Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: use makefile to build melange packages #5008

Closed
wants to merge 6 commits into from
Closed

chore: use makefile to build melange packages #5008

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2463274
chore: use makefile to build melange packages
ricardomaraschini Nov 15, 2024
614278b
chore: install make
ricardomaraschini Nov 15, 2024
ccb26b8
chore: add missing sudo
ricardomaraschini Nov 15, 2024
3d42213
chore: add missing setup-go step
ricardomaraschini Nov 15, 2024
c404b7d
chore: install bubblewrap
ricardomaraschini Nov 15, 2024
6587d58
chore: use git_tag instead of package_version
ricardomaraschini Nov 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 33 additions & 13 deletions .github/actions/build-custom-melange-package/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,32 +46,52 @@ runs:

# build the melange package

- name: template melange config
- uses: actions/setup-go@v5
with:
go-version: '1.23'

- name: install melange
shell: bash
run: |
export GIT_TAG=${{ inputs.git-tag }}
envsubst '${GIT_TAG}' < ${{ inputs.context }}/melange.yaml.tmpl > ${{ inputs.context }}/melange.yaml
sudo apt install -y make
make melange

- uses: chainguard-dev/actions/melange-build@main
with:
config: ${{ inputs.context }}/melange.yaml
archs: ${{ inputs.arch }}
git-commit: ${{ github.sha }}
git-repo-url: ${{ github.server_url }}/${{ github.repository }}
sign-with-temporary-key: true
# TODO: the bubblewrap package available from "apt install"
# is outdated and missing newer features such as --clearenv flag,
# so instead we download the wolfi .apk and use the binary in there
- name: 'Install dependencies (bubblewrap)'
shell: bash
run: |
sudo apt install -y libcap-dev meson ninja-build
git clone https://github.com/containers/bubblewrap
pushd bubblewrap
meson --prefix=/usr -Drequire_userns=true . output
cd output
ninja
sudo ninja install
popd
rm -rf bubblewrap

- name: build melange package
shell: bash
run: |
make melange-build \
MELANGE_CONFIG=${{ inputs.context }}/melange.yaml.tmpl \
ARCHS=${{ inputs.arch }} \
GIT_TAG=${{ inputs.git-tag }}

# upload artifacts generated by the melange build so they can later be used by apko

- name: rename melange.rsa.pub
shell: bash
run: mv melange.rsa.pub melange-${{ inputs.arch }}.rsa.pub
run: mv build/melange.rsa.pub build/melange-${{ inputs.arch }}.rsa.pub

- uses: actions/upload-artifact@v4
with:
name: ${{ inputs.component }}-melange-packages-${{ inputs.arch }}
path: ./packages
path: ./build/packages

- uses: actions/upload-artifact@v4
with:
name: ${{ inputs.component }}-melange-rsa-pub-${{ inputs.arch }}
path: ./melange-${{ inputs.arch }}.rsa.pub
path: ./build/melange-${{ inputs.arch }}.rsa.pub
1 change: 1 addition & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
include Makefile.build.mk
include common.mk
CURRENT_USER := $(shell id -u -n)
MINIO_TAG ?= 0.20241107.005220-r0
RQLITE_TAG ?= 8.34.0-r0
Expand Down
128 changes: 128 additions & 0 deletions common.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
SHELL := /bin/bash

ARCH ?= $(shell go env GOARCH)
CURRENT_USER := $(if $(GITHUB_USER),$(GITHUB_USER),$(shell id -u -n))

## Location to install dependencies to
LOCALBIN ?= $(shell pwd)/bin
$(LOCALBIN):
mkdir -p $(LOCALBIN)

## Tool Binaries
MELANGE ?= $(LOCALBIN)/melange
APKO ?= $(LOCALBIN)/apko

## Version to use for building
VERSION ?= $(shell git describe --tags --match='[0-9]*.[0-9]*.[0-9]*')

# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
GOBIN=$(shell go env GOPATH)/bin
else
GOBIN=$(shell go env GOBIN)
endif

image-tag = $(shell echo "$1" | sed 's/+/-/')

.PHONY: print-%
print-%:
@echo -n $($*)

.PHONY: check-env-%
check-env-%:
@ if [ "${${*}}" = "" ]; then \
echo "Environment variable $* not set"; \
exit 1; \
fi

melange: $(MELANGE)
$(MELANGE): $(LOCALBIN)
go install chainguard.dev/melange@latest && \
test -s $(GOBIN)/melange && \
ln -sf $(GOBIN)/melange $(LOCALBIN)/melange

apko: $(APKO)
$(APKO): $(LOCALBIN)
go install chainguard.dev/apko@latest && \
test -s $(GOBIN)/apko && \
ln -sf $(GOBIN)/apko $(LOCALBIN)/apko

CHAINGUARD_TOOLS_USE_DOCKER = 0
ifeq ($(CHAINGUARD_TOOLS_USE_DOCKER),"1")
MELANGE_CACHE_DIR ?= /go/pkg/mod
APKO_CMD = docker run -v $(shell pwd):/work -w /work -v $(shell pwd)/build/.docker:/root/.docker cgr.dev/chainguard/apko
MELANGE_CMD = docker run --privileged --rm -v $(shell pwd):/work -w /work -v "$(shell go env GOMODCACHE)":${MELANGE_CACHE_DIR} cgr.dev/chainguard/melange
else
MELANGE_CACHE_DIR ?= cache/.melange-cache
APKO_CMD = apko
MELANGE_CMD = melange
endif

$(MELANGE_CACHE_DIR):
mkdir -p $(MELANGE_CACHE_DIR)

.PHONY: apko-build
apko-build: ARCHS ?= $(ARCH)
apko-build: check-env-IMAGE apko-template
cd build && ${APKO_CMD} \
build apko.yaml ${IMAGE} apko.tar \
--arch ${ARCHS}

.PHONY: apko-build-and-publish
apko-build-and-publish: ARCHS ?= $(ARCH)
apko-build-and-publish: check-env-IMAGE apko-template
@bash -c 'set -o pipefail && cd build && ${APKO_CMD} publish apko.yaml ${IMAGE} --arch ${ARCHS} | tee digest'
$(MAKE) apko-output-image

.PHONY: apko-login
apko-login:
rm -f build/.docker/config.json
@ { [ "${PASSWORD}" = "" ] || [ "${USERNAME}" = "" ] ; } || \
${APKO_CMD} \
login -u "${USERNAME}" \
--password "${PASSWORD}" "${REGISTRY}"

.PHONY: apko-print-pkg-version
apko-print-pkg-version: ARCHS ?= $(ARCH)
apko-print-pkg-version: apko-template check-env-PACKAGE_NAME
cd build && \
${APKO_CMD} show-packages apko.yaml --arch=${ARCHS} | \
grep ${PACKAGE_NAME} | \
cut -s -d" " -f2 | \
head -n1

.PHONY: apko-output-image
apko-output-image: check-env-IMAGE
@digest=$$(cut -s -d'@' -f2 build/digest); \
if [ -z "$$digest" ]; then \
echo "error: no image digest found" >&2; \
exit 1; \
fi ; \
echo "$(IMAGE)@$$digest" > build/image

.PHONY: melange-build
melange-build: ARCHS ?= $(ARCH)
melange-build: MELANGE_SOURCE_DIR ?= .
melange-build: $(MELANGE_CACHE_DIR) melange-template
mkdir -p build
${MELANGE_CMD} \
keygen build/melange.rsa
${MELANGE_CMD} \
build build/melange.yaml \
--arch ${ARCHS} \
--signing-key build/melange.rsa \
--cache-dir=$(MELANGE_CACHE_DIR) \
--source-dir $(MELANGE_SOURCE_DIR) \
--out-dir build/packages \
--git-repo-url github.com/replicatedhq/kots


.PHONY: melange-template
melange-template: check-env-MELANGE_CONFIG check-env-GIT_TAG
mkdir -p build
envsubst '$${GIT_TAG}' < ${MELANGE_CONFIG} > build/melange.yaml

.PHONY: apko-template
apko-template: check-env-APKO_CONFIG check-env-GIT_TAG
mkdir -p build
envsubst '$${GIT_TAG}' < ${APKO_CONFIG} > build/apko.yaml
Loading