maint: Update GoReleaser and CircleCI configs to publish multi-arch Docker image (#1682)

- Improve the filtering for the `release` job only on tag creation. - Removes the dependency on `integration-tests` job from the `release` job. The flaky tests were frequently blocking the release. - Integration tests will now only run on PRs. - Restores the Docker build/publish - Includes amd64, arm64, and i386 multi-arch manifest - Uploads [artifacts](https://app.circleci.com/pipelines/github/StackExchange/dnscontrol/1285/workflows/b40ce89b-5a60-4ed2-874b-d47f383122b2/jobs/10051/artifacts) to CircleCI - Fixes linting issues with README - Add [CircleCI Insights badge](https://github.com/StackExchange/dnscontrol/tree/fix/cci#dnscontrol) to README - Uploads deb and rpm packages to [CloudSmith](https://cloudsmith.io/~stackoverflow/repos/dnscontrol/packages/) - TODO: It looks like CloudSmith treats both formats as duplicates and appends a `-1` to the version. - TODO: Push the Docker images to CloudSmith as well (alternate to Docker Hub and their aggressive rate limits). - TODO: The automated release notes regex patterns don't work for most of the commits. See [releases/tag/v3.18.2-pre013](https://github.com/StackExchange/dnscontrol/releases/tag/v3.18.2-pre013)
2024-05-11 05:55:12 +00:00 · 2022-08-12 16:08:16 -04:00
parent bd048944a3
commit b4ebe5b54b
4 changed files with 282 additions and 173 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -1,5 +1,10 @@
 version: 2.1
 orbs:
  go: circleci/go@1.7.1
  docker: circleci/docker@2.1.2
  cloudsmith: cloudsmith/cloudsmith@1.0.5
 parameters:
  cache-key:
    type: integer
@ -12,40 +17,6 @@ parameters:
 jobs:
  build-docker-image:
    docker:
      - image: jdrouet/docker-with-buildx:stable
    environment:
      DOCKER_IMAGE_NAME: stackexchange/dnscontrol
      DOCKER_IMAGE_PLATFORM: linux/amd64,linux/386
    steps:
      - checkout
      - setup_remote_docker:
          version: 20.10.14 # https://circleci.com/docs/building-docker-images#docker-version
          docker_layer_caching: true
      - run:
          name: Docker login
          command: |
            docker login \
              --username "$DOCKERHUB_USERNAME" \
              --password "$DOCKERHUB_ACCESS_TOKEN"
      - deploy:
          name: Build multi-arch Docker images and push to Docker Hub
          command: |
            export DOCKER_CLI_EXPERIMENTAL=enabled
            export DOCKER_IMAGE_VERSION=$(grep -E "Version *= \"" main.go | awk '{ print $3 }' | tr -d \") >> $BASH_ENV
            source $BASH_ENV
            docker context create multi-arch-build
            docker buildx create \
              --use multi-arch-build \
              --platform $DOCKER_IMAGE_PLATFORM
            docker buildx build \
              --push \
              --platform $DOCKER_IMAGE_PLATFORM \
              --tag $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_VERSION .
  build:
    docker:
@ -148,27 +119,74 @@ jobs:
    docker:
      - image: cimg/go:<< pipeline.parameters.gover >>
    resource_class: 2xlarge
    steps:
      - checkout
      - setup_remote_docker:
          version: 20.10.11
          docker_layer_caching: true
      - docker/check:
          docker-username: DOCKERHUB_USERNAME
          docker-password: DOCKERHUB_ACCESS_TOKEN
      - restore_cache: # restores saved cache if no changes are detected since last run
          keys:
            - linux-go-{{ checksum "go.sum" }}-<< pipeline.parameters.cache-key >>
      - setup_remote_docker:
          version: 20.10.11
      - run:
          name: Install goreleaser
          command: go install github.com/goreleaser/goreleaser@latest
      - run: goreleaser release
      - store_artifacts:
          path: dist
      - persist_to_workspace:
          root: dist
          paths:
            - '*.rpm'
            - '*.deb'
  upload:
    docker:
    - image: cimg/python:3.10
    parameters:
      arch:
        type: enum
        enum: ["i386", "amd64", "arm64", "x86_64"]
      format:
        type: enum
        enum: ["deb", "rpm"]
      distro:
        type: string
    steps:
    - attach_workspace:
        at: .
    - cloudsmith/ensure-api-key
    - cloudsmith/install-cli
    - cloudsmith/publish:
        cloudsmith-repository: stackoverflow/dnscontrol
        package-format: << parameters.format >>
                      # dnscontrol-3.18.2-next.arm64.deb
        package-path: dnscontrol-*.<< parameters.arch >>.<< parameters.format >>
        package-distribution: '<< parameters.distro >>'
 workflows:
  version: 2
  build:
    jobs:
-      - build
+      - build:
          filters:  # required since `release` has tag filters AND requires `build`
            tags:
              only: /.*/
      - integration-tests:
          requires: [build]
@ -192,15 +210,49 @@ workflows:
                - HEDNS
                - INWX
                - POWERDNS
          filters:
            branches:
              ignore: [master, main]
      - release:
-          requires: [integration-tests]
+          requires: [build]
          context: [DNSControl]
          # Only run this job on git tag pushes
          filters:
            branches:
-              only: [main, master]
+              ignore: /.*/
            tags:
              only: /v[0-9]+(\.[0-9]+)*(-.*)*/
      - upload:
          name: upload dnscontrol_<< matrix.arch >>.rpm
          requires: [release]
          context: [StackExchange]
          format: rpm
          distro: fedora/25
          matrix:
            parameters:
              arch: ["i386", "x86_64", "arm64"]
          # Only run this job on git tag pushes
          filters:
            branches:
              ignore: /.*/
            tags:
              only: /v[0-9]+(\.[0-9]+)*(-.*)*/
      - upload:
          name: upload dnscontrol_<< matrix.arch >>.deb
          requires: [release]
          context: [StackExchange]
          format: deb
          distro: debian/buster
          matrix:
            parameters:
              arch: ["i386", "amd64", "arm64"]
          # Only run this job on git tag pushes
          filters:
            branches:
              ignore: /.*/
            tags:
              only: /v[0-9]+(\.[0-9]+)*(-.*)*/
      - build-docker-image:
          context: DNSControl
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@ -1,11 +1,9 @@
 env:
  - GO111MODULE=on
 builds:
  -
    id: build
    env:
      - CGO_ENABLED=0
      - GO111MODULE=on
    goos:
      - linux
      - windows
@ -13,24 +11,34 @@ builds:
      - freebsd
    ldflags:
      - -s -w -X main.Version="{{ .Version }}" -X main.SHA="{{ .FullCommit }}" -X main.BuildTime={{ .Timestamp }}
 before:
  hooks:
  - go mod tidy
 changelog:
  sort: asc
  use: github
  groups:
    - title: 'Breaking changes:'
      regexp: "(?i)^.*breaking[(\\w)]*:+.*$"
      order: 0
    - title: 'Major features:'
      regexp: "(?i)^.*(major|new provider|feature)[(\\w)]*:+.*$"
      order: 1
    - title: 'Provider-specific changes:'
      regexp: "(?i)^(akamaiedgedns|autodns|axfrddns|azure_dns|bind|cloudflareapi|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|domainnameshop|exoscale|gandi_v5|gcloud|hedns|hetzner|hexonet|hostingde|inwx|linode|msdns|namecheap|namedotcom|netcup|ns1|octodns|oracle|ovh|packetframe|powerdns|route53|softlayer|transip|vultr)[(\\w)]*:+.*$"
      order: 2
    - title: 'Depreciation warnings:'
      regexp: "(?i)^.*Deprecate[(\\w)]*:+.*$"
      order: 10
    - title: 'Other changes and improvements:'
      order: 9
  filters:
    exclude:
    - '^docs:'
    - '^test:'
    - '^chore'
    - Merge pull request
    - Merge branch
 archives:
-  - replacements:
+  - format_overrides:
      darwin: Darwin
      linux: Linux
      windows: Windows
      386: i386
      amd64: x86_64
    format_overrides:
    - goos: windows
      format: zip
 universal_binaries:
@ -39,32 +47,90 @@ universal_binaries:
    id: build
 nfpms:
-  - file_name_template: '{{ .ProjectName }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
+  - file_name_template: '{{ .ProjectName }}-{{ .Version }}.{{ .Arch }}'
-    id: packages
+    id: packages_rpm
    homepage:  https://stackexchange.github.io/dnscontrol/
    description: "DNSControl: Infrastructure as Code for DNS Zones"
    maintainer: 'Tom Limoncelli <tlimoncelli@stackoverflow.com>'
    license: MIT
    formats:
    - rpm
    replacements:
      386: i386
      amd64: x86_64
  - file_name_template: '{{ .ProjectName }}-{{ .Version }}.{{ .Arch }}'
    id: packages_deb
    homepage:  https://stackexchange.github.io/dnscontrol/
    description: "DNSControl: Infrastructure as Code for DNS Zones"
    maintainer: 'Tom Limoncelli <tlimoncelli@stackoverflow.com>'
    license: MIT
    formats:
    - deb
-    - rpm
+    replacements:
-#dockers:
+      386: i386
-#  -
+dockers:
-#    id: docker-build
+  - image_templates:
-#    goos: linux
+    - &amd_image "stackexchange/{{.ProjectName}}:{{ .Version }}-amd64"
-#    goarch: amd64
+    goos: linux
-#    image_templates:
+    goarch: amd64
-#    - "stackexchange/{{.ProjectName}}:latest"
+    use: buildx
-#    - "stackexchange/{{.ProjectName}}:{{ .Version }}"
+    ids:
-#    ids:
+    - build
-#    - build
+    build_flag_templates:
-#    build_flag_templates:
+    - "--pull"
-#    - "--pull"
+    - "--label=org.opencontainers.image.created={{ .Date }}"
-#    - "--label=org.opencontainers.image.created={{.Date}}"
+    - "--label=org.opencontainers.image.name={{ .ProjectName }}"
-#    - "--label=org.opencontainers.image.name={{.ProjectName}}"
+    - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
-#    - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+    - "--label=org.opencontainers.image.version={{ .Version }}"
-#    - "--label=org.opencontainers.image.version={{.Version}}"
+    - "--label=org.opencontainers.image.source={{ .GitURL }}"
-#    - "--label=org.opencontainers.image.source={{.GitURL}}"
+    - "--platform=linux/amd64"
-#    - "--platform=linux/amd64"
+  - image_templates:
    - &386_image "stackexchange/{{.ProjectName}}:{{ .Version }}-386"
    goos: linux
    goarch: '386'
    use: buildx
    ids:
    - build
    build_flag_templates:
    - "--pull"
    - "--label=org.opencontainers.image.created={{ .Date }}"
    - "--label=org.opencontainers.image.name={{ .ProjectName }}"
    - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
    - "--label=org.opencontainers.image.version={{ .Version }}"
    - "--label=org.opencontainers.image.source={{ .GitURL }}"
    - "--platform=linux/i386"
  - image_templates:
    - &arm_image "stackexchange/{{.ProjectName}}:{{ .Version }}-arm64"
    goos: linux
    goarch: arm64
    use: buildx
    ids:
    - build
    build_flag_templates:
    - "--pull"
    - "--label=org.opencontainers.image.created={{ .Date }}"
    - "--label=org.opencontainers.image.name={{ .ProjectName }}"
    - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
    - "--label=org.opencontainers.image.version={{ .Version }}"
    - "--label=org.opencontainers.image.source={{ .GitURL }}"
    - "--platform=linux/arm64"
 docker_manifests:
  - name_template: "stackexchange/{{.ProjectName}}:{{ .Version }}"
    image_templates:
      - *amd_image
      - *386_image
      - *arm_image
  - name_template: "stackexchange/{{.ProjectName}}:v{{ .Version }}"
    image_templates:
      - *amd_image
      - *386_image
      - *arm_image
  - name_template: "stackexchange/{{.ProjectName}}:latest"
    skip_push: auto
    image_templates:
      - *amd_image
      - *386_image
      - *arm_image
 checksum:
  name_template: 'checksums.txt'
 snapshot:
--- a/30
+++ b/30
@ -1,29 +1,13 @@
-FROM golang:1.19.0-alpine3.16@sha256:0eb08c89ab1b0c638a9fe2780f7ae3ab18f6ecda2c76b908e09eb8073912045d AS build
+# syntax = docker/dockerfile:1.4
-WORKDIR /go/src/github.com/StackExchange/dnscontrol
+FROM alpine:3.16.2@sha256:bc41182d7ef5ffc53a40b044e725193bc10142a1243f395ee852a8d9730fc2ad as RUN
-ARG BUILD_VERSION
+#RUN --mount=type=cache,target=/var/cache/apk \
 #    apk update \
 #    && apk add ca-certificates \
 #    && update-ca-certificates
-ENV GO111MODULE on
+COPY dnscontrol /usr/local/bin/
 COPY . .
 # build dnscontrol
 RUN apk update \
    && apk add --no-cache ca-certificates curl gcc build-base git \
    && update-ca-certificates \
    && go build -v -trimpath -buildmode=pie -ldflags="-s -w -X main.SHA=${BUILD_VERSION}"
 # Validation check
 RUN cp dnscontrol /go/bin/dnscontrol
 RUN dnscontrol version
 # -----
 FROM alpine:3.16.2@sha256:bc41182d7ef5ffc53a40b044e725193bc10142a1243f395ee852a8d9730fc2ad
 COPY --from=build /etc/ssl/certs /etc/ssl/certs
 COPY --from=build /go/bin/dnscontrol /usr/local/bin
 WORKDIR /dns
--- a/README.md
+++ b/README.md
@ -5,6 +5,8 @@
 [![Google Group](https://img.shields.io/badge/google%20group-chat-green.svg)](https://groups.google.com/forum/#!forum/dnscontrol-discuss)
 [![PkgGoDev](https://pkg.go.dev/badge/github.com/StackExchange/dnscontrol)](https://pkg.go.dev/github.com/StackExchange/dnscontrol)
 [![CircleCI](https://dl.circleci.com/insights-snapshot/gh/StackExchange/dnscontrol/master/build/badge.svg?window=30d)](https://app.circleci.com/insights/github/StackExchange/dnscontrol/workflows/build/overview?branch=master&reporting-window=last-30-days&insights-snapshot=true)
 [DNSControl](https://stackexchange.github.io/dnscontrol/) is a system
 for maintaining DNS zones.  It has two parts:
 a domain specific language (DSL) for describing DNS zones plus
@ -15,58 +17,60 @@ the most beautiful BIND zone files ever.  It runs anywhere Go runs (Linux, macOS
 Windows). The provider model is extensible, so more providers can be added.
 Currently supported DNS providers:
- - AWS Route 53
+
- - AXFR+DDNS
+- AWS Route 53
- - Akamai Edge DNS
+- AXFR+DDNS
- - AutoDNS
+- Active Directory (Deprecated, see Microsoft DNS)
- - Azure DNS
+- Akamai Edge DNS
- - BIND
+- AutoDNS
- - ClouDNS
+- Azure DNS
- - Cloudflare
+- BIND
- - deSEC
+- ClouDNS
- - DNS Made Easy
+- Cloudflare
- - DNSimple
+- deSEC
- - DigitalOcean
+- DNS Made Easy
- - DomainNameShop (domeneshop)
+- DNSimple
- - Exoscale
+- DigitalOcean
- - Gandi
+- DomainNameShop (domeneshop)
- - Google DNS
+- Exoscale
- - Hetzner
+- Gandi
- - HEXONET
+- Google DNS
- - hosting.de
+- Hetzner
- - Hurricane Electric DNS
+- HEXONET
- - INWX
+- hosting.de
- - Linode
+- Hurricane Electric DNS
- - Microsoft Windows Server DNS Server
+- INWX
- - NS1
+- Linode
- - Name.com
+- Microsoft Windows Server DNS Server
- - Namecheap
+- NS1
- - Netcup
+- Name.com
- - OVH
+- Namecheap
- - OctoDNS
+- Netcup
- - Oracle Cloud
+- OVH
- - Packetframe
+- OctoDNS
- - PowerDNS
+- Oracle Cloud
- - RWTH DNS-Admin
+- Packetframe
- - SoftLayer
+- PowerDNS
- - TransIP
+- RWTH DNS-Admin
- - Vultr
+- SoftLayer
 - TransIP
 - Vultr
 Currently supported Domain Registrars:
 - AWS Route 53
 - CSC Global
 - DNSOVERHTTPS
 - easyname
 - Gandi
 - HEXONET
 - hosting.de
 - Internet.bs
 - INWX
 - Name.com
 - Namecheap
 - OVH
 - OpenSRS
 - AWS Route 53
 - CSC Global
 - DNSOVERHTTPS
 - easyname
 - Gandi
 - HEXONET
 - hosting.de
 - Internet.bs
 - INWX
 - Name.com
 - Namecheap
 - OVH
 - OpenSRS
 At Stack Overflow, we use this system to manage hundreds of domains
 and subdomains across multiple registrars and DNS providers.
@ -77,7 +81,7 @@ to an intermediate representation (IR).  Compiler back-ends use the
 IR to update your DNS zones on services such as Route53, Cloudflare,
 and Gandi, or systems such as BIND.
-# An Example
+## An Example
 `dnsconfig.js`:
@ -100,42 +104,42 @@ Running `dnscontrol push` will make those changes with the provider and my dns r
 See [Getting Started](https://stackexchange.github.io/dnscontrol/getting-started) page on documentation site.
-# Benefits
+## Benefits
-* **Less error-prone** than editing a BIND zone file.
+- **Less error-prone** than editing a BIND zone file.
-* **More reproducible**  than clicking buttons on a web portal.
+- **More reproducible**  than clicking buttons on a web portal.
-* **Easily switch between DNS providers:**  The DNSControl language is
+- **Easily switch between DNS providers:**  The DNSControl language is
  vendor-agnostic.  If you use it to maintain your DNS zone records,
  you can switch between DNS providers easily. In fact, DNSControl
  will upload your DNS records to multiple providers, which means you
  can test one while switching to another. We've switched providers 3
  times in three years and we've never lost a DNS record.
-* **Adopt CI/CD principles to DNS!**  At StackOverflow we maintain our
+- **Adopt CI/CD principles to DNS!**  At StackOverflow we maintain our
  DNSControl configurations in Git and use our CI system to roll out
  changes.  Keeping DNS information in a VCS means we have full
  history.  Using CI enables us to include unit-tests and
  system-tests.  Remember when you forgot to include a "." at the end
  of an MX record?  We haven't had that problem since we included a
  test to make sure Tom doesn't make that mistake... again.
-* **Adopt PR-based updates.**  Allow developers to send updates as PRs,
+- **Adopt PR-based updates.**  Allow developers to send updates as PRs,
  which you can review before you approve.
-* **Variables save time!**  Assign an IP address to a constant and use the
+- **Variables save time!**  Assign an IP address to a constant and use the
  variable name throughout the file. Need to change the IP address
  globally? Just change the variable and "recompile."
-* **Macros!**  Define your SPF records, MX records, or other repeated data
+- **Macros!**  Define your SPF records, MX records, or other repeated data
  once and re-use them for all domains.
-* **Control Cloudflare from a single source of truth.**  Enable/disable
+- **Control Cloudflare from a single source of truth.**  Enable/disable
  Cloudflare proxying (the "orange cloud" button) directly from your
  DNSControl files.
-* **Keep similar domains in sync** with transforms and other features.  If
+- **Keep similar domains in sync** with transforms and other features.  If
  one domain is supposed to be a filtered version of another, this is
  easy to set up.
-* **It is extendable!**  All the DNS providers are written as plugins.
+- **It is extendable!**  All the DNS providers are written as plugins.
  Writing new plugins is very easy.
-# Installation
+## Installation
-## From source
+### From source
 DNSControl can be built with Go version 1.16 or higher.
@ -144,18 +148,21 @@ install `dnscontrol` in your `$GOBIN` directory.
 To install, simply run
-    GO111MODULE=on go install github.com/StackExchange/dnscontrol/v3@latest
+```shell
 GO111MODULE=on go install github.com/StackExchange/dnscontrol/v3@latest
 ```
 To download the source
-    git clone https://github.com/StackExchange/dnscontrol.git
+```shell
 git clone https://github.com/StackExchange/dnscontrol.git
 ```
 If these don't work, more info is in [#805](https://github.com/StackExchange/dnscontrol/issues/805).
 ---
-
+### Via packages
 ## Via packages
 Get prebuilt binaries from [github releases](https://github.com/StackExchange/dnscontrol/releases/latest)
@ -182,16 +189,16 @@ docker run --rm -it --volume="$PWD:/srv/jekyll" --volume="$PWD/vendor/bundle:/us
 See [dnscontrol-action](https://github.com/koenrh/dnscontrol-action)
-# Depreciation warnings (updated 2022-06-04)
+## Depreciation warnings (updated 2022-06-04)
-* **Call for new volunteer maintainers for NAMEDOTCOM, and SOFTLAYER.** These providers have no maintainer. Maintainers respond to PRs and fix bugs in a timely manner, and try to stay on top of protocol changes.
+- **Call for new volunteer maintainers for NAMEDOTCOM, and SOFTLAYER.** These providers have no maintainer. Maintainers respond to PRs and fix bugs in a timely manner, and try to stay on top of protocol changes.
-* **ACME/Let's Encrypt support is frozen and will be removed after December 31, 2022.**  The `get-certs` command (renews certs via Let's Encrypt) has no maintainer. There are other projects that do a better job. If you don't use this feature, please do not start. If you do use this feature, please plan on migrating to something else.  See discussion in https://github.com/StackExchange/dnscontrol/issues/1400
+- **ACME/Let's Encrypt support is frozen and will be removed after December 31, 2022.**  The `get-certs` command (renews certs via Let's Encrypt) has no maintainer. There are other projects that do a better job. If you don't use this feature, please do not start. If you do use this feature, please plan on migrating to something else.  See discussion in [issues/1400](https://github.com/StackExchange/dnscontrol/issues/1400)
-* **Provider OCTODNS is frozen and will be removed after Nov 1, 2022.** It was written as a joke and nobody laughed. It's time to remove the code and move on.
+- **Provider OCTODNS is frozen and will be removed after Nov 1, 2022.** It was written as a joke and nobody laughed. It's time to remove the code and move on.
-* **convertzone is frozen and will be removed after June 30, 2022.** The `convertzone` stand-alone program is replaced by the `get-zone` subcommand of DNSControl. It does everything `convertzone` did and more.
+- **convertzone is frozen and will be removed after June 30, 2022.** The `convertzone` stand-alone program is replaced by the `get-zone` subcommand of DNSControl. It does everything `convertzone` did and more.
-* **get-zones syntax changes in v3.16** Starting in v3.16, the command line arguments for `dnscontrol get-zones` changes. For backwards compatibility change `provider` to `-`. See documentation for details.
+- **Provider ACTIVEDIRECTORY_PS is frozen and will be removed after June 30, 2022.** It is replaced by MSDNS which is 100% feature compatible and works better. (We believe nobody uses it.)
 - **get-zones syntax changes in v3.16** Starting in v3.16, the command line arguments for `dnscontrol get-zones` changes. For backwards compatibility change `provider` to `-`. See documentation for details.
-
+## More info at our web site
 # More info at our web site
 The website: [https://stackexchange.github.io/dnscontrol/](https://stackexchange.github.io/dnscontrol/)