From 62adea878f625ff08a9db19d59301517c4ef2e07 Mon Sep 17 00:00:00 2001 From: Sergi Castro Date: Fri, 9 Aug 2024 12:16:40 +0200 Subject: [PATCH] Improve build to allow local cross platform builds (#16) * Improve build to allow local cross platform builds * fix make docker-build * install go in the scan CI check * update go to fix CVE-2024-24791 * update controller tools --- .github/workflows/release.yaml | 2 +- .github/workflows/scan.yaml | 3 +++ Dockerfile | 39 ++++++---------------------------- Makefile | 21 ++++++++++++------ go.mod | 2 +- 5 files changed, 26 insertions(+), 41 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index fe5d3ae..40940ba 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -11,7 +11,7 @@ jobs: docker-hub: runs-on: ubuntu-latest env: - IMG: tetrate/kubegres:${{ github.ref_name }} + IMG: tetrate/kubegres:${{ github.ref_name }} PLATFORMS: linux/amd64,linux/arm64 steps: - uses: docker/setup-qemu-action@v3 diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index 7d938f9..c269471 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -27,6 +27,9 @@ jobs: platforms: amd64 - uses: docker/setup-buildx-action@v3 - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod - run: make docker-build - uses: aquasecurity/trivy-action@master with: diff --git a/Dockerfile b/Dockerfile index 7f7b4c1..5831da2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,41 +1,14 @@ -# Build the manager binary -FROM golang:1.22 as builder - -ARG TARGETPLATFORM -ARG BUILDPLATFORM - -WORKDIR /workspace -# Copy the Go Modules manifests -COPY go.mod go.mod -COPY go.sum go.sum -# cache deps before building and copying source so that we don't need to re-download as much -# and so that source changes don't invalidate our downloaded layer -RUN go mod download - -# Copy the go source -COPY main.go main.go -COPY api/ api/ -COPY controllers/ controllers/ - -# Build -ENV CGO_ENABLED=0 \ - GO111MODULE=on - -SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN \ - export GOOS \ - && GOOS=$(echo ${TARGETPLATFORM} | cut -d / -f1) \ - && export GOARCH \ - && GOARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ - && export GOARM \ - && GOARM=$(echo ${TARGETPLATFORM} | cut -d / -f3 | cut -c2-) \ - && go build -a -o manager main.go +## Build the manager binary # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details FROM gcr.io/distroless/static:nonroot + +ARG TARGETOS +ARG TARGETARCH + WORKDIR / -COPY --from=builder /workspace/manager . +COPY build/bin/manager-${TARGETOS}-${TARGETARCH} manager USER 65532:65532 ENTRYPOINT ["/manager"] diff --git a/Makefile b/Makefile index c0bc463..ef2feac 100644 --- a/Makefile +++ b/Makefile @@ -65,9 +65,14 @@ test: build envtest kind ## Run tests. ##@ Build .PHONY: build -build: manifests generate fmt vet ## Build manager binary. +build: manifests generate fmt vet $(addprefix build/,$(subst $(comma),$(space),$(PLATFORMS))) ## Build manager binary. go generate - go build -o bin/manager main.go + +build/%: PLATFORM=$(*) +build/%: GOARCH=$(notdir $(PLATFORM)) +build/%: GOOS=$(subst /,,$(dir $(PLATFORM))) +build/%: ## Build manager binary for a specific platform. + GOOS=${GOOS} GOARCH=${GOARCH} go build -o build/bin/manager-$(GOOS)-$(GOARCH) main.go .PHONY: run run: install ## Run a controller from your host. @@ -77,7 +82,8 @@ DOCKER_BUILDER_NAME=kubegres .PHONY: run docker-buildx: docker buildx inspect $(DOCKER_BUILDER_NAME) || \ - docker buildx create --name $(DOCKER_BUILDER_NAME) --driver docker-container --driver-opt network=host --buildkitd-flags '--allow-insecure-entitlement network.host' + docker buildx create --name $(DOCKER_BUILDER_NAME) --driver docker-container --driver-opt network=host \ + --buildkitd-flags '--allow-insecure-entitlement network.host' --platform linux/amd64,linux/arm64 #docker-build: test ## Build docker image with the manager. .PHONY: docker-build-push @@ -85,14 +91,17 @@ docker-build-push: build docker-buildx ## Build docker image with the manager. docker buildx build --builder $(DOCKER_BUILDER_NAME) --platform ${PLATFORMS} -t ${IMG} --push . .PHONY: docker-build -docker-build: $(addprefix docker-build/,$(subst $(comma),$(space),$(PLATFORMS))) ## Build docker images for all platforms. +docker-build: build $(addprefix docker-build/,$(subst $(comma),$(space),$(PLATFORMS))) ## Build docker images for all platforms. # Intentionally build the image for a specific platform, using arch as the image tag suffix so we avoid overwriting the multi-arch images. .PHONY: docker-build/% docker-build/%: PLATFORM=$(*) +docker-build/%: DOCKER_OS=$(subst /,,$(dir $(PLATFORM))) docker-build/%: DOCKER_ARCH=$(notdir $(PLATFORM)) docker-build/%: docker-buildx ## Build docker image with ARCH as image tag suffix. - docker buildx build --builder $(DOCKER_BUILDER_NAME) --platform ${PLATFORM} -t ${IMG}-${DOCKER_ARCH} --load . + docker buildx build --builder $(DOCKER_BUILDER_NAME) --platform ${PLATFORM} \ + --build-arg TARGETOS=$(DOCKER_OS) --build-arg TARGETARCH=$(DOCKER_ARCH) \ + -t ${IMG}-${DOCKER_ARCH} --load . ##@ Deployment @@ -145,7 +154,7 @@ KIND ?= $(LOCALBIN)/kind ## Tool Versions KUSTOMIZE_VERSION ?= v3.8.7 -CONTROLLER_TOOLS_VERSION ?= v0.9.2 +CONTROLLER_TOOLS_VERSION ?= v0.15.0 KIND_VERSION ?= v0.19.0 KUBEBUILDER_TOOLS_VERSION := 1.24.2 diff --git a/go.mod b/go.mod index 605a0a6..fbace3b 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module reactive-tech.io/kubegres -go 1.22.4 +go 1.22.5 require ( github.com/go-logr/logr v1.2.3