diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml new file mode 100644 index 0000000..95fad2f --- /dev/null +++ b/.github/workflows/goreleaser.yaml @@ -0,0 +1,41 @@ +name: goreleaser + +on: + push: + tags: + - v\d+\.\d+\.\d+ + +permissions: + contents: write + packages: write + +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Setup BuildX + uses: docker/setup-buildx-action@v3 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: stable + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v6 + with: + distribution: goreleaser + version: "~> v2" + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml new file mode 100644 index 0000000..35847ba --- /dev/null +++ b/.github/workflows/helm.yaml @@ -0,0 +1,55 @@ +name: Release Charts + +on: + push: + tags: + - v\d+\.\d+\.\d+ + +permissions: + contents: write + packages: write + +jobs: + oci-release: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: stable + - name: Set up Helm + uses: azure/setup-helm@v3 + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Setup oras + uses: oras-project/setup-oras@v1 + - name: Package Helm Chart + id: helm-packages + run: | + + helm package ./helm/chart --version $GITHUB_REF_NAME --app-version $GITHUB_REF_NAME + tar zxvf cert-manager-webhook-linode-$GITHUB_REF_NAME.tgz cert-manager-webhook-linode/Chart.yaml + - name: Publish OCI Artifact + id: oras-push + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + go install github.com/itchyny/gojq/cmd/gojq@latest + cat cert-manager-webhook-linode/Chart.yaml | gojq --yaml-input > config.json + oras push ghcr.io/$GITHUB_REPOSITORY/charts/webhook:$GITHUB_REF_NAME \ + --annotation org.opencontainers.image.created=$(date +"%FT%T%:z") \ + --annotation org.opencontainers.image.description="A Helm chart for cert-manager-webhook-linode" \ + --annotation org.opencontainers.image.title=cert-manager-webhook-linode \ + --annotation org.opencontainers.image.version=$GITHUB_REF_NAME \ + --annotation org.opencontainers.image.source=https://github.com/$GITHUB_REPOSITORY \ + --config config.json:application/vnd.cncf.helm.config.v1+json \ + cert-manager-webhook-linode-$GITHUB_REF_NAME.tgz:application/vnd.cncf.helm.chart.content.v1.tar+gzip + oras tag ghcr.io/$GITHUB_REPOSITORY/charts/webhook:$GITHUB_REF_NAME latest diff --git a/.gitignore b/.gitignore index b1a6ecb..0bd0a9b 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,5 @@ # Ignore the built binary ./cert-manager-webhook-linode +# Added by goreleaser init: +dist/ diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000..3bcd949 --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,102 @@ +# This is an example .goreleaser.yml file with some sensible defaults. +# Make sure to check the documentation at https://goreleaser.com + +# The lines below are called `modelines`. See `:help modeline` +# Feel free to remove those if you don't want/need to use them. +# yaml-language-server: $schema=https://goreleaser.com/static/schema.json +# vim: set ts=2 sw=2 tw=0 fo=cnqoj + +version: 2 + +before: + hooks: + # You may remove this if you don't use go modules. + - go mod tidy + # you may remove this if you don't need go generate + - go generate ./... + +builds: +- env: + - CGO_ENABLED=0 + goos: + - linux + goarch: + - amd64 + - arm64 + main: ./main.go + binary: webhook + +dockers: +- use: buildx + goos: linux + goarch: amd64 + build_flag_templates: + - --label=org.opencontainers.image.source={{.Env.GITHUB_SERVER_URL}}/{{.Env.GITHUB_REPOSITORY}} + - --platform=linux/amd64 + image_templates: + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:amd64 + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}-amd64 + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}.{{.Minor}}-amd64 + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:{{.Tag}}-amd64 +- use: buildx + goos: linux + goarch: arm64 + build_flag_templates: + - --label=org.opencontainers.image.source={{.Env.GITHUB_SERVER_URL}}/{{.Env.GITHUB_REPOSITORY}} + - --platform=linux/arm64 + image_templates: + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:arm64 + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}-arm64 + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}.{{.Minor}}-arm64 + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:{{.Tag}}-arm64 + +docker_manifests: +- use: docker + name_template: ghcr.io/{{.Env.GITHUB_REPOSITORY}}:latest + image_templates: + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:arm64 + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:amd64 +- use: docker + name_template: ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{ .Major }} + image_templates: + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}-arm64 + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}-amd64 +- use: docker + name_template: ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{ .Major }}.{{.Minor}} + image_templates: + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}.{{.Minor}}-arm64 + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}.{{.Minor}}-amd64 +- use: docker + name_template: ghcr.io/{{.Env.GITHUB_REPOSITORY}}:{{ .Tag }} + image_templates: + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:{{.Tag}}-arm64 + - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:{{.Tag}}-amd64 + +archives: +- formats: [tar.gz] + # this name template makes the OS and Arch compatible with the results of `uname`. + name_template: >- + {{ .ProjectName }}_ + {{- title .Os }}_ + {{- if eq .Arch "amd64" }}x86_64 + {{- else if eq .Arch "386" }}i386 + {{- else }}{{ .Arch }}{{ end }} + {{- if .Arm }}v{{ .Arm }}{{ end }} + # use zip for windows archives + format_overrides: + - goos: windows + formats: [zip] + +changelog: + sort: asc + filters: + exclude: + - "^docs:" + - "^test:" + +release: + footer: >- + + --- + + Released by [GoReleaser](https://github.com/goreleaser/goreleaser). diff --git a/Dockerfile b/Dockerfile index c92f9fb..82876bb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1,9 @@ -FROM golang:1.22-alpine3.19 AS build_deps - -RUN apk add --no-cache git - -WORKDIR /workspace - -COPY go.mod . -COPY go.sum . - -RUN go mod download - -FROM build_deps AS build - -COPY . . - -RUN CGO_ENABLED=0 go build -o webhook -ldflags '-w -extldflags "-static"' . - FROM alpine:3.18 +LABEL org.opencontainers.image.source=http://github.com/nalum/cert-manager-webhook-linode + RUN apk add --no-cache ca-certificates -COPY --from=build /workspace/webhook /usr/local/bin/webhook +COPY webhook /webhook -ENTRYPOINT ["webhook"] +ENTRYPOINT ["/webhook"] diff --git a/README.md b/README.md index 307fe6e..bd5e055 100644 --- a/README.md +++ b/README.md @@ -4,16 +4,17 @@ [![Releases](https://img.shields.io/github/v/release/slicen/cert-manager-webhook-linode?include_prereleases)](https://github.com/slicen/cert-manager-webhook-linode/releases) [![LICENSE](https://img.shields.io/github/license/slicen/cert-manager-webhook-linode)](https://github.com/slicen/cert-manager-webhook-linode/blob/master/LICENSE) -A webhook to use [Linode DNS -Manager](https://www.linode.com/docs/platform/manager/dns-manager) as a DNS01 +A webhook to use [Linode DNS Manager](https://www.linode.com/docs/platform/manager/dns-manager) as a DNS01 ACME Issuer for [cert-manager](https://github.com/jetstack/cert-manager). ## Installation ```bash helm install cert-manager-webhook-linode \ + oci://ghcr.io/linode/cert-manager-webhook-linode/charts/webhook \ --namespace cert-manager \ - https://github.com/linode/cert-manager-webhook-linode/releases/download/v0.3.0/cert-manager-webhook-linode-v0.3.0.tgz + --version vX.Y.Z \ + --set image.tag=vX.Y.Z ``` ## Usage diff --git a/examples/flux-resources.yaml b/examples/flux-resources.yaml new file mode 100644 index 0000000..73cbec9 --- /dev/null +++ b/examples/flux-resources.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cert-manager-webhook-linode + namespace: cert-manager +spec: + interval: 1m0s + type: oci + url: oci://ghcr.io/linode/cert-manager-webhook-linode +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cert-manager-webhook-linode + namespace: cert-manager +spec: + chart: + spec: + chart: charts/webhook + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: cert-manager-webhook-linode + namespace: flux-system + version: v0.4.0 + interval: 1m0s + releaseName: cert-manager-webhook-linode + targetNamespace: cert-manager + values: + image: + tag: v0.4.0 diff --git a/go.mod b/go.mod index b663bcd..166dc97 100644 --- a/go.mod +++ b/go.mod @@ -12,6 +12,7 @@ require ( k8s.io/apimachinery v0.30.2 k8s.io/client-go v0.30.2 k8s.io/klog/v2 v2.130.1 + sigs.k8s.io/controller-runtime v0.18.2 ) require ( @@ -105,7 +106,6 @@ require ( k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect - sigs.k8s.io/controller-runtime v0.18.2 // indirect sigs.k8s.io/gateway-api v1.1.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect diff --git a/deploy/cert-manager-webhook-linode/.helmignore b/helm/chart/.helmignore similarity index 100% rename from deploy/cert-manager-webhook-linode/.helmignore rename to helm/chart/.helmignore diff --git a/deploy/cert-manager-webhook-linode/Chart.yaml b/helm/chart/Chart.yaml similarity index 74% rename from deploy/cert-manager-webhook-linode/Chart.yaml rename to helm/chart/Chart.yaml index f439fd4..1637699 100644 --- a/deploy/cert-manager-webhook-linode/Chart.yaml +++ b/helm/chart/Chart.yaml @@ -1,5 +1,4 @@ apiVersion: v2 -appVersion: "v0.3.0" description: A Helm chart for cert-manager-webhook-linode name: cert-manager-webhook-linode -version: v0.3.0 +version: 0.0.0 diff --git a/deploy/cert-manager-webhook-linode/templates/NOTES.txt b/helm/chart/templates/NOTES.txt similarity index 100% rename from deploy/cert-manager-webhook-linode/templates/NOTES.txt rename to helm/chart/templates/NOTES.txt diff --git a/deploy/cert-manager-webhook-linode/templates/_helpers.tpl b/helm/chart/templates/_helpers.tpl similarity index 100% rename from deploy/cert-manager-webhook-linode/templates/_helpers.tpl rename to helm/chart/templates/_helpers.tpl diff --git a/deploy/cert-manager-webhook-linode/templates/apiservice.yaml b/helm/chart/templates/apiservice.yaml similarity index 100% rename from deploy/cert-manager-webhook-linode/templates/apiservice.yaml rename to helm/chart/templates/apiservice.yaml diff --git a/deploy/cert-manager-webhook-linode/templates/deployment.yaml b/helm/chart/templates/deployment.yaml similarity index 100% rename from deploy/cert-manager-webhook-linode/templates/deployment.yaml rename to helm/chart/templates/deployment.yaml diff --git a/deploy/cert-manager-webhook-linode/templates/pki.yaml b/helm/chart/templates/pki.yaml similarity index 100% rename from deploy/cert-manager-webhook-linode/templates/pki.yaml rename to helm/chart/templates/pki.yaml diff --git a/deploy/cert-manager-webhook-linode/templates/rbac.yaml b/helm/chart/templates/rbac.yaml similarity index 100% rename from deploy/cert-manager-webhook-linode/templates/rbac.yaml rename to helm/chart/templates/rbac.yaml diff --git a/deploy/cert-manager-webhook-linode/templates/service.yaml b/helm/chart/templates/service.yaml similarity index 100% rename from deploy/cert-manager-webhook-linode/templates/service.yaml rename to helm/chart/templates/service.yaml diff --git a/deploy/cert-manager-webhook-linode/values.yaml b/helm/chart/values.yaml similarity index 95% rename from deploy/cert-manager-webhook-linode/values.yaml rename to helm/chart/values.yaml index 0c08355..fb884ee 100644 --- a/deploy/cert-manager-webhook-linode/values.yaml +++ b/helm/chart/values.yaml @@ -19,7 +19,7 @@ deployment: logLevel: 6 image: - repository: slicen/cert-manager-webhook-linode + repository: ghcr.io/linode/cert-manager-webhook-linode tag: latest pullPolicy: IfNotPresent