From 6a08f28a30b4c7d3d08015a3b5d70cd3a08563c8 Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Thu, 13 Jul 2023 09:01:28 -0400 Subject: [PATCH 1/6] new package: ko-fips Signed-off-by: Jason Hall --- ko-fips.yaml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 ko-fips.yaml diff --git a/ko-fips.yaml b/ko-fips.yaml new file mode 100644 index 0000000000..998dbb3b9a --- /dev/null +++ b/ko-fips.yaml @@ -0,0 +1,37 @@ +package: + name: ko-fips + version: 0.14.1 + epoch: 0 + description: Simple, fast container image builder for Go applications. + copyright: + - license: Apache-2.0 + +environment: + contents: + packages: + - ca-certificates-bundle + - busybox + - go-fips + environment: + CGO_ENABLED: "0" + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/ko-build/ko + tag: v${{package.version}} + expected-commit: 200db7243f02b5c0303e21d8ab8e3b4ad3a229d0 + destination: ko + + - uses: go/build + with: + packages: . + output: ko + modroot: ko + ldflags: -s -w -X github.com/google/ko/pkg/commands.Version=${{package.version}} + +update: + enabled: true + github: + identifier: ko-build/ko + strip-prefix: v From f5a3ae2d8aa0b8659b89ffcc6ec2621e273de0f3 Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Thu, 13 Jul 2023 11:33:47 -0400 Subject: [PATCH 2/6] don't use go/build Signed-off-by: Jason Hall --- ko-fips.yaml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/ko-fips.yaml b/ko-fips.yaml index 998dbb3b9a..6cd866ad17 100644 --- a/ko-fips.yaml +++ b/ko-fips.yaml @@ -23,12 +23,11 @@ pipeline: expected-commit: 200db7243f02b5c0303e21d8ab8e3b4ad3a229d0 destination: ko - - uses: go/build - with: - packages: . - output: ko - modroot: ko - ldflags: -s -w -X github.com/google/ko/pkg/commands.Version=${{package.version}} + - runs: | + cd ko + go build -o "${{targets.destdir}}"/usr/bin/ko \ + -ldflags "-s -w -X github.com/google/ko/pkg/commands.Version=${{package.version}}" \ + -trimpath \ update: enabled: true From 8e463041450222020360c6fa26c24b42fc3f3ace Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Thu, 13 Jul 2023 11:47:21 -0400 Subject: [PATCH 3/6] just use a local pipeline Signed-off-by: Jason Hall --- Makefile | 1 + ko-fips.yaml | 14 ++--- pipelines/go-fips/build.yaml | 93 ++++++++++++++++++++++++++++++++++ pipelines/go-fips/install.yaml | 69 +++++++++++++++++++++++++ 4 files changed, 170 insertions(+), 7 deletions(-) create mode 100644 pipelines/go-fips/build.yaml create mode 100644 pipelines/go-fips/install.yaml diff --git a/Makefile b/Makefile index 97e7608058..af9bac1cb9 100644 --- a/Makefile +++ b/Makefile @@ -21,6 +21,7 @@ MELANGE_OPTS += --arch ${ARCH} MELANGE_OPTS += --env-file build-${ARCH}.env MELANGE_OPTS += --namespace wolfi MELANGE_OPTS += --generate-index false +MELANGE_OPTS += --pipeline-dir ./pipelines/ MELANGE_OPTS += ${MELANGE_EXTRA_OPTS} ifeq (${USE_CACHE}, yes) diff --git a/ko-fips.yaml b/ko-fips.yaml index 6cd866ad17..606edd1b54 100644 --- a/ko-fips.yaml +++ b/ko-fips.yaml @@ -1,6 +1,6 @@ package: name: ko-fips - version: 0.14.1 + version: 0.14.1 epoch: 0 description: Simple, fast container image builder for Go applications. copyright: @@ -11,7 +11,6 @@ environment: packages: - ca-certificates-bundle - busybox - - go-fips environment: CGO_ENABLED: "0" @@ -23,11 +22,12 @@ pipeline: expected-commit: 200db7243f02b5c0303e21d8ab8e3b4ad3a229d0 destination: ko - - runs: | - cd ko - go build -o "${{targets.destdir}}"/usr/bin/ko \ - -ldflags "-s -w -X github.com/google/ko/pkg/commands.Version=${{package.version}}" \ - -trimpath \ + - uses: go-fips/build + with: + packages: . + output: ko + modroot: ko + ldflags: -s -w -X github.com/google/ko/pkg/commands.Version=${{package.version}} update: enabled: true diff --git a/pipelines/go-fips/build.yaml b/pipelines/go-fips/build.yaml new file mode 100644 index 0000000000..77ab07eb0a --- /dev/null +++ b/pipelines/go-fips/build.yaml @@ -0,0 +1,93 @@ +name: Run a build using the go compiler + +needs: + packages: + - go-fips + - busybox + - ca-certificates-bundle + +inputs: + packages: + description: | + List of space-separated packages to compile. Files con also be specified. + This value is passed as an argument to go build. All paths are relative + to inputs.modroot. + required: true + + tags: + description: | + A comma-separated list of build tags to pass to the go compiler + + output: + description: | + Filename to use when writing the binary. The final install location inside + the apk will be in prefix / install-dir / output + required: true + + vendor: + description: | + If true, the go mod command will also update the vendor directory + default: "false" + + subpackage: + description: | + Indicates that the build will write to a subpackage target folder + default: "false" + + modroot: + default: "." + required: false + description: | + Top directory of the go module, this is where go.mod lives. Before buiding + the go pipeline wil cd into this directory. + + prefix: + description: | + Prefix to relocate binaries + default: usr + + ldflags: + description: + List of [pattern=]arg to pass to the go compiler with -ldflags + + install-dir: + description: | + Directory where binaries will be installed + default: bin + + deps: + description: | + space separated list of go modules to update before building. example: github.com/foo/bar@v1.2.3 + +pipeline: + - runs: | + TAGS="" + LDFLAGS="" + + if [ ! "${{inputs.tags}}" == "" ]; then + TAGS="${{inputs.tags}}" + fi + + if [ ! "${{inputs.ldflags}}" == "" ]; then + LDFLAGS="${{inputs.ldflags}}" + fi + + BASE_PATH="${{inputs.prefix}}/${{inputs.install-dir}}/${{inputs.output}}" + if [ "${{inputs.subpackage}}" == "true" ]; then + DEST_PATH="-o ${{targets.subpkgdir}}/${BASE_PATH}" + else + DEST_PATH="-o ${{targets.destdir}}/${BASE_PATH}" + fi + + cd "${{inputs.modroot}}" + + # Install any specified dependencies + if [ ! "${{inputs.deps}}" == "" ]; then + for dep in ${{inputs.deps}}; do + go get $dep + done + go mod tidy + # If vendor is specified, update the vendor directory + "${{inputs.vendor}}" && go mod vendor + fi + go build ${DEST_PATH} -tags "${TAGS}" -ldflags "${LDFLAGS}" -trimpath ${{inputs.packages}} diff --git a/pipelines/go-fips/install.yaml b/pipelines/go-fips/install.yaml new file mode 100644 index 0000000000..9f5c93ebe7 --- /dev/null +++ b/pipelines/go-fips/install.yaml @@ -0,0 +1,69 @@ +name: Run a build using the go compiler + +needs: + packages: + - go-fips + - busybox + - ca-certificates-bundle + - git + +inputs: + package: + description: | + Import path to the package + required: true + + version: + description: | + Package version to install. This can be a version tag (v1.0.0), a + commit hash or another ref (eg latest or HEAD). + + prefix: + description: | + Prefix to relocate binaries + default: usr + + install-dir: + description: | + Directory where binaries will be installed + default: bin + + ldflags: + description: + List of [pattern=]arg to pass to the go compiler with -ldflags + + tags: + description: | + A comma-separated list of build tags to pass to the go compiler + +pipeline: + - runs: | + TAGS="" + LDFLAGS="" + VERSION="" + + # Installed binaries will be stored in a tmp dir + export GOBIN=$(mktemp -d) + + if [ ! "${{inputs.tags}}" == "" ]; then + TAGS="${{inputs.tags}}" + fi + + if [ ! "${{inputs.ldflags}}" == "" ]; then + LDFLAGS="${{inputs.ldflags}}" + fi + + if [ ! "${{inputs.version}}" == "" ]; then + VERSION="@${{inputs.version}}" + fi + + # Run go install + go install ${DEST_PATH} -tags "${TAGS}" -ldflags "${LDFLAGS}" ${{inputs.package}}${VERSION} + mkdir -p ${{targets.destdir}}/${{inputs.prefix}}/${{inputs.install-dir}} + + # Move all resulting files to the target dir + echo "go/install: Installing built binaries" + for f in $(ls ${GOBIN}) + do + mv -v ${GOBIN}/${f} ${{targets.destdir}}/${{inputs.prefix}}/${{inputs.install-dir}}/${f} + done From 4d43bfe204755b9f7081d0342d5901fd4a48e2be Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Thu, 13 Jul 2023 11:52:10 -0400 Subject: [PATCH 4/6] Revert "just use a local pipeline" This reverts commit 8e463041450222020360c6fa26c24b42fc3f3ace. --- Makefile | 1 - ko-fips.yaml | 14 ++--- pipelines/go-fips/build.yaml | 93 ---------------------------------- pipelines/go-fips/install.yaml | 69 ------------------------- 4 files changed, 7 insertions(+), 170 deletions(-) delete mode 100644 pipelines/go-fips/build.yaml delete mode 100644 pipelines/go-fips/install.yaml diff --git a/Makefile b/Makefile index af9bac1cb9..97e7608058 100644 --- a/Makefile +++ b/Makefile @@ -21,7 +21,6 @@ MELANGE_OPTS += --arch ${ARCH} MELANGE_OPTS += --env-file build-${ARCH}.env MELANGE_OPTS += --namespace wolfi MELANGE_OPTS += --generate-index false -MELANGE_OPTS += --pipeline-dir ./pipelines/ MELANGE_OPTS += ${MELANGE_EXTRA_OPTS} ifeq (${USE_CACHE}, yes) diff --git a/ko-fips.yaml b/ko-fips.yaml index 606edd1b54..6cd866ad17 100644 --- a/ko-fips.yaml +++ b/ko-fips.yaml @@ -1,6 +1,6 @@ package: name: ko-fips - version: 0.14.1 + version: 0.14.1 epoch: 0 description: Simple, fast container image builder for Go applications. copyright: @@ -11,6 +11,7 @@ environment: packages: - ca-certificates-bundle - busybox + - go-fips environment: CGO_ENABLED: "0" @@ -22,12 +23,11 @@ pipeline: expected-commit: 200db7243f02b5c0303e21d8ab8e3b4ad3a229d0 destination: ko - - uses: go-fips/build - with: - packages: . - output: ko - modroot: ko - ldflags: -s -w -X github.com/google/ko/pkg/commands.Version=${{package.version}} + - runs: | + cd ko + go build -o "${{targets.destdir}}"/usr/bin/ko \ + -ldflags "-s -w -X github.com/google/ko/pkg/commands.Version=${{package.version}}" \ + -trimpath \ update: enabled: true diff --git a/pipelines/go-fips/build.yaml b/pipelines/go-fips/build.yaml deleted file mode 100644 index 77ab07eb0a..0000000000 --- a/pipelines/go-fips/build.yaml +++ /dev/null @@ -1,93 +0,0 @@ -name: Run a build using the go compiler - -needs: - packages: - - go-fips - - busybox - - ca-certificates-bundle - -inputs: - packages: - description: | - List of space-separated packages to compile. Files con also be specified. - This value is passed as an argument to go build. All paths are relative - to inputs.modroot. - required: true - - tags: - description: | - A comma-separated list of build tags to pass to the go compiler - - output: - description: | - Filename to use when writing the binary. The final install location inside - the apk will be in prefix / install-dir / output - required: true - - vendor: - description: | - If true, the go mod command will also update the vendor directory - default: "false" - - subpackage: - description: | - Indicates that the build will write to a subpackage target folder - default: "false" - - modroot: - default: "." - required: false - description: | - Top directory of the go module, this is where go.mod lives. Before buiding - the go pipeline wil cd into this directory. - - prefix: - description: | - Prefix to relocate binaries - default: usr - - ldflags: - description: - List of [pattern=]arg to pass to the go compiler with -ldflags - - install-dir: - description: | - Directory where binaries will be installed - default: bin - - deps: - description: | - space separated list of go modules to update before building. example: github.com/foo/bar@v1.2.3 - -pipeline: - - runs: | - TAGS="" - LDFLAGS="" - - if [ ! "${{inputs.tags}}" == "" ]; then - TAGS="${{inputs.tags}}" - fi - - if [ ! "${{inputs.ldflags}}" == "" ]; then - LDFLAGS="${{inputs.ldflags}}" - fi - - BASE_PATH="${{inputs.prefix}}/${{inputs.install-dir}}/${{inputs.output}}" - if [ "${{inputs.subpackage}}" == "true" ]; then - DEST_PATH="-o ${{targets.subpkgdir}}/${BASE_PATH}" - else - DEST_PATH="-o ${{targets.destdir}}/${BASE_PATH}" - fi - - cd "${{inputs.modroot}}" - - # Install any specified dependencies - if [ ! "${{inputs.deps}}" == "" ]; then - for dep in ${{inputs.deps}}; do - go get $dep - done - go mod tidy - # If vendor is specified, update the vendor directory - "${{inputs.vendor}}" && go mod vendor - fi - go build ${DEST_PATH} -tags "${TAGS}" -ldflags "${LDFLAGS}" -trimpath ${{inputs.packages}} diff --git a/pipelines/go-fips/install.yaml b/pipelines/go-fips/install.yaml deleted file mode 100644 index 9f5c93ebe7..0000000000 --- a/pipelines/go-fips/install.yaml +++ /dev/null @@ -1,69 +0,0 @@ -name: Run a build using the go compiler - -needs: - packages: - - go-fips - - busybox - - ca-certificates-bundle - - git - -inputs: - package: - description: | - Import path to the package - required: true - - version: - description: | - Package version to install. This can be a version tag (v1.0.0), a - commit hash or another ref (eg latest or HEAD). - - prefix: - description: | - Prefix to relocate binaries - default: usr - - install-dir: - description: | - Directory where binaries will be installed - default: bin - - ldflags: - description: - List of [pattern=]arg to pass to the go compiler with -ldflags - - tags: - description: | - A comma-separated list of build tags to pass to the go compiler - -pipeline: - - runs: | - TAGS="" - LDFLAGS="" - VERSION="" - - # Installed binaries will be stored in a tmp dir - export GOBIN=$(mktemp -d) - - if [ ! "${{inputs.tags}}" == "" ]; then - TAGS="${{inputs.tags}}" - fi - - if [ ! "${{inputs.ldflags}}" == "" ]; then - LDFLAGS="${{inputs.ldflags}}" - fi - - if [ ! "${{inputs.version}}" == "" ]; then - VERSION="@${{inputs.version}}" - fi - - # Run go install - go install ${DEST_PATH} -tags "${TAGS}" -ldflags "${LDFLAGS}" ${{inputs.package}}${VERSION} - mkdir -p ${{targets.destdir}}/${{inputs.prefix}}/${{inputs.install-dir}} - - # Move all resulting files to the target dir - echo "go/install: Installing built binaries" - for f in $(ls ${GOBIN}) - do - mv -v ${GOBIN}/${f} ${{targets.destdir}}/${{inputs.prefix}}/${{inputs.install-dir}}/${f} - done From bd35f9593204b4a2bbb2026f2720ab8c63639682 Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Thu, 13 Jul 2023 12:35:38 -0400 Subject: [PATCH 5/6] Update ko-fips.yaml Co-authored-by: Matt Moore Signed-off-by: Jason Hall --- ko-fips.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ko-fips.yaml b/ko-fips.yaml index 6cd866ad17..cd5237630f 100644 --- a/ko-fips.yaml +++ b/ko-fips.yaml @@ -27,7 +27,7 @@ pipeline: cd ko go build -o "${{targets.destdir}}"/usr/bin/ko \ -ldflags "-s -w -X github.com/google/ko/pkg/commands.Version=${{package.version}}" \ - -trimpath \ + -trimpath update: enabled: true From f0010e323f72afeed70b889b01aa561b945a0b93 Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Thu, 13 Jul 2023 12:35:45 -0400 Subject: [PATCH 6/6] Update ko-fips.yaml Co-authored-by: Matt Moore Signed-off-by: Jason Hall --- ko-fips.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ko-fips.yaml b/ko-fips.yaml index cd5237630f..0e1c014d84 100644 --- a/ko-fips.yaml +++ b/ko-fips.yaml @@ -1,6 +1,6 @@ package: name: ko-fips - version: 0.14.1 + version: 0.14.1 epoch: 0 description: Simple, fast container image builder for Go applications. copyright: