From d7c658da872db679ad18ce7632aa3a5fa733bd60 Mon Sep 17 00:00:00 2001 From: Cameron Rozean Date: Thu, 25 Jul 2024 16:13:03 -0700 Subject: [PATCH 1/4] update dockerfile and Makefile to use upstream binaries for golang-debian image builds --- projects/golang/go/Makefile | 36 +++++++++++++++++++ .../golang/go/docker/debianBase/Dockerfile | 4 +-- 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/projects/golang/go/Makefile b/projects/golang/go/Makefile index 33d541e3b..e8f97cfbf 100644 --- a/projects/golang/go/Makefile +++ b/projects/golang/go/Makefile @@ -38,6 +38,11 @@ IMAGE_NAME?=golang-debian IMAGE_TAG?=$(GIT_TAG)-$(BUILD_ID)-$(IMAGE_BUILD_ID) LATEST_IMAGE=$(IMAGE_REPO)/$(IMAGE_NAME):$(GIT_TAG) IMAGE?=$(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG),$(LATEST_IMAGE) +# Variables used in the using upstream binarys in the golang-debian image +BUILDER_BASE_VERSIONS_YAML=$(BASE_DIRECTORY)/builder-base/versions.yaml +BUILDER_BASE_GO_VERSION=$(shell grep -E "^GOLANG_VERSION_$(subst .,,$(GO_SOURCE_VERSION))" $(BUILDER_BASE_VERSIONS_YAML)) +GO_BIN_VERSION_WITH_RELEASE=$(subst GOLANG_VERSION_$(subst .,,$(GO_SOURCE_VERSION)): ,,$(BUILDER_BASE_GO_VERSION)) +GO_BIN_VERSION_WITHOUT_RELEASE=$(shell [[ $(GO_BIN_VERSION_WITH_RELEASE) =~ [0-9]+.[0-9]+.[0-9]+ ]] && echo $${BASH_REMATCH[0]}) PUSH_IMAGES?=true BUILDKIT_OUTPUT=type=image,oci-mediatypes=true,\"name=$(IMAGE)\",push=$(PUSH_IMAGES) @@ -98,6 +103,10 @@ validate-go-archive-checksum: fi ; \ done +.PHONY: prod-release-images-upstream-bins +prod-release-images-upstream-bins: export AWS_PROFILE=ecr-public-push +prod-release-images-upstream-bins: images-upstream-bins + .PHONY: fetch-golang-source-archive fetch-golang-source-archive: curl -L -o $(HOME)/rpmbuild/SOURCES/$(GIT_TAG).src.tar.gz https://github.com/golang/go/archive/refs/tags/$(GIT_TAG).tar.gz --create-dirs @@ -144,6 +153,33 @@ images: --progress plain \ --output $(BUILDKIT_OUTPUT) +.PHONY: fetch-golang-upstream-bins +fetch-golang-upstream-bins: + $(PROJECT_DIRECTORY)/scripts/get_upstream_golang.sh $(VERSION_DIRECTORY)/archives/ $(GO_BIN_VERSION_WITHOUT_RELEASE) + +.PHONY: local-images-upstream-bins +local-images-upstream-bins: PUSH_IMAGES=false +local-images-upstream-bins: export BUILDKIT_HOST=docker-container://buildkitd +local-images-upstream-bins: images-upstream-bins + +.PHONY: images-upstream-bins +images-upstream-bins: IMAGE_REPO=$(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com +images-upstream-bins: IMAGE_NAME=golang-debian +images-upstream-bins: IMAGE_TAG=$(GO_BIN_VERSION_WITHOUT_RELEASE)-$(BUILD_ID)-$(IMAGE_BUILD_ID) +images-upstream-bins: LATEST_IMAGE=$(IMAGE_REPO)/$(IMAGE_NAME):$(GO_BIN_VERSION_WITHOUT_RELEASE) +images-upstream-bins: IMAGE=$(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG),$(LATEST_IMAGE) +images-upstream-bins: fetch-golang-upstream-bins buildkit-check +images-upstream-bins: + $(BASE_DIRECTORY)/scripts/buildkit.sh \ + build \ + --frontend dockerfile.v0 \ + --opt platform=$(GOOS)/$(ARCH_LOWER) \ + --opt build-arg:GOLANG_ARCHIVE_PATH=$(GOOS)/$(ARCH_LOWER)/go$(GO_BIN_VERSION_WITHOUT_RELEASE).$(GOOS)-$(ARCH_LOWER).tar.gz \ + --local dockerfile=$(PROJECT_DIRECTORY)/docker/debianBase \ + --local context=$(VERSION_DIRECTORY)/archives \ + --progress plain \ + --output $(BUILDKIT_OUTPUT) + .PHONY: generate-golang-archive generate-golang-archive: extract-golang-rpm tar-golang-sources diff --git a/projects/golang/go/docker/debianBase/Dockerfile b/projects/golang/go/docker/debianBase/Dockerfile index 6d0d2b463..61e471ffd 100644 --- a/projects/golang/go/docker/debianBase/Dockerfile +++ b/projects/golang/go/docker/debianBase/Dockerfile @@ -11,7 +11,7 @@ COPY --from=go-untar /usr/local/go/ /usr/local/go/ ENV GOPATH /go -ENV PATH /usr/local/go/bin:$GOPATH/bin:$PATH +ENV PATH /usr/local/go/go/bin:$GOPATH/bin:$PATH RUN set -eux; \ apt-get update; \ @@ -28,4 +28,4 @@ RUN set -eux; \ ; \ go version -WORKDIR $GOPATH \ No newline at end of file +WORKDIR $GOPATH From abf9a9a4cb129bbbb24a7957c15ba282753a9974 Mon Sep 17 00:00:00 2001 From: Cameron Rozean Date: Thu, 25 Jul 2024 16:14:16 -0700 Subject: [PATCH 2/4] create a script for using builder base golang versions for tracking when pulling upstream binaries --- .../golang/go/scripts/get_upstream_golang.sh | 53 +++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100755 projects/golang/go/scripts/get_upstream_golang.sh diff --git a/projects/golang/go/scripts/get_upstream_golang.sh b/projects/golang/go/scripts/get_upstream_golang.sh new file mode 100755 index 000000000..a57ed3b6f --- /dev/null +++ b/projects/golang/go/scripts/get_upstream_golang.sh @@ -0,0 +1,53 @@ +#!/usr/bin/env bash +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x +set -e +set -o pipefail + +SCRIPT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)" +BASE_DIRECTORY="$(git rev-parse --show-toplevel)" +GO_PREFIX="go" +ARCHITECTURE="linux/amd64" # Currently only build golang-debian image for amd64, if other arches are needed add + +OUTPUT_DIR="$1" +GO_BIN_VERSION="$2" + +source ${BASE_DIRECTORY}/builder-base/scripts/common_vars.sh + +# Download from upstream and validate CHECKSUMs +function build::go::download { + # Set up specific go version by using go get, additional versions apart from default can be installed by calling + # the function again with the specific parameter. + local version=${1} + local outputDir=${2} + local archs=${3} + + for arch in ${archs/,/ }; do + local filename="$outputDir/${arch}/go$version.${arch/\//-}.tar.gz" + if [ ! -f $filename ]; then + curl -sSLf --retry 5 "https://go.dev/dl/go$version.${arch/\//-}.tar.gz" -o $filename --create-dirs + sha256sum=$(curl -sSLf --retry 5 "https://go.dev/dl/?mode=json" | jq -r --arg tar "go$version.${arch/\//-}.tar.gz" '.[].files[] | if .filename == $tar then .sha256 else "" end' | xargs) + + if [[ $(sha256sum ${filename} | cut -d ' ' -f1) != "${sha256sum}" ]]; then + echo "CHECKSUMs don't match" + exit 1 + fi + fi + done +} + +# strip the release version off the end of +build::go::download "${GO_BIN_VERSION}" "$OUTPUT_DIR" "$ARCHITECTURE" From 76b6833ab7bb5d753f88524bf9d4e9fb7898a348 Mon Sep 17 00:00:00 2001 From: Cameron Rozean Date: Thu, 25 Jul 2024 16:14:56 -0700 Subject: [PATCH 3/4] add script flag for releasing new upstream binary golang-debian images --- .../golang/go/scripts/prow_release_images.sh | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/projects/golang/go/scripts/prow_release_images.sh b/projects/golang/go/scripts/prow_release_images.sh index 3c11c8995..a799558cb 100755 --- a/projects/golang/go/scripts/prow_release_images.sh +++ b/projects/golang/go/scripts/prow_release_images.sh @@ -14,24 +14,26 @@ # limitations under the License. if [ "$ARCHITECTURE" == "ARM64" ]; then - echo "Won't perform image release for ARM64 arch" - exit 0 + echo "Won't perform image release for ARM64 arch" + exit 0 fi if [ "$AWS_ROLE_ARN" == "" ]; then - echo "Empty AWS_ROLE_ARN" - exit 1 + echo "Empty AWS_ROLE_ARN" + exit 1 fi if [ "$ECR_PUBLIC_PUSH_ROLE_ARN" == "" ]; then - echo "Empty ECR_PUBLIC_PUSH_ROLE_ARN" - exit 1 + echo "Empty ECR_PUBLIC_PUSH_ROLE_ARN" + exit 1 fi BASE_DIRECTORY=$(git rev-parse --show-toplevel) cd ${BASE_DIRECTORY} || exit -cat << EOF > awscliconfig +RELEASE_VERSION="${1:-prod-release-images}" + +cat <awscliconfig [default] output=json region=${AWS_REGION:-${AWS_DEFAULT_REGION:-us-west-2}} @@ -47,4 +49,5 @@ export AWS_CONFIG_FILE=$(pwd)/awscliconfig export AWS_PROFILE=ecr-public-push unset AWS_ROLE_ARN AWS_WEB_IDENTITY_TOKEN_FILE -make -C ${BASE_DIRECTORY}/projects/golang/go prod-release-images \ No newline at end of file +make -C ${BASE_DIRECTORY}/projects/golang/go $RELEASE_VERSION + From d8a1b2724f5483643f2303c11f264c1f0cb98969 Mon Sep 17 00:00:00 2001 From: Cameron Rozean Date: Thu, 25 Jul 2024 16:31:10 -0700 Subject: [PATCH 4/4] update prow_release_images to call new make targeting upstream binaries --- projects/golang/go/scripts/prow_release_images.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/projects/golang/go/scripts/prow_release_images.sh b/projects/golang/go/scripts/prow_release_images.sh index a799558cb..e97ec3b96 100755 --- a/projects/golang/go/scripts/prow_release_images.sh +++ b/projects/golang/go/scripts/prow_release_images.sh @@ -31,8 +31,6 @@ fi BASE_DIRECTORY=$(git rev-parse --show-toplevel) cd ${BASE_DIRECTORY} || exit -RELEASE_VERSION="${1:-prod-release-images}" - cat <awscliconfig [default] output=json @@ -49,5 +47,4 @@ export AWS_CONFIG_FILE=$(pwd)/awscliconfig export AWS_PROFILE=ecr-public-push unset AWS_ROLE_ARN AWS_WEB_IDENTITY_TOKEN_FILE -make -C ${BASE_DIRECTORY}/projects/golang/go $RELEASE_VERSION - +make -C ${BASE_DIRECTORY}/projects/golang/go "prod-release-images-upstream-bins"