Commit 0fc8879d authored by Eric Chiang's avatar Eric Chiang

*: prepare build scripts for a release

parent c50b44cf
bin bin
dist dist
_output
language: go language: go
go: go:
- 1.7 - 1.7.1
services: services:
- postgresql - postgresql
......
FROM alpine:latest FROM alpine:3.4
MAINTAINER Eric Chiang <eric.chiang@coreos.com> MAINTAINER Eric Chiang <eric.chiang@coreos.com>
RUN apk add --update ca-certificates RUN apk add --update ca-certificates
COPY bin/dex /dex COPY _output/bin/dex /usr/local/bin/dex
ENTRYPOINT ["/dex"] ENTRYPOINT ["/usr/local/bin/dex"]
CMD ["version"] CMD ["version"]
# Releases
Making a dex release involves:
* Tagging a git commit and pushing the tag to GitHub.
* Building and pushing a Docker image.
* Building, signing, and hosting an ACI.
This requires the following tools.
* rkt
* Docker
* [docker2aci](https://github.com/appc/docker2aci)
* [acbuild](https://github.com/containers/build) (must be in your sudo user's PATH)
And the following permissions.
* Push access to the github.com/coreos/dex git repo.
* Push access to the quay.io/coreos/dex Docker repo.
* Access to the CoreOS application signing key.
## Tagging the release
Make sure you've [uploaded your GPG key](https://github.com/settings/keys) and
configured git to [use that signing key](
https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work) either globally or
for the Dex repo. Note that the email the key is issued for must be the email
you use for git.
```
git config [--global] user.signingkey "{{ GPG key ID }}"
git config [--global] user.email "{{ Email associated with key }}"
```
Create a signed tag at the commit you wish to release. This action will prompt
you to enter a tag message, which can just be the release version.
```
git tag -s v2.1.0-alpha ea4c04fde83bd6c48f4d43862c406deb4ea9dba2
```
Push that tag to the CoreOS repo.
```
git push git@github.com:coreos/dex.git v2.1.0-alpha
```
Draft releases on GitHub and summarize the changes since the last release. See
previous releases for the expected format.
https://github.com/coreos/dex/releases
## Building the Docker image
Build the Docker image and push to Quay.
```bash
# checkout the tag
git checkout tags/v2.1.0-alpha
# rkt doesn't play nice with SELinux, see https://github.com/coreos/rkt/issues/1727
sudo setenforce Permissive
# will prompt for sudo password
make docker-image
sudo docker push quay.io/coreos/dex:v2.1.0-alpha
```
## Building the ACI
```bash
# checkout the tag
git checkout tags/v2.1.0-alpha
# rkt doesn't play nice with SELinux, see https://github.com/coreos/rkt/issues/1727
sudo setenforce Permissive
# will prompt for sudo password
make aci
# aci will be built at _output/image/dex.aci
```
Sign the ACI using the CoreOS application signing key. Upload the ACI and
signature to the GitHub release.
...@@ -5,10 +5,15 @@ export PATH := $(PWD)/bin:$(PATH) ...@@ -5,10 +5,15 @@ export PATH := $(PWD)/bin:$(PATH)
VERSION=$(shell ./scripts/git-version) VERSION=$(shell ./scripts/git-version)
DOCKER_REPO=quay.io/ericchiang/dex DOCKER_REPO=quay.io/coreos/dex
DOCKER_IMAGE=$(DOCKER_REPO):$(VERSION) DOCKER_IMAGE=$(DOCKER_REPO):$(VERSION)
$( shell mkdir -p bin ) $( shell mkdir -p bin )
$( shell mkdir -p _output/images )
$( shell mkdir -p _output/bin )
user=$(shell id -u -n)
group=$(shell id -g -n)
export GOBIN=$(PWD)/bin export GOBIN=$(PWD)/bin
# Prefer ./bin instead of system packages for things like protoc, where we want # Prefer ./bin instead of system packages for things like protoc, where we want
...@@ -51,15 +56,28 @@ lint: ...@@ -51,15 +56,28 @@ lint:
server/templates_default.go: $(wildcard web/templates/**) server/templates_default.go: $(wildcard web/templates/**)
@go run server/templates_default_gen.go @go run server/templates_default_gen.go
.PHONY: docker-build _output/bin/dex:
docker-build: bin/dex # Using rkt to build the dex binary.
@docker build -t $(DOCKER_IMAGE) . @./scripts/rkt-build
@sudo chown $(user):$(group) _output/bin/dex
_output/images/library-alpine-3.4.aci:
@mkdir -p _output/images
# Using docker2aci to get a base ACI to build from.
@docker2aci docker://alpine:3.4
@mv library-alpine-3.4.aci _output/images/library-alpine-3.4.aci
.PHONY: docker-push _output/images/dex.aci: _output/bin/dex _output/images/library-alpine-3.4.aci
docker-push: docker-build # Using acbuild to build a application container image.
@docker tag $(DOCKER_IMAGE) $(DOCKER_REPO):latest @sudo ./scripts/build-aci ./_output/images/library-alpine-3.4.aci
@docker push $(DOCKER_IMAGE) @sudo chown $(user):$(group) _output/images/dex.aci
@docker push $(DOCKER_REPO):latest
.PHONY: aci
aci: _output/images/dex.aci
.PHONY: docker-image
docker-image: _output/bin/dex
@docker build -t $(DOCKER_IMAGE) .
.PHONY: grpc .PHONY: grpc
grpc: api/api.pb.go grpc: api/api.pb.go
...@@ -74,7 +92,8 @@ bin/protoc-gen-go: ...@@ -74,7 +92,8 @@ bin/protoc-gen-go:
@go install -v $(REPO_PATH)/vendor/github.com/golang/protobuf/protoc-gen-go @go install -v $(REPO_PATH)/vendor/github.com/golang/protobuf/protoc-gen-go
clean: clean:
@rm bin/* @rm -rf bin/
@rm -rf _output/
testall: testrace vet fmt lint testall: testrace vet fmt lint
......
#!/usr/bin/env bash
set -e
if [ "$EUID" -ne 0 ]; then
echo "This script uses functionality which requires root privileges"
exit 1
fi
# Start the build with an empty ACI
acbuild --debug begin $1
# In the event of the script exiting, end the build
trap "{ export EXT=$?; sudo acbuild --debug end && exit $EXT; }" EXIT
# Name the ACI
acbuild --debug set-name coreos.com/dex
# Add a version label
acbuild --debug label add version $( ./scripts/git-version )
acbuild --debug run -- apk add --update ca-certificates
acbuild --debug copy _output/bin/dex /usr/local/bin/dex
acbuild --debug port add www tcp 5556
acbuild --debug port add grcp tpc 5557
acbuild --debug set-exec -- /usr/local/bin/dex
acbuild --debug write --overwrite _output/images/dex.aci
#!/bin/bash
mkdir -p _output/bin
sudo rkt run \
--volume dex,kind=host,source=$PWD \
--mount volume=dex,target=/go/src/github.com/coreos/dex \
--dns=8.8.8.8 \
--net=host \
--insecure-options=image \
docker://golang:1.7.1-alpine \
--exec=/bin/sh -- -x -c \
'apk add --no-cache --update alpine-sdk && go install -v github.com/coreos/dex/cmd/dex && cp /go/bin/dex /go/src/github.com/coreos/dex/_output/bin'
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment