addlicense icon indicating copy to clipboard operation
addlicense copied to clipboard

Published 20 hours ago verified publisher icon google

use GoReleaser to build and push container images

Open developer-guy opened this issue 2 years ago • 6 comments

we've (w/@dentrax) just noticed that this project currently uses GoReleaser to make a new release, and the buildx tool to build and push container images, so, we can use GoReleaser to do the same for container images. By doing so, we can remove an additional step in the GitHub Actions workflow for building/pushing container images, also, we can sign our container images or binaries with cosign too.

Feel free to assign this to us, if you agree with this idea, we would love to work on this 🥳

developer-guy avatar Dec 02 '21 11:12 developer-guy

kindly ping @willnorris

developer-guy avatar Dec 02 '21 14:12 developer-guy

interesting... I hadn't realized that goreleaser could build docker images as well.

I have somewhat mixed feelings though, since if I'm reading these docs correctly, it requires changing the Dockerfile in such a way that you can no longer simply docker build the project. For the CI and releasing pipeline, that shouldn't really matter much, but it would certainly be nice if users could build the image themselves using standard tools (like just the docker CLI).

Do you know how other projects have handled that? Do they just accept that building the docker image locally either requires goreleaser, or a separate go build step before running docker build ?

If the primary motivation is signing artifacts, then I'd want to get @mco-gh's opinion as well, since it would likely be him or someone else from Google that would need to maintain key management, etc.

willnorris avatar Dec 02 '21 15:12 willnorris

I have somewhat mixed feelings, though, since if I'm reading these docs correctly, it requires changing the Dockerfile in such a way that you can no longer simply docker build the project.

Yes, you are right, but we can create a separate Dockerfile for GoReleaser. There is an option to specify where the Dockerfile is.

 # Path to the Dockerfile (from the project root).
    dockerfile: Dockerfile

Do you know how other projects have handled that?

No, I don't, but we can use additional Dockerfile for GoReleaser use only, as I said above.

since it would likely be him or someone else from Google that would need to maintain key management, etc.

In cosign, you might already know that there is a keyless mode. Also, we've already made similar efforts in projects such as GoReleaser, and ko. However, they're all waiting for cosign v1.4.0 to complete the setup.

  • https://github.com/goreleaser/goreleaser/issues/2713
  • https://github.com/google/ko/issues/491

developer-guy avatar Dec 04 '21 08:12 developer-guy

I had a conversation with the core maintainer of the GoReleaser project, he told the same thing that I recommend.

cc: @caarlos0

developer-guy avatar Dec 04 '21 19:12 developer-guy

Sounds good. I've gone ahead and assigned this to you to start implementing when you're ready.

willnorris avatar Dec 04 '21 19:12 willnorris

thank you so much @willnorris, we'll start doing this immediately.

developer-guy avatar Dec 04 '21 19:12 developer-guy