Move CI to buildkite and fix

.buildkite/pipeline.yml

@@ -0,0 +1,27 @@
+steps:
+  - label: Install dependencies
+    env:
+      SEGMENT_BUILDKITE_IMAGE: "buildkite-agent-golang1.19:latest"
+      SEGMENT_CONTEXTS: 'snyk'
+    agents:
+      queue: v1
+    commands: |
+      which -a go
+      env | grep PATH
+      export PATH=$PATH:/go/bin:/var/lib/buildkite-agent/go/bin:/go/src/github.com/segmentio/kubeapply/deps:$HOME/local/bin
+      mkdir -p deps
+      cd deps && ../scripts/pull-deps.sh && cd -
+      env | grep PATH
+      ls -al "${HOME}/local/bin"
+      which -a helm
+      SNYK_LEVEL=FLHI curl -sL https://raw.githubusercontent.com/segmentio/snyk_helpers/master/initialization/snyk.sh | sh
+
+  - label: 'Publish'
+    env:
+      SEGMENT_CONTEXTS: "aws-credentials,ecr"
+      SEGMENT_BUILDKITE_IMAGE: 'buildkite-agent-golang1.19:latest'
+    agents:
+      queue: v1
+    commands: |
+      export PATH=$PATH:/go/bin:/var/lib/buildkite-agent/go/bin:/go/src/github.com/segmentio/kubeapply/deps:$HOME/local/bin
+      make publish

Dockerfile

@@ -1,5 +1,5 @@
 # Fetch or build all required binaries
-FROM golang:1.18 as builder
+FROM golang:1.19 as builder
 
 ARG VERSION_REF
 RUN test -n "${VERSION_REF}"
@@ -8,6 +8,7 @@ ENV SRC github.com/segmentio/kubeapply
 
 RUN apt-get update && apt-get install --yes \
     curl \
+    unzip \
     wget
 
 COPY . /go/src/${SRC}

Dockerfile.lambda

@@ -1,5 +1,5 @@
 # Fetch or build all required binaries
-FROM golang:1.18 as builder
+FROM golang:1.19 as builder
 
 ARG VERSION_REF
 RUN test -n "${VERSION_REF}"
@@ -8,6 +8,7 @@ ENV SRC github.com/segmentio/kubeapply
 
 RUN apt-get update && apt-get install --yes \
     curl \
+    unzip \
     wget
 
 COPY . /go/src/${SRC}
@@ -26,7 +27,8 @@ RUN make kubeapply-lambda VERSION_REF=${VERSION_REF} && \
 # Copy into final image
 FROM public.ecr.aws/lambda/go:1
 
-RUN yum install -y git
+RUN yum install -y git && \
+  python3 --version
 
 RUN curl -O https://bootstrap.pypa.io/pip/3.6/get-pip.py && python3 get-pip.py
 RUN pip3 install awscli

Makefile

@@ -78,3 +78,6 @@ endif
 .PHONY: clean
 clean:
 	rm -Rf *.zip .kube build vendor
+
+publish:
+	./scripts/publish.sh

scripts/publish.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+AWS_ACCOUNT_ID='528451384384'
+AWS_REGION='us-west-2'
+
+main() {
+    local -r SHORT_GIT_SHA=$(git rev-parse --short HEAD)
+    local -r image="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/kubeapply:${SHORT_GIT_SHA}"
+    local -r lambda_image="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/kubeapply-lambda:${SHORT_GIT_SHA}"
+    docker build \
+        -t "${image}" \
+        --build-arg VERSION_REF="${SHORT_GIT_SHA}" \
+        .
+    docker push "${image}"
+
+    docker build \
+        -f Dockerfile.lambda \
+        -t "${lambda_image}" \
+        --build-arg VERSION_REF="${SHORT_GIT_SHA}" \
+        .
+    docker push "${lambda_image}"
+}
+
+main "$@"

scripts/pull-deps.sh

@@ -1,6 +1,8 @@
 #!/bin/bash
 
-set -e
+set -euo pipefail
+
+# Note this is used by both the publish script and the test script.
 
 # Required versions
 
@@ -23,11 +25,15 @@ KIND_SHA_256_SUM="781c3db479b805d161b7c2c7a31896d1a504b583ebfcce8fcd49538c684d96
 GOOS=linux
 GOARCH=amd64
 
+mkdir -p "${HOME}/local/bin"
+
 echo "Downloading helm at version ${HELM_VERSION}"
 wget -q https://get.helm.sh/helm-v${HELM_VERSION}-${GOOS}-${GOARCH}.tar.gz
 echo "${HELM_SHA256_SUM} helm-v${HELM_VERSION}-${GOOS}-${GOARCH}.tar.gz" | sha256sum -c
 tar -xzf helm-v${HELM_VERSION}-${GOOS}-${GOARCH}.tar.gz
-cp ${GOOS}-${GOARCH}/helm .
+${GOOS}-${GOARCH}/helm version
+# try /usr/local/bin (for Dockerfile) and fall back
+cp ${GOOS}-${GOARCH}/helm "/usr/local/bin" || cp ${GOOS}-${GOARCH}/helm "${HOME}/local/bin"
 
 echo "Downloading aws-iam-authenticator at version ${IAM_AUTHENTICATOR_VERSION}"
 wget -q -O aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v${IAM_AUTHENTICATOR_VERSION}/aws-iam-authenticator_${IAM_AUTHENTICATOR_VERSION}_${GOOS}_${GOARCH}
@@ -44,3 +50,9 @@ echo "Downloading kind at version ${KIND_VERSION}"
 wget -q -O kind https://kind.sigs.k8s.io/dl/${KIND_VERSION}/kind-${GOOS}-${GOARCH}
 echo "${KIND_SHA_256_SUM} kind" | sha256sum -c
 chmod +x kind
+
+# https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
+curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+unzip -q awscliv2.zip
+mkdir -p "${HOME}/local/aws"
+./aws/install --install-dir "${HOME}/local/aws" --bin-dir "${HOME}/local/bin"