mirror of
https://github.com/docker/docker-credential-helpers.git
synced 2026-06-13 16:01:28 +05:30
Merge pull request #237 from crazy-max/release
Release target with checksums
This commit is contained in:
Sebastiaan van Stijn
@@ -138,16 +138,19 @@ jobs:
|
||||
uses: docker/setup-buildx-action@v2
|
||||
-
|
||||
name: Build
|
||||
uses: docker/bake-action@v2
|
||||
with:
|
||||
targets: binaries
|
||||
set: |
|
||||
*.cache-from=type=gha,scope=build
|
||||
*.cache-to=type=gha,scope=build,mode=max
|
||||
-
|
||||
name: Move artifacts
|
||||
run: |
|
||||
mv ${{ env.DESTDIR }}/**/* ${{ env.DESTDIR }}/
|
||||
make release
|
||||
env:
|
||||
CACHE_FROM: type=gha,scope=build
|
||||
CACHE_TO: type=gha,scope=build,mode=max
|
||||
-
|
||||
name: List artifacts
|
||||
run: |
|
||||
tree -nh ${{ env.DESTDIR }}
|
||||
-
|
||||
name: Check artifacts
|
||||
run: |
|
||||
find ${{ env.DESTDIR }} -type f -exec file -e ascii -- {} +
|
||||
-
|
||||
name: Upload artifacts
|
||||
uses: actions/upload-artifact@v3
|
||||
@@ -155,6 +158,15 @@ jobs:
|
||||
name: docker-credential-helpers
|
||||
path: ${{ env.DESTDIR }}/*
|
||||
if-no-files-found: error
|
||||
-
|
||||
name: GitHub Release
|
||||
if: startsWith(github.ref, 'refs/tags/v')
|
||||
uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
draft: true
|
||||
files: ${{ env.DESTDIR }}/*
|
||||
|
||||
build-deb:
|
||||
runs-on: ubuntu-20.04
|
||||
|
||||
@@ -1,61 +0,0 @@
|
||||
# Changelog
|
||||
|
||||
This changelog tracks the releases of docker-credential-helpers.
|
||||
This project includes different binaries per platform.
|
||||
The platform released is identified after the tag name.
|
||||
|
||||
## v0.6.0 (Go client, Linux)
|
||||
|
||||
- New credential helper on Linux using `pass`
|
||||
- New entry point for passing environment variables when calling a credential helper
|
||||
- Add a Makefile rule generating a Windows release binary
|
||||
|
||||
### Note
|
||||
|
||||
`pass` needs to be configured for `docker-credential-pass` to work properly.
|
||||
It must be initialized with a `gpg2` key ID. Make sure your GPG key exists is in `gpg2` keyring as `pass` uses `gpg2` instead of the regular `gpg`.
|
||||
|
||||
## v0.5.2 (Mac OS X, Windows, Linux)
|
||||
|
||||
- Add a `version` command to output the version
|
||||
- Fix storing URLs without scheme, and use `https://` by default
|
||||
|
||||
## v0.5.1 (Go client, Mac OS X, Windows, Linux)
|
||||
|
||||
- Redirect credential helpers' standard error to the caller's
|
||||
- Prevent invalid credentials and credentials queries
|
||||
|
||||
## v0.5.0 (Mac OS X)
|
||||
|
||||
- Add a label for Docker credentials and filter credentials lookup to filter keychain lookups
|
||||
|
||||
## v0.4.2 (Mac OS X, Windows)
|
||||
|
||||
- Fix osxkeychain list
|
||||
- macOS binary is now signed on release
|
||||
- Generate a `.exe` instead
|
||||
|
||||
## v0.4.1 (Mac OS X)
|
||||
|
||||
- Fixes to support older version of OSX (10.10, 10.11)
|
||||
|
||||
## v0.4.0 (Go client, Mac OS X, Windows, Linux)
|
||||
|
||||
- Full implementation for OSX ready
|
||||
- Fix some windows issues
|
||||
- Implement client.List, change list API
|
||||
- mac: delete credentials before adding them to avoid already exist error (fixes #37)
|
||||
|
||||
## v0.3.0 (Go client)
|
||||
|
||||
- Add Go client library to talk with the native programs.
|
||||
|
||||
## v0.2.0 (Mac OS X, Windows, Linux)
|
||||
|
||||
- Initial release of docker-credential-secretservice for Linux.
|
||||
- Use new secrets payload introduced in https://github.com/docker/docker/pull/20970.
|
||||
|
||||
## v0.1.0 (Mac OS X, Windows)
|
||||
|
||||
- Initial release of docker-credential-osxkeychain for Mac OS X.
|
||||
- Initial release of docker-credential-wincred for Microsoft Windows.
|
||||
+43
-21
@@ -85,54 +85,76 @@ EOT
|
||||
FROM scratch AS test-coverage
|
||||
COPY --from=test /out /
|
||||
|
||||
FROM gobase AS version
|
||||
RUN --mount=target=. \
|
||||
echo -n "$(./hack/git-meta version)" | tee /tmp/.version ; echo -n "$(./hack/git-meta revision)" | tee /tmp/.revision
|
||||
|
||||
FROM base AS build-linux
|
||||
ARG PACKAGE
|
||||
ARG TARGETOS
|
||||
ARG TARGETARCH
|
||||
ARG TARGETVARIANT
|
||||
RUN --mount=type=bind,target=. \
|
||||
--mount=type=cache,target=/root/.cache \
|
||||
--mount=type=cache,target=/go/pkg/mod <<EOT
|
||||
--mount=type=cache,target=/go/pkg/mod \
|
||||
--mount=type=bind,source=/tmp/.version,target=/tmp/.version,from=version \
|
||||
--mount=type=bind,source=/tmp/.revision,target=/tmp/.revision,from=version <<EOT
|
||||
set -ex
|
||||
xx-go --wrap
|
||||
make build-pass PACKAGE=$PACKAGE DESTDIR=/out BINNAME=docker-credential-pass-${TARGETOS}-${TARGETARCH}${TARGETVARIANT}
|
||||
xx-verify /out/docker-credential-pass-${TARGETOS}-${TARGETARCH}${TARGETVARIANT}
|
||||
make build-secretservice PACKAGE=$PACKAGE DESTDIR=/out BINNAME=docker-credential-secretservice-${TARGETOS}-${TARGETARCH}${TARGETVARIANT}
|
||||
xx-verify /out/docker-credential-secretservice-${TARGETOS}-${TARGETARCH}${TARGETVARIANT}
|
||||
make build-pass build-secretservice PACKAGE=$PACKAGE VERSION=$(cat /tmp/.version) REVISION=$(cat /tmp/.revision) DESTDIR=/out
|
||||
xx-verify /out/docker-credential-pass
|
||||
xx-verify /out/docker-credential-secretservice
|
||||
EOT
|
||||
|
||||
FROM base AS build-darwin
|
||||
ARG PACKAGE
|
||||
ARG TARGETOS
|
||||
ARG TARGETARCH
|
||||
ARG TARGETVARIANT
|
||||
RUN --mount=type=bind,target=. \
|
||||
--mount=type=cache,target=/root/.cache \
|
||||
--mount=type=cache,target=/go/pkg/mod \
|
||||
--mount=type=bind,from=osxcross,src=/osxsdk,target=/xx-sdk <<EOT
|
||||
--mount=type=bind,from=osxcross,src=/osxsdk,target=/xx-sdk \
|
||||
--mount=type=bind,source=/tmp/.version,target=/tmp/.version,from=version \
|
||||
--mount=type=bind,source=/tmp/.revision,target=/tmp/.revision,from=version <<EOT
|
||||
set -ex
|
||||
xx-go --wrap
|
||||
go install std
|
||||
make build-osxkeychain PACKAGE=$PACKAGE DESTDIR=/out BINNAME=docker-credential-osxkeychain-${TARGETARCH}${TARGETVARIANT}
|
||||
xx-verify /out/docker-credential-osxkeychain-${TARGETARCH}${TARGETVARIANT}
|
||||
make build-pass PACKAGE=$PACKAGE DESTDIR=/out BINNAME=docker-credential-pass-${TARGETOS}-${TARGETARCH}${TARGETVARIANT}
|
||||
xx-verify /out/docker-credential-pass-${TARGETOS}-${TARGETARCH}${TARGETVARIANT}
|
||||
make build-osxkeychain build-pass PACKAGE=$PACKAGE VERSION=$(cat /tmp/.version) REVISION=$(cat /tmp/.revision) DESTDIR=/out
|
||||
xx-verify /out/docker-credential-osxkeychain
|
||||
xx-verify /out/docker-credential-pass
|
||||
EOT
|
||||
|
||||
FROM base AS build-windows
|
||||
ARG PACKAGE
|
||||
ARG TARGETARCH
|
||||
ARG TARGETVARIANT
|
||||
RUN --mount=type=bind,target=. \
|
||||
--mount=type=cache,target=/root/.cache \
|
||||
--mount=type=cache,target=/go/pkg/mod <<EOT
|
||||
--mount=type=cache,target=/go/pkg/mod \
|
||||
--mount=type=bind,source=/tmp/.version,target=/tmp/.version,from=version \
|
||||
--mount=type=bind,source=/tmp/.revision,target=/tmp/.revision,from=version <<EOT
|
||||
set -ex
|
||||
xx-go --wrap
|
||||
make build-wincred PACKAGE=$PACKAGE DESTDIR=/out BINNAME=docker-credential-wincred-${TARGETARCH}${TARGETVARIANT}.exe
|
||||
xx-verify /out/docker-credential-wincred-${TARGETARCH}${TARGETVARIANT}.exe
|
||||
make build-wincred PACKAGE=$PACKAGE VERSION=$(cat /tmp/.version) REVISION=$(cat /tmp/.revision) DESTDIR=/out
|
||||
mv /out/docker-credential-wincred /out/docker-credential-wincred.exe
|
||||
xx-verify /out/docker-credential-wincred.exe
|
||||
EOT
|
||||
|
||||
FROM build-$TARGETOS AS build
|
||||
|
||||
FROM scratch AS binaries
|
||||
COPY --from=build /out /
|
||||
|
||||
FROM --platform=$BUILDPLATFORM alpine AS releaser
|
||||
WORKDIR /work
|
||||
ARG TARGETOS
|
||||
ARG TARGETARCH
|
||||
ARG TARGETVARIANT
|
||||
RUN --mount=from=binaries \
|
||||
--mount=type=bind,source=/tmp/.version,target=/tmp/.version,from=version <<EOT
|
||||
set -e
|
||||
mkdir /out
|
||||
version="$(cat /tmp/.version)"
|
||||
[ "$TARGETOS" = "windows" ] && ext=".exe"
|
||||
for f in *; do
|
||||
cp "$f" "/out/${f%.*}-${version}.${TARGETOS}-${TARGETARCH}${TARGETVARIANT}${ext}"
|
||||
done
|
||||
EOT
|
||||
|
||||
FROM scratch AS release
|
||||
COPY --from=releaser /out/ /
|
||||
|
||||
FROM binaries
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
PACKAGE ?= github.com/docker/docker-credential-helpers
|
||||
VERSION ?= $(shell git describe --match 'v[0-9]*' --dirty='.m' --always --tags)
|
||||
REVISION ?= $(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi)
|
||||
VERSION ?= $(shell ./hack/git-meta version)
|
||||
REVISION ?= $(shell ./hack/git-meta revision)
|
||||
|
||||
GO_PKG = github.com/docker/docker-credential-helpers
|
||||
GO_LDFLAGS = -s -w -X ${GO_PKG}/credentials.Version=${VERSION} -X ${GO_PKG}/credentials.Revision=${REVISION} -X ${GO_PKG}/credentials.Package=${PACKAGE}
|
||||
@@ -17,8 +17,7 @@ clean:
|
||||
|
||||
.PHONY: build-%
|
||||
build-%: # build, can be one of build-osxkeychain build-pass build-secretservice build-wincred
|
||||
$(eval BINNAME := docker-credential-$*)
|
||||
go build -trimpath -ldflags="$(GO_LDFLAGS) -X ${GO_PKG}/credentials.Name=docker-credential-$*" -o $(DESTDIR)/$(BINNAME) ./$*/cmd/
|
||||
go build -trimpath -ldflags="$(GO_LDFLAGS) -X ${GO_PKG}/credentials.Name=docker-credential-$*" -o "$(DESTDIR)/docker-credential-$*" ./$*/cmd/
|
||||
|
||||
# aliases for build-* targets
|
||||
.PHONY: osxkeychain secretservice pass wincred
|
||||
@@ -27,36 +26,16 @@ secretservice: build-secretservice
|
||||
pass: build-pass
|
||||
wincred: build-wincred
|
||||
|
||||
.PHONY: osxcodesign
|
||||
osxcodesign: build-osxkeychain
|
||||
$(eval SIGNINGHASH = $(shell security find-identity -v -p codesigning | grep "Developer ID Application: Docker Inc" | cut -d ' ' -f 4))
|
||||
xcrun -log codesign -s $(SIGNINGHASH) --force --verbose bin/build/docker-credential-osxkeychain
|
||||
xcrun codesign --verify --deep --strict --verbose=2 --display bin/build/docker-credential-osxkeychain
|
||||
|
||||
.PHONY: linuxrelease
|
||||
linuxrelease:
|
||||
mkdir -p release
|
||||
cd bin && tar cvfz ../release/docker-credential-pass-$(VERSION)-amd64.tar.gz docker-credential-pass
|
||||
cd bin && tar cvfz ../release/docker-credential-secretservice-$(VERSION)-amd64.tar.gz docker-credential-secretservice
|
||||
|
||||
.PHONY: osxrelease
|
||||
osxrelease:
|
||||
mkdir -p release
|
||||
cd bin && tar cvfz ../release/docker-credential-osxkeychain-$(VERSION)-amd64.tar.gz docker-credential-osxkeychain
|
||||
cd bin && tar cvfz ../release/docker-credential-pass-$(VERSION)-darwin-amd64.tar.gz docker-credential-pass
|
||||
|
||||
.PHONY: winrelease
|
||||
winrelease:
|
||||
mkdir -p release
|
||||
cd bin && zip ../release/docker-credential-wincred-$(VERSION)-amd64.zip docker-credential-wincred.exe
|
||||
|
||||
.PHONY: cross
|
||||
cross: # cross build all supported credential helpers
|
||||
$(BUILDX_CMD) bake cross
|
||||
$(BUILDX_CMD) bake binaries
|
||||
|
||||
.PHONY: release
|
||||
release: # create release
|
||||
./hack/release
|
||||
|
||||
.PHONY: test
|
||||
test:
|
||||
# tests all packages except vendor
|
||||
test: # tests all packages except vendor
|
||||
go test -v `go list ./... | grep -v /vendor/`
|
||||
|
||||
.PHONY: lint
|
||||
|
||||
@@ -47,7 +47,7 @@ $ make osxkeychain
|
||||
3 - Put that binary in your `$PATH`, so Docker can find it.
|
||||
|
||||
```shell
|
||||
$ cp bin/docker-credential-osxkeychain /usr/local/bin/
|
||||
$ cp bin/build/docker-credential-osxkeychain /usr/local/bin/
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
@@ -65,3 +65,9 @@ target "binaries" {
|
||||
"windows/amd64"
|
||||
]
|
||||
}
|
||||
|
||||
target "release" {
|
||||
inherits = ["binaries"]
|
||||
target = "release"
|
||||
output = [bindir("release")]
|
||||
}
|
||||
|
||||
Executable
+16
@@ -0,0 +1,16 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
set -e
|
||||
|
||||
case $1 in
|
||||
"version")
|
||||
git describe --match 'v[0-9]*' --dirty='.m' --always --tags
|
||||
;;
|
||||
"revision")
|
||||
echo "$(git rev-parse HEAD)$(if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi)"
|
||||
;;
|
||||
*)
|
||||
echo "usage: ./hack/git-meta <version|revision>"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
Executable
+59
@@ -0,0 +1,59 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
|
||||
: "${BUILDX_CMD=docker buildx}"
|
||||
: "${DESTDIR=./bin/release}"
|
||||
: "${CACHE_FROM=}"
|
||||
: "${CACHE_TO=}"
|
||||
|
||||
: "${SIGN=}"
|
||||
: "${PFX=}"
|
||||
: "${PFXPASSWORD=}"
|
||||
|
||||
if [ -n "$CACHE_FROM" ]; then
|
||||
for cfrom in $CACHE_FROM; do
|
||||
cacheFlags+=(--set "*.cache-from=$cfrom")
|
||||
done
|
||||
fi
|
||||
if [ -n "$CACHE_TO" ]; then
|
||||
for cto in $CACHE_TO; do
|
||||
cacheFlags+=(--set "*.cache-to=$cto")
|
||||
done
|
||||
fi
|
||||
|
||||
dockerpfx=$(mktemp -t dockercredhelper-pfx.XXXXXXXXXX)
|
||||
function clean {
|
||||
rm -f "$dockerpfx"
|
||||
}
|
||||
trap clean EXIT
|
||||
|
||||
# release
|
||||
(
|
||||
set -x
|
||||
${BUILDX_CMD} bake "${cacheFlags[@]}" --set "*.output=$DESTDIR" release
|
||||
)
|
||||
|
||||
# wrap binaries
|
||||
mv -f ./${DESTDIR}/**/* ./${DESTDIR}/
|
||||
find ./${DESTDIR} -type d -empty -delete
|
||||
|
||||
# sign binaries
|
||||
if [ -n "$SIGN" ]; then
|
||||
for f in "${DESTDIR}"/*".darwin-"*; do
|
||||
SIGNINGHASH=$(security find-identity -v -p codesigning | grep "Developer ID Application: Docker Inc" | cut -d ' ' -f 4)
|
||||
xcrun -log codesign -s "$SIGNINGHASH" --force --verbose "$f"
|
||||
xcrun codesign --verify --deep --strict --verbose=2 --display "$f"
|
||||
done
|
||||
for f in "${DESTDIR}"/*".windows-"*; do
|
||||
echo ${PFX} | base64 -d > "$dockerpfx"
|
||||
signtool sign /fd SHA256 /a /f pfx /p ${PFXPASSWORD} /d Docker /du https://www.docker.com /t http://timestamp.verisign.com/scripts/timestamp.dll "$f"
|
||||
done
|
||||
fi
|
||||
|
||||
# checksums
|
||||
(
|
||||
cd ${DESTDIR}
|
||||
sha256sum -b docker-credential-* > ./checksums.txt
|
||||
sha256sum -c --strict checksums.txt
|
||||
)
|
||||
Reference in New Issue
Block a user