fix path problems

2025-04-20 07:25:51 -04:00 · 2022-12-08 16:51:48 +01:00 · 2022-12-08 16:51:48 +01:00 · ee65dbb781
commit ee65dbb781
parent b899759b16
8 changed files with 202 additions and 23 deletions
--- a/.github/actions/build_ko/action.yml
+++ b/.github/actions/build_ko/action.yml
@ -8,6 +8,10 @@ inputs:
    description: "Name of the registry to use"
    required: false
    default: "ghcr.io"
+  pseudoVersion:
+    description: "Check if pseudo-version should be generated"
+    default: "false"
+    required: true
  koConfig:
    description: "Path to the .ko.yaml config file"
    required: false
@ -23,6 +27,8 @@ inputs:
    required: true
  generateKoSBOM:
    description: "Generate unsigned ko SBOM"
+    required: false
+    default: "false"

 outputs:
  container_full:
@ -41,6 +47,7 @@ runs:
  using: "composite"
  steps:
    - name: Determine pseudo version
+      if: ${{ inputs.pseudoVersion == 'true' }}
      id: pseudo-version
      uses: ./.github/actions/pseudo_version

@ -59,6 +66,11 @@ runs:
        tags=""
        sbom=""

+        ls -lahR ${{ github.workspace}}
+        stat ${{ inputs.koTarget }}
+        echo PWD=$(pwd) # is erased?!
+        pwd
+
        if [ "${{ github.ref }}" == "${{ github.event.repository.default_branch }}" ]; then
          tags="latest"
        else:
--- a/.github/actions/build_micro_service_ko/action.yml
+++ b/.github/actions/build_micro_service_ko/action.yml
@ -8,9 +8,9 @@ inputs:
    description: "Path to the .ko.yaml config file"
    default: ".ko.yaml"
    required: false
-  constellationPath:
-    description: "Path to the root of the Constellation repo"
-    #default: "TEST_MICRO_SERVICE_"
+  pseudoVersion:
+    description: "Check if pseudo-version should be generated"
+    default: "false"
    required: true
  koTarget:
    description: "Go package to build with ko"
@ -40,7 +40,8 @@ runs:
  using: "composite"
  steps:
    - name: Determine pseudo version
-      id: pseudo-version
+      #if: ${{ inputs.pseudoVersion == 'true' }}
+      if: ${{ failure() }}
      uses: ./.github/actions/pseudo_version
      with:
        constellationPath: ${{ inputs.constellationPath }}
@ -51,6 +52,7 @@ runs:
      with:
        name: ${{ inputs.name }}
        koConfig: ${{ inputs.koConfig }}
+        pseudoVersion: ${{ inputs.pseudoVersion }}
        koTarget: ${{ inputs.koTarget }}
        githubToken: ${{ inputs.GITHUB_TOKEN }}
        pushTag: ci-test
--- a/.github/actions/pseudo_version/action.yml
+++ b/.github/actions/pseudo_version/action.yml
@ -1,10 +1,5 @@
 name: Determine pseudo version
 description: "Determine go-like pseudo version to use as container image tag."
-inputs:
-  constellationPath:
-    description: "Path to Constellation repository root"
-    #default: "."
-    required: true

 outputs:
  pseudoVersion:
@ -30,30 +25,24 @@ runs:
    - name: get pseudo version
      id: pseudo-version
      run: |
-        ln -s ${{ inputs.constellationPath }}/.git .git
        if $(git rev-parse --is-shallow-repository); then
          git fetch --prune --unshallow --tags -v
        else
          git fetch --tags -v
        fi
-        rm .git
-
-        pseudoVersionPath=${{ inputs.constellationPath }}/hack/pseudo-version
        homedir="$(getent passwd $(id -u) | cut -d ":" -f 6)"
-
        export GOCACHE=${homedir}/.cache/go-build
        export GOPATH=${homedir}/go
        export GOMODCACHE=${homedir}/.cache/go-mod
-
-        pseudoVersion=$(go run $pseudoVersionPath)
-        semanticVersion=$(go run $pseudoVersionPath -semantic-version)
-        timestamp=$(go run $pseudoVersionPath -print-timestamp)
-        branchName=$(go run $pseudoVersionPath -print-branch)
-        releaseVersion=$(go run $pseudoVersionPath -print-release-branch)
-
+        pseudoVersion=$(go run .)
+        semanticVersion=$(go run . -semantic-version)
+        timestamp=$(go run . -print-timestamp)
+        branchName=$(go run . -print-branch)
+        releaseVersion=$(go run . -print-release-branch)
        echo "pseudoVersion=${pseudoVersion}" >> $GITHUB_OUTPUT
        echo "semanticVersion=${semanticVersion}" >> $GITHUB_OUTPUT
        echo "timestamp=${timestamp}" >> $GITHUB_OUTPUT
        echo "branchName=${branchName}" >> $GITHUB_OUTPUT
        echo "releaseVersion=${releaseVersion}" >> $GITHUB_OUTPUT
+      working-directory: hack/pseudo-version
      shell: bash
--- a/.github/actions/pseudo_version_ko/action.yaml
+++ b/.github/actions/pseudo_version_ko/action.yaml
@ -0,0 +1,58 @@
+name: Determine pseudo version
+description: "Determine go-like pseudo version to use as container image tag."
+inputs:
+  constellationPath:
+    description: "Path to Constellation repository root"
+    #default: "."
+    required: true
+
+outputs:
+  pseudoVersion:
+    description: "Pseudo version based on the current HEAD"
+    value: ${{ steps.pseudo-version.outputs.pseudoVersion }}
+  semanticVersion:
+    description: "Semantic version based on the current HEAD"
+    value: ${{ steps.pseudo-version.outputs.semanticVersion }}
+  releaseVersion:
+    description: "Release version based on branch name"
+    value: ${{ steps.pseudo-version.outputs.releaseVersion }}
+  timestamp:
+    description: "Commit timestamp based on the current HEAD"
+    value: ${{ steps.pseudo-version.outputs.timestamp }}
+  branchName:
+    description: "Branch name"
+    value: ${{ steps.pseudo-version.outputs.branchName }}
+
+# Linux runner only (homedir trick does not work on macOS, required for private runner)
+runs:
+  using: "composite"
+  steps:
+    - name: get pseudo version
+      id: pseudo-version
+      run: |
+        if $(git rev-parse --is-shallow-repository); then
+          git fetch --prune --unshallow --tags -v
+        else
+          git fetch --tags -v
+        fi
+
+        pseudoVersionPath=${{ inputs.constellationPath }}/hack/pseudo-version
+        homedir="$(getent passwd $(id -u) | cut -d ":" -f 6)"
+
+        export GOCACHE=${homedir}/.cache/go-build
+        export GOPATH=${homedir}/go
+        export GOMODCACHE=${homedir}/.cache/go-mod
+
+        pseudoVersion=$(go run $pseudoVersionPath)
+        semanticVersion=$(go run $pseudoVersionPath -semantic-version)
+        timestamp=$(go run $pseudoVersionPath -print-timestamp)
+        branchName=$(go run $pseudoVersionPath -print-branch)
+        releaseVersion=$(go run $pseudoVersionPath -print-release-branch)
+
+        echo "pseudoVersion=${pseudoVersion}" >> $GITHUB_OUTPUT
+        echo "semanticVersion=${semanticVersion}" >> $GITHUB_OUTPUT
+        echo "timestamp=${timestamp}" >> $GITHUB_OUTPUT
+        echo "branchName=${branchName}" >> $GITHUB_OUTPUT
+        echo "releaseVersion=${releaseVersion}" >> $GITHUB_OUTPUT
+      shell: bash
+      working-directory: ./hack/pseudo-version
--- a/.github/workflows/build-gcp-guest-agent-ko-redo.yml
+++ b/.github/workflows/build-gcp-guest-agent-ko-redo.yml
@ -0,0 +1,66 @@
+name: Build and Upload GCP guest-agent container (KO)
+env:
+  REGISTRY: ghcr.io
+  KO_DATA_PATH: /etc/default/
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - "release/**"
+      - "feat/reproducible-builds-ko"
+
+jobs:
+  build-gcp-guest-agent:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      matrix:
+        version: ["20220927.00"]
+        include:
+          - version: "20220927.00"
+            latest: true
+    steps:
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
+        with:
+          ref: ${{ github.head_ref }}
+
+      - name: Determine pseudo-version
+        id: pseudo-version
+        uses: ./.github/actions/pseudo_version
+
+      - name: Remove constellation
+        run: |
+          cp ./3rdparty/gcp-guest-agent/instance_configs.cfg /tmp/instance_configs.cfg
+          cp -r .github/ -r ../
+          cp .ko.yaml ../.ko.yaml
+          rm -rf constellation
+
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
+        with:
+          repository: "GoogleCloudPlatform/guest-agent"
+          ref: refs/tags/${{ matrix.version }}
+
+      - name: Prepare hardcoded configuration file
+        id: prepare-config
+        run: |
+          mkdir -p koData
+          cp /tmp/instance_configs.cfg koData/
+          cp -r ../.github/ .github/
+          cp ../.ko.yaml .ko.yaml
+
+      - name: Build and upload gcp guest service container image
+        id: build-and-upload
+        # assumes that we are currently in the root of the repo
+        uses: ./.github/actions/build_micro_service_ko
+        with:
+          name: gcp-guest-agent
+          koTarget: ./google_guest_agent
+          githubToken: ${{ secrets.GITHUB_TOKEN }}
+          pseudoVersion: "false"
+          cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
+          cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
+          cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
--- a/.github/workflows/build-gcp-guest-agent-ko.yml
+++ b/.github/workflows/build-gcp-guest-agent-ko.yml
@ -9,7 +9,6 @@ on:
    branches:
      - main
      - "release/**"
-      - "feat/reproducible-builds-ko"

 jobs:
  build-gcp-guest-agent:
--- a/.github/workflows/build-qemu-metada-api-ko.yaml
+++ b/.github/workflows/build-qemu-metada-api-ko.yaml
@ -0,0 +1,38 @@
+name: Build and upload qemu-metadata-api image (KO)
+env:
+  REGISTRY: ghcr.io
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build-join-service-ko:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      packages: write
+    outputs:
+      image: ${{ steps.build-and-upload.outputs.image }}
+      digest: ${{ steps.build-and-upload.outputs.digest }}
+    steps:
+      - name: Check out repository
+        id: checkout
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
+        with:
+          ref: ${{ github.head_ref }}
+
+      - name: Setup Go environment
+        uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # tag=v3.3.1
+        with:
+          go-version: "1.19.3"
+
+      - name: Build and upload join service container image
+        id: build-and-upload
+        uses: ./.github/actions/build_micro_service_ko
+        with:
+          name: joinservice
+          koTarget: ./joinservice/cmd
+          githubToken: ${{ secrets.GITHUB_TOKEN }}
+          cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
+          cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
+          cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
--- a/.ko.yaml
+++ b/.ko.yaml
@ -1,7 +1,8 @@
 defaltBaseImage: distroless.dev/static:latest@sha256:d624beaae60b10ec342896b1470421eb473549cb3ac3bf1c6ec074d8b460b4fc

 baseImageOverrides:
-  github.com/edgelesssys/constellation/v2/operators/constellation-node-operator ghcr.io/edgelesssys/alpine-base-user-65532
+  github.com/edgelesssys/constellation/operators/constellation-node-operator/v2: ghcr.io/edgelesssys/apko-alpine-base-user-65532
+  github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api: ghcr.io/edgelesssys/apko-alpine-qemu-metadata-api

 builds:
 - id: kms
@ -61,3 +62,17 @@ builds:
  - -s -w -buildid=''
  - -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION}
  - -extldflags "-static"
+
+- id: qemu-metadata-api
+  dir: .
+  main: ./hack/qemu-metadata-api/
+  env:
+  - CGO_ENABLED=0
+  - GOOS=linux
+  - GOARCH=amd64
+  flags:
+  - -trimpath
+  - -buildvcs=false
+  - -a
+  ldflags:
+  - -s -w -buildid=''