build kots with apko+melange in presubmit #3959
Conversation
Signed-off-by: Jason Hall <[email protected]>
Signed-off-by: Jason Hall <[email protected]>
Signed-off-by: Jason Hall <[email protected]>
cbodonnell
force-pushed
the
cherry-pick/imjasonh-apko-build
branch
from
189e17d to
d064244
Compare
|
The new workflow itself looks good. We need to integrate this into our existing |
Glad to hear it! Don't hesitate to reach out if there's any trouble. 🚀 |
| contents: read | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - uses: actions/setup-go@v3 |
There was a problem hiding this comment.
let's get on actions/setup-go@v4 since this is a new workflow.
|
|
||
| jobs: | ||
| presubmit-image: | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
can we pin to a specific ubuntu major version (preferably 22.04)?
| run-as: kotsadm | ||
|
|
||
| environment: | ||
| VERSION: v1.98.3 |
There was a problem hiding this comment.
I'm assuming this refers to the KOTS version? I feel like this should be a variable assuming the file format supports them, else we need to envsubst and pipe into apko.
|
|
||
| archs: | ||
| - x86_64 | ||
| - aarch64 |
There was a problem hiding this comment.
Have we started supporting KOTS on arm64? If not, should we remove this? I don't feel like we're doing a lot of local dev on KOTS.
| KOTS_KUSTOMIZE_BIN_DIR=/usr/local/bin | ||
|
|
||
| # TODO: fix pact build error on arm https://github.com/pact-foundation/pact-js-core/issues/264 | ||
| export PACT_SKIP_BINARY_INSTALL=true |
There was a problem hiding this comment.
This should no longer be necessary as we should be on the latest version of pact-js which bundles the multi-arch Rust core.
I'll submit a PR for kotsadm today to address that.
| make -C web deps lint build-kotsadm | ||
| make vet kots build |
There was a problem hiding this comment.
Can we move the static analysis steps into jobs outside of the package build, and just do the build here? That will allow us to parallelize those items and save some CI time.
| with: | ||
| config: apko.yaml | ||
| archs: x86_64 | ||
| tag: ttl.sh/kots |
There was a problem hiding this comment.
It would probably make integration easier if we match the chainguard image name to our current image name kotsadm
There was a problem hiding this comment.
Additionally, we will usually push the image with a namespace to avoid conflicts on ttl.sh. For example ttl.sh/<some-identifier>/kotsadm:24h
| config: melange.yaml | ||
| archs: x86_64 | ||
| sign-with-temporary-key: true | ||
| - uses: chainguard-images/actions/apko-publish@main |
There was a problem hiding this comment.
I see that this action pushes the image with a digest instead of a tag. Our tests currently leverages a --kotsadm-tag flag to override the image used during the install. For example: https://github.com/replicatedhq/kots/blob/v1.100.3/.github/workflows/build-test.yaml#L988-L990
|
closing as #4018 is merged |
What this PR does / why we need it:
This PR adds a presubmit GitHub Actions workflow to build and publish a kots image from the PR's source, including relevant other packages like
helm,kustomize, andkubectl. For now, only the latestkubectlis included in the image, but we should be able to add older supportedkubectls relatively soon.To do this, the PR adds an
apko.yamlandmelange.yamlto be used with (you guessed it) apko and melange to build kots into an APK and to install that APK into an image.Which issue(s) this PR fixes:
None that I'm aware of.
Special notes for your reviewer:
None
Steps to reproduce
See apko_melange_build.md
Does this PR introduce a user-facing change?
None at this time, though this could be extended to produce user-visible images by this process either on pushes to
mainor at release-time.Does this PR require documentation?
Yes, added in apko_melange_build.md
cc @denhamparry