Fix multiplatform build, update golang version and dependencies (#25)

danfromtitan · Oct 25, 2023 · 624bc39 · 624bc39
1 parent 6bbdd33
commit 624bc39
Show file tree

Hide file tree

Showing 6 changed files with 162 additions and 177 deletions.
diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
@@ -4,15 +4,9 @@ on:
   push:
     branches: [ "**" ]
     tags: [ "v*.*.*" ]
-  workflow_dispatch:
-    inputs:
-      go-version:
-        default: "1.17"
-        description: 'Go version'
-        required: true
 
 permissions:
-  contents: read
+  contents: write
   id-token: write
   packages: write
 
@@ -25,7 +19,8 @@ jobs:
       chart: ${{ steps.filter.outputs.chart }}
       test: ${{ steps.filter.outputs.test }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+
       - uses: dorny/paths-filter@v2
         id: filter
         with:
@@ -54,25 +49,15 @@ jobs:
       image-digest: ${{ steps.image-output.outputs.image-digest }}
 
     steps:
+      - uses: actions/checkout@v4
 
-      - uses: actions/checkout@v3
-
-      - uses: actions/setup-go@v3
-        with:
-          go-version: ${{ github.event.inputs.go-version }}
-
-      - uses: actions/cache@v3
+      - uses: actions/setup-go@v4
         with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-go-${{ github.event.inputs.go-version }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-go-${{ github.event.inputs.go-version }}-
+          go-version: 1.19
+          cache: true
 
-      - run: make envars-webhook
-
-      - id: docker-tags
-        uses: docker/metadata-action@v4
+      - uses: docker/metadata-action@v5
+        id: meta
         with:
           images: |
             ghcr.io/danfromtitan/envars-from-node-labels
@@ -83,46 +68,28 @@ jobs:
             type=semver,pattern={{major}}
             type=sha,prefix=${{ github.ref_name }}-
 
-      - uses: docker/setup-buildx-action@v2
-        id: buildx
+      - uses: docker/setup-qemu-action@v3
+
+      - uses: docker/setup-buildx-action@v3
 
-      - uses: docker/login-action@v2
+      - uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: docker/build-push-action@v3
-        id: docker-build-amd
-        with:
-          context: ./
-          platforms: linux/amd64
-          outputs: type=docker,push=false
-          tags: ${{ steps.docker-tags.outputs.tags }}
-          labels: ${{ steps.docker-tags.outputs.labels }}
-
-      - run: |
-          export GOARCH=arm64
-          make envars-webhook
-
-      - uses: docker/build-push-action@v3
-        id: docker-build-arm
-        with:
-          context: ./
-          platforms: linux/arm64
-          outputs: type=docker,push=false
-          tags: ${{ steps.docker-tags.outputs.tags }}
-          labels: ${{ steps.docker-tags.outputs.labels }}
+      - run: go install github.com/mitchellh/gox@latest
+      - run: make build-all
 
-      - uses: docker/build-push-action@v3
+      - uses: docker/build-push-action@v5
         id: docker-build
         with:
           context: ./
           platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
-          outputs: type=image,push=true
-          tags: ${{ steps.docker-tags.outputs.tags }}
-          labels: ${{ steps.docker-tags.outputs.labels }}
+          provenance: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
 
       - id: image-output
         run: |
@@ -140,8 +107,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -171,91 +137,93 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - uses: actions/checkout@v4
 
-    - uses: medyagh/setup-minikube@master
-      id: minikube
-      with:
-        minikube-version: 1.23.2
-        driver: docker
-        container-runtime: containerd
-        kubernetes-version: v1.22.10
-
-    - uses: actions/checkout@v3
-
-    - name: setup helm
-      run: |
-        curl -s https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
-        helm repo add envars-webhook https://danfromtitan.github.io/envars-from-node-labels/
-        helm repo update
-        helm search repo envars-webhook -l
-
-    - name: deploy webhook
-      timeout-minutes: 2
-      env:
-        NAMESPACE: webtest
-      run: |
-        IMAGE_TAG=latest
-        [[ "${{contains(needs.build.result, 'success') }}" == "true" ]] && IMAGE_TAG=${{ needs.build.outputs.image-tag }}
-        helm install -n $NAMESPACE --create-namespace envars-webhook envars-webhook/envars-webhook --set image.tag="$IMAGE_TAG" \
-          --set webhook.containersAllowed.ingester=true,webhook.containersAllowed.prober=true,webhook.containersAllowed.store-gateway=true
-        until kubectl get pods -n $NAMESPACE | grep "Running" > /dev/null; do
-          kubectl get pods -n $NAMESPACE | tail -n +2
-          sleep 1
-        done
+      - uses: medyagh/setup-minikube@master
+        id: minikube
+        with:
+          container-runtime: containerd
+          driver: docker
+          kubernetes-version: v1.28
+          minikube-version: 1.31.2
 
-    - name: stage samples
-      run: |
-        make sample
+      - name: Check minikube pods
+        run: kubectl get pods -A
 
-    - name: verify pod-allowed
-      timeout-minutes: 2
-      env:
-        NAMESPACE: samples
-      run: |
-        kubectl apply -f test/pod-allowed.yaml
-        until kubectl get pods -n $NAMESPACE | grep "pod-allowed" | grep "Completed" > /dev/null; do sleep 1; done
-        kubectl logs -n $NAMESPACE pod-allowed | grep "NODE_MINIKUBE_K8S_IO_NAME" > /dev/null
+      - name: setup helm
+        run: |
+          curl -s https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
+          helm repo add envars-webhook https://danfromtitan.github.io/envars-from-node-labels/
+          helm repo update
+          helm search repo envars-webhook -l
 
-    - name: verify pod-excluded
-      timeout-minutes: 2
-      env:
-        NAMESPACE: samples
-      run: |
-        kubectl apply -f test/pod-excluded.yaml
-        until kubectl get pods -n $NAMESPACE | grep "pod-excluded" | grep "Completed" > /dev/null; do sleep 1; done
-        kubectl logs -n $NAMESPACE pod-excluded | grep -v "NODE_MINIKUBE_K8S_IO_NAME" > /dev/null
+      - name: deploy webhook
+        timeout-minutes: 2
+        env:
+          NAMESPACE: webtest
+        run: |
+          IMAGE_TAG=latest
+          [[ "${{contains(needs.build.result, 'success') }}" == "true" ]] && IMAGE_TAG=${{ needs.build.outputs.image-tag }}
+          helm install -n $NAMESPACE --create-namespace envars-webhook envars-webhook/envars-webhook --set image.tag="$IMAGE_TAG" \
+            --set webhook.containersAllowed.ingester=true,webhook.containersAllowed.prober=true,webhook.containersAllowed.store-gateway=true
+          until kubectl get pods -n $NAMESPACE | grep "Running" > /dev/null; do
+            kubectl get pods -n $NAMESPACE | tail -n +2
+            sleep 1
+          done
+
+      - name: stage samples
+        run: |
+          make sample
 
-    - name: verify pod-mixed
-      timeout-minutes: 2
-      env:
-        NAMESPACE: samples
-      run: |
-        kubectl apply -f test/pod-mixed.yaml
-        until kubectl get pods -n $NAMESPACE | grep "pod-mixed" | grep "Completed" > /dev/null; do sleep 1; done
-        kubectl logs -n $NAMESPACE pod-mixed ingester | grep "NODE_MINIKUBE_K8S_IO_NAME" > /dev/null
-        kubectl logs -n $NAMESPACE pod-mixed store-gateway | grep "NODE_MINIKUBE_K8S_IO_NAME" > /dev/null
-        kubectl logs -n $NAMESPACE pod-mixed compactor | grep -v "NODE_MINIKUBE_K8S_IO_NAME" > /dev/null
+      - name: verify pod-allowed
+        timeout-minutes: 2
+        env:
+          NAMESPACE: samples
+        run: |
+          kubectl apply -f test/pod-allowed.yaml
+          until kubectl get pods -n $NAMESPACE | grep "pod-allowed" | grep "Completed" > /dev/null; do sleep 1; done
+          kubectl logs -n $NAMESPACE pod-allowed | grep "NODE_MINIKUBE_K8S_IO_NAME" > /dev/null
 
-    - name: verify deployment
-      timeout-minutes: 2
-      env:
-        NAMESPACE: samples
-      run: |
-        kubectl apply -f test/deployment.yaml
-        until [[ $(kubectl get pods -n $NAMESPACE | grep "deployment" | grep "Running" | wc -l) == "2" ]]; do sleep 1; done
-        for POD in $(kubectl get pods -n $NAMESPACE | grep "deployment" | awk '{print $1}'); do
-          kubectl logs -n $NAMESPACE $POD prober | grep "NODE_MINIKUBE_K8S_IO_NAME"
-          kubectl exec -n $NAMESPACE $POD -c ingester -- env | grep "NODE_MINIKUBE_K8S_IO_NAME"
-        done
+      - name: verify pod-excluded
+        timeout-minutes: 2
+        env:
+          NAMESPACE: samples
+        run: |
+          kubectl apply -f test/pod-excluded.yaml
+          until kubectl get pods -n $NAMESPACE | grep "pod-excluded" | grep "Completed" > /dev/null; do sleep 1; done
+          kubectl logs -n $NAMESPACE pod-excluded | grep -v "NODE_MINIKUBE_K8S_IO_NAME" > /dev/null
 
-    - name: verify statefulset
-      timeout-minutes: 2
-      env:
-        NAMESPACE: samples
-      run: |
-        kubectl apply -f test/statefulset.yaml
-        until [[ $(kubectl get pods -n $NAMESPACE | grep "statefulset" | grep "Running" | wc -l) == "2" ]]; do sleep 1; done
-        for POD in $(kubectl get pods -n $NAMESPACE | grep "statefulset" | awk '{print $1}'); do
-          kubectl logs -n $NAMESPACE $POD prober | grep "NODE_MINIKUBE_K8S_IO_NAME"
-          kubectl exec -n $NAMESPACE $POD -c store-gateway -- env | grep "NODE_MINIKUBE_K8S_IO_NAME"
-        done
+      - name: verify pod-mixed
+        timeout-minutes: 2
+        env:
+          NAMESPACE: samples
+        run: |
+          kubectl apply -f test/pod-mixed.yaml
+          until kubectl get pods -n $NAMESPACE | grep "pod-mixed" | grep "Completed" > /dev/null; do sleep 1; done
+          kubectl logs -n $NAMESPACE pod-mixed ingester | grep "NODE_MINIKUBE_K8S_IO_NAME" > /dev/null
+          kubectl logs -n $NAMESPACE pod-mixed store-gateway | grep "NODE_MINIKUBE_K8S_IO_NAME" > /dev/null
+          kubectl logs -n $NAMESPACE pod-mixed compactor | grep -v "NODE_MINIKUBE_K8S_IO_NAME" > /dev/null
+
+      - name: verify deployment
+        timeout-minutes: 2
+        env:
+          NAMESPACE: samples
+        run: |
+          kubectl apply -f test/deployment.yaml
+          until [[ $(kubectl get pods -n $NAMESPACE | grep "deployment" | grep "Running" | wc -l) == "2" ]]; do sleep 1; done
+          for POD in $(kubectl get pods -n $NAMESPACE | grep "deployment" | awk '{print $1}'); do
+            kubectl logs -n $NAMESPACE $POD prober | grep "NODE_MINIKUBE_K8S_IO_NAME"
+            kubectl exec -n $NAMESPACE $POD -c ingester -- env | grep "NODE_MINIKUBE_K8S_IO_NAME"
+          done
+
+      - name: verify statefulset
+        timeout-minutes: 2
+        env:
+          NAMESPACE: samples
+        run: |
+          kubectl apply -f test/statefulset.yaml
+          until [[ $(kubectl get pods -n $NAMESPACE | grep "statefulset" | grep "Running" | wc -l) == "2" ]]; do sleep 1; done
+          for POD in $(kubectl get pods -n $NAMESPACE | grep "statefulset" | awk '{print $1}'); do
+            kubectl logs -n $NAMESPACE $POD prober | grep "NODE_MINIKUBE_K8S_IO_NAME"
+            kubectl exec -n $NAMESPACE $POD -c store-gateway -- env | grep "NODE_MINIKUBE_K8S_IO_NAME"
+          done
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,4 @@
-/.idea/
+/.idea
 /vendor
 /go.sum
-/envars-webhook
+/target
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.5.0
     hooks:
       - id: check-merge-conflict
       - id: trailing-whitespace
@@ -9,12 +9,12 @@ repos:
         exclude: ^charts|^test
       - id: check-added-large-files
   - repo: https://github.com/codespell-project/codespell
-    rev: v2.2.2
+    rev: v2.2.6
     hooks:
       - id: codespell
         entry: codespell --write-changes
   - repo: https://github.com/gruntwork-io/pre-commit
-    rev: v0.1.17
+    rev: v0.1.22
     hooks:
       - id: gofmt
       - id: goimports

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,7 @@
 FROM scratch
 
-COPY ./envars-webhook /
+ARG TARGETOS
+ARG TARGETARCH
+
+COPY target/envars-webhook_${TARGETOS}_${TARGETARCH} /envars-webhook
 ENTRYPOINT ["/envars-webhook"]
diff --git a/Makefile b/Makefile
@@ -10,25 +10,34 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-AWS_ACCOUNT_ID = $$(aws sts get-caller-identity --query Account --output text)
-AWS_REGION = $$(aws configure get region)
-IMAGE_NAME = $$(basename `pwd`)
+AWS_ACCOUNT_ID = $(shell aws sts get-caller-identity --query Account --output text)
+AWS_REGION = $(shell aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')
+IMAGE_NAME = $(shell basename `pwd`)
+TARGETOS = linux
+TARGETARCH=$(shell uname -m)
 
-IMAGE_URL ?= "$(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com/$(IMAGE_NAME):latest"
-NAMESPACE ?= "envhook"
+IMAGE_URL  ?= "$(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com/$(IMAGE_NAME):latest"
+NAMESPACE  ?= envhook
 
 .DEFAULT_GOAL := image
 
 deps:
 	TMPDIR=/var/tmp GO111MODULE=on go get -v ./...
 	go mod tidy
 
-envars-webhook: deps
-	TMPDIR=/var/tmp CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o $@ ./cmd/envars-webhook
+build: clean deps
+	TMPDIR=/var/tmp CGO_ENABLED=0 GOARCH=$(TARGETARCH) go build -ldflags="-s -w" -o target/envars-webhook_$(TARGETOS)_$(TARGETARCH) ./cmd/envars-webhook
 
-image: envars-webhook
+build-all: clean deps
+	TMPDIR=/var/tmp CGO_ENABLED=0 gox -osarch="linux/amd64 linux/arm64" -ldflags="-s -w" -output="target/envars-webhook_{{.OS}}_{{.Arch}}/" ./cmd/envars-webhook
+
+clean:
+	go clean
+	rm -rf target
+
+image: build
 	docker rmi $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com/$(IMAGE_NAME):latest || true
-	docker build --no-cache -t $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com/$(IMAGE_NAME):latest .
+	docker build --build-arg TARGETOS=$(TARGETOS) --no-cache -t $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com/$(IMAGE_NAME):latest .
 
 push:
 	aws ecr get-login-password --region $(AWS_REGION) | docker login --username AWS $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com --password-stdin