From 4f64fab2a065a74da09bc0ef7b5d70ca0568cf96 Mon Sep 17 00:00:00 2001 From: Jayesh Srivastava Date: Mon, 16 Oct 2023 12:23:15 +0530 Subject: [PATCH 1/2] PCP-2003: Update builder image, go version --- Dockerfile | 14 +++++++++----- Makefile | 5 ++++- go.mod | 2 +- go.sum | 4 ++++ 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5a6dd226..f1cd8beb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ # syntax=docker/dockerfile:experimental - -FROM golang:1.19.10-alpine3.18 as dev +ARG BUILDER_GOLANG_VERSION +# First stage: build the executable. +FROM --platform=$TARGETPLATFORM gcr.io/spectro-images-public/golang:${BUILDER_GOLANG_VERSION}-alpine as dev # FIPS ARG CRYPTO_LIB -ENV GOEXPERIMENT=${CRYPTO_LIB:+boringcrypto} RUN apk add --no-cache git ca-certificates make gcc g++ RUN adduser -D appuser @@ -15,11 +15,15 @@ RUN --mount=type=cache,sharing=locked,id=gomod,target=/go/pkg/mod/cache \ --mount=type=cache,sharing=locked,id=goroot,target=/root/.cache/go-build \ if [ ${CRYPTO_LIB} ]; \ then \ - CGO_ENABLED=1 FIPS_ENABLE=yes GOOS=linux make build ;\ + go-build-fips.sh -a -o kube-vip . ;\ else \ - CGO_ENABLED=0 GOOS=linux make build ;\ + go-build-static.sh -a -o kube-vip . ;\ fi +RUN if [ "${CRYPTO_LIB}" ]; then assert-static.sh kube-vip; fi +RUN if [ "${CRYPTO_LIB}" ]; then assert-fips.sh kube-vip; fi +RUN scan-govulncheck.sh kube-vip + FROM scratch # Add Certificates into the image, for anything that does API calls COPY --from=dev /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt diff --git a/Makefile b/Makefile index e209eac0..c17c1312 100644 --- a/Makefile +++ b/Makefile @@ -7,6 +7,9 @@ TARGET := kube-vip # Fips Flags FIPS_ENABLE ?= "" +BUILDER_GOLANG_VERSION ?= 1.21 +BUILD_ARGS = --build-arg CRYPTO_LIB=${FIPS_ENABLE} --build-arg BUILDER_GOLANG_VERSION=${BUILDER_GOLANG_VERSION} + RELEASE_LOC := release ifeq ($(FIPS_ENABLE),yes) CGO_ENABLED := 1 @@ -86,7 +89,7 @@ release-dockerx86: docker: @-rm ./kube-vip - @docker buildx build --build-arg CRYPTO_LIB=${FIPS_ENABLE} --push --platform linux/amd64 -t ${IMG} . + @docker buildx build --build-arg CRYPTO_LIB=${FIPS_ENABLE} ${BUILD_ARGS} --push --platform linux/amd64 -t ${IMG} . @echo New Multi Architecture Docker image created ## Local (docker load of images) diff --git a/go.mod b/go.mod index 03cc8093..3bde98df 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/kube-vip/kube-vip -go 1.19 +go 1.21 require ( github.com/cloudflare/ipvs v0.8.0 diff --git a/go.sum b/go.sum index 520a38f0..8e4782be 100644 --- a/go.sum +++ b/go.sum @@ -101,6 +101,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= +github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= @@ -146,6 +147,7 @@ github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4er github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= @@ -237,6 +239,7 @@ github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2p github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714 h1:/jC7qQFrv8CrSJVmaolDVOxTfS9kc36uB6H40kdbQq8= +github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714/go.mod h1:2Goc3h8EklBH5mspfHFxBnEoURQCGzQQH1ga9Myjvis= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= @@ -365,6 +368,7 @@ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs= +github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys= From 2ef3996fca3c733d8faeca028eecab3e0c7e38d0 Mon Sep 17 00:00:00 2001 From: Jayesh Srivastava Date: Mon, 16 Oct 2023 12:30:08 +0530 Subject: [PATCH 2/2] PCP-2003: spectro-release.yaml --- .github/workflows/spectro-release.yaml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/spectro-release.yaml b/.github/workflows/spectro-release.yaml index 05076f4c..cdea0222 100644 --- a/.github/workflows/spectro-release.yaml +++ b/.github/workflows/spectro-release.yaml @@ -7,6 +7,12 @@ on: description: 'Version to Build' required: true default: '0.0.0' + rel_type: + type: choice + description: Type of release + options: + - release + - rc jobs: builder: # edge-runner machine group is a bunch of machines in US Datacenter @@ -15,6 +21,8 @@ jobs: # Ensure that the credentials are provided as encrypted secrets env: SPECTRO_VERSION: ${{ github.event.inputs.release_version }} + LEGACY_REGISTRY: gcr.io/spectro-images-public/release/kube-vip + FIPS_REGISTRY: gcr.io/spectro-images-public/release-fips/kube-vip steps: - uses: mukunku/tag-exists-action@v1.2.0 @@ -26,6 +34,11 @@ jobs: run: | echo "Tag already exists for spectro-v${{ github.event.inputs.release_version }}..." exit 1 + - + if: ${{ github.event.inputs.rel_type == 'rc' }} + run: | + echo "LEGACY_REGISTRY=gcr.io/spectro-dev-public/release/kube-vip" >> $GITHUB_ENV + echo "FIPS_REGISTRY=gcr.io/spectro-dev-public/release-fips/kube-vip" >> $GITHUB_ENV - uses: actions/checkout@v3 - @@ -41,18 +54,19 @@ jobs: - name: Build Image env: - REGISTRY: gcr.io/spectro-images-public/release/kube-vip + REGISTRY: ${{ env.LEGACY_REGISTRY }} run: | make docker - name: Build Image - FIPS Mode env: FIPS_ENABLE: yes - REGISTRY: gcr.io/spectro-images-public/release-fips/kube-vip + REGISTRY: ${{ env.FIPS_REGISTRY }} run: | make docker - name: Create Release + if: ${{ github.event.inputs.rel_type == 'release' }} id: create_release uses: actions/create-release@v1 env: