Merge pull request #122 from mallardduck/2.x-new-build

[2.9] Implement new build system

Author: mallardduck

.github/scripts/branch-tags.sh

@@ -40,10 +40,18 @@ elif [[ "$ref" == refs/heads/release/* ]]; then
   prevTag=$(getPreviousTag "${version}-head-")
 else
   echo "Unsupported branch pattern. Expected 'main' or 'release/*'."
-  exit 1
+  # This exits with status 0 to ensure it doesn't stop CI in GHA
+  # Outside of `main` or `release/*` branches it will use other tags
+  exit 0
 fi
 
 # Output the results
-echo "branch_tag=${branchTag}"
-echo "branch_static_tag=${branchStaticTag}"
-echo "prev_static_tag=${prevTag}"
+if [ "$1" == "ENV" ]; then
+  echo "BRANCH_TAG=${branchTag}"
+  echo "BRANCH_STATIC_TAG=${branchStaticTag}"
+  echo "PREV_STATIC_TAG=${prevTag}"
+else
+  echo "branch_tag=${branchTag}"
+  echo "branch_static_tag=${branchStaticTag}"
+  echo "prev_static_tag=${prevTag}"
+fi

.gitignore

@@ -3,8 +3,11 @@
 /.trash-cache
 /bin
 /dist
+/build
+/ci
 *.swp
 .idea
 versions.txt
 new-versions.txt
-/image_arch_test
+/image_arch_test
+*.oci

Makefile

@@ -1,7 +1,3 @@
-# To avoid polluting the Makefile, versions and checksums for tooling and
-# dependencies are defined at hack/make/deps.mk.
-include hack/make/deps.mk
-
 # Include logic that can be reused across projects.
 include hack/make/build.mk
 
@@ -14,19 +10,38 @@ IMAGE_NAME = $(REPO)/$(IMAGE)
 FULL_IMAGE_TAG = $(IMAGE_NAME):$(TAG)
 BUILD_ACTION = --load
 
+TARGETS := $(shell ls scripts|grep -ve "^util-\|entry\|^pull-scripts")
+
+# Default behavior for targets without dapper
+$(TARGETS):
+	./scripts/$@
+
+.PHONY: $(TARGETS)
+
 .DEFAULT_GOAL := ci
-ci: validate ## run the targets needed to validate a PR in CI.
 
 clean: ## clean up project.
 	rm -rf build
+	rm -rf multiarch-image.oci
+	rm -rf ./ci
 
 build-image: buildx-machine ## build (and load) the container image targeting the current platform.
 	$(IMAGE_BUILDER) build -f package/Dockerfile \
 		--builder $(MACHINE) $(IMAGE_ARGS) \
-		--build-arg VERSION=$(VERSION) -t "$(FULL_IMAGE_TAG)" $(BUILD_ACTION) .
+		--build-arg VERSION=$(VERSION) --platform=$(TARGET_PLATFORMS) -t "$(FULL_IMAGE_TAG)" $(BUILD_ACTION) .
 	@echo "Built $(FULL_IMAGE_TAG)"
 
-push-image: buildx-machine ## build the container image targeting all platforms defined by TARGET_PLATFORMS and push to a registry.
+build-validate: buildx-machine ## build (and load) the container image targeting the current platform.
+	mkdir -p ci
+	$(IMAGE_BUILDER) build -f package/Dockerfile \
+		--builder $(MACHINE) $(IMAGE_ARGS) \
+		--build-arg VERSION=$(VERSION) \
+		--platform=$(TARGET_PLATFORMS) \
+		--output type=oci,dest=ci/multiarch-image.oci \
+		-t "$(FULL_IMAGE_TAG)" .
+	@echo "Built $(FULL_IMAGE_TAG) multi-arch image saved to ci/multiarch-image.oci"
+
+push-image: validate buildx-machine ## build the container image targeting all platforms defined by TARGET_PLATFORMS and push to a registry.
 	$(IMAGE_BUILDER) build -f package/Dockerfile \
 		--builder $(MACHINE) $(IMAGE_ARGS) $(IID_FILE_FLAG) $(BUILDX_ARGS) \
 		--build-arg VERSION=$(VERSION) --platform=$(TARGET_PLATFORMS) -t "$(FULL_IMAGE_TAG)" --push .

hack/make/build.mk

@@ -1,30 +1,9 @@
 ifeq ($(VERSION),)
-	# Define VERSION, which is used for image tags or to bake it into the
-	# compiled binary to enable the printing of the application version,
-	# via the --version flag.
-	CHANGES = $(shell git status --porcelain --untracked-files=no)
-	ifneq ($(CHANGES),)
-		DIRTY = -dirty
-	endif
-
-	GIT_TAG = $(shell git tag -l --contains HEAD | head -n 1)
-	COMMIT = $(shell git rev-parse --short HEAD)
-	VERSION = $(COMMIT)$(DIRTY)
-
-	# Override VERSION with the Git tag if the current HEAD has a tag pointing to
-	# it AND the worktree isn't dirty.
-	ifneq ($(GIT_TAG),)
-		ifeq ($(DIRTY),)
-			VERSION = $(GIT_TAG)
-		endif
-	endif
+VERSION := $(shell ./scripts/version --short VERSION)
 endif
 
 ifeq ($(TAG),)
-	TAG = $(VERSION)
-	ifneq ($(DIRTY),)
-		TAG = dev
-	endif
+TAG := $(shell ./scripts/version --short TAG)
 endif
 
 RUNNER := docker

hack/make/deps.mk

@@ -0,0 +1,3 @@
+v1.28.15
+v1.29.15
+v1.30.13

kubectl-versions.txt

@@ -24,38 +24,21 @@ RUN zypper --non-interactive refresh && \
 COPY --from=kuberlr /bin/kuberlr /chroot/bin/
 RUN cd /chroot/bin && ln -s ./kuberlr ./kubectl
 COPY --from=kuberlr /home/kuberlr /chroot/home/kuberlr
-RUN sed -i 's/AllowDownload = true/AllowDownload = false/' /chroot/home/kuberlr/.kuberlr/kuberlr.conf
 
 WORKDIR /tmp
+COPY kubectl-versions.txt /tmp/kubectl-versions.txt
+# kuberlr get verifies bin hash for us
+RUN while read -r version; do \
+    /chroot/bin/kuberlr get $version; \
+    done < ./kubectl-versions.txt; \
+    /chroot/bin/kuberlr bins \
+    && cp -a /root/.kuberlr/linux-*/* /chroot/usr/bin/ \
+    && /chroot/bin/kuberlr bins
+
+# Disable ability to download kubectl due to air-gap support
+RUN sed -i 's/AllowDownload = true/AllowDownload = false/' /chroot/home/kuberlr/.kuberlr/kuberlr.conf
 
-ARG KUBECTL_VERSION_INFO
-
-SHELL ["/bin/bash", "-c"]
-RUN set -fx; versions=($KUBECTL_VERSION_INFO); \
-    for i in "${!versions[@]}"; do \
-        echo "The index is $i and the value is ${versions[$i]}"; \
-        version=$(echo ${versions[$i]} | cut -d: -f1); \
-        kubectl_url="https://dl.k8s.io/release/${version}/bin/linux/${TARGETARCH}/kubectl"; \
-        kubectl_target="/tmp/kubectl${version:1}"; \
-        echo "Downloading kubectl version ${version} from ${kubectl_url}"; \
-        echo "Targeting ${kubectl_target}"; \
-        curl -fsSL "$kubectl_url" -o "$kubectl_target"; \
-        chmod 0755 "$kubectl_target"; \
-    done
-
-RUN set -fx; versions=($KUBECTL_VERSION_INFO); \
-    for i in "${!versions[@]}"; do \
-        version=$(echo ${versions[$i]} | cut -d: -f1); \
-        arm64_sum=$(echo ${versions[$i]} | cut -d: -f2); \
-        amd64_sum=$(echo ${versions[$i]} | cut -d: -f3); \
-        kubectl_target="/tmp/kubectl${version:1}"; \
-        KUBE_SUM_NAME="${TARGETARCH}_sum"; \
-        KUBE_SUM=${!KUBE_SUM_NAME}; \
-        echo "${KUBE_SUM} ${kubectl_target}" | sha256sum -c -; \
-    done
-
-RUN cp /tmp/kubectl* /chroot/usr/bin/
-
+# Setup kuberlr user and perms
 RUN useradd -u 1000 -U kuberlr \
     && cp /etc/passwd /chroot/etc/passwd \
     && cp /etc/group /chroot/etc/group \

package/Dockerfile

@@ -2,7 +2,7 @@
 
 set -e
 
-header() {
+function header() {
   local text="$1"
   local width=53  # Adjust this for desired total width
   local padding=$(( (width - ${#text}) / 2 ))  # Calculate padding for centering
@@ -12,9 +12,42 @@ header() {
   printf '%*s\n' "$width" | tr ' ' '-'
 }
 
-verifyKuberlrKubectl() {
+function error() {
+  local text="$1"
+  local width=53  # Adjust this for desired total width
+  local padding=$(( (width - ${#text}) / 2 ))  # Calculate padding for centering
+
+  # ANSI escape codes for styling
+  local RED_BOLD='\033[1;31m' # Bold Red text
+  local RESET='\033[0m'      # Reset text formatting
+
+  # Print the error message in red and bold
+  echo -e "${RED_BOLD}"
+  printf '%*s\n' "$width" | tr ' ' '-'
+  printf '%*s%s%*s\n' "$padding" "" "$text" "$padding" ""
+  printf '%*s\n' "$width" | tr ' ' '-'
+  echo -e "${RESET}"
+}
+
+function expectedArch() {
+  IMAGE_ARCH=$1
+  case $IMAGE_ARCH in
+    amd64)
+      echo "x86-64"
+      ;;
+    arm64)
+      echo "aarch64"
+      ;;
+    *)
+      echo "UNKNOWN-ARCH"
+      ;;
+  esac
+}
+
+function verifyKuberlrKubectl() {
   # Loop through each architecture
   for ARCH in $ARCHES; do
+      EXPECTED_BIN_ARCH=$(expectedArch "$ARCH")
       ARCH_DIR="$WORKDIR/$ARCH"
       mkdir -p "$ARCH_DIR"
 
@@ -32,12 +65,30 @@ verifyKuberlrKubectl() {
       header "$ARCH - kuberlr BINs"
       # Verify architecture
       if [[ -f "$ARCH_DIR/kuberlr" ]]; then
-          echo -n "kuberlr: " && file "$ARCH_DIR/kuberlr"
+          FILE_INFO=$(file "$ARCH_DIR/kuberlr")
+          echo -n "kuberlr info:";
+          echo "$FILE_INFO"
+          if [[ "$FILE_INFO" == *"$EXPECTED_BIN_ARCH"* ]]; then
+            echo "Bin is expected arch"
+          else
+            error "ERROR - Bin NOT expected arch"
+            echo "Expected: $EXPECTED_BIN_ARCH"
+            exit 1
+          fi
       fi
       header "$ARCH - Kubectl BINs"
       for KUBECTL_VER in $KUBECTL_LIST; do
         if [[ -f "$ARCH_DIR/$KUBECTL_VER" ]]; then
-            echo -n "kuberlr($KUBECTL_VER): " && file "$ARCH_DIR/$KUBECTL_VER"
+            FILE_INFO=$(file "$ARCH_DIR/$KUBECTL_VER")
+            echo -n "kuberlr($KUBECTL_VER) info:";
+            echo "$FILE_INFO"
+            if [[ "$FILE_INFO" == *"$EXPECTED_BIN_ARCH"* ]]; then
+              echo "Bin is expected arch"
+            else
+              error "ERROR - Bin NOT expected arch"
+              echo "Expected: $EXPECTED_BIN_ARCH"
+              exit 1
+            fi
         fi
       done
 
@@ -56,6 +107,10 @@ done
 # Check if the user provided an image name and tag
 if [ "$#" -ne 1 ]; then
     echo "Usage: $0 <image_name:tag>"
+    echo "This script is used to help verify the contents of `rancher/kuberlr-kubectl` and `flavior/kuberlr` images."
+    echo "This script will verify:"
+    echo "  1. The architectures of a mult-arch image,"
+    echo "  2. The architecture of the image's required binaries (`kuberlr` and `kubectl`)."
     exit 1
 fi
 
@@ -74,10 +129,12 @@ if [ -z "$ARCHES" ]; then
     exit 1
 fi
 
-echo "Architectures found: $ARCHES"
+SINGLE_LINE_ARCH=$(echo "${ARCHES}" | tr '\n' ','|sed 's/,$//')
+echo "Architectures found: $SINGLE_LINE_ARCH"
 if [[ "$IMAGE" == */kuberlr:* ]]; then
       # Loop through each architecture
       for ARCH in $ARCHES; do
+          EXPECTED_BIN_ARCH=$(expectedArch "$ARCH")
           ARCH_DIR="$WORKDIR/$ARCH"
           mkdir -p "$ARCH_DIR"
 
@@ -91,7 +148,16 @@ if [[ "$IMAGE" == */kuberlr:* ]]; then
           header "$ARCH - kuberlr BINs"
           # Verify architecture
           if [[ -f "$ARCH_DIR/kuberlr" ]]; then
-              echo -n "kuberlr: " && file "$ARCH_DIR/kuberlr"
+              FILE_INFO=$(file "$ARCH_DIR/kuberlr")
+              echo -n "kuberlr info:";
+              echo "$FILE_INFO"
+              if [[ "$FILE_INFO" == *"$EXPECTED_BIN_ARCH"* ]]; then
+                echo "Bin is expected arch"
+              else
+                error "ERROR - Bin NOT expected arch"
+                echo "Expected: $EXPECTED_BIN_ARCH for $ARCH"
+                exit 1
+              fi
           fi
 
           echo "Done processing $ARCH."

scripts/check-image-binaries

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+SCRIPTS_DIR=$(realpath "$(dirname "$0")")
+PROJECT_DIR=$(dirname "$SCRIPTS_DIR")
+
+cd "$SCRIPTS_DIR"
+
+./version
+
+if [[ -f "$PROJECT_DIR/multiarch-image.oci" ]]; then
+   # Remove old OCI file
+    rm "$PROJECT_DIR/multiarch-image.oci"
+    echo "Removed old CI OCI file"
+fi
+
+# This project has no local go code, so no need to call build scripts
+# instead immediately packages container image for CI
+./package-ci
+
+# Tests come after building the image and charts
+./verify-local-multiarch-image

scripts/ci

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -e
+set -x
+
+echo "Starting package script..."
+
+SCRIPTS_DIR=$(realpath $(dirname $0))
+
+source "$SCRIPTS_DIR/version"
+
+GIT_ROOT=$(dirname $SCRIPTS_DIR)
+cd "$GIT_ROOT"
+
+REPO=${REPO} TAG=${TAG} make build-validate