* Add s390x support to docker images
1. add s390x support to docker images `executor`, `executor(slim)`,
`executor(debug)` and `warmer`. Fixes#1462 and #1665.
2. Address the building issue of dependency `docker-credential-gcr`
in Dockerfiles. This issue was introduced when recent commits
in `docker-credential-gcr` removed the Makefile.
Signed-off-by: Kun-Lu <kun.lu@ibm.com>
* Add s390x support to all images except debug image
* Add s390x support to images.yaml
* Fix ld64.so.1 not found issue on s390x
* Add a comment for copying /lib from busybox container on s390x
When os.Stat returns an error different from ErrNotExist,
mkdirAllWithPermissions may panic with a nil pointer
derefence due to insufficient error checking.
Avoid the panic by bailing out, returning the error to the
caller.
* Clarify usage of --skip-tls-verify-registry argument
Referring to --skip-tls-verify-registry as a "flag" is misleading since
command line flags usually require no value. Thus, the documentation
is updated to match the behavior of the command line argument.
* Clarify usage of --insecure-registry argument
Referring to --insecure-registry as a "flag" is misleading since
command line flags usually require no value. Thus, the documentation
is updated to match the behavior of the command line argument.
* Collapse integration test workflows into one config
Remove last traces of Travis, including env vars and `make travis-setup`
and badges in README
* fix lint
* make integration tests pass on PRs
On my machine this makes image rebuilds go from ~5m to 1.5s.
This also required setting DOCKER_BUILDKIT=1 in integration test image
builds.
I also took the opportunity to bump the Go version used in those tests
to Go 1.17 to match the image build processes, and tidied up the
workflow files a bit too (renaming for consistency, typos, whitespace,
etc.)
* WIP: consolidate PR and real release workflows
- push and sign an image tagged for every push to the repo (e.g., merged PRs)
- push and sign for tag pushes, with release tags
- build but don't push for opened PRs
WIP because I need to test more with the tag flow, but pushes worked in
my fork.
* apply release tags, uncomment kms stuff
* Tag images correctly during releases
* review feedback
* cleanup: Correctly use buildx TARGETARCH
* undo changes to Go version
* Use golang:1.17 and build from reproducible source
This change updates the Go version used to build kaniko and credential
helpers to Go 1.17, which uses Go modules by default. This means that we
can build outside of $GOPATH, from source fetched from the Go module
proxy.
This change also simplfies our builds of credential helpers to simply
`go install` them at a pinned version, for reproducibility and
simplicity.
This also changes `make images` and `make push` to build and push the
slim executor image as well.
docker/setup-buildx-action actually provides first-class support for
the GitHub Actions cache (though experimental). This should make builds
much faster. Previous configuration wasn't properly configuring caching,
as far as I can tell.
This also takes advantage of GitHub Actions matrix support to more
concisely express the build parameters then execute the same steps on
them, which makes it clearer that the builds are all fundamentally doing
the same thing.
The logic that was in here was signing the tags we publish, which has a race. Also since what cosign signs is actually the digest, this was signing 3x where we really only need one call.
The cosign version being used was ancient. This catches us up to 1.4.1 (latest).
I was also eyeballing the very redundant jobs in `release.yaml` for a subsequent refactoring to make this a matrix job, so there are a couple of trivial cleanups related to this.
* Debugging the integration testing.
It seems to be consistently failing (also fix a typo in the file/leg name).
I'm disabling `-v` for `go test` because it interleaves the test output in ways that make it painful to read a single failing test's output when `t.Parallel` is involved.
* Try swapping registry:2 for the registry add-on
* Drop logf and make Logger private
* git: accept explicit commit hash for git context
When checking out code from non-github repositories, the typical
assumptions may not be valid, e.g. that the only interesting
non-branch commits have ref names starting with refs/pull. A specific
example is fetching an un-merged commit from a gerrit repository by
commit hash.
This change just looks at the second part of the git context path and
checks if it's a SHA commit hash, and if so, will fetch and check out
this commit after cloning the repository.
Sample context argument:
https://github.repo/project#e1772f228e06d15facdf175e5385e265b57068c0
* ci: fix test script to recognize any non-zero exit as an error
hack/linter.sh didn't properly install golangci-lint in hack/bin as I
already have another version of golangci-lint on my PATH, but then it
failed to execute because it was looking for it specifically in
hack/bin.
When the executable is not found, the exit code is 127 instead of 1,
and so test.sh ignored the error.
Two fixes:
1. `test.sh`:
- Use `if (script) ...` instead of assigning / checking a result
variable to determine if each validation script passed or failed.
2. `hack/linter.sh`:
- Instead of checking for golangci-lint on the path, just
specifically check for an executable file (`test -x`) in the
expected location.
Co-authored-by: Wade Carpenter <wwade@users.noreply.github.com>
* Remove tarball.WithCompressedCaching flag to resolve OOM Killed error
Large images cannot be build as the kaniko container will be killed due to an OOM error. Removing the tarball compression drastically reduces the memory required to push large image layers. Fixes#1680
This change may increase the build time for smaller images. Therefore a command line option to trigger the compression or a more intelligent behaviour may be useful.
* Add new command line flag to toggle compressed caching
* Add unittest for build with --compressed-caching command line flag set to false
1. add s390x support to docker images `executor`, `executor(slim)`,
`executor(debug)` and `warmer`. Fixes#1462 and #1665.
2. Address the building issue of dependency `docker-credential-gcr`
in Dockerfiles. This issue was introduced when recent commits
in `docker-credential-gcr` removed the Makefile.
Signed-off-by: Kun-Lu <kun.lu@ibm.com>
Co-authored-by: Kun-Lu <kun.lu@ibm.com>
Kun Lu
Dawei Ma
ankitm123
Jason Hall
Andrei Kvapil
Guillaume Calmettes
jeunii
Lars Seipel
ygelfand
Sebastiaan Tammer
Travis DePrato
Bernardo Marques
Dávid Szakállas
François JACQUES
Matt Moore
Tejal Desai
wwade
Janosch Maier