From 013673e3f374a8c9b0085f17aa64147bc91700a0 Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Wed, 24 Jan 2024 15:45:19 +0000 Subject: [PATCH] build arm64 and amd64 kotsadm image --- .../build-push-image-with-apko/action.yml | 6 +- ...-runner.yaml => arm64-arc-runner-set.yaml} | 2 +- .github/workflows/build-test.yaml | 81 ++++++++++++++++--- deploy/apko.yaml.tmpl | 19 +---- deploy/melange.yaml.tmpl | 21 +---- pkg/image/airgap.go | 3 + 6 files changed, 80 insertions(+), 52 deletions(-) rename .github/workflows/{arm64-self-hosted-runner.yaml => arm64-arc-runner-set.yaml} (98%) diff --git a/.github/actions/build-push-image-with-apko/action.yml b/.github/actions/build-push-image-with-apko/action.yml index 98ecb0b4bc..55b54073f1 100644 --- a/.github/actions/build-push-image-with-apko/action.yml +++ b/.github/actions/build-push-image-with-apko/action.yml @@ -1,5 +1,5 @@ -name: 'Build and push images with apko' -description: 'Composite action for building and pushing images with apko' +name: 'Build and push an image with apko' +description: 'Composite action for building and pushing an image with apko' inputs: apko-config: description: 'Path to apko config' @@ -44,7 +44,7 @@ runs: if: ${{ inputs.overwrite == 'true' || steps.check-image-exists.outputs.image-exists == 'false' }} with: config: ${{ inputs.apko-config }} - archs: x86_64 + archs: amd64,arm64 tag: ${{ inputs.image-name }} vcs-url: true generic-user: ${{ inputs.registry-username }} diff --git a/.github/workflows/arm64-self-hosted-runner.yaml b/.github/workflows/arm64-arc-runner-set.yaml similarity index 98% rename from .github/workflows/arm64-self-hosted-runner.yaml rename to .github/workflows/arm64-arc-runner-set.yaml index 24db4ea1be..4cd3a7a30b 100644 --- a/.github/workflows/arm64-self-hosted-runner.yaml +++ b/.github/workflows/arm64-arc-runner-set.yaml @@ -1,4 +1,4 @@ -name: Arm64 Self-Hosted Runner Controller +name: Arm64 ARC Runner Set on: schedule: diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml index 5deb27b466..4612e23f83 100644 --- a/.github/workflows/build-test.yaml +++ b/.github/workflows/build-test.yaml @@ -252,32 +252,93 @@ jobs: path: ./bin/kots - build-kotsadm: - runs-on: ubuntu-20.04 + build-kotsadm-melange-packages: needs: [ can-run-ci, generate-tag ] - permissions: - id-token: write # required to be able to assume the GCP SA identity to pull private Chainguard packages. + strategy: + fail-fast: true + matrix: + runner: [ + {name: ubuntu-20.04, arch: amd64}, + {name: arc-runner-set, arch: arm64} + ] + runs-on: ${{ matrix.runner.name }} steps: + - uses: actions/checkout@v4 + with: + ref: ${{github.event.pull_request.head.ref}} + repository: ${{github.event.pull_request.head.repo.full_name}} + - uses: actions/setup-go@v5 with: go-version: '^1.20.0' cache: true + - name: setup env - shell: bash run: | echo "GOPATH=$(go env GOPATH)" >> "$GITHUB_ENV" echo "$(go env GOPATH)/bin" >> "$GITHUB_PATH" + + - id: cache-dir + run: echo "cache_dir=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" + + - name: template melange config + env: + GIT_TAG: ${{ needs.generate-tag.outputs.tag }} + run: envsubst '${GIT_TAG}' < deploy/melange.yaml.tmpl > deploy/melange.yaml + + - uses: chainguard-dev/actions/melange-build@main + with: + config: deploy/melange.yaml + archs: ${{ matrix.runner.arch }} + sign-with-temporary-key: true + cache-dir: ${{ steps.cache-dir.outputs.cache_dir }} + + - name: tar packages + run: tar -czvf packages.tgz ./packages + + - uses: actions/upload-artifact@v4 + with: + name: kotsadm-melange-packages-${{ matrix.runner.arch }}.tgz + path: packages.tgz + + + build-kotsadm: + runs-on: ubuntu-20.04 + needs: [ can-run-ci, generate-tag, build-kotsadm-melange-packages ] + steps: - uses: actions/checkout@v4 with: ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - - uses: ./.github/actions/build-push-kotsadm-image + + - uses: actions/download-artifact@v4 with: - chainguard-gcp-wif-pool: ${{ secrets.CHAINGUARD_GCP_WIF_POOL }} - chainguard-gcp-sa: ${{ secrets.CHAINGUARD_GCP_SA }} - chainguard-gcp-project-id: ${{ secrets.CHAINGUARD_GCP_PROJECT_ID }} + name: kotsadm-melange-packages-amd64.tgz + path: ./packages-amd64.tgz + + - uses: actions/download-artifact@v4 + with: + name: kotsadm-melange-packages-arm64.tgz + path: ./packages-arm64.tgz + + - name: merge melange packages + run: | + mkdir -p packages + tar -xzf packages-amd64.tgz -C packages + tar -xzf packages-arm64.tgz -C packages + ls -lah packages + + - name: template apko config + env: + GIT_TAG: ${{ needs.generate-tag.outputs.tag }} + run: envsubst '${GIT_TAG}' < deploy/apko.yaml.tmpl > deploy/apko.yaml + + - name: Build and push kotsadm image + uses: ./.github/actions/build-push-image-with-apko + with: + apko-config: deploy/apko.yaml image-name: ttl.sh/automated-${{ github.run_id }}/kotsadm:24h - git-tag: ${{ needs.generate-tag.outputs.tag }} + overwrite: true build-kots-helm: diff --git a/deploy/apko.yaml.tmpl b/deploy/apko.yaml.tmpl index 1e82e5556d..90b5e9f895 100644 --- a/deploy/apko.yaml.tmpl +++ b/deploy/apko.yaml.tmpl @@ -7,21 +7,7 @@ contents: - ./melange.rsa.pub packages: - kotsadm-head # This is expected to be built locally by `melange`. - - # All currently supported kubectl versions. - # TODO: this requires manual intervention whenever there are new kubectl releases. - - kubectl-1.19 - - kubectl-1.20 - - kubectl-1.21 - - kubectl-1.22 - - kubectl-1.23 - - kubectl-1.24 - - kubectl-1.25 - - kubectl-1.26 - - kubectl-1.27 - - kubectl-1.28 - - kubectl-1.29 - + - kubectl - bash - busybox - curl @@ -45,9 +31,6 @@ accounts: environment: VERSION: ${GIT_TAG} - KOTS_KUBECTL_BIN_DIR: /usr/local/bin - KOTS_HELM_BIN_DIR: /usr/local/bin - KOTS_KUSTOMIZE_BIN_DIR: /usr/local/bin entrypoint: command: /kotsadm diff --git a/deploy/melange.yaml.tmpl b/deploy/melange.yaml.tmpl index a40f056fc8..33562a452b 100644 --- a/deploy/melange.yaml.tmpl +++ b/deploy/melange.yaml.tmpl @@ -12,7 +12,6 @@ environment: - https://packages.wolfi.dev/os keyring: - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub - - ./packages/chainguard-enterprise.rsa.pub packages: - ca-certificates-bundle - busybox @@ -66,24 +65,6 @@ pipeline: mv bin/kotsadm "${DESTDIR}/kotsadm" mv bin/kots "${DESTDIR}/kots" - # TODO: this requires manual intervention whenever helm bumps its major version ln -s /usr/bin/helm ${DESTDIR}/usr/local/bin/helm - ln -s /usr/bin/helm ${DESTDIR}/usr/local/bin/helm3 - - # TODO: this requires manual intervention whenever kustomize bumps its major version ln -s /usr/bin/kustomize ${DESTDIR}/usr/local/bin/kustomize - ln -s /usr/bin/kustomize ${DESTDIR}/usr/local/bin/kustomize5 - - # TODO: this requires manual intervention whenever kubectl bumps its major version - ln -s /usr/bin/kubectl-1.19 ${DESTDIR}/usr/local/bin/kubectl-v1.19 - ln -s /usr/bin/kubectl-1.20 ${DESTDIR}/usr/local/bin/kubectl-v1.20 - ln -s /usr/bin/kubectl-1.21 ${DESTDIR}/usr/local/bin/kubectl-v1.21 - ln -s /usr/bin/kubectl-1.22 ${DESTDIR}/usr/local/bin/kubectl-v1.22 - ln -s /usr/bin/kubectl-1.23 ${DESTDIR}/usr/local/bin/kubectl-v1.23 - ln -s /usr/bin/kubectl-1.24 ${DESTDIR}/usr/local/bin/kubectl-v1.24 - ln -s /usr/bin/kubectl-1.25 ${DESTDIR}/usr/local/bin/kubectl-v1.25 - ln -s /usr/bin/kubectl-1.26 ${DESTDIR}/usr/local/bin/kubectl-v1.26 - ln -s /usr/bin/kubectl-1.27 ${DESTDIR}/usr/local/bin/kubectl-v1.27 - ln -s /usr/bin/kubectl-1.28 ${DESTDIR}/usr/local/bin/kubectl-v1.28 - ln -s /usr/bin/kubectl-1.29 ${DESTDIR}/usr/local/bin/kubectl-v1.29 - ln -s /usr/bin/kubectl-1.29 ${DESTDIR}/usr/local/bin/kubectl + ln -s /usr/bin/kubectl ${DESTDIR}/usr/local/bin/kubectl diff --git a/pkg/image/airgap.go b/pkg/image/airgap.go index 2d376213a9..edf9b78f57 100644 --- a/pkg/image/airgap.go +++ b/pkg/image/airgap.go @@ -317,6 +317,7 @@ func TagAndPushAppImagesFromBundle(airgapBundle string, options imagetypes.PushI func PushAppImagesFromTempRegistry(airgapRootDir string, imageList []string, options imagetypes.PushImagesOptions) error { imagesDir := filepath.Join(airgapRootDir, "images") if _, err := os.Stat(imagesDir); os.IsNotExist(err) { + // this can either be because images were already pushed from the CLI, or it's a diff airgap bundle with no images return nil } @@ -407,6 +408,7 @@ func PushAppImagesFromTempRegistry(airgapRootDir string, imageList []string, opt func PushAppImagesFromDockerArchivePath(airgapRootDir string, options imagetypes.PushImagesOptions) error { imagesDir := filepath.Join(airgapRootDir, "images") if _, err := os.Stat(imagesDir); os.IsNotExist(err) { + // images were already pushed from the CLI return nil } @@ -503,6 +505,7 @@ func PushAppImagesFromDockerArchiveBundle(airgapBundle string, options imagetype if exists, err := archives.DirExistsInAirgap("images", airgapBundle); err != nil { return errors.Wrap(err, "failed to check if images dir exists in airgap bundle") } else if !exists { + // images were already pushed from the CLI return nil }