Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: remove dockerfile buildplatform #3491

Merged
merged 3 commits into from
Sep 13, 2024

Conversation

sozercan
Copy link
Member

@sozercan sozercan commented Aug 12, 2024

What this PR does / why we need it:

  • removes BUILDPLATFORM default. this makes arm64 builds to be compiled with an amd64 go compiler
  • removing base and builder images as args and pinning them. dependabot will bump these automatically

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):
Fixes #

Special notes for your reviewer:

@sozercan sozercan requested a review from a team as a code owner August 12, 2024 17:39
Signed-off-by: Sertac Ozercan <sozercan@gmail.com>
@sozercan sozercan force-pushed the remove-buildplatform branch from 2487fe8 to 3d63a86 Compare August 12, 2024 17:40
@codecov-commenter
Copy link

codecov-commenter commented Aug 12, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 48.03%. Comparing base (3350319) to head (250b18c).
Report is 143 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (3350319) and HEAD (250b18c). Click for more details.

HEAD has 1 upload less than BASE
Flag BASE (3350319) HEAD (250b18c)
unittests 2 1
Additional details and impacted files
@@            Coverage Diff             @@
##           master    #3491      +/-   ##
==========================================
- Coverage   54.49%   48.03%   -6.46%     
==========================================
  Files         134      218      +84     
  Lines       12329    15167    +2838     
==========================================
+ Hits         6719     7286     +567     
- Misses       5116     7067    +1951     
- Partials      494      814     +320     
Flag Coverage Δ
unittests 48.03% <ø> (-6.46%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@@ -24,7 +18,7 @@ COPY . .

RUN go build -mod vendor -a -ldflags "${LDFLAGS}" -o manager

FROM $BASEIMAGE
FROM gcr.io/distroless/static-debian12@sha256:8dd8d3ca2cf283383304fd45a5c9c74d5f2cd9da8d3b077d720e264880077c65
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we not need to keep this so users can override the base image they want to use?

Copy link
Member Author

@sozercan sozercan Aug 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure if anyone other than us building GK is actually using it like that but this decreases our reproducibility and security since we can't pin (or we can pin but dependabot won't update)

Copy link
Member Author

@sozercan sozercan Aug 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if anyone is building like that they can still do with buildkit source policies, which is a better way to handle these https://docs.docker.com/build/building/variables/#experimental_buildkit_source_policy

ARG BASEIMAGE="gcr.io/distroless/static-debian12:nonroot"

FROM --platform=$BUILDPLATFORM $BUILDERIMAGE AS builder
FROM --platform=$BUILDPLATFORM golang:1.22-bookworm@sha256:39b7e6ebaca464d51989858871f792f2e186dce8ce0cbdba7e88e4444b244407 AS builder
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same with the BUILDERIMAGE

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same answer

@sozercan sozercan requested a review from maxsmythe September 4, 2024 21:44
ARG BASEIMAGE="gcr.io/distroless/static-debian12:nonroot"

FROM --platform=$BUILDPLATFORM $BUILDERIMAGE AS builder
FROM --platform=$BUILDPLATFORM golang:1.22-bookworm@sha256:39b7e6ebaca464d51989858871f792f2e186dce8ce0cbdba7e88e4444b244407 AS builder
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we are adding static hashes, do we have some mechanism for making sure we are keeping the base images up-to-date?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

these will be updated automatically with dependabot

Copy link
Member

@ritazh ritazh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Contributor

@maxsmythe maxsmythe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Contributor

@JaydipGabani JaydipGabani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sozercan sozercan merged commit 41db392 into open-policy-agent:master Sep 13, 2024
20 checks passed
@sozercan sozercan deleted the remove-buildplatform branch September 13, 2024 19:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants