Merge pull request #10 from rancherlabs/v2-0-build-issues

V2 0 build issues

Author: mattmattox

.github/workflows/build.yml

@@ -1,76 +1,36 @@
+name: Build and Validate
+
 on:
   push:
     branches:
       - master
       - main
   pull_request:
 
-name: Build
-jobs:
-  build-amd64:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
-    - name: Set the TAG value
-      id: get-TAG
-      run: |
-        echo "$(make -s log | grep TAG)" >> "$GITHUB_ENV"
-    - name: Build container image
-      uses: docker/build-push-action@v6
-      with:
-        context: .
-        push: false
-        tags: rancherlabs/swiss-army-knife:${{ env.TAG }}-amd64
-        file: Dockerfile
-        build-args: |
-          TAG=${{ env.TAG }}
-
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/[email protected]
-      with:
-        image-ref: rancherlabs/swiss-army-knife:${{ env.TAG }}-amd64
-        format: 'table'
-        exit-code: '1'
-        ignore-unfixed: true
-        vuln-type: 'os,library'
-        severity: 'CRITICAL,HIGH'
-
-  build-arm64:
+jobs:
+  build:
     runs-on: ubuntu-latest
     steps:
-    - name: Check out code
-      uses: actions/checkout@v4
+      - name: Check out code
+        uses: actions/checkout@v4
 
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
 
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      - name: Build and validate multi-arch image
+        run: make build-validate
 
-    - name: Set the TAG value
-      id: get-TAG
-      run: |
-        echo "$(make -s log | grep TAG)" >> "$GITHUB_ENV"
-    - name: Build container image
-      uses: docker/build-push-action@v6
-      with:
-        context: .
-        push: false
-        tags: rancherlabs/swiss-army-knife:${{ env.TAG }}-arm64
-        file: Dockerfile
-        outputs: type=docker
-        platforms: linux/arm64
-        build-args: |
-          TAG=${{ env.TAG }}
+      - name: Display build info
+        run: make log
 
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/[email protected]
-      with:
-        image-ref: rancherlabs/swiss-army-knife:${{ env.TAG }}-arm64
-        format: 'table'
-        exit-code: '1'
-        ignore-unfixed: true
-        vuln-type: 'os,library'
-        severity: 'CRITICAL,HIGH'
+      - name: Upload CI files to artifacts (on failure)
+        uses: actions/upload-artifact@v4
+        if: failure()
+        with:
+          name: ci-artifacts
+          path: 'ci'
+          retention-days: 7

.github/workflows/release.yml

@@ -4,6 +4,8 @@ on:
 
 env:
   GITHUB_ACTION_TAG: ${{ github.ref_name }}
+  PUBLIC_REGISTRY: docker.io
+  REPO: rancherlabs
 
 jobs:
   push-multiarch:
@@ -25,15 +27,22 @@ jobs:
             secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
             secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
       - name: Build and push image
         uses: rancher/ecm-distro-tools/actions/publish-image@master
         with:
           image: swiss-army-knife
-          tag: ${{ github.event.release.tag_name }},latest
-          public-repo: rancherlabs
+          tag: ${{ github.ref_name }}
+          platforms: "linux/amd64,linux/arm64"
+
+          public-registry: ${{ env.PUBLIC_REGISTRY }}
+          public-repo: ${{ env.REPO }}
           public-username: ${{ env.DOCKER_USERNAME }}
           public-password: ${{ env.DOCKER_PASSWORD }}
 
+          push-to-prime: true
           prime-repo: rancherlabs
           prime-registry: ${{ env.PRIME_REGISTRY }}
           prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}

Dockerfile

@@ -13,6 +13,9 @@ RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags '-extldflags "-static"' -o ech
 # Final stage
 FROM registry.suse.com/bci/bci-base:15.7
 
+# Use buildx automatic platform args
+ARG TARGETARCH
+
 # Update all packages to latest versions to fix known vulnerabilities
 RUN zypper -n refresh && \
     zypper -n update -y && \
@@ -70,9 +73,9 @@ RUN zypper -n install --no-recommends mtr iperf3 \
 # Copy the compiled binary from builder stage
 COPY --from=builder /app/echo-server /usr/local/bin/
 
-# Download the stable kubectl binary
+# Download the stable kubectl binary for the correct architecture
 RUN VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt) && \
-    curl -L https://dl.k8s.io/release/$VERSION/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && \
+    curl -L https://dl.k8s.io/release/$VERSION/bin/linux/${TARGETARCH}/kubectl -o /usr/local/bin/kubectl && \
     chmod a+x /usr/local/bin/kubectl
 
 # Set working directory

Makefile

@@ -1,30 +1,65 @@
-# Get git commit hash
-GIT_COMMIT := $(shell git rev-parse --short HEAD)
-
-# Try to get the tag, if it exists
-GIT_TAG := $(shell git describe --tags --exact-match HEAD 2>/dev/null)
-
-# Set TAG based on whether a git tag exists
-ifdef GIT_TAG
-    # We're on a tagged commit, use the tag
-    TAG := $(GIT_TAG)
-else
-    # Not on a tag, use build-{commit} format
-    TAG := build-$(GIT_COMMIT)
-endif
+# Include logic that can be reused across projects.
+include hack/make/build.mk
+
+# Define target platforms, image builder and the fully qualified image name.
+TARGET_PLATFORMS ?= linux/amd64,linux/arm64
+
+REPO ?= rancherlabs
+IMAGE ?= swiss-army-knife
+IMAGE_NAME = $(REPO)/$(IMAGE)
+FULL_IMAGE_TAG = $(IMAGE_NAME):$(TAG)
+BUILD_ACTION = --load
 
 # Default target
 .PHONY: all
 all: build
 
-# Build target
+# Build target (for local Go binary)
 .PHONY: build
 build:
 	go build -o echo-server main.go
 
+build-image: buildx-machine ## build (and load) the container image targeting the current platform.
+	$(IMAGE_BUILDER) build -f Dockerfile \
+		--builder $(MACHINE) $(IMAGE_ARGS) \
+		--build-arg VERSION=$(VERSION) --platform=$(TARGET_PLATFORMS) -t "$(FULL_IMAGE_TAG)" $(BUILD_ACTION) .
+	@echo "Built $(FULL_IMAGE_TAG)"
+
+build-validate: buildx-machine ## build (and load) the container image targeting the current platform.
+	mkdir -p ci
+	$(IMAGE_BUILDER) build -f Dockerfile \
+		--builder $(MACHINE) $(IMAGE_ARGS) \
+		--build-arg VERSION=$(VERSION) \
+		--platform=$(TARGET_PLATFORMS) \
+		--output type=oci,dest=ci/multiarch-image.oci \
+		-t "$(FULL_IMAGE_TAG)" .
+	@echo "Built $(FULL_IMAGE_TAG) multi-arch image saved to ci/multiarch-image.oci"
+
+push-image: validate buildx-machine ## build the container image targeting all platforms defined by TARGET_PLATFORMS and push to a registry.
+	$(IMAGE_BUILDER) build -f Dockerfile \
+		--builder $(MACHINE) $(IMAGE_ARGS) $(IID_FILE_FLAG) $(BUILDX_ARGS) \
+		--build-arg VERSION=$(VERSION) --platform=$(TARGET_PLATFORMS) -t "$(FULL_IMAGE_TAG)" --push .
+	@echo "Pushed $(FULL_IMAGE_TAG)"
+
+validate: validate-dirty ## Run validation checks.
+
+validate-dirty:
+ifdef DIRTY
+	@echo Git is dirty
+	@git --no-pager status
+	@git --no-pager diff
+	@exit 1
+endif
+
 # Log target - outputs variables for CI/CD
 .PHONY: log
 log:
 	@echo "TAG=$(TAG)"
+	@echo "VERSION=$(VERSION)"
 	@echo "BUILD_DATE=$(shell date -u +"%Y-%m-%dT%H:%M:%SZ")"
-	@echo "GIT_COMMIT=$(GIT_COMMIT)"
+	@echo "GIT_COMMIT=$(shell git rev-parse --short HEAD)"
+
+clean: ## clean up project.
+	rm -rf build
+	rm -rf ci
+	rm -f echo-server

hack/make/build.mk

@@ -0,0 +1,24 @@
+ifeq ($(VERSION),)
+VERSION := $(shell ./scripts/version --short VERSION)
+endif
+
+ifeq ($(TAG),)
+TAG := $(shell ./scripts/version --short TAG)
+endif
+
+RUNNER := docker
+IMAGE_BUILDER := $(RUNNER) buildx
+MACHINE := rancher
+
+# Define the target platforms that can be used across the ecosystem.
+# Note that what would actually be used for a given project will be
+# defined in TARGET_PLATFORMS, and must be a subset of the below:
+DEFAULT_PLATFORMS := linux/amd64,linux/arm64
+
+.PHONY: help
+help: ## display Makefile's help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+buildx-machine: ## create rancher dockerbuildx machine targeting platform defined by DEFAULT_PLATFORMS.
+	@docker buildx ls | grep $(MACHINE) || \
+		docker buildx create --name=$(MACHINE) --platform=$(DEFAULT_PLATFORMS)

scripts/version

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+
+export KUBECONFIG=$KUBECONFIG
+
+if [ -n "$(git status --porcelain --untracked-files=no)" ]; then
+    DIRTY="-dirty"
+fi
+
+COMMIT=$(git rev-parse --short HEAD)
+GIT_TAG=${GIT_TAG:-$(git tag -l --contains HEAD | tail -n 1)}
+
+if [[ -z "$DIRTY" && -n "$GIT_TAG" ]]; then
+    VERSION=$GIT_TAG
+else
+    VERSION="${COMMIT}${DIRTY}"
+fi
+
+ARCH=$TARGET_ARCH
+if [ -z "$ARCH" ]; then
+    ARCH=$(go env GOHOSTARCH 2>/dev/null || echo "amd64")
+fi
+
+SUFFIX="-${ARCH}"
+
+TAG=${TAG:-${BRANCH_TAG:-${VERSION}}}
+REPO=${REPO:-rancherlabs}
+
+HELM_IMAGE_TAG=${HELM_IMAGE_TAG:-${TAG}}
+if [ "$TAG" == "$COMMIT" ]; then
+  HELM_CHART_VERSION="0.0.0-dev+${COMMIT}"
+else
+  HELM_CHART_VERSION=${HELM_IMAGE_TAG/v/}
+fi
+
+if echo "$TAG" | grep -q dirty; then
+    TAG="v0.0.0-dev.1-${COMMIT}"
+    HELM_IMAGE_TAG=$TAG
+    HELM_CHART_VERSION=${HELM_CHART_VERSION_DEV:-${HELM_IMAGE_TAG/v/}}
+fi
+IMAGE=${IMAGE:-"swiss-army-knife"}
+IMAGE_NAME=${IMAGE_NAME:-"${REPO}/${IMAGE}"}
+FULL_IMAGE=${FULL_IMAGE:-"${IMAGE_NAME}:${TAG}"}
+
+if [[ "$1" == "--short" && -n "$2" ]]; then
+  var_name="$2"
+  echo "${!var_name}"
+  exit 0
+fi
+
+function print_version_debug() {
+    echo "DIRTY: $DIRTY"
+    echo "SUFFIX: $SUFFIX";
+    echo "HELM_IMAGE_TAG: $HELM_IMAGE_TAG";
+    echo "HELM_CHART_VERSION: $HELM_CHART_VERSION";
+    echo "REPO: $REPO; IMAGE: $IMAGE; TAG: $TAG";
+    echo "IMAGE_NAME: $IMAGE_NAME"
+    echo "FULL_IMAGE: $FULL_IMAGE";
+}
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then print_version_debug "$1"; fi