alpha: add rpms to sdk #85
Conversation
|
Working on targeting both arches and running on both arches (multiarch-manifest) |
webern
force-pushed
the
alpha-sdk
branch
3 times, most recently
from
a23afc7 to
7774045
Compare
|
Multiarch manifests are working properly rebase |
local/alpha-sdk.dockerfile
Outdated
|
|
||
| COPY build/rpms/ /twoliter/alpha/build/rpms/ | ||
| COPY sbkeys/generate-local-sbkeys /twoliter/alpha/sbkeys/generate-local-sbkeys | ||
| COPY sbkeys/generate-aws-sbkeys /twoliter/alpha/sbkeys/generate-aws-sbkeys |
There was a problem hiding this comment.
nit: can omit generate-aws-sbkeys because it's not invoked by any make tasks
There was a problem hiding this comment.
This was required for twoliter build variant because the current build system assumes those scripts exist in tree.
There was a problem hiding this comment.
It should just need generate-local-sbkeys.
There was a problem hiding this comment.
I'm also confused by this. Don't we, and won't a Twoliter Alpha customer, need the generate-aws-sbkeys script?
There was a problem hiding this comment.
Don't we, and won't a Twoliter Alpha customer, need the generate-aws-sbkeys script?
It'll have to be invoked by hand for now since the inputs are quite complicated. Eventually I expect we'll want commands like twoliter generate repository-keys and twoliter generate secure-boot-keys that take a structured input file rather than CLI args.
local/alpha-sdk.sh
Outdated
| --sdk-registry The namespace or Docker registry where the SDK is found. For | ||
| example, in the following string 'public.ecr.aws' is the | ||
| registry: | ||
| --alpha-name The name of the Twoliter alpha SDK container. | ||
| public.ecr.aws/bottlerocket/bottlerocket-sdk-x86_64:v0.50.0 |
There was a problem hiding this comment.
| --sdk-registry The namespace or Docker registry where the SDK is found. For | |
| example, in the following string 'public.ecr.aws' is the | |
| registry: | |
| --alpha-name The name of the Twoliter alpha SDK container. | |
| public.ecr.aws/bottlerocket/bottlerocket-sdk-x86_64:v0.50.0 | |
| --sdk-registry The namespace or Docker registry where the SDK is found. For | |
| example, in the following string 'public.ecr.aws' is the | |
| registry: | |
| public.ecr.aws/bottlerocket/bottlerocket-sdk-x86_64:v0.50.0 | |
| --alpha-name The name of the Twoliter alpha SDK container. |
local/alpha-sdk.sh
Outdated
| [[ -n ${alpha_registry} ]] || usage_error 'required: --alpha-registry' | ||
| [[ -n ${alpha_version} ]] || usage_error 'required: --alpha-version' | ||
|
|
||
| variant="${variant:=aws-k8s-1.27}" |
There was a problem hiding this comment.
Let's default to one with all the new feature flags enabled:
| variant="${variant:=aws-k8s-1.27}" | |
| variant="${variant:=aws-dev}" |
| docker build \ | ||
| --tag "${tag}" \ | ||
| --build-arg "SDK=${sdk}" \ | ||
| --build-arg "HOST_GOARCH=${host_arch}" \ |
There was a problem hiding this comment.
| --build-arg "HOST_GOARCH=${host_arch}" \ | |
| --build-arg "HOST_GOARCH=${host_arch}" \ | |
| --build-arg "TARGET_ARCH=${target_arch}" \ |
| cargo make \ | ||
| -e "BUILDSYS_VARIANT=${variant}" \ | ||
| -e "BUILDSYS_ARCH=${target_arch}" \ | ||
| build-variant |
There was a problem hiding this comment.
Should we do a preemptive cargo make clean before the loop so that the build directory is in a known-empty state? Otherwise we'll end up copying artifacts in a way that won't necessarily be reproducible.
|
|
Copy the sbkeys scripts to a dir not dockerignored |
To create an early-access version of twoliter build variant, we need an SDK that contains the Bottlerocket rpms. This script and Dockerfile creates it.
|
@bcressey I think this has everything you requested. I had trouble globbing, but if you don't pass @ecpullen looks like there is an issue with the cargo deny install, can you check it out and maybe pin the cargo deny install to a version that isn't broken? |
Issue #, if available:
Closes #78
Description of changes:
To create an early-access version of twoliter build variant, we need an SDK that contains the Bottlerocket rpms. This script and Dockerfile creates it.
Testing
Ran these on both x86_64 and aarch64 hosts.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.