diff --git a/.conform.yaml b/.conform.yaml index 96ced0e..5de11a7 100644 --- a/.conform.yaml +++ b/.conform.yaml @@ -1,15 +1,48 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-07-01T07:41:11Z by kres 4c9f215. + policies: -- type: commit - spec: - headerLength: 89 - dco: true - gpg: false - imperative: true - conventional: - types: - - chore - - docs - - perf - - refactor - - style - - test + - type: commit + spec: + dco: true + gpg: + required: true + identity: + gitHubOrganization: siderolabs + spellcheck: + locale: US + maximumOfOneCommit: true + header: + length: 89 + imperative: true + case: lower + invalidLastCharacters: . + body: + required: true + conventional: + types: + - chore + - docs + - perf + - refactor + - style + - test + - release + scopes: + - .* + - type: license + spec: + root: . + skipPaths: + - .git/ + - testdata/ + includeSuffixes: + - .go + excludeSuffixes: + - .pb.go + - .pb.gw.go + header: | + // This Source Code Form is subject to the terms of the Mozilla Public + // License, v. 2.0. If a copy of the MPL was not distributed with this + // file, You can obtain one at http://mozilla.org/MPL/2.0/. diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 5d0a788..0000000 --- a/.drone.yml +++ /dev/null @@ -1,142 +0,0 @@ -kind: pipeline -name: default -type: kubernetes - -platform: - os: linux - arch: amd64 - -steps: - - name: setup-ci - image: autonomy/build-container:latest - commands: - - git fetch --tags - - install-ci-key - - setup-ci - volumes: - - name: outer-docker-socket - path: /var/outer-run - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: buildx - path: /root/.docker/buildx - - - name: build-dry-run - image: autonomy/build-container:latest - pull: always - volumes: - - name: outer-docker-socket - path: /var/outer-run - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: buildx - path: /root/.docker/buildx - commands: - - docker buildx build -f Dockerfile -t autonomy/build-container . - - docker buildx build -f Dockerfile.actions-runner-ubuntu-22.04 -t autonomy/build-container:actions-runner-ubuntu-22.04 . - when: - event: - - pull_request - - - name: build-and-push - image: autonomy/build-container:latest - pull: always - volumes: - - name: outer-docker-socket - path: /var/outer-run - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: buildx - path: /root/.docker/buildx - environment: - DOCKER_USERNAME: - from_secret: docker_username - DOCKER_PASSWORD: - from_secret: docker_password - commands: - - docker login --username "$${DOCKER_USERNAME}" --password "$${DOCKER_PASSWORD}" - - docker buildx build -f Dockerfile -t autonomy/build-container --push . - - docker buildx build -f Dockerfile.actions-runner-ubuntu-22.04 -t autonomy/build-container:actions-runner-ubuntu-22.04 --push . - when: - event: - exclude: - - pull_request - -trigger: - branch: - exclude: - - renovate/* - - dependabot/* - -services: -- name: docker - image: docker:20.10-dind - entrypoint: - - dockerd - commands: - - --dns=8.8.8.8 - - --dns=8.8.4.4 - - --mtu=1500 - - --log-level=error - privileged: true - volumes: - - name: docker-socket - path: /var/run - - name: outer-docker-socket - path: /var/outer-run - - name: buildx - path: /root/.docker/buildx - - name: ssh - path: /root/.ssh - -volumes: - - name: outer-docker-socket - host: - path: /var/ci-docker - - name: docker-socket - temp: - medium: memory - - name: buildx - temp: - medium: memory - - name: ssh - temp: - medium: memory - ---- -kind: pipeline -name: notify -type: kubernetes - -clone: - disable: true - -steps: - - name: slack - image: plugins/slack - settings: - webhook: - from_secret: slack_webhook - channel: proj-talos-maintainers - when: - status: - - success - - failure - -trigger: - branch: - exclude: - - renovate/* - - dependabot/* - status: - - success - - failure - -depends_on: - - default diff --git a/.github/renovate.json b/.github/renovate.json index b80bb71..aa0b238 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -10,7 +10,7 @@ "regexManagers": [ { "fileMatch": [ - "^Dockerfile.*$" + "^Dockerfile$" ], "matchStrings": [ "#\\s+renovate:\\s+datasource=(?.*?)\\s+depName=(?.*?)(?:\\s+versioning=(?.*?))?(?:\\s+extractVersion=(?.*?))?\\sARG\\s+.*?_VERSION=(?.*)" diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..95afb71 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,85 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-07-01T07:42:50Z by kres 4c9f215. + +name: default +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + push: + branches: + - main + - release-* + tags: + - v* + pull_request: + branches: + - main + - release-* +jobs: + default: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - pkgs + if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) + steps: + - name: gather-system-info + id: system-info + uses: kenchan0130/actions-system-info@v1.3.0 + continue-on-error: true + - name: print-system-info + run: | + MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024)) + + OUTPUTS=( + "CPU Core: ${{ steps.system-info.outputs.cpu-core }}" + "CPU Model: ${{ steps.system-info.outputs.cpu-model }}" + "Hostname: ${{ steps.system-info.outputs.hostname }}" + "NodeName: ${NODE_NAME}" + "Kernel release: ${{ steps.system-info.outputs.kernel-release }}" + "Kernel version: ${{ steps.system-info.outputs.kernel-version }}" + "Name: ${{ steps.system-info.outputs.name }}" + "Platform: ${{ steps.system-info.outputs.platform }}" + "Release: ${{ steps.system-info.outputs.release }}" + "Total memory: ${MEMORY_GB} GB" + ) + + for OUTPUT in "${OUTPUTS[@]}";do + echo "${OUTPUT}" + done + continue-on-error: true + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: build + run: | + make + - name: login-to-registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + username: ${{ github.repository_owner }} + - name: push + if: github.event_name != 'pull_request' + env: + PUSH: "true" + run: | + make diff --git a/.github/workflows/slack-notify.yaml b/.github/workflows/slack-notify.yaml new file mode 100644 index 0000000..d5ecccc --- /dev/null +++ b/.github/workflows/slack-notify.yaml @@ -0,0 +1,92 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-07-01T07:41:11Z by kres 4c9f215. + +name: slack-notify +"on": + workflow_run: + workflows: + - default + types: + - completed +jobs: + slack-notify: + runs-on: + - self-hosted + - generic + if: github.event.workflow_run.conclusion != 'skipped' + steps: + - name: Get PR number + id: get-pr-number + if: github.event.workflow_run.event == 'pull_request' + env: + GH_TOKEN: ${{ github.token }} + run: | + echo pull_request_number=$(gh pr view -R ${{ github.repository }} ${{ github.event.workflow_run.head_repository.owner.login }}:${{ github.event.workflow_run.head_branch }} --json number --jq .number) >> $GITHUB_OUTPUT + - name: Slack Notify + uses: slackapi/slack-github-action@v1 + with: + channel-id: proj-talos-maintainers + payload: | + { + "attachments": [ + { + "color": "${{ github.event.workflow_run.conclusion == 'success' && '#2EB886' || github.event.workflow_run.conclusion == 'failure' && '#A30002' || '#FFCC00' }}", + "fallback": "test", + "blocks": [ + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "${{ github.event.workflow_run.event == 'pull_request' && format('*Pull Request:* {0} (`{1}`)\n<{2}/pull/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, steps.get-pr-number.outputs.pull_request_number, github.event.workflow_run.display_title) || format('*Build:* {0} (`{1}`)\n<{2}/commit/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, github.sha, github.event.workflow_run.display_title) }}" + }, + { + "type": "mrkdwn", + "text": "*Status:*\n`${{ github.event.workflow_run.conclusion }}`" + } + ] + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*Author:*\n`${{ github.actor }}`" + }, + { + "type": "mrkdwn", + "text": "*Event:*\n`${{ github.event.workflow_run.event }}`" + } + ] + }, + { + "type": "divider" + }, + { + "type": "actions", + "elements": [ + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Logs" + }, + "url": "${{ github.event.workflow_run.html_url }}" + }, + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Commit" + }, + "url": "${{ github.event.repository.html_url }}/commit/${{ github.sha }}" + } + ] + } + ] + } + ] + } + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/.kres.yaml b/.kres.yaml new file mode 100644 index 0000000..4f925f1 --- /dev/null +++ b/.kres.yaml @@ -0,0 +1,30 @@ +--- +kind: auto.CI +spec: + compileGHWorkflowsOnly: true +--- +kind: common.GHWorkflow +spec: + jobs: + - name: default + buildxOptions: + enabled: true + runners: + - self-hosted + - pkgs + steps: + - name: build + nonMakeStep: true + command: make + - name: login-to-registry + conditions: + - except-pull-request + registryLoginStep: + registry: ghcr.io + - name: push + conditions: + - except-pull-request + nonMakeStep: true + command: make + environment: + PUSH: true diff --git a/Dockerfile b/Dockerfile index 8a162da..7410ebf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,14 @@ -ARG DOCKER=docker:26.0.1-dind +ARG DOCKER=docker:27.0.2-dind FROM $DOCKER as docker -FROM alpine:3.19.1 +FROM alpine:3.20.1 as build-container-drone # https://github.com/twistedpair/google-cloud-sdk/ is a mirror that replicates the gcloud sdk versions # renovate: datasource=github-tags depName=twistedpair/google-cloud-sdk -ARG CLOUD_SDK_VERSION=472.0.0 +ARG CLOUD_SDK_VERSION=482.0.0 # renovate: datasource=github-releases depName=docker/buildx -ARG BUILDX_VERSION=v0.13.1 +ARG BUILDX_VERSION=v0.15.1 # renovate: datasource=github-releases extractVersion=^v(?.*)$ depName=hashicorp/terraform ARG TERRAFORM_VERSION=1.7.3 @@ -90,3 +90,38 @@ RUN chmod +x codecov && mv codecov /usr/local/bin/ ADD hack/scripts/ /usr/local/bin/ COPY --from=docker /usr/local/bin/docker /usr/local/bin/dockerd /usr/local/bin/ + +FROM summerwind/actions-runner-dind:ubuntu-22.04 as build-container-ghaction +# renovate: datasource=github-releases depName=google/go-containerregistry +ARG CRANE_VERSION=v0.19.2 +# renovate: datasource=github-releases depName=mikefarah/yq +ARG YQ_VERSION=v4.44.2 +# renovate: datasource=github-releases depName=getsops/sops +ARG SOPS_VERSION=v3.9.0 +# renovate: datasource=github-tags depName=aws/aws-cli +ARG AWSCLI_VERSION=2.17.5 +USER root +RUN apt update && \ + apt upgrade -y && \ + apt install -y \ + --no-install-recommends \ + make \ + tmux \ + qemu-system \ + qemu-utils \ + socat \ + ovmf \ + swtpm \ + iptables \ + iproute2 \ + openssh-client \ + docker.io \ + diffoscope \ + gh \ + zstd + +RUN curl -fSL https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o /usr/bin/yq && chmod +x /usr/bin/yq +RUN curl -fSL https://github.com/google/go-containerregistry/releases/download/${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz | tar xzf - -C /usr/local/bin/ crane +RUN curl -fSL https://github.com/getsops/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux.amd64 -o /usr/bin/sops && chmod +x /usr/bin/sops +RUN curl -fSL https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWSCLI_VERSION}.zip -o awscliv2.zip && unzip awscliv2.zip && ./aws/install && rm -rf awscliv2.zip aws +USER runner diff --git a/Dockerfile.actions-runner-ubuntu-22.04 b/Dockerfile.actions-runner-ubuntu-22.04 deleted file mode 100644 index 6a1766c..0000000 --- a/Dockerfile.actions-runner-ubuntu-22.04 +++ /dev/null @@ -1,34 +0,0 @@ -FROM summerwind/actions-runner-dind:ubuntu-22.04 -# renovate: datasource=github-releases depName=google/go-containerregistry -ARG CRANE_VERSION=v0.19.1 -# renovate: datasource=github-releases depName=mikefarah/yq -ARG YQ_VERSION=v4.43.1 -# renovate: datasource=github-releases depName=getsops/sops -ARG SOPS_VERSION=v3.8.1 -# renovate: datasource=github-tags depName=aws/aws-cli -ARG AWSCLI_VERSION=2.15.44 -USER root -RUN apt update && \ - apt upgrade -y && \ - apt install -y \ - --no-install-recommends \ - make \ - tmux \ - qemu-system \ - qemu-utils \ - socat \ - ovmf \ - swtpm \ - iptables \ - iproute2 \ - openssh-client \ - docker.io \ - diffoscope \ - gh \ - zstd - -RUN curl -fSL https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o /usr/bin/yq && chmod +x /usr/bin/yq -RUN curl -fSL https://github.com/google/go-containerregistry/releases/download/${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz | tar xzf - -C /usr/local/bin/ crane -RUN curl -fSL https://github.com/getsops/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux.amd64 -o /usr/bin/sops && chmod +x /usr/bin/sops -RUN curl -fSL https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWSCLI_VERSION}.zip -o awscliv2.zip && unzip awscliv2.zip && ./aws/install && rm -rf awscliv2.zip aws -USER runner diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..1ff7065 --- /dev/null +++ b/Makefile @@ -0,0 +1,40 @@ +REGISTRY ?= ghcr.io +USERNAME ?= siderolabs +TAG ?= latest +REGISTRY_AND_USERNAME := $(REGISTRY)/$(USERNAME) +NAME := build-container + +BUILD := docker buildx build +PLATFORM ?= linux/amd64 +PROGRESS ?= auto +PUSH ?= false +CI_ARGS ?= +COMMON_ARGS := --file=Dockerfile +COMMON_ARGS += --progress=$(PROGRESS) +COMMON_ARGS += --platform=$(PLATFORM) +COMMON_ARGS += --provenance=false + +all: build-container + +KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest + +all: $(TARGETS) ## Builds all targets defined. + +target-%: ## Builds the specified target defined in the Pkgfile. The build result will only remain in the build cache. + @$(BUILD) --target=$* $(COMMON_ARGS) $(TARGET_ARGS) $(CI_ARGS) . + +local-%: ## Builds the specified target defined in the Pkgfile using the local output type. The build result will be output to the specified local destination. + @$(MAKE) target-$* TARGET_ARGS="--output=type=local,dest=$(DEST) $(TARGET_ARGS)" + +docker-%: ## Builds the specified target defined in the Pkgfile using the docker output type. The build result will be loaded into Docker. + @$(MAKE) target-$* TARGET_ARGS="--tag $(REGISTRY_AND_USERNAME)/$(NAME):$(TAG) $(TARGET_ARGS)" + +.PHONY: build-container +build-container: + @$(MAKE) docker-build-container-drone TARGET_ARGS="--push=$(PUSH)" + @$(MAKE) docker-build-container-ghaction TARGET_ARGS="--push=$(PUSH)" TAG="actions-runner-ubuntu-22.04" + +.PHONY: rekres +rekres: + @docker pull $(KRES_IMAGE) + @docker run --rm --net=host --user $(shell id -u):$(shell id -g) -v $(PWD):/src -w /src -e GITHUB_TOKEN $(KRES_IMAGE) diff --git a/hack/scripts/setup-ci b/hack/scripts/setup-ci index 1ecabf4..4dec1e5 100755 --- a/hack/scripts/setup-ci +++ b/hack/scripts/setup-ci @@ -5,7 +5,7 @@ set -ex export TAG=$(git log --oneline --format=%B -n 1 HEAD | head -n 1 | sed -r "/^release\(/ s/^release\((.*)\):.*$/\\1/; t; Q") # renovate: datasource=github-releases depName=moby/buildkit -BUILDKIT_IMAGE="docker.io/moby/buildkit:v0.13.1" +BUILDKIT_IMAGE="docker.io/moby/buildkit:v0.14.1" # setup buildkit across amd64/arm64 workers function setup_buildkit() {