From e66e88085708d142c8ec151dc7a9d5903925b34d Mon Sep 17 00:00:00 2001 From: Gerald Pinder Date: Sat, 13 Apr 2024 01:55:50 -0400 Subject: [PATCH] chore: Cleanup images and use hash for exports tag (#158) I noticed that making changes to the exports script before a release could cause modules to not build properly if breaking changes got pushed out. To prevent this, I'm making it so that the hash of the commit is put in the tag for the exports script image and that the CLI tool will use that hash when building the `Containerfile`. --- .github/workflows/build-pr.yml | 40 ++++++++++++-------- .github/workflows/build.yml | 19 ++++++---- Earthfile | 53 +++++++++++++++++++++------ build.rs | 7 +--- src/commands/template.rs | 3 +- template/src/lib.rs | 3 ++ template/templates/modules/modules.j2 | 2 +- 7 files changed, 85 insertions(+), 42 deletions(-) diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml index 039cf98..992dce7 100644 --- a/.github/workflows/build-pr.yml +++ b/.github/workflows/build-pr.yml @@ -14,6 +14,8 @@ jobs: build: timeout-minutes: 60 runs-on: ubuntu-latest + outputs: + export: ${{ steps.build.outputs.export }} steps: - name: Maximize build space @@ -23,8 +25,6 @@ jobs: if: env.EARTHLY_SAT_TOKEN == null - uses: earthly/actions-setup@v1 - with: - version: v0.8.4 - name: Earthly login env: @@ -39,8 +39,22 @@ jobs: with: ref: ${{ github.event.pull_request.ref }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + if: github.token != null + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ github.token }} + - name: Run build - run: earthly --ci +build + id: build + run: | + if [ -n "${{ github.token }}" ]; then + earthly --ci --push +exports-script + echo "export=true" >> "$GITHUB_OUTPUT" + fi + earthly --ci +build integration-tests: permissions: @@ -49,14 +63,16 @@ jobs: runs-on: ubuntu-latest needs: - build + if: needs.build.outputs.export == 'true' steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 + env: + EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} + if: env.EARTHLY_SAT_TOKEN == null - uses: earthly/actions-setup@v1 - with: - version: v0.8.4 - name: Earthly login env: @@ -73,7 +89,6 @@ jobs: ref: ${{ github.event.pull_request.ref }} - name: Run integration tests - if: github.repository == 'blue-build/cli' run: earthly --ci -P ./integration-tests+all docker-build: @@ -85,6 +100,7 @@ jobs: id-token: write needs: - build + if: needs.build.outputs.export == 'true' steps: - name: Maximize build space @@ -92,8 +108,6 @@ jobs: - uses: sigstore/cosign-installer@v3.3.0 - uses: earthly/actions-setup@v1 - with: - version: v0.8.4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -107,7 +121,7 @@ jobs: run: | earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null earthly org s blue-build - earthly sat s blue-build-integration-tests + earthly sat s blue-build-pr - uses: actions/checkout@v4 with: @@ -115,7 +129,7 @@ jobs: - name: Install bluebuild run: | - earthly -a +install/bluebuild --BUILD_TARGET=x86_64-unknown-linux-musl /usr/local/bin/bluebuild + earthly -a +installer/bluebuild /usr/local/bin/bluebuild - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@v3 @@ -130,8 +144,4 @@ jobs: cd integration-tests/test-repo bluebuild template -vv | tee Containerfile grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1 - if [ -n "$GH_TOKEN" ] && [ -n "$COSIGN_PRIVATE_KEY" ]; then - bluebuild build --push -vv - else - bluebuild build -vv - fi + bluebuild build --push -vv diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2706ae0..2d5ff64 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,8 +28,6 @@ jobs: if: env.EARTHLY_SAT_TOKEN == null - uses: earthly/actions-setup@v1 - with: - version: v0.8.4 - name: Earthly login env: @@ -56,21 +54,27 @@ jobs: if: github.repository == 'blue-build/cli' run: earthly --push --ci +build + - name: Run build fork + if: github.repository != 'blue-build/cli' + run: earthly --ci +build + integration-tests: permissions: packages: write timeout-minutes: 60 runs-on: ubuntu-latest + if: github.repository == 'blue-build/cli' needs: - build steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 + env: + EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} + if: env.EARTHLY_SAT_TOKEN == null - uses: earthly/actions-setup@v1 - with: - version: v0.8.4 - name: Earthly login env: @@ -97,6 +101,7 @@ jobs: contents: read packages: write id-token: write + if: github.repository == 'blue-build/cli' needs: - build @@ -106,8 +111,6 @@ jobs: - uses: sigstore/cosign-installer@v3.3.0 - uses: earthly/actions-setup@v1 - with: - version: v0.8.4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -121,7 +124,7 @@ jobs: run: | earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null earthly org s blue-build - earthly sat s blue-build-integration-tests + earthly sat s blue-build-main - uses: actions/checkout@v4 with: @@ -129,7 +132,7 @@ jobs: - name: Install bluebuild run: | - earthly -a +install/bluebuild --BUILD_TARGET=x86_64-unknown-linux-musl /usr/local/bin/bluebuild + earthly -a +installer/bluebuild /usr/local/bin/bluebuild - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@v3 diff --git a/Earthfile b/Earthfile index 4476f48..b402033 100644 --- a/Earthfile +++ b/Earthfile @@ -41,7 +41,9 @@ exports-script: LABEL org.opencontainers.image.source="https://github.com/blue-build/cli" COPY exports.sh / RUN chmod +x exports.sh - SAVE IMAGE --push $IMAGE:exports + + ARG EARTHLY_GIT_HASH + SAVE IMAGE --push $IMAGE:$EARTHLY_GIT_HASH-exports common: FROM ghcr.io/blue-build/earthly-lib/cargo-builder @@ -52,6 +54,8 @@ common: COPY --keep-ts *.md /app COPY --keep-ts LICENSE /app COPY --keep-ts build.rs /app + COPY --keep-ts --dir .git/ /app + RUN touch build.rs DO cargo+INIT @@ -77,14 +81,23 @@ blue-build-cli: COPY (+install/bluebuild --BUILD_TARGET="x86_64-unknown-linux-gnu") /usr/bin/bluebuild - ARG TAG - ARG LATEST=false - RUN mkdir -p /bluebuild WORKDIR /bluebuild ENTRYPOINT ["bluebuild"] - DO cargo+SAVE_IMAGE --IMAGE=$IMAGE --TAG=$TAG --LATEST=$LATEST + ARG TAG + ARG LATEST=false + + IF [ -n "$TAG" ] + SAVE IMAGE --push $IMAGE:$TAG + + IF [ "$LATEST" = "true" ] + SAVE IMAGE --push $IMAGE:latest + END + ELSE + ARG EARTHLY_GIT_BRANCH + SAVE IMAGE --push $IMAGE:$EARTHLY_GIT_BRANCH + END blue-build-cli-alpine: FROM alpine @@ -96,14 +109,22 @@ blue-build-cli-alpine: COPY +cosign/cosign /usr/bin/cosign COPY (+install/bluebuild --BUILD_TARGET="x86_64-unknown-linux-musl") /usr/bin/bluebuild - ARG TAG - ARG LATEST=false - RUN mkdir -p /bluebuild WORKDIR /bluebuild ENTRYPOINT ["bluebuild"] - DO cargo+SAVE_IMAGE --IMAGE=$IMAGE --TAG=$TAG --LATEST=$LATEST --ALPINE=true + ARG TAG + IF [ -n "$TAG" ] + SAVE IMAGE --push $IMAGE:$TAG-alpine + + ARG LATEST=false + IF [ "$LATEST" = "true" ] + SAVE IMAGE --push $IMAGE:latest-alpine + END + ELSE + ARG EARTHLY_GIT_BRANCH + SAVE IMAGE --push $IMAGE:$EARTHLY_GIT_BRANCH-alpine + END installer: FROM alpine @@ -114,8 +135,18 @@ installer: CMD ["cat", "/install.sh"] ARG TAG - ARG LATEST=false - DO cargo+SAVE_IMAGE --IMAGE=$IMAGE --TAG=$TAG --LATEST=$LATEST --INSTALLER=true + IF [ -n "$TAG" ] + SAVE IMAGE --push $IMAGE:$TAG-installer + + ARG LATEST=false + IF [ "$LATEST" = "true" ] + SAVE IMAGE --push $IMAGE:latest-installer + END + ELSE + ARG EARTHLY_GIT_BRANCH + SAVE IMAGE --push $IMAGE:$EARTHLY_GIT_BRANCH-installer + END + SAVE ARTIFACT /out/bluebuild cosign: FROM gcr.io/projectsigstore/cosign diff --git a/build.rs b/build.rs index a42bd65..2050cad 100644 --- a/build.rs +++ b/build.rs @@ -7,12 +7,7 @@ fn main() -> SdResult<()> { shadow_rs::new_hook(hook) } -fn hook(file: &File) -> SdResult<()> { - append_write_const(file)?; - Ok(()) -} - -fn append_write_const(mut file: &File) -> SdResult<()> { +fn hook(mut file: &File) -> SdResult<()> { let hash = Command::new("git") .args(["rev-parse", "HEAD"]) .output() diff --git a/src/commands/template.rs b/src/commands/template.rs index c4062f0..1d7f8ea 100644 --- a/src/commands/template.rs +++ b/src/commands/template.rs @@ -10,7 +10,7 @@ use clap::Args; use log::{debug, info, trace}; use typed_builder::TypedBuilder; -use crate::drivers::Driver; +use crate::{drivers::Driver, shadow}; use super::{BlueBuildCommand, DriverArgs}; @@ -86,6 +86,7 @@ impl TemplateCommand { .recipe(&recipe_de) .recipe_path(recipe_path.as_path()) .registry(self.get_registry()) + .exports_tag(shadow::BB_COMMIT_HASH) .build(); let output_str = template.render()?; diff --git a/template/src/lib.rs b/template/src/lib.rs index 1f4a953..412c10e 100644 --- a/template/src/lib.rs +++ b/template/src/lib.rs @@ -27,6 +27,9 @@ pub struct ContainerFileTemplate<'a> { #[builder(setter(into))] registry: Cow<'a, str>, + + #[builder(setter(into))] + exports_tag: Cow<'a, str>, } #[derive(Debug, Clone, Template, TypedBuilder)] diff --git a/template/templates/modules/modules.j2 b/template/templates/modules/modules.j2 index 3ff961e..84929fa 100644 --- a/template/templates/modules/modules.j2 +++ b/template/templates/modules/modules.j2 @@ -27,7 +27,7 @@ RUN \ {%- if type == "akmods" %} --mount=type=bind,from=stage-akmods-{{ module.generate_akmods_info(os_version).stage_name }},src=/rpms,dst=/tmp/rpms,rw \ {%- endif %} - --mount=type=bind,from=ghcr.io/blue-build/cli:exports,src=/exports.sh,dst=/tmp/exports.sh \ + --mount=type=bind,from=ghcr.io/blue-build/cli:{{ exports_tag }}-exports,src=/exports.sh,dst=/tmp/exports.sh \ --mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-{{ recipe.name }}-{{ recipe.image_version }},sharing=locked \ echo "========== Start {{ type|capitalize }} module ==========" \ && chmod +x /tmp/modules/{{ type }}/{{ type }}.sh \