[RD-3] use goreleaser and multiarch docker manifest (#377)

FairwindsOps · Oct 25, 2021 · 7f4346a · 7f4346a
1 parent 25481ab
commit 7f4346a
Show file tree

Hide file tree

Showing 5 changed files with 161 additions and 91 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -4,20 +4,42 @@ orbs:
   rok8s-scripts: fairwinds/rok8s-scripts@11
 
 references:
+  enable_experimental_features: &enable_experimental_docker_features
+    run:
+      name: enable experimental features
+      command: |
+        set -ex
+        apk --update add openssh
+        ssh remote-docker \<<EOF
+          sudo bash -c 'echo "{\"experimental\": true}" > /etc/docker/daemon.json'
+          sudo systemctl restart docker
+        EOF
+  install_vault: &install_vault
+    run:
+      name: install hashicorp vault
+      command: |
+        cd /tmp
+        curl -LO https://releases.hashicorp.com/vault/1.8.1/vault_1.8.1_linux_amd64.zip
+        unzip vault_1.8.1_linux_amd64.zip
+        mv vault /usr/bin/vault
+        apk --update add yq
   e2e_configuration: &e2e_configuration
     pre_script: e2e/pre.sh
     script: e2e/run.sh
     command_runner_image: quay.io/reactiveops/ci-images:v11-stretch
     enable_docker_layer_caching: true
     store-test-results: /tmp/test-results
-    kind_version: 0.9.0
+    attach-workspace: true
+    kind_version: 0.11.1
     requires:
-      - build-container
+      - test
+      - snapshot
     filters:
       branches:
         only: /.*/
       tags:
         ignore: /v.*/
+
 jobs:
   test:
     working_directory: /go/src/github.com/fairwindsops/goldilocks
@@ -26,7 +48,6 @@ jobs:
         environment:
           GL_DEBUG: linters_output
           GOPACKAGESPRINTGOLISTERRORS: "1"
-          GO111MODULE: "on"
     steps:
       - checkout
       - run:
@@ -44,6 +65,47 @@ jobs:
           name: Run Tests
           command: make test
 
+  build_and_release:
+    working_directory: /go/src/github.com/fairwindsops/goldilocks
+    resource_class: large
+    shell: /bin/bash
+    docker:
+      - image: goreleaser/goreleaser:v0.174.2
+        environment:
+          GO111MODULE: "on"
+    steps:
+      - checkout
+      - setup_remote_docker:
+          version: 20.10.6
+      - *enable_experimental_docker_features
+      - *install_vault
+      - rok8s-scripts/get_vault_env:
+          vault_path: repo/global/env
+      - rok8s-scripts/docker_login:
+          registry: "quay.io"
+          username: $FAIRWINDS_QUAY_USER
+          password-variable: FAIRWINDS_QUAY_TOKEN
+      - run: goreleaser
+  snapshot:
+    working_directory: /go/src/github.com/fairwindsops/goldilocks
+    resource_class: large
+    docker:
+      - image: goreleaser/goreleaser:v0.174.2
+    steps:
+      - checkout
+      - setup_remote_docker:
+          version: 20.10.6
+      - *enable_experimental_docker_features
+      - run: goreleaser --snapshot
+      - run: mkdir -p /tmp/workspace/docker_save/
+      - run: docker save quay.io/fairwinds/goldilocks:${CIRCLE_SHA1}-amd64 > /tmp/workspace/docker_save/goldilocks_${CIRCLE_SHA1}-amd64.tar
+      - persist_to_workspace:
+          root: /tmp/workspace/
+          paths:
+          - docker_save
+      - store_artifacts:
+          path: dist
+          destination: snapshot
   publish_docs:
     docker:
       - image: cimg/node:15.5.1
@@ -52,6 +114,7 @@ jobs:
       - run:
           name: Build Docs Site
           command: |
+            set -e
             cd ./docs
             npm install
             npm run check-links
@@ -67,75 +130,41 @@ jobs:
           command: |
             cd ./dist
             aws s3 sync ./ s3://goldilocks.docs.fairwinds.com --delete
+
 workflows:
   version: 2
-  build:
+  tests:
     jobs:
-      - test:
-          filters:
-            branches:
-              only: /.*/
-            tags:
-              only: /v.*/
-      - rok8s-scripts/docker_build_and_push:
-          name: build-container
-          docker-push: false
-          enable_docker_layer_caching: true
-          config_file: deploy/build.config
-          docker-login: false
-          password-variable: "foo"
+      - test
+      - snapshot:
+          context: org-global
           requires:
             - test
-          filters:
-            branches:
-              only: /.*/
-            tags:
-              ignore: /.*/
       - rok8s-scripts/kubernetes_e2e_tests:
-          name: "End-To-End Kubernetes 1.16.15"
-          kind_node_image: "kindest/node:v1.16.15@sha256:a89c771f7de234e6547d43695c7ab047809ffc71a0c3b65aa54eda051c45ed20"
+          name: "End-To-End Kubernetes 1.19.7"
+          kind_node_image: "kindest/node:v1.19.7@sha256:a70639454e97a4b733f9d9b67e12c01f6b0297449d5b9cbbef87473458e26dca"
           <<: *e2e_configuration
       - rok8s-scripts/kubernetes_e2e_tests:
-          name: "End-To-End Kubernetes 1.17.11"
-          kind_node_image: "kindest/node:v1.17.11@sha256:5240a7a2c34bf241afb54ac05669f8a46661912eab05705d660971eeb12f6555"
+          name: "End-To-End Kubernetes 1.20.2"
+          kind_node_image: "kindest/node:v1.20.2@sha256:15d3b5c4f521a84896ed1ead1b14e4774d02202d5c65ab68f30eeaf310a3b1a7"
           <<: *e2e_configuration
       - rok8s-scripts/kubernetes_e2e_tests:
-          name: "End-To-End Kubernetes 1.18.8"
-          kind_node_image: "kindest/node:v1.18.8@sha256:f4bcc97a0ad6e7abaf3f643d890add7efe6ee4ab90baeb374b4f41a4c95567eb"
+          name: "End-To-End Kubernetes 1.21.1"
+          kind_node_image: "kindest/node:v1.21.2@sha256:9d07ff05e4afefbba983fac311807b3c17a5f36e7061f6cb7e2ba756255b2be4"
           <<: *e2e_configuration
-      - rok8s-scripts/kubernetes_e2e_tests:
-          name: "End-To-End Kubernetes 1.19.1"
-          kind_node_image: "kindest/node:v1.19.1@sha256:98cf5288864662e37115e362b23e4369c8c4a408f99cbc06e58ac30ddc721600"
-          <<: *e2e_configuration
-      - rok8s-scripts/docker_build_and_push:
-          name: build-and-push-container
-          docker-push: true
-          enable_docker_layer_caching: true
-          config_file: deploy/build.config
-          context: org-global
-          docker-login: true
-          password-variable: "fairwinds_quay_token"
-          registry: quay.io
-          username: fairwinds+circleci
-          requires:
-            - test
-          filters:
-            branches:
-              only: /master/
-            tags:
-              only: /v.*/
-      - rok8s-scripts/github_release:
-          requires:
-            - test
-            - build-and-push-container
+  release:
+    jobs:
+      - build_and_release:
           filters:
             branches:
               ignore: /.*/
             tags:
               only: /v.*/
       - publish_docs:
+          requires:
+            - build_and_release
           filters:
             branches:
               ignore: /.*/
             tags:
-              only: /.*/
+              only: /v.*/
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -1,20 +1,69 @@
+release:
+  prerelease: auto
 builds:
   - id: goldilocks
-    env:
-      - CGO_ENABLED=0
-      - GO111MODULE=on
+    ldflags:
+      - -X main.version=$(VERSION) -X main.commit=$(COMMIT) -s -w
     goarch:
       - amd64
       - arm
       - arm64
+    env:
+      - CGO_ENABLED=0
+      - GO111MODULE=on
+    goos:
+      - linux
+      - darwin
     goarm:
       - 6
       - 7
-checksum:
-  name_template: 'checksums.txt'
 changelog:
   sort: asc
   filters:
     exclude:
       - '^docs:'
       - '^test:'
+dockers:
+- image_templates:
+  - "quay.io/fairwinds/goldilocks:{{ .FullCommit }}-amd64"
+  - "quay.io/fairwinds/goldilocks:{{ .Tag }}-amd64"
+  - "quay.io/fairwinds/goldilocks:v{{ .Major }}-amd64"
+  - "quay.io/fairwinds/goldilocks:v{{ .Major }}.{{ .Minor }}-amd64"
+  use: buildx
+  dockerfile: Dockerfile
+  build_flag_templates:
+  - "--platform=linux/amd64"
+- image_templates:
+  - "quay.io/fairwinds/goldilocks:{{ .Tag }}-arm64v8"
+  - "quay.io/fairwinds/goldilocks:v{{ .Major }}-arm64v8"
+  - "quay.io/fairwinds/goldilocks:v{{ .Major }}.{{ .Minor }}-arm64v8"
+  use: buildx
+  goarch: arm64
+  dockerfile: Dockerfile
+  build_flag_templates:
+  - "--platform=linux/arm64/v8"
+- image_templates:
+  - "quay.io/fairwinds/goldilocks:{{ .Tag }}-armv7"
+  - "quay.io/fairwinds/goldilocks:v{{ .Major }}-armv7"
+  - "quay.io/fairwinds/goldilocks:v{{ .Major }}.{{ .Minor }}-armv7"
+  use: buildx
+  goarch: arm64
+  dockerfile: Dockerfile
+  build_flag_templates:
+  - "--platform=linux/arm/v7"
+docker_manifests:
+- name_template: quay.io/fairwinds/goldilocks:{{ .Tag }}
+  image_templates:
+  - "quay.io/fairwinds/goldilocks:{{ .Tag }}-amd64"
+  - "quay.io/fairwinds/goldilocks:{{ .Tag }}-arm64v8"
+  - "quay.io/fairwinds/goldilocks:{{ .Tag }}-armv7"
+- name_template: quay.io/fairwinds/goldilocks:v{{ .Major }}
+  image_templates:
+  - "quay.io/fairwinds/goldilocks:v{{ .Major }}-amd64"
+  - "quay.io/fairwinds/goldilocks:v{{ .Major }}-arm64v8"
+  - "quay.io/fairwinds/goldilocks:v{{ .Major }}-armv7"
+- name_template: quay.io/fairwinds/goldilocks:v{{ .Major }}.{{ .Minor }}
+  image_templates:
+  - "quay.io/fairwinds/goldilocks:v{{ .Major }}.{{ .Minor }}-amd64"
+  - "quay.io/fairwinds/goldilocks:v{{ .Major }}.{{ .Minor }}-arm64v8"
+  - "quay.io/fairwinds/goldilocks:v{{ .Major }}.{{ .Minor }}-armv7"
diff --git a/Dockerfile b/Dockerfile
@@ -1,23 +1,7 @@
-FROM golang:1.17.1 AS build-env
+FROM alpine:3.14
 
-RUN go get -u github.com/gobuffalo/packr/v2/packr2
-
-WORKDIR /go/src/github.com/fairwindsops/goldilocks/
-COPY . .
-ENV GO111MODULE=on
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 packr2 build -a -o goldilocks *.go
-
-FROM alpine:3.14.2 as alpine
-RUN apk --no-cache --update add ca-certificates tzdata && update-ca-certificates
-
-FROM scratch
-COPY --from=alpine /usr/share/zoneinfo /usr/share/zoneinfo
-COPY --from=alpine /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=alpine /etc/passwd /etc/passwd
-
-USER nobody
-COPY --from=build-env /go/src/github.com/fairwindsops/goldilocks /
-
-WORKDIR /opt/app
+# 'nobody' user in alpine
+USER 65534
+COPY goldilocks /
 
 CMD ["/goldilocks"]
diff --git a/Makefile b/Makefile
@@ -1,5 +1,5 @@
 # Go parameters
-GOCMD=GO111MODULE=on go
+GOCMD=go
 GOBUILD=$(GOCMD) build
 GOCLEAN=$(GOCMD) clean
 GOTEST=$(GOCMD) test
@@ -14,9 +14,9 @@ lint:
 	golangci-lint run
 test:
 	printf "\n\nTests:\n\n"
-	GO111MODULE=on $(GOCMD) test -v --bench --benchmem -coverprofile coverage.txt -covermode=atomic ./...
-	GO111MODULE=on $(GOCMD) vet ./... 2> govet-report.out
-	GO111MODULE=on $(GOCMD) tool cover -html=coverage.txt -o cover-report.html
+	$(GOCMD) test -v --bench --benchmem -coverprofile coverage.txt -covermode=atomic ./...
+	$(GOCMD) vet ./... 2> govet-report.out
+	$(GOCMD) tool cover -html=coverage.txt -o cover-report.html
 	printf "\nCoverage report available at cover-report.html\n\n"
 tidy:
 	$(GOCMD) mod tidy
@@ -31,7 +31,7 @@ clean:
 # Cross compilation
 build-linux:
 	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 $(GOBUILD) -o $(BINARY_NAME) -ldflags "-X main.VERSION=$(VERSION)" -v
-build-docker:
+build-docker: build-linux
 	docker build -t goldilocks:dev .
 e2e-test:
 	venom run e2e/tests/* --output-dir e2e/results --log info --strict
diff --git a/e2e/pre.sh b/e2e/pre.sh
@@ -19,16 +19,24 @@ else
     echo "CI_SHA1: $CI_SHA1"
 fi
 
-docker-build -f deploy/build.config
-docker images
-docker tag "quay.io/fairwinds/goldilocks:latest" "quay.io/fairwinds/goldilocks:$CI_SHA1"
-docker images
-kind load docker-image "quay.io/fairwinds/goldilocks:$CI_SHA1" --name "e2e"
+printf "\n\n"
+echo "********************************************************************"
+echo "** LOADING IMAGES TO DOCKER AND KIND **"
+echo "********************************************************************"
+printf "\n\n"
+docker load --input /tmp/workspace/docker_save/goldilocks_${CI_SHA1}-amd64.tar
+export PATH=$(pwd)/bin-kind:$PATH
+kind load docker-image --name e2e quay.io/fairwinds/goldilocks:${CI_SHA1}-amd64
+printf "\n\n"
+echo "********************************************************************"
+echo "** END LOADING IMAGE **"
+echo "********************************************************************"
+printf "\n\n"
 
 yq w -i hack/manifests/dashboard/deployment.yaml spec.template.spec.containers[0].imagePullPolicy "Never"
 yq w -i hack/manifests/controller/deployment.yaml spec.template.spec.containers[0].imagePullPolicy "Never"
-yq w -i hack/manifests/dashboard/deployment.yaml spec.template.spec.containers[0].image "quay.io/fairwinds/goldilocks:$CI_SHA1"
-yq w -i hack/manifests/controller/deployment.yaml spec.template.spec.containers[0].image "quay.io/fairwinds/goldilocks:$CI_SHA1"
+yq w -i hack/manifests/dashboard/deployment.yaml spec.template.spec.containers[0].image "quay.io/fairwinds/goldilocks:$CI_SHA1-amd64"
+yq w -i hack/manifests/controller/deployment.yaml spec.template.spec.containers[0].image "quay.io/fairwinds/goldilocks:$CI_SHA1-amd64"
 
 cat hack/manifests/dashboard/deployment.yaml
 cat hack/manifests/controller/deployment.yaml