From fc93da2f268c6b174b0c10c956b2d3bfcb91d1a8 Mon Sep 17 00:00:00 2001 From: Tejal Desai Date: Mon, 8 Feb 2021 09:59:16 -0800 Subject: [PATCH] Fix release pipeline (#1561) * fix debug cloud build * fix cloudbuild release * add workflow * fix release * use push action * Trigger Build * Trigger Build * Trigger Build * Trigger Build * Trigger Build * add * add parallel steps * add parallel steps * fix pathc * fix dockerfile * fix dockerfile * add executor * deploy * test --- .github/workflows/release.yaml | 168 ++++++++++++++++++++++++++++++++ .gitignore | 2 +- acr.patch | 32 ------ deploy/Dockerfile | 23 ++--- deploy/Dockerfile_debug | 29 ++---- deploy/Dockerfile_slim | 2 +- deploy/Dockerfile_warmer | 25 +---- deploy/cloudbuild-debug.yaml | 2 +- deploy/cloudbuild-executor.yaml | 8 +- 9 files changed, 194 insertions(+), 97 deletions(-) create mode 100644 .github/workflows/release.yaml delete mode 100644 acr.patch diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 000000000..15bd24e85 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,168 @@ +name: Build images on push to master + +on: + push: + tags: + - 'v[0-9]+.[0-9]+.[0-9]+*' + +jobs: + build-executor: + env: + GITHUB_SHA: ${{ github.sha }} + GITHUB_REF: ${{ github.ref }} + PLATFORMS: "linux/amd64,linux/arm64,linux/ppc64le" + runs-on: ubuntu-latest + steps: + - name: Clone source code + uses: actions/checkout@v2 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: ${{ env.PLATFORMS }} + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + version: latest + + - name: Setup gcloud CLI + uses: google-github-actions/setup-gcloud@master + with: + service_account_key: ${{ secrets.GCR_DEVOPS_SERVICE_ACCOUNT_KEY }} + project_id: kaniko-project + export_default_credentials: true + + # Configure docker to use the gcloud command-line tool as a credential helper + - run: | + # Set up docker to authenticate + # via gcloud command-line tool. + gcloud auth configure-docker + + - uses: docker/build-push-action@v2 + with: + context: . + file: ./deploy/Dockerfile_slim + platforms: linux/amd64,linux/arm64,linux/ppc64le + push: true + tags: | + gcr.io/kaniko-project/executor:${{ env.GITHUB_SHA }}-slim + + - uses: docker/build-push-action@v2 + with: + context: . + file: ./deploy/Dockerfile + platforms: linux/amd64,linux/arm64,linux/ppc64le + push: true + tags: | + gcr.io/kaniko-project/executor:${{ env.GITHUB_SHA }} + + build-debug: + env: + GITHUB_SHA: ${{ github.sha }} + GITHUB_REF: ${{ github.ref }} + PLATFORMS: "linux/amd64,linux/arm64,linux/ppc64le" + runs-on: ubuntu-latest + steps: + - name: Clone source code + uses: actions/checkout@v2 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: ${{ env.PLATFORMS }} + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + version: latest + + - name: Setup gcloud CLI + uses: google-github-actions/setup-gcloud@master + with: + service_account_key: ${{ secrets.GCR_DEVOPS_SERVICE_ACCOUNT_KEY }} + project_id: kaniko-project + export_default_credentials: true + + # Configure docker to use the gcloud command-line tool as a credential helper + - run: | + # Set up docker to authenticate + # via gcloud command-line tool. + gcloud auth configure-docker + + - uses: docker/build-push-action@v2 + with: + context: . + file: ./deploy/Dockerfile_debug + platforms: linux/amd64,linux/arm64,linux/ppc64le + push: true + tags: | + gcr.io/kaniko-project/executor:${{ env.GITHUB_SHA }} + + build-warmer: + env: + GITHUB_SHA: ${{ github.sha }} + GITHUB_REF: ${{ github.ref }} + PLATFORMS: "linux/amd64,linux/arm64,linux/ppc64le" + runs-on: ubuntu-latest + steps: + - name: Clone source code + uses: actions/checkout@v2 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: ${{ env.PLATFORMS }} + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + version: latest + + - name: Setup gcloud CLI + uses: google-github-actions/setup-gcloud@master + with: + service_account_key: ${{ secrets.GCR_DEVOPS_SERVICE_ACCOUNT_KEY }} + project_id: kaniko-project + export_default_credentials: true + + # Configure docker to use the gcloud command-line tool as a credential helper + - run: | + # Set up docker to authenticate + # via gcloud command-line tool. + gcloud auth configure-docker + - uses: docker/build-push-action@v2 + with: + context: . + file: ./deploy/Dockerfile_warmer + platforms: linux/amd64,linux/arm64,linux/ppc64le + push: true + tags: | + gcr.io/kaniko-project/warmer:${{ env.GITHUB_SHA }} \ No newline at end of file diff --git a/.gitignore b/.gitignore index 93bbd96f2..6de1ff1d5 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,6 @@ out/ bazel-* *~ BUILD.bazel -.idea +.idea/** *.iml .vagrant diff --git a/acr.patch b/acr.patch deleted file mode 100644 index bf3cedbca..000000000 --- a/acr.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff --git a/build/build-config-edit.sh b/build/build-config-edit.sh -index d9fffd0..88b83a9 100755 ---- a/build/build-config-edit.sh -+++ b/build/build-config-edit.sh -@@ -13,10 +13,9 @@ if [[ ! -d "$sourcedir" ]]; then - fi - - export CGO_ENABLED=0 --export GOARCH=amd64 - export GOPATH=$PWD - echo "Go path = $GOPATH" --for go_os in "linux" "windows" "darwin" -+for go_os in "linux" - do - if [[ "$go_os" == "windows" ]]; then - exe_extension=".exe" -diff --git a/build/build-cred-helper.sh b/build/build-cred-helper.sh -index 0e88315..d016988 100755 ---- a/build/build-cred-helper.sh -+++ b/build/build-cred-helper.sh -@@ -22,9 +22,8 @@ fi - - export BUILDVERSION=acr-docker-credential-helper`date -u +.%Y%m%d.%H%M%S` - export CGO_ENABLED=0 --export GOARCH=amd64 - export GOPATH=$PWD --for go_os in "linux" "windows" "darwin" -+for go_os in "linux" - do - export GOOS=$go_os - if [[ "$GOOS" == "windows" ]]; then - diff --git a/deploy/Dockerfile b/deploy/Dockerfile index bde869405..41b3df72f 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -14,9 +14,10 @@ # Builds the static Go image to execute in a Kubernetes job -FROM golang:1.14 +FROM golang:1.15 ARG GOARCH=amd64 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko + RUN echo $GOARCH > /goarch #This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc. @@ -24,7 +25,6 @@ ARG TARGETPLATFORM #Capture ARCH has write to /goarch RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH" -RUN echo "I am runninng $TARGETPLATFORM with with $(cat /goarch)" # Get GCR credential helper RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ @@ -39,34 +39,24 @@ RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper -# Azure docker credential helper -COPY ./acr.patch / -RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true) && \ - cd /go/src/github.com/Azure && \ - git clone https://github.com/Azure/acr-docker-credential-helper && \ - cd /go/src/github.com/Azure/acr-docker-credential-helper && \ - git checkout a79b541f3ee761f6cc4511863ed41fb038c19464 && \ - git apply < /acr.patch && \ - make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux - # ACR docker env credential helper RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) && \ cd /go/src/github.com/chrismellard && \ git clone https://github.com/chrismellard/docker-credential-acr-env && \ cd docker-credential-acr-env && \ - make build && cp -f ./build/docker-credential-acr-env /usr/local/bin + make build # Add .docker config dir RUN mkdir -p /kaniko/.docker COPY . . -RUN make GOARCH=$(cat /goarch) +RUN make GOARCH=$(cat /goarch.txt) FROM scratch COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login -COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr +COPY --from=0 /go/src/github.com/chrismellard/docker-credential-acr-env/build/docker-credential-acr-env /kaniko/docker-credential-acr COPY files/ca-certificates.crt /kaniko/ssl/certs/ COPY --from=0 /kaniko/.docker /kaniko/.docker COPY files/nsswitch.conf /etc/nsswitch.conf @@ -79,5 +69,4 @@ ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_co WORKDIR /workspace RUN ["docker-credential-gcr", "config", "--token-source=env"] -ENTRYPOINT ["/kaniko/executor"] - +ENTRYPOINT ["/kaniko/executor"] \ No newline at end of file diff --git a/deploy/Dockerfile_debug b/deploy/Dockerfile_debug index 132a01a2b..4e87d0ba3 100644 --- a/deploy/Dockerfile_debug +++ b/deploy/Dockerfile_debug @@ -17,6 +17,7 @@ # Stage 0: Build the executor binary and get credential helpers FROM golang:1.14 ARG GOARCH=amd64 +WORKDIR /go/src/github.com/GoogleContainerTools/kaniko RUN echo $GOARCH > /goarch #This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc. @@ -27,36 +28,21 @@ RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a, RUN echo "I am runninng $TARGETPLATFORM with with $(cat /goarch)" RUN cat /goarch -WORKDIR /go/src/github.com/GoogleContainerTools/kaniko # Get GCR credential helper -RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ - (mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \ - cd /go/src/github.com/GoogleCloudPlatform && \ - git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ - cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \ - make && cp bin/docker-credential-gcr /usr/local/bin/docker-credential-gcr +ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.1/docker-credential-gcr_linux_$GOARCH-2.0.1.tar.gz /usr/local/bin/ + RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_$GOARCH-2.0.1.tar.gz # Get Amazon ECR credential helper RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper -# ACR docker credential helper -COPY ./acr.patch / -RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true) && \ - cd /go/src/github.com/Azure && \ - git clone https://github.com/Azure/acr-docker-credential-helper && \ - cd /go/src/github.com/Azure/acr-docker-credential-helper && \ - git checkout a79b541f3ee761f6cc4511863ed41fb038c19464 && \ - git apply < /acr.patch && \ - make && cp -f ./bin/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux - -#ACR docker env credential helper +# Azure docker env credential helper RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) && \ cd /go/src/github.com/chrismellard && \ git clone https://github.com/chrismellard/docker-credential-acr-env && \ cd docker-credential-acr-env && \ - make build && cp -f ./build/docker-credential-acr-env /usr/local/bin + make build # Add .docker config dir RUN mkdir -p /kaniko/.docker @@ -69,7 +55,7 @@ COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/* /kaniko/ COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login -COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr +COPY --from=0 /go/src/github.com/chrismellard/docker-credential-acr-env/build/docker-credential-acr-env /kaniko/docker-credential-acr COPY --from=busybox:1.32.0 /bin /busybox # Declare /busybox as a volume to get it automatically in the path to ignore @@ -79,10 +65,11 @@ COPY files/ca-certificates.crt /kaniko/ssl/certs/ COPY --from=0 /kaniko/.docker /kaniko/.docker COPY files/nsswitch.conf /etc/nsswitch.conf ENV HOME /root -ENV USER /root +ENV USER root ENV PATH /usr/local/bin:/kaniko:/busybox ENV SSL_CERT_DIR=/kaniko/ssl/certs ENV DOCKER_CONFIG /kaniko/.docker/ ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json +WORKDIR /workspace RUN ["docker-credential-gcr", "config", "--token-source=env"] ENTRYPOINT ["/kaniko/executor"] diff --git a/deploy/Dockerfile_slim b/deploy/Dockerfile_slim index 919578c0a..cdd1ad00e 100644 --- a/deploy/Dockerfile_slim +++ b/deploy/Dockerfile_slim @@ -13,7 +13,7 @@ # limitations under the License. # Builds the static Go image to execute in a Kubernetes job -FROM golang:1.14 as build_env +FROM golang:1.15 as build_env ARG GOARCH=amd64 RUN echo $GOARCH > /goarch diff --git a/deploy/Dockerfile_warmer b/deploy/Dockerfile_warmer index 9e349f83b..eac0bd08a 100644 --- a/deploy/Dockerfile_warmer +++ b/deploy/Dockerfile_warmer @@ -14,7 +14,7 @@ # Builds the static Go image to execute in a Kubernetes job -FROM golang:1.14 +FROM golang:1.15 ARG GOARCH=amd64 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko RUN echo $GOARCH > /goarch @@ -27,34 +27,19 @@ RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a, RUN echo "I am runninng $TARGETPLATFORM with $(cat /goarch)" # Get GCR credential helper -RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ - (mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \ - cd /go/src/github.com/GoogleCloudPlatform && \ - git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ - cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \ - make deps OUT_DIR=/usr/local/bin && \ - go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go +ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.1/docker-credential-gcr_linux_$GOARCH-2.0.1.tar.gz /usr/local/bin/ + RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_$GOARCH-2.0.1.tar.gz # Get Amazon ECR credential helper RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper -# Azure docker credential helper -COPY ./acr.patch / -RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true) && \ - cd /go/src/github.com/Azure && \ - git clone https://github.com/Azure/acr-docker-credential-helper && \ - cd /go/src/github.com/Azure/acr-docker-credential-helper && \ - git checkout a79b541f3ee761f6cc4511863ed41fb038c19464 && \ - git apply < /acr.patch && \ - make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux - # ACR docker env credential helper RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) && \ cd /go/src/github.com/chrismellard && \ git clone https://github.com/chrismellard/docker-credential-acr-env && \ cd docker-credential-acr-env && \ - make build && cp -f ./build/docker-credential-acr-env /usr/local/bin + make build # Add .docker config dir RUN mkdir -p /kaniko/.docker @@ -66,7 +51,7 @@ FROM scratch COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login -COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr +COPY --from=0 /go/src/github.com/chrismellard/docker-credential-acr-env/build/docker-credential-acr-env /kaniko/docker-credential-acr COPY files/ca-certificates.crt /kaniko/ssl/certs/ COPY --from=0 /kaniko/.docker /kaniko/.docker COPY files/nsswitch.conf /etc/nsswitch.conf diff --git a/deploy/cloudbuild-debug.yaml b/deploy/cloudbuild-debug.yaml index 1980e2e50..c7cf478ea 100644 --- a/deploy/cloudbuild-debug.yaml +++ b/deploy/cloudbuild-debug.yaml @@ -22,4 +22,4 @@ options: substitutions: _EXECUTOR_IMAGE_NAME: executor - _DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64' + _DOCKER_BUILDX_PLATFORMS: 'linux/arm64' diff --git a/deploy/cloudbuild-executor.yaml b/deploy/cloudbuild-executor.yaml index 5d83f18ee..cd5af0c71 100644 --- a/deploy/cloudbuild-executor.yaml +++ b/deploy/cloudbuild-executor.yaml @@ -9,10 +9,10 @@ steps: args: ['buildx', 'create', '--use', '--platform', '${_DOCKER_BUILDX_PLATFORMS}'] id: 'create-builder' -# # First, build kaniko -# - name: "gcr.io/cloud-builders/docker" -# args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile", -# "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$COMMIT_SHA", "--push", "." ] + # First, build kaniko + - name: "gcr.io/cloud-builders/docker" + args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile", + "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:$COMMIT_SHA", "--push", "." ] # Finally executor:slim image - name: "gcr.io/cloud-builders/docker"