From 964106485f602a9dd193a4f8dbd4284013b043e2 Mon Sep 17 00:00:00 2001 From: Sam Dowell Date: Mon, 9 Oct 2023 15:40:19 -0700 Subject: [PATCH] ci: use common distro for test images (#807) The test images were using different distributions, which could lead to inconsistent behaviors in things like GNU core utilities. This updates each of the test images to use a consistent debian based distro. This also does some refactoring to consolidate base image definitions to avoid duplication and simplify future updates. --- Makefile | 58 +++++++++++----- Makefile.build | 35 ++++++---- Makefile.e2e | 34 ++++++--- Makefile.oss.prow | 4 +- build/all/Dockerfile | 7 +- build/buildenv/Dockerfile | 9 +-- .../{test-e2e-go/kind => prow/e2e}/Dockerfile | 69 ++++++++++++------- build/prow/gke-e2e/Dockerfile | 51 -------------- build/prow/vulnerability-scanner/Dockerfile | 11 ++- scripts/e2e-kind.sh | 31 --------- {build/test-e2e-go => scripts}/e2e.sh | 5 +- 11 files changed, 152 insertions(+), 162 deletions(-) rename build/{test-e2e-go/kind => prow/e2e}/Dockerfile (54%) delete mode 100644 build/prow/gke-e2e/Dockerfile delete mode 100755 scripts/e2e-kind.sh rename {build/test-e2e-go => scripts}/e2e.sh (88%) diff --git a/Makefile b/Makefile index 5ad6ba5bf8..7ddb131779 100644 --- a/Makefile +++ b/Makefile @@ -36,6 +36,17 @@ OUTPUT_DIR := $(abspath .output) # Self-contained GOPATH dir. GO_DIR := $(OUTPUT_DIR)/go +# Base image used for all golang containers +GOLANG_IMAGE := golang:1.20.8-bullseye +# Base image used for debian containers +DEBIAN_BASE_IMAGE := gcr.io/gke-release/debian-base:bookworm-v1.0.0-gke.1 +# Base image used for gcloud install, primarily for test images. +# We use -slim for a smaller base image where we can choose which components to install. +# https://cloud.google.com/sdk/docs/downloads-docker#docker_image_options +GCLOUD_IMAGE := gcr.io/google.com/cloudsdktool/google-cloud-cli:449.0.0-slim +# Base image used for docker cli install, primarily used for test images. +DOCKER_CLI_IMAGE := gcr.io/cloud-builders/docker:20.10.14 + # Directory containing installed go binaries. BIN_DIR := $(GO_DIR)/bin KUSTOMIZE_VERSION := v5.1.1-gke.1 @@ -97,7 +108,7 @@ TEST_INFRA_REGISTRY ?= $(LOCATION)-docker.pkg.dev/$(TEST_INFRA_PROJECT)/test-inf # Docker image used for build and test. This image does not support CGO. # When upgrading this tag, publish the image after the change is submitted. -BUILDENV_IMAGE ?= $(TEST_INFRA_REGISTRY)/buildenv:v0.2.13 +BUILDENV_IMAGE ?= $(TEST_INFRA_REGISTRY)/buildenv:v0.2.14 # Nomos docker images containing all binaries. RECONCILER_IMAGE := reconciler @@ -139,25 +150,25 @@ endif OLD_IMAGE_TAG ?= $(IMAGE_TAG) # Base image names as given on gcr.io -RECONCILER_GCR := $(REGISTRY)/$(RECONCILER_IMAGE) -RECONCILER_MANAGER_GCR := $(REGISTRY)/$(RECONCILER_MANAGER_IMAGE) -ADMISSION_WEBHOOK_GCR := $(REGISTRY)/$(ADMISSION_WEBHOOK_IMAGE) -HYDRATION_CONTROLLER_GCR := $(REGISTRY)/$(HYDRATION_CONTROLLER_IMAGE) -HYDRATION_CONTROLLER_WITH_SHELL_GCR := $(REGISTRY)/$(HYDRATION_CONTROLLER_WITH_SHELL_IMAGE) -OCI_SYNC_GCR := $(REGISTRY)/$(OCI_SYNC_IMAGE) -HELM_SYNC_GCR := $(REGISTRY)/$(HELM_SYNC_IMAGE) -NOMOS_GCR := $(REGISTRY)/$(NOMOS_IMAGE) -ASKPASS_GCR := $(REGISTRY)/$(ASKPASS_IMAGE) +RECONCILER_GCR = $(REGISTRY)/$(RECONCILER_IMAGE) +RECONCILER_MANAGER_GCR = $(REGISTRY)/$(RECONCILER_MANAGER_IMAGE) +ADMISSION_WEBHOOK_GCR = $(REGISTRY)/$(ADMISSION_WEBHOOK_IMAGE) +HYDRATION_CONTROLLER_GCR = $(REGISTRY)/$(HYDRATION_CONTROLLER_IMAGE) +HYDRATION_CONTROLLER_WITH_SHELL_GCR = $(REGISTRY)/$(HYDRATION_CONTROLLER_WITH_SHELL_IMAGE) +OCI_SYNC_GCR = $(REGISTRY)/$(OCI_SYNC_IMAGE) +HELM_SYNC_GCR = $(REGISTRY)/$(HELM_SYNC_IMAGE) +NOMOS_GCR = $(REGISTRY)/$(NOMOS_IMAGE) +ASKPASS_GCR = $(REGISTRY)/$(ASKPASS_IMAGE) # Full image tags as given on gcr.io -RECONCILER_TAG := $(RECONCILER_GCR):$(IMAGE_TAG) -RECONCILER_MANAGER_TAG := $(RECONCILER_MANAGER_GCR):$(IMAGE_TAG) -ADMISSION_WEBHOOK_TAG := $(ADMISSION_WEBHOOK_GCR):$(IMAGE_TAG) -HYDRATION_CONTROLLER_TAG := $(HYDRATION_CONTROLLER_GCR):$(IMAGE_TAG) -HYDRATION_CONTROLLER_WITH_SHELL_TAG := $(HYDRATION_CONTROLLER_WITH_SHELL_GCR):$(IMAGE_TAG) -OCI_SYNC_TAG := $(OCI_SYNC_GCR):$(IMAGE_TAG) -HELM_SYNC_TAG := $(HELM_SYNC_GCR):$(IMAGE_TAG) -NOMOS_TAG := $(NOMOS_GCR):$(IMAGE_TAG) -ASKPASS_TAG := $(ASKPASS_GCR):$(IMAGE_TAG) +RECONCILER_TAG = $(RECONCILER_GCR):$(IMAGE_TAG) +RECONCILER_MANAGER_TAG = $(RECONCILER_MANAGER_GCR):$(IMAGE_TAG) +ADMISSION_WEBHOOK_TAG = $(ADMISSION_WEBHOOK_GCR):$(IMAGE_TAG) +HYDRATION_CONTROLLER_TAG = $(HYDRATION_CONTROLLER_GCR):$(IMAGE_TAG) +HYDRATION_CONTROLLER_WITH_SHELL_TAG = $(HYDRATION_CONTROLLER_WITH_SHELL_GCR):$(IMAGE_TAG) +OCI_SYNC_TAG = $(OCI_SYNC_GCR):$(IMAGE_TAG) +HELM_SYNC_TAG = $(HELM_SYNC_GCR):$(IMAGE_TAG) +NOMOS_TAG = $(NOMOS_GCR):$(IMAGE_TAG) +ASKPASS_TAG = $(ASKPASS_GCR):$(IMAGE_TAG) DOCKER_RUN_ARGS = \ $(DOCKER_INTERACTIVE) \ @@ -174,6 +185,15 @@ DOCKER_RUN_ARGS = \ --rm \ $(BUILDENV_IMAGE) \ +# Common build-arg defaults to define in one place +DOCKER_BUILD_ARGS = \ + --build-arg VERSION=$(VERSION) \ + --build-arg KIND_VERSION=$(KIND_VERSION) \ + --build-arg GOLANG_IMAGE=$(GOLANG_IMAGE) \ + --build-arg DEBIAN_BASE_IMAGE=$(DEBIAN_BASE_IMAGE) \ + --build-arg GCLOUD_IMAGE=$(GCLOUD_IMAGE) \ + --build-arg DOCKER_CLI_IMAGE=$(DOCKER_CLI_IMAGE) + # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) ifeq (,$(shell go env GOBIN)) GOBIN=$(shell go env GOPATH)/bin diff --git a/Makefile.build b/Makefile.build index 11e91123b3..62c2c44b28 100644 --- a/Makefile.build +++ b/Makefile.build @@ -16,7 +16,10 @@ pull-buildenv: build-buildenv: build/buildenv/Dockerfile @echo "+++ Creating the docker container for $(BUILDENV_IMAGE)" - @docker buildx build $(DOCKER_BUILD_QUIET) build/buildenv -t $(BUILDENV_IMAGE) + @docker buildx build $(DOCKER_BUILD_QUIET) \ + build/buildenv \ + -t $(BUILDENV_IMAGE) \ + $(DOCKER_BUILD_ARGS) push-buildenv: build-buildenv @gcloud $(GCLOUD_QUIET) auth configure-docker @@ -62,63 +65,63 @@ build-images: install-helm install-kustomize --target $(RECONCILER_IMAGE) \ -t $(RECONCILER_TAG) \ -f build/all/Dockerfile \ - --build-arg VERSION=${VERSION} \ + $(DOCKER_BUILD_ARGS) \ . @echo "+++ Building the Reconciler Manager image: $(RECONCILER_MANAGER_TAG)" @docker buildx build $(DOCKER_BUILD_QUIET) \ --target $(RECONCILER_MANAGER_IMAGE) \ -t $(RECONCILER_MANAGER_TAG) \ -f build/all/Dockerfile \ - --build-arg VERSION=${VERSION} \ + $(DOCKER_BUILD_ARGS) \ . @echo "+++ Building the Admission Webhook image: $(ADMISSION_WEBHOOK_TAG)" @docker buildx build $(DOCKER_BUILD_QUIET) \ --target $(ADMISSION_WEBHOOK_IMAGE) \ -t $(ADMISSION_WEBHOOK_TAG) \ -f build/all/Dockerfile \ - --build-arg VERSION=${VERSION} \ + $(DOCKER_BUILD_ARGS) \ . @echo "+++ Building the Hydration Controller image: $(HYDRATION_CONTROLLER_TAG)" @docker buildx build $(DOCKER_BUILD_QUIET) \ --target $(HYDRATION_CONTROLLER_IMAGE) \ -t $(HYDRATION_CONTROLLER_TAG) \ -f build/all/Dockerfile \ - --build-arg VERSION=${VERSION} \ + $(DOCKER_BUILD_ARGS) \ . @echo "+++ Building the Hydration Controller image with shell: $(HYDRATION_CONTROLLER_WITH_SHELL_TAG)" @docker buildx build $(DOCKER_BUILD_QUIET) \ --target $(HYDRATION_CONTROLLER_WITH_SHELL_IMAGE) \ -t $(HYDRATION_CONTROLLER_WITH_SHELL_TAG) \ -f build/all/Dockerfile \ - --build-arg VERSION=${VERSION} \ + $(DOCKER_BUILD_ARGS) \ . @echo "+++ Building the OCI-sync image: $(OCI_SYNC_TAG)" @docker buildx build $(DOCKER_BUILD_QUIET) \ --target $(OCI_SYNC_IMAGE) \ -t $(OCI_SYNC_TAG) \ -f build/all/Dockerfile \ - --build-arg VERSION=${VERSION} \ + $(DOCKER_BUILD_ARGS) \ . @echo "+++ Building the Helm-sync image: $(HELM_SYNC_TAG)" @docker buildx build $(DOCKER_BUILD_QUIET) \ --target $(HELM_SYNC_IMAGE) \ -t $(HELM_SYNC_TAG) \ -f build/all/Dockerfile \ - --build-arg VERSION=${VERSION} \ + $(DOCKER_BUILD_ARGS) \ . @echo "+++ Building the Askpass image: $(ASKPASS_TAG)" @docker buildx build $(DOCKER_BUILD_QUIET) \ --target $(ASKPASS_IMAGE) \ -t $(ASKPASS_TAG) \ -f build/all/Dockerfile \ - --build-arg VERSION=${VERSION} \ + $(DOCKER_BUILD_ARGS) \ . @echo "+++ Building the Nomos image: $(NOMOS_TAG)" @docker buildx build $(DOCKER_BUILD_QUIET) \ --target $(NOMOS_IMAGE) \ -t $(NOMOS_TAG) \ -f build/all/Dockerfile \ - --build-arg VERSION=${VERSION} \ + $(DOCKER_BUILD_ARGS) \ . # Deprecated alias of build-images. Remove this once unused. @@ -258,14 +261,15 @@ config-sync-manifest-no-push: $(OUTPUT_DIR) build-images build-manifests .PHONY: config-sync-manifest config-sync-manifest: config-sync-manifest-no-push push-images +.PHONY: docker-registry +docker-registry: install-kind + @KIND_VERSION=$(KIND_VERSION) bash scripts/docker-registry.sh + # config-sync-manifest-local builds config sync for local testing in kind. # starts local docker registry and pushes images to the local registry .PHONY: config-sync-manifest-local -config-sync-manifest-local: install-kind - @KIND_VERSION=$(KIND_VERSION) bash scripts/docker-registry.sh - $(MAKE) config-sync-manifest \ - REGISTRY=localhost:5000 \ - IMAGE_TAG=$(IMAGE_TAG) +config-sync-manifest-local: REGISTRY := localhost:5000 +config-sync-manifest-local: docker-registry config-sync-manifest ################################### # E2E Git Server @@ -320,6 +324,7 @@ build-vulnerability-scanner: @echo "+++ Building $(VULNERABILITY_SCANNER_IMAGE_TAG)" docker buildx build \ -t $(VULNERABILITY_SCANNER_IMAGE_TAG) \ + $(DOCKER_BUILD_ARGS) \ build/prow/vulnerability-scanner/ # Push vulnerability-scanner image to registry. For now this is done manually. diff --git a/Makefile.e2e b/Makefile.e2e index a81d15af41..0c10c3a1cd 100644 --- a/Makefile.e2e +++ b/Makefile.e2e @@ -41,7 +41,7 @@ test-e2e: config-sync-manifest-local __install-nomos-local test-e2e-nobuild # Useful for modifying test code and rerunning tests without rebuilding images. .PHONY: test-e2e-go-nobuild test-e2e-nobuild: install-kustomize install-helm - ./build/test-e2e-go/e2e.sh $(E2E_ARGS) + ./scripts/e2e.sh $(E2E_ARGS) # Run the Go e2e tests on GKE without building images/manifests. # The test framework will create/teardown the GKE clusters. @@ -59,17 +59,35 @@ test-e2e-gke-nobuild: .PHONY: test-e2e-gke test-e2e-gke: config-sync-manifest test-e2e-gke-nobuild +KIND_IMAGE := "kind-image" + +.PHONY: build-kind-e2e +build-kind-e2e: install-kind install-kustomize install-helm + @echo "+++ Building $(KIND_IMAGE)" + docker buildx build . \ + --target kind-e2e \ + -f build/prow/e2e/Dockerfile \ + -t $(KIND_IMAGE) \ + $(DOCKER_BUILD_ARGS) + # This target runs all the e2e tests with the multi-repo mode. # This is the target used by the presubmits. .PHONY: test-e2e-kind-multi-repo -test-e2e-kind-multi-repo: config-sync-manifest-local +test-e2e-kind-multi-repo: config-sync-manifest-local build-kind-e2e kind delete clusters --all - GCP_PROJECT=$(GCP_PROJECT) KIND_VERSION=$(KIND_VERSION) ./scripts/e2e-kind.sh \ - --share-test-env \ - --timeout $(KIND_E2E_TIMEOUT) \ - --test.v -v \ - --num-clusters 15 \ - $(E2E_ARGS) + docker run \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v $(ARTIFACTS):/logs/artifacts \ + --env ARTIFACTS="/logs/artifacts" \ + --env GCP_PROJECT=$(GCP_PROJECT) \ + --network="host" \ + $(KIND_IMAGE) \ + ./scripts/e2e.sh \ + --share-test-env \ + --timeout $(KIND_E2E_TIMEOUT) \ + --test.v -v \ + --num-clusters 15 \ + $(E2E_ARGS) # This target runs the first group of e2e tests with the multi-repo mode. .PHONY: test-e2e-kind-multi-repo-test-group1 diff --git a/Makefile.oss.prow b/Makefile.oss.prow index 91b19fc2c1..6ede2c2fc7 100644 --- a/Makefile.oss.prow +++ b/Makefile.oss.prow @@ -27,8 +27,10 @@ GKE_E2E_IMAGE := $(TEST_INFRA_REGISTRY)/gke-e2e:$(GKE_E2E_TAG) build-gke-e2e: @echo "+++ Building $(GKE_E2E_IMAGE)" docker buildx build \ + --target gke-e2e \ -t $(GKE_E2E_IMAGE) \ - -f build/prow/gke-e2e/Dockerfile \ + -f build/prow/e2e/Dockerfile \ + $(DOCKER_BUILD_ARGS) \ . .PHONY: push-gke-e2e diff --git a/build/all/Dockerfile b/build/all/Dockerfile index d112d1a00c..cb822adc30 100644 --- a/build/all/Dockerfile +++ b/build/all/Dockerfile @@ -12,8 +12,11 @@ # See the License for the specific language governing permissions and # limitations under the License. +ARG GOLANG_IMAGE +ARG DEBIAN_BASE_IMAGE + # Build all Config Sync go binaries -FROM golang:1.20.8 as bins +FROM ${GOLANG_IMAGE} as bins WORKDIR /workspace @@ -42,7 +45,7 @@ RUN scripts/prepare-licenses.sh # Debian non-root base image # Uses the same nonroot UID as distroless -FROM gcr.io/gke-release/debian-base:bookworm-v1.0.0-gke.1 as debian-nonroot +FROM ${DEBIAN_BASE_IMAGE} as debian-nonroot WORKDIR / ARG USERNAME=nonroot ARG USER_UID=65532 diff --git a/build/buildenv/Dockerfile b/build/buildenv/Dockerfile index 6877b0b417..6f40dba956 100644 --- a/build/buildenv/Dockerfile +++ b/build/buildenv/Dockerfile @@ -25,12 +25,10 @@ # TODO: Change the image to be from gcr.io # when the go1.17 image is released in it. -# Note that we shouldn't use the -alpine image here -# since it is not allowed due to busybox for licensing. -ARG GOLANG_CONTAINER=golang:1.20-buster +ARG GOLANG_IMAGE # Environment to build the helper binaries from. -FROM ${GOLANG_CONTAINER} AS tools-base +FROM ${GOLANG_IMAGE} AS tools-base # Set GOPATH since it is not already set. ENV GOPATH=/go @@ -59,7 +57,7 @@ ARG GOTOPT2_REPO="github.com/filmil/gotopt2" RUN go install ${GOTOPT2_REPO}/cmd/gotopt2@v0.1.2 # The build environment docker file. -FROM ${GOLANG_CONTAINER} +FROM ${GOLANG_IMAGE} # Set GOPATH since it is not already set. ENV GOPATH=/go @@ -74,7 +72,6 @@ RUN apt-get update \ gcc \ git \ musl-dev \ - python-pip \ upx \ wget diff --git a/build/test-e2e-go/kind/Dockerfile b/build/prow/e2e/Dockerfile similarity index 54% rename from build/test-e2e-go/kind/Dockerfile rename to build/prow/e2e/Dockerfile index 423793afce..77c6fc7770 100644 --- a/build/test-e2e-go/kind/Dockerfile +++ b/build/prow/e2e/Dockerfile @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,53 +12,72 @@ # See the License for the specific language governing permissions and # limitations under the License. + +ARG GCLOUD_IMAGE +ARG GOLANG_IMAGE +ARG DOCKER_CLI_IMAGE + # Build intermediate image for gcloud / kubectl -FROM gcr.io/google.com/cloudsdktool/cloud-sdk:425.0.0-slim as gcloud-install -RUN apt-get install -y kubectl google-cloud-sdk-gke-gcloud-auth-plugin +FROM ${GCLOUD_IMAGE} as gcloud-install + +RUN apt-get update && apt-get install -y \ + kubectl google-cloud-sdk-gke-gcloud-auth-plugin + +FROM ${GOLANG_IMAGE} as builder + +WORKDIR /workspace + +COPY . . + +# Since go modules isn't enabled by default. +ENV GO111MODULE=on +# Build static binaries; otherwise go test complains. +ENV CGO_ENABLED=0 + +# Make sure the junit-report command is available for tests. +RUN go install ./cmd/junit-report +# Get go-junit-report +RUN go install github.com/jstemmer/go-junit-report/v2@v2.0.0 # Build e2e image -FROM golang:1.20-alpine as kpt-config-sync-e2e +FROM ${DOCKER_CLI_IMAGE} as gke-e2e -WORKDIR /repo +WORKDIR /workspace +ENV GOPATH=/go # Since go modules isn't enabled by default. ENV GO111MODULE=on # Build static binaries; otherwise go test complains. ENV CGO_ENABLED=0 -RUN apk add --no-cache \ - bash curl docker gcc git jq make openssh-client python3 diffutils +RUN apt-get update && apt-get install -y \ + bash curl gcc git jq make openssh-client python3 diffutils # Copy installed gcloud and kubectl into image COPY --from=gcloud-install /usr/lib/google-cloud-sdk /opt/gcloud/google-cloud-sdk -COPY --from=gcloud-install /usr/bin/kubectl /opt/gcloud/google-cloud-sdk/bin/kubectl -ENV PATH /opt/gcloud/google-cloud-sdk/bin:$PATH +COPY --from=gcloud-install /usr/bin/kubectl /usr/bin/kubectl +# Copy golang and built binaries into image +COPY --from=builder /usr/local/go /usr/local/go +COPY --from=builder /go /go +COPY --from=builder /go/bin/junit-report /go/bin/junit-report +COPY --from=builder /go/bin/go-junit-report /go/bin/go-junit-report +ENV PATH /go/bin:/usr/local/go/bin:/opt/gcloud/google-cloud-sdk/bin:$PATH -# Get go-junit-report -RUN go install github.com/jstemmer/go-junit-report/v2@v2.0.0 +ENTRYPOINT ["/usr/bin/bash"] # KinD-specific image with latest config-sync code -FROM kpt-config-sync-e2e - -# We're running tests within kind clusters. -# If you upgrade the version, you also need to update the special kubekins-with-Kind -# images we use in the test-infra repository. See Makefile.prow. -ARG KIND_VERSION -RUN go install sigs.k8s.io/kind@${KIND_VERSION} +FROM gke-e2e as kind-e2e +WORKDIR /repo # Steps after here can't be cached since they touch the local filesystem. - # Just copy everything in the nomos repository so we have whatever we might need. COPY . . -COPY .output/go/bin/helm /usr/local/bin/helm -COPY .output/go/bin/kustomize /usr/local/bin/kustomize - # install the nomos CLI, which is used in several e2e tests. RUN go install ./cmd/nomos -# Make sure the junit-report command is available for tests. -RUN go install ./cmd/junit-report +# add the binaries in the local build directory to PATH (e.g. helm, kustomize, kind) +ENV PATH /repo/.output/go/bin:$PATH # Set Kubernetes environment. -ENV KUBERNETES_ENV=KIND +ENV KUBERNETES_ENV=KIND \ No newline at end of file diff --git a/build/prow/gke-e2e/Dockerfile b/build/prow/gke-e2e/Dockerfile deleted file mode 100644 index 4459d84c53..0000000000 --- a/build/prow/gke-e2e/Dockerfile +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 2023 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Build intermediate image for gcloud / kubectl -FROM gcr.io/google.com/cloudsdktool/cloud-sdk:425.0.0-slim as gcloud-install -RUN apt-get install -y kubectl google-cloud-sdk-gke-gcloud-auth-plugin - -FROM golang:1.20-alpine as builder - -WORKDIR /workspace - -COPY . . - -# Since go modules isn't enabled by default. -ENV GO111MODULE=on -# Build static binaries; otherwise go test complains. -ENV CGO_ENABLED=0 - -# Make sure the junit-report command is available for tests. -RUN go install ./cmd/junit-report -# Get go-junit-report -RUN go install github.com/jstemmer/go-junit-report/v2@v2.0.0 - -# Build e2e image -FROM golang:1.20-alpine as kpt-config-sync-e2e - -# Since go modules isn't enabled by default. -ENV GO111MODULE=on -# Build static binaries; otherwise go test complains. -ENV CGO_ENABLED=0 - -RUN apk add --no-cache \ - bash curl docker gcc git jq make openssh-client python3 diffutils - -# Copy installed gcloud and kubectl into image -COPY --from=gcloud-install /usr/lib/google-cloud-sdk /opt/gcloud/google-cloud-sdk -COPY --from=gcloud-install /usr/bin/kubectl /opt/gcloud/google-cloud-sdk/bin/kubectl -COPY --from=builder /go/bin/junit-report /go/bin/junit-report -COPY --from=builder /go/bin/go-junit-report /go/bin/go-junit-report -ENV PATH /opt/gcloud/google-cloud-sdk/bin:$PATH diff --git a/build/prow/vulnerability-scanner/Dockerfile b/build/prow/vulnerability-scanner/Dockerfile index fb74f081c6..1506ac90ab 100644 --- a/build/prow/vulnerability-scanner/Dockerfile +++ b/build/prow/vulnerability-scanner/Dockerfile @@ -12,9 +12,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:431.0.0 as gcloud-install +# This image is used by the vulnerability scan periodic ProwJob. -FROM golang:1.20.8 +ARG GCLOUD_IMAGE +ARG GOLANG_IMAGE + +FROM ${GCLOUD_IMAGE} as gcloud-install + +FROM ${GOLANG_IMAGE} RUN apt-get update && apt-get install -y \ jq \ @@ -22,3 +27,5 @@ RUN apt-get update && apt-get install -y \ COPY --from=gcloud-install /usr/lib/google-cloud-sdk /opt/gcloud/google-cloud-sdk ENV PATH /opt/gcloud/google-cloud-sdk/bin:$PATH + +ENTRYPOINT ["/usr/bin/bash"] diff --git a/scripts/e2e-kind.sh b/scripts/e2e-kind.sh deleted file mode 100755 index e81856314d..0000000000 --- a/scripts/e2e-kind.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -echo "+++ Building build/test-e2e-go/kind/Dockerfile prow-image" -docker buildx build . \ - -f build/test-e2e-go/kind/Dockerfile \ - --build-arg KIND_VERSION="${KIND_VERSION}" \ - -t prow-image -# The .sock volume allows you to connect to the Docker daemon of the host. -# Part of the docker-in-docker pattern. - -echo "+++ Running go e2e tests with" "$@" -docker run \ - -v /var/run/docker.sock:/var/run/docker.sock \ - -v "$ARTIFACTS":/logs/artifacts \ - --env ARTIFACTS="/logs/artifacts" \ - --env GCP_PROJECT="${GCP_PROJECT}" \ - --network="host" prow-image \ - ./build/test-e2e-go/e2e.sh "$@" diff --git a/build/test-e2e-go/e2e.sh b/scripts/e2e.sh similarity index 88% rename from build/test-e2e-go/e2e.sh rename to scripts/e2e.sh index dcf3eb360b..7ac97e9582 100755 --- a/build/test-e2e-go/e2e.sh +++ b/scripts/e2e.sh @@ -15,7 +15,8 @@ # -# golang e2e test launcher. Do not run directly, this is intended to be executed by the prow job inside a container. +# golang e2e test launcher. +# This wraps the e2e test execution and creates a junit report. set -eo pipefail @@ -39,7 +40,7 @@ if [[ -n "${ARTIFACTS}" && -d "${ARTIFACTS}" ]]; then # proper parsing. # TODO: revert when fixed https://github.com/jstemmer/go-junit-report/issues/169 sed -i -e 's/=== NAME/=== CONT/g' test_results.txt - cat test_results.txt | go-junit-report --subtest-mode=exclude-parents > "${ARTIFACTS}/junit_report.xml" + go-junit-report --subtest-mode=exclude-parents < test_results.txt > "${ARTIFACTS}/junit_report.xml" if [ "$exit_code" -eq 0 ]; then junit-report reset-failure --path="${ARTIFACTS}/junit_report.xml" fi