVIS_TAG} Dockerfile.arm32v6 - - docker tag ${TRAVIS_REPO_SLUG}:arm32v6-${TRAVIS_TAG} ${TRAVIS_REPO_SLUG}:arm32v6-latest - - docker push ${TRAVIS_REPO_SLUG} diff --git a/.travis/docker_build.sh b/.travis/docker_build.sh deleted file mode 100755 index fc09e08cc..000000000 --- a/.travis/docker_build.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -e - -FULL_IMAGE_NAME=${1:-pomerium/pomerium} -DOCKERFILE=${2:-Dockerfile} - -docker build -t "${FULL_IMAGE_NAME}" -f "${DOCKERFILE}" . diff --git a/Dockerfile b/Dockerfile index 0efdbc390..95f7ce5e8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,18 +1,11 @@ FROM golang:latest as build WORKDIR /go/src/github.com/pomerium/pomerium -# docker build --build-arg ARCH=arm --build-arg ARM=7 . -# frustratingly not supported by dockerhub automated builds though -ARG ARCH=amd64 -ARG ARM=7   -ENV CGO_ENABLED=0 -ENV GO111MODULE=on -ENV GOARCH=${ARCH} -ENV GOARM=${ARM} # cache depedency downloads COPY go.mod go.sum ./ RUN go mod download COPY . . + # build RUN make RUN touch /config.yaml diff --git a/Dockerfile.arm32v6 b/Dockerfile.arm32v6 deleted file mode 100644 index 56c184020..000000000 --- a/Dockerfile.arm32v6 +++ /dev/null @@ -1,22 +0,0 @@ -FROM golang:latest as build -WORKDIR /go/src/github.com/pomerium/pomerium -ENV CGO_ENABLED=0 -ENV GO111MODULE=on -ENV GOARCH=arm -ENV GOARM=6 -# cache depedency downloads -COPY go.mod go.sum ./ -RUN go mod download -COPY . . -# build -RUN make build -RUN touch /config.yaml - -FROM arm32v6/alpine -WORKDIR /pomerium -COPY --from=multiarch/qemu-user-static /usr/bin/qemu-arm-static /usr/bin/ -RUN apk --no-cache add ca-certificates -COPY --from=build /go/src/github.com/pomerium/pomerium/bin/* /bin/ -COPY --from=build /config.yaml /pomerium/config.yaml -ENTRYPOINT [ "/bin/pomerium" ] -CMD ["-config","/pomerium/config.yaml"] \ No newline at end of file diff --git a/Dockerfile.arm32v7 b/Dockerfile.arm32v7 deleted file mode 100644 index 4e579c231..000000000 --- a/Dockerfile.arm32v7 +++ /dev/null @@ -1,22 +0,0 @@ -FROM golang:latest as build -WORKDIR /go/src/github.com/pomerium/pomerium -ENV CGO_ENABLED=0 -ENV GO111MODULE=on -ENV GOARCH=arm -ENV GOARM=7 -# cache depedency downloads -COPY go.mod go.sum ./ -RUN go mod download -COPY . . -# build -RUN make build -RUN touch /config.yaml - -FROM arm32v7/alpine -WORKDIR /pomerium -COPY --from=multiarch/qemu-user-static /usr/bin/qemu-arm-static /usr/bin/ -RUN apk --no-cache add ca-certificates -COPY --from=build /go/src/github.com/pomerium/pomerium/bin/* /bin/ -COPY --from=build /config.yaml /pomerium/config.yaml -ENTRYPOINT [ "/bin/pomerium" ] -CMD ["-config","/pomerium/config.yaml"] \ No newline at end of file diff --git a/Dockerfile.arm64v8 b/Dockerfile.arm64v8 deleted file mode 100644 index 8ae9a0d45..000000000 --- a/Dockerfile.arm64v8 +++ /dev/null @@ -1,21 +0,0 @@ -FROM golang:latest as build -WORKDIR /go/src/github.com/pomerium/pomerium -ENV CGO_ENABLED=0 -ENV GO111MODULE=on -ENV GOARCH=arm64 -# cache depedency downloads -COPY go.mod go.sum ./ -RUN go mod download -COPY . . -# build -RUN make build -RUN touch /config.yaml - -FROM arm64v8/alpine -WORKDIR /pomerium -COPY --from=multiarch/qemu-user-static /usr/bin/qemu-aarch64-static /usr/bin/ -RUN apk --no-cache add ca-certificates -COPY --from=build /go/src/github.com/pomerium/pomerium/bin/* /bin/ -COPY --from=build /config.yaml /pomerium/config.yaml -ENTRYPOINT [ "/bin/pomerium" ] -CMD ["-config","/pomerium/config.yaml"] \ No newline at end of file