msb-public
/
helm
mirror of https://github.com/helm/helm
1
0
Code Issues Projects Releases Wiki Activity

feat: Build Docker images

Browse Source 
* Use goreleaser to build and push Docker images
* Platforms: linux/amd64 and arm64
* Single-platform images: latest, major, minor, patch
* Multi-platform images: latest, major, minor, patch
* CI-friendly: COPY --from=helm/helm --chown=1000:1000 --chmod=0555 /bin/helm /usr/local/bin/
* Security-friendly: Distroless, rootless, read-only
* Requires 2 new secrets: DOCKERHUB_USERNAME and DOCKERHUB_TOKEN

Signed-off-by: Rene Leonhardt <65483435+reneleonhardt@users.noreply.github.com>
pull/12560/head
Rene Leonhardt 2 years ago
parent 8219565249
commit 4718bbccb4
No known key found for this signature in database
GPG Key ID: F3648D7E366BF1B4
7 changed files with 158 additions and 0 deletions
Show Stats Download Patch File Download Diff File

30
.dockerignore
Unescape View File

@ -0,0 +1,30 @@
# .gitignore
*.exe
*.swp
.DS_Store
.coverage/
.idea/
.vimrc
.vscode/
_dist/
bin/
vendor/
# Ignores charts pulled for dependency build tests
cmd/helm/testdata/testcharts/issue-7233/charts/*
# .dockerignore
.git/
.circleci/
.github/
scripts/
testdata/
dist/
.dockerignore
.gitignore
.goreleaser.yaml
*.md
KEYS
LICENSE
OWNERS
Dockerfile
Makefile

11
.github/workflows/release.yml vendored
Unescape View File

@ -51,6 +51,17 @@ jobs:
connection_string: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING }} connection_string: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING }}
extra_args: '--pattern helm-*' extra_args: '--pattern helm-*'
- name: Login to Docker Hub
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # pin@3.0.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build Docker images
uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # pin@5.0.0
with:
args: release --clean
canary-release: canary-release:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main' if: github.ref == 'refs/heads/main'

1
.gitignore vendored
Unescape View File

@ -6,6 +6,7 @@
.vimrc .vimrc
.vscode/ .vscode/
_dist/ _dist/
dist/
bin/ bin/
vendor/ vendor/
# Ignores charts pulled for dependency build tests # Ignores charts pulled for dependency build tests

79
.goreleaser.yaml
Unescape View File

@ -0,0 +1,79 @@
archives: # goreleaser should only build Docker images
- format: binary # https://goreleaser.com/customization/archive/#disable-archiving
builds:
- env:
- CGO_ENABLED=0
- GOFLAGS=-trimpath
- GO111MODULE=on
binary: helm
main: ./cmd/helm
ldflags:
- -s -w -X main.build={{.Version}} -extldflags "-static"
goos:
- linux
goarch:
- amd64
- arm64
dockers:
- image_templates:
- "helm/helm:{{ .Version }}-amd64"
- "helm/helm:{{ .Major }}.{{ .Minor }}-amd64"
- "helm/helm:{{ .Major }}-amd64"
- "helm/helm:latest-amd64"
use: buildx
skip_push: false
build_flag_templates:
- "--platform=linux/amd64"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.description=The Kubernetes Package Manager"
- "--label=org.opencontainers.image.licenses=Apache-2.0"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.title={{.ProjectName}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--build-arg=BUILDKIT_MULTI_PLATFORM=1"
- image_templates:
- "helm/helm:{{ .Version }}-arm64"
- "helm/helm:{{ .Major }}.{{ .Minor }}-arm64"
- "helm/helm:{{ .Major }}-arm64"
- "helm/helm:latest-arm64"
use: buildx
skip_push: false
goarch: arm64
build_flag_templates:
- "--platform=linux/arm64/v8"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.description=The Kubernetes Package Manager"
- "--label=org.opencontainers.image.licenses=Apache-2.0"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.title={{.ProjectName}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--build-arg=BUILDKIT_MULTI_PLATFORM=1"
docker_manifests:
- id: patch
name_template: "helm/helm:{{ .Version }}"
image_templates:
- "helm/helm:{{ .Version }}-amd64"
- "helm/helm:{{ .Version }}-arm64"
skip_push: false
use: docker
- id: minor
name_template: "helm/helm:{{ .Major }}.{{ .Minor }}"
image_templates:
- "helm/helm:{{ .Version }}-amd64"
- "helm/helm:{{ .Version }}-arm64"
skip_push: false
use: docker
- id: major
name_template: "helm/helm:{{ .Major }}"
image_templates:
- "helm/helm:{{ .Version }}-amd64"
- "helm/helm:{{ .Version }}-arm64"
skip_push: false
use: docker
- id: latest
name_template: "helm/helm:latest"
image_templates:
- "helm/helm:{{ .Version }}-amd64"
- "helm/helm:{{ .Version }}-arm64"
skip_push: false
use: docker

17
Dockerfile
Unescape View File

@ -0,0 +1,17 @@
FROM alpine:3.18.4 AS base
RUN addgroup -g 1000 -S helm && adduser -u 1000 -S helm -G helm
#NOSONAR docker:S6596 Sonar bug: virtual scratch image doesn't have any tags, not even :latest
# And Sonar doesn't process "trailing" comments in multi-stage Dockerfiles or parser directives like "# syntax=docker/dockerfile:1":
# https://docs.sonarsource.com/sonarcloud/advanced-setup/languages/docker/#no-nosonar-support
FROM scratch
COPY --chmod=0444 --from=base /etc/passwd /etc/group /etc/
COPY --chmod=0555 --chown=1000:1000 helm /bin/helm
USER helm
WORKDIR /in
WORKDIR /out
ENTRYPOINT ["/bin/helm"]

6
Makefile
Unescape View File

@ -26,6 +26,8 @@ LDFLAGS := -w -s
GOFLAGS := GOFLAGS :=
CGO_ENABLED ?= 0 CGO_ENABLED ?= 0
GORELEASER_FLAGS ?= --clean
# Rebuild the binary if any of these files change # Rebuild the binary if any of these files change
SRC := $(shell find . -type f -name '*.go' -print) go.mod go.sum SRC := $(shell find . -type f -name '*.go' -print) go.mod go.sum
@ -178,6 +180,10 @@ dist:
$(DIST_DIRS) zip -r helm-${VERSION}-{}.zip {} \; \ $(DIST_DIRS) zip -r helm-${VERSION}-{}.zip {} \; \
) )
.PHONY: goreleaser
goreleaser:
goreleaser release $(GORELEASER_FLAGS)
.PHONY: fetch-dist .PHONY: fetch-dist
fetch-dist: fetch-dist:
mkdir -p _dist mkdir -p _dist

14
README.md
Unescape View File

@ -46,6 +46,20 @@ To rapidly get Helm up and running, start with the [Quick Start Guide](https://h
See the [installation guide](https://helm.sh/docs/intro/install/) for more options, See the [installation guide](https://helm.sh/docs/intro/install/) for more options,
including installing pre-releases. including installing pre-releases.
## Docker
Package subdirectory mychart:
```shell
docker run --rm -v $PWD:/out helm/helm package mychart
```
Package /tmp/mychart (outside of working directory):
```shell
docker run --rm -v /tmp:/in -v $PWD:/out helm/helm package /in/mychart
```
Integrate helm binary into own Dockerfile for CI workflow:
```dockerfile
COPY --from=helm/helm --chown=1000:1000 --chmod=0555 /bin/helm /usr/local/bin/
```
## Docs ## Docs
Get started with the [Quick Start guide](https://helm.sh/docs/intro/quickstart/) or plunge into the [complete documentation](https://helm.sh/docs) Get started with the [Quick Start guide](https://helm.sh/docs/intro/quickstart/) or plunge into the [complete documentation](https://helm.sh/docs)

Write Preview
Loading…
Cancel
Save