chore: rework build, move to ghcr.io, build for arm64/amd64

Dockerfile/Makefile reworked to support cross-compilation, multi-arch
builds. Using Talos base tools image.

Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>

.dockerignore

@@ -0,0 +1,12 @@
+*
+!api
+!config
+!controllers
+!hack
+!internal
+!pkg
+!go.mod
+!go.sum
+!README.md
+!PROJECT
+!*.go

.drone.yml

@@ -7,10 +7,7 @@ steps:
   - name: setup-ci
     image: autonomy/build-container:latest
     commands:
-      - git fetch --tags
-      - apk add coreutils
-      - docker buildx create --driver docker-container --platform linux/amd64 --buildkitd-flags "--allow-insecure-entitlement security.insecure" --name local --use unix:///var/outer-run/docker.sock
-      - docker buildx inspect --bootstrap
+      - setup-ci
     privileged: true
     volumes:
       - name: docker-socket
@@ -23,6 +20,8 @@ steps:
   - name: build-pull-request
     image: autonomy/build-container:latest
     pull: always
+    environment:
+      PLATFORM: linux/amd64,linux/arm64
     commands:
       - make
     when:
@@ -41,12 +40,13 @@ steps:
     image: autonomy/build-container:latest
     pull: always
     environment:
-      DOCKER_USERNAME:
-        from_secret: docker_username
-      DOCKER_PASSWORD:
-        from_secret: docker_password
+      GHCR_USERNAME:
+        from_secret: ghcr_username
+      GHCR_PASSWORD:
+        from_secret: ghcr_token
+      PLATFORM: linux/amd64,linux/arm64
     commands:
-      - docker login --username "$${DOCKER_USERNAME}" --password "$${DOCKER_PASSWORD}"
+      - docker login --username "$${GHCR_USERNAME}" --password "$${GHCR_PASSWORD}" ghcr.io
       - make PUSH=true
     when:
       event:
@@ -128,6 +128,6 @@ depends_on:
   - default
 ---
 kind: signature
-hmac: 9e465020b2d4d694c23f176e05cef4c7da9bb75acb2a51a230bef7343f4ee18c
+hmac: 2847e7d6100e958e0391d8c3822c13fca9fb50de86ec5ee648a9eacce0978e5b
 
 ...

Dockerfile

@@ -1,40 +1,57 @@
-# syntax = docker/dockerfile-upstream:1.1.4-experimental
+# syntax = docker/dockerfile-upstream:1.2.0-labs
 
-FROM golang:1.15 AS build
+# Meta args applied to stage base names.
+
+ARG TOOLS
+ARG PKGS
+
+# Resolve package images using ${PKGS} to be used later in COPY --from=.
+
+FROM ghcr.io/talos-systems/ca-certificates:${PKGS} AS pkg-ca-certificates
+FROM ghcr.io/talos-systems/fhs:${PKGS} AS pkg-fhs
+
+# The base target provides the base for running various tasks against the source
+# code
+
+FROM --platform=${BUILDPLATFORM} ${TOOLS} AS build
+SHELL ["/toolchain/bin/bash", "-c"]
+ENV PATH /toolchain/bin:/toolchain/go/bin:/go/bin
+RUN ["/toolchain/bin/mkdir", "/bin", "/tmp"]
+RUN ["/toolchain/bin/ln", "-svf", "/toolchain/bin/bash", "/bin/sh"]
+RUN ["/toolchain/bin/ln", "-svf", "/toolchain/etc/ssl", "/etc/ssl"]
 ENV GO111MODULE on
 ENV GOPROXY https://proxy.golang.org
 ENV CGO_ENABLED 0
-WORKDIR /tmp
-RUN go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.8
-RUN go get k8s.io/code-generator/cmd/conversion-gen@v0.18.2
+ENV GOCACHE /.cache/go-build
+ENV GOMODCACHE /.cache/mod
+RUN --mount=type=cache,target=/.cache go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.5.0
+RUN --mount=type=cache,target=/.cache go install k8s.io/code-generator/cmd/conversion-gen@v0.21.0
 WORKDIR /src
 COPY ./go.mod ./
 COPY ./go.sum ./
-RUN go mod download
-RUN go mod verify
+RUN --mount=type=cache,target=/.cache go mod download
+RUN --mount=type=cache,target=/.cache go mod verify
 COPY ./ ./
-RUN go list -mod=readonly all >/dev/null
-RUN ! go mod tidy -v 2>&1 | grep .
+RUN --mount=type=cache,target=/.cache go list -mod=readonly all >/dev/null
+RUN --mount=type=cache,target=/.cache ! go mod tidy -v 2>&1 | grep .
 
 FROM build AS manifests-build
 ARG NAME
-RUN controller-gen crd:crdVersions=v1 paths="./api/..." output:crd:dir=config/crd/bases output:webhook:dir=config/webhook webhook
-RUN controller-gen rbac:roleName=manager-role paths="./controllers/..." output:rbac:dir=config/rbac
+RUN --mount=type=cache,target=/.cache controller-gen crd:crdVersions=v1 paths="./api/..." output:crd:dir=config/crd/bases output:webhook:dir=config/webhook webhook
+RUN --mount=type=cache,target=/.cache controller-gen rbac:roleName=manager-role paths="./controllers/..." output:rbac:dir=config/rbac
 FROM scratch AS manifests
 COPY --from=manifests-build /src/config /config
 
 FROM build AS generate-build
-RUN controller-gen object:headerFile=./hack/boilerplate.go.txt paths="./..."
-RUN	conversion-gen --input-dirs=./api/v1alpha2 --output-base ./ --output-file-base=zz_generated.conversion --go-header-file=./hack/boilerplate.go.txt
+RUN --mount=type=cache,target=/.cache controller-gen object:headerFile=./hack/boilerplate.go.txt paths="./..."
+RUN	--mount=type=cache,target=/.cache conversion-gen --input-dirs=./api/v1alpha2 --output-base ./ --output-file-base=zz_generated.conversion --go-header-file=./hack/boilerplate.go.txt
+
 FROM scratch AS generate
 COPY --from=generate-build /src/api /api
 
-FROM k8s.gcr.io/hyperkube:v1.17.0 AS release-build
-RUN apt update -y \
-  && apt install -y curl \
-  && curl -LO https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv3.4.0/kustomize_v3.4.0_linux_amd64.tar.gz \
-  && tar -xf kustomize_v3.4.0_linux_amd64.tar.gz -C /usr/local/bin \
-  && rm kustomize_v3.4.0_linux_amd64.tar.gz
+FROM --platform=${BUILDPLATFORM} alpine:3.13 AS release-build
+ADD https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv4.1.0/kustomize_v4.1.0_linux_amd64.tar.gz .
+RUN  tar -xf kustomize_v4.1.0_linux_amd64.tar.gz -C /usr/local/bin && rm kustomize_v4.1.0_linux_amd64.tar.gz
 COPY ./config ./config
 ARG REGISTRY_AND_USERNAME
 ARG NAME
@@ -44,16 +61,19 @@ RUN cd config/manager \
   && cd - \
   && kustomize build config > /bootstrap-components.yaml \
   && cp config/metadata/metadata.yaml /metadata.yaml
+
 FROM scratch AS release
 COPY --from=release-build /bootstrap-components.yaml /bootstrap-components.yaml
 COPY --from=release-build /metadata.yaml /metadata.yaml
 
 FROM build AS binary
-RUN --mount=type=cache,target=/root/.cache/go-build GOOS=linux go build -ldflags "-s -w" -o /manager
+ARG TARGETARCH
+RUN	--mount=type=cache,target=/.cache GOOS=linux GOARCH=${TARGETARCH} go build -ldflags "-s -w" -o /manager
 RUN chmod +x /manager
 
 FROM scratch AS container
-COPY --from=docker.io/autonomy/ca-certificates:v0.1.0 / /
-COPY --from=docker.io/autonomy/fhs:v0.1.0 / /
+COPY --from=pkg-ca-certificates / /
+COPY --from=pkg-fhs / /
 COPY --from=binary /manager /manager
+LABEL org.opencontainers.image.source https://github.com/talos-systems/cluster-api-bootstrap-provider-talos
 ENTRYPOINT [ "/manager" ]

Makefile

@@ -1,5 +1,5 @@
-REGISTRY ?= docker.io
-USERNAME ?= autonomy
+REGISTRY ?= ghcr.io
+USERNAME ?= talos-systems
 SHA ?= $(shell git describe --match=none --always --abbrev=8 --dirty)
 TAG ?= $(shell git describe --tag --always --dirty)
 BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
@@ -8,6 +8,9 @@ NAME := cluster-api-talos-controller
 
 ARTIFACTS := _out
 
+TOOLS ?= ghcr.io/talos-systems/tools:v0.5.0
+PKGS ?= v0.5.0
+
 BUILD := docker buildx build
 PLATFORM ?= linux/amd64
 PROGRESS ?= auto
@@ -18,6 +21,8 @@ COMMON_ARGS += --platform=$(PLATFORM)
 COMMON_ARGS += --build-arg=REGISTRY_AND_USERNAME=$(REGISTRY_AND_USERNAME)
 COMMON_ARGS += --build-arg=NAME=$(NAME)
 COMMON_ARGS += --build-arg=TAG=$(TAG)
+COMMON_ARGS += --build-arg=PKGS=$(PKGS)
+COMMON_ARGS += --build-arg=TOOLS=$(TOOLS)
 
 all: manifests container
 
@@ -63,19 +68,19 @@ init: ## Initialize the project.
 
 .PHONY: generate
 generate: ## Generate source code.
-	@$(MAKE) local-$@ DEST=./
+	@$(MAKE) local-$@ DEST=./ PLATFORM=linux/amd64
 
 .PHONY: container
 container: generate ## Build the container image.
 	@$(MAKE) docker-$@ TARGET_ARGS="--push=$(PUSH)"
 
 .PHONY: manifests
 manifests: ## Generate manifests (e.g. CRD, RBAC, etc.).
-	@$(MAKE) local-$@ DEST=./
+	@$(MAKE) local-$@ DEST=./ PLATFORM=linux/amd64
 
 .PHONY: release
 release: manifests container ## Create the release YAML. The build result will be ouput to the specified local destination.
-	@$(MAKE) local-$@ DEST=./$(ARTIFACTS)
+	@$(MAKE) local-$@ DEST=./$(ARTIFACTS) PLATFORM=linux/amd64
 
 .PHONY: deploy
 deploy: manifests ## Deploy to a cluster. This is for testing purposes only.

config/crd/bases/bootstrap.cluster.x-k8s.io_talosconfigs.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.2.8
+    controller-gen.kubebuilder.io/version: v0.5.0
   creationTimestamp: null
   name: talosconfigs.bootstrap.cluster.x-k8s.io
 spec:
@@ -24,14 +24,10 @@ spec:
         description: TalosConfig is the Schema for the talosconfigs API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
             type: string
           metadata:
             type: object
@@ -59,12 +55,10 @@ spec:
                 description: ErrorReason will be set on non-retryable errors
                 type: string
               ready:
-                description: Ready indicates the BootstrapData field is ready to be
-                  consumed
+                description: Ready indicates the BootstrapData field is ready to be consumed
                 type: boolean
               talosConfig:
-                description: Talos config will be a string containing the config for
-                  download
+                description: Talos config will be a string containing the config for download
                 type: string
             type: object
         type: object
@@ -78,14 +72,10 @@ spec:
         description: TalosConfig is the Schema for the talosconfigs API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
             type: string
           metadata:
             type: object
@@ -119,8 +109,7 @@ spec:
             description: TalosConfigStatus defines the observed state of TalosConfig
             properties:
               dataSecretName:
-                description: DataSecretName is the name of the secret that stores
-                  the bootstrap data script.
+                description: DataSecretName is the name of the secret that stores the bootstrap data script.
                 type: string
               failureMessage:
                 description: FailureMessage will be set on non-retryable errors
@@ -129,12 +118,10 @@ spec:
                 description: FailureReason will be set on non-retryable errors
                 type: string
               ready:
-                description: Ready indicates the BootstrapData field is ready to be
-                  consumed
+                description: Ready indicates the BootstrapData field is ready to be consumed
                 type: boolean
               talosConfig:
-                description: Talos config will be a string containing the config for
-                  download
+                description: Talos config will be a string containing the config for download
                 type: string
             type: object
         type: object

config/crd/bases/bootstrap.cluster.x-k8s.io_talosconfigtemplates.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.2.8
+    controller-gen.kubebuilder.io/version: v0.5.0
   creationTimestamp: null
   name: talosconfigtemplates.bootstrap.cluster.x-k8s.io
 spec:
@@ -21,18 +21,13 @@ spec:
   - name: v1alpha2
     schema:
       openAPIV3Schema:
-        description: TalosConfigTemplate is the Schema for the talosconfigtemplates
-          API
+        description: TalosConfigTemplate is the Schema for the talosconfigtemplates API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
             type: string
           metadata:
             type: object
@@ -62,18 +57,13 @@ spec:
   - name: v1alpha3
     schema:
       openAPIV3Schema:
-        description: TalosConfigTemplate is the Schema for the talosconfigtemplates
-          API
+        description: TalosConfigTemplate is the Schema for the talosconfigtemplates API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
             type: string
           metadata:
             type: object

go.mod

@@ -1,8 +1,6 @@
 module github.com/talos-systems/cluster-api-bootstrap-provider-talos
 
-go 1.15
-
-replace github.com/kubernetes-sigs/bootkube => github.com/talos-systems/bootkube v0.14.1-0.20200131192519-720c01d02032
+go 1.16
 
 require (
 	github.com/evanphx/json-patch v4.9.0+incompatible