build kotsadm-migrations and use rqlite 7.21.4

.github/actions/build-push-kotsadm-migrations-image/action.yml

@@ -0,0 +1,62 @@
+name: 'Build and push kotsadm-migrations image'
+description: 'Composite action for building and pushing kotsadm-migrations image'
+inputs:
+  image-name:
+    description: 'Full destination kotsadm-migrations image name'
+    required: true
+
+  git-tag:
+    description: 'Git tag'
+    required: true
+
+  registry-username:
+    description: 'Username to login to registry'
+    default: ''
+    required: false
+
+  registry-password:
+    description: 'Password to login to registry'
+    default: ''
+    required: false
+
+runs:
+  using: "composite"
+  steps:
+    - name: load environment variables from .image.env
+      uses: falti/dotenv-action@v1
+      id: dotenv
+      with:
+        path: .image.env
+
+    - uses: shrink/actions-docker-extract@v3
+      with:
+        image: schemahero/schemahero:${{ steps.dotenv.outputs.SCHEMAHERO_TAG }}
+        path: /schemahero
+        destination: migrations
+
+    - name: template melange and apko configs
+      shell: bash
+      run: |
+        export GIT_TAG=${{ inputs.git-tag }}
+        envsubst '${GIT_TAG}' < migrations/deploy/melange.yaml.tmpl > migrations/deploy/melange.yaml
+        envsubst '${GIT_TAG}' < migrations/deploy/apko.yaml.tmpl > migrations/deploy/apko.yaml
+
+    - id: cache-dir
+      shell: bash
+      run: echo "cache_dir=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
+
+    - uses: chainguard-dev/actions/melange-build@main
+      with:
+        config: migrations/deploy/melange.yaml
+        archs: x86_64
+        sign-with-temporary-key: true
+        cache-dir: ${{ steps.cache-dir.outputs.cache_dir }}
+
+    - uses: chainguard-images/actions/apko-publish@main
+      with:
+        config: migrations/deploy/apko.yaml
+        archs: x86_64
+        tag: ${{ inputs.image-name }}
+        vcs-url: true
+        generic-user: ${{ inputs.registry-username }}
+        generic-pass: ${{ inputs.registry-password }}

.github/workflows/alpha.yaml

@@ -19,24 +19,17 @@ jobs:
         uses: ./.github/actions/version-tag
 
 
-  build-schema-migrations:
+  build-kotsadm-migrations:
     runs-on: ubuntu-20.04
+    needs: [generate-tag]
     steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-
-    - uses: azure/docker-login@v1
-      env:
-        DOCKER_CONFIG: ./migrations/.docker
-      with:
-        username: ${{ secrets.DOCKERHUB_USER }}
-        password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-    - name: Build
-      env:
-        DOCKER_CONFIG: ./.docker
-      run: |
-        mapfile -t envs < <(grep -v '#.*' < .image.env) && export "${envs[@]}" && make -C migrations schema-alpha
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/build-push-kotsadm-migrations-image
+        with:
+          image-name: index.docker.io/kotsadm/kotsadm-migrations:alpha
+          git-tag: ${{ needs.generate-tag.outputs.tag }}
+          registry-username: ${{ secrets.DOCKERHUB_USER }}
+          registry-password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
 
   build-rqlite:
@@ -261,9 +254,9 @@ jobs:
           sarif_file: kotsadm-scan-output.sarif
 
 
-  scan_migrations:
+  scan_kotsadm_migrations:
     runs-on: ubuntu-20.04
-    needs: [build-schema-migrations]
+    needs: [build-kotsadm-migrations]
     steps:
       - name: Checkout
         uses: actions/checkout@v4

.github/workflows/build-test.yaml

@@ -383,7 +383,7 @@ jobs:
 
   build-migrations:
     runs-on: ubuntu-20.04
-    needs: [ can-run-ci ]
+    needs: [ can-run-ci, generate-tag ]
     steps:
       - name: setup env
         run: |
@@ -399,20 +399,10 @@ jobs:
           ref: ${{github.event.pull_request.head.ref}}
           repository: ${{github.event.pull_request.head.repo.full_name}}
 
-      - name: load environment variables from .image.env
-        uses: falti/dotenv-action@v1
-        id: dotenv
+      - uses: ./.github/actions/build-push-kotsadm-migrations-image
         with:
-          path: .image.env
-
-      - name: build and push migrations for e2e
-        uses: docker/build-push-action@v5
-        with:
-          tags: ttl.sh/automated-${{ github.run_id }}/kotsadm-migrations:24h
-          context: ./migrations
-          file: ./migrations/deploy/Dockerfile
-          push: true
-          build-args: SCHEMAHERO_TAG=${{ steps.dotenv.outputs.schemahero_tag }}
+          image-name: ttl.sh/automated-${{ github.run_id }}/kotsadm-migrations:24h
+          git-tag: ${{ needs.generate-tag.outputs.tag }}
 
 
   push-minio:

.github/workflows/release.yaml

@@ -68,17 +68,12 @@ jobs:
     steps:
     - name: Checkout
       uses: actions/checkout@v4
-    - uses: azure/docker-login@v1
-      env:
-        DOCKER_CONFIG: ./migrations/.docker
+    - uses: ./.github/actions/build-push-kotsadm-migrations-image
       with:
-        username: ${{ secrets.DOCKERHUB_USER }}
-        password: ${{ secrets.DOCKERHUB_PASSWORD }}
-    - name: "Release schema migrations on tag"
-      env:
-        GIT_TAG: ${{ needs.generate-tag.outputs.tag }}
-        DOCKER_CONFIG: ./.docker
-      run: mapfile -t envs < <(grep -v '#.*' < .image.env) && export "${envs[@]}" && make -C migrations schema-release
+        image-name: index.docker.io/kotsadm/kotsadm-migrations:${{ needs.generate-tag.outputs.tag }}
+        git-tag: ${{ needs.generate-tag.outputs.tag }}
+        registry-username: ${{ secrets.DOCKERHUB_USER }}
+        registry-password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
   build-web:
     runs-on: ubuntu-20.04

.image.env

@@ -2,7 +2,7 @@
 # most recent tag is interpolated from the source repository and used to generate a fully qualified image
 # name.
 MINIO_TAG='0.20231101.183725'
-RQLITE_TAG='8.0.1'
+RQLITE_TAG='7.21.4'
 DEX_TAG='2.37.0'
 SCHEMAHERO_TAG='0.17.0'
 LVP_TAG='v0.5.5'

Makefile

@@ -1,7 +1,7 @@
 include Makefile.build.mk
 CURRENT_USER := $(shell id -u -n)
 MINIO_TAG ?= 0.20231101.183725
-RQLITE_TAG ?= 8.0.1
+RQLITE_TAG ?= 7.21.4
 DEX_TAG ?= 2.37.0
 LVP_TAG ?= v0.5.5
 

cmd/imagedeps/README.md

@@ -31,15 +31,15 @@ dex kotsadm/dex
 The preceding image spec will produce the following environment and Go files.
 ```shell
 MINIO_TAG='0.20231101.183725'
-RQLITE_TAG='8.0.1'
+RQLITE_TAG='7.21.4'
 DEX_TAG='2.37.0'
 ```
 ```go
 package image
 
 const (
 	Minio = "kotsadm/minio:0.20231101.183725"
-	Rqlite = "kotsadm/rqlite:8.0.1"
+	Rqlite = "kotsadm/rqlite:7.21.4"
 	Dex = "kotsadm/dex:2.37.0"
 )
 ```

cmd/imagedeps/main_test.go

@@ -14,7 +14,7 @@ import (
 
 var (
 	minioTag  = "0.20231101.183725"
-	rqliteTag = "8.0.1"
+	rqliteTag = "7.21.4"
 	dexTag    = "2.37.0"
 
 	schemaheroTags = []string{

cmd/imagedeps/testdata/rqlite/.image.env

@@ -1,4 +1,4 @@
 # Generated file, do not modify.  This file is generated from a text file containing a list of images. The
 # most recent tag is interpolated from the source repository and used to generate a fully qualified image
 # name.
-RQLITE_TAG='8.0.1'
+RQLITE_TAG='7.21.4'

cmd/imagedeps/testdata/rqlite/constants.go

@@ -5,5 +5,5 @@ package image
 // image name.
 
 const (
-	Rqlite = "kotsadm/rqlite:8.0.1"
+	Rqlite = "kotsadm/rqlite:7.21.4"
 )

deploy/rqlite/apko.yaml

@@ -4,7 +4,7 @@ contents:
   keyring:
     - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
   packages:
-    - rqlite~8.0.1
+    - rqlite~7.21.4
     - rqlite-oci-entrypoint
     - bash
     - busybox

migrations/Makefile

@@ -1,15 +1,6 @@
 SHELL:=/bin/bash
-PROJECT_NAME ?= kotsadm-migrations
 SCHEMAHERO_TAG ?= 0.17.0
 
-.PHONY: schema-alpha
-schema-alpha: IMAGE = kotsadm/${PROJECT_NAME}:alpha
-schema-alpha: build_schema
-
-.PHONY: schema-release
-schema-release: IMAGE = kotsadm/${PROJECT_NAME}:${GIT_TAG}
-schema-release: build_schema
-
 build_schema:
 	docker build --pull --build-arg SCHEMAHERO_TAG=${SCHEMAHERO_TAG} -f deploy/Dockerfile -t ${IMAGE} .
 	docker push ${IMAGE}

migrations/deploy/apko.yaml.tmpl

@@ -0,0 +1,36 @@
+contents:
+  repositories:
+    - https://packages.wolfi.dev/os
+    - ./packages/
+  keyring:
+    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
+    - ./melange.rsa.pub
+  packages:
+    - kotsadm-migrations-head  # This is expected to be built locally by `melange`.
+    - bash
+    - busybox
+    - curl
+    - git
+    - wolfi-baselayout
+
+accounts:
+  groups:
+    - groupname: schemahero
+      gid: 1001
+  users:
+    - username: schemahero
+      uid: 1001
+      gid: 1001
+  run-as: schemahero
+
+environment:
+  VERSION: ${GIT_TAG}
+
+entrypoint:
+  command: /schemahero
+
+cmd: apply
+
+archs:
+  - x86_64
+  - aarch64

migrations/deploy/melange.yaml.tmpl

@@ -0,0 +1,32 @@
+package:
+  name: kotsadm-migrations-head
+  version: ${GIT_TAG}
+  epoch: 0
+  description: kotsadm-migrations package
+  copyright:
+    - license: Apache-2.0
+
+environment:
+  contents:
+    repositories:
+      - https://packages.wolfi.dev/os
+    keyring:
+      - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
+    packages:
+      - ca-certificates-bundle
+      - busybox
+      - git
+      - go
+  environment:
+    GOMODCACHE: '/var/cache/melange'
+
+pipeline:
+  - runs: |
+      set -x
+      export DESTDIR="${{targets.destdir}}"
+      mkdir -p "${DESTDIR}"
+
+      mv migrations/tables "${DESTDIR}/tables"
+
+      # expected to have already been extracted from the schemahero image
+      mv migrations/schemahero "${DESTDIR}/schemahero"

pkg/image/constants.go

@@ -6,7 +6,7 @@ package image
 
 const (
 	Minio      = "kotsadm/minio:0.20231101.183725"
-	Rqlite     = "kotsadm/rqlite:8.0.1"
+	Rqlite     = "kotsadm/rqlite:7.21.4"
 	Dex        = "kotsadm/dex:2.37.0"
 	Schemahero = "schemahero/schemahero:0.17.0"
 	Lvp        = "replicated/local-volume-provider:v0.5.5"