From 2663ab4f2c20d43f761db6eecf05c64d700d7042 Mon Sep 17 00:00:00 2001 From: Artiom Diomin Date: Fri, 13 Sep 2024 00:40:52 +0300 Subject: [PATCH 1/5] Multi-platform builds using github actions Signed-off-by: Artiom Diomin --- .github/workflows/release.yaml | 47 ++++++++++++++++++++++++++++++++++ .gitignore | 1 + .reuse/dep5 | 10 ++++---- Dockerfile | 11 ++++++++ Makefile | 25 ++++++++++++++++++ 5 files changed, 89 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/release.yaml create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 Makefile diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..1207737 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,47 @@ +name: Build and push a release image +on: + push: + tags: + - '**' + +jobs: + build-push: + permissions: + # give GITHUB_TOKEN write permissions + packages: write + contents: read + attestations: write + id-token: write + runs-on: ubuntu-latest + steps: + - name: Checkout the gardener/ingress-gce repository + uses: actions/checkout@v4 + + - name: Checkout the kubernetes/ingress-gce repository + uses: actions/checkout@v4 + with: + repository: 'kubernetes/ingress-gce' + path: './ingress-gce' + persist-credentials: false + ref: '${{ github.ref_name }}' + + - name: Login to registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Docker setup buildx + uses: docker/setup-buildx-action@v3 + with: + platforms: linux/amd64,linux/arm64 + + - name: Build and push Docker images + uses: docker/build-push-action@v6 + with: + context: . + tags: | + ghcr.io/gardener/ingress-gce:${{ github.ref_name }} + push: true + platforms: linux/amd64,linux/arm64 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1083a20 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +ingress-gce diff --git a/.reuse/dep5 b/.reuse/dep5 index eaa4599..fbddfac 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -1,7 +1,7 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: Gardener +Upstream-Name: Gardener ingress-gce Upstream-Contact: The Gardener project -Source: https://github.com/gardener/ +Source: https://github.com/gardener/ingress-gce # -------------------------------------------------- # source code @@ -21,9 +21,9 @@ License: CC-BY-4.0 # third-party # --- copied source code --- -# Files: -# Copyright: -# License: +# Files: +# Copyright: +# License: # --- vendor folder dependencies --- # Files: diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..ac6b593 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,11 @@ +FROM golang:1.22.7 AS builder +ENV CGO_ENABLED=0 +COPY . . +WORKDIR ingress-gce +RUN go install -v ./cmd/glbc + +# ### actual container +FROM gcr.io/distroless/static:latest +COPY --from=builder /go/bin/glbc /glbc + +ENTRYPOINT ["/glbc"] diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..f0e575f --- /dev/null +++ b/Makefile @@ -0,0 +1,25 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +# +# SPDX-License-Identifier: Apache-2.0 + +.ONESHELL: +.SHELLFLAGS := -eu -o pipefail -c +SHELL := bash +MAKEFLAGS += --warn-undefined-variables +MAKEFLAGS += --no-builtin-rules +IMAGE_REPOSITORY := ghcr.io/gardener/ingress-gce +IMAGE_TAG := $(shell git describe --tags --always) + +.PHONY: build +build: docker-image + +.PHONY: release +release: build docker-login + +.PHONY: docker-image +docker-image: + @docker buildx build -t $(IMAGE_REPOSITORY):$(IMAGE_TAG) --platform linux/arm64,linux/amd64 --load . + +.PHONY: docker-login +docker-login: + @gcloud auth activate-service-account --key-file .kube-secrets/gcr/gcr-readwrite.json From 718ba1f76ec81ea25007343bafd5fc2444ec7e52 Mon Sep 17 00:00:00 2001 From: Artiom Diomin Date: Tue, 17 Sep 2024 14:41:55 +0300 Subject: [PATCH 2/5] Take ingress-gce version from INGRESS_GCE_VERSION file Signed-off-by: Artiom Diomin --- .github/workflows/release.yaml | 8 ++++++-- INGRESS-GCE-VERSION | 1 + 2 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 INGRESS-GCE-VERSION diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1207737..af315c3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,20 +10,24 @@ jobs: # give GITHUB_TOKEN write permissions packages: write contents: read - attestations: write id-token: write runs-on: ubuntu-latest steps: - name: Checkout the gardener/ingress-gce repository uses: actions/checkout@v4 + - name: Get kubernetes/ingress-gce version to build + id: ingress_version + run: | + echo "INGRESS_GCE_VERSION=$(cat INGRESS-GCE-VERSION)" >> $GITHUB_OUTPUT + - name: Checkout the kubernetes/ingress-gce repository uses: actions/checkout@v4 with: repository: 'kubernetes/ingress-gce' path: './ingress-gce' persist-credentials: false - ref: '${{ github.ref_name }}' + ref: '${{ steps.ingress_version.outputs.INGRESS_GCE_VERSION }}' - name: Login to registry uses: docker/login-action@v3 diff --git a/INGRESS-GCE-VERSION b/INGRESS-GCE-VERSION new file mode 100644 index 0000000..809a996 --- /dev/null +++ b/INGRESS-GCE-VERSION @@ -0,0 +1 @@ +v1.26.9 From 2e58100f04b245369040ac3d5804eb995d5fad51 Mon Sep 17 00:00:00 2001 From: Artiom Diomin Date: Tue, 17 Sep 2024 19:12:36 +0300 Subject: [PATCH 3/5] migrate from on tag to on workflow_dispatch Signed-off-by: Artiom Diomin --- .github/workflows/release.yaml | 39 ++++++++++++++++++++-------------- INGRESS-GCE-VERSION | 1 - README.md | 4 +++- 3 files changed, 26 insertions(+), 18 deletions(-) delete mode 100644 INGRESS-GCE-VERSION diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index af315c3..18e4455 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,51 +1,58 @@ name: Build and push a release image on: - push: - tags: - - '**' + workflow_dispatch: + inputs: + release_tag: + description: 'New release git/docker tag to publish' + required: true + type: string + ingress_gce_version: + description: 'kubernetes/ingress-gce version to checkout on build' + required: true + type: string jobs: build-push: permissions: # give GITHUB_TOKEN write permissions packages: write - contents: read + contents: write id-token: write runs-on: ubuntu-latest steps: - name: Checkout the gardener/ingress-gce repository - uses: actions/checkout@v4 - - - name: Get kubernetes/ingress-gce version to build - id: ingress_version - run: | - echo "INGRESS_GCE_VERSION=$(cat INGRESS-GCE-VERSION)" >> $GITHUB_OUTPUT + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # https://github.com/actions/checkout/releases/tag/v4.1.7 - name: Checkout the kubernetes/ingress-gce repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # https://github.com/actions/checkout/releases/tag/v4.1.7 with: repository: 'kubernetes/ingress-gce' path: './ingress-gce' persist-credentials: false - ref: '${{ steps.ingress_version.outputs.INGRESS_GCE_VERSION }}' + ref: '${{ inputs.ingress_gce_version }}' - name: Login to registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # https://github.com/docker/login-action/releases/tag/v3.3.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker setup buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # https://github.com/docker/setup-buildx-action/releases/tag/v3.6.1 with: platforms: linux/amd64,linux/arm64 - name: Build and push Docker images - uses: docker/build-push-action@v6 + uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # https://github.com/docker/build-push-action/releases/tag/v6.7.0 with: context: . tags: | - ghcr.io/gardener/ingress-gce:${{ github.ref_name }} + ghcr.io/gardener/ingress-gce:${{ inputs.release_tag }} push: true platforms: linux/amd64,linux/arm64 + + - name: Create new release + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # https://github.com/ncipollo/release-action/releases/tag/v1.14.0 + with: + tag: ${{ inputs.release_tag }} diff --git a/INGRESS-GCE-VERSION b/INGRESS-GCE-VERSION deleted file mode 100644 index 809a996..0000000 --- a/INGRESS-GCE-VERSION +++ /dev/null @@ -1 +0,0 @@ -v1.26.9 diff --git a/README.md b/README.md index 224a002..a67019b 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# +# ingress-gce [![reuse compliant](https://reuse.software/badge/reuse-compliant.svg)](https://reuse.software/) @@ -99,3 +99,5 @@ In case you modify copied/forked source code you must state this in the header v To get your project reuse compliant you should register it [here](https://api.reuse.software/register) using your SAP email address. After confirming your email, an inital reuse check is done by the reuse API. To add the badge to your project's `README.md` file, use the snipped provided by the reuse API. + +## From 1bd8eab9b0418244c5602eef599e601b46810f3f Mon Sep 17 00:00:00 2001 From: Artiom Diomin Date: Wed, 18 Sep 2024 13:20:49 +0300 Subject: [PATCH 4/5] Indicate released image in the release body Signed-off-by: Artiom Diomin --- .github/workflows/release.yaml | 26 ++++++++++++++++----- README.md | 41 ++++++++++++++++++++++++++++++++-- 2 files changed, 59 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 18e4455..e93dd4b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,4 +1,4 @@ -name: Build and push a release image +name: Build, push and release on: workflow_dispatch: inputs: @@ -11,8 +11,18 @@ on: required: true type: string +env: + IMAGE_REGISTRY: ghcr.io + IMAGE_REPO: gardener/ingress-gce + IMAGE_TAG: ${{ inputs.release_tag }} + PLATFORMS: linux/amd64,linux/arm64 + +defaults: + run: + shell: bash + jobs: - build-push: + build-push-release: permissions: # give GITHUB_TOKEN write permissions packages: write @@ -34,25 +44,29 @@ jobs: - name: Login to registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # https://github.com/docker/login-action/releases/tag/v3.3.0 with: - registry: ghcr.io + registry: ${{ env.IMAGE_REGISTRY }} username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker setup buildx uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # https://github.com/docker/setup-buildx-action/releases/tag/v3.6.1 with: - platforms: linux/amd64,linux/arm64 + platforms: ${{ env.PLATFORMS }} - name: Build and push Docker images uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # https://github.com/docker/build-push-action/releases/tag/v6.7.0 with: context: . tags: | - ghcr.io/gardener/ingress-gce:${{ inputs.release_tag }} + ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_REPO }}:${{ env.IMAGE_TAG }} push: true - platforms: linux/amd64,linux/arm64 + platforms: ${{ env.PLATFORMS }} - name: Create new release uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # https://github.com/ncipollo/release-action/releases/tag/v1.14.0 with: tag: ${{ inputs.release_tag }} + makeLatest: true + body: | + ## Docker Images + * ingress-gce: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_REPO }}:${{ env.IMAGE_TAG }} diff --git a/README.md b/README.md index a67019b..f47d65a 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,45 @@ [![reuse compliant](https://reuse.software/badge/reuse-compliant.svg)](https://reuse.software/) +This repository is dedicated to building [kubernetes/ingress-gce](https://github.com/kubernetes/ingress-gce) images for Gardener project. + +## Building a new Release + +Once in a while a new release of the +[kubernetes/ingress-gce](https://github.com/kubernetes/ingress-gce) will be +released and we need to build new docker image. In order to trigger the new +release one can use two options, tigger the release workflow from the web UI or +from CLI, see more at the +https://docs.github.com/en/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow. + + +### Trigger the release from the Github web UI + +* Navigate to Actions https://github.com/gardener/ingress-gce/actions +* Select **Build, push and release** worflow +* Click **Run worflow** button +* Input `New release tag to publish` and `kubernetes/ingress-gce version to build` +* Click green **Run worflow** button + +### Trigger the release from gh CLI + +```shell +gh workflow run release.yaml -f release_tag= -f ingress_gce_version= +``` + +Where `NEW_TAG_TO_RELEASE` is a new tag for the GH release and image to be +created and `TAG_FROM_UPSTREAM` is existing target tag to build from +[kubernetes/ingress-gce](https://github.com/kubernetes/ingress-gce). + +Example: + +```shell +gh workflow run release.yaml -f release_tag=v1.30.0-sap.0 -f ingress_gce_version=v1.30.0 +``` + +Will build [kubernetes/ingress-gce](https://github.com/kubernetes/ingress-gce) binary from v1.30.0 git tag, and publish docker image: `ghcr.io/gardener/ingress-gce:v1.30.0-sap.0` + + ## How to use this repository template This template repository can be used to seed new git repositories in the gardener github organisation. @@ -99,5 +138,3 @@ In case you modify copied/forked source code you must state this in the header v To get your project reuse compliant you should register it [here](https://api.reuse.software/register) using your SAP email address. After confirming your email, an inital reuse check is done by the reuse API. To add the badge to your project's `README.md` file, use the snipped provided by the reuse API. - -## From 821b9a231b31c42dab3df0426c93bb62e69362bf Mon Sep 17 00:00:00 2001 From: Artiom Diomin Date: Wed, 18 Sep 2024 21:52:42 +0300 Subject: [PATCH 5/5] Change Makefile formatting indentation to spaces Signed-off-by: Artiom Diomin --- Makefile | 8 ++++---- README.md | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index f0e575f..141923a 100644 --- a/Makefile +++ b/Makefile @@ -3,10 +3,10 @@ # SPDX-License-Identifier: Apache-2.0 .ONESHELL: -.SHELLFLAGS := -eu -o pipefail -c -SHELL := bash -MAKEFLAGS += --warn-undefined-variables -MAKEFLAGS += --no-builtin-rules +.SHELLFLAGS := -eu -o pipefail -c +SHELL := bash +MAKEFLAGS += --warn-undefined-variables +MAKEFLAGS += --no-builtin-rules IMAGE_REPOSITORY := ghcr.io/gardener/ingress-gce IMAGE_TAG := $(shell git describe --tags --always) diff --git a/README.md b/README.md index f47d65a..005b1c2 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ This repository is dedicated to building [kubernetes/ingress-gce](https://github Once in a while a new release of the [kubernetes/ingress-gce](https://github.com/kubernetes/ingress-gce) will be -released and we need to build new docker image. In order to trigger the new +released and we need to build new container image. In order to trigger the new release one can use two options, tigger the release workflow from the web UI or from CLI, see more at the https://docs.github.com/en/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow.