Setup workflows to publish versions

.github/workflows/goreleaser.yaml

@@ -0,0 +1,41 @@
+name: goreleaser
+
+on:
+  push:
+    tags:
+    - v\d+\.\d+\.\d+
+
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    - name: Setup BuildX
+      uses: docker/setup-buildx-action@v3
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: stable
+    - name: Log in to the Container registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - name: Run GoReleaser
+      uses: goreleaser/goreleaser-action@v6
+      with:
+        distribution: goreleaser
+        version: "~> v2"
+        args: release --clean
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/helm.yaml

@@ -0,0 +1,55 @@
+name: Release Charts
+
+on:
+  push:
+    tags:
+    - v\d+\.\d+\.\d+
+
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  oci-release:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: stable
+    - name: Set up Helm
+      uses: azure/setup-helm@v3
+    - name: Log in to the Container registry
+      uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - name: Setup oras
+      uses: oras-project/setup-oras@v1
+    - name: Package Helm Chart
+      id: helm-packages
+      run: |
+
+        helm package ./helm/chart --version $GITHUB_REF_NAME --app-version $GITHUB_REF_NAME
+        tar zxvf cert-manager-webhook-linode-$GITHUB_REF_NAME.tgz cert-manager-webhook-linode/Chart.yaml
+    - name: Publish OCI Artifact
+      id: oras-push
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        go install github.com/itchyny/gojq/cmd/gojq@latest
+        cat cert-manager-webhook-linode/Chart.yaml | gojq --yaml-input > config.json
+        oras push ghcr.io/$GITHUB_REPOSITORY/charts/webhook:$GITHUB_REF_NAME \
+          --annotation org.opencontainers.image.created=$(date +"%FT%T%:z") \
+          --annotation org.opencontainers.image.description="A Helm chart for cert-manager-webhook-linode" \
+          --annotation org.opencontainers.image.title=cert-manager-webhook-linode \
+          --annotation org.opencontainers.image.version=$GITHUB_REF_NAME \
+          --annotation org.opencontainers.image.source=https://github.com/$GITHUB_REPOSITORY \
+          --config config.json:application/vnd.cncf.helm.config.v1+json \
+          cert-manager-webhook-linode-$GITHUB_REF_NAME.tgz:application/vnd.cncf.helm.chart.content.v1.tar+gzip
+        oras tag ghcr.io/$GITHUB_REPOSITORY/charts/webhook:$GITHUB_REF_NAME latest

.gitignore

@@ -14,3 +14,5 @@
 
 # Ignore the built binary
 ./cert-manager-webhook-linode
+# Added by goreleaser init:
+dist/

.goreleaser.yaml

@@ -0,0 +1,102 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+
+# The lines below are called `modelines`. See `:help modeline`
+# Feel free to remove those if you don't want/need to use them.
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj
+
+version: 2
+
+before:
+  hooks:
+  # You may remove this if you don't use go modules.
+  - go mod tidy
+  # you may remove this if you don't need go generate
+  - go generate ./...
+
+builds:
+- env:
+  - CGO_ENABLED=0
+  goos:
+  - linux
+  goarch:
+  - amd64
+  - arm64
+  main: ./main.go
+  binary: webhook
+
+dockers:
+- use: buildx
+  goos: linux
+  goarch: amd64
+  build_flag_templates:
+  - --label=org.opencontainers.image.source={{.Env.GITHUB_SERVER_URL}}/{{.Env.GITHUB_REPOSITORY}}
+  - --platform=linux/amd64
+  image_templates:
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:amd64
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}-amd64
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}.{{.Minor}}-amd64
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:{{.Tag}}-amd64
+- use: buildx
+  goos: linux
+  goarch: arm64
+  build_flag_templates:
+  - --label=org.opencontainers.image.source={{.Env.GITHUB_SERVER_URL}}/{{.Env.GITHUB_REPOSITORY}}
+  - --platform=linux/arm64
+  image_templates:
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:arm64
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}-arm64
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}.{{.Minor}}-arm64
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:{{.Tag}}-arm64
+
+docker_manifests:
+- use: docker
+  name_template: ghcr.io/{{.Env.GITHUB_REPOSITORY}}:latest
+  image_templates:
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:arm64
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:amd64
+- use: docker
+  name_template: ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{ .Major }}
+  image_templates:
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}-arm64
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}-amd64
+- use: docker
+  name_template: ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{ .Major }}.{{.Minor}}
+  image_templates:
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}.{{.Minor}}-arm64
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:v{{.Major}}.{{.Minor}}-amd64
+- use: docker
+  name_template: ghcr.io/{{.Env.GITHUB_REPOSITORY}}:{{ .Tag }}
+  image_templates:
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:{{.Tag}}-arm64
+  - ghcr.io/{{.Env.GITHUB_REPOSITORY}}:{{.Tag}}-amd64
+
+archives:
+- formats: [tar.gz]
+  # this name template makes the OS and Arch compatible with the results of `uname`.
+  name_template: >-
+    {{ .ProjectName }}_
+    {{- title .Os }}_
+    {{- if eq .Arch "amd64" }}x86_64
+    {{- else if eq .Arch "386" }}i386
+    {{- else }}{{ .Arch }}{{ end }}
+    {{- if .Arm }}v{{ .Arm }}{{ end }}
+  # use zip for windows archives
+  format_overrides:
+  - goos: windows
+    formats: [zip]
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+    - "^docs:"
+    - "^test:"
+
+release:
+  footer: >-
+
+    ---
+
+    Released by [GoReleaser](https://github.com/goreleaser/goreleaser).

Dockerfile

@@ -1,24 +1,9 @@
-FROM golang:1.22-alpine3.19 AS build_deps
-
-RUN apk add --no-cache git
-
-WORKDIR /workspace
-
-COPY go.mod .
-COPY go.sum .
-
-RUN go mod download
-
-FROM build_deps AS build
-
-COPY . .
-
-RUN CGO_ENABLED=0 go build -o webhook -ldflags '-w -extldflags "-static"' .
-
 FROM alpine:3.18
 
+LABEL org.opencontainers.image.source=http://github.com/nalum/cert-manager-webhook-linode
+
 RUN apk add --no-cache ca-certificates
 
-COPY --from=build /workspace/webhook /usr/local/bin/webhook
+COPY webhook /webhook
 
-ENTRYPOINT ["webhook"]
+ENTRYPOINT ["/webhook"]

README.md

@@ -4,16 +4,17 @@
 [![Releases](https://img.shields.io/github/v/release/slicen/cert-manager-webhook-linode?include_prereleases)](https://github.com/slicen/cert-manager-webhook-linode/releases)
 [![LICENSE](https://img.shields.io/github/license/slicen/cert-manager-webhook-linode)](https://github.com/slicen/cert-manager-webhook-linode/blob/master/LICENSE)
 
-A webhook to use [Linode DNS
-Manager](https://www.linode.com/docs/platform/manager/dns-manager) as a DNS01
+A webhook to use [Linode DNS Manager](https://www.linode.com/docs/platform/manager/dns-manager) as a DNS01
 ACME Issuer for [cert-manager](https://github.com/jetstack/cert-manager).
 
 ## Installation
 
 ```bash
 helm install cert-manager-webhook-linode \
+  oci://ghcr.io/linode/cert-manager-webhook-linode/charts/webhook \
   --namespace cert-manager \
-  https://github.com/linode/cert-manager-webhook-linode/releases/download/v0.3.0/cert-manager-webhook-linode-v0.3.0.tgz
+  --version vX.Y.Z \
+  --set image.tag=vX.Y.Z
 ```
 
 ## Usage

examples/flux-resources.yaml

@@ -0,0 +1,32 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: cert-manager-webhook-linode
+  namespace: cert-manager
+spec:
+  interval: 1m0s
+  type: oci
+  url: oci://ghcr.io/linode/cert-manager-webhook-linode
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cert-manager-webhook-linode
+  namespace: cert-manager
+spec:
+  chart:
+    spec:
+      chart: charts/webhook
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: cert-manager-webhook-linode
+        namespace: flux-system
+      version: v0.4.0
+  interval: 1m0s
+  releaseName: cert-manager-webhook-linode
+  targetNamespace: cert-manager
+  values:
+    image:
+      tag: v0.4.0

go.mod

@@ -12,6 +12,7 @@ require (
 	k8s.io/apimachinery v0.30.2
 	k8s.io/client-go v0.30.2
 	k8s.io/klog/v2 v2.130.1
+	sigs.k8s.io/controller-runtime v0.18.2
 )
 
 require (
@@ -105,7 +106,6 @@ require (
 	k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect
 	k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect
-	sigs.k8s.io/controller-runtime v0.18.2 // indirect
 	sigs.k8s.io/gateway-api v1.1.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect

deploy/cert-manager-webhook-linode/Chart.yaml → helm/chart/Chart.yaml

@@ -1,5 +1,4 @@
 apiVersion: v2
-appVersion: "v0.3.0"
 description: A Helm chart for cert-manager-webhook-linode
 name: cert-manager-webhook-linode
-version: v0.3.0
+version: 0.0.0

deploy/cert-manager-webhook-linode/values.yaml → helm/chart/values.yaml

@@ -19,7 +19,7 @@ deployment:
   logLevel: 6
 
 image:
-  repository: slicen/cert-manager-webhook-linode
+  repository: ghcr.io/linode/cert-manager-webhook-linode
   tag: latest
   pullPolicy: IfNotPresent