Conversation
| @@ -1,8 +1,14 @@ | |||
| FROM alpine:latest as build | |||
| ARG TARGETARCH | |||
There was a problem hiding this comment.
gets amd64 etc from the --platform arg
| # download appropriate sops (script gets latest) | ||
| COPY sopsinstall.sh /tmp/sopsinstall.sh | ||
| RUN sh /tmp/sopsinstall.sh -b /usr/local/bin | ||
| RUN sh /tmp/sopsinstall.sh -b /usr/local/bin -a $TARGETARCH |
There was a problem hiding this comment.
decided to continue using a script to get this since sops puts the version number in their github release artifacts, so it still needs to do the tag lookup.
| $DIR/../sopsinstall.sh -o linux -a arm64 "$SOPSDIST" | ||
| $DIR/../sopsinstall.sh -o darwin -a amd64 "$SOPSDIST" | ||
| $DIR/../sopsinstall.sh -o darwin -a arm64 "$SOPSDIST" | ||
| $DIR/../sopsinstall.sh -o windows -a amd64 "$SOPSDIST" |
There was a problem hiding this comment.
uses the same downloader to grab the archives for upload to our s3.
123bf4e to
c5275ee
Compare
c5275ee to
a10040a
Compare
| # Whether to remove the previous single-arch binaries from the artifact list. | ||
| # If left as false, your end release might have both several macOS archives: | ||
| # amd64, arm64 and all. | ||
| replace: true |
There was a problem hiding this comment.
locally, it still produces all 3. i'm not sure what the release will look like
|
|
||
| sboms: | ||
| - artifacts: binary | ||
| documents: ["{{ .Binary }}_{{ .Os }}_{{ .Arch }}.sbom"] |
There was a problem hiding this comment.
match format of the binary
| # and use wildcards when you `COPY`/`ADD` in your Dockerfile. | ||
| extra_files: | ||
| - sopsinstall.sh | ||
| - glob: ./*install.sh |
There was a problem hiding this comment.
have the deploy upload the installers instead of the extra script
| REGEX="^v([0-9]+)\.([0-9]+)\.([0-9]+)" | ||
| export VERSION=$(jq -r '.version' dist/metadata.json) | ||
| export TAG=$(jq -r '.tag' dist/metadata.json) | ||
| if [[ "${TAG}" =~ ${REGEX} ]]; then |
There was a problem hiding this comment.
gets the version information from the goreleaser metadata output
| goarm: | ||
| - "" | ||
| goamd64: | ||
| - "" |
There was a problem hiding this comment.
Is an empty string meant to clear the defaults? If so, you could set them to:
goarm: []
goamd64: []
There was a problem hiding this comment.
I think I have to specificaly set them - the default for goamd64 is v1 and it ends up in variant stuff, which is weird. I can try but this is what the docs kinda looked like
| format_overrides: | ||
| - goos: windows | ||
| format: zip |
There was a problem hiding this comment.
Ibotta doesnt, but I want to on a windows project.
| # grab appropriate sopstool binary from dist | ||
| COPY dist/sopstool_linux_$TARGETARCH/sopstool /usr/local/bin/sopstool |
There was a problem hiding this comment.
Did you mean to copy the dist file from the host machine?
There was a problem hiding this comment.
I see now that the Dockerfile is just importing the binary anyway.
There was a problem hiding this comment.
yes - this is the build of the image from the compiled source outputs of goreleaser.
install.sh
Outdated
| http_exec https://raw.githubusercontent.com/Ibotta/sopstool/master/sopsinstall.sh -b "${BINDIR}" "$@" "${SOPS_VERSION}" | ||
| fi | ||
|
|
||
| http_exec https://raw.githubusercontent.com/Ibotta/sopstool/master/sopstoolinstall.sh -b "$BINDIR" "$SOPSTOOL_VERSION" | ||
| http_exec https://raw.githubusercontent.com/Ibotta/sopstool/master/sopstoolinstall.sh -b "${BINDIR}" "$@" "${SOPSTOOL_VERSION}" |
There was a problem hiding this comment.
These github links are using master instead of main
There was a problem hiding this comment.
good call, I thought I found them all but this snuck through
| uses: docker/setup-buildx-action@v2 | ||
|
|
||
| - name: Set up Syft | ||
| uses: anchore/sbom-action/download-syft@v0 |
There was a problem hiding this comment.
this is so goreleaser can create SBOMs for the binaries (we also have docker buildx, which uses the same tool, create SBOMs for the containers)
| @@ -1,3 +1,5 @@ | |||
| report_sizes: true | |||
There was a problem hiding this comment.
these get tracked in an output json, this was useful for debugging.
|
|
||
| Usage: $this [bindir] | ||
| [bindir] sets bindir or installation directory, Defaults to ./bin | ||
| Usage: $this [-b bindir] [-o OS] [-a ARCH] [-s SOPS_VERSION] [-t SOPSTOOL_VERSION] [-d] [bindir] |
There was a problem hiding this comment.
this now uses getopts, but is backward compatible.
| if ! is_command sops; then | ||
| http_exec https://raw.githubusercontent.com/Ibotta/sopstool/master/sopsinstall.sh -b "$BINDIR" "$SOPS_VERSION" | ||
| if [ -n "${TARGET_ARCH}" ]; then | ||
| set -- "$@" "-a" "${TARGET_ARCH}" |
There was a problem hiding this comment.
arrays in posix shells lol.
| sort -t "." -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1) | ||
| if [ "${LOWEST_ARCH_VERSION}" != "${MIN_ARCH_VERSION}" ]; then | ||
| oldarch="${VERSION}" | ||
| fi |
There was a problem hiding this comment.
theres quite a bit of 'friendlyness' here that maybe isn't fully necessary - it'll bork at you if you pick arm64 windows, for example. or arm64 before sops was building for it,
| install "${TMPDIR}/${NAME}" "${BINDIR}/${BINARY}" | ||
| log_info "installed ${BINDIR}/${BINARY}" | ||
| } | ||
| archive_binary() { |
There was a problem hiding this comment.
all of this is for our download and re-upload, though its kinda nice to have otherwise too. I might consider contribbing this to sops.
| netbsd) return 0 ;; | ||
| openbsd) return 0 ;; | ||
| plan9) return 0 ;; | ||
| solaris) return 0 ;; |
There was a problem hiding this comment.
I went ahead and removed the unsupported os/arch from these lists as well
| test -z "$version" && return 1 | ||
| echo "$version" | ||
| } | ||
| hash_sha256() { |
There was a problem hiding this comment.
sops doesn't publish checksums :(
| linux/amd64) BINARIES="sopstool" ;; | ||
| linux/arm64) BINARIES="sopstool" ;; | ||
| windows/amd64) BINARIES="sopstool.exe" ;; | ||
| windows/arm64) BINARIES="sopstool.exe" ;; |
There was a problem hiding this comment.
we can do windows now ;)
Co-authored-by: Rishi Sheth <2817944+physik932@users.noreply.github.com>
elementalvoid
left a comment
There was a problem hiding this comment.
LGTM! These are some much-needed cleanups.
elementalvoid
left a comment
There was a problem hiding this comment.
LGTM! These are some much-needed cleanups.
Background
Build consistency for multiplatform
buildx bakeVersioning
Minor - we're updating a few file paths and things.
Additional Requests to Reviewers
Tasks