From 7b9100f01134c7920e8124d287654bfefef139b7 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Thu, 3 Oct 2024 01:06:11 -0700 Subject: [PATCH 1/7] chore: switch to us-docker.pkg.dev for image repo Signed-off-by: Nianyu Shen --- Earthfile | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/Earthfile b/Earthfile index f8b3b3d..5afb3f5 100644 --- a/Earthfile +++ b/Earthfile @@ -2,11 +2,17 @@ VERSION 0.6 ARG TARGETOS ARG TARGETARCH +ARG FIPS_ENABLED=false + # Default image repositories used in the builds. -ARG SPECTRO_PUB_REPO=gcr.io/spectro-images-public -ARG SPECTRO_LUET_REPO=gcr.io/spectro-dev-public -ARG KAIROS_BASE_IMAGE_URL=gcr.io/spectro-images-public -ARG ETCD_REPO=https://github.com/etcd-io +IF [ "$FIPS_ENABLED" = "true" ] + ARG SPECTRO_PUB_REPO=us-docker.pkg.dev/palette-images +ELSE + ARG SPECTRO_PUB_REPO=us-docker.pkg.dev/palette-images-fips +END + +ARG SPECTRO_LUET_REPO=$SPECTRO_PUB_REPO/edge +ARG KAIROS_BASE_IMAGE_URL=$SPECTRO_PUB_REPO/edge ARG LUET_PROJECT=luet-repo ARG ALPINE_TAG=3.20 ARG ALPINE_IMG=$SPECTRO_PUB_REPO/canvos/alpine:$ALPINE_TAG @@ -41,7 +47,7 @@ ARG DISABLE_SELINUX=true ARG CIS_HARDENING=false ARG UBUNTU_PRO_KEY -ARG FIPS_ENABLED=false + ARG HTTP_PROXY ARG HTTPS_PROXY ARG NO_PROXY @@ -100,14 +106,14 @@ END IF [ "$FIPS_ENABLED" = "true" ] ARG BIN_TYPE=vertex - ARG STYLUS_BASE=$SPECTRO_PUB_REPO/stylus-framework-fips-linux-$ARCH:$PE_VERSION - ARG STYLUS_PACKAGE_BASE=$SPECTRO_PUB_REPO/stylus-fips-linux-$ARCH:$PE_VERSION - ARG CLI_IMAGE=$SPECTRO_PUB_REPO/palette-edge-cli-fips-${TARGETARCH}:${PE_VERSION} + ARG STYLUS_BASE=$SPECTRO_PUB_REPO/edge/stylus-framework-fips-linux-$ARCH:$PE_VERSION + ARG STYLUS_PACKAGE_BASE=$SPECTRO_PUB_REPO/edge/stylus-fips-linux-$ARCH:$PE_VERSION + ARG CLI_IMAGE=$SPECTRO_PUB_REPO/edge/palette-edge-cli-fips-${TARGETARCH}:${PE_VERSION} ELSE ARG BIN_TYPE=palette - ARG STYLUS_BASE=$SPECTRO_PUB_REPO/stylus-framework-linux-$ARCH:$PE_VERSION - ARG STYLUS_PACKAGE_BASE=$SPECTRO_PUB_REPO/stylus-linux-$ARCH:$PE_VERSION - ARG CLI_IMAGE=$SPECTRO_PUB_REPO/palette-edge-cli-${TARGETARCH}:${PE_VERSION} + ARG STYLUS_BASE=$SPECTRO_PUB_REPO/edge/stylus-framework-linux-$ARCH:$PE_VERSION + ARG STYLUS_PACKAGE_BASE=$SPECTRO_PUB_REPO/edge/stylus-linux-$ARCH:$PE_VERSION + ARG CLI_IMAGE=$SPECTRO_PUB_REPO/edge/palette-edge-cli-${TARGETARCH}:${PE_VERSION} END IF [ "$CUSTOM_TAG" != "" ] @@ -577,15 +583,15 @@ stylus-package-image: kairos-provider-image: IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] - ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/kairos-io/provider-kubeadm:$KUBEADM_PROVIDER_VERSION + ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/edge/kairos-io/provider-kubeadm:$KUBEADM_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] - ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/kairos-io/provider-kubeadm-fips:$KUBEADM_PROVIDER_VERSION + ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/edge/kairos-io/provider-kubeadm:$KUBEADM_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "k3s" ] - ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/kairos-io/provider-k3s:$K3S_PROVIDER_VERSION + ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/edge/kairos-io/provider-k3s:$K3S_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] && $FIPS_ENABLED - ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/kairos-io/provider-rke2-fips:$RKE2_PROVIDER_VERSION + ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/edge/kairos-io/provider-rke2:$RKE2_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] - ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/kairos-io/provider-rke2:$RKE2_PROVIDER_VERSION + ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/edge/kairos-io/provider-rke2:$RKE2_PROVIDER_VERSION END FROM --platform=linux/${ARCH} $PROVIDER_BASE SAVE ARTIFACT ./* From e72bef15727a3c6e6e9cddfbf9be741d7d0ca512 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Thu, 3 Oct 2024 01:06:26 -0700 Subject: [PATCH 2/7] bump providers Signed-off-by: Nianyu Shen --- Earthfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Earthfile b/Earthfile index 5afb3f5..fe08998 100644 --- a/Earthfile +++ b/Earthfile @@ -27,9 +27,9 @@ ARG RKE2_FLAVOR_TAG=rke2r1 ARG BASE_IMAGE_URL=quay.io/kairos ARG OSBUILDER_VERSION=v0.300.3 ARG OSBUILDER_IMAGE=quay.io/kairos/osbuilder-tools:$OSBUILDER_VERSION -ARG K3S_PROVIDER_VERSION=v4.5.0-alpha2 -ARG KUBEADM_PROVIDER_VERSION=v4.5.0-alpha3 -ARG RKE2_PROVIDER_VERSION=v4.4.1 +ARG K3S_PROVIDER_VERSION=v4.5.0-alpha3 +ARG KUBEADM_PROVIDER_VERSION=v4.5.0-alpha5 +ARG RKE2_PROVIDER_VERSION=v4.5.0-alpha1 # Variables used in the builds. Update for ADVANCED use cases only. Modify in .arg file or via CLI arguments. ARG OS_DISTRIBUTION From 0e940cbacc036e74911a65f1de9b30e4b6575e06 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Thu, 3 Oct 2024 01:08:46 -0700 Subject: [PATCH 3/7] retag Signed-off-by: Nianyu Shen --- Earthfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Earthfile b/Earthfile index fe08998..b92b4df 100644 --- a/Earthfile +++ b/Earthfile @@ -15,7 +15,7 @@ ARG SPECTRO_LUET_REPO=$SPECTRO_PUB_REPO/edge ARG KAIROS_BASE_IMAGE_URL=$SPECTRO_PUB_REPO/edge ARG LUET_PROJECT=luet-repo ARG ALPINE_TAG=3.20 -ARG ALPINE_IMG=$SPECTRO_PUB_REPO/canvos/alpine:$ALPINE_TAG +ARG ALPINE_IMG=$SPECTRO_PUB_REPO/edge/canvos/alpine:$ALPINE_TAG FROM $ALPINE_IMG # Spectro Cloud and Kairos tags. From 7ecf68b1042b9a2e4a5c16045791741c50065da5 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Thu, 3 Oct 2024 23:02:23 -0700 Subject: [PATCH 4/7] bump luet and provider version Signed-off-by: Nianyu Shen --- Earthfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Earthfile b/Earthfile index b92b4df..8196966 100644 --- a/Earthfile +++ b/Earthfile @@ -19,8 +19,8 @@ ARG ALPINE_IMG=$SPECTRO_PUB_REPO/edge/canvos/alpine:$ALPINE_TAG FROM $ALPINE_IMG # Spectro Cloud and Kairos tags. -ARG PE_VERSION=v4.4.12 -ARG SPECTRO_LUET_VERSION=v1.3.8-alpha2 +ARG PE_VERSION=v4.5.0-rc2 +ARG SPECTRO_LUET_VERSION=v1.3.8-alpha4 ARG KAIROS_VERSION=v3.1.3 ARG K3S_FLAVOR_TAG=k3s1 ARG RKE2_FLAVOR_TAG=rke2r1 From a19395caf30d6a34a6205bb1438e7ad922864893 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Thu, 3 Oct 2024 23:12:55 -0700 Subject: [PATCH 5/7] update earthly image Signed-off-by: Nianyu Shen --- Earthfile | 15 ++++++++------- earthly.sh | 18 +++++++++--------- 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/Earthfile b/Earthfile index 8196966..cf37b70 100644 --- a/Earthfile +++ b/Earthfile @@ -2,21 +2,22 @@ VERSION 0.6 ARG TARGETOS ARG TARGETARCH -ARG FIPS_ENABLED=false - # Default image repositories used in the builds. +ARG SPECTRO_PUB_REPO=us-docker.pkg.dev/palette-images +ARG ALPINE_TAG=3.20 +ARG ALPINE_IMG=$SPECTRO_PUB_REPO/edge/canvos/alpine:$ALPINE_TAG +FROM $ALPINE_IMG + +ARG FIPS_ENABLED=false IF [ "$FIPS_ENABLED" = "true" ] - ARG SPECTRO_PUB_REPO=us-docker.pkg.dev/palette-images -ELSE ARG SPECTRO_PUB_REPO=us-docker.pkg.dev/palette-images-fips + ARG ALPINE_IMG=$SPECTRO_PUB_REPO/edge/canvos/alpine:$ALPINE_TAG END ARG SPECTRO_LUET_REPO=$SPECTRO_PUB_REPO/edge ARG KAIROS_BASE_IMAGE_URL=$SPECTRO_PUB_REPO/edge ARG LUET_PROJECT=luet-repo -ARG ALPINE_TAG=3.20 -ARG ALPINE_IMG=$SPECTRO_PUB_REPO/edge/canvos/alpine:$ALPINE_TAG -FROM $ALPINE_IMG + # Spectro Cloud and Kairos tags. ARG PE_VERSION=v4.5.0-rc2 diff --git a/earthly.sh b/earthly.sh index a9ff8a2..325d64b 100755 --- a/earthly.sh +++ b/earthly.sh @@ -11,17 +11,17 @@ function build_with_proxy() { docker stop earthly-buildkitd fi # start earthly buildkitd - docker run -d --privileged --name earthly-buildkitd -v ~/.docker/config.json:/root/.docker/config.json -v /var/run/docker.sock:/var/run/docker.sock --rm -t -e GLOBAL_CONFIG="$global_config" -e BUILDKIT_TCP_TRANSPORT_ENABLED=true -e http_proxy=$HTTP_PROXY -e https_proxy=$HTTPS_PROXY -e HTTPS_PROXY=$HTTPS_PROXY -e HTTP_PROXY=$HTTP_PROXY -e NO_PROXY=$NO_PROXY -e no_proxy=$no_proxy -e EARTHLY_GIT_CONFIG=$gitconfig -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" -v earthly-tmp:/tmp/earthly:rw -p 8372:8372 $SPECTRO_PUB_REPO/earthly/buildkitd:$EARTHLY_VERSION + docker run -d --privileged --name earthly-buildkitd -v ~/.docker/config.json:/root/.docker/config.json -v /var/run/docker.sock:/var/run/docker.sock --rm -t -e GLOBAL_CONFIG="$global_config" -e BUILDKIT_TCP_TRANSPORT_ENABLED=true -e http_proxy=$HTTP_PROXY -e https_proxy=$HTTPS_PROXY -e HTTPS_PROXY=$HTTPS_PROXY -e HTTP_PROXY=$HTTP_PROXY -e NO_PROXY=$NO_PROXY -e no_proxy=$no_proxy -e EARTHLY_GIT_CONFIG=$gitconfig -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" -v earthly-tmp:/tmp/earthly:rw -p 8372:8372 $SPECTRO_PUB_REPO/third-party/edge/earthly/buildkitd:$EARTHLY_VERSION # Update the CA certificates in the container docker exec -it earthly-buildkitd update-ca-certificates # Run Earthly in Docker to create artifacts Variables are passed from the .arg file - docker run --privileged -v ~/.docker/config.json:/root/.docker/config.json -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" $SPECTRO_PUB_REPO/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" + docker run --privileged -v ~/.docker/config.json:/root/.docker/config.json -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" $SPECTRO_PUB_REPO/third-party/edge/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" } function build_without_proxy() { # Run Earthly in Docker to create artifacts Variables are passed from the .arg file - docker run --privileged -v ~/.docker/config.json:/root/.docker/config.json -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -v "$(pwd)":/workspace $SPECTRO_PUB_REPO/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" + docker run --privileged -v ~/.docker/config.json:/root/.docker/config.json -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -v "$(pwd)":/workspace $SPECTRO_PUB_REPO/third-party/edge/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" } function print_os_pack() { @@ -59,10 +59,10 @@ function print_os_pack() { global_config="{disable_analytics: true}" PE_VERSION=$(git describe --abbrev=0 --tags) SPECTRO_PUB_REPO=gcr.io/spectro-images-public -EARTHLY_VERSION=v0.8.5 +EARTHLY_VERSION=v0.8.15 source .arg -ALPINE_IMG=$SPECTRO_PUB_REPO/canvos/alpine:3.20 -### Verify Depencies +ALPINE_IMG=$SPECTRO_PUB_REPO/edge/canvos/alpine:3.20 +### Verify Dependencies # Check if Docker is installed if command -v docker >/dev/null 2>&1; then echo "version: $(docker -v)" @@ -86,18 +86,18 @@ if [ $? -ne 0 ]; then exit 1 fi # Cleanup builder helper images. -docker rmi $SPECTRO_PUB_REPO/earthly/earthly:$EARTHLY_VERSION +docker rmi $SPECTRO_PUB_REPO/third-party/edge/earthly/earthly:$EARTHLY_VERSION if [ "$(docker container inspect -f '{{.State.Running}}' earthly-buildkitd)" = "true" ]; then docker stop earthly-buildkitd fi -docker rmi $SPECTRO_PUB_REPO/earthly/buildkitd:$EARTHLY_VERSION 2>/dev/null +docker rmi $SPECTRO_PUB_REPO/third-party/edge/earthly/buildkitd:$EARTHLY_VERSION 2>/dev/null docker rmi $ALPINE_IMG if [[ "$1" == "+uki-genkey" ]]; then ./keys.sh secure-boot/ fi -# if $1 is in oen of the following values, print the output for use in Palette Profile. +# if $1 is in one of the following values, print the output for use in Palette Profile. targets=("+build-provider-images" "+build-provider-images-fips" "+build-all-images") for arg in "${targets[@]}"; do if [[ "$1" == "$arg" ]]; then From b8182fc15b0b99d67627c2b5abab23db2e024f01 Mon Sep 17 00:00:00 2001 From: Santhosh Date: Fri, 4 Oct 2024 20:00:46 +0530 Subject: [PATCH 6/7] Update Earthfile update luet-repo version --- Earthfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Earthfile b/Earthfile index cf37b70..d9bc05d 100644 --- a/Earthfile +++ b/Earthfile @@ -20,8 +20,8 @@ ARG LUET_PROJECT=luet-repo # Spectro Cloud and Kairos tags. -ARG PE_VERSION=v4.5.0-rc2 -ARG SPECTRO_LUET_VERSION=v1.3.8-alpha4 +ARG PE_VERSION=v4.5.0-rc4 +ARG SPECTRO_LUET_VERSION=v1.3.8-alpha5 ARG KAIROS_VERSION=v3.1.3 ARG K3S_FLAVOR_TAG=k3s1 ARG RKE2_FLAVOR_TAG=rke2r1 From ae4ab2fd3680bf9f3803fd02b2a47699dfc52072 Mon Sep 17 00:00:00 2001 From: Santhosh Date: Fri, 4 Oct 2024 20:24:48 +0530 Subject: [PATCH 7/7] Update thirdparty builder --- Earthfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Earthfile b/Earthfile index d9bc05d..4314084 100644 --- a/Earthfile +++ b/Earthfile @@ -884,7 +884,8 @@ OS_RELEASE: download-third-party: ARG TARGETPLATFORM ARG binary - FROM --platform=$TARGETPLATFORM $SPECTRO_PUB_REPO/builders/spectro-third-party:${BUILDER_3RDPARTY_VERSION} + FROM --platform=$TARGETPLATFORM gcr.io/spectro-images-public/builders/spectro-third-party:${BUILDER_3RDPARTY_VERSION} + #FROM --platform=$TARGETPLATFORM $SPECTRO_PUB_REPO/builders/spectro-third-party:${BUILDER_3RDPARTY_VERSION} ARG TARGETARCH SAVE ARTIFACT /binaries/${binary}/latest/$BIN_TYPE/$TARGETARCH/${binary} ${binary} SAVE ARTIFACT /binaries/${binary}/latest/$BIN_TYPE/$TARGETARCH/${binary}.version ${binary}.version