Use latest upstream instead of k0s images (#936)

* Use latest images instead of k0s images

Author: sgalsaleh

.github/workflows/ci.yaml

@@ -222,9 +222,9 @@ jobs:
           chmod +x ./output/bin/embedded-cluster
           ./output/bin/embedded-cluster version metadata > version-metadata.json
           ./output/bin/embedded-cluster version list-images > expected.txt
-          echo "Found $(wc -l < expected.txt) images"
+          printf "Expected images:\n$(cat expected.txt)\n"
           ./output/bin/buildtools metadata extract-helm-chart-images --metadata-path version-metadata.json > images.txt
-          echo "Found $(wc -l < images.txt) images"
+          printf "Found images:\n$(cat images.txt)\n"
           missing_images=0
           while read img; do
             grep -q "$img" expected.txt || { echo "Missing image: $img" && missing_images=$((missing_images+1)) ; }

chainguard.mk

@@ -63,6 +63,15 @@ apko-login:
 		login -u "${USERNAME}" \
 		--password "${PASSWORD}" "${REGISTRY}"
 
+.PHONY: apko-print-pkg-version
+apko-print-pkg-version: ARCHS ?= amd64
+apko-print-pkg-version: apko-template check-env-PACKAGE_NAME
+		cd build && \
+		${APKO_CMD} show-packages apko.yaml --arch=${ARCHS} | \
+		grep ${PACKAGE_NAME} | \
+		cut -s -d" " -f2 | \
+		head -n1
+
 .PHONY: apko-output-image
 apko-output-image:
 	@digest=$$(cut -s -d'@' -f2 build/digest); \
@@ -94,7 +103,7 @@ melange-template: check-env-MELANGE_CONFIG check-env-PACKAGE_VERSION
 .PHONY: apko-template
 apko-template: check-env-APKO_CONFIG check-env-PACKAGE_VERSION
 	mkdir -p build
-	envsubst '$${PACKAGE_NAME} $${PACKAGE_VERSION} $${UPSTREAM_VERSION}' < ${APKO_CONFIG} > build/apko.yaml
+	envsubst '$${PACKAGE_VERSION}' < ${APKO_CONFIG} > build/apko.yaml
 
 check-env-%:
 	@ if [ "${${*}}" = "" ]; then \

cmd/buildtools/addon.go

@@ -1,26 +1,114 @@
 package main
 
 import (
+	"context"
 	"fmt"
+	"os"
 	"strings"
 
 	"github.com/Masterminds/semver/v3"
+	"github.com/sirupsen/logrus"
 )
 
 type addonComponent struct {
-	getWolfiPackageName              func(opts addonComponentOptions) string
-	getWolfiPackageVersionComparison func(opts addonComponentOptions) string
-	upstreamVersionInputOverride     string
-	useUpstreamImage                 bool
+	name                         string
+	getCustomImageName           func(opts addonComponentOptions) (string, error)
+	getWolfiPackageName          func(opts addonComponentOptions) string
+	getWolfiPackageVersion       func(opts addonComponentOptions) string
+	upstreamVersionInputOverride string
+	useUpstreamImage             bool
 }
 
 type addonComponentOptions struct {
+	ctx              context.Context
 	k0sVersion       *semver.Version
 	upstreamVersion  *semver.Version
 	latestK8sVersion *semver.Version
 }
 
-func (c *addonComponent) getPackageNameAndVersion(wolfiAPKIndex []byte, upstreamVersion string) (string, string, error) {
+func (c *addonComponent) resolveImageRepoAndTag(ctx context.Context, image string) (string, string, error) {
+	if c.useUpstreamImage {
+		return c.resolveUpstreamImageRepoAndTag(ctx, image)
+	}
+	if c.getCustomImageName != nil {
+		return c.resolveCustomImageRepoAndTag(ctx, c.getUpstreamVersion(image))
+	}
+	return c.resolveApkoImageRepoAndTag(ctx, c.getUpstreamVersion(image))
+}
+
+func (c *addonComponent) getUpstreamVersion(image string) string {
+	if c.upstreamVersionInputOverride != "" {
+		if uv := os.Getenv(c.upstreamVersionInputOverride); uv != "" {
+			logrus.Infof("using input override from %s: %s", c.upstreamVersionInputOverride, uv)
+			return uv
+		}
+	}
+	return TagFromImage(image)
+}
+
+func (c *addonComponent) resolveUpstreamImageRepoAndTag(ctx context.Context, image string) (string, string, error) {
+	digest, err := GetImageDigest(ctx, image)
+	if err != nil {
+		return "", "", fmt.Errorf("failed to get image %s digest: %w", image, err)
+	}
+	tag := fmt.Sprintf("%s@%s", TagFromImage(image), digest)
+	repo := fmt.Sprintf("proxy.replicated.com/anonymous/%s", FamiliarImageName(RemoveTagFromImage(image)))
+	return repo, tag, nil
+}
+
+func (c *addonComponent) resolveCustomImageRepoAndTag(ctx context.Context, upstreamVersion string) (string, string, error) {
+	k0sVersion, err := getK0sVersion()
+	if err != nil {
+		return "", "", fmt.Errorf("get k0s version: %w", err)
+	}
+	latestK8sVersion, err := GetLatestKubernetesVersion()
+	if err != nil {
+		return "", "", fmt.Errorf("get latest k8s version: %w", err)
+	}
+	customImage, err := c.getCustomImageName(addonComponentOptions{
+		ctx:              ctx,
+		k0sVersion:       k0sVersion,
+		upstreamVersion:  semver.MustParse(upstreamVersion),
+		latestK8sVersion: latestK8sVersion,
+	})
+	if err != nil {
+		return "", "", fmt.Errorf("failed to get image name for %s: %w", c.name, err)
+	}
+	digest, err := GetImageDigest(ctx, customImage)
+	if err != nil {
+		return "", "", fmt.Errorf("failed to get image %s digest: %w", customImage, err)
+	}
+	tag := fmt.Sprintf("%s@%s", TagFromImage(customImage), digest)
+	repo := fmt.Sprintf("proxy.replicated.com/anonymous/%s", FamiliarImageName(RemoveTagFromImage(customImage)))
+	return repo, tag, nil
+}
+
+func (c *addonComponent) resolveApkoImageRepoAndTag(ctx context.Context, upstreamVersion string) (string, string, error) {
+	packageName, packageVersion, err := c.getPackageNameAndVersion(ctx, upstreamVersion)
+	if err != nil {
+		return "", "", fmt.Errorf("failed to get package name and version constraint for %s: %w", c.name, err)
+	}
+
+	logrus.Infof("building and publishing %s", c.name)
+
+	if err := ApkoBuildAndPublish(c.name, packageName, packageVersion); err != nil {
+		return "", "", fmt.Errorf("failed to apko build and publish for %s: %w", c.name, err)
+	}
+
+	builtImage, err := GetImageNameFromBuildFile()
+	if err != nil {
+		return "", "", fmt.Errorf("failed to get digest from build file: %w", err)
+	}
+
+	parts := strings.SplitN(builtImage, ":", 2)
+	if len(parts) != 2 {
+		return "", "", fmt.Errorf("invalid image name: %s", builtImage)
+	}
+
+	return fmt.Sprintf("proxy.replicated.com/anonymous/%s", FamiliarImageName(parts[0])), parts[1], nil
+}
+
+func (c *addonComponent) getPackageNameAndVersion(ctx context.Context, upstreamVersion string) (string, string, error) {
 	packageName := ""
 	if c.getWolfiPackageName == nil {
 		return packageName, strings.TrimPrefix(upstreamVersion, "v"), nil
@@ -38,29 +126,26 @@ func (c *addonComponent) getPackageNameAndVersion(wolfiAPKIndex []byte, upstream
 
 	if c.getWolfiPackageName != nil {
 		packageName = c.getWolfiPackageName(addonComponentOptions{
+			ctx:              ctx,
 			k0sVersion:       k0sVersion,
 			upstreamVersion:  semver.MustParse(upstreamVersion),
 			latestK8sVersion: latestK8sVersion,
 		})
 	}
 
-	comparison := latestPatchComparison(semver.MustParse(upstreamVersion))
-	if c.getWolfiPackageVersionComparison != nil {
-		comparison = c.getWolfiPackageVersionComparison(addonComponentOptions{
+	packageVersion := latestPatchVersion(semver.MustParse(upstreamVersion))
+	if c.getWolfiPackageVersion != nil {
+		packageVersion = c.getWolfiPackageVersion(addonComponentOptions{
+			ctx:              ctx,
 			k0sVersion:       k0sVersion,
 			upstreamVersion:  semver.MustParse(upstreamVersion),
 			latestK8sVersion: latestK8sVersion,
 		})
 	}
-	constraints, err := semver.NewConstraint(comparison)
-	if err != nil {
-		return "", "", fmt.Errorf("failed to parse version constraint: %w", err)
-	}
-
-	packageVersion, err := FindWolfiPackageVersion(wolfiAPKIndex, packageName, constraints)
-	if err != nil {
-		return "", "", fmt.Errorf("failed to find wolfi package version for %s=%s: %w", packageName, upstreamVersion, err)
-	}
 
 	return packageName, packageVersion, nil
 }
+
+func latestPatchVersion(s *semver.Version) string {
+	return fmt.Sprintf("%d.%d", s.Major(), s.Minor())
+}

cmd/buildtools/adminconsole.go

@@ -10,6 +10,25 @@ import (
 	"github.com/urfave/cli/v2"
 )
 
+var adminconsoleImageComponents = map[string]addonComponent{
+	"docker.io/kotsadm/kotsadm": {
+		name:             "kotsadm",
+		useUpstreamImage: true,
+	},
+	"docker.io/kotsadm/kotsadm-migrations": {
+		name:             "kotsadm-migrations",
+		useUpstreamImage: true,
+	},
+	"docker.io/kotsadm/kurl-proxy": {
+		name:             "kurl-proxy",
+		useUpstreamImage: true,
+	},
+	"docker.io/kotsadm/rqlite": {
+		name:             "rqlite",
+		useUpstreamImage: true,
+	},
+}
+
 var updateAdminConsoleAddonCommand = &cli.Command{
 	Name:      "adminconsole",
 	Usage:     "Updates the Admin Console addon",
@@ -35,7 +54,7 @@ var updateAdminConsoleAddonCommand = &cli.Command{
 		newmeta := release.AddonMetadata{
 			Version:  latest,
 			Location: fmt.Sprintf("oci://proxy.replicated.com/anonymous/%s", upstream),
-			Images:   make(map[string]string),
+			Images:   make(map[string]release.AddonImage),
 		}
 
 		values, err := release.GetValuesWithOriginalImages("adminconsole")
@@ -50,16 +69,19 @@ var updateAdminConsoleAddonCommand = &cli.Command{
 			return fmt.Errorf("failed to get images from admin console chart: %w", err)
 		}
 
-		logrus.Infof("fetching digest for images")
 		for _, image := range images {
-			sha, err := GetImageDigest(c.Context, image)
+			component, ok := adminconsoleImageComponents[RemoveTagFromImage(image)]
+			if !ok {
+				return fmt.Errorf("no component found for image %s", image)
+			}
+			repo, tag, err := component.resolveImageRepoAndTag(c.Context, image)
 			if err != nil {
-				return fmt.Errorf("failed to get image %s digest: %w", image, err)
+				return fmt.Errorf("failed to resolve image and tag for %s: %w", image, err)
+			}
+			newmeta.Images[component.name] = release.AddonImage{
+				Repo: repo,
+				Tag:  tag,
 			}
-			logrus.Infof("image %s digest: %s", image, sha)
-			tag := TagFromImage(image)
-			image = RemoveTagFromImage(image)
-			newmeta.Images[FamiliarImageName(image)] = fmt.Sprintf("%s@%s", tag, sha)
 		}
 
 		logrus.Infof("saving addon manifest")

cmd/buildtools/embeddedclusteroperator.go

@@ -13,16 +13,14 @@ import (
 	"github.com/urfave/cli/v2"
 )
 
-var operatorImageComponents = map[string]string{
-	"docker.io/replicated/embedded-cluster-operator-image": "embedded-cluster-operator",
-	"docker.io/library/busybox":                            "utils",
-}
-
-var operatorComponents = map[string]addonComponent{
-	"embedded-cluster-operator": {
+var operatorImageComponents = map[string]addonComponent{
+	"docker.io/replicated/embedded-cluster-operator-image": {
+		name:             "embedded-cluster-operator",
 		useUpstreamImage: true,
 	},
-	"utils": {},
+	"docker.io/library/busybox": {
+		name: "utils",
+	},
 }
 
 var updateOperatorAddonCommand = &cli.Command{
@@ -91,13 +89,7 @@ func updateOperatorAddonImages(ctx context.Context, chartURL string, chartVersio
 	newmeta := release.AddonMetadata{
 		Version:  chartVersion,
 		Location: chartURL,
-		Images:   make(map[string]string),
-	}
-
-	logrus.Infof("fetching wolfi apk index")
-	wolfiAPKIndex, err := GetWolfiAPKIndex()
-	if err != nil {
-		return fmt.Errorf("failed to get APK index: %w", err)
+		Images:   make(map[string]release.AddonImage),
 	}
 
 	values, err := release.GetValuesWithOriginalImages("embeddedclusteroperator")
@@ -120,59 +112,18 @@ func updateOperatorAddonImages(ctx context.Context, chartURL string, chartVersio
 	}
 
 	for _, image := range images {
-		logrus.Infof("updating image %s", image)
-
-		upstreamVersion := TagFromImage(image)
-		imageNoTag := RemoveTagFromImage(image)
-
-		componentName, ok := operatorImageComponents[imageNoTag]
-		if !ok {
-			return fmt.Errorf("no component found for image %s", imageNoTag)
-		}
-
-		component, ok := operatorComponents[componentName]
+		component, ok := operatorImageComponents[RemoveTagFromImage(image)]
 		if !ok {
-			return fmt.Errorf("no component found for component name %s", componentName)
+			return fmt.Errorf("no component found for image %s", image)
 		}
-
-		if component.useUpstreamImage {
-			logrus.Infof("fetching digest for image %s", image)
-			sha, err := GetImageDigest(ctx, image)
-			if err != nil {
-				return fmt.Errorf("failed to get image %s digest: %w", image, err)
-			}
-			logrus.Infof("image %s digest: %s", image, sha)
-			tag := TagFromImage(image)
-			image = RemoveTagFromImage(image)
-			newmeta.Images[FamiliarImageName(image)] = fmt.Sprintf("%s@%s", tag, sha)
-			continue
-		}
-
-		if component.upstreamVersionInputOverride != "" {
-			v := os.Getenv(component.upstreamVersionInputOverride)
-			if v != "" {
-				logrus.Infof("using input override from %s: %s", component.upstreamVersionInputOverride, v)
-				upstreamVersion = v
-			}
-		}
-
-		packageName, packageVersion, err := component.getPackageNameAndVersion(wolfiAPKIndex, upstreamVersion)
+		repo, tag, err := component.resolveImageRepoAndTag(ctx, image)
 		if err != nil {
-			return fmt.Errorf("failed to get package name and version for %s: %w", componentName, err)
+			return fmt.Errorf("failed to resolve image and tag for %s: %w", image, err)
 		}
-
-		logrus.Infof("building and publishing %s, %s=%s", componentName, packageName, packageVersion)
-
-		if err := ApkoBuildAndPublish(componentName, packageName, packageVersion, upstreamVersion); err != nil {
-			return fmt.Errorf("failed to apko build and publish for %s: %w", componentName, err)
-		}
-
-		digest, err := GetDigestFromBuildFile()
-		if err != nil {
-			return fmt.Errorf("failed to get digest from build file: %w", err)
+		newmeta.Images[component.name] = release.AddonImage{
+			Repo: repo,
+			Tag:  tag,
 		}
-
-		newmeta.Images[componentName] = fmt.Sprintf("%s@%s", packageVersion, digest)
 	}
 
 	logrus.Infof("saving addon manifest")