Add an image with helm secrets installed

This commit is contained in:
Nikolai Rodionov 2023-05-04 12:31:31 +02:00
parent 1e8894efcc
commit c7e8a87a36
No known key found for this signature in database
GPG Key ID: 906851F91B1DA3EF
3 changed files with 103 additions and 46 deletions

View File

@ -7,7 +7,8 @@ on:
- main
jobs:
containerization:
prepare_base:
name: Prepare the base image
runs-on: ubuntu-latest
steps:
- name: Checkout
@ -30,6 +31,7 @@ jobs:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
- name: Build base
uses: docker/build-push-action@v2
with:
@ -46,35 +48,49 @@ jobs:
actor=${{ github.actor }}
sha=${{ github.sha }}
ref=${{ github.ref }}
- name: Build helmfile
uses: docker/build-push-action@v2
with:
builder: ${{ steps.buildx.outputs.name }}
context: ./dockerfiles
file: ./dockerfiles/Dockerfile-helmfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
ghcr.io/${{ github.repository }}-helmfile:latest
ghcr.io/${{ github.repository }}-helmfile:stable
labels: |
action_id=${{ github.action }}
action_link=${{ env.LINK }}
actor=${{ github.actor }}
sha=${{ github.sha }}
ref=${{ github.ref }}
build_containers:
name: Build final images
runs-on: ubuntu-latest
strategy:
matrix:
target_image:
- helmfile
- helmfile-secrets
- argo
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Build argo
- name: Set action link variable
run: echo "LINK=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@master
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
- name: Build ${{ matrix.target_image }}
uses: docker/build-push-action@v2
with:
builder: ${{ steps.buildx.outputs.name }}
context: ./dockerfiles
file: ./dockerfiles/Dockerfile-argo
file: ./dockerfiles/Dockerfile-$${{ matrix.target_image }}
platforms: linux/amd64,linux/arm64
push: true
tags: |
ghcr.io/${{ github.repository }}-argo:latest
ghcr.io/${{ github.repository }}-argo:stable
ghcr.io/${{ github.repository }}-${{ matrix.target_image }}:latest
ghcr.io/${{ github.repository }}-${{ matrix.target_image }}:stable
labels: |
action_id=${{ github.action }}
action_link=${{ env.LINK }}

View File

@ -7,7 +7,8 @@ on:
- "v*.*.*"
jobs:
containerization:
build_base:
name: Prepare the base image
runs-on: ubuntu-latest
steps:
- name: Checkout
@ -49,40 +50,56 @@ jobs:
actor=${{ github.actor }}
sha=${{ github.sha }}
ref=${{ github.ref }}
- name: Build helmfile
uses: docker/build-push-action@v2
with:
build-args: |
BASE_VERSION=${{ env.TAG }}
builder: ${{ steps.buildx.outputs.name }}
context: ./dockerfiles
file: ./dockerfiles/Dockerfile-helmfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
ghcr.io/${{ github.repository }}-helmfile:${{ env.TAG }}
labels: |
action_id=${{ github.action }}
action_link=${{ env.LINK }}
actor=${{ github.actor }}
sha=${{ github.sha }}
ref=${{ github.ref }}
build_containers:
name: Build final images
runs-on: ubuntu-latest
strategy:
matrix:
target_image:
- helmfile
- helmfile-secrets
- argo
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Build argo
- name: Set version variable
run: echo "TAG=${GITHUB_REF##*/}" >> $GITHUB_ENV
- name: Set action link variable
run: echo "LINK=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@master
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
- name: Build ${{ matrix.target_image }}
uses: docker/build-push-action@v2
with:
builder: ${{ steps.buildx.outputs.name }}
build-args: |
BASE_VERSION=${{ env.TAG }}
context: ./dockerfiles
file: ./dockerfiles/Dockerfile-argo
file: ./dockerfiles/Dockerfile-$${{ matrix.target_image }}
platforms: linux/amd64,linux/arm64
push: true
tags: |
ghcr.io/${{ github.repository }}-argo:${{ env.TAG }}
ghcr.io/${{ github.repository }}-${{ matrix.target_image }}:${{ env.TAG }}
ghcr.io/${{ github.repository }}-${{ matrix.target_image }}:${{ env.TAG }}
labels: |
action_id=${{ github.action }}
action_link=${{ env.LINK }}
actor=${{ github.actor }}
sha=${{ github.sha }}
ref=${{ github.ref }}

View File

@ -0,0 +1,24 @@
ARG BASE_VERSION=latest
FROM ghcr.io/allanger/dumb-downloader as builder
RUN apt-get update -y && apt-get install tar -y
ARG HELM_VERSION=v3.10.3
ARG HELMFILE_VERSION=0.151.0
ENV RUST_LOG=info
RUN dudo -l "https://github.com/helmfile/helmfile/releases/download/v{{ version }}/helmfile_{{ version }}_{{ os }}_{{ arch }}.tar.gz" -d /tmp/helmfile.tar.gz -p $HELMFILE_VERSION
RUN dudo -l "https://get.helm.sh/helm-{{ version }}-{{ os }}-{{ arch }}.tar.gz" -d /tmp/helm.tar.gz -p $HELM_VERSION
RUN tar -xf /tmp/helm.tar.gz -C /tmp && rm -f /tmp/helm.tar.gz
RUN tar -xf /tmp/helmfile.tar.gz -C /tmp && rm -f /tmp/helmfile.tar.gz
RUN mkdir /out && for bin in `find /tmp | grep helm`; do cp $bin /out/; done
RUN chmod +x /out/helm
RUN chmod +x /out/helmfile
FROM mozilla/sops:v3.7-alpine as sops
WORKDIR /out
RUN cp $(which sops) /out/sops
FROM ghcr.io/allanger/check-da-helm-base:${BASE_VERSION}
COPY --from=builder /out/ /usr/bin
COPY --from=sops /out/ /usr/bin
RUN apk update --no-cache && apk add --no-cache jq bash age git
RUN helm plugin install https://github.com/jkroepke/helm-secrets --version v4.4.2
ENTRYPOINT ["cdh"]