allanger/check-da-helm
Archived
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases 4 Activity

Add an image with helm secrets installed

Browse Source
This commit is contained in:
Nikolai Rodionov 2023-05-04 12:31:31 +02:00
parent 1e8894efcc
commit c7e8a87a36
No known key found for this signature in database
GPG Key ID: 906851F91B1DA3EF
3 changed files with 103 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
.github/workflows/container-stable.yaml vendored
View File

@ -7,7 +7,8 @@ on:
- main - main
jobs: jobs:
containerization: prepare_base:
name: Prepare the base image
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
@ -30,6 +31,7 @@ jobs:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }} password: ${{ secrets.CR_PAT }}
- name: Build base - name: Build base
uses: docker/build-push-action@v2 uses: docker/build-push-action@v2
with: with:
@ -46,35 +48,49 @@ jobs:
actor=${{ github.actor }} actor=${{ github.actor }}
sha=${{ github.sha }} sha=${{ github.sha }}
ref=${{ github.ref }} ref=${{ github.ref }}
- name: Build helmfile
uses: docker/build-push-action@v2 build_containers:
with: name: Build final images
builder: ${{ steps.buildx.outputs.name }} runs-on: ubuntu-latest
context: ./dockerfiles strategy:
file: ./dockerfiles/Dockerfile-helmfile matrix:
platforms: linux/amd64,linux/arm64 target_image:
push: true - helmfile
tags: | - helmfile-secrets
ghcr.io/${{ github.repository }}-helmfile:latest - argo
ghcr.io/${{ github.repository }}-helmfile:stable steps:
labels: | - name: Checkout
action_id=${{ github.action }} uses: actions/checkout@v2
action_link=${{ env.LINK }}
actor=${{ github.actor }}
sha=${{ github.sha }}
ref=${{ github.ref }}
- name: Build argo - name: Set action link variable
run: echo "LINK=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@master
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
- name: Build ${{ matrix.target_image }}
uses: docker/build-push-action@v2 uses: docker/build-push-action@v2
with: with:
builder: ${{ steps.buildx.outputs.name }} builder: ${{ steps.buildx.outputs.name }}
context: ./dockerfiles context: ./dockerfiles
file: ./dockerfiles/Dockerfile-argo file: ./dockerfiles/Dockerfile-$${{ matrix.target_image }}
platforms: linux/amd64,linux/arm64 platforms: linux/amd64,linux/arm64
push: true push: true
tags: | tags: |
ghcr.io/${{ github.repository }}-argo:latest ghcr.io/${{ github.repository }}-${{ matrix.target_image }}:latest
ghcr.io/${{ github.repository }}-argo:stable ghcr.io/${{ github.repository }}-${{ matrix.target_image }}:stable
labels: | labels: |
action_id=${{ github.action }} action_id=${{ github.action }}
action_link=${{ env.LINK }} action_link=${{ env.LINK }}

65
.github/workflows/container-version.yaml vendored
View File

@ -7,7 +7,8 @@ on:
- "v*.*.*" - "v*.*.*"
jobs: jobs:
containerization: build_base:
name: Prepare the base image
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
@ -49,40 +50,56 @@ jobs:
actor=${{ github.actor }} actor=${{ github.actor }}
sha=${{ github.sha }} sha=${{ github.sha }}
ref=${{ github.ref }} ref=${{ github.ref }}
- name: Build helmfile
uses: docker/build-push-action@v2 build_containers:
with: name: Build final images
build-args: | runs-on: ubuntu-latest
BASE_VERSION=${{ env.TAG }} strategy:
builder: ${{ steps.buildx.outputs.name }} matrix:
context: ./dockerfiles target_image:
file: ./dockerfiles/Dockerfile-helmfile - helmfile
platforms: linux/amd64,linux/arm64 - helmfile-secrets
push: true - argo
tags: | steps:
ghcr.io/${{ github.repository }}-helmfile:${{ env.TAG }} - name: Checkout
labels: | uses: actions/checkout@v2
action_id=${{ github.action }}
action_link=${{ env.LINK }}
actor=${{ github.actor }}
sha=${{ github.sha }}
ref=${{ github.ref }}
- name: Build argo - name: Set version variable
run: echo "TAG=${GITHUB_REF##*/}" >> $GITHUB_ENV
- name: Set action link variable
run: echo "LINK=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@master
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
- name: Build ${{ matrix.target_image }}
uses: docker/build-push-action@v2 uses: docker/build-push-action@v2
with: with:
builder: ${{ steps.buildx.outputs.name }} builder: ${{ steps.buildx.outputs.name }}
build-args: |
BASE_VERSION=${{ env.TAG }}
context: ./dockerfiles context: ./dockerfiles
file: ./dockerfiles/Dockerfile-argo file: ./dockerfiles/Dockerfile-$${{ matrix.target_image }}
platforms: linux/amd64,linux/arm64 platforms: linux/amd64,linux/arm64
push: true push: true
tags: | tags: |
ghcr.io/${{ github.repository }}-argo:${{ env.TAG }} ghcr.io/${{ github.repository }}-${{ matrix.target_image }}:${{ env.TAG }}
ghcr.io/${{ github.repository }}-${{ matrix.target_image }}:${{ env.TAG }}
labels: | labels: |
action_id=${{ github.action }} action_id=${{ github.action }}
action_link=${{ env.LINK }} action_link=${{ env.LINK }}
actor=${{ github.actor }} actor=${{ github.actor }}
sha=${{ github.sha }} sha=${{ github.sha }}
ref=${{ github.ref }} ref=${{ github.ref }}

24
dockerfiles/Dockerfile-helmfile-secrets Normal file
View File

@ -0,0 +1,24 @@
ARG BASE_VERSION=latest
FROM ghcr.io/allanger/dumb-downloader as builder
RUN apt-get update -y && apt-get install tar -y
ARG HELM_VERSION=v3.10.3
ARG HELMFILE_VERSION=0.151.0
ENV RUST_LOG=info
RUN dudo -l "https://github.com/helmfile/helmfile/releases/download/v{{ version }}/helmfile_{{ version }}_{{ os }}_{{ arch }}.tar.gz" -d /tmp/helmfile.tar.gz -p $HELMFILE_VERSION
RUN dudo -l "https://get.helm.sh/helm-{{ version }}-{{ os }}-{{ arch }}.tar.gz" -d /tmp/helm.tar.gz -p $HELM_VERSION
RUN tar -xf /tmp/helm.tar.gz -C /tmp && rm -f /tmp/helm.tar.gz
RUN tar -xf /tmp/helmfile.tar.gz -C /tmp && rm -f /tmp/helmfile.tar.gz
RUN mkdir /out && for bin in `find /tmp | grep helm`; do cp $bin /out/; done
RUN chmod +x /out/helm
RUN chmod +x /out/helmfile
FROM mozilla/sops:v3.7-alpine as sops
WORKDIR /out
RUN cp $(which sops) /out/sops
FROM ghcr.io/allanger/check-da-helm-base:${BASE_VERSION}
COPY --from=builder /out/ /usr/bin
COPY --from=sops /out/ /usr/bin
RUN apk update --no-cache && apk add --no-cache jq bash age git
RUN helm plugin install https://github.com/jkroepke/helm-secrets --version v4.4.2
ENTRYPOINT ["cdh"]