Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use GoReleaser to build and push container images #100

Open
developer-guy opened this issue Dec 2, 2021 · 6 comments · May be fixed by #101
Open

use GoReleaser to build and push container images #100

developer-guy opened this issue Dec 2, 2021 · 6 comments · May be fixed by #101
Assignees
@developer-guy

Comments

@developer-guy
Copy link

we've (w/@Dentrax) just noticed that this project currently uses GoReleaser to make a new release, and the buildx tool to build and push container images, so, we can use GoReleaser to do the same for container images. By doing so, we can remove an additional step in the GitHub Actions workflow for building/pushing container images, also, we can sign our container images or binaries with cosign too.

Feel free to assign this to us, if you agree with this idea, we would love to work on this 🥳
@developer-guy
Copy link
Author

kindly ping @willnorris

@willnorris
Copy link
Collaborator

interesting... I hadn't realized that goreleaser could build docker images as well.

I have somewhat mixed feelings though, since if I'm reading these docs correctly, it requires changing the Dockerfile in such a way that you can no longer simply docker build the project. For the CI and releasing pipeline, that shouldn't really matter much, but it would certainly be nice if users could build the image themselves using standard tools (like just the docker CLI).

Do you know how other projects have handled that? Do they just accept that building the docker image locally either requires goreleaser, or a separate go build step before running docker build ?

If the primary motivation is signing artifacts, then I'd want to get @mco-gh's opinion as well, since it would likely be him or someone else from Google that would need to maintain key management, etc.

@developer-guy
Copy link
Author

I have somewhat mixed feelings, though, since if I'm reading these docs correctly, it requires changing the Dockerfile in such a way that you can no longer simply docker build the project.

Yes, you are right, but we can create a separate Dockerfile for GoReleaser. There is an option to specify where the Dockerfile is.

 # Path to the Dockerfile (from the project root).
    dockerfile: Dockerfile

Do you know how other projects have handled that?

No, I don't, but we can use additional Dockerfile for GoReleaser use only, as I said above.

since it would likely be him or someone else from Google that would need to maintain key management, etc.

In cosign, you might already know that there is a keyless mode. Also, we've already made similar efforts in projects such as GoReleaser, and ko. However, they're all waiting for cosign v1.4.0 to complete the setup.

@developer-guy
Copy link
Author

I had a conversation with the core maintainer of the GoReleaser project, he told the same thing that I recommend.

cc: @caarlos0

@willnorris
Copy link
Collaborator

Sounds good. I've gone ahead and assigned this to you to start implementing when you're ready.

@developer-guy
Copy link
Author

thank you so much @willnorris, we'll start doing this immediately.

@developer-guy developer-guy linked a pull request Dec 9, 2021 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@developer-guy developer-guy

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: goreleaser release developer-guy/addlicense
2 participants
@willnorris @developer-guy