chore: Improve tagging of images and applying labels

2024-04-28 21:21:54 -04:00 · 2024-04-28 21:21:54 -04:00 · 83d654d3a2
commit 83d654d3a2
parent 0b5e7599f8
5 changed files with 101 additions and 72 deletions
--- a/.github/workflows/build-pr.yml
+++ b/.github/workflows/build-pr.yml
@ -15,7 +15,7 @@ jobs:
    timeout-minutes: 60
    runs-on: ubuntu-latest
    outputs:
-      export: ${{ steps.build.outputs.export }}
+      push: ${{ steps.build.outputs.push }}

    steps:
      - name: Maximize build space
@ -33,7 +33,7 @@ jobs:
        run: |
          earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
          earthly org s blue-build
-          earthly sat s blue-build-pr
+          earthly sat s pr

      - uses: actions/checkout@v4
        with:
@ -53,10 +53,11 @@ jobs:
        id: build
        run: |
          if [ -n "${{ github.token }}" ]; then
-            earthly --ci --push +build-scripts
-            echo "export=true" >> "$GITHUB_OUTPUT"
+            earthly --ci --push +build
+            echo "push=true" >> "$GITHUB_OUTPUT"
+          else 
+            earthly --ci +build
          fi
-          earthly --ci +build

  integration-tests:
    permissions:
@ -65,7 +66,7 @@ jobs:
    runs-on: ubuntu-latest
    needs:
      - build
-    if: needs.build.outputs.export == 'true'
+    if: needs.build.outputs.push == 'true'

    steps:
      - name: Maximize build space
@ -104,7 +105,7 @@ jobs:
      id-token: write
    needs:
      - build
-    if: needs.build.outputs.export == 'true'
+    if: needs.build.outputs.push == 'true'

    steps:
      - name: Maximize build space
@ -125,7 +126,7 @@ jobs:
        run: |
          earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
          earthly org s blue-build
-          earthly sat s blue-build-pr
+          earthly sat s pr

      - uses: actions/checkout@v4
        with:
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -36,7 +36,7 @@ jobs:
        run: |
          earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
          earthly org s blue-build
-          earthly sat s blue-build-main
+          earthly sat s main

      # Setup repo and add caching
      - uses: actions/checkout@v4
@ -124,7 +124,7 @@ jobs:
        run: |
          earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
          earthly org s blue-build
-          earthly sat s blue-build-main
+          earthly sat s main

      - uses: actions/checkout@v4
        with:
--- a/.github/workflows/tag.yml
+++ b/.github/workflows/tag.yml
@ -28,7 +28,7 @@ jobs:
        run: |
          earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
          earthly org s blue-build
-          earthly sat s blue-build-tag
+          earthly sat s tag

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
@ -42,4 +42,4 @@ jobs:
          LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`)
          CARGO_PACKAGE_VERSION="v$(cargo metadata --format-version 1 | jq -r '.packages[] | select(.name == "blue-build") .version')"
          LATEST=$(test "$CARGO_PACKAGE_VERSION" = "$LATEST_TAG" && echo true || echo false)
-          earthly --push --ci -P +all --TAG=$LATEST_TAG --LATEST=$LATEST
+          earthly --push --ci -P +all --TAGGED="true" --LATEST="$LATEST"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -2,7 +2,7 @@
 members = ["utils", "recipe", "template"]

 [workspace.package]
-description = "A CLI tool built for creating Containerfile templates based on the Ublue Community Project"
+description = "A CLI tool built for creating Containerfile templates for ostree based atomic distros"
 edition = "2021"
 repository = "https://github.com/blue-build/cli"
 license = "Apache-2.0"
--- a/146
+++ b/146
@ -5,6 +5,25 @@ IMPORT github.com/blue-build/earthly-lib/cargo AS cargo

 ARG --global IMAGE=ghcr.io/blue-build/cli

+FROM ghcr.io/blue-build/earthly-lib/cargo-builder
+
+WORKDIR /app
+COPY --keep-ts --dir src/ template/ recipe/ utils/ /app
+COPY --keep-ts Cargo.* /app
+COPY --keep-ts *.md /app
+COPY --keep-ts LICENSE /app
+COPY --keep-ts build.rs /app
+COPY --keep-ts --dir .git/ /app
+RUN touch build.rs
+
+DO cargo+INIT
+
+ARG --global VERSION="$(cargo metadata --format-version 1 | jq -r '.packages[] | select(.name == "blue-build") .version')"
+ARG --global MAJOR_VERSION="$(echo "$VERSION" | cut -d'.' -f1)"
+ARG --global MINOR_VERSION="$(echo "$VERSION" | cut -d'.' -f2)"
+ARG --global PATCH_VERSION="$(echo "$VERSION" | cut -d'.' -f3)"
+ARG --global BUILD_TIME="$(date --rfc-3339=seconds)"
+
 all:
 	BUILD +build
 	BUILD ./integration-tests+all
@ -20,16 +39,12 @@ build:
 	BUILD +installer

 lint:
-	FROM +common
 	DO cargo+LINT

 test:
-	FROM +common
 	DO cargo+TEST

 install:
-	FROM +common
-
 	ARG --required BUILD_TARGET

 	DO cargo+BUILD_RELEASE --BUILD_TARGET=$BUILD_TARGET
@ -45,25 +60,15 @@ build-scripts:
 			chmod +x scripts/${script}
 	END

+	DO --pass-args +LABELS
+
 	ARG EARTHLY_GIT_HASH
 	SAVE IMAGE --push $IMAGE:$EARTHLY_GIT_HASH-build-scripts

-common:
-	FROM ghcr.io/blue-build/earthly-lib/cargo-builder
-
-	WORKDIR /app
-	COPY --keep-ts --dir src/ template/ recipe/ utils/ /app
-	COPY --keep-ts Cargo.* /app
-	COPY --keep-ts *.md /app
-	COPY --keep-ts LICENSE /app
-	COPY --keep-ts build.rs /app
-	COPY --keep-ts --dir .git/ /app
-	RUN touch build.rs
-
-	DO cargo+INIT
-
 blue-build-cli:
-	FROM registry.fedoraproject.org/fedora-toolbox
+	ARG BASE_IMAGE="registry.fedoraproject.org/fedora-toolbox"
+	FROM $BASE_IMAGE
+	LABEL org.opencontainers.image.base.name="$BASE_IMAGE"

 	BUILD +install --BUILD_TARGET="x86_64-unknown-linux-gnu"

@ -80,6 +85,8 @@ blue-build-cli:
 			podman \
 			skopeo

+	LABEL org.opencontainers.image.base.digest="$(skopeo inspect "docker://$BASE_IMAGE" | jq -r '.Digest')"
+
 	COPY +cosign/cosign /usr/bin/cosign

 	COPY (+install/bluebuild --BUILD_TARGET="x86_64-unknown-linux-gnu") /usr/bin/bluebuild
@ -88,26 +95,18 @@ blue-build-cli:
 	WORKDIR /bluebuild
 	ENTRYPOINT ["bluebuild"]

-	ARG TAG
-	ARG LATEST=false
-
-	IF [ -n "$TAG" ]
-		SAVE IMAGE --push $IMAGE:$TAG
-
-		IF [ "$LATEST" = "true" ]
-			SAVE IMAGE --push $IMAGE:latest
-		END
-	ELSE
-		ARG EARTHLY_GIT_BRANCH
-		SAVE IMAGE --push $IMAGE:$EARTHLY_GIT_BRANCH
-	END
+	DO --pass-args +SAVE_IMAGE

 blue-build-cli-alpine:
-	FROM alpine
+	ARG BASE_IMAGE="alpine"
+	FROM $BASE_IMAGE
+	LABEL org.opencontainers.image.base.name="$BASE_IMAGE"

 	BUILD +install --BUILD_TARGET="x86_64-unknown-linux-musl"

-	RUN apk update && apk add buildah podman skopeo fuse-overlayfs
+	RUN apk update && apk add buildah podman skopeo fuse-overlayfs jq
+
+	LABEL org.opencontainers.image.base.digest="$(skopeo inspect "docker://$BASE_IMAGE" | jq -r '.Digest')"

 	COPY +cosign/cosign /usr/bin/cosign
 	COPY (+install/bluebuild --BUILD_TARGET="x86_64-unknown-linux-musl") /usr/bin/bluebuild
@ -116,41 +115,70 @@ blue-build-cli-alpine:
 	WORKDIR /bluebuild
 	ENTRYPOINT ["bluebuild"]

-	ARG TAG
-	IF [ -n "$TAG" ]
-		SAVE IMAGE --push $IMAGE:$TAG-alpine
-
-		ARG LATEST=false
-		IF [ "$LATEST" = "true" ]
-			SAVE IMAGE --push $IMAGE:latest-alpine
-		END
-	ELSE
-		ARG EARTHLY_GIT_BRANCH
-		SAVE IMAGE --push $IMAGE:$EARTHLY_GIT_BRANCH-alpine
-	END
+	DO --pass-args +SAVE_IMAGE --SUFFIX="-alpine"

 installer:
-	FROM alpine
+	ARG BASE_IMAGE="alpine"
+	FROM $BASE_IMAGE
+	LABEL org.opencontainers.image.base.name="$BASE_IMAGE"
+
+	RUN apk update && apk add skopeo jq
+
+	LABEL org.opencontainers.image.base.digest="$(skopeo inspect "docker://$BASE_IMAGE" | jq -r '.Digest')"

 	COPY (+install/bluebuild --BUILD_TARGET="x86_64-unknown-linux-musl") /out/bluebuild
 	COPY install.sh /install.sh

 	CMD ["cat", "/install.sh"]

-	ARG TAG
-	IF [ -n "$TAG" ]
-		SAVE IMAGE --push $IMAGE:$TAG-installer
-
-		ARG LATEST=false
-		IF [ "$LATEST" = "true" ]
-			SAVE IMAGE --push $IMAGE:latest-installer
-		END
-	ELSE
-		ARG EARTHLY_GIT_BRANCH
-		SAVE IMAGE --push $IMAGE:$EARTHLY_GIT_BRANCH-installer
-	END
+	DO --pass-args +SAVE_IMAGE --SUFFIX="-installer"
 	SAVE ARTIFACT /out/bluebuild

 cosign:
 	FROM gcr.io/projectsigstore/cosign
 	SAVE ARTIFACT /ko-app/cosign
+
+SAVE_IMAGE:
+	FUNCTION
+	ARG SUFFIX=""
+	ARG TAGGED="false"
+
+	DO --pass-args +LABELS
+
+	IF [ "$TAGGED" = "true" ]
+		SAVE IMAGE --push "${IMAGE}:v${VERSION}${SUFFIX}"
+
+		ARG LATEST=false
+		IF [ "$LATEST" = "true" ]
+			SAVE IMAGE --push "${IMAGE}:latest${SUFFIX}"
+			SAVE IMAGE --push "${IMAGE}:v${MAJOR_VERSION}.${MINOR_VERSION}${SUFFIX}"
+			SAVE IMAGE --push "${IMAGE}:v${MAJOR_VERSION}${SUFFIX}"
+		END
+	ELSE
+		ARG EARTHLY_GIT_BRANCH
+		SAVE IMAGE --push "${IMAGE}:${EARTHLY_GIT_BRANCH}${SUFFIX}"
+	END
+
+LABELS:
+	FUNCTION
+	LABEL org.opencontainers.image.created="$BUILD_TIME"
+	LABEL org.opencontainers.image.url="https://github.com/blue-build/cli"
+	LABEL org.opencontainers.image.source="https://github.com/blue-build/cli"
+	LABEL org.opencontainers.image.version="$VERSION"
+	LABEL version="$VERSION"
+	LABEL org.opencontainers.image.vendor="BlueBuild"
+	LABEL vendor="BlueBuild"
+	LABEL org.opencontainers.image.licenses="Apache-2.0"
+	LABEL license="Apache-2.0"
+	LABEL org.opencontainers.image.title="BlueBuild CLI tool"
+	LABEL name="blue-build/cli"
+	LABEL org.opencontainers.image.description="A CLI tool built for creating Containerfile templates for ostree based atomic distros"
+	LABEL org.opencontainers.image.documentation="https://raw.githubusercontent.com/blue-build/cli/main/README.md"
+
+	ARG TAGGED="false"
+	IF [ "$TAGGED" = "true" ]
+		ARG EARTHLY_GIT_BRANCH
+		LABEL org.opencontainers.image.ref.name="$EARTHLY_GIT_BRANCH"
+	ELSE
+		LABEL org.opencontainers.image.ref.name="v$VERSION"
+	END