From 0d36a48f939c604ab71d783775ac2da66698f0ad Mon Sep 17 00:00:00 2001 From: Patrice Ferlet Date: Sun, 3 Aug 2025 23:29:39 +0200 Subject: [PATCH 1/3] fix(securty): Fix security alert Code scanning alert: we need to specify permissions on this action. --- .github/workflows/go-test.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 19b5a12..5e84e73 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -13,6 +13,8 @@ on: - "releases/**" jobs: tests: + permissions: + contents: read runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 -- 2.49.1 From fb475801b0b7f9625ce234f9a3c5e6df31201226 Mon Sep 17 00:00:00 2001 From: Patrice Ferlet Date: Mon, 4 Aug 2025 16:12:16 +0200 Subject: [PATCH 2/3] feat(oci): Use Buildah And set version the right way... --- .github/workflows/build-oci.yaml | 40 +++++++++++++++++--------------- oci/katenary/Containerfile | 17 +++++++++++--- 2 files changed, 35 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build-oci.yaml b/.github/workflows/build-oci.yaml index bef883e..e478308 100644 --- a/.github/workflows/build-oci.yaml +++ b/.github/workflows/build-oci.yaml @@ -1,9 +1,9 @@ name: Build OCI image on: - release: - types: - - published + push: + tags: + - "**" env: REGISTRY: ghcr.io @@ -12,26 +12,28 @@ env: jobs: build: runs-on: ubuntu-latest + permissions: + packages: write + contents: read steps: - name: Checkout repository uses: actions/checkout@v4 - - name: Log in to the Container registry - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + - name: Build image + id: build-image + uses: redhat-actions/buildah-build@v2 with: + image: ghcr.io/katenary/katenary + tags: latest ${{ github.ref_name }} + containerfiles: | + ./oci/katenary/Containerfile + build-args: | + VERSION=${{ github.ref_name }} + - name: Push image + id: push-to-quay + uses: redhat-actions/push-to-registry@v2 + with: + image: ${{ steps.build-image.outputs.image }} + tags: ${{ steps.build-image.outputs.tags }} registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Build and push - uses: docker/build-push-action@v6 - with: - context: . - file: ./oci/katenary/Containerfile - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - build-args: | - VERSION=${{github.ref_name}} diff --git a/oci/katenary/Containerfile b/oci/katenary/Containerfile index 1ad4387..d570507 100644 --- a/oci/katenary/Containerfile +++ b/oci/katenary/Containerfile @@ -1,15 +1,26 @@ ARG GOVERSION=1.24 FROM docker.io/golang:${GOVERSION} AS builder -ARG VERSION=master +ARG VERSION +RUN \ + if [ "${VERSION}" = "" ]; then\ + echo "You must set VERSION build argument"; \ + exit 1; \ + fi +COPY go.mod go.sum /go/src/github.com/katenary/katenary/ +COPY cmd /go/src/github.com/katenary/katenary/cmd +COPY internal /go/src/github.com/katenary/katenary/internal +WORKDIR /go/src/github.com/katenary/katenary +ENV CGO_ENABLED=0 RUN set -xe; \ - CGO_ENABLED=0 go install -v github.com/katenary/katenary/cmd/katenary@$VERSION; + go build -ldflags="-X 'github.com/katenary/katenary/internal/generator.Version=v${VERSION}'" -trimpath -o katenary ./cmd/katenary + FROM scratch LABEL org.opencontainers.image.source=https://github.com/katenary/katenary LABEL org.opencontainers.image.description="Katenary converts compose files to Helm Chart" LABEL org.opencontainers.image.licenses=MIT -COPY --from=builder /go/bin/katenary /usr/local/bin/katenary +COPY --from=builder /go/src/github.com/katenary/katenary/katenary /usr/local/bin/katenary VOLUME /project WORKDIR /project ENTRYPOINT ["/usr/local/bin/katenary"] -- 2.49.1 From b13e922966b69facf7f96e2531646ab671468027 Mon Sep 17 00:00:00 2001 From: Patrice Ferlet Date: Mon, 4 Aug 2025 16:13:35 +0200 Subject: [PATCH 3/3] feat(package) Version were not correctly set As the code moved in "internal" package, we need to set the version to the new location --- makefiles/build.mk | 6 +++--- makefiles/containers.mk | 7 ++++++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/makefiles/build.mk b/makefiles/build.mk index 21720b4..12c9c26 100644 --- a/makefiles/build.mk +++ b/makefiles/build.mk @@ -1,4 +1,5 @@ ## BUILD +GO_BUILD=go build -ldflags="-X 'github.com/katenary/katenary/internal/generator.Version=$(VERSION)'" -trimpath -o $(OUTPUT) ./cmd/katenary # Simply build the binary for the current OS and architecture build: pull katenary @@ -14,11 +15,10 @@ ifeq ($(GO),local) @echo "=> Build on host using go" $(GO_BUILD) else - @echo "=> Build in container using" $(CTN) - @$(GO_OCI) $(GO_BUILD) + echo "=> Build in container using" $(CTN) + $(GO_OCI) $(GO_BUILD) endif - # Make dist, build executables for all platforms, sign them, and compress them with upx if possible. # Also generate the windows installer. binaries: prepare $(BINARIES) diff --git a/makefiles/containers.mk b/makefiles/containers.mk index 22ee75f..dfe4f34 100644 --- a/makefiles/containers.mk +++ b/makefiles/containers.mk @@ -27,7 +27,6 @@ else $(CTN_USERMAP) \ $(PKG_OCI_IMAGE) endif -GO_BUILD=go build -ldflags="-X 'katenary/generator.Version=$(VERSION)'" -o $(OUTPUT) ./cmd/katenary BUILD_IMAGE=docker.io/golang:$(GOVERSION) GO_OCI:=$(CTN) run --rm -it \ @@ -45,3 +44,9 @@ packager-oci-image: builder-oci-image: @$(CTN) build -t go-builder:$(GOVERSION) ./oci/builder \ --build-arg GOVERSION=$(GOVERSION) 1>/dev/null +katenary-oci: + $(CTN) build -f oci/katenary/Containerfile -t katenary:$(VERSION) \ + --build-arg GOVERSION=$(GOVERSION) \ + --build-arg VERSION=$(VERSION) \ + ./ + $(CTN) tag katenary:$(VERSION) katenary:latest -- 2.49.1