Merge branch 'build' into master

Dlorite · web-flow · commit 88bd4b2be5bb · 2022-06-30T18:41:50.000+02:00
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
diff --git a/.github/ISSUE_TEMPLATE/question.md b/.github/ISSUE_TEMPLATE/question.md
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,13 +1,24 @@
 version: 2
+registries:
+  docker-registry-quay-io:
+    type: docker-registry
+    url: https://quay.io
+    username: "${{secrets.DEPENDABOT_USER}}"
+    password: "${{secrets.DEPENDABOT_PASS}}"
 updates:
-  # https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates
-  - package-ecosystem: "gomod"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-  - package-ecosystem: "github-actions"
+- package-ecosystem: "gomod"
     directory: "/"
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 10
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+  open-pull-requests-limit: 10
+- package-ecosystem: "docker"
+  directory: "/"
+  schedule:
+    interval: "daily"
+  registries:
+  - docker-registry-quay-io
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -0,0 +1,29 @@
+name: Build
+
+# Controls when the action will run. Triggers the workflow on push or pull request
+# events but only for the master branch
+on:
+  push:
+    branches: [ build ]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    strategy:
+      matrix:
+        docker: ['scratch','ubi']
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    name: ${{ matrix.docker }}
+    steps:
+    - name: build
+      uses: sysdiglabs/exporter-builder@v0.5
+      with:
+        exporter: redis-exporter
+        artifactory_token: ${{ secrets.ARTI_TOKEN }}
+        artifactory_username: david.lorite@sysdig.com
+        sysdig_secure_token: ${{ secrets.SYSDIG_SECURE_TOKEN }}
+        tag_name: dev
+        target: ${{ matrix.docker }}
+        repository: artifactory.internal.sysdig.com
diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
@@ -0,0 +1,23 @@
+name: Push
+
+# Controls when the action will run. Triggers the workflow on push or pull request
+# events but only for the master branch
+on:
+  workflow_run:
+    workflows: [Release]
+    types: [completed]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  on-success:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    steps:
+    - name: Upload master to Quay.io
+      uses: fjogeleit/http-request-action@master
+      with:
+        url: 'https://sysdig-jenkins.internal.sysdig.com/view/Integrations/job/integrations-redis-exporter/buildWithParameters?token=${{ secrets.JENKINS_PROMCAT_LAUNCH_TOKEN }}&EXPORTER=redis-exporter&DRY_RUN=false'
+        method: 'POST'
+        username: david.lorite@sysdig.com
+        password: ${{ secrets.JENKINS_PROMCAT_API_TOKEN }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,24 @@
+name: Release
+on:
+  release:
+    types: [released]
+jobs:
+  buildDockerImage:
+    strategy:
+      matrix:
+        docker: ['scratch','ubi']
+    name: Build docker image ${{ matrix.docker }}
+    runs-on: ubuntu-latest
+    steps:
+    - name: Release if tagged
+      if: "!startswith(github.ref, 'refs/tags/v')"
+      run: exit 78
+    - name: build
+      uses: sysdiglabs/exporter-builder@v0.4
+      with:
+        exporter: redis-exporter
+        artifactory_token: ${{ secrets.ARTI_TOKEN }}
+        artifactory_username: david.lorite@sysdig.com
+        tag_name: ${{ github.event.release.tag_name }}
+        target: ${{ matrix.docker }}
+        repository: artifactory.internal.sysdig.com
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,40 @@
+FROM golang:1.17 as builder
+WORKDIR /go/src/github.com/oliver006/redis_exporter/
+
+ADD .  /go/src/github.com/oliver006/redis_exporter/
+
+ARG GOARCH="amd64"
+ARG SHA1="[no-sha]"
+ARG TAG="[no-tag]"
+
+RUN BUILD_DATE=$(date +%F-%T) CGO_ENABLED=0 GOOS=linux GOARCH=$GOARCH go build -o /redis_exporter \
+    -ldflags  "-s -w -extldflags \"-static\" -X main.BuildVersion=$TAG -X main.BuildCommitSha=$SHA1 -X main.BuildDate=$BUILD_DATE" .
+
+RUN [ $GOARCH = "amd64" ]  && /redis_exporter -version || ls -la /redis_exporter
+
+#
+# scratch release container
+#
+FROM scratch as scratch
+
+COPY --from=builder /redis_exporter /redis_exporter
+COPY --from=builder /etc/ssl/certs /etc/ssl/certs
+COPY --from=builder /etc/nsswitch.conf /etc/nsswitch.conf
+
+# Run as non-root user for secure environments
+USER 59000:59000
+
+EXPOSE     9121
+ENTRYPOINT [ "/redis_exporter" ]
+
+FROM quay.io/sysdig/sysdig-mini-ubi:1.2.12 as ubi
+
+COPY --from=builder /redis_exporter /redis_exporter
+COPY --from=builder /etc/ssl/certs /etc/ssl/certs
+COPY --from=builder /etc/nsswitch.conf /etc/nsswitch.conf
+
+# Run as non-root user for secure environments
+USER 59000:59000
+
+EXPOSE     9121
+ENTRYPOINT [ "/redis_exporter" ]
diff --git a/build/Jenkinsfile b/build/Jenkinsfile
@@ -0,0 +1,56 @@
+string projectName = "prometheus-integrations"
+
+pipeline {
+    agent none
+
+
+    options {
+        skipDefaultCheckout()
+    }
+
+    environment {
+        registryCredential = 'jenkins-artifactory'
+        ARTIFACTORY_URL = 'docker.internal.sysdig.com'
+    }
+
+    parameters {
+        booleanParam(name: 'DRY_RUN', defaultValue: true, description: 'Perform a dry run (does not push images)')
+        string(name: 'EXPORTER', defaultValue: "exporter", description: 'Exporter name')
+    }
+    
+    stages {
+        stage('Pull image from artifactory') {
+            agent any
+            steps {
+                script {
+                    docker.withRegistry("https://${env.ARTIFACTORY_URL}",  registryCredential) {        
+                        sh """docker pull ${env.ARTIFACTORY_URL}/${env.EXPORTER}:latest"""
+                        env.VERSION = sh(script:"""docker inspect --format '{{ index .Config.Labels "release" }}' ${env.ARTIFACTORY_URL}/${env.EXPORTER}:latest""", returnStdout: true).trim()
+                        echo "VERSION = ${env.VERSION}"
+                        sh """docker pull ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION}"""
+                        sh """docker pull ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION}-ubi"""
+                    }
+                }
+            }
+        }
+        stage('Push image to Quay'){
+            agent any
+            steps {
+                script {
+                    if (params.DRY_RUN) {
+                        echo "docker push quay.io/sysdig/${env.EXPORTER}:${env.VERSION}"
+                    } else {
+                    docker.withRegistry("https://quay.io", "QUAY") {
+                        sh """docker tag ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION} quay.io/sysdig/${env.EXPORTER}:${env.VERSION}"""
+                        sh """docker tag ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION} quay.io/sysdig/${env.EXPORTER}:latest"""
+                        sh """docker tag ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION}-ubi quay.io/sysdig/${env.EXPORTER}:${env.VERSION}-ubi"""
+                        sh """docker push quay.io/sysdig/${env.EXPORTER}:${env.VERSION}"""
+                        sh """docker push quay.io/sysdig/${env.EXPORTER}:latest"""
+                        sh """docker push quay.io/sysdig/${env.EXPORTER}:${env.VERSION}-ubi"""
+                        }
+                    }
+                }
+            }
+        }
+    } //stages
+}
