From 3346bd83731afff4ade337e0c48d8bbc6f9bc1a4 Mon Sep 17 00:00:00 2001 From: Flynn Date: Thu, 3 Mar 2022 16:38:42 -0500 Subject: [PATCH 01/39] Disable tests for the moment Signed-off-by: Flynn --- .../workflows/execute-tests-and-promote.yml | 356 +++++++++--------- 1 file changed, 180 insertions(+), 176 deletions(-) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index 708739f895..fe578f3dba 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -67,187 +67,191 @@ jobs: - uses: ./.github/actions/after-job if: always() - check-envoy-version: ######################################################### - runs-on: ubuntu-latest - env: - # See docker/base-python.docker.gen - BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Install Deps - uses: ./.github/actions/setup-deps - - name: "Git Login" - run: | - if [[ -n '${{ secrets.GHA_SSH_KEY }}' ]]; then - install -m700 -d ~/.ssh - install -m600 /dev/stdin ~/.ssh/id_rsa <<<'${{ secrets.GHA_SSH_KEY }}' - fi - - name: "Docker Login" - # This is important if ENVOY_DOCKER_REPO is a private repo. - uses: docker/login-action@v1 - with: - registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - - run: make check-envoy-version - - uses: ./.github/actions/after-job - if: always() + # check-envoy-version: ######################################################### + # runs-on: ubuntu-latest + # env: + # # See docker/base-python.docker.gen + # BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} + # steps: + # - uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Install Deps + # uses: ./.github/actions/setup-deps + # - name: "Git Login" + # run: | + # if [[ -n '${{ secrets.GHA_SSH_KEY }}' ]]; then + # install -m700 -d ~/.ssh + # install -m600 /dev/stdin ~/.ssh/id_rsa <<<'${{ secrets.GHA_SSH_KEY }}' + # fi + # - name: "Docker Login" + # # This is important if ENVOY_DOCKER_REPO is a private repo. + # uses: docker/login-action@v1 + # with: + # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} + # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + # - run: make check-envoy-version + # - uses: ./.github/actions/after-job + # if: always() # Tests ###################################################################### - check-gotest: - runs-on: ubuntu-latest - env: - # See docker/base-python.docker.gen - BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Install Deps - uses: ./.github/actions/setup-deps - - name: "Docker Login" - uses: docker/login-action@v1 - with: - registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - - name: make gotest - shell: bash - run: | - export DEV_KUBE_NO_PVC=yes - export KAT_REQ_LIMIT=900 - make gotest - - uses: ./.github/actions/after-job - if: always() - check-pytest: - runs-on: ubuntu-latest - env: - # See docker/base-python.docker.gen - BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} - # See pkg/kubeapply/resource_kubeapply.go - DEV_USE_IMAGEPULLSECRET: ${{ secrets.DEV_USE_IMAGEPULLSECRET }} - DOCKER_BUILD_USERNAME: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - DOCKER_BUILD_PASSWORD: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - strategy: - fail-fast: false - matrix: - test: - - integration - - kat-envoy3-1-of-5 - - kat-envoy3-2-of-5 - - kat-envoy3-3-of-5 - - kat-envoy3-4-of-5 - - kat-envoy3-5-of-5 - # FIXME(lukeshu): KAT_RUN_MODE=local is disabled because it - # needs fixed for a world where annotations are already - # unfolded in the snapshot. - # - #- kat-local - name: pytest-${{ matrix.test }} - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Install Deps - uses: ./.github/actions/setup-deps - - name: "Docker Login" - uses: docker/login-action@v1 - with: - registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - - name: make pytest-${{ matrix.test }} - run: | - export USE_LOCAL_K3S_CLUSTER=1 - sudo sysctl -w fs.file-max=1600000 - sudo sysctl -w fs.inotify.max_user_instances=4096 + # check-gotest: + # runs-on: ubuntu-latest + # env: + # # See docker/base-python.docker.gen + # BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} + # steps: + # - uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Install Deps + # uses: ./.github/actions/setup-deps + # - name: "Docker Login" + # uses: docker/login-action@v1 + # with: + # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} + # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + # - name: make gotest + # shell: bash + # run: | + # export DEV_KUBE_NO_PVC=yes + # export KAT_REQ_LIMIT=900 + # make gotest + # - uses: ./.github/actions/after-job + # if: always() + # check-pytest: + # runs-on: ubuntu-latest + # env: + # # See docker/base-python.docker.gen + # BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} + # # See pkg/kubeapply/resource_kubeapply.go + # DEV_USE_IMAGEPULLSECRET: ${{ secrets.DEV_USE_IMAGEPULLSECRET }} + # DOCKER_BUILD_USERNAME: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + # DOCKER_BUILD_PASSWORD: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + # strategy: + # fail-fast: false + # matrix: + # test: + # - integration + # - kat-envoy3-1-of-5 + # - kat-envoy3-2-of-5 + # - kat-envoy3-3-of-5 + # - kat-envoy3-4-of-5 + # - kat-envoy3-5-of-5 + # # FIXME(lukeshu): KAT_RUN_MODE=local is disabled because it + # # needs fixed for a world where annotations are already + # # unfolded in the snapshot. + # # + # #- kat-local + # name: pytest-${{ matrix.test }} + # steps: + # - uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Install Deps + # uses: ./.github/actions/setup-deps + # - name: "Docker Login" + # uses: docker/login-action@v1 + # with: + # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} + # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + # - name: make pytest-${{ matrix.test }} + # run: | + # export USE_LOCAL_K3S_CLUSTER=1 + # sudo sysctl -w fs.file-max=1600000 + # sudo sysctl -w fs.inotify.max_user_instances=4096 - make ci/setup-k3d K3D_CLUSTER_NAME=amb-ci + # make ci/setup-k3d K3D_CLUSTER_NAME=amb-ci - export DEV_KUBE_NO_PVC=yes - export KAT_REQ_LIMIT=900 - export DEV_KUBECONFIG=~/.kube/config - export DEV_REGISTRY=${{ secrets.DEV_REGISTRY }} - make pytest-${{ matrix.test }} - - uses: ./.github/actions/after-job - if: always() - with: - jobname: check-pytest-${{ matrix.test }} - check-pytest-unit: - # pytest-unit is separate from pytests (above) because we know for certain that no cluster is needed. - # XXX This is pretty much a crock. - runs-on: ubuntu-latest - env: - # See docker/base-python.docker.gen - BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} - strategy: - matrix: - test: - - unit - name: pytest-${{ matrix.test }} - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Install Deps - uses: ./.github/actions/setup-deps - - name: "Docker Login" - uses: docker/login-action@v1 - with: - registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - - name: make pytest-${{ matrix.test }} - run: | - sudo sysctl -w fs.file-max=1600000 - sudo sysctl -w fs.inotify.max_user_instances=4096 + # export DEV_KUBE_NO_PVC=yes + # export KAT_REQ_LIMIT=900 + # export DEV_KUBECONFIG=~/.kube/config + # export DEV_REGISTRY=${{ secrets.DEV_REGISTRY }} + # make pytest-${{ matrix.test }} + # - uses: ./.github/actions/after-job + # if: always() + # with: + # jobname: check-pytest-${{ matrix.test }} + # check-pytest-unit: + # # pytest-unit is separate from pytests (above) because we know for certain that no cluster is needed. + # # XXX This is pretty much a crock. + # runs-on: ubuntu-latest + # env: + # # See docker/base-python.docker.gen + # BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} + # strategy: + # matrix: + # test: + # - unit + # name: pytest-${{ matrix.test }} + # steps: + # - uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Install Deps + # uses: ./.github/actions/setup-deps + # - name: "Docker Login" + # uses: docker/login-action@v1 + # with: + # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} + # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + # - name: make pytest-${{ matrix.test }} + # run: | + # sudo sysctl -w fs.file-max=1600000 + # sudo sysctl -w fs.inotify.max_user_instances=4096 - export DEV_KUBE_NO_PVC=yes - export KAT_REQ_LIMIT=900 - export DEV_KUBECONFIG=~/.kube/config - export DEV_REGISTRY=${{ secrets.DEV_REGISTRY }} - export PYTEST_ARGS=' --cov-branch --cov=ambassador --cov-report html:/tmp/cov_html ' - make pytest-${{ matrix.test }} - - uses: ./.github/actions/after-job - if: always() - with: - jobname: check-pytest-${{ matrix.test }} - check-chart: - runs-on: ubuntu-latest - env: - DEV_REGISTRY: ${{ secrets.DEV_REGISTRY }} - # See docker/base-python.docker.gen - BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} - # See pkg/kubeapply/resource_kubeapply.go - DEV_USE_IMAGEPULLSECRET: ${{ secrets.DEV_USE_IMAGEPULLSECRET }} - DOCKER_BUILD_USERNAME: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - DOCKER_BUILD_PASSWORD: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - steps: - - uses: docker/login-action@v1 - with: - registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - ref: ${{ github.event.pull_request.head.sha }} - - name: Install Deps - uses: ./.github/actions/setup-deps - - name: make test-chart - run: | - make ci/setup-k3d K3D_CLUSTER_NAME=amb-ci - export DEV_KUBECONFIG=~/.kube/config + # export DEV_KUBE_NO_PVC=yes + # export KAT_REQ_LIMIT=900 + # export DEV_KUBECONFIG=~/.kube/config + # export DEV_REGISTRY=${{ secrets.DEV_REGISTRY }} + # export PYTEST_ARGS=' --cov-branch --cov=ambassador --cov-report html:/tmp/cov_html ' + # make pytest-${{ matrix.test }} + # - uses: ./.github/actions/after-job + # if: always() + # with: + # jobname: check-pytest-${{ matrix.test }} + # check-chart: + # runs-on: ubuntu-latest + # env: + # DEV_REGISTRY: ${{ secrets.DEV_REGISTRY }} + # # See docker/base-python.docker.gen + # BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} + # # See pkg/kubeapply/resource_kubeapply.go + # DEV_USE_IMAGEPULLSECRET: ${{ secrets.DEV_USE_IMAGEPULLSECRET }} + # DOCKER_BUILD_USERNAME: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + # DOCKER_BUILD_PASSWORD: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + # steps: + # - uses: docker/login-action@v1 + # with: + # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} + # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + # - uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # ref: ${{ github.event.pull_request.head.sha }} + # - name: Install Deps + # uses: ./.github/actions/setup-deps + # - name: make test-chart + # run: | + # make ci/setup-k3d K3D_CLUSTER_NAME=amb-ci + # export DEV_KUBECONFIG=~/.kube/config - make test-chart - - uses: ./.github/actions/after-job - if: always() + # make test-chart + # - uses: ./.github/actions/after-job + # if: always() build: ####################################################################### runs-on: ubuntu-latest env: + AWS_ACCESS_KEY_ID: ${{ secrets.GH_AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.GH_AWS_SECRET_ACCESS_KEY }} + AWS_EC2_METADATA_DISABLED: true + AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} DEV_REGISTRY: ${{ secrets.DEV_REGISTRY }} # See docker/base-python.docker.gen BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} @@ -282,11 +286,11 @@ jobs: - lint - build - generate - - check-envoy-version - - check-gotest - - check-pytest - - check-pytest-unit - - check-chart + # - check-envoy-version + # - check-gotest + # - check-pytest + # - check-pytest-unit + # - check-chart runs-on: ubuntu-latest steps: - name: No-Op From 8ad1dab75b053e6ef119eabfd410b8afc793ceac Mon Sep 17 00:00:00 2001 From: Flynn Date: Thu, 3 Mar 2022 16:39:01 -0500 Subject: [PATCH 02/39] Local registry hrm Signed-off-by: Flynn --- .../workflows/execute-tests-and-promote.yml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index fe578f3dba..29e3ef7fca 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -252,9 +252,14 @@ jobs: AWS_SECRET_ACCESS_KEY: ${{ secrets.GH_AWS_SECRET_ACCESS_KEY }} AWS_EC2_METADATA_DISABLED: true AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} - DEV_REGISTRY: ${{ secrets.DEV_REGISTRY }} + # DEV_REGISTRY: ${{ secrets.DEV_REGISTRY }} # See docker/base-python.docker.gen BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} + services: + registry: + image: registry:2 + ports: + - 5000:5000 steps: - uses: actions/checkout@v2 with: @@ -262,12 +267,12 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: Install Deps uses: ./.github/actions/setup-deps - - name: "Docker Login" - uses: docker/login-action@v1 - with: - registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + # - name: "Docker Login" + # uses: docker/login-action@v1 + # with: + # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} + # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - name: "make push" shell: bash run: | From 656753b1bbdd572f15fe713f4f6e7ea1c7b0c283 Mon Sep 17 00:00:00 2001 From: Flynn Date: Mon, 11 Apr 2022 16:07:08 -0400 Subject: [PATCH 03/39] what is up with git Signed-off-by: Flynn --- .github/workflows/execute-tests-and-promote.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index 29e3ef7fca..1c9e082e85 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -18,6 +18,12 @@ jobs: - uses: actions/checkout@v2 with: fetch-depth: 0 + - name: Git Describe + run: | + for sha in $(git log --format="%H" -10) + do + echo "$sha $(git describe --tags $sha)" + done - name: Install Deps uses: ./.github/actions/setup-deps - shell: bash From 4a84ef292cfb909d6bd8a975a9cc84a63558f2b5 Mon Sep 17 00:00:00 2001 From: Flynn Date: Mon, 11 Apr 2022 16:12:42 -0400 Subject: [PATCH 04/39] what is up with git Signed-off-by: Flynn --- .github/workflows/execute-tests-and-promote.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index 1c9e082e85..f9fbc6d07c 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -22,7 +22,7 @@ jobs: run: | for sha in $(git log --format="%H" -10) do - echo "$sha $(git describe --tags $sha)" + echo "$sha $(git describe --tags $sha) -- $(git describe --tags --match chart/)" done - name: Install Deps uses: ./.github/actions/setup-deps From d3f7ca3537e4e1f76de046987d32108f7147d21e Mon Sep 17 00:00:00 2001 From: Flynn Date: Mon, 11 Apr 2022 16:16:24 -0400 Subject: [PATCH 05/39] hardcode chart for now Signed-off-by: Flynn --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index dc33b621d7..87877d8f6d 100644 --- a/Makefile +++ b/Makefile @@ -26,6 +26,7 @@ ifneq ($(MAKECMDGOALS),$(OSS_HOME)/build-aux/go-version.txt) $(error VERSION variable is invalid: It must not contain + characters, but is '$(VERSION)'),) export VERSION + CHART_VERSION=7.9.9-broken.0 CHART_VERSION := $(or $(CHART_VERSION),$(shell go run ./tools/src/goversion --dir-prefix=chart)) $(if $(filter v8.%,$(CHART_VERSION)),\ ,$(error CHART_VERSION variable is invalid: It must be a v8.* string, but is '$(CHART_VERSION)')) From 9c7cd9368574484fbff929ccdfc420ffcd6e6dee Mon Sep 17 00:00:00 2001 From: Flynn Date: Mon, 11 Apr 2022 16:17:55 -0400 Subject: [PATCH 06/39] fix hardcode chart for now Signed-off-by: Flynn --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 87877d8f6d..b2fd7126fc 100644 --- a/Makefile +++ b/Makefile @@ -26,7 +26,7 @@ ifneq ($(MAKECMDGOALS),$(OSS_HOME)/build-aux/go-version.txt) $(error VERSION variable is invalid: It must not contain + characters, but is '$(VERSION)'),) export VERSION - CHART_VERSION=7.9.9-broken.0 + CHART_VERSION=v7.9.9-broken.0 CHART_VERSION := $(or $(CHART_VERSION),$(shell go run ./tools/src/goversion --dir-prefix=chart)) $(if $(filter v8.%,$(CHART_VERSION)),\ ,$(error CHART_VERSION variable is invalid: It must be a v8.* string, but is '$(CHART_VERSION)')) From e20d411030cf5387d69e48c4520fcb1431a3c182 Mon Sep 17 00:00:00 2001 From: Flynn Date: Mon, 11 Apr 2022 16:25:51 -0400 Subject: [PATCH 07/39] Try setting DEV_REGISTRY Signed-off-by: Flynn --- .github/workflows/execute-tests-and-promote.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index f9fbc6d07c..1d1015be9f 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -282,11 +282,11 @@ jobs: - name: "make push" shell: bash run: | - make push + make DEV_REGISTRY=localhost:5000 push - name: "make push-dev" shell: bash run: | - make push-dev + make DEV_REGISTRY=localhost:5000 push-dev - uses: ./.github/actions/after-job if: always() From 4b23537b74649d4ae84a7267b79f1b1f547d8f87 Mon Sep 17 00:00:00 2001 From: Flynn Date: Mon, 11 Apr 2022 17:45:01 -0400 Subject: [PATCH 08/39] Try saving image as artifact Signed-off-by: Flynn --- .github/workflows/execute-tests-and-promote.yml | 12 ++++++++++-- builder/builder.mk | 6 ++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index 1d1015be9f..9c28e8f998 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -283,10 +283,18 @@ jobs: shell: bash run: | make DEV_REGISTRY=localhost:5000 push - - name: "make push-dev" + - uses: ./.github/actions/git-dirty-check + name: "Check git not dirty (from make push)" + - name: "Export Docker image" shell: bash run: | - make DEV_REGISTRY=localhost:5000 push-dev + make DEV_REGISTRY=localhost:5000 EXPORT_FILE=/tmp/docker-img export-docker + - name: "Upload Docker image" + uses: actions/upload-artifact@v2 + with: + name: logs-${{ inputs.name }} + path: /tmp/test-logs + if-no-files-found: ignore - uses: ./.github/actions/after-job if: always() diff --git a/builder/builder.mk b/builder/builder.mk index 5179bd7b35..c4667ffa7f 100644 --- a/builder/builder.mk +++ b/builder/builder.mk @@ -268,6 +268,12 @@ push-dev: docker/$(LCNAME).docker.tag.local docker push '$(DEV_REGISTRY)/$(LCNAME):$(patsubst v%,%,$(VERSION))' .PHONY: push-dev +export-docker: docker/$(LCNAME).docker.tag.local + @if [ -z "$$EXPORT_FILE" ]; then printf '$(RED)$@: EXPORT_FILE is not set$(END)\n'; exit 1; fi; \ + @printf '$(CYN)==> $(GRN)exporting $(BLU)%s$(GRN) as $(BLU)%s$(GRN)...$(END)\n' '$(LCNAME)' '$$EXPORT_FILE' + docker save $$(cat docker/$(LCNAME).docker) -o '$$EXPORT_FILE' +.PHONY: export-docker + export KUBECONFIG_ERR=$(RED)ERROR: please set the $(BLU)DEV_KUBECONFIG$(RED) make/env variable to the cluster\n you would like to use for development. Note this cluster must have access\n to $(BLU)DEV_REGISTRY$(RED) (currently $(BLD)$(DEV_REGISTRY)$(END)$(RED))$(END) export KUBECTL_ERR=$(RED)ERROR: preflight kubectl check failed$(END) From 4e17848b69edee416f3cb62b853d69e1bc6aefb3 Mon Sep 17 00:00:00 2001 From: Flynn Date: Mon, 11 Apr 2022 17:57:39 -0400 Subject: [PATCH 09/39] fix syntax error Signed-off-by: Flynn --- builder/builder.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builder/builder.mk b/builder/builder.mk index c4667ffa7f..48202ac40c 100644 --- a/builder/builder.mk +++ b/builder/builder.mk @@ -269,7 +269,7 @@ push-dev: docker/$(LCNAME).docker.tag.local .PHONY: push-dev export-docker: docker/$(LCNAME).docker.tag.local - @if [ -z "$$EXPORT_FILE" ]; then printf '$(RED)$@: EXPORT_FILE is not set$(END)\n'; exit 1; fi; \ + @if [ -z "$$EXPORT_FILE" ]; then printf '$(RED)$@: EXPORT_FILE is not set$(END)\n'; exit 1; fi; @printf '$(CYN)==> $(GRN)exporting $(BLU)%s$(GRN) as $(BLU)%s$(GRN)...$(END)\n' '$(LCNAME)' '$$EXPORT_FILE' docker save $$(cat docker/$(LCNAME).docker) -o '$$EXPORT_FILE' .PHONY: export-docker From 5b9ac39cdee16ea5a3942cf1703ddc9e2097e732 Mon Sep 17 00:00:00 2001 From: Flynn Date: Mon, 11 Apr 2022 18:05:51 -0400 Subject: [PATCH 10/39] Don't push. Do copy artifacts. Signed-off-by: Flynn --- .github/workflows/execute-tests-and-promote.yml | 16 ++++++++-------- builder/builder.mk | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index 9c28e8f998..66fc1b8e86 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -279,22 +279,22 @@ jobs: # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - - name: "make push" - shell: bash - run: | - make DEV_REGISTRY=localhost:5000 push + # - name: "make push" + # shell: bash + # run: | + # make DEV_REGISTRY=localhost:5000 push - uses: ./.github/actions/git-dirty-check name: "Check git not dirty (from make push)" - - name: "Export Docker image" + - name: "Build and export Docker image" shell: bash run: | make DEV_REGISTRY=localhost:5000 EXPORT_FILE=/tmp/docker-img export-docker - name: "Upload Docker image" uses: actions/upload-artifact@v2 with: - name: logs-${{ inputs.name }} - path: /tmp/test-logs - if-no-files-found: ignore + name: docker.image + path: /tmp/docker-img + if-no-files-found: fail - uses: ./.github/actions/after-job if: always() diff --git a/builder/builder.mk b/builder/builder.mk index 48202ac40c..615061c850 100644 --- a/builder/builder.mk +++ b/builder/builder.mk @@ -270,8 +270,8 @@ push-dev: docker/$(LCNAME).docker.tag.local export-docker: docker/$(LCNAME).docker.tag.local @if [ -z "$$EXPORT_FILE" ]; then printf '$(RED)$@: EXPORT_FILE is not set$(END)\n'; exit 1; fi; - @printf '$(CYN)==> $(GRN)exporting $(BLU)%s$(GRN) as $(BLU)%s$(GRN)...$(END)\n' '$(LCNAME)' '$$EXPORT_FILE' - docker save $$(cat docker/$(LCNAME).docker) -o '$$EXPORT_FILE' + @printf '$(CYN)==> $(GRN)exporting $(BLU)%s$(GRN) as $(BLU)%s$(GRN)...$(END)\n' '$(LCNAME)' "$$EXPORT_FILE" + docker save $$(cat docker/$(LCNAME).docker) -o "$$EXPORT_FILE" .PHONY: export-docker export KUBECONFIG_ERR=$(RED)ERROR: please set the $(BLU)DEV_KUBECONFIG$(RED) make/env variable to the cluster\n you would like to use for development. Note this cluster must have access\n to $(BLU)DEV_REGISTRY$(RED) (currently $(BLD)$(DEV_REGISTRY)$(END)$(RED))$(END) From 739fac2fcafe553c5c6448af6ec171f8d29dcd44 Mon Sep 17 00:00:00 2001 From: Flynn Date: Mon, 11 Apr 2022 18:29:56 -0400 Subject: [PATCH 11/39] Make GHA happier Signed-off-by: Flynn --- .github/workflows/execute-tests-and-promote.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index 66fc1b8e86..bb64b2d7ef 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -246,7 +246,7 @@ jobs: # run: | # make ci/setup-k3d K3D_CLUSTER_NAME=amb-ci # export DEV_KUBECONFIG=~/.kube/config - + # # make test-chart # - uses: ./.github/actions/after-job # if: always() From d348e64899588641ef68720cd422c7f9bf4da019 Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 12 Apr 2022 09:25:29 -0400 Subject: [PATCH 12/39] Why is 'make generate' logging into Docker? Signed-off-by: Flynn --- .github/workflows/execute-tests-and-promote.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index bb64b2d7ef..fbf42b0d4a 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -52,12 +52,12 @@ jobs: install -m700 -d ~/.ssh install -m600 /dev/stdin ~/.ssh/id_rsa <<<'${{ secrets.GHA_SSH_KEY }}' fi - - name: "Docker Login" - uses: docker/login-action@v1 - with: - registry: ${{ (!startsWith(secrets.RELEASE_REGISTRY, 'docker.io/')) && secrets.RELEASE_REGISTRY || null }} - username: ${{ secrets.GH_DOCKER_RELEASE_USERNAME }} - password: ${{ secrets.GH_DOCKER_RELEASE_TOKEN }} + # - name: "Docker Login" + # uses: docker/login-action@v1 + # with: + # registry: ${{ (!startsWith(secrets.RELEASE_REGISTRY, 'docker.io/')) && secrets.RELEASE_REGISTRY || null }} + # username: ${{ secrets.GH_DOCKER_RELEASE_USERNAME }} + # password: ${{ secrets.GH_DOCKER_RELEASE_TOKEN }} - name: "'make generate'" shell: bash run: | From d2abd740b1752a2780f3b9dd1923033feb17d20e Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 12 Apr 2022 13:03:30 -0400 Subject: [PATCH 13/39] Try importing docker image from artifact Signed-off-by: Flynn --- .../workflows/execute-tests-and-promote.yml | 348 +++++++++--------- builder/builder.mk | 12 + 2 files changed, 186 insertions(+), 174 deletions(-) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index fbf42b0d4a..0a8fa61c70 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -73,183 +73,183 @@ jobs: - uses: ./.github/actions/after-job if: always() - # check-envoy-version: ######################################################### - # runs-on: ubuntu-latest - # env: - # # See docker/base-python.docker.gen - # BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} - # steps: - # - uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Install Deps - # uses: ./.github/actions/setup-deps - # - name: "Git Login" - # run: | - # if [[ -n '${{ secrets.GHA_SSH_KEY }}' ]]; then - # install -m700 -d ~/.ssh - # install -m600 /dev/stdin ~/.ssh/id_rsa <<<'${{ secrets.GHA_SSH_KEY }}' - # fi - # - name: "Docker Login" - # # This is important if ENVOY_DOCKER_REPO is a private repo. - # uses: docker/login-action@v1 - # with: - # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - # - run: make check-envoy-version - # - uses: ./.github/actions/after-job - # if: always() + check-envoy-version: ######################################################### + runs-on: ubuntu-latest + env: + # See docker/base-python.docker.gen + BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Install Deps + uses: ./.github/actions/setup-deps + - name: "Git Login" + run: | + if [[ -n '${{ secrets.GHA_SSH_KEY }}' ]]; then + install -m700 -d ~/.ssh + install -m600 /dev/stdin ~/.ssh/id_rsa <<<'${{ secrets.GHA_SSH_KEY }}' + fi + - name: "Docker Login" + # This is important if ENVOY_DOCKER_REPO is a private repo. + uses: docker/login-action@v1 + with: + registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} + username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + - run: make check-envoy-version + - uses: ./.github/actions/after-job + if: always() # Tests ###################################################################### - # check-gotest: - # runs-on: ubuntu-latest - # env: - # # See docker/base-python.docker.gen - # BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} - # steps: - # - uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Install Deps - # uses: ./.github/actions/setup-deps - # - name: "Docker Login" - # uses: docker/login-action@v1 - # with: - # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - # - name: make gotest - # shell: bash - # run: | - # export DEV_KUBE_NO_PVC=yes - # export KAT_REQ_LIMIT=900 - # make gotest - # - uses: ./.github/actions/after-job - # if: always() - # check-pytest: - # runs-on: ubuntu-latest - # env: - # # See docker/base-python.docker.gen - # BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} - # # See pkg/kubeapply/resource_kubeapply.go - # DEV_USE_IMAGEPULLSECRET: ${{ secrets.DEV_USE_IMAGEPULLSECRET }} - # DOCKER_BUILD_USERNAME: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - # DOCKER_BUILD_PASSWORD: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - # strategy: - # fail-fast: false - # matrix: - # test: - # - integration - # - kat-envoy3-1-of-5 - # - kat-envoy3-2-of-5 - # - kat-envoy3-3-of-5 - # - kat-envoy3-4-of-5 - # - kat-envoy3-5-of-5 - # # FIXME(lukeshu): KAT_RUN_MODE=local is disabled because it - # # needs fixed for a world where annotations are already - # # unfolded in the snapshot. - # # - # #- kat-local - # name: pytest-${{ matrix.test }} - # steps: - # - uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Install Deps - # uses: ./.github/actions/setup-deps - # - name: "Docker Login" - # uses: docker/login-action@v1 - # with: - # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - # - name: make pytest-${{ matrix.test }} - # run: | - # export USE_LOCAL_K3S_CLUSTER=1 - # sudo sysctl -w fs.file-max=1600000 - # sudo sysctl -w fs.inotify.max_user_instances=4096 + check-gotest: + runs-on: ubuntu-latest + env: + # See docker/base-python.docker.gen + BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Install Deps + uses: ./.github/actions/setup-deps + - name: "Docker Login" + uses: docker/login-action@v1 + with: + registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} + username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + - name: make gotest + shell: bash + run: | + export DEV_KUBE_NO_PVC=yes + export KAT_REQ_LIMIT=900 + make gotest + - uses: ./.github/actions/after-job + if: always() + check-pytest: + runs-on: ubuntu-latest + env: + # See docker/base-python.docker.gen + BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} + # See pkg/kubeapply/resource_kubeapply.go + DEV_USE_IMAGEPULLSECRET: ${{ secrets.DEV_USE_IMAGEPULLSECRET }} + DOCKER_BUILD_USERNAME: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + DOCKER_BUILD_PASSWORD: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + strategy: + fail-fast: false + matrix: + test: + - integration + - kat-envoy3-1-of-5 + - kat-envoy3-2-of-5 + - kat-envoy3-3-of-5 + - kat-envoy3-4-of-5 + - kat-envoy3-5-of-5 + # FIXME(lukeshu): KAT_RUN_MODE=local is disabled because it + # needs fixed for a world where annotations are already + # unfolded in the snapshot. + # + #- kat-local + name: pytest-${{ matrix.test }} + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Install Deps + uses: ./.github/actions/setup-deps + - name: "Docker Login" + uses: docker/login-action@v1 + with: + registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} + username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + - name: make pytest-${{ matrix.test }} + run: | + export USE_LOCAL_K3S_CLUSTER=1 + sudo sysctl -w fs.file-max=1600000 + sudo sysctl -w fs.inotify.max_user_instances=4096 - # make ci/setup-k3d K3D_CLUSTER_NAME=amb-ci + make ci/setup-k3d K3D_CLUSTER_NAME=amb-ci - # export DEV_KUBE_NO_PVC=yes - # export KAT_REQ_LIMIT=900 - # export DEV_KUBECONFIG=~/.kube/config - # export DEV_REGISTRY=${{ secrets.DEV_REGISTRY }} - # make pytest-${{ matrix.test }} - # - uses: ./.github/actions/after-job - # if: always() - # with: - # jobname: check-pytest-${{ matrix.test }} - # check-pytest-unit: - # # pytest-unit is separate from pytests (above) because we know for certain that no cluster is needed. - # # XXX This is pretty much a crock. - # runs-on: ubuntu-latest - # env: - # # See docker/base-python.docker.gen - # BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} - # strategy: - # matrix: - # test: - # - unit - # name: pytest-${{ matrix.test }} - # steps: - # - uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Install Deps - # uses: ./.github/actions/setup-deps - # - name: "Docker Login" - # uses: docker/login-action@v1 - # with: - # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - # - name: make pytest-${{ matrix.test }} - # run: | - # sudo sysctl -w fs.file-max=1600000 - # sudo sysctl -w fs.inotify.max_user_instances=4096 + export DEV_KUBE_NO_PVC=yes + export KAT_REQ_LIMIT=900 + export DEV_KUBECONFIG=~/.kube/config + export DEV_REGISTRY=${{ secrets.DEV_REGISTRY }} + make pytest-${{ matrix.test }} + - uses: ./.github/actions/after-job + if: always() + with: + jobname: check-pytest-${{ matrix.test }} + check-pytest-unit: + # pytest-unit is separate from pytests (above) because we know for certain that no cluster is needed. + # XXX This is pretty much a crock. + runs-on: ubuntu-latest + env: + # See docker/base-python.docker.gen + BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} + strategy: + matrix: + test: + - unit + name: pytest-${{ matrix.test }} + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Install Deps + uses: ./.github/actions/setup-deps + - name: "Docker Login" + uses: docker/login-action@v1 + with: + registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} + username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + - name: make pytest-${{ matrix.test }} + run: | + sudo sysctl -w fs.file-max=1600000 + sudo sysctl -w fs.inotify.max_user_instances=4096 - # export DEV_KUBE_NO_PVC=yes - # export KAT_REQ_LIMIT=900 - # export DEV_KUBECONFIG=~/.kube/config - # export DEV_REGISTRY=${{ secrets.DEV_REGISTRY }} - # export PYTEST_ARGS=' --cov-branch --cov=ambassador --cov-report html:/tmp/cov_html ' - # make pytest-${{ matrix.test }} - # - uses: ./.github/actions/after-job - # if: always() - # with: - # jobname: check-pytest-${{ matrix.test }} - # check-chart: - # runs-on: ubuntu-latest - # env: - # DEV_REGISTRY: ${{ secrets.DEV_REGISTRY }} - # # See docker/base-python.docker.gen - # BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} - # # See pkg/kubeapply/resource_kubeapply.go - # DEV_USE_IMAGEPULLSECRET: ${{ secrets.DEV_USE_IMAGEPULLSECRET }} - # DOCKER_BUILD_USERNAME: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - # DOCKER_BUILD_PASSWORD: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - # steps: - # - uses: docker/login-action@v1 - # with: - # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - # - uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # ref: ${{ github.event.pull_request.head.sha }} - # - name: Install Deps - # uses: ./.github/actions/setup-deps - # - name: make test-chart - # run: | - # make ci/setup-k3d K3D_CLUSTER_NAME=amb-ci - # export DEV_KUBECONFIG=~/.kube/config - # - # make test-chart - # - uses: ./.github/actions/after-job - # if: always() + export DEV_KUBE_NO_PVC=yes + export KAT_REQ_LIMIT=900 + export DEV_KUBECONFIG=~/.kube/config + export DEV_REGISTRY=${{ secrets.DEV_REGISTRY }} + export PYTEST_ARGS=' --cov-branch --cov=ambassador --cov-report html:/tmp/cov_html ' + make pytest-${{ matrix.test }} + - uses: ./.github/actions/after-job + if: always() + with: + jobname: check-pytest-${{ matrix.test }} + check-chart: + runs-on: ubuntu-latest + env: + DEV_REGISTRY: ${{ secrets.DEV_REGISTRY }} + # See docker/base-python.docker.gen + BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} + # See pkg/kubeapply/resource_kubeapply.go + DEV_USE_IMAGEPULLSECRET: ${{ secrets.DEV_USE_IMAGEPULLSECRET }} + DOCKER_BUILD_USERNAME: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + DOCKER_BUILD_PASSWORD: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + steps: + - uses: docker/login-action@v1 + with: + registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} + username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} + - name: Install Deps + uses: ./.github/actions/setup-deps + - name: make test-chart + run: | + make ci/setup-k3d K3D_CLUSTER_NAME=amb-ci + export DEV_KUBECONFIG=~/.kube/config + + make test-chart + - uses: ./.github/actions/after-job + if: always() build: ####################################################################### runs-on: ubuntu-latest @@ -305,10 +305,10 @@ jobs: - lint - build - generate - # - check-envoy-version + - check-envoy-version # - check-gotest # - check-pytest - # - check-pytest-unit + - check-pytest-unit # - check-chart runs-on: ubuntu-latest steps: diff --git a/builder/builder.mk b/builder/builder.mk index 615061c850..494ab0af61 100644 --- a/builder/builder.mk +++ b/builder/builder.mk @@ -274,6 +274,18 @@ export-docker: docker/$(LCNAME).docker.tag.local docker save $$(cat docker/$(LCNAME).docker) -o "$$EXPORT_FILE" .PHONY: export-docker +import-docker: + @if [ -z "$$IMPORT_FILE" ]; then printf '$(RED)$@: IMPORT_FILE is not set$(END)\n'; exit 1; fi; + @printf '$(CYN)==> $(GRN)importing $(BLU)%s$(GRN)...$(END)\n' "$$IMPORT_FILE" + @set -ex; { \ + IMAGENAME=$$(docker load -i "$$IMPORT_FILE" | fgrep 'Loaded image' | awk ' { print $$3 }' | cut -d: -f1) ;\ + printf '$(CYN)==> $(GRN)image loaded as $(BLU)%s$(GRN)...$(END)\n' "$$IMAGENAME" ;\ + docker inspect "$$IMAGENAME" --format '{{ .Id }}' > docker/$(LCNAME).docker ;\ + ( cat docker/$(LCNAME).docker ; echo "$$IMAGENAME" ) > docker/$(LCNAME).docker.tag.local ;\ + cp docker/$(LCNAME).docker docker/.$(LCNAME).docker.stamp ;\ + } +.PHONY: import-docker + export KUBECONFIG_ERR=$(RED)ERROR: please set the $(BLU)DEV_KUBECONFIG$(RED) make/env variable to the cluster\n you would like to use for development. Note this cluster must have access\n to $(BLU)DEV_REGISTRY$(RED) (currently $(BLD)$(DEV_REGISTRY)$(END)$(RED))$(END) export KUBECTL_ERR=$(RED)ERROR: preflight kubectl check failed$(END) From fd881098103585aadac8a8fdea2280af07439694 Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 12 Apr 2022 13:11:54 -0400 Subject: [PATCH 14/39] Fix artifact typo Signed-off-by: Flynn --- .../workflows/execute-tests-and-promote.yml | 54 +++++++++++++++---- 1 file changed, 43 insertions(+), 11 deletions(-) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index 0a8fa61c70..340c6eb82d 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -75,6 +75,13 @@ jobs: check-envoy-version: ######################################################### runs-on: ubuntu-latest + needs: + - build + services: + registry: + image: registry:2 + ports: + - 5000:5000 env: # See docker/base-python.docker.gen BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} @@ -90,13 +97,22 @@ jobs: install -m700 -d ~/.ssh install -m600 /dev/stdin ~/.ssh/id_rsa <<<'${{ secrets.GHA_SSH_KEY }}' fi - - name: "Docker Login" - # This is important if ENVOY_DOCKER_REPO is a private repo. - uses: docker/login-action@v1 + - name: Download image + uses: actions/download-artifact@v3 with: - registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + name: docker-image + path: /tmp/docker-img + - name: Load image + shell: bash + run: | + make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img import-docker + # - name: "Docker Login" + # # This is important if ENVOY_DOCKER_REPO is a private repo. + # uses: docker/login-action@v1 + # with: + # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} + # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - run: make check-envoy-version - uses: ./.github/actions/after-job if: always() @@ -185,6 +201,13 @@ jobs: # pytest-unit is separate from pytests (above) because we know for certain that no cluster is needed. # XXX This is pretty much a crock. runs-on: ubuntu-latest + needs: + - build + services: + registry: + image: registry:2 + ports: + - 5000:5000 env: # See docker/base-python.docker.gen BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} @@ -199,12 +222,21 @@ jobs: fetch-depth: 0 - name: Install Deps uses: ./.github/actions/setup-deps - - name: "Docker Login" - uses: docker/login-action@v1 + - name: Download image + uses: actions/download-artifact@v3 with: - registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + name: docker-image + path: /tmp/docker-img + - name: Load image + shell: bash + run: | + make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img import-docker + # - name: "Docker Login" + # uses: docker/login-action@v1 + # with: + # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} + # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} + # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - name: make pytest-${{ matrix.test }} run: | sudo sysctl -w fs.file-max=1600000 From 2b2f1261628279a59fb28c75bfb1972110c66f53 Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 12 Apr 2022 13:28:27 -0400 Subject: [PATCH 15/39] Hmm. Fix artifact location Signed-off-by: Flynn --- .github/workflows/execute-tests-and-promote.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index 340c6eb82d..e2f0689ae3 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -105,7 +105,7 @@ jobs: - name: Load image shell: bash run: | - make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img import-docker + make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img/docker.image import-docker # - name: "Docker Login" # # This is important if ENVOY_DOCKER_REPO is a private repo. # uses: docker/login-action@v1 @@ -230,7 +230,7 @@ jobs: - name: Load image shell: bash run: | - make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img import-docker + make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img/docker.image import-docker # - name: "Docker Login" # uses: docker/login-action@v1 # with: From 53a293ddc4a5af42877cc2e81c6dcd7a2701e841 Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 12 Apr 2022 15:10:27 -0400 Subject: [PATCH 16/39] What is GHA doing with this stuff Signed-off-by: Flynn --- .github/workflows/execute-tests-and-promote.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index e2f0689ae3..cf7c6918ed 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -105,6 +105,7 @@ jobs: - name: Load image shell: bash run: | + ls -l /tmp/docker-img make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img/docker.image import-docker # - name: "Docker Login" # # This is important if ENVOY_DOCKER_REPO is a private repo. @@ -230,6 +231,7 @@ jobs: - name: Load image shell: bash run: | + ls -l /tmp/docker-img make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img/docker.image import-docker # - name: "Docker Login" # uses: docker/login-action@v1 From 2b4ba919c05e3de1fce819eabe3dfb876b415e07 Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 12 Apr 2022 15:21:02 -0400 Subject: [PATCH 17/39] Fix filename again Signed-off-by: Flynn --- .github/workflows/execute-tests-and-promote.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index cf7c6918ed..80753d2ed0 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -106,7 +106,7 @@ jobs: shell: bash run: | ls -l /tmp/docker-img - make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img/docker.image import-docker + make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img/docker-img import-docker # - name: "Docker Login" # # This is important if ENVOY_DOCKER_REPO is a private repo. # uses: docker/login-action@v1 @@ -232,7 +232,7 @@ jobs: shell: bash run: | ls -l /tmp/docker-img - make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img/docker.image import-docker + make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img/docker-img import-docker # - name: "Docker Login" # uses: docker/login-action@v1 # with: From 86508f4ee42b646cb34472d2d52763ae17595755 Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 12 Apr 2022 17:54:40 -0400 Subject: [PATCH 18/39] Huh, what output does docker load give us here? Signed-off-by: Flynn --- builder/builder.mk | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/builder/builder.mk b/builder/builder.mk index 494ab0af61..a27f282e28 100644 --- a/builder/builder.mk +++ b/builder/builder.mk @@ -277,8 +277,9 @@ export-docker: docker/$(LCNAME).docker.tag.local import-docker: @if [ -z "$$IMPORT_FILE" ]; then printf '$(RED)$@: IMPORT_FILE is not set$(END)\n'; exit 1; fi; @printf '$(CYN)==> $(GRN)importing $(BLU)%s$(GRN)...$(END)\n' "$$IMPORT_FILE" + docker load -i "$$IMPORT_FILE" | tee /tmp/load-output @set -ex; { \ - IMAGENAME=$$(docker load -i "$$IMPORT_FILE" | fgrep 'Loaded image' | awk ' { print $$3 }' | cut -d: -f1) ;\ + IMAGENAME=$$(cat /tmp/load-output | fgrep 'Loaded image' | awk ' { print $$3 }' | cut -d: -f1) ;\ printf '$(CYN)==> $(GRN)image loaded as $(BLU)%s$(GRN)...$(END)\n' "$$IMAGENAME" ;\ docker inspect "$$IMAGENAME" --format '{{ .Id }}' > docker/$(LCNAME).docker ;\ ( cat docker/$(LCNAME).docker ; echo "$$IMAGENAME" ) > docker/$(LCNAME).docker.tag.local ;\ From 8c3f079bbaa7ef0b6fe811efdac704724cfde134 Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 12 Apr 2022 20:59:16 -0400 Subject: [PATCH 19/39] Use manifest to figure out exported image tags Signed-off-by: Flynn --- .github/actions/setup-deps/action.yml | 4 ++-- builder/builder.mk | 13 +++++-------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/.github/actions/setup-deps/action.yml b/.github/actions/setup-deps/action.yml index c3cd3fd13c..afe13be37a 100644 --- a/.github/actions/setup-deps/action.yml +++ b/.github/actions/setup-deps/action.yml @@ -4,11 +4,11 @@ description: "Install Go and Python" runs: using: "composite" steps: - - name: "Install bsdtar (libarchive-tools)" + - name: "Install bsdtar (libarchive-tools) and jq" shell: bash run: | sudo apt-get update -y - sudo apt-get install -y libarchive-tools + sudo apt-get install -y libarchive-tools jq - name: "Install Python requirements with pip" uses: BSFishy/pip-action@v1 with: diff --git a/builder/builder.mk b/builder/builder.mk index a27f282e28..a974635eac 100644 --- a/builder/builder.mk +++ b/builder/builder.mk @@ -276,15 +276,12 @@ export-docker: docker/$(LCNAME).docker.tag.local import-docker: @if [ -z "$$IMPORT_FILE" ]; then printf '$(RED)$@: IMPORT_FILE is not set$(END)\n'; exit 1; fi; - @printf '$(CYN)==> $(GRN)importing $(BLU)%s$(GRN)...$(END)\n' "$$IMPORT_FILE" + IMAGENAME=$$(bsdtar -xzO -f "$$IMPORT_FILE" manifest.json | jq '.[0].RepoTags[0]') + @printf '$(CYN)==> $(GRN)importing $(BLU)%s$(GRN) as $(BLU)%s$(GRN)...$(END)\n' "$$IMPORT_FILE" "$$IMAGENAME" docker load -i "$$IMPORT_FILE" | tee /tmp/load-output - @set -ex; { \ - IMAGENAME=$$(cat /tmp/load-output | fgrep 'Loaded image' | awk ' { print $$3 }' | cut -d: -f1) ;\ - printf '$(CYN)==> $(GRN)image loaded as $(BLU)%s$(GRN)...$(END)\n' "$$IMAGENAME" ;\ - docker inspect "$$IMAGENAME" --format '{{ .Id }}' > docker/$(LCNAME).docker ;\ - ( cat docker/$(LCNAME).docker ; echo "$$IMAGENAME" ) > docker/$(LCNAME).docker.tag.local ;\ - cp docker/$(LCNAME).docker docker/.$(LCNAME).docker.stamp ;\ - } + docker inspect "$$IMAGENAME" --format '{{ .Id }}' > docker/$(LCNAME).docker + ( cat docker/$(LCNAME).docker ; echo "$$IMAGENAME" ) > docker/$(LCNAME).docker.tag.local + cp docker/$(LCNAME).docker docker/.$(LCNAME).docker.stamp .PHONY: import-docker export KUBECONFIG_ERR=$(RED)ERROR: please set the $(BLU)DEV_KUBECONFIG$(RED) make/env variable to the cluster\n you would like to use for development. Note this cluster must have access\n to $(BLU)DEV_REGISTRY$(RED) (currently $(BLD)$(DEV_REGISTRY)$(END)$(RED))$(END) From bc005262e38039b2d171df06e2a5177371afa1a0 Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 12 Apr 2022 21:20:10 -0400 Subject: [PATCH 20/39] Whut manifest? Signed-off-by: Flynn --- builder/builder.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/builder/builder.mk b/builder/builder.mk index a974635eac..dfce5c2445 100644 --- a/builder/builder.mk +++ b/builder/builder.mk @@ -276,6 +276,7 @@ export-docker: docker/$(LCNAME).docker.tag.local import-docker: @if [ -z "$$IMPORT_FILE" ]; then printf '$(RED)$@: IMPORT_FILE is not set$(END)\n'; exit 1; fi; + bsdtar -xzO -f "$$IMPORT_FILE" manifest.json IMAGENAME=$$(bsdtar -xzO -f "$$IMPORT_FILE" manifest.json | jq '.[0].RepoTags[0]') @printf '$(CYN)==> $(GRN)importing $(BLU)%s$(GRN) as $(BLU)%s$(GRN)...$(END)\n' "$$IMPORT_FILE" "$$IMAGENAME" docker load -i "$$IMPORT_FILE" | tee /tmp/load-output From 43fc0735c755a46a87f0098e4e6f672685d7f501 Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 12 Apr 2022 21:55:48 -0400 Subject: [PATCH 21/39] Use the image ID from the manifest Signed-off-by: Flynn --- builder/builder.mk | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/builder/builder.mk b/builder/builder.mk index dfce5c2445..1fb4313b55 100644 --- a/builder/builder.mk +++ b/builder/builder.mk @@ -276,13 +276,21 @@ export-docker: docker/$(LCNAME).docker.tag.local import-docker: @if [ -z "$$IMPORT_FILE" ]; then printf '$(RED)$@: IMPORT_FILE is not set$(END)\n'; exit 1; fi; - bsdtar -xzO -f "$$IMPORT_FILE" manifest.json - IMAGENAME=$$(bsdtar -xzO -f "$$IMPORT_FILE" manifest.json | jq '.[0].RepoTags[0]') - @printf '$(CYN)==> $(GRN)importing $(BLU)%s$(GRN) as $(BLU)%s$(GRN)...$(END)\n' "$$IMPORT_FILE" "$$IMAGENAME" - docker load -i "$$IMPORT_FILE" | tee /tmp/load-output - docker inspect "$$IMAGENAME" --format '{{ .Id }}' > docker/$(LCNAME).docker - ( cat docker/$(LCNAME).docker ; echo "$$IMAGENAME" ) > docker/$(LCNAME).docker.tag.local - cp docker/$(LCNAME).docker docker/.$(LCNAME).docker.stamp + @{ set -e ; \ + # repotags=$$(bsdtar -xzO -f "$$IMPORT_FILE" manifest.json | jq '.[0].RepoTags[0]') ;\ + hash=$$(bsdtar -xzO -f "$$IMPORT_FILE" manifest.json | jq '.[0].Config' | tr -d '"' | sed -e 's/\.json$$//') ;\ + test -n "$$hash" ;\ + imgid="sha256:$$hash" ;\ + imgtag="$(BUILDER_NAME).local/$(LCNAME)" ;\ + printf '$(CYN)==> $(GRN)importing $(BLU)%s$(GRN) as $(BLU)%s$(GRN)...$(END)\n' "$$IMPORT_FILE" "$$imgid" ;\ + docker load -i "$$IMPORT_FILE" ;\ + printf '$(CYN)==> $(GRN)tagging as $(BLU)%s$(GRN)...$(END)\n' "$$imgtag" ;\ + docker tag "$$imgid" "$$imgtag" ;\ + printf '$(CYN)==> $(GRN)stamping $(BLU)%s$(GRN)...$(END)\n' "$$imgtag" ;\ + echo "$$imgid" > docker/$(LCNAME).docker ;\ + ( echo "$$imgid" ; echo "$$imgtag" ) > docker/$(LCNAME).docker.tag.local ;\ + cp docker/$(LCNAME).docker docker/.$(LCNAME).docker.stamp ;\ + } .PHONY: import-docker export KUBECONFIG_ERR=$(RED)ERROR: please set the $(BLU)DEV_KUBECONFIG$(RED) make/env variable to the cluster\n you would like to use for development. Note this cluster must have access\n to $(BLU)DEV_REGISTRY$(RED) (currently $(BLD)$(DEV_REGISTRY)$(END)$(RED))$(END) From 560e2739ab3acbddd153f6210ef4a6558b7c1be2 Mon Sep 17 00:00:00 2001 From: Flynn Date: Wed, 13 Apr 2022 11:31:14 -0400 Subject: [PATCH 22/39] Don't produce 125K of log output Signed-off-by: Flynn --- .github/workflows/execute-tests-and-promote.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index 80753d2ed0..b93fd5b70b 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -100,7 +100,7 @@ jobs: - name: Download image uses: actions/download-artifact@v3 with: - name: docker-image + name: docker.image path: /tmp/docker-img - name: Load image shell: bash @@ -226,7 +226,7 @@ jobs: - name: Download image uses: actions/download-artifact@v3 with: - name: docker-image + name: docker.image path: /tmp/docker-img - name: Load image shell: bash @@ -249,7 +249,7 @@ jobs: export DEV_KUBECONFIG=~/.kube/config export DEV_REGISTRY=${{ secrets.DEV_REGISTRY }} export PYTEST_ARGS=' --cov-branch --cov=ambassador --cov-report html:/tmp/cov_html ' - make pytest-${{ matrix.test }} + make pytest-${{ matrix.test }} > /tmp/test-logs/pytest-unit.log 2>&1 - uses: ./.github/actions/after-job if: always() with: From a0ab400fd34f40082cbd5ba15a46fc30d4cd340a Mon Sep 17 00:00:00 2001 From: Flynn Date: Wed, 13 Apr 2022 13:43:58 -0400 Subject: [PATCH 23/39] Switch everything to download the image using a custom action. Signed-off-by: Flynn --- .github/actions/download-docker/action.yml | 16 ++++ .../workflows/execute-tests-and-promote.yml | 86 ++++--------------- 2 files changed, 31 insertions(+), 71 deletions(-) create mode 100644 .github/actions/download-docker/action.yml diff --git a/.github/actions/download-docker/action.yml b/.github/actions/download-docker/action.yml new file mode 100644 index 0000000000..71197d1874 --- /dev/null +++ b/.github/actions/download-docker/action.yml @@ -0,0 +1,16 @@ +name: setup-deps +description: "Load Docker image" + +runs: + using: "composite" + steps: + - name: Download image + uses: actions/download-artifact@v3 + with: + name: docker.image + path: /tmp/docker-img + - name: Load image + shell: bash + run: | + ls -l /tmp/docker-img + make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img/docker-img import-docker diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index b93fd5b70b..24982eccdf 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -52,12 +52,6 @@ jobs: install -m700 -d ~/.ssh install -m600 /dev/stdin ~/.ssh/id_rsa <<<'${{ secrets.GHA_SSH_KEY }}' fi - # - name: "Docker Login" - # uses: docker/login-action@v1 - # with: - # registry: ${{ (!startsWith(secrets.RELEASE_REGISTRY, 'docker.io/')) && secrets.RELEASE_REGISTRY || null }} - # username: ${{ secrets.GH_DOCKER_RELEASE_USERNAME }} - # password: ${{ secrets.GH_DOCKER_RELEASE_TOKEN }} - name: "'make generate'" shell: bash run: | @@ -97,23 +91,8 @@ jobs: install -m700 -d ~/.ssh install -m600 /dev/stdin ~/.ssh/id_rsa <<<'${{ secrets.GHA_SSH_KEY }}' fi - - name: Download image - uses: actions/download-artifact@v3 - with: - name: docker.image - path: /tmp/docker-img - - name: Load image - shell: bash - run: | - ls -l /tmp/docker-img - make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img/docker-img import-docker - # - name: "Docker Login" - # # This is important if ENVOY_DOCKER_REPO is a private repo. - # uses: docker/login-action@v1 - # with: - # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + - name: Pull Docker image + uses: ./.github/actions/download-docker - run: make check-envoy-version - uses: ./.github/actions/after-job if: always() @@ -130,12 +109,8 @@ jobs: fetch-depth: 0 - name: Install Deps uses: ./.github/actions/setup-deps - - name: "Docker Login" - uses: docker/login-action@v1 - with: - registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + - name: Pull Docker image + uses: ./.github/actions/download-docker - name: make gotest shell: bash run: | @@ -175,12 +150,8 @@ jobs: fetch-depth: 0 - name: Install Deps uses: ./.github/actions/setup-deps - - name: "Docker Login" - uses: docker/login-action@v1 - with: - registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + - name: Pull Docker image + uses: ./.github/actions/download-docker - name: make pytest-${{ matrix.test }} run: | export USE_LOCAL_K3S_CLUSTER=1 @@ -223,22 +194,8 @@ jobs: fetch-depth: 0 - name: Install Deps uses: ./.github/actions/setup-deps - - name: Download image - uses: actions/download-artifact@v3 - with: - name: docker.image - path: /tmp/docker-img - - name: Load image - shell: bash - run: | - ls -l /tmp/docker-img - make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img/docker-img import-docker - # - name: "Docker Login" - # uses: docker/login-action@v1 - # with: - # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} + - name: Pull Docker image + uses: ./.github/actions/download-docker - name: make pytest-${{ matrix.test }} run: | sudo sysctl -w fs.file-max=1600000 @@ -265,17 +222,14 @@ jobs: DOCKER_BUILD_USERNAME: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} DOCKER_BUILD_PASSWORD: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} steps: - - uses: docker/login-action@v1 - with: - registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - uses: actions/checkout@v2 with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - name: Install Deps uses: ./.github/actions/setup-deps + - name: Pull Docker image + uses: ./.github/actions/download-docker - name: make test-chart run: | make ci/setup-k3d K3D_CLUSTER_NAME=amb-ci @@ -307,18 +261,8 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: Install Deps uses: ./.github/actions/setup-deps - # - name: "Docker Login" - # uses: docker/login-action@v1 - # with: - # registry: ${{ (!startsWith(secrets.DEV_REGISTRY, 'docker.io/')) && secrets.DEV_REGISTRY || null }} - # username: ${{ secrets.GH_DOCKER_BUILD_USERNAME }} - # password: ${{ secrets.GH_DOCKER_BUILD_TOKEN }} - # - name: "make push" - # shell: bash - # run: | - # make DEV_REGISTRY=localhost:5000 push - - uses: ./.github/actions/git-dirty-check - name: "Check git not dirty (from make push)" + - name: "Check git not dirty (from make push)" + uses: ./.github/actions/git-dirty-check - name: "Build and export Docker image" shell: bash run: | @@ -340,10 +284,10 @@ jobs: - build - generate - check-envoy-version - # - check-gotest - # - check-pytest + - check-gotest + - check-pytest - check-pytest-unit - # - check-chart + - check-chart runs-on: ubuntu-latest steps: - name: No-Op From 36913cb997c2d866de7a10dd2fc3165e3ad355b4 Mon Sep 17 00:00:00 2001 From: Flynn Date: Wed, 13 Apr 2022 13:47:44 -0400 Subject: [PATCH 24/39] Oops. Require build for tests. Signed-off-by: Flynn --- .github/workflows/execute-tests-and-promote.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index 24982eccdf..72e563a7f2 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -100,6 +100,8 @@ jobs: # Tests ###################################################################### check-gotest: runs-on: ubuntu-latest + needs: + - build env: # See docker/base-python.docker.gen BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} @@ -121,6 +123,8 @@ jobs: if: always() check-pytest: runs-on: ubuntu-latest + needs: + - build env: # See docker/base-python.docker.gen BASE_PYTHON_REPO: ${{ secrets.BASE_PYTHON_REPO }} @@ -213,6 +217,8 @@ jobs: jobname: check-pytest-${{ matrix.test }} check-chart: runs-on: ubuntu-latest + needs: + - build env: DEV_REGISTRY: ${{ secrets.DEV_REGISTRY }} # See docker/base-python.docker.gen From 606bcd960b74ed387aa290312087360a54a6f752 Mon Sep 17 00:00:00 2001 From: Flynn Date: Fri, 22 Apr 2022 14:30:03 -0400 Subject: [PATCH 25/39] Re-support "make version" Signed-off-by: Flynn --- Makefile | 6 ++++-- build-aux/main.mk | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index b2fd7126fc..81d943f1b5 100644 --- a/Makefile +++ b/Makefile @@ -32,8 +32,10 @@ ifneq ($(MAKECMDGOALS),$(OSS_HOME)/build-aux/go-version.txt) ,$(error CHART_VERSION variable is invalid: It must be a v8.* string, but is '$(CHART_VERSION)')) export CHART_VERSION - $(info [make] VERSION=$(VERSION)) - $(info [make] CHART_VERSION=$(CHART_VERSION)) + ifneq ($(MAKECMDGOALS),version) + $(info [make] VERSION=$(VERSION)) + $(info [make] CHART_VERSION=$(CHART_VERSION)) + endif endif # If SOURCE_DATE_EPOCH isn't set, AND the tree isn't dirty, then set diff --git a/build-aux/main.mk b/build-aux/main.mk index 33bba177f2..a62fd36f53 100644 --- a/build-aux/main.mk +++ b/build-aux/main.mk @@ -1,6 +1,9 @@ include build-aux/tools.mk include build-aux/var.mk +version: + @echo $(VERSION) + # # Utility rules From 19ed9b4171fe343a0d81fda36ce772cd150d965c Mon Sep 17 00:00:00 2001 From: Flynn Date: Fri, 22 Apr 2022 14:32:05 -0400 Subject: [PATCH 26/39] Build-system comments Signed-off-by: Flynn --- build-aux/main.mk | 14 ++++++++++---- builder/builder.mk | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 4 deletions(-) diff --git a/build-aux/main.mk b/build-aux/main.mk index a62fd36f53..9bd8511d17 100644 --- a/build-aux/main.mk +++ b/build-aux/main.mk @@ -32,10 +32,16 @@ version: docker/%: docker/.%.stamp $(tools/copy-ifchanged) $(tools/copy-ifchanged) $< $@ -# Load ocibuild files in to dockerd. -_ocibuild-images = base -_ocibuild-images += kat-client -_ocibuild-images += kat-server +# This foreach supplies rules for various things we construct as Docker image +# tarfiles in the filesystem (either with crane pull or with ocibuild) and need +# to track the way we do for other docker.mk things. +# +# IF YOU ADD NEW THINGS HERE, ADD A COMMENT AS WELL that lists the .stamp and +# .img.tar files, with the trailing :, so that people searching for the Makefile +# recipe for these files can find them. +_ocibuild-images = base # docker/.base.docker.stamp: from docker/base.img.tar: +_ocibuild-images += kat-client # docker/.kat-client.docker.stamp: from docker/kat-client.img.tar: +_ocibuild-images += kat-server # docker/.kat-server.docker.stamp: from docker/kat-server.img.tar: $(foreach img,$(_ocibuild-images),docker/.$(img).docker.stamp): docker/.%.docker.stamp: docker/%.img.tar docker load < $< docker inspect $$(bsdtar xfO $< manifest.json|jq -r '.[0].RepoTags[0]') --format='{{.Id}}' > $@ diff --git a/builder/builder.mk b/builder/builder.mk index 1fb4313b55..dece1c2632 100644 --- a/builder/builder.mk +++ b/builder/builder.mk @@ -99,6 +99,40 @@ BUILDER_NAME ?= $(LCNAME) include $(OSS_HOME)/build-aux/prelude.mk include $(OSS_HOME)/build-aux/colors.mk +# The two lines down below this comment (the ones starting with docker.tag.local and +# docker.tag.remote) are basically configuring docker.mk. To use docker.mk's terminology, +# "local" and "remote" are groups (see the comments at the top of docker.mk). When you +# read these lines, remember that "$(*F)" is the file part of a % glob -- and realize +# that, even though you don't see a % glob in these lines, it's being added when +# docker.mk actually instantiates the rules for the groups. +# +# The main convention we rely on (again, from docker.mk) is that depending on %.docker +# causes a Docker image to be built, and its hash to be placed into the %.docker file. +# HOWEVER: since it's possible for Docker images to depend on sources and thus get out +# of date with respect to those sources, and since Docker is evil and doesn't expose +# this in any sane way, what you'll _actually_ see in the Makefiles are recipes to build +# %.docker.stamp files -- _and_ there's a magic implicit rule that in main.mk that knows +# how to have %.docker files depend on %.docker.stamp files. Furthermore, by convention, +# we put these stamp files in the docker directory. +# +# SO. If you're trying to get a Docker image built, what you actually need to write is a +# recipe for docker/.NAME.docker.stamp (e.g. docker/.emissary.docker.stamp) that makes +# the image and then puts its hash into the .stamp file. And the rest, as they say, will +# just happen. +# +# Finally: docker.tag.local is arranging things such that: +# - depending on %.docker.tag.local will use your .stamp recipe to build a Docker image, +# tag it as something like emissary.local/emissary, and track things about it +# - depending on %.docker.push.local will fail, even though docker.mk talks about that +# +# And docker.tag.remote is arranging things such that: +# - depending on %.docker.tag.remote will use your .stamp recipe to build a Docker image, +# tag it as something like $DEV_REGISTRY/emissary:$VERSION-with-no-leading-v, and +# track things about it +# - depending on %.docker.push.remote will actually push to the $DEV_REGISTRY +# +# (READ HERE about .local: and .remote: if you're searching for them and can't find them. +# The comments above explain everything.) docker.tag.local = $(BUILDER_NAME).local/$(*F) docker.tag.remote = $(if $(DEV_REGISTRY),,$(error $(REGISTRY_ERR)))$(DEV_REGISTRY)/$(*F):$(patsubst v%,%,$(VERSION)) include $(OSS_HOME)/build-aux/docker.mk From 2c94248ed217e09d5e47b8a5b8dccd35215edb09 Mon Sep 17 00:00:00 2001 From: Flynn Date: Fri, 22 Apr 2022 14:33:19 -0400 Subject: [PATCH 27/39] Debugging Signed-off-by: Flynn --- build-aux/check.mk | 6 ++++++ build-aux/main.mk | 10 ++++++++++ tools/src/copy-ifchanged.sh | 1 + tools/src/write-ifchanged.sh | 1 + 4 files changed, 18 insertions(+) diff --git a/build-aux/check.mk b/build-aux/check.mk index e2668c934f..083c7f50ef 100644 --- a/build-aux/check.mk +++ b/build-aux/check.mk @@ -16,18 +16,24 @@ push-pytest-images: docker/kat-server.docker.push.remote test_svcs = auth shadow stats $(foreach svc,$(test_svcs),docker/.test-$(svc).docker.stamp): docker/.%.docker.stamp: docker/%/Dockerfile FORCE docker build --iidfile=$@ $(> "$@" # Make sure the ID file ends with a newline. clean: $(foreach svc,$(test_svcs),docker/test-$(svc).docker.clean) # kat-client.docker docker/kat-client.go.layer.tar: $(tools/ocibuild) $(tools/write-ifchanged) FORCE + @echo "==== docker/kat-client.go.layer.tar in check.mk, as $@: $^" GOFLAGS=-mod=mod $(tools/ocibuild) layer gobuild ./cmd/kat-client | $(tools/write-ifchanged) $@ + docker/kat-client.fs.layer.tar: $(tools/ocibuild) $(tools/write-ifchanged) FORCE + @echo "==== docker/kat-client.fs.layer.tar in check.mk, as $@: $^" { $(tools/ocibuild) layer dir \ --prefix=work \ --chown-uid=0 --chown-uname=root \ --chown-gid=0 --chown-uname=root \ docker/kat-client; } | $(tools/write-ifchanged) $@ + docker/.kat-client.img.tar.stamp: $(tools/ocibuild) docker/base.img.tar docker/kat-client.go.layer.tar docker/kat-client.fs.layer.tar + @echo "==== docker/.kat-client.img.tar.stamp in check.mk, as $@: $^" { $(tools/ocibuild) image build \ --base=docker/base.img.tar \ --config.Cmd='sleep' --config.Cmd='3600' \ diff --git a/build-aux/main.mk b/build-aux/main.mk index 9bd8511d17..16c721f5f8 100644 --- a/build-aux/main.mk +++ b/build-aux/main.mk @@ -28,8 +28,11 @@ version: # should never be on the right-side of the ":"), save for in this rule # itself. %: %.stamp $(tools/copy-ifchanged) + @echo "==== %: %.stamp rule in main.mk, as $@: $^" @$(tools/copy-ifchanged) $< $@ + docker/%: docker/.%.stamp $(tools/copy-ifchanged) + @echo "==== docker/%: docker/.%.stamp rule in main.mk, as $@: $^" $(tools/copy-ifchanged) $< $@ # This foreach supplies rules for various things we construct as Docker image @@ -43,6 +46,7 @@ _ocibuild-images = base # docker/.base.docker.stamp: from docker/ _ocibuild-images += kat-client # docker/.kat-client.docker.stamp: from docker/kat-client.img.tar: _ocibuild-images += kat-server # docker/.kat-server.docker.stamp: from docker/kat-server.img.tar: $(foreach img,$(_ocibuild-images),docker/.$(img).docker.stamp): docker/.%.docker.stamp: docker/%.img.tar + @echo "==== _ocibuild-images in main.mk, as $@: $^" docker load < $< docker inspect $$(bsdtar xfO $< manifest.json|jq -r '.[0].RepoTags[0]') --format='{{.Id}}' > $@ clean: $(foreach img,$(_ocibuild-images),docker/$(img).img.tar.clean) @@ -94,23 +98,29 @@ clobber: docker/base-python.docker.clean #python/requirements-dev.txt: $(tools/py-list-deps) $(tools/write-ifchanged) FORCE # $(tools/py-list-deps) --include-dev python/ | $(tools/write-ifchanged) $@ python/requirements.in: $(tools/py-list-deps) $(tools/write-ifchanged) FORCE + @echo "==== python/requirements.in in main.mk, as $@: $^" set -o pipefail; $(tools/py-list-deps) --no-include-dev python/ | $(tools/write-ifchanged) $@ clean: python/requirements.in.rm python/.requirements.txt.stamp: python/requirements.in docker/base-python.docker.tag.local # The --interactive is so that stdin gets passed through; otherwise Docker closes stdin. + @echo "==== python/.requirements.txt.stamp in main.mk, as $@: $^" set -ex -o pipefail; { \ docker run --platform="$(BUILD_ARCH)" --rm --interactive "$$(cat docker/base-python.docker)" sh -c 'tar xf - && find ~/.cache/pip -name "maturin-*.whl" -exec pip install --no-deps {} + >&2 && pip-compile --allow-unsafe --no-build-isolation -q >&2 && cat requirements.txt' \ < <(bsdtar -cf - -C $(@D) requirements.in requirements.txt) \ > $@; } clean: python/.requirements.txt.stamp.rm python/requirements.txt: python/%: python/.%.stamp $(tools/copy-ifchanged) + @echo "==== python/requirements.txt in main.mk, as $@: $^" $(tools/copy-ifchanged) $< $@ .PRECIOUS: python/requirements.txt docker/base-pip/requirements.txt: python/requirements.txt $(tools/copy-ifchanged) $(tools/copy-ifchanged) $< $@ clean: docker/base-pip/requirements.txt.rm + docker/.base-pip.docker.stamp: docker/.%.docker.stamp: docker/%/Dockerfile docker/%/requirements.txt docker/base-python.docker.tag.local + @echo "==== docker/.base-pip.docker.stamp in main.mk, as $@: $^" docker build --platform="$(BUILD_ARCH)" --build-arg=from="$$(sed -n 2p docker/base-python.docker.tag.local)" --iidfile=$@ $(> "$@" # Make sure the ID file ends with a newline. clobber: docker/base-pip.docker.clean # The Helm chart diff --git a/tools/src/copy-ifchanged.sh b/tools/src/copy-ifchanged.sh index d6189246cb..2581326f14 100644 --- a/tools/src/copy-ifchanged.sh +++ b/tools/src/copy-ifchanged.sh @@ -7,5 +7,6 @@ if ! cmp -s "$1" "$2"; then diff -u "$2" "$1" >&2 exit 1 fi + echo " $2 changed, copying in $1" cp -f "$1" "$2" fi diff --git a/tools/src/write-ifchanged.sh b/tools/src/write-ifchanged.sh index 306623e5f2..f4d8ad47f5 100644 --- a/tools/src/write-ifchanged.sh +++ b/tools/src/write-ifchanged.sh @@ -27,5 +27,6 @@ else diff -u "$outfile" "$tmpfile" >&2 exit 1 fi + echo " $outfile contents changed" mv -f "$tmpfile" "$outfile" fi From f10470cdd8254cbc2c2ae1d94017fea08a3ed87f Mon Sep 17 00:00:00 2001 From: Flynn Date: Fri, 22 Apr 2022 15:50:02 -0400 Subject: [PATCH 28/39] Fixups to image stamping Signed-off-by: Flynn --- build-aux/main.mk | 14 +++++++++++--- builder/builder.mk | 22 ++++++++++++++-------- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/build-aux/main.mk b/build-aux/main.mk index 16c721f5f8..b27c79b9b2 100644 --- a/build-aux/main.mk +++ b/build-aux/main.mk @@ -66,9 +66,15 @@ clean: $(foreach img,$(_ocibuild-images),docker/$(img).img.tar.clean) # base: Base OS; none of our specific stuff. Used for auxiliar test images # that don't need Emissary-specific stuff. -docker/.base.img.tar.stamp: FORCE $(tools/crane) docker/base-python/Dockerfile - $(tools/crane) pull $(shell gawk '$$1 == "FROM" { print $$2; quit; }' < docker/base-python/Dockerfile) $@ || test -e $@ -clobber: docker/base.img.tar.clean +docker/.base.img.tar.stamp: FORCE $(tools/crane) $(tools/copy-ifchanged) docker/base-python/Dockerfile + @echo "==== docker/.base.img.tar.stamp in main.mk, as $@: $^" + @set -ex -o pipefail; { \ + to_pull=$$(gawk '$$1 == "FROM" { print $$2; quit; }' < docker/base-python/Dockerfile) ;\ + $(tools/crane) pull $$to_pull /tmp/crane-base-pull ;\ + test -e /tmp/crane-base-pull ;\ + docker load < /tmp/crane-base-pull ;\ + docker save $$to_pull > $@ ;\ + } # base-python: Base OS, plus some Emissary-specific setup of # low-level/expensive pieces of the Python environment. This does NOT @@ -113,7 +119,9 @@ python/requirements.txt: python/%: python/.%.stamp $(tools/copy-ifchanged) @echo "==== python/requirements.txt in main.mk, as $@: $^" $(tools/copy-ifchanged) $< $@ .PRECIOUS: python/requirements.txt + docker/base-pip/requirements.txt: python/requirements.txt $(tools/copy-ifchanged) + @echo "==== docker/base-pip/requirements.txt in main.mk, as $@: $^" $(tools/copy-ifchanged) $< $@ clean: docker/base-pip/requirements.txt.rm diff --git a/builder/builder.mk b/builder/builder.mk index dece1c2632..68fa55e9bc 100644 --- a/builder/builder.mk +++ b/builder/builder.mk @@ -247,9 +247,10 @@ _images = base-envoy $(LCNAME) kat-client kat-server $(foreach i,$(_images), docker/$i.docker.tag.local ): docker/%.docker.tag.local : docker/%.docker $(foreach i,$(_images), docker/$i.docker.tag.remote ): docker/%.docker.tag.remote: docker/%.docker -docker/.base-envoy.docker.stamp: FORCE - @set -e; { \ - if docker image inspect $(ENVOY_DOCKER_TAG) --format='{{ .Id }}' >$@ 2>/dev/null; then \ +docker/.base-envoy.docker.stamp: $(tools/write-ifchanged) FORCE + @echo "==== docker/.base-envoy.docker.stamp in builder.mk, as $@: $^" + @set -e -o pipefail; { \ + if docker image inspect $(ENVOY_DOCKER_TAG) --format='{{ .Id }}' >/dev/null 2>&1; then \ printf "${CYN}==> ${GRN}Base Envoy image is already pulled${END}\n"; \ else \ printf "${CYN}==> ${GRN}Pulling base Envoy image${END}\n"; \ @@ -257,23 +258,28 @@ docker/.base-envoy.docker.stamp: FORCE time docker pull $(ENVOY_DOCKER_TAG); \ unset TIMEFORMAT; \ fi; \ - echo $(ENVOY_DOCKER_TAG) >$@; \ + docker image inspect $(ENVOY_DOCKER_TAG) --format='{{ .Id }}' | $(tools/write-ifchanged) $@; \ } clobber: docker/base-envoy.docker.clean -docker/.$(LCNAME).docker.stamp: %/.$(LCNAME).docker.stamp: %/base.docker.tag.local %/base-envoy.docker.tag.local %/base-pip.docker.tag.local python/ambassador.version $(BUILDER_HOME)/Dockerfile $(OSS_HOME)/build-aux/py-version.txt $(tools/dsum) FORCE +docker/.$(LCNAME).docker.stamp: %/.$(LCNAME).docker.stamp: %/base.docker.tag.local %/base-envoy.docker.tag.local %/base-pip.docker.tag.local python/ambassador.version $(BUILDER_HOME)/Dockerfile $(OSS_HOME)/build-aux/py-version.txt $(tools/dsum) + @echo "==== docker/.$(LCNAME).docker.stamp in builder.mk, as $@: $^" + @echo "Dependencies:" + @-ls -l $^ @printf "${CYN}==> ${GRN}Building image ${BLU}$(LCNAME)${END}\n" @printf " ${BLU}base=$$(sed -n 2p $*/base.docker.tag.local)${END}\n" - @printf " ${BLU}envoy=$$(cat $*/base-envoy.docker)${END}\n" + @printf " ${BLU}envoy=$$(sed -n 2p $*/base-envoy.docker.tag.local)${END}\n" @printf " ${BLU}builderbase=$$(sed -n 2p $*/base-pip.docker.tag.local)${END}\n" { $(tools/dsum) '$(LCNAME) build' 3s \ docker build -f ${BUILDER_HOME}/Dockerfile . \ --platform="$(BUILD_ARCH)" \ --build-arg=base="$$(sed -n 2p $*/base.docker.tag.local)" \ - --build-arg=envoy="$$(cat $*/base-envoy.docker)" \ + --build-arg=envoy="$$(sed -n 2p $*/base-envoy.docker.tag.local)" \ --build-arg=builderbase="$$(sed -n 2p $*/base-pip.docker.tag.local)" \ --build-arg=py_version="$$(cat build-aux/py-version.txt)" \ - --iidfile=$@; } + --iidfile=$@; \ + echo "" >> "$@" # Make sure the ID file ends with a newline. \ + } clean: docker/$(LCNAME).docker.clean REPO=$(BUILDER_NAME) From 48208a92276893547248376bb26cbe88ef589e52 Mon Sep 17 00:00:00 2001 From: Flynn Date: Fri, 22 Apr 2022 15:50:56 -0400 Subject: [PATCH 29/39] docker-import and docker-export Signed-off-by: Flynn --- build-aux/tools.mk | 2 + builder/builder.mk | 36 ++++---- tools/src/docker-export/main.go | 150 ++++++++++++++++++++++++++++++++ tools/src/docker-import.sh | 73 ++++++++++++++++ 4 files changed, 242 insertions(+), 19 deletions(-) create mode 100644 tools/src/docker-export/main.go create mode 100644 tools/src/docker-import.sh diff --git a/build-aux/tools.mk b/build-aux/tools.mk index 91a3bafd5e..60c6cfe8e1 100644 --- a/build-aux/tools.mk +++ b/build-aux/tools.mk @@ -33,6 +33,7 @@ go-mod-tidy/tools/%: # tools/copy-ifchanged = $(tools.bindir)/copy-ifchanged tools/devversion = $(tools.bindir)/devversion +tools/docker-import = $(tools.bindir)/docker-import tools/docker-promote = $(tools.bindir)/docker-promote tools/move-ifchanged = $(tools.bindir)/move-ifchanged tools/tap-driver = $(tools.bindir)/tap-driver @@ -77,6 +78,7 @@ $(tools.main-gomod): $(tools.bindir)/%: $(tools.srcdir)/%/pin.go $(OSS_HOME)/go. # Local Go sources # ================ # +tools/docker-export = $(tools.bindir)/docker-export tools/dsum = $(tools.bindir)/dsum tools/filter-yaml = $(tools.bindir)/filter-yaml tools/fix-crds = $(tools.bindir)/fix-crds diff --git a/builder/builder.mk b/builder/builder.mk index 68fa55e9bc..69cb36be9b 100644 --- a/builder/builder.mk +++ b/builder/builder.mk @@ -308,30 +308,28 @@ push-dev: docker/$(LCNAME).docker.tag.local docker push '$(DEV_REGISTRY)/$(LCNAME):$(patsubst v%,%,$(VERSION))' .PHONY: push-dev -export-docker: docker/$(LCNAME).docker.tag.local +docker-export: images $(tools/docker-export) + @if [ -z "$$VERSION_FILE" ]; then printf '$(RED)$@: VERSION_FILE is not set$(END)\n'; exit 1; fi; @if [ -z "$$EXPORT_FILE" ]; then printf '$(RED)$@: EXPORT_FILE is not set$(END)\n'; exit 1; fi; - @printf '$(CYN)==> $(GRN)exporting $(BLU)%s$(GRN) as $(BLU)%s$(GRN)...$(END)\n' '$(LCNAME)' "$$EXPORT_FILE" - docker save $$(cat docker/$(LCNAME).docker) -o "$$EXPORT_FILE" -.PHONY: export-docker + @printf '$(CYN)==> $(GRN)exporting Docker build state as $(BLU)%s$(GRN)...$(END)\n' "$$EXPORT_FILE" + $(tools/docker-export) + @set -ex -o pipefail ; { \ + cd docker ;\ + echo "$(VERSION)" > "$$VERSION_FILE" ;\ + tar cf "$$EXPORT_FILE" images.tar images.sh ;\ + } +.PHONY: docker-export -import-docker: +docker-import: $(tools/docker-import) @if [ -z "$$IMPORT_FILE" ]; then printf '$(RED)$@: IMPORT_FILE is not set$(END)\n'; exit 1; fi; - @{ set -e ; \ - # repotags=$$(bsdtar -xzO -f "$$IMPORT_FILE" manifest.json | jq '.[0].RepoTags[0]') ;\ - hash=$$(bsdtar -xzO -f "$$IMPORT_FILE" manifest.json | jq '.[0].Config' | tr -d '"' | sed -e 's/\.json$$//') ;\ - test -n "$$hash" ;\ - imgid="sha256:$$hash" ;\ - imgtag="$(BUILDER_NAME).local/$(LCNAME)" ;\ + @set -ex -o pipefail ; { \ printf '$(CYN)==> $(GRN)importing $(BLU)%s$(GRN) as $(BLU)%s$(GRN)...$(END)\n' "$$IMPORT_FILE" "$$imgid" ;\ - docker load -i "$$IMPORT_FILE" ;\ - printf '$(CYN)==> $(GRN)tagging as $(BLU)%s$(GRN)...$(END)\n' "$$imgtag" ;\ - docker tag "$$imgid" "$$imgtag" ;\ - printf '$(CYN)==> $(GRN)stamping $(BLU)%s$(GRN)...$(END)\n' "$$imgtag" ;\ - echo "$$imgid" > docker/$(LCNAME).docker ;\ - ( echo "$$imgid" ; echo "$$imgtag" ) > docker/$(LCNAME).docker.tag.local ;\ - cp docker/$(LCNAME).docker docker/.$(LCNAME).docker.stamp ;\ + cd docker ;\ + tar xf "$$IMPORT_FILE" ;\ + $(tools/docker-import) ;\ + rm -f images.sh images.tar ;\ } -.PHONY: import-docker +.PHONY: docker-import export KUBECONFIG_ERR=$(RED)ERROR: please set the $(BLU)DEV_KUBECONFIG$(RED) make/env variable to the cluster\n you would like to use for development. Note this cluster must have access\n to $(BLU)DEV_REGISTRY$(RED) (currently $(BLD)$(DEV_REGISTRY)$(END)$(RED))$(END) export KUBECTL_ERR=$(RED)ERROR: preflight kubectl check failed$(END) diff --git a/tools/src/docker-export/main.go b/tools/src/docker-export/main.go new file mode 100644 index 0000000000..5e6f692333 --- /dev/null +++ b/tools/src/docker-export/main.go @@ -0,0 +1,150 @@ +package main + +import ( + "encoding/json" + "fmt" + "io" + "os" + "os/exec" + "path/filepath" + "sort" + "strings" +) + +type DockerInspect struct { + Id string + RepoTags []string + RepoDigests []string +} + +func sort_u(in []string) []string { + set := make(map[string]struct{}, len(in)) + for _, item := range in { + set[item] = struct{}{} + } + out := make([]string, 0, len(set)) + for item := range set { + out = append(out, item) + } + sort.Strings(out) + return out +} + +func Main() error { + // 1. Get the "docker inspect" for all images + bs, err := exec.Command("docker", "image", "ls", "--filter=dangling=false", "--format={{ .ID }}").Output() + if err != nil { + return err + } + ids := sort_u(strings.Split(strings.TrimSpace(string(bs)), "\n")) + bs, err = exec.Command("docker", append([]string{"image", "inspect"}, ids...)...).Output() + if err != nil { + return err + } + var infos []DockerInspect + if err := json.Unmarshal(bs, &infos); err != nil { + return err + } + + // 2. Decide what to do with each image + workspacePull := make(map[string]struct{}) // pull these images from remote registries... + workspaceTag := make(map[string]string) // ... then tag them with these names + workspaceLoad := make(map[string]struct{}) // store these images locally with 'docker image save'/'docker image load' + + for _, info := range infos { + b, _ := json.Marshal(info) + fmt.Printf("- check %s: %s\n", info.Id, b) + if len(info.RepoDigests) > 0 { + repoDigest := info.RepoDigests[0] + fmt.Printf(" - pull %s\n", repoDigest) + workspacePull[repoDigest] = struct{}{} + for _, tag := range info.RepoTags { + fmt.Printf(" - tag %s\n", tag) + workspaceTag[tag] = info.Id + } + } else { + for _, tag := range info.RepoTags { + fmt.Printf(" - load %s\n", tag) + workspaceLoad[tag] = struct{}{} + } + } + } + + // 3. Record and do those things + + // Write the pull/tag steps to a file + err = func() error { + var lines []string + for pull := range workspacePull { + lines = append(lines, fmt.Sprintf("docker image pull %s\n", pull)) + } + for tag, id := range workspaceTag { + lines = append(lines, fmt.Sprintf("docker image tag %s %s\n", id, tag)) + } + sort.Strings(lines) // NB: relying on "pull" sorting before "tag" + + lines = append([]string{ + "#!/usr/bin/env bash\n", + "set -ex\n", + }, lines...) + + restoreSh, err := os.OpenFile("docker/images.sh", os.O_CREATE|os.O_WRONLY, 0777) + if err != nil { + return err + } + defer restoreSh.Close() + for _, line := range lines { + if _, err := io.WriteString(restoreSh, line); err != nil { + return err + } + } + + return nil + }() + if err != nil { + return err + } + + // Run 'docker image save' + err = func() error { + localImages := make([]string, 0, len(workspaceLoad)) + for image := range workspaceLoad { + fmt.Printf("- save %s\n", image) + localImages = append(localImages, image) + } + sort.Strings(localImages) + + fmt.Printf("local images:\n") + for _, image := range localImages { + fmt.Printf("- %s\n", image) + } + + restoreTar, err := os.OpenFile("docker/images.tar", os.O_CREATE|os.O_WRONLY, 0666) + if err != nil { + return err + } + defer restoreTar.Close() + + cmd := exec.Command("docker", append([]string{"image", "save"}, localImages...)...) + cmd.Stdout = restoreTar + cmd.Stderr = os.Stderr + + if err := cmd.Run(); err != nil { + return err + } + + return nil + }() + if err != nil { + return err + } + + return nil +} + +func main() { + if err := Main(); err != nil { + fmt.Fprintf(os.Stderr, "%s: error: %v\n", filepath.Base(os.Args[0]), err) + os.Exit(1) + } +} diff --git a/tools/src/docker-import.sh b/tools/src/docker-import.sh new file mode 100644 index 0000000000..a55ebf77f9 --- /dev/null +++ b/tools/src/docker-import.sh @@ -0,0 +1,73 @@ +#!/usr/bin/env bash +set -ex + +# Load the images +docker image load < docker/images.tar +./docker/images.sh + +stamp_docker () { + tag="$1" + stamp_base="$2" + + hash=$(docker image inspect --format='{{ .Id }}' "$tag") + + for stamp_file in ".$stamp_base.docker.stamp" "$stamp_base.docker" "$stamp_base.docker.tag.local"; do + echo "Stamping $tag as docker/$stamp_file" + echo "$hash" > "docker/$stamp_file" + # sleep 1 + done + + tag_file="docker/$stamp_base.docker.tag.local" + echo "Adding tag to $tag_file" + echo "$tag" >> "$tag_file" +} + +stamp_image () { + tag="$1" + stamp_base="$2" + + hash=$(docker image inspect --format='{{ .Id }}' "$tag") + + for tarfile in "docker/$stamp_base.img.tar" "docker/.$stamp_base.img.tar.stamp"; do + echo "Copying $tag to $tarfile" + docker save "$tag" > "$tarfile" + done +} + +# ORDER MATTERS HERE +stamp_image frolvlad/alpine-glibc:alpine-3.15 base # This MUST be frolvlad, not emissary.local/base +stamp_image emissary.local/kat-client kat-client +stamp_image emissary.local/kat-server kat-server + +stamp_docker emissary.local/base-envoy base-envoy +stamp_docker emissary.local/base-python base-python +stamp_docker emissary.local/base-pip base-pip +stamp_docker emissary.local/base base +stamp_docker emissary.local/emissary emissary +stamp_docker emissary.local/kat-client kat-client +stamp_docker emissary.local/kat-server kat-server + +# # Resume the build container +# if [[ -z "$DEV_REGISTRY" ]]; then +# export DEV_REGISTRY=127.0.0.1:31000 +# export BASE_REGISTRY=docker.io/datawiredev +# fi +# rm -f docker/container.txt docker/container.txt.stamp +# make docker/container.txt +# docker run \ +# --rm \ +# --volume=/var/run/docker.sock:/var/run/docker.sock \ +# --user=root \ +# --entrypoint=rsync $(cat docker/snapshot.docker) \ +# -a -xx --exclude=/etc/{resolv.conf,hostname,hosts} --delete \ +# --blocking-io -e 'docker exec -i --user=root' / "$(cat docker/container.txt):/" +# docker exec "$(cat docker/container.txt)" rm -f /buildroot/image.dirty +# # Load the cache volume +# docker run \ +# --rm \ +# --volumes-from=$(cat docker/container.txt) \ +# --volume="$PWD/docker":/mnt \ +# --user=root \ +# --workdir=/home/dw \ +# --entrypoint=tar $(cat docker/snapshot.docker) -xf /mnt/volume.tar +# rm -f docker/volume.tar From 32dcdc28b9865b09962c7191fc0b38bb98d7715e Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 2 Aug 2022 14:00:01 -0400 Subject: [PATCH 30/39] Un-break the CHART_VERSION Signed-off-by: Flynn --- Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/Makefile b/Makefile index f042ab1c30..e7aac2cab9 100644 --- a/Makefile +++ b/Makefile @@ -26,7 +26,6 @@ ifneq ($(MAKECMDGOALS),$(OSS_HOME)/build-aux/go-version.txt) $(error VERSION variable is invalid: It must not contain + characters, but is '$(VERSION)'),) export VERSION - CHART_VERSION=v7.9.9-broken.0 CHART_VERSION := $(or $(CHART_VERSION),$(shell go run ./tools/src/goversion --dir-prefix=chart)) $(if $(filter v8.%,$(CHART_VERSION)),\ ,$(error CHART_VERSION variable is invalid: It must be a v8.* string, but is '$(CHART_VERSION)')) From 53cffb8ea494929a2bfabe2603913aca59cea4ae Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 2 Aug 2022 14:19:14 -0400 Subject: [PATCH 31/39] Fix effing docker-export stuff Signed-off-by: Flynn --- .github/workflows/execute-tests-and-promote.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index 72e563a7f2..9936ce6e6f 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -272,7 +272,7 @@ jobs: - name: "Build and export Docker image" shell: bash run: | - make DEV_REGISTRY=localhost:5000 EXPORT_FILE=/tmp/docker-img export-docker + make DEV_REGISTRY=localhost:5000 EXPORT_FILE=/tmp/docker-img docker-export - name: "Upload Docker image" uses: actions/upload-artifact@v2 with: From a07f319d8bc47502fbce87058896c03398b83bbd Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 2 Aug 2022 14:27:11 -0400 Subject: [PATCH 32/39] Drop VERSION_FILE ($VERSION should work now) Signed-off-by: Flynn --- builder/builder.mk | 2 -- 1 file changed, 2 deletions(-) diff --git a/builder/builder.mk b/builder/builder.mk index 69cb36be9b..7a6f40c20d 100644 --- a/builder/builder.mk +++ b/builder/builder.mk @@ -309,13 +309,11 @@ push-dev: docker/$(LCNAME).docker.tag.local .PHONY: push-dev docker-export: images $(tools/docker-export) - @if [ -z "$$VERSION_FILE" ]; then printf '$(RED)$@: VERSION_FILE is not set$(END)\n'; exit 1; fi; @if [ -z "$$EXPORT_FILE" ]; then printf '$(RED)$@: EXPORT_FILE is not set$(END)\n'; exit 1; fi; @printf '$(CYN)==> $(GRN)exporting Docker build state as $(BLU)%s$(GRN)...$(END)\n' "$$EXPORT_FILE" $(tools/docker-export) @set -ex -o pipefail ; { \ cd docker ;\ - echo "$(VERSION)" > "$$VERSION_FILE" ;\ tar cf "$$EXPORT_FILE" images.tar images.sh ;\ } .PHONY: docker-export From f56c08d98e5ad1bdc2e5356a13f5ff1d26b4cea5 Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 2 Aug 2022 14:51:41 -0400 Subject: [PATCH 33/39] if-no-files-found fix Signed-off-by: Flynn --- .github/workflows/execute-tests-and-promote.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index 9936ce6e6f..fe79d36e0c 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -278,7 +278,7 @@ jobs: with: name: docker.image path: /tmp/docker-img - if-no-files-found: fail + if-no-files-found: error - uses: ./.github/actions/after-job if: always() From 8e9faef693a3615877bedfc12e4c2641ef971df1 Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 2 Aug 2022 15:21:38 -0400 Subject: [PATCH 34/39] Clean images.tar and images.sh Signed-off-by: Flynn --- builder/builder.mk | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/builder/builder.mk b/builder/builder.mk index 7a6f40c20d..b94a281ada 100644 --- a/builder/builder.mk +++ b/builder/builder.mk @@ -318,6 +318,10 @@ docker-export: images $(tools/docker-export) } .PHONY: docker-export +docker-export.clean: + rm -f docker/images.tar docker/images.sh +clean: docker-export.clean + docker-import: $(tools/docker-import) @if [ -z "$$IMPORT_FILE" ]; then printf '$(RED)$@: IMPORT_FILE is not set$(END)\n'; exit 1; fi; @set -ex -o pipefail ; { \ From 6aab0eb063937accad2680b8091288095e5bcaff Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 2 Aug 2022 16:09:23 -0400 Subject: [PATCH 35/39] Drop the registry before running the after-job check. Signed-off-by: Flynn --- .github/actions/drop-registry/action.yml | 30 +++++++++++++++++++ .../workflows/execute-tests-and-promote.yml | 9 ++++++ 2 files changed, 39 insertions(+) create mode 100644 .github/actions/drop-registry/action.yml diff --git a/.github/actions/drop-registry/action.yml b/.github/actions/drop-registry/action.yml new file mode 100644 index 0000000000..3617880c69 --- /dev/null +++ b/.github/actions/drop-registry/action.yml @@ -0,0 +1,30 @@ +name: 'Drop Registry' +description: >- + Drop the internal registry, so that the after-job checks will not complain. +runs: + using: "composite" + steps: + - name: "Drop registry" + shell: bash + run: | + if [[ -n "$(docker container list --all --quiet)" ]]; then + for container in $(docker container list --all --format '{{.ID}},{{.Image}}'); do + id=$(echo "$container" | cut -d, -f1) + image=$(echo "$container" | cut -d, -f2) + if [[ "$image" == registry:* ]]; then + # echo "DOCKER CONTAINER:" + # docker inspect "$id" + + volnames=$(docker inspect --format='{{ range $m := .Mounts}}{{$m.Name}}{{"\n"}}{{end}}' "$id") + + echo "Dropping registry container $id ($image)" + docker kill "$id" && docker container rm "$id" + + for volname in $volnames; do + echo "Dropping volume $volname" + docker volume rm "$volname" + done + fi + done + fi + diff --git a/.github/workflows/execute-tests-and-promote.yml b/.github/workflows/execute-tests-and-promote.yml index fe79d36e0c..b832b3f28c 100644 --- a/.github/workflows/execute-tests-and-promote.yml +++ b/.github/workflows/execute-tests-and-promote.yml @@ -94,6 +94,9 @@ jobs: - name: Pull Docker image uses: ./.github/actions/download-docker - run: make check-envoy-version + - name: "Drop registry" + uses: ./.github/actions/drop-registry + if: always() - uses: ./.github/actions/after-job if: always() @@ -211,6 +214,9 @@ jobs: export DEV_REGISTRY=${{ secrets.DEV_REGISTRY }} export PYTEST_ARGS=' --cov-branch --cov=ambassador --cov-report html:/tmp/cov_html ' make pytest-${{ matrix.test }} > /tmp/test-logs/pytest-unit.log 2>&1 + - name: "Drop registry" + uses: ./.github/actions/drop-registry + if: always() - uses: ./.github/actions/after-job if: always() with: @@ -279,6 +285,9 @@ jobs: name: docker.image path: /tmp/docker-img if-no-files-found: error + - name: "Drop registry" + uses: ./.github/actions/drop-registry + if: always() - uses: ./.github/actions/after-job if: always() From 3e41a683d9fd4914f58a6b767a0987b60aa375eb Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 2 Aug 2022 17:55:55 -0400 Subject: [PATCH 36/39] Fix docker-import name :facepalm: Signed-off-by: Flynn --- .github/actions/download-docker/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/download-docker/action.yml b/.github/actions/download-docker/action.yml index 71197d1874..653d5470ab 100644 --- a/.github/actions/download-docker/action.yml +++ b/.github/actions/download-docker/action.yml @@ -13,4 +13,4 @@ runs: shell: bash run: | ls -l /tmp/docker-img - make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img/docker-img import-docker + make DEV_REGISTRY=localhost:5000 IMPORT_FILE=/tmp/docker-img/docker-img docker-import From 72020e5e2c45aaa750578ea87f69cc0998251dd7 Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 2 Aug 2022 18:26:09 -0400 Subject: [PATCH 37/39] Fix docker-import paths :facepalm: Signed-off-by: Flynn --- builder/builder.mk | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/builder/builder.mk b/builder/builder.mk index b94a281ada..f4982511fd 100644 --- a/builder/builder.mk +++ b/builder/builder.mk @@ -325,9 +325,8 @@ clean: docker-export.clean docker-import: $(tools/docker-import) @if [ -z "$$IMPORT_FILE" ]; then printf '$(RED)$@: IMPORT_FILE is not set$(END)\n'; exit 1; fi; @set -ex -o pipefail ; { \ - printf '$(CYN)==> $(GRN)importing $(BLU)%s$(GRN) as $(BLU)%s$(GRN)...$(END)\n' "$$IMPORT_FILE" "$$imgid" ;\ - cd docker ;\ - tar xf "$$IMPORT_FILE" ;\ + printf '$(CYN)==> $(GRN)importing $(BLU)%s$(GRN)...$(END)\n' "$$IMPORT_FILE" ;\ + tar -C docker -xf "$$IMPORT_FILE" ;\ $(tools/docker-import) ;\ rm -f images.sh images.tar ;\ } From fcbc4630fb1aaf0a0c951f122346a6d96f084cd1 Mon Sep 17 00:00:00 2001 From: Flynn Date: Tue, 2 Aug 2022 21:27:24 -0400 Subject: [PATCH 38/39] Correct frolvlad stamp name Signed-off-by: Flynn --- tools/src/docker-import.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/src/docker-import.sh b/tools/src/docker-import.sh index a55ebf77f9..0049d00130 100644 --- a/tools/src/docker-import.sh +++ b/tools/src/docker-import.sh @@ -35,7 +35,7 @@ stamp_image () { } # ORDER MATTERS HERE -stamp_image frolvlad/alpine-glibc:alpine-3.15 base # This MUST be frolvlad, not emissary.local/base +stamp_image frolvlad/alpine-glibc:alpine-3.15_glibc-2.34 base # This MUST be frolvlad, not emissary.local/base stamp_image emissary.local/kat-client kat-client stamp_image emissary.local/kat-server kat-server From ef19b862d84bfc023da6218b2ea25af552be4957 Mon Sep 17 00:00:00 2001 From: Flynn Date: Fri, 17 Feb 2023 14:35:52 -0500 Subject: [PATCH 39/39] Kick CI Signed-off-by: Flynn --- .github/actions/download-docker/action.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/actions/download-docker/action.yml b/.github/actions/download-docker/action.yml index 653d5470ab..2c47fc674b 100644 --- a/.github/actions/download-docker/action.yml +++ b/.github/actions/download-docker/action.yml @@ -1,6 +1,8 @@ name: setup-deps description: "Load Docker image" +# Empty comment, please ignore this + runs: using: "composite" steps: