From 4b33a5d9e57ef70621ead92fc14773c8602c220b Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 16 Jul 2024 17:49:22 +0000 Subject: [PATCH] Use mirror.gcr.io as buildx pull-through cache Signed-off-by: Brad Davidson --- .github/workflows/build.yml | 51 +++++++++++-- .github/workflows/pr.yml | 44 +++++++++-- .github/workflows/release.yml | 123 +++++++++++++++++++++++++----- .github/workflows/test-suite.yaml | 19 ++++- Dockerfile | 22 +++--- Dockerfile.windows | 14 ++-- Makefile | 6 +- scripts/build-image-runtime | 17 +++-- scripts/build-image-test | 7 +- scripts/dev-shell-build | 2 +- 10 files changed, 241 insertions(+), 64 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5e0bbc5eb38..a3d723f47d0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -19,9 +19,27 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] + - name: Export Cache Env Vars + uses: actions/github-script@v7 + env: + github-token: ${{ secrets.GITHUB_TOKEN }} + with: + script: | + core.exportVariable('ACTIONS_CACHE_URL', process.env['ACTIONS_CACHE_URL']) + core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']) + core.exportVariable('ACTIONS_RUNTIME_URL', process.env['ACTIONS_RUNTIME_URL']) - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main @@ -31,21 +49,42 @@ jobs: secret/data/github/repo/${{ github.repository }}/aws-secret-access-key/credentials token | AWS_SECRET_ACCESS_KEY ; - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make dapper-ci env: AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Test run: | - dapper -f Dockerfile --target dapper make test + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make test + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} build-arm64: runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64 steps: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] + - name: Export Cache Env Vars + uses: actions/github-script@v7 + env: + github-token: ${{ secrets.GITHUB_TOKEN }} + with: + script: | + core.exportVariable('ACTIONS_CACHE_URL', process.env['ACTIONS_CACHE_URL']) + core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']) + core.exportVariable('ACTIONS_RUNTIME_URL', process.env['ACTIONS_RUNTIME_URL']) - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main @@ -55,8 +94,8 @@ jobs: secret/data/github/repo/${{ github.repository }}/aws-secret-access-key/credentials token | AWS_SECRET_ACCESS_KEY ; - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make dapper-ci env: AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} - \ No newline at end of file + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 3eb84d1e961..2bf13636458 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -15,26 +15,58 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] + - name: Export Cache Env Vars + uses: actions/github-script@v7 + env: + github-token: ${{ secrets.GITHUB_TOKEN }} + with: + script: | + core.exportVariable('ACTIONS_CACHE_URL', process.env['ACTIONS_CACHE_URL']) + core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']) + core.exportVariable('ACTIONS_RUNTIME_URL', process.env['ACTIONS_RUNTIME_URL']) - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make dapper-ci + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Test run: | - dapper -f Dockerfile --target dapper make test + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make test + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} build-arm64: runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64 steps: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci - \ No newline at end of file + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make dapper-ci + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index abbf3ee746a..07f42fc5db4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,16 +25,40 @@ jobs: - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] + + - name: Export Cache Env Vars + uses: actions/github-script@v7 + env: + github-token: ${{ secrets.GITHUB_TOKEN }} + with: + script: | + core.exportVariable('ACTIONS_CACHE_URL', process.env['ACTIONS_CACHE_URL']) + core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']) + core.exportVariable('ACTIONS_RUNTIME_URL', process.env['ACTIONS_RUNTIME_URL']) + - name: Validate Release run: | - dapper -f Dockerfile --target dapper make validate-release + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make validate-release + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make dapper-ci + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main @@ -45,27 +69,38 @@ jobs: - name: Package Images run: | - dapper -f Dockerfile --target dapper make package-images + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make package-images + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Scan Images continue-on-error: true run: | - dapper -f Dockerfile --target dapper make scan-images + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make scan-images + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Test run: | - dapper -f Dockerfile --target dapper make test + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make test + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Publish Image Runtime run: | - GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make publish-image-runtime + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make publish-image-runtime env: DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }} + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + GITHUB_ACTION_TAG: ${{ github.ref_name }} - name: Checksum Artifacts run: | - GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make checksum + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make checksum + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + GITHUB_ACTION_TAG: ${{ github.ref_name }} - name: Publish Artifacts run: | @@ -76,18 +111,42 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] + + - name: Export Cache Env Vars + uses: actions/github-script@v7 + env: + github-token: ${{ secrets.GITHUB_TOKEN }} + with: + script: | + core.exportVariable('ACTIONS_CACHE_URL', process.env['ACTIONS_CACHE_URL']) + core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']) + core.exportVariable('ACTIONS_RUNTIME_URL', process.env['ACTIONS_RUNTIME_URL']) + - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: Validate Release run: | - dapper -f Dockerfile --target dapper make validate-release + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make validate-release + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make dapper-ci + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main @@ -98,23 +157,32 @@ jobs: - name: Package Images run: | - dapper -f Dockerfile --target dapper make package-images + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make package-images + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Scan Images continue-on-error: true run: | - dapper -f Dockerfile --target dapper make scan-images + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make scan-images + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Publish Image Runtime run: | - GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make publish-image-runtime + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make publish-image-runtime env: DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }} + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + GITHUB_ACTION_TAG: ${{ github.ref_name }} - name: Checksum run: | - GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make checksum + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make checksum + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + GITHUB_ACTION_TAG: ${{ github.ref_name }} - name: Publish Artifacts run: | @@ -126,9 +194,29 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] + + - name: Export Cache Env Vars + uses: actions/github-script@v7 + env: + github-token: ${{ secrets.GITHUB_TOKEN }} + with: + script: | + core.exportVariable('ACTIONS_CACHE_URL', process.env['ACTIONS_CACHE_URL']) + core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']) + core.exportVariable('ACTIONS_RUNTIME_URL', process.env['ACTIONS_RUNTIME_URL']) + - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: "Read secrets" @@ -139,8 +227,9 @@ jobs: - name: Dispatch run: | - dapper -f Dockerfile --target dapper make dispatch + dapper -f Dockerfile --bake --cache-from=type=gha --cache-to=type=gha,ignore-error=true,mode=max --target dapper make dispatch env: PAT_TOKEN: ${{ secrets.GITHUB_TOKEN }} PATH_USERNAME: ${{ env.PAT_USERNAME }} GITHUB_ACTION_TAG: ${{ env.GITHUB_ACTION_TAG }} + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index 58d3588f156..461e55d4117 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -28,6 +28,15 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] - name: Find Go Version for Build id: go-finder run: | @@ -39,8 +48,6 @@ jobs: uses: ./.github/actions/setup-go with: go-version: ${{ steps.go-finder.outputs.VERSION_GOLANG }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - name: Install OS Packages run: sudo apt-get install -y libarchive-tools g++-mingw-w64-x86-64 gcc-mingw-w64-x86-64 # Can only upload from a single path, so we need to copy the binary to the image directory @@ -48,11 +55,15 @@ jobs: # just compressed. We remove the rke2-runtime.tar as its not used by the install script. - name: Build RKE2 Binary and Compressed Runtime Image run: | - GOCOVER=true make package-bundle + make package-bundle make package-image-runtime cp ./bin/rke2 ./build/images/rke2 cp ./dist/artifacts/rke2.*-amd64.tar.gz ./build/images/ rm ./build/images/rke2-runtime.tar + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + GOCOVER: "true" + - name: Upload RKE2 Binary and Runtime Image uses: actions/upload-artifact@v4 with: @@ -175,4 +186,4 @@ jobs: with: ## If no one connects after 5 minutes, shut down server. wait-timeout-minutes: 5 - limit-access-to-actor: true \ No newline at end of file + limit-access-to-actor: true diff --git a/Dockerfile b/Dockerfile index 76c68c78f7a..78f2fefe816 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ ARG KUBERNETES_VERSION=dev # Build environment FROM rancher/hardened-build-base:v1.22.4b1 AS build ARG DAPPER_HOST_ARCH -ENV ARCH $DAPPER_HOST_ARCH +ENV ARCH="$DAPPER_HOST_ARCH" RUN set -x && \ apk --no-cache add \ bash \ @@ -31,13 +31,13 @@ RUN zypper install -y systemd-rpm-macros # Dapper/Drone/CI environment FROM build AS dapper -ENV DAPPER_ENV GODEBUG GOCOVER REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY DOCKER_USERNAME DOCKER_PASSWORD ARG DAPPER_HOST_ARCH -ENV ARCH $DAPPER_HOST_ARCH -ENV DAPPER_OUTPUT ./dist ./bin ./build -ENV DAPPER_DOCKER_SOCKET true -ENV DAPPER_TARGET dapper -ENV DAPPER_RUN_ARGS "--privileged --network host -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build -v trivy-cache:/root/.cache/trivy" +ENV ARCH="$DAPPER_HOST_ARCH" +ENV DAPPER_ENV="GODEBUG GOCOVER REPO TAG GITHUB_ACTION_TAG ACTIONS_CACHE_URL ACTIONS_RUNTIME_TOKEN PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION BUILDX_BUILDER DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY DOCKER_USERNAME DOCKER_PASSWORD" +ENV DAPPER_OUTPUT="./dist ./bin ./build" +ENV DAPPER_DOCKER_SOCKET="true" +ENV DAPPER_TARGET="dapper" +ENV DAPPER_RUN_ARGS="--privileged --network host -v /home/runner/.docker:/root/.docker -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build -v trivy-cache:/root/.cache/trivy" RUN if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "arm64" ]; then \ VERSION=0.56.10 OS=linux && \ curl -sL "https://github.com/vmware-tanzu/sonobuoy/releases/download/v${VERSION}/sonobuoy_${VERSION}_${OS}_${ARCH}.tar.gz" | \ @@ -95,8 +95,8 @@ RUN set -x && \ RUN go get github.com/onsi/ginkgo/v2 github.com/onsi/gomega/... RUN GO111MODULE=off GOBIN=/usr/local/bin go get github.com/go-delve/delve/cmd/dlv RUN echo 'alias abort="echo -e '\''q\ny\n'\'' | dlv connect :2345"' >> /root/.bashrc -ENV PATH=/var/lib/rancher/rke2/bin:$PATH -ENV KUBECONFIG=/etc/rancher/rke2/rke2.yaml +ENV PATH="/var/lib/rancher/rke2/bin:$PATH" +ENV KUBECONFIG="/etc/rancher/rke2/rke2.yaml" VOLUME /var/lib/rancher/rke2 # This makes it so we can run and debug k3s too VOLUME /var/lib/rancher/k3s @@ -156,9 +156,9 @@ COPY build/images/rke2-images.linux-amd64.tar.zst /var/lib/rancher/rke2/agent/im COPY build/images.txt /images.txt # use rke2 bundled binaries -ENV PATH=/var/lib/rancher/rke2/bin:$PATH +ENV PATH="/var/lib/rancher/rke2/bin:$PATH" # for kubectl -ENV KUBECONFIG=/etc/rancher/rke2/rke2.yaml +ENV KUBECONFIG="/etc/rancher/rke2/rke2.yaml" # for crictl ENV CONTAINER_RUNTIME_ENDPOINT="unix:///run/k3s/containerd/containerd.sock" # for ctr diff --git a/Dockerfile.windows b/Dockerfile.windows index 822e2363a25..fea2c078985 100644 --- a/Dockerfile.windows +++ b/Dockerfile.windows @@ -6,13 +6,13 @@ RUN apk --no-cache add \ # Dapper/Drone/CI environment FROM rancher/hardened-build-base:v1.21.5b2 AS dapper -ENV DAPPER_ENV GODEBUG REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY ARG DAPPER_HOST_ARCH -ENV ARCH $DAPPER_HOST_ARCH -ENV DAPPER_OUTPUT ./dist ./bin ./build -ENV DAPPER_DOCKER_SOCKET true -ENV DAPPER_TARGET dapper -ENV DAPPER_RUN_ARGS "--privileged --network host -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build" +ENV ARCH="$DAPPER_HOST_ARCH" +ENV DAPPER_ENV="GODEBUG REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY" +ENV DAPPER_OUTPUT="./dist ./bin ./build" +ENV DAPPER_DOCKER_SOCKET="true" +ENV DAPPER_TARGET="dapper" +ENV DAPPER_RUN_ARGS="--privileged --network host -v /home/runner/.docker:/root/.docker -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build" RUN apk update RUN set -x && \ apk add --no-cache \ @@ -39,7 +39,7 @@ WORKDIR /source # End Dapper stuff FROM rancher/hardened-containerd:v1.7.17-k3s1-build20240605-amd64-windows AS containerd -FROM build as windows-runtime-collect +FROM build AS windows-runtime-collect ARG KUBERNETES_VERSION=dev # windows runtime image diff --git a/Makefile b/Makefile index 699d52cd248..247e576e229 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ ci-shell: clean .dapper ## Launch a shell in the CI environment @echo '# Run "make dapper-ci" to reproduce CI in this shell #' @echo '######################################################' @echo - ./.dapper -f Dockerfile --target dapper -s + ./.dapper --bake -f Dockerfile --target dapper -s .PHONY: dapper-ci dapper-ci: .ci ## Used by Drone CI, does the same as "ci" but in a Drone way @@ -157,14 +157,14 @@ checksum: ./.dapper: @echo Downloading dapper - @curl -sL https://releases.rancher.com/dapper/v0.5.8/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp + @curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp @@chmod +x .dapper.tmp @./.dapper.tmp -v @mv .dapper.tmp .dapper in-docker-%: .dapper ## Advanced: wraps any target in Docker environment, for example: in-docker-build-debug mkdir -p ./bin/ ./dist/ ./build - ./.dapper -f Dockerfile --target dapper make $* + ./.dapper --bake -f Dockerfile --target dapper make $* .PHONY: help help: ## this help diff --git a/scripts/build-image-runtime b/scripts/build-image-runtime index c11896735e3..79bc849cdf5 100755 --- a/scripts/build-image-runtime +++ b/scripts/build-image-runtime @@ -5,7 +5,7 @@ cd $(dirname $0)/.. source ./scripts/version.sh -DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \ +docker buildx build --load --cache-from=type=gha \ --build-arg TAG=${VERSION} \ --build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \ --build-arg MAJOR=${VERSION_MAJOR} \ @@ -18,8 +18,13 @@ DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \ --file Dockerfile \ . +mkdir -p build/images +docker image save \ + --output build/images/${PROG}-runtime.tar \ + ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOOS}-${GOARCH} + if [ "${GOARCH}" != "s390x" ] && [ "${GOARCH}" != "arm64" ]; then - DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \ + docker buildx build --load --cache-from=type=gha \ --build-arg TAG=${VERSION} \ --build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \ --build-arg MAJOR=${VERSION_MAJOR} \ @@ -30,12 +35,10 @@ if [ "${GOARCH}" != "s390x" ] && [ "${GOARCH}" != "arm64" ]; then --file Dockerfile.windows \ . # Only ever used in its compressed form for e2e tests - mkdir -p build/images docker image save \ ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-windows-${GOARCH} | \ zstd -T0 -16 -f --long=25 --no-progress - -o build/images/${PROG}-images.windows-${GOARCH}.tar.zst fi -mkdir -p build/images -docker image save \ - --output build/images/${PROG}-runtime.tar \ - ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOOS}-${GOARCH} + +# fix builder activity timestamp file ownership getting broken when mounted into the dapper container +rm ~/.docker/buildx/activity/* diff --git a/scripts/build-image-test b/scripts/build-image-test index a3b7ca670aa..2bd1e6787dd 100755 --- a/scripts/build-image-test +++ b/scripts/build-image-test @@ -9,11 +9,14 @@ if [ "${GOARCH}" == "s390x" ] || [ "${GOARCH}" == "arm64" ]; then exit 0 fi -DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \ +docker buildx build --load --cache-from=type=gha \ --build-arg TAG=${VERSION} \ --build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \ --build-arg CACHEBUST="$(date +%s%N)" \ --tag ${REPO}/${PROG}-test:${DOCKERIZED_VERSION} \ --tag ${REPO}/${PROG}-test:${DOCKERIZED_VERSION}-${GOARCH} \ --target test \ -. + . + +# fix builder activity timestamp file ownership getting broken when mounted into the dapper container +rm ~/.docker/buildx/activity/* diff --git a/scripts/dev-shell-build b/scripts/dev-shell-build index 48c8d1e0e27..999ec2b6469 100755 --- a/scripts/dev-shell-build +++ b/scripts/dev-shell-build @@ -10,4 +10,4 @@ if [ ! -d build/images ]; then fi # build the dev shell image -DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build -t ${PROG}-dev --target shell . +docker buildx build --load -t ${PROG}-dev --target shell .