Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updates: #217

Merged
merged 12 commits into from
May 2, 2024
3 changes: 2 additions & 1 deletion .github/mergify.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ queue_rules:
conditions:
# Conditions to get out of the queue (= merged)
- check-success=DCO
- check-success~=build

pull_request_rules:
- name: Automatic merge on approval
Expand All @@ -12,7 +13,7 @@ pull_request_rules:
- "#changes-requested-reviews-by=0"
- "#review-requested=0"
- check-success=DCO
- check-success~=validation$
- check-success~=build
- label!=do-not-merge
- label=ready-to-merge
actions:
Expand Down
20 changes: 14 additions & 6 deletions .github/workflows/build-all-matrix.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ on:
# # every day at 5am UTC
# - cron: '0 5 * * *'
workflow_dispatch:
pull_request:
push:

env: # Global environment, passed to all jobs & all steps
# Default to quay.io, which is also the default for the CLI.
Expand All @@ -24,6 +26,12 @@ env: # Global environment, passed to all jobs & all steps

# GHA runner configuration. See bash/json-matrix.sh for more details.
CI_RUNNER_LK_CONTAINERS_ARM64: "ARM64" # Use a self-hosted runner with the "ARM64" tag for the ARM64 builds of LK containers
CI_RUNNER_LK_CONTAINERS_AMD64: "X64" # Use a self-hosted runner with the "X86" tag for the AMD64 builds of LK containers
CI_RUNNER_LK_ARM64: "ARM64" # Use a self-hosted runner with the "ARM64" tag for the ARM64 linuxkit builds
CI_RUNNER_LK_AMD64: "X64" # Use a self-hosted runner with the "X86" tag for the AMD64 linuxkit builds
CI_RUNNER_KERNEL_AMD64: "X64" # Use a self-hosted runner with the "X86" tag for the AMD64 kernel builds
CI_RUNNER_KERNEL_ARM64: "ARM64" # Use a self-hosted runner with the "ARM64" tag for the ARM64 kernel builds


jobs:

Expand Down Expand Up @@ -66,7 +74,7 @@ jobs:
uses: docker/setup-buildx-action@v3

- name: Docker Login to quay.io
if: ${{ env.REGISTRY == 'quay.io' }}
if: ${{ env.REGISTRY == 'quay.io' && github.ref == 'refs/heads/main' }}
uses: docker/login-action@v3
with: { registry: "quay.io", username: "${{ secrets.QUAY_USERNAME }}", password: "${{ secrets.QUAY_PASSWORD }}" }

Expand All @@ -78,7 +86,7 @@ jobs:
- name: Build and Push LinuxKit containers for ${{matrix.docker_arch}}
env:
DOCKER_ARCH: "${{ matrix.docker_arch }}"
DO_PUSH: "yes"
DO_PUSH: "${{ github.ref == 'refs/heads/main' && 'yes' || 'no' }}"
run: bash build.sh linuxkit-containers

build-kernels:
Expand All @@ -97,7 +105,7 @@ jobs:
uses: docker/setup-buildx-action@v3

- name: Docker Login to quay.io
if: ${{ env.REGISTRY == 'quay.io' }}
if: ${{ env.REGISTRY == 'quay.io' && github.ref == 'refs/heads/main' }}
uses: docker/login-action@v3
with: { registry: "quay.io", username: "${{ secrets.QUAY_USERNAME }}", password: "${{ secrets.QUAY_PASSWORD }}" }

Expand All @@ -108,7 +116,7 @@ jobs:

- name: Build and push Kernel ${{matrix.kernel}} (${{ matrix.arch }})
env:
DO_PUSH: "yes"
DO_PUSH: "${{ github.ref == 'refs/heads/main' && 'yes' || 'no' }}"
run: bash build.sh build-kernel "${{ matrix.kernel }}"

build-hook-ensemble:
Expand All @@ -127,12 +135,12 @@ jobs:
uses: docker/setup-buildx-action@v3

- name: Docker Login to DockerHub # read-only token, required to be able to pull all the linuxkit pkgs without getting rate limited.
if: ${{ env.LOGIN_TO_DOCKERHUB == 'yes' }}
if: ${{ env.LOGIN_TO_DOCKERHUB == 'yes' && github.ref == 'refs/heads/main' }}
uses: docker/login-action@v3
with: { registry: "docker.io", username: "${{ secrets.DOCKERHUB_USERNAME }}", password: "${{ secrets.DOCKERHUB_PASSWORD }}" }

- name: Docker Login to quay.io
if: ${{ env.REGISTRY == 'quay.io' }}
if: ${{ env.REGISTRY == 'quay.io' && github.ref == 'refs/heads/main' }}
uses: docker/login-action@v3
with: { registry: "quay.io", username: "${{ secrets.QUAY_USERNAME }}", password: "${{ secrets.QUAY_PASSWORD }}" }

Expand Down
10 changes: 7 additions & 3 deletions bash/hook-lk-containers.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,13 @@ function build_all_hook_linuxkit_containers() {
log info "Building all LinuxKit containers..."
: "${DOCKER_ARCH:?"ERROR: DOCKER_ARCH is not defined"}"

build_hook_linuxkit_container hook-bootkit HOOK_CONTAINER_BOOTKIT_IMAGE
build_hook_linuxkit_container hook-docker HOOK_CONTAINER_DOCKER_IMAGE
build_hook_linuxkit_container hook-mdev HOOK_CONTAINER_MDEV_IMAGE
# when adding new container builds here you'll also want to add them to the
# `linuxkit_build` function in the linuxkit.sh file.
build_hook_linuxkit_container images/hook-bootkit HOOK_CONTAINER_BOOTKIT_IMAGE
build_hook_linuxkit_container images/hook-docker HOOK_CONTAINER_DOCKER_IMAGE
build_hook_linuxkit_container images/hook-mdev HOOK_CONTAINER_MDEV_IMAGE
build_hook_linuxkit_container images/containerd HOOK_CONTAINER_CONTAINERD_IMAGE
build_hook_linuxkit_container images/runc HOOK_CONTAINER_RUNC_IMAGE
}

function build_hook_linuxkit_container() {
Expand Down
12 changes: 6 additions & 6 deletions bash/json-matrix.sh
Original file line number Diff line number Diff line change
Expand Up @@ -47,12 +47,12 @@ function output_gha_matrixes() {
prepare_json_matrix_lkcontainers "LK_CONTAINERS" # reads all_arches's keys and sets full_json
declare lkcontainers_json="${full_json}"

# If under GHA, set a GHA output variable, otherwise just log them
if [[ -z "${GITHUB_OUTPUT}" ]]; then
log info "Would have set GHA output kernels_json to: ${kernels_json}"
log info "Would have set GHA output lk_hooks_json to: ${lk_hooks_json}"
log info "Would have set GHA output lkcontainers_json to: ${lkcontainers_json}"
else
log info "kernels_json to: ${kernels_json}"
log info "lk_hooks_json to: ${lk_hooks_json}"
log info "lkcontainers_json to: ${lkcontainers_json}"

# If under GHA, set a GHA output variable.
if [[ -n "${GITHUB_OUTPUT}" ]]; then
# shellcheck disable=SC2129 # no, thanks, shellcheck.
echo "kernels_json=${kernels_json}" >> "${GITHUB_OUTPUT}"
echo "lk_hooks_json=${lk_hooks_json}" >> "${GITHUB_OUTPUT}"
Expand Down
6 changes: 4 additions & 2 deletions bash/linuxkit.sh
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ function linuxkit_build() {
fi

# Build the containers in this repo used in the LinuxKit YAML;
build_all_hook_linuxkit_containers # sets HOOK_CONTAINER_BOOTKIT_IMAGE, HOOK_CONTAINER_DOCKER_IMAGE, HOOK_CONTAINER_MDEV_IMAGE
build_all_hook_linuxkit_containers # sets HOOK_CONTAINER_BOOTKIT_IMAGE, HOOK_CONTAINER_DOCKER_IMAGE, HOOK_CONTAINER_MDEV_IMAGE, HOOK_CONTAINER_CONTAINERD_IMAGE

# Template the linuxkit configuration file.
# - You'd think linuxkit would take --build-args or something by now, but no.
Expand All @@ -67,7 +67,9 @@ function linuxkit_build() {
HOOK_CONTAINER_BOOTKIT_IMAGE="${HOOK_CONTAINER_BOOTKIT_IMAGE}" \
HOOK_CONTAINER_DOCKER_IMAGE="${HOOK_CONTAINER_DOCKER_IMAGE}" \
HOOK_CONTAINER_MDEV_IMAGE="${HOOK_CONTAINER_MDEV_IMAGE}" \
envsubst '$HOOK_VERSION $HOOK_KERNEL_IMAGE $HOOK_KERNEL_ID $HOOK_KERNEL_VERSION $HOOK_CONTAINER_BOOTKIT_IMAGE $HOOK_CONTAINER_DOCKER_IMAGE $HOOK_CONTAINER_MDEV_IMAGE' \
HOOK_CONTAINER_CONTAINERD_IMAGE="${HOOK_CONTAINER_CONTAINERD_IMAGE}" \
HOOK_CONTAINER_RUNC_IMAGE="${HOOK_CONTAINER_RUNC_IMAGE}" \
envsubst '$HOOK_VERSION $HOOK_KERNEL_IMAGE $HOOK_KERNEL_ID $HOOK_KERNEL_VERSION $HOOK_CONTAINER_BOOTKIT_IMAGE $HOOK_CONTAINER_DOCKER_IMAGE $HOOK_CONTAINER_MDEV_IMAGE $HOOK_CONTAINER_CONTAINERD_IMAGE $HOOK_CONTAINER_RUNC_IMAGE' \
> "hook.${inventory_id}.yaml"

declare -g linuxkit_bin=""
Expand Down
2 changes: 1 addition & 1 deletion build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ declare -g HOOK_LK_CONTAINERS_OCI_BASE="${HOOK_LK_CONTAINERS_OCI_BASE:-"quay.io/
declare -g SKOPEO_IMAGE="${SKOPEO_IMAGE:-"quay.io/skopeo/stable:latest"}"

# See https://github.com/linuxkit/linuxkit/releases
declare -g -r LINUXKIT_VERSION_DEFAULT="1.0.1" # LinuxKit version to use by default; each flavor can set its own too
declare -g -r LINUXKIT_VERSION_DEFAULT="1.2.0" # LinuxKit version to use by default; each flavor can set its own too

# Directory to use for storing downloaded artifacts: LinuxKit binary, shellcheck binary, etc.
declare -g -r CACHE_DIR="${CACHE_DIR:-"cache"}"
Expand Down
46 changes: 46 additions & 0 deletions images/containerd/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e as builder


# checkout and compile containerd
# Update `FROM` in `pkg/containerd/Dockerfile`, `pkg/init/Dockerfile` and
# `test/pkg/containerd/Dockerfile` when changing this.
ENV CONTAINERD_REPO=https://github.com/containerd/containerd.git

ENV CONTAINERD_COMMIT=v1.7.15
ENV GOPATH=/go
RUN apk add go git
RUN mkdir -p $GOPATH/src/github.com/containerd && \
cd $GOPATH/src/github.com/containerd && \
git clone https://github.com/containerd/containerd.git && \
cd $GOPATH/src/github.com/containerd/containerd && \
git checkout $CONTAINERD_COMMIT
RUN apk add --no-cache btrfs-progs-dev gcc libc-dev linux-headers make libseccomp-dev
WORKDIR $GOPATH/src/github.com/containerd/containerd
RUN make binaries EXTRA_FLAGS="-buildmode pie" EXTRA_LDFLAGS='-extldflags "-fno-PIC -static"' BUILDTAGS="static_build no_devmapper"

RUN cp bin/containerd bin/ctr bin/containerd-shim bin/containerd-shim-runc-v2 /usr/bin/
RUN strip /usr/bin/containerd /usr/bin/ctr /usr/bin/containerd-shim /usr/bin/containerd-shim-runc-v2

FROM scratch as containerd-dev
ENTRYPOINT []
WORKDIR /
COPY --from=builder /usr/bin/containerd /usr/bin/ctr /usr/bin/containerd-shim /usr/bin/containerd-shim-runc-v2 /usr/bin/
COPY --from=builder /go/src/github.com/containerd/containerd /go/src/github.com/containerd/containerd

# Dockerfile to build linuxkit/containerd for linuxkit
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e as alpine

RUN apk add tzdata binutils
RUN mkdir -p /etc/init.d && ln -s /usr/bin/service /etc/init.d/020-containerd

FROM containerd-dev

FROM scratch
ENTRYPOINT []
WORKDIR /
COPY --from=containerd-dev /usr/bin/containerd /usr/bin/ctr /usr/bin/containerd-shim /usr/bin/containerd-shim-runc-v2 /usr/bin/
COPY --from=alpine /usr/share/zoneinfo/UTC /etc/localtime
COPY --from=alpine /etc/init.d/ /etc/init.d/
COPY etc etc/
COPY --from=alpine /etc/apk /etc/apk/
COPY --from=alpine /lib/apk /lib/apk/
15 changes: 15 additions & 0 deletions images/containerd/etc/containerd/config.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
state = "/run/containerd"
root = "/var/lib/containerd"
disabled_plugins = ["cri"]

[grpc]
address = "/run/containerd/containerd.sock"
uid = 0
gid = 0

[debug]
address = "/run/containerd/debug.sock"
level = "info"

[metrics]
address = ""
2 changes: 1 addition & 1 deletion hook-bootkit/Dockerfile → images/hook-bootkit/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.20-alpine as dev
FROM golang:1.21-alpine as dev
COPY . /src/
WORKDIR /src
RUN go mod download
Expand Down
23 changes: 16 additions & 7 deletions hook-bootkit/go.mod → images/hook-bootkit/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,30 +3,39 @@ module github.com/tinkerbell/hook/hook-bootkit
go 1.17

require (
github.com/cenkalti/backoff/v4 v4.2.1
github.com/docker/docker v24.0.4+incompatible
github.com/go-logr/logr v1.2.4
github.com/cenkalti/backoff/v4 v4.3.0
github.com/docker/docker v26.1.0+incompatible
github.com/go-logr/logr v1.4.1
github.com/go-logr/zerologr v1.2.3
github.com/rs/zerolog v1.30.0
)

require (
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/mattn/go-colorable v0.1.12 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/morikuni/aec v1.0.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.0.2 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/stretchr/testify v1.8.4 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect
go.opentelemetry.io/otel v1.26.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.26.0 // indirect
go.opentelemetry.io/otel/metric v1.26.0 // indirect
go.opentelemetry.io/otel/sdk v1.26.0 // indirect
go.opentelemetry.io/otel/trace v1.26.0 // indirect
golang.org/x/mod v0.8.0 // indirect
golang.org/x/net v0.12.0 // indirect
golang.org/x/sys v0.10.0 // indirect
golang.org/x/net v0.23.0 // indirect
golang.org/x/sys v0.19.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.6.0 // indirect
gotest.tools/v3 v3.5.0 // indirect
Expand Down
Loading