Embed backend docker command (#200)

* embed backend commands into kubehound binary

* adding force pulling

* fix

* adding filepath input

* porting all makefile command to binary

* fixing kubehound config file input

* adding support for datadog local env

* fix datadog config

* fix linter

* hidding dev command

* adding version command

* fix docker-compose

* remove poc file

* own command for version

* fix conflict between commands

* fixing Dockerfile ingestor image

* new buildx stack

* update go.mod

* adding arch/os to version command

* fix linter

* print output

* fix linter

* fix linter

* fix system-tests

* fix UI flag dev command

* fix system-test

* fix system-tests

* PR comment

* deleting kubehoud-ingestor

* pR comment

* PR comment (singleton)

* PR comment (singleton)

* private method for backend object

* fix linter

* ignore linter

* fixing noise aournd errors

.github/workflows/buildx.yml

@@ -0,0 +1,134 @@
+name: build-kubehound-binaries
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.platforms.outputs.matrix }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Create matrix
+        id: platforms
+        run: |
+          echo matrix=$(docker buildx bake binary-cross --print | jq -cr '.target."binary-cross".platforms') >> $GITHUB_OUTPUT
+      -
+        name: Show matrix
+        run: |
+          echo ${{ steps.platforms.outputs.matrix }}
+
+  validate:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        target:
+          - lint
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Run
+        run: |
+          make ${{ matrix.target }}
+
+  binary:
+    runs-on: ubuntu-latest
+    needs:
+      - prepare
+    strategy:
+      fail-fast: false
+      matrix:
+        platform: ${{ fromJson(needs.prepare.outputs.matrix) }}
+    steps:
+      -
+        name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Build
+        uses: docker/bake-action@v2
+        with:
+          targets: release
+          set: |
+            *.platform=${{ matrix.platform }}
+            *.cache-from=type=gha,scope=binary-${{ env.PLATFORM_PAIR }}
+            *.cache-to=type=gha,scope=binary-${{ env.PLATFORM_PAIR }},mode=max
+      -
+        name: Upload artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: compose
+          path: ./bin/release/*
+          if-no-files-found: error
+
+  release:
+    permissions:
+      contents: write # to create a release (ncipollo/release-action)
+
+    runs-on: ubuntu-latest
+    needs:
+      - binary
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Download artifacts
+        uses: actions/download-artifact@v3
+        with:
+          name: compose
+          path: bin/release
+      -
+        name: Create checksums
+        working-directory: bin/release
+        run: |
+          find . -type f -print0 | sort -z | xargs -r0 shasum -a 256 -b | sed 's# \*\./# *#' > $RUNNER_TEMP/checksums.txt
+          shasum -a 256 -U -c $RUNNER_TEMP/checksums.txt
+          mv $RUNNER_TEMP/checksums.txt .
+          cat checksums.txt | while read sum file; do echo "$sum $file" > ${file#\*}.sha256; done
+      -
+        name: List artifacts
+        run: |
+          tree -nh bin/release
+      -
+        name: Check artifacts
+        run: |
+          find bin/release -type f -exec file -e ascii -- {} +
+      -
+        name: GitHub Release
+        if: startsWith(github.ref, 'refs/tags/v')
+        uses: ncipollo/release-action@58ae73b360456532aafd58ee170c045abbeaee37 # v1.10.0
+        with:
+          artifacts: bin/release/*
+          generateReleaseNotes: true
+          draft: true
+          token: ${{ secrets.GITHUB_TOKEN }}

Dockerfile

@@ -0,0 +1,104 @@
+# syntax=docker/dockerfile:1
+
+ARG GO_VERSION=1.22.0
+ARG XX_VERSION=1.2.1
+ARG GOLANGCI_LINT_VERSION=v1.55.2
+
+# xx is a helper for cross-compilation
+FROM --platform=${BUILDPLATFORM} tonistiigi/xx:${XX_VERSION} AS xx
+
+# osxcross contains the MacOSX cross toolchain for xx
+FROM crazymax/osxcross:11.3-alpine AS osxcross
+
+FROM golangci/golangci-lint:${GOLANGCI_LINT_VERSION}-alpine AS golangci-lint
+
+FROM --platform=${BUILDPLATFORM} golang:${GO_VERSION}-alpine AS base
+COPY --from=xx / /
+RUN apk add --no-cache \
+      clang \
+      docker \
+      file \
+      findutils \
+      git \
+      make \
+      protoc \
+      protobuf-dev
+WORKDIR /src
+ENV CGO_ENABLED=0
+
+FROM base AS build-base
+
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY pkg ./pkg
+COPY Makefile .
+COPY cmd ./cmd
+COPY configs ./configs
+COPY deployments ./deployments
+COPY .golangci.yml .golangci.yml
+
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    go mod download
+
+FROM build-base AS vendored
+RUN --mount=type=bind,target=.,rw \
+    --mount=type=cache,target=/go/pkg/mod \
+    go mod tidy && mkdir /out && cp go.mod go.sum /out
+
+FROM build-base AS build
+ARG BUILD_TAGS
+ARG BUILD_FLAGS
+ARG TARGETPLATFORM
+RUN --mount=type=bind,target=. \
+    --mount=type=cache,target=/root/.cache \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=bind,from=osxcross,src=/osxsdk,target=/xx-sdk \
+    xx-go --wrap && \
+    if [ "$(xx-info os)" == "darwin" ]; then export CGO_ENABLED=1; fi && \
+    make build GO_BUILDTAGS="$BUILD_TAGS" DESTDIR=/out && \
+    xx-verify --static /out/kubehound
+
+FROM build-base AS lint
+ARG BUILD_TAGS
+ENV GOLANGCI_LINT_CACHE=/cache/golangci-lint
+RUN --mount=type=bind,target=. \
+    --mount=type=cache,target=/root/.cache \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/cache/golangci-lint \
+    --mount=from=golangci-lint,source=/usr/bin/golangci-lint,target=/usr/bin/golangci-lint \
+    golangci-lint cache status && \
+    find / -iname .golangci.yaml && \
+    pwd && \
+    find / -iname .golangci.yaml -exec cat {} \; && \
+    golangci-lint run --build-tags "$BUILD_TAGS" -c .golangci.yml ./...
+
+FROM scratch AS binary-unix
+COPY --link --from=build /out/kubehound /
+
+FROM binary-unix AS binary-darwin
+FROM binary-unix AS binary-linux
+
+FROM scratch AS binary-windows
+COPY --link --from=build /out/kubehound /kubehound.exe
+
+FROM binary-$TARGETOS AS binary
+# enable scanning for this stage
+ARG BUILDKIT_SBOM_SCAN_STAGE=true
+
+
+FROM --platform=$BUILDPLATFORM alpine AS releaser
+WORKDIR /work
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETVARIANT
+RUN --mount=from=binary \
+    mkdir -p /out && \
+    # TODO: should just use standard arch
+    TARGETARCH=$([ "$TARGETARCH" = "amd64" ] && echo "x86_64" || echo "$TARGETARCH"); \
+    TARGETARCH=$([ "$TARGETARCH" = "arm64" ] && echo "aarch64" || echo "$TARGETARCH"); \
+    cp kubehound* "/out/kubehound-${TARGETOS}-${TARGETARCH}${TARGETVARIANT}$(ls kubehound* | sed -e 's/^kubehound//')"
+
+FROM scratch AS release
+COPY --from=releaser /out/ /