diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yml similarity index 95% rename from .github/workflows/ci.yaml rename to .github/workflows/ci.yml index 91e19cc7..4ea61159 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yml @@ -19,8 +19,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v5 with: - # renovate: datasource=golang-version depName=golang - go-version: 1.23.4 + go-version-file: go.mod id: go - name: Get dependencies diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8d67aaee..df63060c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -33,15 +33,6 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yml similarity index 100% rename from .github/workflows/docs.yaml rename to .github/workflows/docs.yml diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yml similarity index 100% rename from .github/workflows/labeler.yaml rename to .github/workflows/labeler.yml diff --git a/Dockerfile b/Dockerfile index 5b5fc33c..70c744af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,13 +1,18 @@ -# This ARG has to be at the top, otherwise the docker daemon does not known what to do with FROM ${RUNTIME_IMAGE} -ARG RUNTIME_IMAGE=gcr.io/distroless/static:nonroot -# version is shared between mutiple buildstages +# The image ARGs have to be at the top, otherwise the docker daemon cannot validate +# the FROM statements and overall Dockerfile +# +# Argument for setting the build image +ARG BUILD_IMAGE=placeholder +# Argument for setting the runtime image +ARG RUNTIME_IMAGE=placeholder +# Argument for setting the oauth2-proxy build version ARG VERSION # All builds should be done using the platform native to the build node to allow # cache sharing of the go mod download step. # Go cross compilation is also faster than emulation the go compilation across # multiple platforms. -FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.22-bookworm AS builder +FROM --platform=${BUILDPLATFORM} ${BUILD_IMAGE} AS builder # Copy sources WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy @@ -19,10 +24,12 @@ RUN go mod download # Now pull in our code COPY . . -# Arguments go here so that the previous steps can be cached if no external -# sources have changed. +# Arguments go here so that the previous steps can be cached if no external sources +# have changed. These arguments are automatically set by the docker engine. ARG TARGETPLATFORM ARG BUILDPLATFORM + +# Reload version argument ARG VERSION # Build binary and make sure there is at least an empty key file. @@ -46,8 +53,11 @@ RUN case ${TARGETPLATFORM} in \ printf "Building OAuth2 Proxy for arch ${GOARCH}\n" && \ GOARCH=${GOARCH} VERSION=${VERSION} make build && touch jwt_signing_key.pem +# Reload runtime image +ARG RUNTIME_IMAGE # Copy binary to runtime image FROM ${RUNTIME_IMAGE} +# Reload version ARG VERSION COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy diff --git a/Makefile b/Makefile index 69ed7a10..f1fe8bc7 100644 --- a/Makefile +++ b/Makefile @@ -12,8 +12,10 @@ DATE := $(shell date +"%Y%m%d") GO_MAJOR_VERSION = $(shell $(GO) version | cut -c 14- | cut -d' ' -f1 | cut -d'.' -f1) GO_MINOR_VERSION = $(shell $(GO) version | cut -c 14- | cut -d' ' -f1 | cut -d'.' -f2) -MINIMUM_SUPPORTED_GO_MAJOR_VERSION = 1 -MINIMUM_SUPPORTED_GO_MINOR_VERSION = 20 + +GO_MOD_VERSION = $(shell sed -En 's/^go ([[:digit:]]\.[[:digit:]]+)\.[[:digit:]]+/\1/p' go.mod) +MINIMUM_SUPPORTED_GO_MAJOR_VERSION = $(shell echo ${GO_MOD_VERSION} | cut -d' ' -f1 | cut -d'.' -f1) +MINIMUM_SUPPORTED_GO_MINOR_VERSION = $(shell echo ${GO_MOD_VERSION} | cut -d' ' -f1 | cut -d'.' -f2) GO_VERSION_VALIDATION_ERR_MSG = Golang version is not supported, please update to at least $(MINIMUM_SUPPORTED_GO_MAJOR_VERSION).$(MINIMUM_SUPPORTED_GO_MINOR_VERSION) ifeq ($(COVER),true) @@ -42,9 +44,11 @@ build: validate-go-version clean $(BINARY) $(BINARY): CGO_ENABLED=0 $(GO) build -a -installsuffix cgo -ldflags="-X github.com/oauth2-proxy/oauth2-proxy/v7/pkg/version.VERSION=${VERSION}" -o $@ github.com/oauth2-proxy/oauth2-proxy/v7 +DOCKER_BUILDX_COMMON_ARGS ?= --build-arg BUILD_IMAGE=docker.io/library/golang:${GO_MOD_VERSION}-bookworm --build-arg VERSION=${VERSION} + DOCKER_BUILD_PLATFORM ?= linux/amd64,linux/arm64,linux/ppc64le,linux/arm/v7,linux/s390x DOCKER_BUILD_RUNTIME_IMAGE ?= gcr.io/distroless/static:nonroot -DOCKER_BUILDX_ARGS ?= --build-arg RUNTIME_IMAGE=${DOCKER_BUILD_RUNTIME_IMAGE} --build-arg VERSION=${VERSION} +DOCKER_BUILDX_ARGS ?= --build-arg RUNTIME_IMAGE=${DOCKER_BUILD_RUNTIME_IMAGE} ${DOCKER_BUILDX_COMMON_ARGS} DOCKER_BUILDX := docker buildx build ${DOCKER_BUILDX_ARGS} --pull DOCKER_BUILDX_X_PLATFORM := $(DOCKER_BUILDX) --platform ${DOCKER_BUILD_PLATFORM} DOCKER_BUILDX_PUSH := $(DOCKER_BUILDX) --push @@ -52,7 +56,7 @@ DOCKER_BUILDX_PUSH_X_PLATFORM := $(DOCKER_BUILDX_PUSH) --platform ${DOCKER_BUILD DOCKER_BUILD_PLATFORM_ALPINE ?= linux/amd64,linux/arm64,linux/ppc64le,linux/arm/v6,linux/arm/v7,linux/s390x DOCKER_BUILD_RUNTIME_IMAGE_ALPINE ?= alpine:3.21.2 -DOCKER_BUILDX_ARGS_ALPINE ?= --build-arg RUNTIME_IMAGE=${DOCKER_BUILD_RUNTIME_IMAGE_ALPINE} --build-arg VERSION=${VERSION} +DOCKER_BUILDX_ARGS_ALPINE ?= --build-arg RUNTIME_IMAGE=${DOCKER_BUILD_RUNTIME_IMAGE_ALPINE} ${DOCKER_BUILDX_COMMON_ARGS} DOCKER_BUILDX_X_PLATFORM_ALPINE := docker buildx build ${DOCKER_BUILDX_ARGS_ALPINE} --platform ${DOCKER_BUILD_PLATFORM_ALPINE} DOCKER_BUILDX_PUSH_X_PLATFORM_ALPINE := $(DOCKER_BUILDX_X_PLATFORM_ALPINE) --push