From d8595d8bdb4e71e82d65396eacf7ea983c62adf9 Mon Sep 17 00:00:00 2001 From: "Sean P. Kelly" Date: Thu, 5 Dec 2024 06:38:53 +0000 Subject: [PATCH 1/4] ci: do not install crane Twoliter now bundles `krane`, so it isn't required to be installed by CI for testing. --- .github/actions/install-crane/action.yaml | 45 ----------------------- .github/workflows/rust.yml | 4 -- 2 files changed, 49 deletions(-) delete mode 100644 .github/actions/install-crane/action.yaml diff --git a/.github/actions/install-crane/action.yaml b/.github/actions/install-crane/action.yaml deleted file mode 100644 index 194fcb7d7..000000000 --- a/.github/actions/install-crane/action.yaml +++ /dev/null @@ -1,45 +0,0 @@ -name: "Install crane" -description: "Installs crane for use in testing." -inputs: - crane-version: - description: "Version of crane to install" - required: false - default: latest - install-dir: - description: "Directory to install crane" - required: false - default: $HOME/.crane - -runs: - using: "composite" - steps: - - shell: bash - run: | - mkdir -p ${{ inputs.install-dir }} - - VERSION=${{ inputs.crane-version }} - if [[ "${VERSION}" == "latest" ]]; then - VERSION=$(gh release list \ - --exclude-pre-releases \ - -R google/go-containerregistry \ - --json name \ - | jq -r '.[0].name') - fi - - case ${{ runner.arch }} in - X64) - ARCH=x86_64 - ;; - ARM64) - ARCH=arm64 - ;; - esac - - ARTIFACT_NAME="go-containerregistry_Linux_${ARCH}.tar.gz" - gh release download "${VERSION}" \ - -R google/go-containerregistry \ - -p "${ARTIFACT_NAME}" \ - --output - \ - | tar -zxvf - -C "${{ inputs.install-dir }}" crane - - echo "${{ inputs.install-dir }}" >> "${GITHUB_PATH}" diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index bcf054d16..4e2329d45 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -15,10 +15,6 @@ jobs: labels: bottlerocket_ubuntu-latest_16-core steps: - uses: actions/checkout@v3 - - name: Install crane for testing - uses: ./.github/actions/install-crane - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: cargo install cargo-deny --locked - run: cargo install cargo-make --locked - uses: actions/setup-go@v5 From 528d1c72ff1f34bf2343d11ef8f71b038a977365 Mon Sep 17 00:00:00 2001 From: "Sean P. Kelly" Date: Thu, 5 Dec 2024 06:49:51 +0000 Subject: [PATCH 2/4] ci: install patch in PR build workflow --- .github/workflows/rust.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 4e2329d45..181cb69f5 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -20,4 +20,6 @@ jobs: - uses: actions/setup-go@v5 with: go-version: "^1.18" + # Install `patch`, needed to build `krane-bundle` + - run: sudo apt-get install -y patch - run: make build From 374fb7d770d9aff62b4ddfbd8e5efd6b918a4d3e Mon Sep 17 00:00:00 2001 From: "Sean P. Kelly" Date: Thu, 5 Dec 2024 06:50:01 +0000 Subject: [PATCH 3/4] twoliter: write SDKs to a temporary archive Previously, the SDK was written by krane to stdout, then loaded into the docker daemon. Using stdout would disallow krane from writing chunks of the file out of order, theoretically slowing it down. --- twoliter/embedded/Makefile.toml | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/twoliter/embedded/Makefile.toml b/twoliter/embedded/Makefile.toml index 25cfba8b0..e7b50202d 100644 --- a/twoliter/embedded/Makefile.toml +++ b/twoliter/embedded/Makefile.toml @@ -13,6 +13,7 @@ BUILDSYS_BUILD_DIR = "${BUILDSYS_ROOT_DIR}/build" BUILDSYS_PACKAGES_DIR = "${BUILDSYS_BUILD_DIR}/rpms" BUILDSYS_KITS_DIR = "${BUILDSYS_BUILD_DIR}/kits" BUILDSYS_EXTERNAL_KITS_DIR = "${BUILDSYS_BUILD_DIR}/external-kits" +BUILDSYS_EXTERNAL_SDKS_DIR = "${BUILDSYS_BUILD_DIR}/external-sdk-archives" BUILDSYS_STATE_DIR = "${BUILDSYS_BUILD_DIR}/state" BUILDSYS_IMAGES_DIR = "${BUILDSYS_BUILD_DIR}/images" BUILDSYS_LOGS_DIR = "${BUILDSYS_BUILD_DIR}/logs" @@ -315,22 +316,32 @@ dependencies = ["setup-build"] script_runner = "bash" script = [ ''' + +cleanup() { + [ -n "${SDK_ARCHIVE_PATH}" ] && rm -rf "${SDK_ARCHIVE_PATH}" +} + +trap 'cleanup' EXIT + SDK_PLATFORM="$(docker version --format '{{.Server.Os}}/{{.Server.Arch}}')" KRANE="${TWOLITER_TOOLS_DIR}/krane" +mkdir -p "${BUILDSYS_EXTERNAL_SDKS_DIR}" +SDK_ARCHIVE_PATH="$(mktemp -p ${BUILDSYS_EXTERNAL_SDKS_DIR} bottlerocket-sdk-tmp-archive-XXXXXXXX.tar)" + if [ ! -s "${BUILDSYS_EXTERNAL_KITS_DIR}/.sdk-verified" ]; then echo "Twoliter could not validate '${TLPRIVATE_SDK_IMAGE}', refusing to continue" >&2 exit 1 fi + if ! docker image inspect "${TLPRIVATE_SDK_IMAGE}" >/dev/null 2>&1 ; then echo "Pulling SDK '${TLPRIVATE_SDK_IMAGE}'" - ${KRANE} pull "${TLPRIVATE_SDK_IMAGE}" /dev/stdout --platform "${SDK_PLATFORM}" \ - | docker load - if [[ ${PIPESTATUS[0]} -ne 0 ]]; then + if ! ${KRANE} pull "${TLPRIVATE_SDK_IMAGE}" "${SDK_ARCHIVE_PATH}" --platform "${SDK_PLATFORM}" ; then echo "failed to pull '${TLPRIVATE_SDK_IMAGE}'" >&2 exit 1 fi - if [[ ${PIPESTATUS[1]} -ne 0 ]]; then + + if ! docker load --input "${SDK_ARCHIVE_PATH}" ; then echo "failed to load '${TLPRIVATE_SDK_IMAGE}' into docker daemon" >&2 exit 1 fi From 0aba5cf10652545c7f03bf9a7ee016a8242a5a76 Mon Sep 17 00:00:00 2001 From: "Sean P. Kelly" Date: Thu, 5 Dec 2024 07:13:38 +0000 Subject: [PATCH 4/4] chore: prepare for release 0.6.0-rc1 --- CHANGELOG.md | 9 ++++++--- Cargo.lock | 2 +- Cargo.toml | 2 +- twoliter/Cargo.toml | 2 +- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 38054c9c3..08a891013 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,17 +9,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [unreleased]: https://github.com/bottlerocket-os/twoliter/compare/v0.5.2...HEAD -## [0.5.2] - 2024-12-03 +## [0.6.0] - 2024-12-04 ### Changed -- Use `krane` to fetch the SDK during the build instead of `docker` ([#411]) +- Allow arbitrary kits to generate an accurate application inventory ([#410]) +- Use `krane` to fetch the SDK during the build instead of `docker` ([#411], [#412]) - Enable verbose `krane` logs when the log level is DEBUG or TRACE ([#411]) - Update `ecr-login` to v0.9.0 ([#411]) +[#410]: https://github.com/bottlerocket-os/twoliter/pull/410 [#411]: https://github.com/bottlerocket-os/twoliter/pull/411 +[#412]: https://github.com/bottlerocket-os/twoliter/pull/412 -[0.5.2]: https://github.com/bottlerocket-os/twoliter/compare/v0.5.1...v0.5.2 +[0.6.0]: https://github.com/bottlerocket-os/twoliter/compare/v0.5.1...v0.6.0 ## [0.5.1] - 2024-11-11 diff --git a/Cargo.lock b/Cargo.lock index c32f5d501..65ae23bbf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3857,7 +3857,7 @@ dependencies = [ [[package]] name = "twoliter" -version = "0.5.2-rc1" +version = "0.6.0-rc1" dependencies = [ "anyhow", "async-recursion", diff --git a/Cargo.toml b/Cargo.toml index 636b93271..49e3ed379 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -61,7 +61,7 @@ pubsys-setup = { version = "0.1", path = "tools/pubsys-setup", artifact = [ "bin testsys = { version = "0.1", path = "tools/testsys", artifact = [ "bin:testsys" ] } testsys-config = { version = "0.1", path = "tools/testsys-config" } testsys-model = { version = "0.0.14", git = "https://github.com/bottlerocket-os/bottlerocket-test-system", tag = "v0.0.14" } -twoliter = { version = "0.5.2-rc1", path = "twoliter", artifact = [ "bin:twoliter" ] } +twoliter = { version = "0.6.0-rc1", path = "twoliter", artifact = [ "bin:twoliter" ] } unplug = { version = "0.1", path = "tools/unplug", artifact = [ "bin:unplug" ] } update-metadata = { version = "0.1", path = "tools/update-metadata" } diff --git a/twoliter/Cargo.toml b/twoliter/Cargo.toml index 2aba2b567..a80f2164a 100644 --- a/twoliter/Cargo.toml +++ b/twoliter/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "twoliter" -version = "0.5.2-rc1" +version = "0.6.0-rc1" edition = "2021" description = "A command line tool for creating custom builds of Bottlerocket" authors = ["Matthew James Briggs "]