add support for building artifacts with custom GOPROXY

Signed-off-by: Tariq Ibrahim <[email protected]>

Author: tariq1890

.github/workflows/basic-checks.yaml

@@ -9,13 +9,6 @@ on:
       golang_version:
         description: "The golang version for this project"
         value: ${{ jobs.variables.outputs.golang_version }}
-  pull_request:
-    types:
-      - opened
-      - synchronize
-    branches:
-      - main
-      - release-*
 
 jobs:
   variables:
@@ -25,6 +18,7 @@ jobs:
     needs:
     - variables
     uses: ./.github/workflows/golang.yaml
+    secrets: inherit
     with:
       golang_version: ${{ needs.variables.outputs.golang_version }}
 

.github/workflows/ci.yaml

@@ -23,6 +23,7 @@ on:
 
 jobs:
   basic:
+    secrets: inherit
     uses: ./.github/workflows/basic-checks.yaml
 
   image:

.github/workflows/golang.yaml

@@ -54,12 +54,31 @@ jobs:
       - run: make test
   build:
     name: Build
-    runs-on: ubuntu-latest
+    runs-on: linux-amd64-cpu4
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v5
       - name: Install Go
         uses: actions/setup-go@v6
         with:
           go-version: ${{ inputs.golang_version }}
-      - run: make build
+
+      - name: Setup JFrog CLI
+        id: jfrog
+        uses: jfrog/setup-jfrog-cli@v4
+        env:
+          JF_URL: https://${{ secrets.OIDC_ARTIFACTORY_ENDPOINT }}/
+        with:
+          oidc-provider-name: nvgithub
+          oidc-audience: ${{ secrets.OIDC_ARTIFACTORY_ENDPOINT }}
+      - env:
+          OIDC_USER: ${{ steps.jfrog.outputs.oidc-user }}
+          OIDC_TOKEN: ${{ steps.jfrog.outputs.oidc-token }}
+          OIDC_ARTIFACTORY_ENDPOINT: ${{ secrets.OIDC_ARTIFACTORY_ENDPOINT }}
+        run: |
+          OIDC_USER_ENCODED=$(python3 -c 'import urllib.parse, os; print(urllib.parse.quote_plus(os.environ["OIDC_USER"]))')
+          export GOPROXY="https://${OIDC_USER_ENCODED}:${OIDC_TOKEN}@${OIDC_ARTIFACTORY_ENDPOINT}/artifactory/api/go/edge-go-remote-virtual"
+          make build

.github/workflows/image.yaml

@@ -27,6 +27,10 @@ on:
 jobs:
   build:
     runs-on: linux-amd64-cpu4
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
     steps:
       - uses: actions/checkout@v5
         name: Check out code
@@ -42,12 +46,25 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Setup JFrog CLI
+        id: jfrog
+        uses: jfrog/setup-jfrog-cli@v4
+        env:
+          JF_URL: https://${{ secrets.OIDC_ARTIFACTORY_ENDPOINT }}/
+        with:
+          oidc-provider-name: nvgithub
+          oidc-audience: ${{ secrets.OIDC_ARTIFACTORY_ENDPOINT }}
       - name: Build image
         env:
           IMAGE_NAME: ghcr.io/nvidia/k8s-device-plugin
           VERSION: ${{ inputs.version }}
           PUSH_ON_BUILD: true
           BUILD_MULTI_ARCH_IMAGES: ${{ inputs.build_multi_arch_images }}
+          OIDC_USER: ${{ steps.jfrog.outputs.oidc-user }}
+          OIDC_TOKEN: ${{ steps.jfrog.outputs.oidc-token }}
+          OIDC_ARTIFACTORY_ENDPOINT: ${{ secrets.OIDC_ARTIFACTORY_ENDPOINT }}
         run: |
+          OIDC_USER_ENCODED=$(python3 -c 'import urllib.parse, os; print(urllib.parse.quote_plus(os.environ["OIDC_USER"]))')
+          export GOPROXY="https://${OIDC_USER_ENCODED}:${OIDC_TOKEN}@${OIDC_ARTIFACTORY_ENDPOINT}/artifactory/api/go/edge-go-remote-virtual"
           echo "${VERSION}"
           make -f deployments/container/Makefile build

deployments/container/Dockerfile

@@ -20,6 +20,9 @@ FROM base AS devel
 WORKDIR /work
 COPY * .
 
+ARG GOPROXY=direct
+ENV GOPROXY=$GOPROXY
+
 RUN make install-tools
 
 # We need to set the /work directory as a safe directory.

deployments/container/Makefile

@@ -23,6 +23,8 @@ MKDIR    ?= mkdir
 ##### Global variables #####
 include $(CURDIR)/versions.mk
 
+GOPROXY ?= direct
+
 ifeq ($(IMAGE_NAME),)
 IMAGE_NAME := $(REGISTRY)/$(DRIVER_NAME)
 endif
@@ -78,6 +80,7 @@ $(IMAGE_TARGETS): image-%:
 		--tag $(IMAGE) \
 		--build-arg VERSION="$(VERSION)" \
 		--build-arg GIT_COMMIT="$(GIT_COMMIT)" \
+		--build-arg GOPROXY="$(GOPROXY)" \
 		$(if $(LABEL_IMAGE_SOURCE),--label "org.opencontainers.image.source=$(LABEL_IMAGE_SOURCE)",) \
 		-f $(DOCKERFILE) \
 		$(CURDIR)