Add ability to release container images to pipeline

.dockerignore

@@ -3,7 +3,6 @@ internal/cmd/mocks/
 Jenkinsfile
 
 dev/
-dist/
 output/
 
 **/*.sw[po]

CHANGELOG.md

@@ -10,7 +10,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Nothing should go in this section, please add to the latest unreleased version
   (and update the corresponding date), or add a new version.
 
-## [8.0.0] - 2023-01-12
+## [8.0.0] - 2023-01-20
 
 ### Added
 - Initial release of Conjur CLI written in Golang
+
+## [0.0.0] - 2023-01-01
+
+### Added
+- Placeholder version to capture the reset of the repository

Dockerfile

@@ -0,0 +1,6 @@
+FROM alpine:3.17.1 as conjur-cli-go
+LABEL org.opencontainers.image.authors="CyberArk Software Ltd."
+
+ENTRYPOINT [ "/usr/local/bin/conjur" ]
+
+COPY dist/goreleaser/binaries/conjur_linux_amd64_v1 /usr/local/bin/conjur

Jenkinsfile

@@ -15,8 +15,13 @@ if (params.MODE == "PROMOTE") {
   release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
     // Any assets from sourceVersion Github release are available in assetDirectory
     // Any version number updates from sourceVersion to targetVersion occur here
-    // Any publishing of stargetVersion artifacts occur here
+    // Any publishing of targetVersion artifacts occur here
     // Anything added to assetDirectory will be attached to the Github Release
+
+    // Promote source version to target version.
+
+    // NOTE: the use of --pull to ensure source images are pulled from internal registry
+    sh "source ./bin/build_utils && ./bin/publish_container_images --promote --source ${sourceVersion}-\$(git_commit) --target ${targetVersion} --pull"
   }
   return
 }
@@ -76,31 +81,55 @@ pipeline {
       }
     }
 
-    stage('Run unit tests') {
-      steps {
-        sh './bin/test_unit'
-      }
-      post {
-        always {
-          sh './bin/coverage'
-          junit 'junit.xml'
-
-          cobertura autoUpdateHealth: false,
-            autoUpdateStability: false,
-            coberturaReportFile: 'coverage.xml',
-            conditionalCoverageTargets: '70, 0, 0',
-            failUnhealthy: false,
-            failUnstable: false,
-            maxNumberOfBuilds: 0,
-            lineCoverageTargets: '70, 0, 0',
-            methodCoverageTargets: '70, 0, 0',
-            onlyStable: false,
-            sourceEncoding: 'ASCII',
-            zoomCoverageChart: false
-            ccCoverage("gocov", "--prefix github.com/cyberark/conjur-cli-go")
+    stage('Build while unit testing') {
+      parallel {
+        stage('Run unit tests') {
+          steps {
+            sh './bin/test_unit'
+          }
+          post {
+            always {
+              sh './bin/coverage'
+              junit 'junit.xml'
+
+              cobertura autoUpdateHealth: false,
+                autoUpdateStability: false,
+                coberturaReportFile: 'coverage.xml',
+                conditionalCoverageTargets: '70, 0, 0',
+                failUnhealthy: false,
+                failUnstable: false,
+                maxNumberOfBuilds: 0,
+                lineCoverageTargets: '70, 0, 0',
+                methodCoverageTargets: '70, 0, 0',
+                onlyStable: false,
+                sourceEncoding: 'ASCII',
+                zoomCoverageChart: false
+                ccCoverage("gocov", "--prefix github.com/cyberark/conjur-cli-go")
+            }
+          }
+        }
+
+        stage('Build release artifacts') {
+          steps {
+            dir('./pristine-checkout') {
+              // Go releaser requires a pristine checkout
+              checkout scm
+
+              // Create release artifacts without releasing to Github
+              sh "cp ../VERSION ./VERSION"
+              sh "./bin/build_release --skip-validate --rm-dist"
+
+              // Build container images
+              sh "./bin/build_container_images"
+
+              // Archive release artifacts
+              archiveArtifacts 'dist/goreleaser/'
+            }
+          }
         }
       }
     }
+
     stage('Run integration tests') {
       steps {
         dir('ci') {
@@ -115,20 +144,6 @@ pipeline {
       }
     }
 
-    stage('Build release artifacts') {
-      steps {
-        dir('./pristine-checkout') {
-          // Go releaser requires a pristine checkout
-          checkout scm
-
-          // Create release packages without releasing to Github
-          sh "cp ../VERSION ./VERSION"
-          sh "./bin/build_release --skip-validate --rm-dist"
-          archiveArtifacts 'dist/goreleaser/'
-        }
-      }
-    }
-
     stage('Release') {
       when {
         expression {
@@ -147,6 +162,9 @@ pipeline {
           sh """go-bom --tools "${toolsDirectory}" --go-mod ./go.mod --image "golang" --main "cmd/conjur/" --output "${billOfMaterialsDirectory}/go-app-bom.json" """
           // Create Go module SBOM
           sh """go-bom --tools "${toolsDirectory}" --go-mod ./go.mod --image "golang" --output "${billOfMaterialsDirectory}/go-mod-bom.json" """
+
+          // Publish container images to internal registry
+          sh './bin/publish_container_images --internal'
         }
       }
     }

bin/build_container_images

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+# Navigate to the bin directory (where this script lives) to ensure we can run this script
+# from anywhere.
+cd "$(dirname "$0")"
+
+. ./build_utils
+
+function main() {
+    local REPO_ROOT
+    local CONTAINER_IMAGE_AND_TAG
+
+    REPO_ROOT="$(repo_root)"
+    CONTAINER_IMAGE_AND_TAG="conjur-cli:$(project_version_with_commit)"
+
+    # Build container image/s by copying binaries
+    # 
+    echo "Building ${CONTAINER_IMAGE_AND_TAG} container image"
+    docker build \
+        --tag "${CONTAINER_IMAGE_AND_TAG}" \
+        --rm \
+        --file "${REPO_ROOT}/Dockerfile" \
+        "${REPO_ROOT}"
+}
+
+main

bin/build_release

@@ -2,31 +2,43 @@
 
 set -eo pipefail
 
-PROJECT_NAME=conjur-cli-go
-REPO_ROOT="$(git rev-parse --show-toplevel)"
-
-# Get the version of Go specified by the "go directive" in go.mod
-# Grep it to avoid Go binary dependency
-GO_VERSION="v$(grep "^\bgo\b" "${REPO_ROOT}/go.mod" | awk '{print $2}')"
-
-# Determine where VERSION file is based on goreleaser argument
-VERSION=$(<"${REPO_ROOT}/VERSION")
-
-# Remove Jenkins build number from VERSION
-VERSION="${VERSION/-*/}"
-
-# Use a GoReleaser Docker image containing cross-compilation tools
-# This image is recommended by the official GoReleaser docs
-# https://goreleaser.com/cookbooks/cgo-and-crosscompiling/
-GORELEASER_IMAGE="goreleaser/goreleaser-cross:latest"
-
-echo "Docker image for release build: ${GORELEASER_IMAGE}"
-
-docker run --rm \
-  --env VERSION="${VERSION}" \
-  --env GO_VERSION="${GO_VERSION}" \
-  --volume "${REPO_ROOT}:/${PROJECT_NAME}" \
-  --workdir /${PROJECT_NAME} \
-  "${GORELEASER_IMAGE}" --rm-dist "$@"
-
-echo "Releases built. Archives can be found in dist/goreleaser"
+# Navigate to the bin directory (where this script lives) to ensure we can run this script
+# from anywhere.
+cd "$(dirname "$0")"
+
+. ./build_utils
+
+function main() {
+    local REPO_ROOT
+    local PROJECT_WD
+    local VERSION
+    local GO_VERSION
+    local GORELEASER_IMAGE
+
+    # Use a GoReleaser Docker image containing cross-compilation tools
+    # This image is recommended by the official GoReleaser docs
+    # https://goreleaser.com/cookbooks/cgo-and-crosscompiling/
+    GORELEASER_IMAGE="goreleaser/goreleaser-cross:latest"
+
+    REPO_ROOT="$(repo_root)"
+    PROJECT_WD="github.com/cyberark/conjur-cli-go"
+    VERSION="$(project_semantic_version)"
+
+    # Get the version of Go specified by the "go directive" in go.mod
+    # Grep it to avoid Go binary dependency
+    GO_VERSION="v$(grep "^\bgo\b" "${REPO_ROOT}/go.mod" | awk '{print $2}')"
+
+
+    # Compile binaries with Go Releaser
+    #
+    echo "Docker image for release build: ${GORELEASER_IMAGE}"
+    docker run --rm \
+      --env VERSION="${VERSION}" \
+      --env GO_VERSION="${GO_VERSION}" \
+      --volume "${REPO_ROOT}:/${PROJECT_WD}" \
+      --workdir "/${PROJECT_WD}" \
+      "${GORELEASER_IMAGE}" --rm-dist "$@"
+    echo "Releases built. Archives can be found in dist/goreleaser"
+}
+
+main "$@"

bin/build_utils

@@ -26,6 +26,52 @@ function retrieve_cyberark_ca_cert() {
   fi
 }
 
-repo_root() {
+function repo_root() {
   git rev-parse --show-toplevel
 }
+
+function git_commit() {
+  git rev-parse --short HEAD
+}
+
+function project_version() {
+  # VERSION derived from CHANGELOG and automated release library
+  echo "$(<"$(repo_root)/VERSION")"
+}
+
+function project_semantic_version() {
+  local version
+  version="$(project_version)"
+
+  # Remove Jenkins build number from VERSION
+  echo "${version/-*/}"
+}
+
+function project_semantic_version_with_commit() {
+  echo "$(project_semantic_version)-$(git_commit)"
+}
+
+function project_version_with_commit() {
+  echo "$(project_version)-$(git_commit)"
+}
+
+# generate less specific versions, eg. given 1.2.3 will print 1.2 and 1
+# (note: the argument itself is not printed, append it explicitly if needed)
+function gen_versions() {
+  local version="${1}"
+  while [[ "${version}" = *.* ]]; do
+    version=${version%.*}
+    echo "${version}"
+  done
+}
+
+function tag_and_push() {
+  local source="$1"
+  shift
+  local target="$1"
+  shift
+
+  echo "Tagging and pushing $target..."
+  docker tag "${source}" "${target}"
+  docker push "${target}"
+}