Skip to content

Commit fa182cb

Browse files
kranurag7kranurag7
authored
Merge pull request #78 from SovereignCloudStack/kr/add-builder-image
✨ add new builder image approach and update dependencies
2 parents a9bcc5c + 6aa8460 commit fa182cb

File tree

7 files changed

+90
-69
lines changed

7 files changed

+90
-69
lines changed

.builder-image-version.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
1.0.0
1+
1.1.0

.envrc.sample

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
export PATH="$(pwd)/hack/tools/bin/:$PATH"
12
export KUBECONFIG=$PWD/.mgt-cluster-kubeconfig.yaml
23
export K8S_VERSION=1-27
34
export GIT_PROVIDER_B64=Z2l0aHVi

.github/workflows/main-promote-builder-image.yml

Lines changed: 0 additions & 28 deletions
This file was deleted.

.github/workflows/release.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,12 @@ jobs:
126126
release:
127127
name: Create draft release
128128
runs-on: ubuntu-latest
129+
permissions:
130+
packages: read
131+
contents: write
132+
defaults:
133+
run:
134+
shell: bash
129135
needs:
130136
- manager-image
131137
steps:

.golangci.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,10 @@ linters-settings:
104104
revive:
105105
enable-all-rules: true
106106
rules:
107+
- name: import-alias-naming
108+
disabled: true
109+
- name: redundant-import-alias
110+
disabled: true
107111
- name: dot-imports
108112
disabled: true
109113
# https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#add-constant

Makefile

Lines changed: 36 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ IMAGE_PREFIX ?= ghcr.io/sovereigncloudstack
1919
STAGING_IMAGE = $(CONTROLLER_SHORT)-staging
2020
BUILDER_IMAGE = $(IMAGE_PREFIX)/$(CONTROLLER_SHORT)-builder
2121
BUILDER_IMAGE_VERSION = $(shell cat .builder-image-version.txt)
22+
HACK_TOOLS_BIN_VERSION = $(shell cat ./hack/tools/bin/version.txt)
2223

2324
SHELL = /usr/bin/env bash -o pipefail
2425
.SHELLFLAGS = -ec
@@ -80,16 +81,19 @@ MGT_CLUSTER_KUBECONFIG ?= ".mgt-cluster-kubeconfig.yaml"
8081

8182
# Kubebuilder.
8283
export KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.25.0
84+
# versions
85+
CTLPTL_VERSION := 0.8.25
8386

8487
##@ Binaries
8588
############
8689
# Binaries #
8790
############
91+
# need in CI for releasing
8892
CONTROLLER_GEN := $(abspath $(TOOLS_BIN_DIR)/controller-gen)
89-
controller-gen: $(CONTROLLER_GEN) ## Build a local copy of controller-gen
9093
$(CONTROLLER_GEN): # Build controller-gen from tools folder.
9194
go install sigs.k8s.io/controller-tools/cmd/[email protected]
9295

96+
# need this in CI for releasing
9397
KUSTOMIZE := $(abspath $(TOOLS_BIN_DIR)/kustomize)
9498
kustomize: $(KUSTOMIZE) ## Build a local copy of kustomize
9599
$(KUSTOMIZE): # Build kustomize from tools folder.
@@ -114,24 +118,10 @@ $(SETUP_ENVTEST): # Build setup-envtest from tools folder.
114118
CTLPTL := $(abspath $(TOOLS_BIN_DIR)/ctlptl)
115119
ctlptl: $(CTLPTL) ## Build a local copy of ctlptl
116120
$(CTLPTL):
117-
go install github.com/tilt-dev/ctlptl/cmd/[email protected]
118-
119-
CLUSTERCTL := $(abspath $(TOOLS_BIN_DIR)/clusterctl)
120-
clusterctl: $(CLUSTERCTL) ## Build a local copy of clusterctl
121-
$(CLUSTERCTL):
122-
curl -sSLf https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.5.0/clusterctl-$$(go env GOOS)-$$(go env GOARCH) -o $(CLUSTERCTL)
123-
chmod a+rx $(CLUSTERCTL)
124-
125-
KIND := $(abspath $(TOOLS_BIN_DIR)/kind)
126-
kind: $(KIND) ## Build a local copy of kind
127-
$(KIND):
128-
go install sigs.k8s.io/[email protected]
121+
curl -sSL https://github.com/tilt-dev/ctlptl/releases/download/v$(CTLPTL_VERSION)/ctlptl.$(CTLPTL_VERSION).linux.x86_64.tar.gz | tar xz -C $(TOOLS_BIN_DIR) ctlptl
129122

130123
KUBECTL := $(abspath $(TOOLS_BIN_DIR)/kubectl)
131-
kubectl: $(KUBECTL) ## Build a local copy of kubectl
132-
$(KUBECTL):
133-
curl -fsSL "https://dl.k8s.io/release/v1.27.3/bin/$$(go env GOOS)/$$(go env GOARCH)/kubectl" -o $(KUBECTL)
134-
chmod a+rx $(KUBECTL)
124+
135125

136126
HELM := $(abspath $(TOOLS_BIN_DIR)/helm)
137127
helm: $(HELM) ## Build a local copy of helm
@@ -181,7 +171,7 @@ $(GOTESTSUM):
181171
go install gotest.tools/[email protected]
182172

183173

184-
all-tools: $(KIND) $(KUBECTL) $(CLUSTERCTL) $(CTLPTL) $(SETUP_ENVTEST) $(ENVSUBST) $(KUSTOMIZE) $(CONTROLLER_GEN)
174+
all-tools: get-dependencies $(CTLPTL) $(SETUP_ENVTEST) $(ENVSUBST) $(KUSTOMIZE) $(CONTROLLER_GEN)
185175
echo 'done'
186176

187177
##@ Development
@@ -197,7 +187,7 @@ delete-bootstrap-cluster: $(CTLPTL) ## Deletes Kind-dev Cluster
197187
$(CTLPTL) delete registry cso-registry
198188

199189
.PHONY: cluster
200-
cluster: $(CTLPTL) $(KUBECTL) ## Creates kind-dev Cluster
190+
cluster: get-dependencies $(CTLPTL) $(KUBECTL) ## Creates kind-dev Cluster
201191
@# Fail early. Background: After Tilt started, changing .envrc has no effect for processes
202192
@# started via Tilt. That's why this should fail early.
203193
./hack/kind-dev.sh
@@ -282,12 +272,6 @@ set-manifest-pull-policy:
282272
$(info Updating kustomize pull policy file for default resource)
283273
sed -i'' -e 's@imagePullPolicy: .*@imagePullPolicy: '"$(PULL_POLICY)"'@' $(TARGET_RESOURCE)
284274

285-
builder-image-promote-latest:
286-
./hack/ensure-env-variables.sh USERNAME PASSWORD
287-
skopeo copy --src-creds=$(USERNAME):$(PASSWORD) --dest-creds=$(USERNAME):$(PASSWORD) \
288-
docker://$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) \
289-
docker://$(BUILDER_IMAGE):latest
290-
291275
##@ Binary
292276
##########
293277
# Binary #
@@ -545,5 +529,31 @@ create-workload-cluster-docker: $(ENVSUBST) $(KUBECTL)
545529
cat .cluster.yaml | $(ENVSUBST) - | $(KUBECTL) apply -f -
546530

547531
.PHONY: tilt-up
548-
tilt-up: env-vars-for-wl-cluster $(ENVSUBST) $(KUBECTL) $(KUSTOMIZE) $(TILT) cluster ## Start a mgt-cluster & Tilt. Installs the CRDs and deploys the controllers
532+
tilt-up: env-vars-for-wl-cluster get-dependencies $(ENVSUBST) $(TILT) cluster ## Start a mgt-cluster & Tilt. Installs the CRDs and deploys the controllers
549533
EXP_CLUSTER_RESOURCE_SET=true $(TILT) up --port=10351
534+
535+
BINARIES = clusterctl controller-gen helm kind kubectl kustomize trivy
536+
get-dependencies:
537+
ifeq ($(BUILD_IN_CONTAINER),true)
538+
docker run --rm -t -i \
539+
-v $(shell pwd):/src/cluster-stack-operator \
540+
$(BUILDER_IMAGE):$(BUILDER_IMAGE_VERSION) $@;
541+
else
542+
@if [ "$(HACK_TOOLS_BIN_VERSION)" != "$(BUILDER_IMAGE_VERSION)" ]; then \
543+
echo "Updating binaries"; \
544+
rm -rf hack/tools/bin; \
545+
mkdir -p $(TOOLS_BIN_DIR); \
546+
cp ./.builder-image-version.txt $(TOOLS_BIN_DIR)/version.txt; \
547+
for tool in $(BINARIES); do \
548+
if command -v $$tool > /dev/null; then \
549+
cp `command -v $$tool` $(TOOLS_BIN_DIR); \
550+
echo "copied $$tool to $(TOOLS_BIN_DIR)"; \
551+
else \
552+
echo "$$tool not found"; \
553+
fi; \
554+
done; \
555+
else \
556+
echo "No action required"; \
557+
echo "Binaries are up to date"; \
558+
fi
559+
endif

images/builder/Dockerfile

Lines changed: 42 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -17,20 +17,48 @@
1717
# If you make changes to this Dockerfile run `make builder-image-push`.
1818

1919
# Install Lychee
20-
FROM docker.io/library/alpine:3.17.3@sha256:b6ca290b6b4cdcca5b3db3ffa338ee0285c11744b4a6abaa9627746ee3291d8d as lychee
21-
# update: datasource=github-tags depName=lycheeverse/lychee versioning=semver
22-
ENV LYCHEE_VERSION="v0.11.1"
20+
FROM docker.io/library/alpine:3.19.0@sha256:13b7e62e8df80264dbb747995705a986aa530415763a6c58f84a3ca8af9a5bcd as lychee
2321
# hadolint ignore=DL3018
22+
# update: datasource=github-tags depName=lycheeverse/lychee versioning=semver
23+
ENV LYCHEE_VERSION="v0.14.3"
2424
RUN apk add --no-cache curl && \
2525
curl -L -o /tmp/lychee-${LYCHEE_VERSION}.tgz https://github.com/lycheeverse/lychee/releases/download/${LYCHEE_VERSION}/lychee-${LYCHEE_VERSION}-x86_64-unknown-linux-gnu.tar.gz && \
2626
tar -xz -C /tmp -f /tmp/lychee-${LYCHEE_VERSION}.tgz && \
2727
mv /tmp/lychee /usr/bin/lychee && \
2828
rm -rf /tmp/linux-amd64 /tmp/lychee-${LYCHEE_VERSION}.tgz
2929

30+
FROM cgr.dev/chainguard/wolfi-base:latest as wolfi
31+
32+
# renovate: datasource=github-tags depName=kubernetes-sigs/cluster-api
33+
ARG CLUSTERCTL_VERSION="v1.6.2"
34+
# renovate: datasource=github-tags depName=helm/helm
35+
ENV HELM_VERSION="v3.14.1"
36+
# renovate: datasource=github-tags depName=kubernetes-sigs/kind
37+
ARG KIND_VERSION="v0.20.0"
38+
# renovate: datasource=github-tags depName=kubernetes/kubernetes
39+
ARG KUBECTL_VERSION="v1.27.3"
40+
# renovate: datasource=github-tags depName=kubernetes-sigs/kustomize extractVersion=^kustomize\/v(?<version>.+)$
41+
ARG KUSTOMIZE_VERSION="v5.3.0"
42+
# renovate: datasource=github-tags depName=aquasecurity/trivy
43+
ARG TRIVY_VERSION="v0.48.3"
44+
# renovate: datasource=github-tags depName=kubernetes-sigs/controller-tools
45+
ARG CONTROLLER_GEN_VERSION="v0.14.0"
46+
47+
# hadolint ignore=DL3018
48+
RUN apk add -U --no-cache \
49+
curl \
50+
clusterctl=~${CLUSTERCTL_VERSION#v} \
51+
controller-gen=~${CONTROLLER_GEN_VERSION#v} \
52+
helm=~${HELM_VERSION#v} \
53+
kind=~${KIND_VERSION#v} \
54+
kubectl=~${KUBECTL_VERSION#v} \
55+
kustomize=~${KUSTOMIZE_VERSION#v} \
56+
trivy=~${TRIVY_VERSION#v}
57+
3058
# Install Golang CI Lint
31-
FROM docker.io/library/alpine:3.17.3@sha256:b6ca290b6b4cdcca5b3db3ffa338ee0285c11744b4a6abaa9627746ee3291d8d as golangci
59+
FROM docker.io/library/alpine:3.19.1 as golangci
3260
# update: datasource=github-tags depName=golangci/golangci-lint versioning=semver
33-
ENV GOLANGCI_VERSION="v1.52.2"
61+
ENV GOLANGCI_VERSION="v1.55.2"
3462
WORKDIR /
3563
# hadolint ignore=DL3018,DL4006
3664
RUN apk add --no-cache curl && \
@@ -39,18 +67,13 @@ RUN apk add --no-cache curl && \
3967
# Install Hadolint
4068
FROM docker.io/hadolint/hadolint:v2.12.0-alpine@sha256:7dba9a9f1a0350f6d021fb2f6f88900998a4fb0aaf8e4330aa8c38544f04db42 as hadolint
4169

42-
# Install Trivy
43-
FROM docker.io/aquasec/trivy:0.39.0@sha256:ab281f43ee11b8ea5443ca8897641441f04f14e8832fefd103d32b4acd7055e1 as trivy
44-
4570
############################
4671
# CSO Build Image Base #
4772
############################
48-
FROM docker.io/library/golang:1.20.2-bullseye@sha256:2101aa981e68ab1e06e3d4ac35ae75ed122f0380e5331e3ae4ba7e811bf9d256
73+
FROM docker.io/library/golang:1.21.6-bullseye
4974

50-
# update: datasource=repology depName=debian_11/skopeo versioning=loose
51-
ENV SKOPEO_VERSION="1.2.2+dfsg1-1+b6"
5275
# update: datasource=github-tags depName=adrienverge/yamllint versioning=semver
53-
ENV YAMLLINT_VERSION="v1.30.0"
76+
ENV YAMLLINT_VERSION="v1.33.0"
5477
# update: datasource=github-tags depName=opt-nc/yamlfixer versioning=semver
5578
ENV YAMLFIXER_VERSION="0.9.15"
5679

@@ -59,17 +82,22 @@ RUN apt-get update && \
5982
apt-get install -qy --no-install-recommends \
6083
gnupg python3 python3-pip \
6184
file zip unzip jq gettext \
62-
skopeo=${SKOPEO_VERSION} \
6385
libsystemd-dev jq && \
6486
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
6587
pip install --no-cache-dir \
6688
yamllint==${YAMLLINT_VERSION} \
6789
yamlfixer-opt-nc==${YAMLFIXER_VERSION}
6890

91+
COPY --from=wolfi /usr/bin/clusterctl /usr/bin/clusterctl
92+
COPY --from=wolfi /usr/bin/controller-gen /usr/bin/controller-gen
93+
COPY --from=wolfi /usr/bin/helm /usr/bin/helm
94+
COPY --from=wolfi /usr/bin/kubectl /usr/bin/kubectl
95+
COPY --from=wolfi /usr/bin/kind /usr/bin/kind
96+
COPY --from=wolfi /usr/bin/kustomize /usr/bin/kustomize
97+
COPY --from=wolfi /usr/bin/trivy /usr/bin/trivy
6998
COPY --from=lychee /usr/bin/lychee /usr/bin/lychee
7099
COPY --from=golangci /bin/golangci-lint /usr/local/bin
71100
COPY --from=hadolint /bin/hadolint /usr/bin/hadolint
72-
COPY --from=trivy /usr/local/bin/trivy /usr/bin/trivy
73101

74102
ENV GOCACHE=/go/cache
75103

0 commit comments

Comments
 (0)