Skip to content

Commit 2b36925

Browse files
authored
fix: unify chainguard tooling (#252)
* fix: unify chainguard tooling * f * f * f
1 parent e9a22ac commit 2b36925

File tree

5 files changed

+105
-53
lines changed

5 files changed

+105
-53
lines changed

.github/workflows/deploy-helm-production.yaml

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,19 +28,28 @@ jobs:
2828
uses: actions/setup-go@v5
2929
with:
3030
go-version-file: go.mod
31+
- uses: actions/cache@v4
32+
with:
33+
path: |
34+
build/.melange-cache
35+
key: melange-cache
36+
- name: Setup Melange
37+
uses: chainguard-dev/actions/setup-melange@main
3138
- name: Build melange package
3239
run: |
3340
export VERSION=${{needs.get-tag.outputs.tag}}
34-
make melange
41+
export MELANGE_CONFIG=deploy/melange.tmpl.yaml
42+
make melange-build
3543
- name: Publish apko image
3644
run: |
3745
export VERSION=${{needs.get-tag.outputs.tag}}
3846
export IMAGE=replicated/embedded-cluster-operator-image:${VERSION}
47+
export APKO_CONFIG=deploy/apko.tmpl.yaml
3948
make apko-login \
4049
REGISTRY=docker.io \
4150
USERNAME=${{secrets.DOCKERHUB_USER}} \
4251
PASSWORD=${{secrets.DOCKERHUB_PASSWORD}}
43-
make apko-publish
52+
make apko apko-publish
4453
echo ::notice title=digest::$(cat build/digest)
4554
4655
package-and-publish-helmchart:

.github/workflows/deploy-helm-staging.yaml

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,19 +28,28 @@ jobs:
2828
uses: actions/setup-go@v5
2929
with:
3030
go-version-file: go.mod
31+
- uses: actions/cache@v4
32+
with:
33+
path: |
34+
build/.melange-cache
35+
key: melange-cache
36+
- name: Setup Melange
37+
uses: chainguard-dev/actions/setup-melange@main
3138
- name: Build melange package
3239
run: |
3340
export VERSION=${{needs.get-tag.outputs.tag}}
34-
make melange
41+
export MELANGE_CONFIG=deploy/melange.tmpl.yaml
42+
make melange-build
3543
- name: Publish apko image
3644
run: |
3745
export VERSION=${{needs.get-tag.outputs.tag}}
3846
export IMAGE=replicated/embedded-cluster-operator-image-staging:${VERSION}
47+
export APKO_CONFIG=deploy/apko.tmpl.yaml
3948
make apko-login \
4049
REGISTRY=docker.io \
4150
USERNAME=${{secrets.DOCKERHUB_USER}} \
4251
PASSWORD=${{secrets.DOCKERHUB_PASSWORD}}
43-
make apko-publish
52+
make apko apko-publish
4453
echo ::notice title=digest::$(cat build/digest)
4554
4655
package-and-publish-helmchart:

.github/workflows/pull-request.yaml

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -64,15 +64,24 @@ jobs:
6464
uses: actions/setup-go@v5
6565
with:
6666
go-version-file: go.mod
67+
- uses: actions/cache@v4
68+
with:
69+
path: |
70+
build/.melange-cache
71+
key: melange-cache
72+
- name: Setup Melange
73+
uses: chainguard-dev/actions/setup-melange@main
6774
- name: Build melange package
6875
run: |
6976
export VERSION=${{needs.get-tag.outputs.tag}}
70-
make melange
77+
export MELANGE_CONFIG=deploy/melange.tmpl.yaml
78+
make melange-build
7179
- name: Build apko image
7280
run: |
7381
export VERSION=${{needs.get-tag.outputs.tag}}
7482
export IMAGE=ttl.sh/embedded-cluster-operator-image:dev-${VERSION}
75-
make apko-build
83+
export APKO_CONFIG=deploy/apko.tmpl.yaml
84+
make apko apko-build
7685
7786
check-crds:
7887
runs-on: ubuntu-latest

Makefile

Lines changed: 69 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,8 @@ else
6666
GOBIN=$(shell go env GOBIN)
6767
endif
6868

69+
export PATH := $(shell pwd)/bin:$(PATH)
70+
6971
# Setting SHELL to bash allows bash commands to be executed by recipes.
7072
# Options are set to exit when a recipe line exits non-zero or a piped command fails.
7173
SHELL = /usr/bin/env bash -o pipefail
@@ -185,6 +187,8 @@ $(LOCALBIN):
185187
KUSTOMIZE ?= $(LOCALBIN)/kustomize
186188
CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
187189
ENVTEST ?= $(LOCALBIN)/setup-envtest
190+
MELANGE ?= $(LOCALBIN)/melange
191+
APKO ?= $(LOCALBIN)/apko
188192

189193
## Tool Versions
190194
KUSTOMIZE_VERSION ?= v3.8.7
@@ -300,11 +304,11 @@ catalog-push: ## Push a catalog image.
300304

301305
# Push operator image to ttl.sh
302306
.PHONY: build-ttl.sh
303-
build-ttl.sh: export IMAGE = ttl.sh/${CURRENT_USER}/embedded-cluster-operator-image:24h
304-
build-ttl.sh: export VERSION = $(shell git describe --tags --dirty --always --abbrev=8 | sed 's/^v//')
305-
build-ttl.sh: export GOOS = linux
306-
build-ttl.sh: export GOARCH = amd64
307-
build-ttl.sh: build melange apko-publish
307+
build-ttl.sh: export IMAGE ?= ttl.sh/${CURRENT_USER}/embedded-cluster-operator-image:24h
308+
build-ttl.sh: export VERSION ?= $(shell git describe --tags --dirty --always --abbrev=8 | sed 's/^v//')
309+
build-ttl.sh: export MELANGE_CONFIG = deploy/melange.tmpl.yaml
310+
build-ttl.sh: export APKO_CONFIG = deploy/apko.tmpl.yaml
311+
build-ttl.sh: melange-build apko-publish
308312

309313
.PHONY: build-chart-ttl.sh
310314
build-chart-ttl.sh: build-ttl.sh
@@ -315,54 +319,76 @@ build-chart-ttl.sh: export CHART_REMOTE = oci://ttl.sh/${CURRENT_USER}
315319
build-chart-ttl.sh:
316320
cd charts/embedded-cluster-operator && ../../scripts/publish-helm-chart.sh
317321

322+
CHAINGUARD_TOOLS_USE_DOCKER = 0
323+
ifeq ($(CHAINGUARD_TOOLS_USE_DOCKER),"1")
324+
MELANGE_CACHE_DIR ?= /go/pkg/mod
325+
APKO_CMD = docker run -v $(shell pwd):/work -w /work -v $(shell pwd)/build/.docker:/root/.docker cgr.dev/chainguard/apko
326+
MELANGE_CMD = docker run --privileged --rm -v $(shell pwd):/work -w /work -v "$(shell go env GOMODCACHE)":${MELANGE_CACHE_DIR} cgr.dev/chainguard/melange
327+
else
328+
MELANGE_CACHE_DIR ?= build/.melange-cache
329+
APKO_CMD = apko
330+
MELANGE_CMD = melange
331+
endif
332+
333+
$(MELANGE_CACHE_DIR):
334+
mkdir -p $(MELANGE_CACHE_DIR)
335+
318336
.PHONY: apko-build
319-
apko-build: export IMAGE ?= ttl.sh/${CURRENT_USER}/embedded-cluster-operator-image:24h
320337
apko-build: export ARCHS ?= amd64
321-
apko-build: apko-template
322-
docker run -v "${PWD}":/work -w /work/build \
323-
cgr.dev/chainguard/apko build apko.yaml ${IMAGE} apko.tar \
324-
--arch ${ARCHS}
325-
326-
.PHONY: apko-publish
327-
apko-publish: export IMAGE ?= ttl.sh/${CURRENT_USER}/embedded-cluster-operator-image:24h
328-
apko-publish: export ARCHS ?= amd64
329-
apko-publish: apko-template
330-
docker run -v "${PWD}":/work -w /work/build -v "${PWD}"/build/.docker:/root/.docker \
331-
cgr.dev/chainguard/apko publish apko.yaml ${IMAGE} \
332-
--arch ${ARCHS} | tee build/digest
338+
apko-build: check-env-IMAGE apko-template
339+
cd build && ${APKO_CMD} \
340+
build apko.yaml ${IMAGE} apko.tar \
341+
--arch ${ARCHS}
342+
343+
.PHONY: apko-build-and-publish
344+
apko-build-and-publish: export ARCHS ?= amd64
345+
apko-build-and-publish: check-env-IMAGE apko-template
346+
cd build && ${APKO_CMD} \
347+
publish apko.yaml ${IMAGE} \
348+
--arch ${ARCHS} | tee digest
333349

334350
.PHONY: apko-login
335-
apko-login: check-env-REGISTRY check-env-USERNAME check-env-PASSWORD
336-
docker run -v "${PWD}":/work -v "${PWD}"/build/.docker:/root/.docker -w /work/build \
337-
cgr.dev/chainguard/apko login -u "${USERNAME}" \
338-
--password "${PASSWORD}" "${REGISTRY}"
339-
340-
.PHONY: melange
341-
melange: export ARCHS ?= amd64
342-
melange: melange-template
343-
mkdir -p build
344-
for f in pkg controllers main.go go.mod go.sum Makefile ; do \
345-
rm -rf "build/$$f" && cp -r $$f build/ ; \
346-
done
347-
docker run --rm -v "${PWD}":/work -w /work/build \
348-
cgr.dev/chainguard/melange keygen melange.rsa
349-
docker run --privileged --rm -v "${PWD}":/work -w /work \
350-
-v "$(shell go env GOMODCACHE)":/go/pkg/mod \
351-
cgr.dev/chainguard/melange build build/melange.yaml \
352-
--arch ${ARCHS} \
353-
--signing-key build/melange.rsa \
354-
--cache-dir=/go/pkg/mod \
355-
--out-dir build/packages/
351+
apko-login:
352+
rm -f build/.docker/config.json
353+
@ { [ "${PASSWORD}" = "" ] || [ "${USERNAME}" = "" ] ; } || \
354+
${APKO_CMD} \
355+
login -u "${USERNAME}" \
356+
--password "${PASSWORD}" "${REGISTRY}"
357+
358+
.PHONY: melange-build
359+
melange-build: export ARCHS ?= amd64
360+
melange-build: $(MELANGE_CACHE_DIR) melange-template
361+
${MELANGE_CMD} \
362+
keygen build/melange.rsa
363+
${MELANGE_CMD} \
364+
build build/melange.yaml \
365+
--arch ${ARCHS} \
366+
--signing-key build/melange.rsa \
367+
--cache-dir=$(MELANGE_CACHE_DIR) \
368+
--source-dir . \
369+
--out-dir build/packages/
356370

357371
.PHONY: melange-template
358-
melange-template: check-env-VERSION
372+
melange-template: check-env-MELANGE_CONFIG check-env-VERSION
359373
mkdir -p build
360-
envsubst '$${VERSION}' < deploy/melange.tmpl.yaml > build/melange.yaml
374+
envsubst '$${VERSION}' < ${MELANGE_CONFIG} > build/melange.yaml
361375

362376
.PHONY: apko-template
363-
apko-template: check-env-VERSION
377+
apko-template: check-env-APKO_CONFIG check-env-VERSION
364378
mkdir -p build
365-
envsubst '$${VERSION}' < deploy/apko.tmpl.yaml > build/apko.yaml
379+
envsubst '$${VERSION}' < ${APKO_CONFIG} > build/apko.yaml
380+
381+
melange: $(MELANGE)
382+
$(MELANGE): $(LOCALBIN)
383+
go install chainguard.dev/melange@latest && \
384+
test -s $(GOBIN)/melange && \
385+
ln -sf $(GOBIN)/melange $(LOCALBIN)/melange
386+
387+
apko: $(APKO)
388+
$(APKO): $(LOCALBIN)
389+
go install chainguard.dev/apko@latest && \
390+
test -s $(GOBIN)/apko && \
391+
ln -sf $(GOBIN)/apko $(LOCALBIN)/apko
366392

367393
check-env-%:
368394
@ if [ "${${*}}" = "" ]; then \

deploy/melange.tmpl.yaml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,12 +15,11 @@ environment:
1515
packages:
1616
- busybox
1717
- go
18-
environment:
19-
GOMODCACHE: /var/cache/melange
2018

2119
pipeline:
2220
- runs: |
23-
set -ex
21+
set -exuo pipefail
22+
2423
make build
25-
cp bin/manager "${{targets.destdir}}/manager"
24+
cp bin/manager "${{targets.contextdir}}/manager"
2625
- uses: strip

0 commit comments

Comments
 (0)