Update to go 1.19. Update CI helpers. Use artifact registry instead o…

…f quay (#87) * Update to go 1.19. Update CI helpers. Use artifact registry instead of quay * fix docker login * skip signing on snapshot * fix location
FairwindsOps · Mar 16, 2023 · b856a93 · b856a93
1 parent f887eed
commit b856a93
Show file tree

Hide file tree

Showing 3 changed files with 90 additions and 13 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -10,15 +10,15 @@ references:
       name: install hashicorp vault
       command: |
         cd /tmp
-        curl -LO https://releases.hashicorp.com/vault/1.8.1/vault_1.8.1_linux_amd64.zip
-        unzip vault_1.8.1_linux_amd64.zip
+        curl -LO https://releases.hashicorp.com/vault/1.12.4/vault_1.12.4_linux_amd64.zip
+        unzip vault_1.12.4_linux_amd64.zip
         mv vault /usr/bin/vault
         apk --update add yq
 jobs:
   test:
     working_directory: /home/circleci/go/src/github.com/fairwindsops/vault-token-injector
     docker:
-      - image: cimg/go:1.18
+      - image: cimg/go:1.19
     steps:
       - checkout
       - run:
@@ -32,7 +32,7 @@ jobs:
           path: /tmp/test_results
   release:
     docker:
-      - image: goreleaser/goreleaser:v1.9.0
+      - image: goreleaser/goreleaser:v1.16.1
     resource_class: large
     shell: /bin/bash
     steps:
@@ -41,22 +41,25 @@ jobs:
       - rok8s/get_vault_env:
           vault_path: repo/global/env
       - setup_remote_docker
-      - rok8s/docker_login:
-          username: ${FAIRWINDS_QUAY_USER}
-          password-variable: FAIRWINDS_QUAY_TOKEN
+      - run:
+          name: docker login
+          command: |
+            docker login -u _json_key -p "$(echo $GCP_ARTIFACTREADWRITE_JSON_KEY | base64 -d)" us-docker.pkg.dev
+      - run: echo 'export GORELEASER_CURRENT_TAG="${CIRCLE_TAG}"' >> $BASH_ENV
+      - run: goreleaser
       - run:
           name: Goreleaser
           command: |
             goreleaser
   snapshot:
     docker:
-      - image: goreleaser/goreleaser:v1.9.0
+      - image: goreleaser/goreleaser:v1.16.1
     steps:
       - checkout
       - setup_remote_docker
       - run:
           name: Goreleaser Snapshot
-          command: goreleaser --snapshot
+          command: goreleaser --snapshot --skip-sign
       - store_artifacts:
           path: dist
           destination: snapshot

diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -1,6 +1,29 @@
+brews:
+  - name: vault-token-injector
+    goarm: 6
+    tap:
+      owner: FairwindsOps
+      name: homebrew-tap
+    folder: Formula
+    description: Detect deprecated Kubernetes apiVersions
+    test: |
+      system "#{bin}/vault-token-injector version"
+release:
+  prerelease: auto
+  footer: |
+    You can verify the signatures of both the checksums.txt file and the published docker images using [cosign](https://github.com/sigstore/cosign).
+
+    ```
+    cosign verify-blob checksums.txt --signature=checksums.txt.sig  --key https://artifacts.fairwinds.com/cosign.pub
+    ```
+
+    ```
+    cosign verify us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:v1 --key https://artifacts.fairwinds.com/cosign.pub
+    ```
 builds:
   - ldflags:
       - -X main.version={{.Version}} -X main.commit={{.Commit}} -s -w
+    main: main.go
     goarch:
       - amd64
       - arm
@@ -10,11 +33,62 @@ builds:
     goos:
       - linux
       - darwin
+      - windows
     goarm:
       - 6
       - 7
+checksum:
+  name_template: "checksums.txt"
+
+signs:
+- cmd: cosign
+  args: ["sign-blob", "--key=hashivault://cosign", "-output-signature=${signature}", "${artifact}"]
+  artifacts: checksum
+
+docker_signs:
+- artifacts: all
+  args: ["sign", "--key=hashivault://cosign", "${artifact}", "-r"]
+
 dockers:
 - image_templates:
-  - "quay.io/fairwinds/vault-token-injector:{{ .Tag }}"
-  - "quay.io/fairwinds/vault-token-injector:v{{ .Major }}"
-  - "quay.io/fairwinds/vault-token-injector:v{{ .Major }}.{{ .Minor }}"
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:{{ .Tag }}-amd64"
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:v{{ .Major }}-amd64"
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:v{{ .Major }}.{{ .Minor }}-amd64"
+  use: buildx
+  dockerfile: Dockerfile
+  build_flag_templates:
+  - "--platform=linux/amd64"
+- image_templates:
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:{{ .Tag }}-arm64v8"
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:v{{ .Major }}-arm64v8"
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:v{{ .Major }}.{{ .Minor }}-arm64v8"
+  use: buildx
+  goarch: arm64
+  dockerfile: Dockerfile
+  build_flag_templates:
+  - "--platform=linux/arm64/v8"
+- image_templates:
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:{{ .Tag }}-armv7"
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:v{{ .Major }}-armv7"
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:v{{ .Major }}.{{ .Minor }}-armv7"
+  use: buildx
+  goarch: arm64
+  dockerfile: Dockerfile
+  build_flag_templates:
+  - "--platform=linux/arm/v7"
+docker_manifests:
+- name_template: us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:{{ .Tag }}
+  image_templates:
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:{{ .Tag }}-amd64"
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:{{ .Tag }}-arm64v8"
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:{{ .Tag }}-armv7"
+- name_template: us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:v{{ .Major }}
+  image_templates:
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:v{{ .Major }}-amd64"
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:v{{ .Major }}-arm64v8"
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:v{{ .Major }}-armv7"
+- name_template: us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:v{{ .Major }}.{{ .Minor }}
+  image_templates:
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:v{{ .Major }}.{{ .Minor }}-amd64"
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:v{{ .Major }}.{{ .Minor }}-arm64v8"
+  - "us-docker.pkg.dev/fairwinds-ops/oss/vault-token-injector:v{{ .Major }}.{{ .Minor }}-armv7"
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/fairwindsops/vault-token-injector
 
-go 1.18
+go 1.19
 
 require (
 	github.com/hashicorp/go-tfe v1.18.0