Skip to content

Commit

Permalink
PCP-1995: Update Dockerfile, Makefile and spectro-release.yaml (#6)
Browse files Browse the repository at this point in the history
  • Loading branch information
jayesh-srivastava authored Oct 15, 2023
1 parent 3137631 commit ecd0a4b
Show file tree
Hide file tree
Showing 3 changed files with 83 additions and 22 deletions.
29 changes: 26 additions & 3 deletions .github/workflows/spectro-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ on:
description: 'Microk8s Cluster API Controlplane provider Version to Build'
required: true
default: '0.0.0'
rel_type:
type: choice
description: Type of release
options:
- release
- rc
jobs:
builder:
# edge-runner machine group is a bunch of machines in US Datacenter
Expand All @@ -15,6 +21,8 @@ jobs:
# Ensure that the credentials are provided as encrypted secrets
env:
SPECTRO_VERSION: ${{ github.event.inputs.release_version }}
LEGACY_REGISTRY: gcr.io/spectro-images-public/release/cluster-api/capi-control-plane-provider-microk8s
FIPS_REGISTRY: gcr.io/spectro-images-public/release-fips/cluster-api/capi-control-plane-provider-microk8s
steps:
-
uses: mukunku/[email protected]
Expand All @@ -26,6 +34,11 @@ jobs:
run: |
echo "Tag already exists for v${{ github.event.inputs.release_version }}-spectro..."
exit 1
-
if: ${{ github.event.inputs.rel_type == 'rc' }}
run: |
echo "LEGACY_REGISTRY=gcr.io/spectro-dev-public/release/cluster-api/capi-control-plane-provider-microk8s" >> $GITHUB_ENV
echo "FIPS_REGISTRY=gcr.io/spectro-dev-public/release-fips/cluster-api/capi-control-plane-provider-microk8s" >> $GITHUB_ENV
-
uses: actions/checkout@v3
-
Expand All @@ -41,12 +54,22 @@ jobs:
-
name: Build Image
env:
REGISTRY: gcr.io/spectro-images-public/release/cluster-api/capi-control-plane-provider-microk8s
REGISTRY: ${{ env.LEGACY_REGISTRY }}
run: |
make docker-build-all
make docker-push-all
-
name: Build Image - FIPS Mode
env:
FIPS_ENABLE: yes
REGISTRY: ${{ env.FIPS_REGISTRY }}
ALL_ARCH: amd64
run: |
make docker-build
make docker-manifest
make docker-build-all
make docker-push-all
-
name: Create Release
if: ${{ github.event.inputs.rel_type == 'release' }}
id: create_release
uses: actions/create-release@v1
env:
Expand Down
28 changes: 24 additions & 4 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,9 +1,19 @@
# Build the manager binary
FROM gcr.io/spectro-images-public/golang:1.21-alpine as builder
ARG BUILDER_GOLANG_VERSION
# First stage: build the executable.
FROM --platform=$TARGETPLATFORM gcr.io/spectro-images-public/golang:${BUILDER_GOLANG_VERSION}-alpine as toolchain
# Run this with docker build --build_arg $(go env GOPROXY) to override the goproxy
ARG goproxy=https://proxy.golang.org
ENV GOPROXY=$goproxy

ARG arch
# FIPS
ARG CRYPTO_LIB
ENV GOEXPERIMENT=${CRYPTO_LIB:+boringcrypto}

FROM toolchain as builder
WORKDIR /workspace

RUN apk update

# Copy the Go Modules manifests
COPY go.mod go.mod
COPY go.sum go.sum
Expand All @@ -17,7 +27,17 @@ COPY api/ api/
COPY controllers/ controllers/

# Build
RUN CGO_ENABLED=0 GOOS=linux GOARCH=$arch go build -a -ldflags '-s -w' -o manager main.go
ARG ARCH
ARG ldflags
RUN if [ ${CRYPTO_LIB} ]; \
then \
GOARCH=${ARCH} go-build-fips.sh -a -o manager main.go;\
else \
GOARCH=${ARCH} go-build-static.sh -a -o manager main.go;\
fi
RUN if [ "${CRYPTO_LIB}" ]; then assert-static.sh manager; fi
RUN if [ "${CRYPTO_LIB}" ]; then assert-fips.sh manager; fi
RUN scan-govulncheck.sh manager

# Use distroless as minimal base image to package the manager binary
# Refer to https://github.com/GoogleContainerTools/distroless for more details
Expand Down
48 changes: 33 additions & 15 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,9 +1,14 @@
ARCH ?= amd64
ALL_ARCH = amd64 arm64
SPECTRO_VERSION ?= 4.1.0-dev
TAG ?= v0.4.0-spectro-${SPECTRO_VERSION}
# Image URL to use all building/pushing image targets
REGISTRY ?= gcr.io/spectro-dev-public/$(USER)/capi-control-plane-provider-microk8s
IMG ?= ${REGISTRY}:${TAG}

BUILDER_GOLANG_VERSION ?= 1.21
BUILD_ARGS = --build-arg CRYPTO_LIB=${FIPS_ENABLE} --build-arg BUILDER_GOLANG_VERSION=${BUILDER_GOLANG_VERSION}

# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
ENVTEST_K8S_VERSION = 1.23
# Components file to be used by clusterctl
Expand Down Expand Up @@ -80,23 +85,36 @@ build: generate fmt vet ## Build manager binary.
run: manifests generate fmt vet ## Run a controller from your host.
go run ./main.go

.PHONY: docker-build
docker-build-%: ## Build docker image with the manager.
docker build -t ${IMG}-$* . --build-arg arch=$*
docker-build: docker-build-amd64 docker-build-arm64
## Docker build

docker-build-%: ## Build docker images for a given ARCH
$(MAKE) ARCH=$* docker-build

.PHONY: docker-build-all ## Build all the architecture docker images
docker-build-all: $(addprefix docker-build-,$(ALL_ARCH))

docker-build: ## Build docker image with the manager.
DOCKER_BUILDKIT=1 docker buildx build --load --platform linux/${ARCH} ${BUILD_ARGS} --build-arg ARCH=$(ARCH) -t $(REGISTRY)-$(ARCH):$(TAG) .

## Docker push

.PHONY: docker-push-all ## Push all the architecture docker images
docker-push-all: $(addprefix docker-push-,$(ALL_ARCH))
$(MAKE) docker-push-manifest

.PHONY: docker-push
docker-push-%: docker-build-% ## Push docker image with the manager.
docker push ${IMG}-$*
docker-push: docker-push-amd64 docker-push-arm64

.PHONY: docker-manifest
docker-manifest: docker-push ## Push docker multi-arch manifest.
docker manifest rm ${IMG} || true
docker manifest create ${IMG} --amend ${IMG}-amd64 --amend ${IMG}-arm64
docker manifest annotate ${IMG} ${IMG}-amd64 --arch=amd64
docker manifest annotate ${IMG} ${IMG}-arm64 --arch=arm64
docker manifest push ${IMG}
docker-push: ## Push the docker image
docker push $(REGISTRY)-$(ARCH):$(TAG)

docker-push-%:
$(MAKE) ARCH=$* docker-push

.PHONY: docker-push-manifest
docker-push-manifest: ## Push the fat manifest docker image.
## Minimum docker version 18.06.0 is required for creating and pushing manifest images.
docker manifest create --amend $(REGISTRY):$(TAG) $(shell echo $(ALL_ARCH) | sed -e "s~[^ ]*~$(REGISTRY)\-&:$(TAG)~g")
@for arch in $(ALL_ARCH); do docker manifest annotate --arch $${arch} ${REGISTRY}:${TAG} ${REGISTRY}-$${arch}:${TAG}; done
docker manifest push --purge ${REGISTRY}:${TAG}

##@ Deployment

Expand Down

0 comments on commit ecd0a4b

Please sign in to comment.