Push Docker manifests and prepare version 1.6.0

goabout · Aug 23, 2022 · 9519cbb · 9519cbb
1 parent 6f5cf43
commit 9519cbb
Show file tree

Hide file tree

Showing 6 changed files with 58 additions and 17 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -40,6 +40,10 @@ jobs:
         run: |
           echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin
 
+      - name: Set up Docker buildx
+        if: success() && startsWith(github.ref, 'refs/tags/')
+        uses: docker/setup-buildx-action@v2
+
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v3
         with:

diff --git a/.goreleaser.Dockerfile b/.goreleaser.Dockerfile
@@ -0,0 +1,10 @@
+# Kustomize will run KRM Function containers as user nobody. Copy /etc/password
+# from an Alpine image to make this possible.
+
+FROM alpine:3 as alpine
+
+FROM scratch
+USER nobody
+COPY --from=alpine /etc/passwd /etc/passwd
+ENTRYPOINT ["/SopsSecretGenerator"]
+COPY SopsSecretGenerator /
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -50,15 +50,35 @@ release:
 dockers:
   - goos: linux
     goarch: amd64
+    dockerfile: .goreleaser.Dockerfile
     image_templates:
-      - "goabout/kustomize-sopssecretgenerator:{{ .Tag }}-amd64"
+      - "goabout/kustomize-sopssecretgenerator:latest-amd64"
       - "goabout/kustomize-sopssecretgenerator:v{{ .Major }}-amd64"
       - "goabout/kustomize-sopssecretgenerator:v{{ .Major }}.{{ .Minor }}-amd64"
-      - "goabout/kustomize-sopssecretgenerator:latest-amd64"
+      - "goabout/kustomize-sopssecretgenerator:v{{ .Major }}.{{ .Minor }}.{{ .Patch }}-amd64"
   - goos: linux
     goarch: arm64
+    dockerfile: .goreleaser.Dockerfile
     image_templates:
-      - "goabout/kustomize-sopssecretgenerator:{{ .Tag }}-arm64"
+      - "goabout/kustomize-sopssecretgenerator:latest-arm64"
       - "goabout/kustomize-sopssecretgenerator:v{{ .Major }}-arm64"
       - "goabout/kustomize-sopssecretgenerator:v{{ .Major }}.{{ .Minor }}-arm64"
-      - "goabout/kustomize-sopssecretgenerator:latest-arm64"
+      - "goabout/kustomize-sopssecretgenerator:v{{ .Major }}.{{ .Minor }}.{{ .Patch }}-arm64"
+
+docker_manifests:
+  - name_template: goabout/kustomize-sopssecretgenerator:latest
+    image_templates:
+      - goabout/kustomize-sopssecretgenerator:latest-amd64
+      - goabout/kustomize-sopssecretgenerator:latest-arm64
+  - name_template: goabout/kustomize-sopssecretgenerator:{{ .Major }}
+    image_templates:
+      - goabout/kustomize-sopssecretgenerator:{{ .Major }}-amd64
+      - goabout/kustomize-sopssecretgenerator:{{ .Major }}-arm64
+  - name_template: goabout/kustomize-sopssecretgenerator:{{ .Major }}.{{ .Minor }}
+    image_templates:
+      - goabout/kustomize-sopssecretgenerator:{{ .Major }}.{{ .Minor }}-amd64
+      - goabout/kustomize-sopssecretgenerator:{{ .Major }}.{{ .Minor }}-arm64
+  - name_template: goabout/kustomize-sopssecretgenerator:{{ .Major }}.{{ .Minor }}.{{ .Patch }}
+    image_templates:
+      - goabout/kustomize-sopssecretgenerator:{{ .Major }}.{{ .Minor }}.{{ .Patch }}-amd64
+      - goabout/kustomize-sopssecretgenerator:{{ .Major }}.{{ .Minor }}.{{ .Patch }}-arm64
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## Version 1.6.0
+
+* Build Docker images.
+
 ## Version 1.5.1
 
 * Fix empty output when used as a KRM Function. ([Jim Ramsay](https://github.com/lack))

diff --git a/README.md b/README.md
@@ -22,15 +22,11 @@ Credit goes to [Seth Pollack](https://github.com/sethpollack) for the [Kustomize
 
 ## Installation
 
-Download the `SopsSecretGenerator` binary for your platform from the
-[GitHub releases page](https://github.com/goabout/kustomize-sopssecretgenerator/releases) and
-move it to `$XDG_CONFIG_HOME/kustomize/plugin/goabout.com/v1beta1/sopssecretgenerator`. (By default,
-`$XDG_CONFIG_HOME` points to `$HOME/.config` on Linux and OS X, and `%LOCALAPPDATA%` on Windows.)
-
-For example, to install version 1.5.1 on Linux:
+Download the `SopsSecretGenerator` binary for your platform from the [GitHub releases page](https://github.com/goabout/kustomize-sopssecretgenerator/releases) and make it executable.
 
+For example, to install version 1.6.0 on Linux:
 ```bash
-VERSION=1.5.1 PLATFORM=linux ARCH=amd64
+VERSION=1.6.0 PLATFORM=linux ARCH=amd64
 curl -Lo SopsSecretGenerator "https://github.com/goabout/kustomize-sopssecretgenerator/releases/download/v${VERSION}/SopsSecretGenerator_${VERSION}_${PLATFORM}_${ARCH}"
 chmod +x SopsSecretGenerator
 ```
@@ -49,7 +45,10 @@ echo secret >secret-file.txt
 sops -e -i secret-file.txt
 ```
 
-### kustomize KRM exec plugin
+
+### Exec KRM Function
+
+Although the generator is available as a Docker image, it often needs to access to local resources such as the filesystem or a PGP socket. This example calls the binary directly.
 
 Add a generator to your kustomization:
 ```bash
@@ -65,7 +64,7 @@ metadata:
   annotations:
    config.kubernetes.io/function: |
       exec:
-        path: SopsSecretGenerator
+        path: ./SopsSecretGenerator
   name: my-secret
 envs:
   - secret-vars.env
@@ -74,10 +73,12 @@ files:
 .
 ```
 
+(Change the path to the `SopsSecretGenerator` binary to suit your installation. Kustomize will use the binary search path, `$PATH`, if you use a bare command.)
+
 Run `kustomize build` with the `--enable-alpha-plugins` and `--enable-exec` flags:
 
 ```bash
-kustomize build --enable-alpha-plugins
+kustomize build --enable-alpha-plugins --enable-exec
 ```
 
 The output is a Kubernetes secret containing the decrypted data:
@@ -91,9 +92,10 @@ metadata:
   name: my-secret-6d2fchb89d
 ```
 
-### Legacy plugin
 
-First, install the plugin to `$XDG_CONFIG_HOME`:
+### Legacy Plugin
+
+First, install the plugin to `$XDG_CONFIG_HOME`: (By default, `$XDG_CONFIG_HOME` points to `$HOME/.config` on Linux and OS X, and `%LOCALAPPDATA%` on Windows.)
 ```bash
 mkdir -p "${XDG_CONFIG_HOME:-$HOME/.config}/kustomize/plugin/goabout.com/v1beta1/sopssecretgenerator"
 mv SopsSecretGenerator "${XDG_CONFIG_HOME:-$HOME/.config}/kustomize/plugin/goabout.com/v1beta1/sopssecretgenerator"
@@ -118,6 +120,7 @@ files:
 .
 ```
 
+
 ### Generator Options
 
 Like SecretGenerator, SopsSecretGenerator supports the [generatorOptions](https://kubernetes-sigs.github.io/kustomize/api-reference/kustomization/generatoroptions/) fields. Additionally, labels and annotations are copied over to the Secret. Data key-values ("envs") can be read from dotenv, INI, YAML and JSON files. If the data is a file and the Secret data key needs to be different from the filename, you can specify the key by adding `desiredKey=filename` instead of just the filename.

diff --git a/docs/argocd.md b/docs/argocd.md
@@ -30,7 +30,7 @@ Use a kustomize [patchStrategicMerge](https://github.com/kubernetes-sigs/kustomi
                   name: custom-tools
               env:
                 - name: VERSION
-                  value: 1.5.1
+                  value: 1.6.0
                 - name: PLATFORM
                   value: linux
                 - name: ARCH