Merge pull request #591 from ericchiang/dev-container-pipeline
dev branch: prepare build scripts for a release
This commit is contained in:
commit
84143ac69f
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,2 +1,3 @@
|
|||||||
bin
|
bin
|
||||||
dist
|
dist
|
||||||
|
_output
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
language: go
|
language: go
|
||||||
|
|
||||||
go:
|
go:
|
||||||
- 1.7
|
- 1.7.1
|
||||||
|
|
||||||
services:
|
services:
|
||||||
- postgresql
|
- postgresql
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
FROM alpine:latest
|
FROM alpine:3.4
|
||||||
|
|
||||||
MAINTAINER Eric Chiang <eric.chiang@coreos.com>
|
MAINTAINER Eric Chiang <eric.chiang@coreos.com>
|
||||||
|
|
||||||
RUN apk add --update ca-certificates
|
RUN apk add --update ca-certificates
|
||||||
|
|
||||||
COPY bin/dex /dex
|
COPY _output/bin/dex /usr/local/bin/dex
|
||||||
|
|
||||||
ENTRYPOINT ["/dex"]
|
ENTRYPOINT ["/usr/local/bin/dex"]
|
||||||
|
|
||||||
CMD ["version"]
|
CMD ["version"]
|
||||||
|
80
Documentation/dev-releases.md
Normal file
80
Documentation/dev-releases.md
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
# Releases
|
||||||
|
|
||||||
|
Making a dex release involves:
|
||||||
|
|
||||||
|
* Tagging a git commit and pushing the tag to GitHub.
|
||||||
|
* Building and pushing a Docker image.
|
||||||
|
* Building, signing, and hosting an ACI.
|
||||||
|
|
||||||
|
This requires the following tools.
|
||||||
|
|
||||||
|
* rkt
|
||||||
|
* Docker
|
||||||
|
* [docker2aci](https://github.com/appc/docker2aci)
|
||||||
|
* [acbuild](https://github.com/containers/build) (must be in your sudo user's PATH)
|
||||||
|
|
||||||
|
And the following permissions.
|
||||||
|
|
||||||
|
* Push access to the github.com/coreos/dex git repo.
|
||||||
|
* Push access to the quay.io/coreos/dex Docker repo.
|
||||||
|
* Access to the CoreOS application signing key.
|
||||||
|
|
||||||
|
## Tagging the release
|
||||||
|
|
||||||
|
Make sure you've [uploaded your GPG key](https://github.com/settings/keys) and
|
||||||
|
configured git to [use that signing key](
|
||||||
|
https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work) either globally or
|
||||||
|
for the Dex repo. Note that the email the key is issued for must be the email
|
||||||
|
you use for git.
|
||||||
|
|
||||||
|
```
|
||||||
|
git config [--global] user.signingkey "{{ GPG key ID }}"
|
||||||
|
git config [--global] user.email "{{ Email associated with key }}"
|
||||||
|
```
|
||||||
|
|
||||||
|
Create a signed tag at the commit you wish to release. This action will prompt
|
||||||
|
you to enter a tag message, which can just be the release version.
|
||||||
|
|
||||||
|
```
|
||||||
|
git tag -s v2.1.0-alpha ea4c04fde83bd6c48f4d43862c406deb4ea9dba2
|
||||||
|
```
|
||||||
|
|
||||||
|
Push that tag to the CoreOS repo.
|
||||||
|
|
||||||
|
```
|
||||||
|
git push git@github.com:coreos/dex.git v2.1.0-alpha
|
||||||
|
```
|
||||||
|
|
||||||
|
Draft releases on GitHub and summarize the changes since the last release. See
|
||||||
|
previous releases for the expected format.
|
||||||
|
|
||||||
|
https://github.com/coreos/dex/releases
|
||||||
|
|
||||||
|
## Building the Docker image
|
||||||
|
|
||||||
|
Build the Docker image and push to Quay.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# checkout the tag
|
||||||
|
git checkout tags/v2.1.0-alpha
|
||||||
|
# rkt doesn't play nice with SELinux, see https://github.com/coreos/rkt/issues/1727
|
||||||
|
sudo setenforce Permissive
|
||||||
|
# will prompt for sudo password
|
||||||
|
make docker-image
|
||||||
|
sudo docker push quay.io/coreos/dex:v2.1.0-alpha
|
||||||
|
```
|
||||||
|
|
||||||
|
## Building the ACI
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# checkout the tag
|
||||||
|
git checkout tags/v2.1.0-alpha
|
||||||
|
# rkt doesn't play nice with SELinux, see https://github.com/coreos/rkt/issues/1727
|
||||||
|
sudo setenforce Permissive
|
||||||
|
# will prompt for sudo password
|
||||||
|
make aci
|
||||||
|
# aci will be built at _output/image/dex.aci
|
||||||
|
```
|
||||||
|
|
||||||
|
Sign the ACI using the CoreOS application signing key. Upload the ACI and
|
||||||
|
signature to the GitHub release.
|
39
Makefile
39
Makefile
@ -5,10 +5,15 @@ export PATH := $(PWD)/bin:$(PATH)
|
|||||||
|
|
||||||
VERSION=$(shell ./scripts/git-version)
|
VERSION=$(shell ./scripts/git-version)
|
||||||
|
|
||||||
DOCKER_REPO=quay.io/ericchiang/dex
|
DOCKER_REPO=quay.io/coreos/dex
|
||||||
DOCKER_IMAGE=$(DOCKER_REPO):$(VERSION)
|
DOCKER_IMAGE=$(DOCKER_REPO):$(VERSION)
|
||||||
|
|
||||||
$( shell mkdir -p bin )
|
$( shell mkdir -p bin )
|
||||||
|
$( shell mkdir -p _output/images )
|
||||||
|
$( shell mkdir -p _output/bin )
|
||||||
|
|
||||||
|
user=$(shell id -u -n)
|
||||||
|
group=$(shell id -g -n)
|
||||||
|
|
||||||
export GOBIN=$(PWD)/bin
|
export GOBIN=$(PWD)/bin
|
||||||
# Prefer ./bin instead of system packages for things like protoc, where we want
|
# Prefer ./bin instead of system packages for things like protoc, where we want
|
||||||
@ -51,15 +56,28 @@ lint:
|
|||||||
server/templates_default.go: $(wildcard web/templates/**)
|
server/templates_default.go: $(wildcard web/templates/**)
|
||||||
@go run server/templates_default_gen.go
|
@go run server/templates_default_gen.go
|
||||||
|
|
||||||
.PHONY: docker-build
|
_output/bin/dex:
|
||||||
docker-build: bin/dex
|
# Using rkt to build the dex binary.
|
||||||
@docker build -t $(DOCKER_IMAGE) .
|
@./scripts/rkt-build
|
||||||
|
@sudo chown $(user):$(group) _output/bin/dex
|
||||||
|
|
||||||
.PHONY: docker-push
|
_output/images/library-alpine-3.4.aci:
|
||||||
docker-push: docker-build
|
@mkdir -p _output/images
|
||||||
@docker tag $(DOCKER_IMAGE) $(DOCKER_REPO):latest
|
# Using docker2aci to get a base ACI to build from.
|
||||||
@docker push $(DOCKER_IMAGE)
|
@docker2aci docker://alpine:3.4
|
||||||
@docker push $(DOCKER_REPO):latest
|
@mv library-alpine-3.4.aci _output/images/library-alpine-3.4.aci
|
||||||
|
|
||||||
|
_output/images/dex.aci: _output/bin/dex _output/images/library-alpine-3.4.aci
|
||||||
|
# Using acbuild to build a application container image.
|
||||||
|
@sudo ./scripts/build-aci ./_output/images/library-alpine-3.4.aci
|
||||||
|
@sudo chown $(user):$(group) _output/images/dex.aci
|
||||||
|
|
||||||
|
.PHONY: aci
|
||||||
|
aci: _output/images/dex.aci
|
||||||
|
|
||||||
|
.PHONY: docker-image
|
||||||
|
docker-image: _output/bin/dex
|
||||||
|
@docker build -t $(DOCKER_IMAGE) .
|
||||||
|
|
||||||
.PHONY: grpc
|
.PHONY: grpc
|
||||||
grpc: api/api.pb.go
|
grpc: api/api.pb.go
|
||||||
@ -74,7 +92,8 @@ bin/protoc-gen-go:
|
|||||||
@go install -v $(REPO_PATH)/vendor/github.com/golang/protobuf/protoc-gen-go
|
@go install -v $(REPO_PATH)/vendor/github.com/golang/protobuf/protoc-gen-go
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
@rm bin/*
|
@rm -rf bin/
|
||||||
|
@rm -rf _output/
|
||||||
|
|
||||||
testall: testrace vet fmt lint
|
testall: testrace vet fmt lint
|
||||||
|
|
||||||
|
30
scripts/build-aci
Executable file
30
scripts/build-aci
Executable file
@ -0,0 +1,30 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if [ "$EUID" -ne 0 ]; then
|
||||||
|
echo "This script uses functionality which requires root privileges"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Start the build with an empty ACI
|
||||||
|
acbuild --debug begin $1
|
||||||
|
|
||||||
|
# In the event of the script exiting, end the build
|
||||||
|
trap "{ export EXT=$?; sudo acbuild --debug end && exit $EXT; }" EXIT
|
||||||
|
|
||||||
|
# Name the ACI
|
||||||
|
acbuild --debug set-name coreos.com/dex
|
||||||
|
|
||||||
|
# Add a version label
|
||||||
|
acbuild --debug label add version $( ./scripts/git-version )
|
||||||
|
|
||||||
|
acbuild --debug run -- apk add --update ca-certificates
|
||||||
|
|
||||||
|
acbuild --debug copy _output/bin/dex /usr/local/bin/dex
|
||||||
|
|
||||||
|
acbuild --debug port add www tcp 5556
|
||||||
|
acbuild --debug port add grcp tpc 5557
|
||||||
|
|
||||||
|
acbuild --debug set-exec -- /usr/local/bin/dex
|
||||||
|
acbuild --debug write --overwrite _output/images/dex.aci
|
13
scripts/rkt-build
Executable file
13
scripts/rkt-build
Executable file
@ -0,0 +1,13 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
mkdir -p _output/bin
|
||||||
|
|
||||||
|
sudo rkt run \
|
||||||
|
--volume dex,kind=host,source=$PWD \
|
||||||
|
--mount volume=dex,target=/go/src/github.com/coreos/dex \
|
||||||
|
--dns=8.8.8.8 \
|
||||||
|
--net=host \
|
||||||
|
--insecure-options=image \
|
||||||
|
docker://golang:1.7.1-alpine \
|
||||||
|
--exec=/bin/sh -- -x -c \
|
||||||
|
'apk add --no-cache --update alpine-sdk && go install -v github.com/coreos/dex/cmd/dex && cp /go/bin/dex /go/src/github.com/coreos/dex/_output/bin'
|
Reference in New Issue
Block a user