generate files in dockerfiles (#219)

These changes add multistage docker files for both the operator and the operator bundle images. The builder stage uses the make targets to generate the necessary files to build the two images. This should fix the Prow CI image build issues and it should allow the copy of the bundle files in the midstream repo to be removed. Ultimately it means the same process is being use to build the images no matter what is building them.

.dockerignore

@@ -0,0 +1,11 @@
+.git
+vendor
+testbin
+images
+must-gather
+bin
+api/v1/zz_generated.deepcopy.go
+config/crd/bases/kataconfiguration.openshift.io_kataconfigs.yaml
+config/rbac/role.yaml
+config/webhook/manifests.yaml
+bundle

.gitignore

@@ -85,5 +85,4 @@ config/crd/bases/kataconfiguration.openshift.io_kataconfigs.yaml
 config/rbac/role.yaml
 config/webhook/manifests.yaml
 # make bundle files
-bundle.Dockerfile
-bundle/
+bundle/

Dockerfile

@@ -3,25 +3,26 @@ FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.17-openshift-4.10 AS
 
 WORKDIR /workspace
 
-# Copy the Go Modules manifests
+COPY Makefile Makefile
+COPY hack hack/
+COPY PROJECT PROJECT
 COPY go.mod go.mod
 COPY go.sum go.sum
-# cache deps before building and copying source so that we don't need to re-download as much
-# and so that source changes don't invalidate our downloaded layer
-RUN go mod download
-
-# Copy the go source
 COPY main.go main.go
-COPY api/ api/
-COPY controllers/ controllers/
+COPY api api/
+COPY config config/
+COPY controllers controllers/
+
+RUN go mod download
+# needed for docker build but not for local builds
+RUN go mod vendor
 
-# Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -mod=mod -o manager main.go
+RUN make build
 
 # Use OpenShift base image
 FROM registry.ci.openshift.org/ocp/4.10:base
 WORKDIR /
-COPY --from=builder /workspace/manager .
+COPY --from=builder /workspace/bin/manager .
 
 RUN useradd  -r -u 499 nonroot
 RUN getent group nonroot || groupadd -o -g 499 nonroot

Makefile

@@ -3,13 +3,14 @@
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 1.3.0
+VERSION ?= 1.3.1
 
 # CHANNELS define the bundle channels used in the bundle.
 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
 # To re-generate a bundle for other specific channels without changing the standard setup, you can:
 # - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable)
 # - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable")
+CHANNELS="stable-1.3"
 ifneq ($(origin CHANNELS), undefined)
 BUNDLE_CHANNELS := --channels=$(CHANNELS)
 endif
@@ -19,6 +20,7 @@ endif
 # To re-generate a bundle for any other default channel without changing the default setup, you can:
 # - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable)
 # - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable")
+DEFAULT_CHANNEL="stable-1.3"
 ifneq ($(origin DEFAULT_CHANNEL), undefined)
 BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL)
 endif
@@ -29,7 +31,8 @@ BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
 #
 # For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both
 # example.com/memcached-operator-bundle:$VERSION and example.com/memcached-operator-catalog:$VERSION.
-IMAGE_TAG_BASE ?= quay.io/openshift_sandboxed_containers/openshift-sandboxed-containers-operator
+# FIXME: This should be an upstream accessible repo.  Investigating downstream build options to allow us to do that.
+IMAGE_TAG_BASE ?= registry-proxy.engineering.redhat.com/rh-osbs/openshift-sandboxed-containers-operator
 
 # BUNDLE_IMG defines the image:tag used for the bundle.
 # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>)
@@ -47,7 +50,7 @@ ifeq ($(USE_IMAGE_DIGESTS), true)
 endif
 
 # Image URL to use all building/pushing image targets
-IMG ?= controller:latest
+IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.23
 
@@ -185,7 +188,7 @@ bundle: manifests kustomize ## Generate bundle manifests and metadata, then vali
 
 .PHONY: bundle-build
 bundle-build: ## Build the bundle image.
-	docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
+	docker build -f bundle-custom.Dockerfile -t $(BUNDLE_IMG) .
 
 .PHONY: bundle-push
 bundle-push: ## Push the bundle image.

bundle-custom.Dockerfile

@@ -0,0 +1,52 @@
+# Use OpenShift golang builder image
+FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.17-openshift-4.10 AS builder
+
+WORKDIR /workspace
+
+COPY Makefile Makefile
+COPY PROJECT PROJECT
+COPY go.mod go.mod
+COPY go.sum go.sum
+COPY api api/
+COPY config config/
+COPY controllers controllers/
+
+RUN go mod download
+# needed for docker build but not for local builds
+RUN go mod vendor
+
+# Install operator-sdk
+RUN export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) \
+OS=$(uname | awk '{print tolower($0)}') \
+OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v1.20.1; \
+curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH}; \
+mv operator-sdk_${OS}_${ARCH} operator-sdk; \
+chmod +x operator-sdk
+
+# Set path to include local dir so standard make target can be used
+ENV PATH=$PATH:.
+
+# Unsetting VERSION here is workaround because the buildroot image sets VERSION to the golang version
+RUN unset VERSION; make bundle
+
+FROM scratch
+
+# Core bundle labels.
+LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
+LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
+LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
+LABEL operators.operatorframework.io.bundle.package.v1=sandboxed-containers-operator
+LABEL operators.operatorframework.io.bundle.channels.v1=stable-1.3
+LABEL operators.operatorframework.io.bundle.channel.default.v1=stable-1.3
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.19.0+git
+LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
+LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3
+
+# Labels for testing.
+LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1
+LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/
+
+# Copy files to locations specified by labels.
+COPY --from=builder /workspace/bundle/manifests /manifests/
+COPY --from=builder /workspace/bundle/metadata /metadata/
+COPY --from=builder /workspace/bundle/tests/scorecard /tests/scorecard/

bundle.Dockerfile

@@ -0,0 +1,52 @@
+# Use OpenShift golang builder image
+FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.17-openshift-4.10 AS builder
+
+WORKDIR /workspace
+
+COPY Makefile Makefile
+COPY PROJECT PROJECT
+COPY go.mod go.mod
+COPY go.sum go.sum
+COPY api api/
+COPY config config/
+COPY controllers controllers/
+
+RUN go mod download
+# needed for docker build but not for local builds
+RUN go mod vendor
+
+# Install operator-sdk
+RUN export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) \
+OS=$(uname | awk '{print tolower($0)}') \
+OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v1.20.1; \
+curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH}; \
+mv operator-sdk_${OS}_${ARCH} operator-sdk; \
+chmod +x operator-sdk
+
+# Set path to include local dir so standard make target can be used
+ENV PATH=$PATH:.
+
+# Unsetting VERSION here is workaround because the buildroot image sets VERSION to the golang version
+RUN unset VERSION; make bundle
+
+FROM scratch
+
+# Core bundle labels.
+LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
+LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
+LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
+LABEL operators.operatorframework.io.bundle.package.v1=sandboxed-containers-operator
+LABEL operators.operatorframework.io.bundle.channels.v1=stable-1.3
+LABEL operators.operatorframework.io.bundle.channel.default.v1=stable-1.3
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.19.0+git
+LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
+LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3
+
+# Labels for testing.
+LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1
+LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/
+
+# Copy files to locations specified by labels.
+COPY --from=builder /workspace/bundle/manifests /manifests/
+COPY --from=builder /workspace/bundle/metadata /metadata/
+COPY --from=builder /workspace/bundle/tests/scorecard /tests/scorecard/

config/manager/kustomization.yaml

@@ -12,5 +12,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: controller
-  newTag: latest
+  newName: registry-proxy.engineering.redhat.com/rh-osbs/openshift-sandboxed-containers-operator
+  newTag: 1.3.1