build: Use ko for image building

mesosphere · Oct 16, 2023 · bac57bc · bac57bc
1 parent 03ae17c
commit bac57bc
Show file tree

Hide file tree

Showing 19 changed files with 194 additions and 198 deletions.
diff --git a/.github/workflows/checks-macos.yml b/.github/workflows/checks-macos.yml
@@ -18,6 +18,9 @@ on:
 jobs:
   build-and-run:
     runs-on: macos-13
+    defaults:
+      run:
+        shell: bash
     steps:
       - name: Check out code
         uses: actions/checkout@v4

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -18,6 +18,9 @@ on:
 jobs:
   unit-test:
     runs-on: ubuntu-22.04
+    defaults:
+      run:
+        shell: bash
     permissions:
       checks: write
       pull-requests: write
@@ -43,6 +46,9 @@ jobs:
 
   e2e-test:
     runs-on: ubuntu-22.04
+    defaults:
+      run:
+        shell: bash
     permissions:
       checks: write
       pull-requests: write
@@ -57,15 +63,11 @@ jobs:
         with:
           enable-cache: true
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-        with:
-          platforms: arm64
-
       - name: Run e2e tests
         run: devbox run -- make e2e-test
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TMPDIR: ${{ runner.temp }}
 
       - name: Publish Test Results
         uses: EnricoMi/publish-unit-test-result-action@v2
@@ -77,6 +79,9 @@ jobs:
 
   lint:
     runs-on: ubuntu-22.04
+    defaults:
+      run:
+        shell: bash
     steps:
       - name: Check out code
         uses: actions/checkout@v4
@@ -101,6 +106,9 @@ jobs:
 
   pre-commit:
     runs-on: ubuntu-22.04
+    defaults:
+      run:
+        shell: bash
     steps:
       - name: Check out code
         uses: actions/checkout@v4

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -11,6 +11,9 @@ jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-22.04
+    defaults:
+      run:
+        shell: bash
     permissions:
       actions: read
       contents: read

diff --git a/.github/workflows/recover-secret.yaml b/.github/workflows/recover-secret.yaml
@@ -6,6 +6,9 @@ jobs:
   openssl:
     name: Recover Secret With OpenSSL
     runs-on: ubuntu-22.04
+    defaults:
+      run:
+        shell: bash
     steps:
       - env:
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}

diff --git a/.github/workflows/release-tag.yaml b/.github/workflows/release-tag.yaml
@@ -16,6 +16,9 @@ permissions:
 jobs:
   release-tag:
     runs-on: ubuntu-22.04
+    defaults:
+      run:
+        shell: bash
     steps:
       - uses: actions/checkout@v4
         with:
@@ -27,13 +30,6 @@ jobs:
         with:
           enable-cache: true
 
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Release
         run: devbox run -- make release
         env:

diff --git a/.go-tools b/.go-tools
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -47,9 +47,21 @@ builds:
       - amd64
       - arm64
     mod_timestamp: '{{ .CommitTimestamp }}'
-    hooks:
-      post:
-        - cmd: make SKIP_UPX={{ if index .Env "SKIP_UPX" }}{{ .Env.SKIP_UPX }}{{ else }}{{ .IsSnapshot }}{{ end }} GOOS={{ .Os }} GOARCH={{ .Arch }} UPX_TARGET={{ .Path }} upx
+
+upx:
+  - enabled: "{{ not .IsSnapshot }}"
+    goos:
+      - linux
+    compress: "9"
+    lzma: true
+  - enabled: "{{ not .IsSnapshot }}"
+    goos:
+      - windows
+    goarch:
+      - amd64
+    compress: "9"
+    lzma: true
+
 archives:
   - name_template: '{{ .ProjectName }}_v{{trimprefix .Version "v"}}_{{ .Os }}_{{ .Arch }}'
     format_overrides:
@@ -58,51 +70,24 @@ archives:
     builds:
       - mindthegap
     rlcp: true
-dockers:
-  - image_templates:
-      # Specify the image tag including `-amd64` suffix if the build is not a snapshot build or is not being built on
-      # arm64 machine. This allows for using the snapshot image build without the archtecture specific suffix
-      # consistently on local machines, i.e. can always use `ghcr.io/mesosphere/mindthegap:v<VERSION>` on the machine the snapshot
-      # is built on.
-      #
-      # For a release build the `-amd64` suffix will always be included and the `docker_manifests` specification below
-      # will create the final multiplatform manifest to be pushed to the registry.
-      - 'ghcr.io/mesosphere/mindthegap:v{{trimprefix .Version "v"}}{{ if or (not .IsSnapshot) (not (eq .Runtime.Goarch "amd64")) }}-amd64{{ end }}'
-    use: buildx
-    dockerfile: Dockerfile
-    build_flag_templates:
-      - "--platform=linux/amd64"
-      - "--pull"
-      - "--label=org.opencontainers.image.created={{.Date}}"
-      - "--label=org.opencontainers.image.title=mindthegap"
-      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=org.opencontainers.image.source={{.GitURL}}"
-  - image_templates:
-      # Specify the image tag including `-amd64v8` suffix if the build is not a snapshot build or is not being built on
-      # arm64 machine. This allows for using the snapshot image build without the archtecture specific suffix
-      # consistently on local machines, i.e. can always use `ghcr.io/mesosphere/mindthegap:v<VERSION>` on the machine the snapshot
-      # is built on.
-      #
-      # For a release build the `-amd64v8` suffix will always be included and the `docker_manifests` specification below
-      # will create the final multiplatform manifest to be pushed to the registry.
-    - 'ghcr.io/mesosphere/mindthegap:v{{trimprefix .Version "v"}}{{ if or (not .IsSnapshot) (not (eq .Runtime.Goarch "arm64")) }}-arm64v8{{ end }}'
-    use: buildx
-    goarch: arm64
-    dockerfile: Dockerfile
-    build_flag_templates:
-      - "--platform=linux/arm64"
-      - "--pull"
-      - "--label=org.opencontainers.image.created={{.Date}}"
-      - "--label=org.opencontainers.image.title=mindthegap"
-      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=org.opencontainers.image.source={{.GitURL}}"
-docker_manifests:
-  - name_template: ghcr.io/mesosphere/mindthegap:v{{trimprefix .Version "v"}}
-    image_templates:
-    - ghcr.io/mesosphere/mindthegap:v{{trimprefix .Version "v"}}-amd64
-    - ghcr.io/mesosphere/mindthegap:v{{trimprefix .Version "v"}}-arm64v8
+
+kos:
+  - id: mindthegap
+    build: mindthegap
+    labels:
+      org.opencontainers.image.created: "{{ .CommitDate }}"
+      org.opencontainers.image.title: mindthegap
+      org.opencontainers.image.revision: "{{ .FullCommit }}"
+      org.opencontainers.image.version: v{{trimprefix .Version "v"}}
+      org.opencontainers.image.source: "{{ .GitURL }}"
+    platforms:
+      - linux/amd64
+      - linux/arm64
+    repository: ghcr.io/mesosphere/mindthegap
+    bare: true
+    tags:
+      - v{{trimprefix .Version "v"}}
+
 checksum:
   name_template: 'checksums.txt'
 snapshot:

diff --git a/.tool-versions b/.tool-versions
diff --git a/devbox.json b/devbox.json
@@ -7,6 +7,7 @@
     "findutils@latest",
     "ginkgo@latest",
     "git@latest",
+    "path:./hack/flakes/go-mod-upgrade",
     "gnused@latest",
     "gnugrep@latest",
     "gnumake@latest",

diff --git a/devbox.lock b/devbox.lock
@@ -80,10 +80,24 @@
       "version": "0.11.0"
     },
     "goreleaser@latest": {
-      "last_modified": "2023-07-23T03:35:12Z",
-      "resolved": "github:NixOS/nixpkgs/af8cd5ded7735ca1df1a1174864daab75feeb64a#goreleaser",
-      "source": "devbox-search",
-      "version": "1.19.2"
+      "last_modified": "2023-10-01T23:11:39Z",
+      "resolved": "github:NixOS/nixpkgs/f8be2c43b4b1c1aec02f741ae909696b8410ebc1#goreleaser",
+      "source": "devbox-search",
+      "version": "1.21.2",
+      "systems": {
+        "aarch64-darwin": {
+          "store_path": "/nix/store/x9zmzrlmgwrvh8873yj4gyfwirzmr56q-goreleaser-1.21.2"
+        },
+        "aarch64-linux": {
+          "store_path": "/nix/store/p33a0pj50ajjhqr5af7p3gz9m4x6kxps-goreleaser-1.21.2"
+        },
+        "x86_64-darwin": {
+          "store_path": "/nix/store/bcxrzsd200xxj50y3rm214brig4g4gbb-goreleaser-1.21.2"
+        },
+        "x86_64-linux": {
+          "store_path": "/nix/store/qn65854flb2l2kb0168c3ci24ra0irm6-goreleaser-1.21.2"
+        }
+      }
     },
     "gotestsum@latest": {
       "last_modified": "2023-07-23T03:35:12Z",

diff --git a/hack/flakes/go-mod-upgrade/flake.lock b/hack/flakes/go-mod-upgrade/flake.lock
diff --git a/hack/flakes/go-mod-upgrade/flake.nix b/hack/flakes/go-mod-upgrade/flake.nix
@@ -0,0 +1,64 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+{
+  description = "Update outdated Go dependencies interactively";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    utils.url = "github:numtide/flake-utils/v1.0.0";
+  };
+
+  outputs =
+    { self
+    , nixpkgs
+    , utils
+    ,
+    }:
+    let
+      appReleaseVersion = "0.9.1";
+      appReleaseBinaries = {
+        "x86_64-linux" = {
+          fileName = "go-mod-upgrade_${appReleaseVersion}_Linux_x86_64.tar.gz";
+          sha256 = "38b7f36b275fa08bedf0e4c7fb1eaf256fa632a7489abe7c40a1d2b87a688b01";
+        };
+        "x86_64-darwin" = {
+          fileName = "go-mod-upgrade_${appReleaseVersion}_Darwin_x86_64.tar.gz";
+          sha256 = "e1e0294040cfadde0f119590f37fbff73654abc482ac60c1e3ca60b867326713";
+        };
+        "aarch64-darwin" = {
+          fileName = "go-mod-upgrade_${appReleaseVersion}_Darwin_arm64.tar.gz";
+          sha256 = "15027f435a85f31346fd0796977180c43c737b7fe7bbb4fc3bcc5f4b8f32804c";
+        };
+      };
+      supportedSystems = builtins.attrNames appReleaseBinaries;
+    in
+    utils.lib.eachSystem supportedSystems (system:
+    let
+      pkgs = nixpkgs.legacyPackages.${system};
+      appReleaseBinary = appReleaseBinaries.${system};
+    in
+    rec {
+      packages.go-mod-upgrade = pkgs.stdenv.mkDerivation {
+        pname = "go-mod-upgrade";
+        version = appReleaseVersion;
+
+        src = pkgs.fetchurl {
+          url = "https://github.com/oligot/go-mod-upgrade/releases/download/v${appReleaseVersion}/${appReleaseBinary.fileName}";
+          sha256 = appReleaseBinary.sha256;
+        };
+
+        sourceRoot = ".";
+
+        installPhase = ''
+          install -m755 -D go-mod-upgrade $out/bin/go-mod-upgrade
+        '';
+      };
+      packages.default = packages.go-mod-upgrade;
+
+      apps.go-mod-upgrade = utils.lib.mkApp {
+        drv = packages.go-mod-upgrade;
+      };
+      apps.default = apps.go-mod-upgrade;
+    });
+}
diff --git a/make/all.mk b/make/all.mk
@@ -8,11 +8,8 @@ include $(INCLUDE_DIR)shell.mk
 include $(INCLUDE_DIR)help.mk
 include $(INCLUDE_DIR)repo.mk
 include $(INCLUDE_DIR)platform.mk
-include $(INCLUDE_DIR)tools.mk
 include $(INCLUDE_DIR)pre-commit.mk
 include $(INCLUDE_DIR)go.mk
 include $(INCLUDE_DIR)goreleaser.mk
 include $(INCLUDE_DIR)docker.mk
-include $(INCLUDE_DIR)ci.mk
 include $(INCLUDE_DIR)tag.mk
-include $(INCLUDE_DIR)upx.mk