Add an image with helm secrets installed
This commit is contained in:
parent
1e8894efcc
commit
c7e8a87a36
60
.github/workflows/container-stable.yaml
vendored
60
.github/workflows/container-stable.yaml
vendored
@ -7,7 +7,8 @@ on:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
containerization:
|
||||
prepare_base:
|
||||
name: Prepare the base image
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
@ -30,6 +31,7 @@ jobs:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.repository_owner }}
|
||||
password: ${{ secrets.CR_PAT }}
|
||||
|
||||
- name: Build base
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
@ -46,35 +48,49 @@ jobs:
|
||||
actor=${{ github.actor }}
|
||||
sha=${{ github.sha }}
|
||||
ref=${{ github.ref }}
|
||||
- name: Build helmfile
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
builder: ${{ steps.buildx.outputs.name }}
|
||||
context: ./dockerfiles
|
||||
file: ./dockerfiles/Dockerfile-helmfile
|
||||
platforms: linux/amd64,linux/arm64
|
||||
push: true
|
||||
tags: |
|
||||
ghcr.io/${{ github.repository }}-helmfile:latest
|
||||
ghcr.io/${{ github.repository }}-helmfile:stable
|
||||
labels: |
|
||||
action_id=${{ github.action }}
|
||||
action_link=${{ env.LINK }}
|
||||
actor=${{ github.actor }}
|
||||
sha=${{ github.sha }}
|
||||
ref=${{ github.ref }}
|
||||
|
||||
build_containers:
|
||||
name: Build final images
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
target_image:
|
||||
- helmfile
|
||||
- helmfile-secrets
|
||||
- argo
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Build argo
|
||||
- name: Set action link variable
|
||||
run: echo "LINK=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> $GITHUB_ENV
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@master
|
||||
with:
|
||||
platforms: all
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@master
|
||||
- name: Login to GitHub Container Registry
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.repository_owner }}
|
||||
password: ${{ secrets.CR_PAT }}
|
||||
|
||||
- name: Build ${{ matrix.target_image }}
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
builder: ${{ steps.buildx.outputs.name }}
|
||||
context: ./dockerfiles
|
||||
file: ./dockerfiles/Dockerfile-argo
|
||||
file: ./dockerfiles/Dockerfile-$${{ matrix.target_image }}
|
||||
platforms: linux/amd64,linux/arm64
|
||||
push: true
|
||||
tags: |
|
||||
ghcr.io/${{ github.repository }}-argo:latest
|
||||
ghcr.io/${{ github.repository }}-argo:stable
|
||||
ghcr.io/${{ github.repository }}-${{ matrix.target_image }}:latest
|
||||
ghcr.io/${{ github.repository }}-${{ matrix.target_image }}:stable
|
||||
labels: |
|
||||
action_id=${{ github.action }}
|
||||
action_link=${{ env.LINK }}
|
||||
|
65
.github/workflows/container-version.yaml
vendored
65
.github/workflows/container-version.yaml
vendored
@ -7,7 +7,8 @@ on:
|
||||
- "v*.*.*"
|
||||
|
||||
jobs:
|
||||
containerization:
|
||||
build_base:
|
||||
name: Prepare the base image
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
@ -49,40 +50,56 @@ jobs:
|
||||
actor=${{ github.actor }}
|
||||
sha=${{ github.sha }}
|
||||
ref=${{ github.ref }}
|
||||
- name: Build helmfile
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
build-args: |
|
||||
BASE_VERSION=${{ env.TAG }}
|
||||
builder: ${{ steps.buildx.outputs.name }}
|
||||
context: ./dockerfiles
|
||||
file: ./dockerfiles/Dockerfile-helmfile
|
||||
platforms: linux/amd64,linux/arm64
|
||||
push: true
|
||||
tags: |
|
||||
ghcr.io/${{ github.repository }}-helmfile:${{ env.TAG }}
|
||||
labels: |
|
||||
action_id=${{ github.action }}
|
||||
action_link=${{ env.LINK }}
|
||||
actor=${{ github.actor }}
|
||||
sha=${{ github.sha }}
|
||||
ref=${{ github.ref }}
|
||||
|
||||
build_containers:
|
||||
name: Build final images
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
target_image:
|
||||
- helmfile
|
||||
- helmfile-secrets
|
||||
- argo
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Build argo
|
||||
- name: Set version variable
|
||||
run: echo "TAG=${GITHUB_REF##*/}" >> $GITHUB_ENV
|
||||
|
||||
- name: Set action link variable
|
||||
run: echo "LINK=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> $GITHUB_ENV
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@master
|
||||
with:
|
||||
platforms: all
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@master
|
||||
- name: Login to GitHub Container Registry
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.repository_owner }}
|
||||
password: ${{ secrets.CR_PAT }}
|
||||
|
||||
- name: Build ${{ matrix.target_image }}
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
builder: ${{ steps.buildx.outputs.name }}
|
||||
build-args: |
|
||||
BASE_VERSION=${{ env.TAG }}
|
||||
context: ./dockerfiles
|
||||
file: ./dockerfiles/Dockerfile-argo
|
||||
file: ./dockerfiles/Dockerfile-$${{ matrix.target_image }}
|
||||
platforms: linux/amd64,linux/arm64
|
||||
push: true
|
||||
tags: |
|
||||
ghcr.io/${{ github.repository }}-argo:${{ env.TAG }}
|
||||
ghcr.io/${{ github.repository }}-${{ matrix.target_image }}:${{ env.TAG }}
|
||||
ghcr.io/${{ github.repository }}-${{ matrix.target_image }}:${{ env.TAG }}
|
||||
labels: |
|
||||
action_id=${{ github.action }}
|
||||
action_link=${{ env.LINK }}
|
||||
actor=${{ github.actor }}
|
||||
sha=${{ github.sha }}
|
||||
ref=${{ github.ref }}
|
||||
|
24
dockerfiles/Dockerfile-helmfile-secrets
Normal file
24
dockerfiles/Dockerfile-helmfile-secrets
Normal file
@ -0,0 +1,24 @@
|
||||
ARG BASE_VERSION=latest
|
||||
FROM ghcr.io/allanger/dumb-downloader as builder
|
||||
RUN apt-get update -y && apt-get install tar -y
|
||||
ARG HELM_VERSION=v3.10.3
|
||||
ARG HELMFILE_VERSION=0.151.0
|
||||
ENV RUST_LOG=info
|
||||
RUN dudo -l "https://github.com/helmfile/helmfile/releases/download/v{{ version }}/helmfile_{{ version }}_{{ os }}_{{ arch }}.tar.gz" -d /tmp/helmfile.tar.gz -p $HELMFILE_VERSION
|
||||
RUN dudo -l "https://get.helm.sh/helm-{{ version }}-{{ os }}-{{ arch }}.tar.gz" -d /tmp/helm.tar.gz -p $HELM_VERSION
|
||||
RUN tar -xf /tmp/helm.tar.gz -C /tmp && rm -f /tmp/helm.tar.gz
|
||||
RUN tar -xf /tmp/helmfile.tar.gz -C /tmp && rm -f /tmp/helmfile.tar.gz
|
||||
RUN mkdir /out && for bin in `find /tmp | grep helm`; do cp $bin /out/; done
|
||||
RUN chmod +x /out/helm
|
||||
RUN chmod +x /out/helmfile
|
||||
|
||||
FROM mozilla/sops:v3.7-alpine as sops
|
||||
WORKDIR /out
|
||||
RUN cp $(which sops) /out/sops
|
||||
|
||||
FROM ghcr.io/allanger/check-da-helm-base:${BASE_VERSION}
|
||||
COPY --from=builder /out/ /usr/bin
|
||||
COPY --from=sops /out/ /usr/bin
|
||||
RUN apk update --no-cache && apk add --no-cache jq bash age git
|
||||
RUN helm plugin install https://github.com/jkroepke/helm-secrets --version v4.4.2
|
||||
ENTRYPOINT ["cdh"]
|
Reference in New Issue
Block a user