add support for building artifacts with custom GOPROXY

Signed-off-by: Tariq Ibrahim <[email protected]>

Author: tariq1890

.github/actions/jfrog-artifactory-action/action.yaml

@@ -0,0 +1,32 @@
+name: 'JFrog Artifactory GOPROXY'
+description: 'Composite GitHub Action which signs into the JFrog Artifactory and retrieves the URL of the Go Module Proxy'
+inputs:
+  artifactory-endpoint:
+    description: "The endpoint for OIDC access to Artifactory instance"
+    required: true
+outputs:
+  goproxy:
+    description: "The URL to the Go module proxy. Set this value to your GOPROXY environment variable"
+    value: ${{ steps.get-goproxy.outputs.goproxy-url }}
+runs:
+  using: "composite"
+  steps:
+    - name: Setup JFrog CLI
+      id: jfrog
+      uses: jfrog/setup-jfrog-cli@v4
+      env:
+        JF_URL: https://${{ inputs.artifactory-endpoint }}/
+      with:
+        oidc-provider-name: nvgithub
+        oidc-audience: ${{ inputs.artifactory-endpoint }}
+    - name: Retrieve the Artifactory GOPROXY
+      id: get-goproxy
+      env:
+        OIDC_USER: ${{ steps.jfrog.outputs.oidc-user }}
+        OIDC_TOKEN: ${{ steps.jfrog.outputs.oidc-token }}
+        OIDC_ARTIFACTORY_ENDPOINT: ${{ inputs.artifactory-endpoint }}
+      run: |
+        OIDC_USER_ENCODED=$(python3 -c 'import urllib.parse, os; print(urllib.parse.quote_plus(os.environ["OIDC_USER"]))')
+        export GOPROXY="https://${OIDC_USER_ENCODED}:${OIDC_TOKEN}@${OIDC_ARTIFACTORY_ENDPOINT}/artifactory/api/go/edge-go-remote-virtual"
+        echo "goproxy-url=$(echo $GOPROXY)" >> $GITHUB_OUTPUT
+      shell: bash

.github/workflows/ci.yaml

@@ -35,6 +35,7 @@ jobs:
         run: echo "version=$(echo $GITHUB_SHA | cut -c1-8)" >> "$GITHUB_OUTPUT"
 
   golang:
+    secrets: inherit
     uses: ./.github/workflows/golang.yaml
 
   image:

.github/workflows/golang.yaml

@@ -16,13 +16,6 @@ name: Golang
 
 on:
   workflow_call: {}
-  pull_request:
-    types:
-      - opened
-      - synchronize
-    branches:
-      - main
-      - release-*
 
 jobs:
   check:
@@ -84,7 +77,10 @@ jobs:
 
   build:
     name: Build
-    runs-on: ubuntu-latest
+    runs-on: linux-amd64-cpu4
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v5
@@ -100,4 +96,13 @@ jobs:
         with:
           go-version: ${{ env.GOLANG_VERSION }}
 
-      - run: make build
+      - name: JFrog Artifactory
+        id: jfrog-artifactory
+        uses: ./.github/actions/jfrog-artifactory-action
+        with:
+          artifactory-endpoint: ${{ secrets.OIDC_ARTIFACTORY_ENDPOINT }}
+
+      - env:
+          GOPROXY: ${{ steps.jfrog-artifactory.outputs.goproxy-url }}
+        run: |
+          make build

.github/workflows/image.yaml

@@ -76,7 +76,11 @@ jobs:
           path: ${{ github.workspace }}/dist/*
 
   image:
-    runs-on: ubuntu-latest
+    runs-on: linux-amd64-cpu4
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
     strategy:
       matrix:
         target:
@@ -109,12 +113,19 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: JFrog Artifactory
+        id: jfrog-artifactory
+        uses: ./.github/actions/jfrog-artifactory-action
+        with:
+          artifactory-endpoint: ${{ secrets.OIDC_ARTIFACTORY_ENDPOINT }}
+
       - name: Build image
         env:
           IMAGE_NAME: ghcr.io/nvidia/container-toolkit
           VERSION: ${{ inputs.version }}
           PUSH_ON_BUILD: "true"
           BUILD_MULTI_ARCH_IMAGES: ${{ inputs.build_multi_arch_images }}
+          GOPROXY: ${{ steps.jfrog-artifactory.outputs.goproxy-url }}
         run: |
           echo "${VERSION}"
           make -f deployments/container/Makefile build-${{ matrix.target }}

deployments/container/Dockerfile

@@ -42,6 +42,9 @@ RUN set -eux; \
 ENV GOPATH=/go
 ENV PATH=$GOPATH/bin:/usr/local/go/bin:$PATH
 
+ARG GOPROXY="https://proxy.golang.org,direct"
+ENV GOPROXY=$GOPROXY
+
 WORKDIR /build
 COPY . .
 

deployments/container/Makefile

@@ -27,6 +27,8 @@ DIST_DIR ?= $(CURDIR)/dist
 ##### Global variables #####
 include $(CURDIR)/versions.mk
 
+GOPROXY ?= https://proxy.golang.org,direct
+
 IMAGE_VERSION := $(VERSION)
 
 IMAGE_TAG ?= $(VERSION)
@@ -88,6 +90,7 @@ $(IMAGE_TARGETS): image-%: $(ARTIFACTS_ROOT)
 		--build-arg GIT_COMMIT_SHORT="$(GIT_COMMIT_SHORT)" \
 		--build-arg GIT_BRANCH="$(GIT_BRANCH)" \
 		--build-arg SOURCE_DATE_EPOCH="$(SOURCE_DATE_EPOCH)" \
+		--build-arg GOPROXY="$(GOPROXY)" \
 		-f $(DOCKERFILE) \
 		$(CURDIR)