oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2026-02-12 02:26:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

add dockerfile + docker build step

Browse Source 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
This commit is contained in:
Alex Goodman 2021-03-11 14:23:31 -05:00
parent c7b26c55ac
commit e9105c180a
No known key found for this signature in database
GPG Key ID: 5CB45AE22BAB7EA7
4 changed files with 129 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

204
.github/workflows/release.yaml vendored
View File

@ -1,95 +1,89 @@
name: "Release" name: "Release"
on: on:
push: push:
# # take no actions on push to any branch... # take no actions on push to any branch...
# branches-ignore: branches-ignore:
# - "**" - "**"
# # ... only act on release tags # ... only act on release tags
# tags: tags:
# - "v*" - "v*"
env: env:
GO_VERSION: "1.14.x" GO_VERSION: "1.14.x"
jobs: jobs:
# wait-for-checks: wait-for-checks:
# runs-on: ubuntu-latest # This OS choice is arbitrary. None of the steps in this job are specific to either Linux or macOS. runs-on: ubuntu-latest # This OS choice is arbitrary. None of the steps in this job are specific to either Linux or macOS.
# steps: steps:
# - uses: actions/checkout@v2 - uses: actions/checkout@v2
#
# # we don't want to release commits that have been pushed and tagged, but not necessarily merged onto main # we don't want to release commits that have been pushed and tagged, but not necessarily merged onto main
# - name: Ensure tagged commit is on main - name: Ensure tagged commit is on main
# run: | run: |
# echo "Tag: ${GITHUB_REF##*/}" echo "Tag: ${GITHUB_REF##*/}"
# git fetch origin main git fetch origin main
# git merge-base --is-ancestor ${GITHUB_REF##*/} origin/main && echo "${GITHUB_REF##*/} is a commit on main!" git merge-base --is-ancestor ${GITHUB_REF##*/} origin/main && echo "${GITHUB_REF##*/} is a commit on main!"
#
# - name: Check static analysis results - name: Check static analysis results
# uses: fountainhead/action-wait-for-check@v1.0.0 uses: fountainhead/action-wait-for-check@v1.0.0
# id: static-analysis id: static-analysis
# with: with:
# token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
# # This check name is defined as the circle-ci workflow name (in .circleci/config.yaml) # This check name is defined as the circle-ci workflow name (in .circleci/config.yaml)
# checkName: "Static-Analysis (1.x, ubuntu-latest)" checkName: "Static-Analysis (1.x, ubuntu-latest)"
# ref: ${{ github.event.pull_request.head.sha || github.sha }} ref: ${{ github.event.pull_request.head.sha || github.sha }}
#
# - name: Check unit + integration results (latest go version) - name: Check unit + integration results (latest go version)
# uses: fountainhead/action-wait-for-check@v1.0.0 uses: fountainhead/action-wait-for-check@v1.0.0
# id: unit-integration id: unit-integration
# with: with:
# token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
# # This check name is defined as the circle-ci workflow name (in .circleci/config.yaml) # This check name is defined as the circle-ci workflow name (in .circleci/config.yaml)
# checkName: "Tests (1.x, ubuntu-latest)" checkName: "Tests (1.x, ubuntu-latest)"
# ref: ${{ github.event.pull_request.head.sha || github.sha }} ref: ${{ github.event.pull_request.head.sha || github.sha }}
#
# - name: Check acceptance test results (linux) - name: Check acceptance test results (linux)
# uses: fountainhead/action-wait-for-check@v1.0.0 uses: fountainhead/action-wait-for-check@v1.0.0
# id: acceptance-linux id: acceptance-linux
# with: with:
# token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
# # This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml) # This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml)
# checkName: "Acceptance-Linux" checkName: "Acceptance-Linux"
# ref: ${{ github.event.pull_request.head.sha || github.sha }} ref: ${{ github.event.pull_request.head.sha || github.sha }}
#
# - name: Check acceptance test results (mac) - name: Check acceptance test results (mac)
# uses: fountainhead/action-wait-for-check@v1.0.0 uses: fountainhead/action-wait-for-check@v1.0.0
# id: acceptance-mac id: acceptance-mac
# with: with:
# token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
# # This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml) # This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml)
# checkName: "Acceptance-Mac" checkName: "Acceptance-Mac"
# ref: ${{ github.event.pull_request.head.sha || github.sha }} ref: ${{ github.event.pull_request.head.sha || github.sha }}
#
# - name: Check inline comparison test results - name: Check inline comparison test results
# uses: fountainhead/action-wait-for-check@v1.0.0 uses: fountainhead/action-wait-for-check@v1.0.0
# id: inline-compare id: inline-compare
# with: with:
# token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
# # This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml) # This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml)
# checkName: "Inline-Compare" checkName: "Inline-Compare"
# ref: ${{ github.event.pull_request.head.sha || github.sha }} ref: ${{ github.event.pull_request.head.sha || github.sha }}
#
# - name: Quality gate - name: Quality gate
# if: steps.static-analysis.outputs.conclusion != 'success' || steps.unit-integration.outputs.conclusion != 'success' || steps.inline-compare.outputs.conclusion != 'success' || steps.acceptance-linux.outputs.conclusion != 'success' || steps.acceptance-mac.outputs.conclusion != 'success' if: steps.static-analysis.outputs.conclusion != 'success' || steps.unit-integration.outputs.conclusion != 'success' || steps.inline-compare.outputs.conclusion != 'success' || steps.acceptance-linux.outputs.conclusion != 'success' || steps.acceptance-mac.outputs.conclusion != 'success'
# run: | run: |
# echo "Static Analysis Status: ${{ steps.static-analysis.conclusion }}" echo "Static Analysis Status: ${{ steps.static-analysis.conclusion }}"
# echo "Unit & Integration Test Status: ${{ steps.unit-integration.outputs.conclusion }}" echo "Unit & Integration Test Status: ${{ steps.unit-integration.outputs.conclusion }}"
# echo "Acceptance Test (Linux) Status: ${{ steps.acceptance-linux.outputs.conclusion }}" echo "Acceptance Test (Linux) Status: ${{ steps.acceptance-linux.outputs.conclusion }}"
# echo "Acceptance Test (Mac) Status: ${{ steps.acceptance-mac.outputs.conclusion }}" echo "Acceptance Test (Mac) Status: ${{ steps.acceptance-mac.outputs.conclusion }}"
# echo "Inline Compare Status: ${{ steps.inline-compare.outputs.conclusion }}" echo "Inline Compare Status: ${{ steps.inline-compare.outputs.conclusion }}"
# false false
release: release:
# needs: [wait-for-checks] needs: [wait-for-checks]
runs-on: macos-latest # Due to our code signing process, it's vital that we run our release steps on macOS. runs-on: macos-latest # Due to our code signing process, it's vital that we run our release steps on macOS.
steps: steps:
- uses: docker-practice/actions-setup-docker@master - uses: docker-practice/actions-setup-docker@master
- run: |
set -x
docker version
docker run --rm hello-world
- uses: actions/setup-go@v2 - uses: actions/setup-go@v2
with: with:
@ -130,30 +124,30 @@ jobs:
echo "name: ${{ steps.import_gpg.outputs.name }}" echo "name: ${{ steps.import_gpg.outputs.name }}"
echo "email: ${{ steps.import_gpg.outputs.email }}" echo "email: ${{ steps.import_gpg.outputs.email }}"
# - name: Build & publish release artifacts - name: Build & publish release artifacts
# run: make release run: make release
# env: env:
# GITHUB_TOKEN: ${{ secrets.ANCHORE_GIT_READ_TOKEN }} GITHUB_TOKEN: ${{ secrets.ANCHORE_GIT_READ_TOKEN }}
# GPG_PRIVATE_KEY: ${{ secrets.SIGNING_GPG_PRIVATE_KEY }} GPG_PRIVATE_KEY: ${{ secrets.SIGNING_GPG_PRIVATE_KEY }}
# PASSPHRASE: ${{ secrets.SIGNING_GPG_PASSPHRASE }} PASSPHRASE: ${{ secrets.SIGNING_GPG_PASSPHRASE }}
# SIGNING_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} SIGNING_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
# AWS_ACCESS_KEY_ID: ${{ secrets.TOOLBOX_AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.TOOLBOX_AWS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLBOX_AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLBOX_AWS_SECRET_ACCESS_KEY }}
# APPLE_DEVELOPER_ID_CERT: ${{ secrets.APPLE_DEVELOPER_ID_CERT }} # Used during macOS code signing. APPLE_DEVELOPER_ID_CERT: ${{ secrets.APPLE_DEVELOPER_ID_CERT }} # Used during macOS code signing.
# APPLE_DEVELOPER_ID_CERT_PASS: ${{ secrets.APPLE_DEVELOPER_ID_CERT_PASS }} # Used during macOS code signing. APPLE_DEVELOPER_ID_CERT_PASS: ${{ secrets.APPLE_DEVELOPER_ID_CERT_PASS }} # Used during macOS code signing.
# AC_USERNAME: ${{ secrets.ENG_CI_APPLE_ID }} # Used during macOS notarization. AC_USERNAME: ${{ secrets.ENG_CI_APPLE_ID }} # Used during macOS notarization.
# AC_PASSWORD: ${{ secrets.ENG_CI_APPLE_ID_PASS }} # Used during macOS notarization. AC_PASSWORD: ${{ secrets.ENG_CI_APPLE_ID_PASS }} # Used during macOS notarization.
# - uses: 8398a7/action-slack@v3 - uses: 8398a7/action-slack@v3
# with: with:
# status: ${{ job.status }} status: ${{ job.status }}
# fields: repo,workflow,action,eventName fields: repo,workflow,action,eventName
# text: "A new Syft release is ready to be manually published: https://github.com/anchore/syft/releases" text: "A new Syft release is ready to be manually published: https://github.com/anchore/syft/releases"
# env: env:
# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
# if: ${{ success() }} if: ${{ success() }}
#
# - uses: actions/upload-artifact@v2 - uses: actions/upload-artifact@v2
# with: with:
# name: artifacts name: artifacts
# path: dist/**/* path: dist/**/*

11
.goreleaser.yaml
View File

@ -90,3 +90,14 @@ brews:
name: homebrew-syft name: homebrew-syft
homepage: *website homepage: *website
description: *description description: *description
dockers:
-
binaries:
- syft
dockerfile: Dockerfile
image_templates:
- "anchore/syft:latest"
- "anchore/syft:{{ .Tag }}"
- "anchore/syft:v{{ .Major }}"
- "anchore/syft:v{{ .Major }}.{{ .Minor }}"

14
Dockerfile Normal file
View File

@ -0,0 +1,14 @@
FROM alpine:latest AS build
RUN apk --no-cache add ca-certificates
FROM scratch
# needed for version check HTTPS request
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
# create the /tmp dir, which is needed for image content cache
WORKDIR /tmp
COPY syft /
ENTRYPOINT ["/syft"]

12
Makefile
View File

@ -78,10 +78,6 @@ help:
ci-bootstrap: ci-bootstrap:
DEBIAN_FRONTEND=noninteractive sudo apt update && sudo -E apt install -y bc jq libxml2-utils DEBIAN_FRONTEND=noninteractive sudo apt update && sudo -E apt install -y bc jq libxml2-utils
.PHONY:
ci-bootstrap-mac:
github_changelog_generator --version || sudo gem install github_changelog_generator
.PHONY: bootstrap .PHONY: bootstrap
bootstrap: ## Download and install all go dependencies (+ prep tooling in the ./tmp dir) bootstrap: ## Download and install all go dependencies (+ prep tooling in the ./tmp dir)
$(call title,Bootstrapping dependencies) $(call title,Bootstrapping dependencies)
@ -226,8 +222,9 @@ acceptance-test-rpm-package-install: $(SNAPSHOTDIR)
.PHONY: changlog-release .PHONY: changlog-release
changelog-release: changelog-release:
@echo "Last tag: $(SECOND_TO_LAST_TAG)" @echo "Last tag: $(SECOND_TO_LAST_TAG)"
@echo "Current tag: $(VERSION)" @docker run --rm \
@github_changelog_generator \ -v "$(shell pwd)":/usr/local/src/your-app \
ferrarimarco/github-changelog-generator \
--user anchore \ --user anchore \
--project $(BIN) \ --project $(BIN) \
-t ${GITHUB_TOKEN} \ -t ${GITHUB_TOKEN} \
@ -259,7 +256,7 @@ changelog-unreleased: ## show the current changelog that will be produced on the
/CHANGELOG.md /CHANGELOG.md
.PHONY: release .PHONY: release
release: clean-dist ci-bootstrap-mac changelog-release ## Build and publish final binaries and packages. Intended to be run only on macOS. release: clean-dist changelog-release ## Build and publish final binaries and packages. Intended to be run only on macOS.
$(call title,Publishing release artifacts) $(call title,Publishing release artifacts)
# Prepare for macOS-specific signing process # Prepare for macOS-specific signing process
@ -284,6 +281,7 @@ release: clean-dist ci-bootstrap-mac changelog-release ## Build and publish fina
# upload the version file that supports the application version update check (excluding pre-releases) # upload the version file that supports the application version update check (excluding pre-releases)
.github/scripts/update-version-file.sh "$(DISTDIR)" "$(VERSION)" .github/scripts/update-version-file.sh "$(DISTDIR)" "$(VERSION)"
.PHONY: clean .PHONY: clean
clean: clean-dist clean-snapshot ## Remove previous builds and result reports clean: clean-dist clean-snapshot ## Remove previous builds and result reports
rm -rf $(RESULTSDIR)/* rm -rf $(RESULTSDIR)/*