diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 06f827c6a..0d710228e 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -32,7 +32,7 @@ jobs: - name: Set up Go 1.19 uses: actions/setup-go@v1 with: - go-version: 1.19.9 + go-version: 1.19.12 id: go - uses: actions/checkout@v3 with: @@ -93,7 +93,7 @@ jobs: - name: Set up Go 1.19 uses: actions/setup-go@v1 with: - go-version: 1.19.9 + go-version: 1.19.12 id: go - uses: actions/checkout@v3 with: @@ -148,7 +148,7 @@ jobs: - name: Set up Go 1.19 uses: actions/setup-go@v1 with: - go-version: 1.19.9 + go-version: 1.19.12 id: go - uses: actions/checkout@v3 with: @@ -203,7 +203,7 @@ jobs: - name: Set up Go 1.19 uses: actions/setup-go@v1 with: - go-version: 1.19.9 + go-version: 1.19.12 id: go - uses: actions/checkout@v3 with: @@ -256,7 +256,7 @@ jobs: - name: Set up Go 1.19 uses: actions/setup-go@v1 with: - go-version: 1.19.9 + go-version: 1.19.12 id: go - uses: actions/checkout@v3 with: diff --git a/.github/workflows/build-package.yml b/.github/workflows/build-package.yml index 58f491740..9a4d9746a 100644 --- a/.github/workflows/build-package.yml +++ b/.github/workflows/build-package.yml @@ -26,7 +26,7 @@ jobs: - name: Set up Go 1.19 uses: actions/setup-go@v1 with: - go-version: 1.19.9 + go-version: 1.19.12 id: go - name: Setup Docker uses: docker-practice/actions-setup-docker@master diff --git a/.github/workflows/conformance_test.yml b/.github/workflows/conformance_test.yml index aec477331..149050e4a 100644 --- a/.github/workflows/conformance_test.yml +++ b/.github/workflows/conformance_test.yml @@ -28,7 +28,7 @@ jobs: - name: Set up Go 1.19 uses: actions/setup-go@v1 with: - go-version: 1.19.9 + go-version: 1.19.12 id: go - uses: actions/checkout@v3 with: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f0422e429..592004394 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -164,7 +164,7 @@ Harbor backend is written in [Go](http://golang.org/). If you don't have a Harbo | 2.4 | 1.17.7 | | 2.5 | 1.17.7 | | 2.6 | 1.18.6 | -| 2.7 | 1.19.9 | +| 2.7 | 1.19.12 | Ensure your GOPATH and PATH have been configured in accordance with the Go environment instructions. diff --git a/Makefile b/Makefile index 8541fe628..149445be2 100644 --- a/Makefile +++ b/Makefile @@ -155,7 +155,9 @@ GOINSTALL=$(GOCMD) install GOTEST=$(GOCMD) test GODEP=$(GOTEST) -i GOFMT=gofmt -w -GOBUILDIMAGE=golang:1.19.9 +GOVERSION=1.19.12 +GOBUILDIMAGE=goharbor/golang:$(GOVERSION) +PUSHGOIMAGE=false GOBUILDPATHINCONTAINER=/harbor # go build @@ -491,6 +493,15 @@ package_offline: update_prepare_version compile build @rm -rf $(HARBORPKG) @echo "Done." +build_golang: + @echo "build goharbor/golang image" + $(DOCKERBUILD) --build-arg GOVERSION=$(GOVERSION) -f $(MAKEPATH)/photon/golang/Dockerfile -t $(GOBUILDIMAGE) . + @if [ "$(PUSHGOIMAGE)" = "true" ] ; then \ + echo "push goharbor/golang image"; \ + docker login -u $(REGISTRYUSER) -p $(REGISTRYPASSWORD) ; \ + docker push $(GOBUILDIMAGE); \ + fi; \ + gosec: #go get github.com/securego/gosec/cmd/gosec #go get github.com/dghubble/sling diff --git a/make/photon/chartserver/builder b/make/photon/chartserver/builder index 2c772a396..f9f2638d0 100755 --- a/make/photon/chartserver/builder +++ b/make/photon/chartserver/builder @@ -4,7 +4,7 @@ set +e usage(){ echo "Usage: builder " - echo "e.g: builder golang:1.19.9 github.com/helm/chartmuseum v0.14.0 cmd/chartmuseum chartm" + echo "e.g: builder goharbor/golang:1.19.12 github.com/helm/chartmuseum v0.14.0 cmd/chartmuseum chartm" exit 1 } diff --git a/make/photon/golang/Dockerfile b/make/photon/golang/Dockerfile new file mode 100644 index 000000000..d573d5c97 --- /dev/null +++ b/make/photon/golang/Dockerfile @@ -0,0 +1,36 @@ +FROM photon:4.0 + +ARG GOVERSION + +# install cgo-related dependencies && git +# official golang build from standard Debian, while photon os do not install git as default +RUN tdnf install build-essential git gpg -y + +ENV PATH /usr/local/go/bin:$PATH + +ENV GOLANG_VERSION ${GOVERSION} + +# need to change sha256, for every specific golang version from https://github.com/docker-library/golang +RUN set eux; \ + url="https://dl.google.com/go/go${GOLANG_VERSION}.linux-amd64.tar.gz"; \ + sha256="48e4fcfb6abfdaa01aaf1429e43bdd49cea5e4687bd5f5b96df1e193fcfd3e7e"; \ + wget -O go.tgz.asc "$url.asc"; \ + wget -O go.tgz "$url"; \ + echo "$sha256 *go.tgz" | sha256sum -c -; \ + # https://github.com/golang/go/issues/14739#issuecomment-324767697 + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + # https://www.google.com/linuxrepositories/ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796'; \ + # let's also fetch the specific subkey of that key explicitly that we expect "go.tgz.asc" to be signed by, just to make sure we definitely have it + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys '2F52 8D36 D67B 69ED F998 D857 78BD 6547 3CB3 BD13'; \ + gpg --batch --verify go.tgz.asc go.tgz; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" go.tgz.asc; \ + tar -C /usr/local -xzf go.tgz; \ + rm go.tgz; \ + go version + +ENV GOPATH /go +ENV PATH $GOPATH/bin:$PATH +RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" +WORKDIR $GOPATH \ No newline at end of file diff --git a/make/photon/registry/Dockerfile.binary b/make/photon/registry/Dockerfile.binary index f02c2213a..58f90d7b5 100644 --- a/make/photon/registry/Dockerfile.binary +++ b/make/photon/registry/Dockerfile.binary @@ -1,4 +1,4 @@ -FROM golang:1.19.9 +FROM goharbor/golang:1.19.12 ENV DISTRIBUTION_DIR /go/src/github.com/docker/distribution ENV BUILDTAGS include_oss include_gcs diff --git a/make/photon/trivy-adapter/Dockerfile.binary b/make/photon/trivy-adapter/Dockerfile.binary index 6f42cce8d..92d568915 100644 --- a/make/photon/trivy-adapter/Dockerfile.binary +++ b/make/photon/trivy-adapter/Dockerfile.binary @@ -1,4 +1,4 @@ -FROM golang:1.19.9 +FROM goharbor/golang:1.19.12 ADD . /go/src/github.com/aquasecurity/harbor-scanner-trivy/ WORKDIR /go/src/github.com/aquasecurity/harbor-scanner-trivy/ diff --git a/make/photon/trivy-adapter/builder.sh b/make/photon/trivy-adapter/builder.sh index d0ce9ff50..2d4ac11bf 100755 --- a/make/photon/trivy-adapter/builder.sh +++ b/make/photon/trivy-adapter/builder.sh @@ -19,7 +19,7 @@ TEMP=$(mktemp -d ${TMPDIR-/tmp}/trivy-adapter.XXXXXX) git clone https://github.com/aquasecurity/harbor-scanner-trivy.git $TEMP cd $TEMP; git checkout $VERSION; cd - -echo "Building Trivy adapter binary based on golang:1.19.9..." +echo "Building Trivy adapter binary based on goharbor/golang:1.19.12..." cp Dockerfile.binary $TEMP docker build -f $TEMP/Dockerfile.binary -t trivy-adapter-golang $TEMP diff --git a/tests/ci/distro_installer.sh b/tests/ci/distro_installer.sh index dbd32b514..fda10f8cb 100755 --- a/tests/ci/distro_installer.sh +++ b/tests/ci/distro_installer.sh @@ -3,5 +3,5 @@ set -x set -e -sudo make package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=dev-gitaction PKGVERSIONTAG=dev-gitaction UIVERSIONTAG=dev-gitaction GOBUILDIMAGE=golang:1.19.9 COMPILETAG=compile_golangimage NOTARYFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY= PULL_BASE_FROM_DOCKERHUB=false -sudo make package_offline GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=dev-gitaction PKGVERSIONTAG=dev-gitaction UIVERSIONTAG=dev-gitaction GOBUILDIMAGE=golang:1.19.9 COMPILETAG=compile_golangimage NOTARYFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY= PULL_BASE_FROM_DOCKERHUB=false +sudo make package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=dev-gitaction PKGVERSIONTAG=dev-gitaction UIVERSIONTAG=dev-gitaction GOBUILDIMAGE=goharbor/golang:1.19.12 COMPILETAG=compile_golangimage NOTARYFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY= PULL_BASE_FROM_DOCKERHUB=false +sudo make package_offline GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=dev-gitaction PKGVERSIONTAG=dev-gitaction UIVERSIONTAG=dev-gitaction GOBUILDIMAGE=goharbor/golang:1.19.12 COMPILETAG=compile_golangimage NOTARYFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY= PULL_BASE_FROM_DOCKERHUB=false