Skip to content

Commit

Permalink
Metadata prefix + deprecations
Browse files Browse the repository at this point in the history
* deprecated almost all of the flags in favor of the config file
* optional metadata prefix for images
* updated modules
* cleanup of error printing in tests
* updating go in the pipeline
  • Loading branch information
drew-viles authored Sep 5, 2024
1 parent cd55ecc commit f6a3b80
Show file tree
Hide file tree
Showing 20 changed files with 298 additions and 270 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/pull_request.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,12 @@ on:
jobs:
lint:
name: Lint files
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: '1.22.1'
go-version: '1.23.1'
- name: golangci-lint
uses: golangci/golangci-lint-action@v3
with:
Expand All @@ -23,17 +23,17 @@ jobs:

test:
name: Run tests
runs-on: 'ubuntu-22.04'
runs-on: ubuntu-22.04
needs: lint
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: '1.22.1'
go-version: '1.23.1'
- run: go test -v -cover ./...

security-checks:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
needs: test
permissions:
contents: read
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:
jobs:
release:
name: Create Release
runs-on: 'ubuntu-22.04'
runs-on: ubuntu-24.04
permissions:
contents: write
steps:
Expand All @@ -17,7 +17,7 @@ jobs:
fetch-depth: 0
- uses: actions/setup-go@v4
with:
go-version: '1.22.1'
go-version: '1.23.1'
- name: Get OS and arch info
run: |
GOARCH=amd64
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/tag.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@ on:
jobs:
lint:
name: Lint files
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: '1.22.1'
go-version: '1.23.1'
- name: golangci-lint
uses: golangci/golangci-lint-action@v3
with:
Expand All @@ -24,17 +24,17 @@ jobs:

test:
name: Run tests
runs-on: 'ubuntu-22.04'
runs-on: ubuntu-24.04
needs: lint
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: '1.22.1'
go-version: '1.23.1'
- run: go test -v -cover ./...

security-checks:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
needs: test
permissions:
contents: read
Expand Down
6 changes: 5 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
# Changelog

## [ 2024/xx/xx - v1.2.x]
## [ 2024/09/05 - v1.2.2]

### Add/Updated
* Updated go modules
* new metadata prefix

### Deprecated
* All flags have been deprecated except a select few. The config file should be used from now on.

## [ 2024/04/26 - v1.2.1 ]

Expand Down
66 changes: 36 additions & 30 deletions baski-example.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,43 +22,44 @@ infra:
use-floating-ip: true
# The name of the network from which to get a floating IP from.
floating-ip-network-name: "public1"
# Specify a specific security group to use instead of "default"
# Specify a specific security group to use instead of "default".
security-group: ""
# Sets the image visibility once it has been created. The cloud account being used must have permission to do this.
image-visibility: "public"
# The disk format
image-disk-format: "raw"
# Whether to use block_storage_volume
# Sets the block_storage_volume OpenStack Packer config parameter.
use-blockstorage-volume: false
# Specify an existing SSH keypair to use
ssh-keypair-name: "drew-rsa"
# The private Key file to use with the ssh-keypair-name
# The private Key file to use with the ssh-keypair-name - one will be autogenerated if not set.
ssh-privatekey-file: "/home/<USER>/.ssh/id_rsa"
# The volume type
# The volume type.
volume-type: ""
# The size of the storage volume
# The size of the storage volume.
volume-size: 0
# The rootfs-UUID. In testing this has only been required for bare-metal instances as the bare-metal instance needs know about the rootfs, so it knows what to boot.
rootfs-uuid: ""
# KubeVirt support is a wrapper around QEMU builds however at the end of the build it will generate a PVC in the target Kubernetes cluster
# The metadata-prefix will be used to prefix any metadata. This can be left blank if not required but if your metadata requires a prefix like `baski:k8s-version`, then it can be added here.
# Whatever is entered here will be split with a semi-colon - <metadata-prefix>:<metadata>.
metadata-prefix: "baski"
# KubeVirt support is a wrapper around QEMU builds however at the end of the build it will generate a PVC in the target Kubernetes cluster.
kubevirt:
# qemu_binary enables the overriding of the qemu-system-x86_64 binary name
# qemu_binary enables the overriding of the qemu-system-x86_64 binary name.
qemu_binary: "qemu-system-x86_64"
# disk_size describes the size of the VM disk
# disk_size describes the size of the VM disk.
disk_size: "10G"
# The directory in which the resulting QCOW2 image will be stored.
# This will have the image-name stored within it resulting in:
# /tmp/image-output/{{build.image-prefix}}-{{date}}-{{unique-code}}/{{build.build-os}}-kube-v{{build.kubernetes-version}}
# /tmp/image-output/{{build.image-prefix}}-{{date}}-{{unique-code}}/{{build.build-os}}-kube-v{{build.kubernetes-version}}.
output-directory: "/tmp/image-output"
# This enables the image to be uploaded to an S3 endpoint as defined in the S3 object and is recommended if using the datavolume-from-S3 approach in KubeVirt.
store-in-s3: false
# The bucket in which to store the resulting image - required if store-in-s3 is true
# The bucket in which to store the resulting image - required if store-in-s3 is true.
image-bucket: "images"
# kubevirt_namespace is the namespace in which the DV will be created
# kubevirt_namespace is the namespace in which the DV will be created.
image-namespace: "baski-vm-images"
# k8s contains kubernetes cluster options
k8s:
# kubeconfig_path is the path to the kubeconfig that will be used to generate the PVC for Kubevirt
# kubeconfig_path is the path to the kubeconfig that will be used to generate the PVC for Kubevirt.
kubeconfig_path: "/tmp/kubeconfig"

# Baski presumes there is an S3 endpoint available for the pulling of any items such as the .trivyignore and nvidia files (where required) as well as uploading any other items such as scan results and QEMU images (where required).
Expand All @@ -81,19 +82,19 @@ build:
image-prefix: "kmi"
# The repo to use for image building. This will default to the main image builder repo but can be updated if additional functionality is required in a fork.
image-repo: "https://github.com/kubernetes-sigs/image-builder.git"
# The branch to use in the image repo
# The branch to use in the image repo.
image-repo-branch: "main"
# The crictl version.
crictl-version: "1.26.0"
# The CNI version.
cni-version: "1.2.0"
# The specific version of the CNI Debian package ('kubernetes-cni') to install
# The specific version of the CNI Debian package ('kubernetes-cni') to install.
cni-deb-version: "1.2.0-2.1"
# The Kubernetes version.
kubernetes-version: "1.28.2"
# The specific version of the Kubernetes Debian packages ('kubeadm', 'kubelet') to install
# The specific version of the Kubernetes Debian packages ('kubeadm', 'kubelet') to install.
kubernetes-deb-version: "1.28.2-1.1"
# Any additional debs to install. Currently, Baski only supports ubuntu and flatcar and this will only work with Ubuntu
# Any additional debs to install. Currently, Baski only supports ubuntu and flatcar and this will only work with Ubuntu.
extra-debs: "nfs-common"
# Whether to add Trivy into the image.
add-trivy: true
Expand All @@ -108,13 +109,17 @@ build:
enable-gpu-support: true
# The GPU architecture being used ("nvidia" or "amd" are currently supported).
gpu-vendor: "amd"
# The AMD driver version to be installed
amd-driver-version: "6.0.2"
# The AMD driver version to be installed
amd-deb-version: "6.0.60002-1"
# The GPU Model this image supports
gpu-model-support: "MI250X"
# What type of instance this GPU support. "vm" (virtual machine), "bm", (bare metal) or "any".
gpu-instance-support: "any"
# The AMD driver version to be installed.
amd-driver-version: "6.1.2"
# The AMD driver version to be installed.
amd-deb-version: "6.1.60102-1"
# The AMDGPU Installer usecase
amd-usecase-version: "dkms"
# The NVIDIA driver version to be installed - Currently used for tagging metadata
# The NVIDIA driver version to be installed - Currently used for tagging metadata.
nvidia-driver-version: "535.129.03"
# The S3 bucket to get the NVIDIA installer and license files from.
nvidia-bucket: "nvidia"
Expand All @@ -126,15 +131,15 @@ build:
nvidia-gridd-feature-type: "4"
# The additional-images section should be a list of container images to bake into the image.
additional-images: []
# Any additional metadata/tags to add to the image as a map[string]string
# The following are available via the `generateBuilderMetadata` func in the provisioner and any additional data added here will be appended in that func
# Any additional metadata/tags to add to the image as a map[string]string.
# The following are available via the `generateBuilderMetadata` func in the provisioner and any additional data added here will be appended in that func.
# "os": o.BuildOS,
# "k8s": o.KubeVersion,
# "gpu": gpu,
# "date": time.Now().Format(time.RFC3339),
additional-metadata: {}

# Scan stage options
# Scan stage options.
scan:
# Used to scan a single image - takes an image ID and scans it.
single:
Expand All @@ -149,12 +154,13 @@ scan:
# Override the cloud.[provider].flavor for the scan. This can help avoid using a large or gpu enabled node just for scanning.
# This is only really needed if you're using a single config for all steps of Baski.
# If Baski is run in a pipeline, the scan step may generate its own config on demand and therefore the cloud.[provider].flavor would be sufficient.
flavor-name: "not-so-spicy-meatball"
# Whether to auto-delete the image. This has been added for automation purposes in the scenario where the image is built then scanned right away.
# Should the scan fail then the image shouldn't be available publicly and so can be automatically deleted from the infrastructure to make sure a vulnerable image is not deployed.
flavor-name: "some-flavor"
# Whether to auto-delete the image should a scan fail.
# Should the scan fail on a new image and the image shouldn't be available publicly as a result, it can be automatically deleted from the infrastructure to ensure a vulnerable image is not deployed.
auto-delete-image: false
# This option allows the scan to skip checking the CVE check which would result in a failure should the thresholds below be hit.
# It can be useful for building an image that needs to stick around, even if a scan would fail. Maybe for troubleshooting or review.
# Don't use this in production otherwise you could end up with vulnerable images.
skip-cve-check: false
# Minimum severity to check for during the scan.
max-severity-type: MEDIUM
Expand All @@ -165,7 +171,7 @@ scan:
# The name of the trivyignore file in the bucket.
trivyignore-filename: ".trivyignore"
# A list of CVEs to add to the ignore list. If a file is also provided, this list will be appended to the list within the file.
# If no file exists, then the file will be created with the list contents
# If no file exists, then the file will be created with the list contents.
trivyignore-list: []

# Sign stage options
Expand Down
86 changes: 41 additions & 45 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,61 +1,59 @@
module github.com/drewbernetes/baski

go 1.22.0

toolchain go1.22.5
go 1.23.1

require (
github.com/drewbernetes/simple-s3 v0.1.0
github.com/drewbernetes/simple-s3 v0.1.4
github.com/go-git/go-git/v5 v5.12.0
github.com/google/uuid v1.6.0
github.com/gophercloud/gophercloud v1.13.0
github.com/gophercloud/gophercloud v1.14.0
github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56
github.com/hashicorp/vault/api v1.14.0
github.com/pkg/sftp v1.13.6
github.com/spf13/cobra v1.8.1
github.com/spf13/viper v1.19.0
go.uber.org/mock v0.4.0
golang.org/x/crypto v0.25.0
k8s.io/api v0.30.3
k8s.io/apimachinery v0.30.3
golang.org/x/crypto v0.26.0
k8s.io/api v0.31.0
k8s.io/apimachinery v0.31.0
k8s.io/client-go v12.0.0+incompatible
kubevirt.io/client-go v1.3.0-beta.0
kubevirt.io/containerized-data-importer-api v1.59.0
kubevirt.io/containerized-data-importer-api v1.60.2
)

require (
dario.cat/mergo v1.0.0 // indirect
dario.cat/mergo v1.0.1 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/ProtonMail/go-crypto v1.0.0 // indirect
github.com/aws/aws-sdk-go-v2 v1.30.3 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 // indirect
github.com/aws/aws-sdk-go-v2/config v1.27.27 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.17.27 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 // indirect
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.8 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15 // indirect
github.com/aws/aws-sdk-go-v2/service/s3 v1.58.2 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 // indirect
github.com/aws/smithy-go v1.20.3 // indirect
github.com/aws/aws-sdk-go-v2 v1.30.5 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.4 // indirect
github.com/aws/aws-sdk-go-v2/config v1.27.33 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.17.32 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 // indirect
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.18 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.17 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.19 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.17 // indirect
github.com/aws/aws-sdk-go-v2/service/s3 v1.61.2 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.22.7 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.7 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.30.7 // indirect
github.com/aws/smithy-go v1.20.4 // indirect
github.com/cenkalti/backoff/v3 v3.2.2 // indirect
github.com/cloudflare/circl v1.3.9 // indirect
github.com/cyphar/filepath-securejoin v0.3.0 // indirect
github.com/cloudflare/circl v1.4.0 // indirect
github.com/cyphar/filepath-securejoin v0.3.1 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/emicklei/go-restful/v3 v3.12.1 // indirect
github.com/emirpasic/gods v1.18.1 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/go-git/go-billy/v5 v5.5.0 // indirect
github.com/go-jose/go-jose/v4 v4.0.3 // indirect
github.com/go-jose/go-jose/v4 v4.0.4 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
Expand Down Expand Up @@ -90,39 +88,37 @@ require (
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/openshift/api v0.0.0-20240722135205-ae4f370f361f // indirect
github.com/openshift/custom-resource-status v1.1.2 // indirect
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
github.com/pjbgf/sha1cd v0.3.0 // indirect
github.com/rogpeppe/go-internal v1.12.0 // indirect
github.com/ryanuber/go-glob v1.0.0 // indirect
github.com/sagikazarmark/locafero v0.6.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
github.com/skeema/knownhosts v1.3.0 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/cast v1.6.0 // indirect
github.com/spf13/cast v1.7.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
golang.org/x/net v0.27.0 // indirect
golang.org/x/oauth2 v0.21.0 // indirect
golang.org/x/sys v0.22.0 // indirect
golang.org/x/term v0.22.0 // indirect
golang.org/x/text v0.16.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e // indirect
golang.org/x/net v0.28.0 // indirect
golang.org/x/oauth2 v0.23.0 // indirect
golang.org/x/sys v0.25.0 // indirect
golang.org/x/term v0.24.0 // indirect
golang.org/x/text v0.18.0 // indirect
golang.org/x/time v0.6.0 // indirect
google.golang.org/protobuf v1.34.2 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f // indirect
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 // indirect
k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 // indirect
kubevirt.io/controller-lifecycle-operator-sdk/api v0.2.4 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
Expand Down
Loading

0 comments on commit f6a3b80

Please sign in to comment.