From 00939d4f1d4619d3897ffdb16081945a6c43f6cd Mon Sep 17 00:00:00 2001
From: Salah Aldeen Al Saleh <sg.alsaleh@gmail.com>
Date: Fri, 8 Dec 2023 22:22:06 +0000
Subject: [PATCH] build minio with apko

---
 .../actions/build-push-minio-image/action.yml | 28 +++++++++++++++++++
 .github/workflows/alpha.yaml                  | 27 ++++++++++++++++--
 .github/workflows/build-test.yaml             |  8 ++----
 deploy/kurl/kotsadm/template/base/rqlite.yaml |  2 ++
 deploy/minio/apko.yaml                        | 28 +++++++++++++++++++
 5 files changed, 85 insertions(+), 8 deletions(-)
 create mode 100644 .github/actions/build-push-minio-image/action.yml
 create mode 100644 deploy/minio/apko.yaml

diff --git a/.github/actions/build-push-minio-image/action.yml b/.github/actions/build-push-minio-image/action.yml
new file mode 100644
index 0000000000..527a183918
--- /dev/null
+++ b/.github/actions/build-push-minio-image/action.yml
@@ -0,0 +1,28 @@
+name: 'Build and push minio image'
+description: 'Composite action for building and pushing minio image'
+inputs:
+  image-name:
+    description: 'Full destination minio image name'
+    required: true
+
+  registry-username:
+    description: 'Username to login to registry'
+    default: ''
+    required: false
+
+  registry-password:
+    description: 'Password to login to registry'
+    default: ''
+    required: false
+
+runs:
+  using: "composite"
+  steps:
+    - uses: chainguard-images/actions/apko-publish@main
+      with:
+        config: deploy/minio/apko.yaml
+        archs: x86_64
+        tag: ${{ inputs.image-name }}
+        vcs-url: true
+        generic-user: ${{ inputs.registry-username }}
+        generic-pass: ${{ inputs.registry-password }}
diff --git a/.github/workflows/alpha.yaml b/.github/workflows/alpha.yaml
index f0aba88527..ab176c4da7 100644
--- a/.github/workflows/alpha.yaml
+++ b/.github/workflows/alpha.yaml
@@ -43,9 +43,30 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@v4
+      - name: Read image tags from env file
+        uses: falti/dotenv-action@v1
+        id: dotenv
+        with:
+          path: .image.env
       - uses: ./.github/actions/build-push-rqlite-image
         with:
-          image-name: index.docker.io/kotsadm/rqlite:alpha
+          image-name: index.docker.io/kotsadm/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }}
+          registry-username: ${{ secrets.DOCKERHUB_USER }}
+          registry-password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+
+  build-minio:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v4
+      - name: Read image tags from env file
+        uses: falti/dotenv-action@v1
+        id: dotenv
+        with:
+          path: .image.env
+      - uses: ./.github/actions/build-push-minio-image
+        with:
+          image-name: index.docker.io/kotsadm/minio:${{ steps.dotenv.outputs.MINIO_TAG }}
           registry-username: ${{ secrets.DOCKERHUB_USER }}
           registry-password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
@@ -95,7 +116,7 @@ jobs:
         id: scan
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: "rqlite/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }}"
+          image-ref: "docker.io/kotsadm/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }}"
           format: 'template'
           template: '@/contrib/sarif.tpl'
           output: 'rqlite-scan-output.sarif'
@@ -122,7 +143,7 @@ jobs:
         id: scan
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: "minio/minio:${{ steps.dotenv.outputs.minio_tag }}"
+          image-ref: "docker.io/kotsadm/minio:${{ steps.dotenv.outputs.MINIO_TAG }}"
           format: 'template'
           template: '@/contrib/sarif.tpl'
           output: 'minio-scan-output.sarif'
diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml
index 1d6aa0eb25..63277babf4 100644
--- a/.github/workflows/build-test.yaml
+++ b/.github/workflows/build-test.yaml
@@ -427,11 +427,9 @@ jobs:
         with:
           path: .image.env
 
-      - name: push minio for e2e
-        run: |
-          docker pull minio/minio:${{ steps.dotenv.outputs.minio_tag }}
-          docker tag minio/minio:${{ steps.dotenv.outputs.minio_tag }} ttl.sh/automated-${{ github.run_id }}/minio:${{ steps.dotenv.outputs.minio_tag }}
-          docker push ttl.sh/automated-${{ github.run_id }}/minio:${{ steps.dotenv.outputs.minio_tag }}
+      - uses: ./.github/actions/build-push-minio-image
+        with:
+          image-name: ttl.sh/automated-${{ github.run_id }}/minio:${{ steps.dotenv.outputs.minio_tag }}
 
 
   push-rqlite:
diff --git a/deploy/kurl/kotsadm/template/base/rqlite.yaml b/deploy/kurl/kotsadm/template/base/rqlite.yaml
index 2a78dd37b1..5038d90722 100644
--- a/deploy/kurl/kotsadm/template/base/rqlite.yaml
+++ b/deploy/kurl/kotsadm/template/base/rqlite.yaml
@@ -61,6 +61,8 @@ spec:
         ports:
         - name: rqlite
           containerPort: 4001
+        - name: raft
+          containerPort: 4002
         volumeMounts:
         - name: kotsadm-rqlite
           mountPath: /rqlite/file
diff --git a/deploy/minio/apko.yaml b/deploy/minio/apko.yaml
new file mode 100644
index 0000000000..8ddf39807c
--- /dev/null
+++ b/deploy/minio/apko.yaml
@@ -0,0 +1,28 @@
+contents:
+  repositories:
+    - https://packages.wolfi.dev/os
+  keyring:
+    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
+  packages:
+    - minio
+    - mc
+    - bash
+    - busybox
+    - wolfi-baselayout
+
+accounts:
+  groups:
+    - groupname: minio
+      gid: 1001
+  users:
+    - username: minio
+      uid: 1001
+      gid: 1001
+  run-as: minio
+
+entrypoint:
+  command: minio
+
+archs:
+  - x86_64
+  - aarch64