add apko image building

2025-04-20 07:25:51 -04:00 · 2022-12-05 11:44:51 +01:00 · 2022-12-05 11:44:51 +01:00 · d06c4781df
commit d06c4781df
parent a0ca82c463
5 changed files with 105 additions and 4 deletions
--- a/.github/actions/build_apko/action.yml
+++ b/.github/actions/build_apko/action.yml
@ -0,0 +1,55 @@
+name: Build apko image
+description: Build an apko image based on a supplied .yaml file
+
+inputs:
+  apkoConfig:
+    description: "Path to the apko .yaml config file. If left empty, all images will be built."
+    required: false
+  registry:
+    description: "Container registry to use"
+    default: "ghcr.io"
+    required: true
+  githubToken:
+    description: "GitHub authorization token"
+    required: true
+
+# Linux runner only (Docker required)
+runs:
+  using: "composite"
+  steps:
+    - name: Log in to the Container registry
+      id: docker-login
+      uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # tag=v2.1.0
+      with:
+        registry: ${{ inputs.registry }}
+        username: ${{ github.actor }}
+        password: ${{ inputs.githubToken }}
+
+    - name: Build apko images
+      shell: bash
+      run: |
+        if [ -z "${{ inputs.apkoConfig }}" ]; then
+          echo "Building all images in image"
+          for imageConfig in image/apko/*.yaml; do
+            echo "Building image for $imageConfig"
+
+            imageName=$(basename $imageConfig | cut -d. -f1 )
+            registry=${{ inputs.registry }}/edgelesssys/apko-${imageName}
+            outTar=$imageName.tar
+
+            docker run -v "$PWD":/work cgr.dev/chainguard/apko build $imageConfig $registry $outTar
+            docker load < $outTar
+            docker push $registry
+
+          done
+        else
+          echo "Building image for ${{ inputs.apkoConfig }}"
+
+          imageName=$(basename ${{ inputs.apkoConfig }} | cut -d. -f1 )
+          registry=${{ inputs.registry }}/edgelesssys/apko-${imageName}
+          outTar=$imageName.tar
+
+          docker run -v "$PWD":/work cgr.dev/chainguard/apko build ${{ inputs.apkoConfig }} $registry $outTar
+          docker load < $outTar
+          docker push $registry
+        fi
--- a/.github/actions/build_ko/action.yml
+++ b/.github/actions/build_ko/action.yml
@ -5,7 +5,7 @@ inputs:
    description: "Name of the micro-service"
    required: true
  registry:
-    description: "Name of the repository"
+    description: "Name of the registry to use"
    required: false
    default: "ghcr.io"
  koConfig:
--- a/.github/workflows/build-apko-image.yml
+++ b/.github/workflows/build-apko-image.yml
@ -0,0 +1,28 @@
+name: Build and upload all apko container images
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - "release/**"
+      - "feat/reproducible-builds-ko"
+
+jobs:
+  build-apko-image:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Check out repository
+        id: checkout
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
+        with:
+          ref: ${{ github.head_ref }}
+
+      - name: Build and upload apko image
+        uses: ./.github/actions/build_apko
+        with:
+          registry: ghcr.io
+          githubToken: ${{ secrets.GITHUB_TOKEN }}
--- a/.ko.yaml
+++ b/.ko.yaml
@ -1,8 +1,7 @@
 defaltBaseImage: distroless.dev/static:latest@sha256:d624beaae60b10ec342896b1470421eb473549cb3ac3bf1c6ec074d8b460b4fc

 baseImageOverrides:
-  github.com/edgelesssys/constellation/v2/disk-mapper/cmd: leongross/alpine-libcryptsetup:base
-  github.com/edgelesssys/constellation/v2/bootstrapper/cmd/bootstrapper: leongross/alpine-libcryptsetup:base
+  github.com/edgelesssys/constellation/v2/operators/constellation-node-operator ghcr.io/edgelesssys/alpine-base-user-65532

 builds:
 - id: kms
@ -31,7 +30,6 @@ builds:
  - -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION}
  - -extldflags "-static"

-# currently ignoring USER 65532:65532 from Dockerfile operators/constellation/Dockerfile
 - id: constellation-node-operator
  dir: .
  main: ./operators/constellation-node-operator/
--- a/image/apko/alpine-base-user-65532.yaml
+++ b/image/apko/alpine-base-user-65532.yaml
@ -0,0 +1,20 @@
+contents:
+  repositories:
+    - https://dl-cdn.alpinelinux.org/alpine/edge/main
+  packages:
+    - alpine-base
+
+entrypoint:
+  command: /bin/sh -l
+
+accounts:
+  groups:
+    - groupname: "65532"
+      gid: 65532
+  users:
+    - username: "65532"
+      uid: 65532
+  run-as: "65532"
+
+environment:
+  PATH: /usr/sbin:/sbin:/usr/bin:/bin