From df65769393dd9dc52d4a1e1535fa3d38f96cf093 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 16 Jul 2024 17:49:22 +0000 Subject: [PATCH] Use mirror.gcr.io as buildx pull-through cache Signed-off-by: Brad Davidson --- .github/workflows/build.yml | 51 +++++++++++-- .github/workflows/pr.yml | 45 +++++++++-- .github/workflows/release.yml | 123 +++++++++++++++++++++++++----- .github/workflows/test-suite.yaml | 19 ++++- Dockerfile | 79 ++++++------------- Dockerfile.windows | 14 ++-- Makefile | 6 +- scripts/build-image-runtime | 23 ++++-- scripts/build-image-test | 10 ++- scripts/build-images | 9 ++- scripts/dev-shell-build | 2 +- 11 files changed, 270 insertions(+), 111 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5e0bbc5eb38..8ee359a4719 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -19,9 +19,27 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] + - name: Export Cache Env Vars + uses: actions/github-script@v7 + env: + github-token: ${{ secrets.GITHUB_TOKEN }} + with: + script: | + core.exportVariable('ACTIONS_CACHE_URL', process.env['ACTIONS_CACHE_URL']) + core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']) + core.exportVariable('ACTIONS_RUNTIME_URL', process.env['ACTIONS_RUNTIME_URL']) - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main @@ -31,21 +49,42 @@ jobs: secret/data/github/repo/${{ github.repository }}/aws-secret-access-key/credentials token | AWS_SECRET_ACCESS_KEY ; - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make dapper-ci env: AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Test run: | - dapper -f Dockerfile --target dapper make test + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make test + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} build-arm64: runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64 steps: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] + - name: Export Cache Env Vars + uses: actions/github-script@v7 + env: + github-token: ${{ secrets.GITHUB_TOKEN }} + with: + script: | + core.exportVariable('ACTIONS_CACHE_URL', process.env['ACTIONS_CACHE_URL']) + core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']) + core.exportVariable('ACTIONS_RUNTIME_URL', process.env['ACTIONS_RUNTIME_URL']) - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main @@ -55,8 +94,8 @@ jobs: secret/data/github/repo/${{ github.repository }}/aws-secret-access-key/credentials token | AWS_SECRET_ACCESS_KEY ; - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make dapper-ci env: AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} - \ No newline at end of file + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 3eb84d1e961..db900395b72 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -15,26 +15,59 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] + - name: Export Cache Env Vars + uses: actions/github-script@v7 + env: + github-token: ${{ secrets.GITHUB_TOKEN }} + with: + script: | + core.exportVariable('ACTIONS_CACHE_URL', process.env['ACTIONS_CACHE_URL']) + core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']) + core.exportVariable('ACTIONS_RUNTIME_URL', process.env['ACTIONS_RUNTIME_URL']) - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make dapper-ci + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + SKIP_DEV_RPM: true - name: Test run: | - dapper -f Dockerfile --target dapper make test + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make test + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} build-arm64: runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64 steps: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci - \ No newline at end of file + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make dapper-ci + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index abbf3ee746a..cf32fbc2b50 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,16 +25,40 @@ jobs: - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] + + - name: Export Cache Env Vars + uses: actions/github-script@v7 + env: + github-token: ${{ secrets.GITHUB_TOKEN }} + with: + script: | + core.exportVariable('ACTIONS_CACHE_URL', process.env['ACTIONS_CACHE_URL']) + core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']) + core.exportVariable('ACTIONS_RUNTIME_URL', process.env['ACTIONS_RUNTIME_URL']) + - name: Validate Release run: | - dapper -f Dockerfile --target dapper make validate-release + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make validate-release + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make dapper-ci + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main @@ -45,27 +69,38 @@ jobs: - name: Package Images run: | - dapper -f Dockerfile --target dapper make package-images + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make package-images + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Scan Images continue-on-error: true run: | - dapper -f Dockerfile --target dapper make scan-images + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make scan-images + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Test run: | - dapper -f Dockerfile --target dapper make test + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make test + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Publish Image Runtime run: | - GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make publish-image-runtime + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make publish-image-runtime env: DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }} + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + GITHUB_ACTION_TAG: ${{ github.ref_name }} - name: Checksum Artifacts run: | - GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make checksum + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make checksum + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + GITHUB_ACTION_TAG: ${{ github.ref_name }} - name: Publish Artifacts run: | @@ -76,18 +111,42 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] + + - name: Export Cache Env Vars + uses: actions/github-script@v7 + env: + github-token: ${{ secrets.GITHUB_TOKEN }} + with: + script: | + core.exportVariable('ACTIONS_CACHE_URL', process.env['ACTIONS_CACHE_URL']) + core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']) + core.exportVariable('ACTIONS_RUNTIME_URL', process.env['ACTIONS_RUNTIME_URL']) + - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: Validate Release run: | - dapper -f Dockerfile --target dapper make validate-release + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make validate-release + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make dapper-ci + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main @@ -98,23 +157,32 @@ jobs: - name: Package Images run: | - dapper -f Dockerfile --target dapper make package-images + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make package-images + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Scan Images continue-on-error: true run: | - dapper -f Dockerfile --target dapper make scan-images + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make scan-images + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Publish Image Runtime run: | - GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make publish-image-runtime + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make publish-image-runtime env: DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }} + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + GITHUB_ACTION_TAG: ${{ github.ref_name }} - name: Checksum run: | - GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make checksum + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make checksum + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + GITHUB_ACTION_TAG: ${{ github.ref_name }} - name: Publish Artifacts run: | @@ -126,9 +194,29 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] + + - name: Export Cache Env Vars + uses: actions/github-script@v7 + env: + github-token: ${{ secrets.GITHUB_TOKEN }} + with: + script: | + core.exportVariable('ACTIONS_CACHE_URL', process.env['ACTIONS_CACHE_URL']) + core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']) + core.exportVariable('ACTIONS_RUNTIME_URL', process.env['ACTIONS_RUNTIME_URL']) + - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: "Read secrets" @@ -139,8 +227,9 @@ jobs: - name: Dispatch run: | - dapper -f Dockerfile --target dapper make dispatch + dapper -f Dockerfile --bake --cache-from type=gha --cache-to type=gha,ignore-error=true,mode=max --target dapper make dispatch env: PAT_TOKEN: ${{ secrets.GITHUB_TOKEN }} PATH_USERNAME: ${{ env.PAT_USERNAME }} GITHUB_ACTION_TAG: ${{ env.GITHUB_ACTION_TAG }} + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index 58d3588f156..461e55d4117 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -28,6 +28,15 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + version: v0.16.0 + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] - name: Find Go Version for Build id: go-finder run: | @@ -39,8 +48,6 @@ jobs: uses: ./.github/actions/setup-go with: go-version: ${{ steps.go-finder.outputs.VERSION_GOLANG }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - name: Install OS Packages run: sudo apt-get install -y libarchive-tools g++-mingw-w64-x86-64 gcc-mingw-w64-x86-64 # Can only upload from a single path, so we need to copy the binary to the image directory @@ -48,11 +55,15 @@ jobs: # just compressed. We remove the rke2-runtime.tar as its not used by the install script. - name: Build RKE2 Binary and Compressed Runtime Image run: | - GOCOVER=true make package-bundle + make package-bundle make package-image-runtime cp ./bin/rke2 ./build/images/rke2 cp ./dist/artifacts/rke2.*-amd64.tar.gz ./build/images/ rm ./build/images/rke2-runtime.tar + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + GOCOVER: "true" + - name: Upload RKE2 Binary and Runtime Image uses: actions/upload-artifact@v4 with: @@ -175,4 +186,4 @@ jobs: with: ## If no one connects after 5 minutes, shut down server. wait-timeout-minutes: 5 - limit-access-to-actor: true \ No newline at end of file + limit-access-to-actor: true diff --git a/Dockerfile b/Dockerfile index 76c68c78f7a..9dfc35bd0a1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ ARG KUBERNETES_VERSION=dev # Build environment FROM rancher/hardened-build-base:v1.22.4b1 AS build ARG DAPPER_HOST_ARCH -ENV ARCH $DAPPER_HOST_ARCH +ENV ARCH="$DAPPER_HOST_ARCH" RUN set -x && \ apk --no-cache add \ bash \ @@ -31,48 +31,26 @@ RUN zypper install -y systemd-rpm-macros # Dapper/Drone/CI environment FROM build AS dapper -ENV DAPPER_ENV GODEBUG GOCOVER REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY DOCKER_USERNAME DOCKER_PASSWORD ARG DAPPER_HOST_ARCH -ENV ARCH $DAPPER_HOST_ARCH -ENV DAPPER_OUTPUT ./dist ./bin ./build -ENV DAPPER_DOCKER_SOCKET true -ENV DAPPER_TARGET dapper -ENV DAPPER_RUN_ARGS "--privileged --network host -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build -v trivy-cache:/root/.cache/trivy" -RUN if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "arm64" ]; then \ - VERSION=0.56.10 OS=linux && \ - curl -sL "https://github.com/vmware-tanzu/sonobuoy/releases/download/v${VERSION}/sonobuoy_${VERSION}_${OS}_${ARCH}.tar.gz" | \ - tar -xzf - -C /usr/local/bin; \ - fi -RUN curl -sL https://dl.k8s.io/release/$( \ - curl -sL https://dl.k8s.io/release/stable.txt \ - )/bin/linux/${ARCH}/kubectl -o /usr/local/bin/kubectl && \ - chmod a+x /usr/local/bin/kubectl; \ - pip install codespell +ENV ARCH="$DAPPER_HOST_ARCH" +ENV DAPPER_ENV="GODEBUG GOCOVER REPO TAG SKIP_DEV_RPM GITHUB_ACTION_TAG ACTIONS_CACHE_URL ACTIONS_RUNTIME_TOKEN PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION BUILDX_BUILDER DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY DOCKER_USERNAME DOCKER_PASSWORD" +ENV DAPPER_OUTPUT="./dist ./bin ./build" +ENV DAPPER_DOCKER_SOCKET="true" +ENV DAPPER_TARGET="dapper" +ENV DAPPER_RUN_ARGS="--privileged --network host -v /home/runner/.docker:/root/.docker -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build -v trivy-cache:/root/.cache/trivy" +RUN curl -fsL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.55.2 +RUN VERSION=0.56.10 OS=linux && \ + curl -fsL "https://github.com/vmware-tanzu/sonobuoy/releases/download/v${VERSION}/sonobuoy_${VERSION}_${OS}_${ARCH}.tar.gz" | \ + tar -xzvC /usr/local/bin +RUN VERSION=$(curl -fsL https://dl.k8s.io/release/stable.txt) && \ + curl -fsL "https://dl.k8s.io/release/${VERSION}/bin/linux/${ARCH}/kubectl" -o /usr/local/bin/kubectl && \ + chmod a+x /usr/local/bin/kubectl +RUN VERSION=v0.20.1 ARCH=$(bash -c 'echo ${ARCH/amd64/x86_64}') && \ + curl -fsL "https://github.com/google/go-containerregistry/releases/download/${VERSION}/go-containerregistry_Linux_${ARCH}.tar.gz" | \ + tar -zxvC /usr/local/bin crane -RUN python3 -m pip install awscli -RUN curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.55.2 -RUN set -x && \ - apk --no-cache add \ - libarchive-tools \ - zstd \ - jq \ - python3 && \ - if [ "${ARCH}" != "s390x" ] || [ "${GOARCH}" != "arm64" ]; then \ - apk add --no-cache rpm-dev; \ - fi - -RUN GOCR_VERSION="v0.5.1" && \ - if [ "${ARCH}" = "arm64" ]; then \ - wget https://github.com/google/go-containerregistry/releases/download/${GOCR_VERSION}/go-containerregistry_Linux_arm64.tar.gz && \ - tar -zxvf go-containerregistry_Linux_arm64.tar.gz && \ - mv crane /usr/local/bin && \ - chmod a+x /usr/local/bin/crane; \ - else \ - wget https://github.com/google/go-containerregistry/releases/download/${GOCR_VERSION}/go-containerregistry_Linux_x86_64.tar.gz && \ - tar -zxvf go-containerregistry_Linux_x86_64.tar.gz && \ - mv crane /usr/local/bin && \ - chmod a+x /usr/local/bin/crane; \ - fi +RUN apk --no-cache add libarchive-tools zstd jq rpm-dev python3 +RUN python3 -m pip install awscli codespell WORKDIR /source @@ -81,22 +59,13 @@ COPY --from=rpm-macros /usr/lib/rpm/macros.d/macros.systemd /usr/lib/rpm/macros. # Shell used for debugging FROM dapper AS shell -RUN set -x && \ - apk --no-cache add \ - bash-completion \ - iptables \ - less \ - psmisc \ - rsync \ - socat \ - sudo \ - vim +RUN apk --no-cache add bash-completion iptables less psmisc rsync socat sudo vim # For integration tests RUN go get github.com/onsi/ginkgo/v2 github.com/onsi/gomega/... RUN GO111MODULE=off GOBIN=/usr/local/bin go get github.com/go-delve/delve/cmd/dlv RUN echo 'alias abort="echo -e '\''q\ny\n'\'' | dlv connect :2345"' >> /root/.bashrc -ENV PATH=/var/lib/rancher/rke2/bin:$PATH -ENV KUBECONFIG=/etc/rancher/rke2/rke2.yaml +ENV PATH="/var/lib/rancher/rke2/bin:$PATH" +ENV KUBECONFIG="/etc/rancher/rke2/rke2.yaml" VOLUME /var/lib/rancher/rke2 # This makes it so we can run and debug k3s too VOLUME /var/lib/rancher/k3s @@ -156,9 +125,9 @@ COPY build/images/rke2-images.linux-amd64.tar.zst /var/lib/rancher/rke2/agent/im COPY build/images.txt /images.txt # use rke2 bundled binaries -ENV PATH=/var/lib/rancher/rke2/bin:$PATH +ENV PATH="/var/lib/rancher/rke2/bin:$PATH" # for kubectl -ENV KUBECONFIG=/etc/rancher/rke2/rke2.yaml +ENV KUBECONFIG="/etc/rancher/rke2/rke2.yaml" # for crictl ENV CONTAINER_RUNTIME_ENDPOINT="unix:///run/k3s/containerd/containerd.sock" # for ctr diff --git a/Dockerfile.windows b/Dockerfile.windows index 822e2363a25..fea2c078985 100644 --- a/Dockerfile.windows +++ b/Dockerfile.windows @@ -6,13 +6,13 @@ RUN apk --no-cache add \ # Dapper/Drone/CI environment FROM rancher/hardened-build-base:v1.21.5b2 AS dapper -ENV DAPPER_ENV GODEBUG REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY ARG DAPPER_HOST_ARCH -ENV ARCH $DAPPER_HOST_ARCH -ENV DAPPER_OUTPUT ./dist ./bin ./build -ENV DAPPER_DOCKER_SOCKET true -ENV DAPPER_TARGET dapper -ENV DAPPER_RUN_ARGS "--privileged --network host -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build" +ENV ARCH="$DAPPER_HOST_ARCH" +ENV DAPPER_ENV="GODEBUG REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY" +ENV DAPPER_OUTPUT="./dist ./bin ./build" +ENV DAPPER_DOCKER_SOCKET="true" +ENV DAPPER_TARGET="dapper" +ENV DAPPER_RUN_ARGS="--privileged --network host -v /home/runner/.docker:/root/.docker -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build" RUN apk update RUN set -x && \ apk add --no-cache \ @@ -39,7 +39,7 @@ WORKDIR /source # End Dapper stuff FROM rancher/hardened-containerd:v1.7.17-k3s1-build20240605-amd64-windows AS containerd -FROM build as windows-runtime-collect +FROM build AS windows-runtime-collect ARG KUBERNETES_VERSION=dev # windows runtime image diff --git a/Makefile b/Makefile index 699d52cd248..247e576e229 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ ci-shell: clean .dapper ## Launch a shell in the CI environment @echo '# Run "make dapper-ci" to reproduce CI in this shell #' @echo '######################################################' @echo - ./.dapper -f Dockerfile --target dapper -s + ./.dapper --bake -f Dockerfile --target dapper -s .PHONY: dapper-ci dapper-ci: .ci ## Used by Drone CI, does the same as "ci" but in a Drone way @@ -157,14 +157,14 @@ checksum: ./.dapper: @echo Downloading dapper - @curl -sL https://releases.rancher.com/dapper/v0.5.8/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp + @curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd5/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp @@chmod +x .dapper.tmp @./.dapper.tmp -v @mv .dapper.tmp .dapper in-docker-%: .dapper ## Advanced: wraps any target in Docker environment, for example: in-docker-build-debug mkdir -p ./bin/ ./dist/ ./build - ./.dapper -f Dockerfile --target dapper make $* + ./.dapper --bake -f Dockerfile --target dapper make $* .PHONY: help help: ## this help diff --git a/scripts/build-image-runtime b/scripts/build-image-runtime index c11896735e3..4821c391fea 100755 --- a/scripts/build-image-runtime +++ b/scripts/build-image-runtime @@ -5,7 +5,10 @@ cd $(dirname $0)/.. source ./scripts/version.sh -DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \ +docker buildx build \ + --load + --cache-from type=gha \ + --cache-to type=gha,ignore-error=true,mode=max \ --build-arg TAG=${VERSION} \ --build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \ --build-arg MAJOR=${VERSION_MAJOR} \ @@ -18,8 +21,16 @@ DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \ --file Dockerfile \ . +mkdir -p build/images +docker image save \ + --output build/images/${PROG}-runtime.tar \ + ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOOS}-${GOARCH} + if [ "${GOARCH}" != "s390x" ] && [ "${GOARCH}" != "arm64" ]; then - DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \ + docker buildx build \ + --load \ + --cache-from type=gha \ + --cache-to type=gha,ignore-error=true,mode=max \ --build-arg TAG=${VERSION} \ --build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \ --build-arg MAJOR=${VERSION_MAJOR} \ @@ -30,12 +41,10 @@ if [ "${GOARCH}" != "s390x" ] && [ "${GOARCH}" != "arm64" ]; then --file Dockerfile.windows \ . # Only ever used in its compressed form for e2e tests - mkdir -p build/images docker image save \ ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-windows-${GOARCH} | \ zstd -T0 -16 -f --long=25 --no-progress - -o build/images/${PROG}-images.windows-${GOARCH}.tar.zst fi -mkdir -p build/images -docker image save \ - --output build/images/${PROG}-runtime.tar \ - ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOOS}-${GOARCH} + +# fix builder activity timestamp file ownership getting broken when mounted into the dapper container +rm ~/.docker/buildx/activity/* diff --git a/scripts/build-image-test b/scripts/build-image-test index a3b7ca670aa..f1a72ef5b56 100755 --- a/scripts/build-image-test +++ b/scripts/build-image-test @@ -9,11 +9,17 @@ if [ "${GOARCH}" == "s390x" ] || [ "${GOARCH}" == "arm64" ]; then exit 0 fi -DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \ +docker buildx build \ + --load \ + --cache-from type=gha \ + --cache-to type=gha,ignore-error=true,mode=max \ --build-arg TAG=${VERSION} \ --build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \ --build-arg CACHEBUST="$(date +%s%N)" \ --tag ${REPO}/${PROG}-test:${DOCKERIZED_VERSION} \ --tag ${REPO}/${PROG}-test:${DOCKERIZED_VERSION}-${GOARCH} \ --target test \ -. + . + +# fix builder activity timestamp file ownership getting broken when mounted into the dapper container +rm ~/.docker/buildx/activity/* diff --git a/scripts/build-images b/scripts/build-images index 15866ad07a8..fed036fc24c 100755 --- a/scripts/build-images +++ b/scripts/build-images @@ -14,7 +14,7 @@ echo ${REGISTRY}/${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION} > build/images-co # The core image list is saved to a tarball and used later in tests. if [[ $RKE2_PATCH == dev.* ]]; then IMAGE_COMMAND='skopeo inspect --raw docker://$0 >/dev/null && echo $0' - IMAGES_CORE=/dev/null + IMAGES_CORE=/tmp/images-core.txt else IMAGE_COMMAND='docker image pull --quiet $0' IMAGES_CORE=build/images-core.txt @@ -115,5 +115,8 @@ xargs -n1 sh -xc "$IMAGE_COMMAND" << EOF > build/images-flannel.txt ${REGISTRY}/rancher/hardened-cni-plugins:v1.4.1-build20240430 EOF fi -# Continue to provide a legacy airgap archive set with the default CNI images -cat build/images-core.txt build/images-canal.txt > build/images.txt + +# Continue to provide a legacy airgap archive set with the default CNI images. +# This file is also used by the airgap image test to confirm that we're capturing +# the correct files for a cluster with default features. +cat /tmp/images-core.txt build/images-core.txt build/images-canal.txt > build/images.txt || true diff --git a/scripts/dev-shell-build b/scripts/dev-shell-build index 48c8d1e0e27..999ec2b6469 100755 --- a/scripts/dev-shell-build +++ b/scripts/dev-shell-build @@ -10,4 +10,4 @@ if [ ! -d build/images ]; then fi # build the dev shell image -DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build -t ${PROG}-dev --target shell . +docker buildx build --load -t ${PROG}-dev --target shell .