Merge pull request #594 from fluxcd/docker-sbom

stefanprodan · web-flow · commit 1e49ba6ee784 · 2023-01-30T16:09:45.000+02:00
build: Enable SBOM and SLSA Provenance
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
@@ -17,12 +17,12 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
         with:
           platforms: all
       - name: Setup Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
         with:
           buildkitd-flags: "--debug"
       - name: Restore Go cache
@@ -45,22 +45,16 @@ jobs:
         with:
           go-version: 1.19.x
       - name: Setup Kubernetes
-        uses: engineerd/setup-kind@v0.5.0
+        uses: helm/kind-action@v1.5.0
         with:
-          version: v0.11.1
-          image: kindest/node:v1.23.13
+          version: v0.17.0
+          cluster_name: kind
       - name: Setup Helm
         uses: fluxcd/pkg/actions/helm@main
       - name: Setup Kustomize
         uses: fluxcd/pkg/actions/kustomize@main
-      - name: Setup Kubebuilder
-        uses: fluxcd/pkg/actions/kubebuilder@main
-      - name: Setup Kubectl
-        uses: fluxcd/pkg/actions/kubectl@main
       - name: Run tests
         run: make test
-        env:
-          KUBEBUILDER_ASSETS: ${{ github.workspace }}/kubebuilder/bin
       - name: Check if working tree is dirty
         run: |
           if [[ $(git diff --stat) != '' ]]; then
@@ -594,9 +588,6 @@ jobs:
       - name: Debug failure
         if: failure()
         run: |
-          which kubectl
-          kubectl version
-          helm version
           kubectl -n helm-system get helmrepositories -oyaml || true
           kubectl -n helm-system get helmcharts -oyaml || true
           kubectl -n helm-system get helmreleases -oyaml || true
diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml
@@ -16,7 +16,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
         with:
           platforms: all
       - name: Setup Docker Buildx
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -32,8 +32,8 @@ jobs:
           if [[ $GITHUB_REF == refs/tags/* ]]; then
             VERSION=${GITHUB_REF/refs\/tags\//}
           fi
-          echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
-          echo ::set-output name=VERSION::${VERSION}
+          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
       - name: Setup QEMU
         uses: docker/setup-qemu-action@v2
       - name: Setup Docker Buildx
@@ -62,6 +62,8 @@ jobs:
       - name: Publish images
         uses: docker/build-push-action@v3
         with:
+          sbom: true
+          provenance: true
           push: true
           builder: ${{ steps.buildx.outputs.name }}
           context: .
diff --git a/Dockerfile b/Dockerfile
@@ -32,7 +32,7 @@ COPY internal/ internal/
 ENV CGO_ENABLED=0
 RUN xx-go build -trimpath -a -o helm-controller main.go
 
-FROM alpine:3.16
+FROM alpine:3.17
 
 # link repo to the GitHub Container Registry image
 LABEL org.opencontainers.image.source="https://github.com/fluxcd/helm-controller"
