diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml deleted file mode 100644 index bf48614e81..0000000000 --- a/.github/workflows/release.yaml +++ /dev/null @@ -1,56 +0,0 @@ -name: Publish image - -on: - release: - types: [released] - -jobs: - build: - env: - IMAGE_NAME: gcr.io/kaniko-project/executor - - runs-on: ubuntu-latest - steps: - - name: Get latest release tag - uses: oprypin/find-latest-tag@v1 - with: - repository: GoogleContainerTools/kaniko # The repository to scan. - releases-only: true # We know that all relevant tags have a GitHub release for them. - id: kaniko - - - name: Clone source code - uses: actions/checkout@v2 - with: - ref: ${{ steps.kaniko.outputs.tag }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - version: latest - - - name: Available platforms - run: echo ${{ steps.buildx.outputs.platforms }} - - - name: Setup gcloud CLI - uses: GoogleCloudPlatform/github-actions/setup-gcloud@master - with: - service_account_key: ${{ secrets.GCR_DEVOPS_SERVICE_ACCOUNT_KEY }} - project_id: kaniko-project - export_default_credentials: true - - - name: Build and push image - run: | - gcloud auth configure-docker -q - IMAGE_VERSION="$(git describe --tags --abbrev=0)" - SHORT_SHA1=$(git rev-parse --short HEAD) - PLATFORMS="linux/amd64,linux/ppc64le,linux/arm64" - echo "Building and pushing version ${IMAGE_VERSION} of image ${IMAGE_NAME}" - docker buildx build --platform "${PLATFORMS}" -t "${IMAGE_NAME}:${IMAGE_VERSION}" -t "${IMAGE_NAME}:latest" -f ./deploy/Dockerfile \ - --push . - diff --git a/BUILD b/BUILD deleted file mode 100644 index 83716bc4f8..0000000000 --- a/BUILD +++ /dev/null @@ -1,4 +0,0 @@ -load("@bazel_gazelle//:def.bzl", "gazelle") - -# gazelle:prefix github.com/GoogleContainerTools/kaniko -gazelle(name = "gazelle") diff --git a/Makefile b/Makefile index 486ba00e8e..08dd5e634f 100644 --- a/Makefile +++ b/Makefile @@ -88,9 +88,9 @@ integration-test-misc: .PHONY: images images: - docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:latest -f deploy/Dockerfile . - docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:debug -f deploy/Dockerfile_debug . - docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/warmer:latest -f deploy/Dockerfile_warmer . + docker build ${BUILD_ARG} --build-arg=TARGETARCH=$(GOARCH) --build-arg=BUILDPLATFORM=linux/$(GOARCH) -t $(REGISTRY)/executor:latest -f deploy/Dockerfile . + docker build ${BUILD_ARG} --build-arg=TARGETARCH=$(GOARCH) --build-arg=BUILDPLATFORM=linux/$(GOARCH) -t $(REGISTRY)/executor:debug -f deploy/Dockerfile_debug . + docker build ${BUILD_ARG} --build-arg=TARGETARCH=$(GOARCH) --build-arg=BUILDPLATFORM=linux/$(GOARCH) -t $(REGISTRY)/warmer:latest -f deploy/Dockerfile_warmer . .PHONY: push push: diff --git a/WORKSPACE b/WORKSPACE deleted file mode 100644 index 6300cbfa75..0000000000 --- a/WORKSPACE +++ /dev/null @@ -1,53 +0,0 @@ -workspace(name = "kaniko") - -load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") - -http_archive( - name = "io_bazel_rules_go", - sha256 = "b725e6497741d7fc2d55fcc29a276627d10e43fa5d0bb692692890ae30d98d00", - urls = [ - "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.24.3/rules_go-v0.24.3.tar.gz", - "https://github.com/bazelbuild/rules_go/releases/download/v0.24.3/rules_go-v0.24.3.tar.gz", - ], -) - -http_archive( - name = "bazel_gazelle", - sha256 = "b85f48fa105c4403326e9525ad2b2cc437babaa6e15a3fc0b1dbab0ab064bc7c", - urls = [ - "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.22.2/bazel-gazelle-v0.22.2.tar.gz", - "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.22.2/bazel-gazelle-v0.22.2.tar.gz", - ], -) - -load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies") -load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies") - -go_rules_dependencies() - -go_register_toolchains() - -gazelle_dependencies() - -# Docker rules. -http_archive( - name = "io_bazel_rules_docker", - sha256 = "cf53839c398e464b10ec2fbeb11aedb446f078c28e3b4ce372461bb105ef435c", - strip_prefix = "rules_docker-f8478e57ab7457e403fda474f06ac0bb120d92a7", - urls = ["https://github.com/bazelbuild/rules_docker/archive/f8478e57ab7457e403fda474f06ac0bb120d92a7.tar.gz"], -) - -load( - "@io_bazel_rules_docker//repositories:repositories.bzl", - container_repositories = "repositories", -) - -container_repositories() - -load("@io_bazel_rules_docker//repositories:deps.bzl", container_deps = "deps") - -container_deps() - -load("@io_bazel_rules_docker//repositories:pip_repositories.bzl", "pip_deps") - -pip_deps() diff --git a/cmd/executor/BUILD b/cmd/executor/BUILD deleted file mode 100644 index 7c58a3657d..0000000000 --- a/cmd/executor/BUILD +++ /dev/null @@ -1,61 +0,0 @@ -load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") -load("@io_bazel_rules_docker//container:container.bzl", "container_image") - -go_library( - name = "executor_lib", - srcs = ["main.go"], - importpath = "github.com/GoogleContainerTools/kaniko/cmd/executor", - visibility = ["//visibility:private"], - deps = ["//cmd/executor/cmd"], -) - -go_binary( - name = "executor", - embed = [":executor_lib"], - pure = "on", - visibility = ["//visibility:public"], -) - -ARCHITECTURES = [ - "amd64", - "arm64", - "s390x", -] - -[ - go_binary( - name = "executor_" + arch, - embed = [":executor_lib"], - goarch = arch, - goos = "linux", - pure = "on", - visibility = ["//visibility:public"], - ) - for arch in ARCHITECTURES -] - -[ - container_image( - name = "image_" + arch, - architecture = arch, - base = "//files:image", - directory = "/kaniko", - entrypoint = ["/kaniko/executor_" + arch], - env = { - "HOME": "/root", - "USER": "root", - "PATH": "/usr/local/bin:/kaniko", - "SSL_CERT_DIR": "/kaniko/ssl/certs", - "DOCKER_CONFIG": "/kaniko/.docker/", - }, - files = [ - ":executor_" + arch, - ], - symlinks = { - "/kaniko/executor": "/kaniko/executor_" + arch, - }, - visibility = ["//visibility:public"], - workdir = "/workspace", - ) - for arch in ARCHITECTURES -] diff --git a/deploy/Dockerfile b/deploy/Dockerfile index 2438fb4629..fb63f1a56b 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -14,20 +14,14 @@ # Builds the static Go image to execute in a Kubernetes job -FROM golang:1.14 -ARG GOARCH=amd64 -WORKDIR /go/src/github.com/GoogleContainerTools/kaniko - -RUN echo $GOARCH > /goarch +ARG BUILDPLATFORM +FROM --platform=${BUILDPLATFORM} golang:1.14 +ARG TARGETARCH -#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc. -ARG TARGETPLATFORM - -#Capture ARCH has write to /goarch -RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH" +WORKDIR /go/src/github.com/GoogleContainerTools/kaniko # Get GCR credential helper -RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ +RUN GOARCH=${TARGETARCH} && CGO_ENABLED=0 && \ (mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \ cd /go/src/github.com/GoogleCloudPlatform && \ git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ @@ -36,12 +30,12 @@ RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go # Get Amazon ECR credential helper -RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ +RUN GOARCH=${TARGETARCH} && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper # ACR docker credential helper COPY ./acr.patch / -RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true) && \ +RUN GOARCH=${TARGETARCH} && (mkdir -p /go/src/github.com/Azure || true) && \ cd /go/src/github.com/Azure && \ git clone https://github.com/Azure/acr-docker-credential-helper && \ cd /go/src/github.com/Azure/acr-docker-credential-helper && \ @@ -50,7 +44,7 @@ RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true) && \ make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux #ACR docker env credential helper -RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) && \ +RUN GOARCH=${TARGETARCH} && (mkdir -p /go/src/github.com/chrismellard || true) && \ cd /go/src/github.com/chrismellard && \ git clone https://github.com/chrismellard/docker-credential-acr-env && \ cd docker-credential-acr-env && \ @@ -60,7 +54,7 @@ RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) RUN mkdir -p /kaniko/.docker COPY . . -RUN make GOARCH=$(cat /goarch.txt) +RUN make GOARCH=${TARGETARCH} FROM scratch COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor diff --git a/deploy/Dockerfile_debug b/deploy/Dockerfile_debug index 75f5155f63..133a1ccbcd 100644 --- a/deploy/Dockerfile_debug +++ b/deploy/Dockerfile_debug @@ -15,12 +15,16 @@ # Builds the static Go image to execute in a Kubernetes job # Stage 0: Build the executor binary and get credential helpers -FROM golang:1.14 -ARG GOARCH=amd64 +ARG BUILDPLATFORM +FROM --platform=${BUILDPLATFORM} golang:1.14 +ARG TARGETARCH + WORKDIR /go/src/github.com/GoogleContainerTools/kaniko + # Get GCR credential helper ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.2/docker-credential-gcr_linux_amd64-2.0.2.tar.gz /usr/local/bin/ RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.2.tar.gz + # Get Amazon ECR credential helper RUN go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login RUN make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper linux-amd64 @@ -35,7 +39,7 @@ RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credentia RUN mkdir -p /kaniko/.docker COPY . . -RUN make GOARCH=${GOARCH} && make out/warmer +RUN make GOARCH=${TARGETARCH} && make out/warmer FROM scratch COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/* /kaniko/ diff --git a/deploy/Dockerfile_slim b/deploy/Dockerfile_slim new file mode 100644 index 0000000000..b1a2d71482 --- /dev/null +++ b/deploy/Dockerfile_slim @@ -0,0 +1,34 @@ +# Copyright 2020 Google, Inc. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Builds the static Go image to execute in a Kubernetes job + +ARG BUILDPLATFORM +FROM --platform=${BUILDPLATFORM} golang:1.14 +ARG TARGETARCH + +WORKDIR /go/src/github.com/GoogleContainerTools/kaniko + +COPY . . +RUN make GOARCH=${TARGETARCH} + +FROM scratch +COPY files/nsswitch.conf /etc/nsswitch.conf +ENV HOME /root +ENV USER root +ENV PATH /usr/local/bin:/kaniko +ENV SSL_CERT_DIR=/kaniko/ssl/certs + +ENTRYPOINT ["/kaniko/executor"] + diff --git a/deploy/Dockerfile_warmer b/deploy/Dockerfile_warmer index 156fdeb439..4a2a8dd9bb 100644 --- a/deploy/Dockerfile_warmer +++ b/deploy/Dockerfile_warmer @@ -13,13 +13,16 @@ # limitations under the License. # Builds the static Go image to execute in a Kubernetes job +ARG BUILDPLATFORM +FROM --platform=${BUILDPLATFORM} golang:1.14 +ARG TARGETARCH -FROM golang:1.14 -ARG GOARCH=amd64 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko + # Get GCR credential helper ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.1/docker-credential-gcr_linux_amd64-2.0.1.tar.gz /usr/local/bin/ RUN tar -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.1.tar.gz + # Get Amazon ECR credential helper RUN go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login RUN make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper linux-amd64 @@ -30,7 +33,7 @@ RUN tar -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-linux-amd6 RUN mkdir -p /kaniko/.docker COPY . . -RUN make GOARCH=${GOARCH} out/warmer +RUN make GOARCH=${TARGETARCH} out/warmer FROM scratch COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer diff --git a/deploy/cloudbuild-release.yaml b/deploy/cloudbuild-release.yaml index f7004f2cf1..1a8b779ae0 100644 --- a/deploy/cloudbuild-release.yaml +++ b/deploy/cloudbuild-release.yaml @@ -1,110 +1,67 @@ -# This cloudbuild is run on the creation of new tags, which should signify releases. timeout: 1800s steps: +# Set up builder for muti-arch builds. +- name: 'gcr.io/cloud-builders/docker' + args: ['run', '--privileged', 'linuxkit/binfmt:v0.7'] + id: 'initialize-qemu' +- name: 'gcr.io/cloud-builders/docker' + args: ['buildx', 'create', '--name', 'mybuilder'] + id: 'create-builder' +- name: 'gcr.io/cloud-builders/docker' + args: ['buildx', 'use', 'mybuilder'] + id: 'select-builder' +- name: 'gcr.io/cloud-builders/docker' + args: ['buildx', 'inspect', '--bootstrap'] + id: 'show-target-build-platforms' - # First, build kaniko - - name: "gcr.io/cloud-builders/docker" - args: ["build", "-f", "deploy/Dockerfile", - "-t", "gcr.io/kaniko-project/executor:$TAG_NAME", "."] - - name: "gcr.io/cloud-builders/docker" - args: ["tag", "gcr.io/kaniko-project/executor:$TAG_NAME", - "gcr.io/kaniko-project/executor:latest"] - # Then, we want to build kaniko:debug - - name: "gcr.io/cloud-builders/docker" - args: ["build", "-f", "deploy/Dockerfile_debug", - "-t", "gcr.io/kaniko-project/executor:debug-$TAG_NAME", "."] - - name: "gcr.io/cloud-builders/docker" - args: ["tag", "gcr.io/kaniko-project/executor:debug-$TAG_NAME", - "gcr.io/kaniko-project/executor:$TAG_NAME-debug"] - - name: "gcr.io/cloud-builders/docker" - args: ["tag", "gcr.io/kaniko-project/executor:debug-$TAG_NAME", - "gcr.io/kaniko-project/executor:debug"] - # Then, we want to build the cache warmer - - name: "gcr.io/cloud-builders/docker" - args: ["build", "-f", "deploy/Dockerfile_warmer", - "-t", "gcr.io/kaniko-project/warmer:$TAG_NAME", "."] - - name: "gcr.io/cloud-builders/docker" - args: ["tag", "gcr.io/kaniko-project/warmer:$TAG_NAME", - "gcr.io/kaniko-project/warmer:latest"] +# First, build kaniko +- name: "gcr.io/cloud-builders/docker" + args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile", + "-t", "gcr.io/kaniko-project/executor:$TAG_NAME", "."] +- name: "gcr.io/cloud-builders/docker" + args: ["tag", "gcr.io/kaniko-project/executor:$TAG_NAME", + "gcr.io/kaniko-project/executor:latest"] +# Then, we want to build kaniko:debug +- name: "gcr.io/cloud-builders/docker" + args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_debug", + "-t", "gcr.io/kaniko-project/executor:debug-$TAG_NAME", "."] +- name: "gcr.io/cloud-builders/docker" + args: ["tag", "gcr.io/kaniko-project/executor:debug-$TAG_NAME", + "gcr.io/kaniko-project/executor:debug"] - # Build each of the multi-arch images with Bazel and load them into the Docker daemon. - - name: gcr.io/cloud-marketplace-containers/google/bazel:3.4.1 - entrypoint: sh - args: - - -c - - | - #!/bin/sh - set -o errexit - set -o xtrace +# Then, we want to build the cache warmer +- name: "gcr.io/cloud-builders/docker" + args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_warmer", + "-t", "gcr.io/kaniko-project/warmer:$TAG_NAME", "."] +- name: "gcr.io/cloud-builders/docker" + args: ["tag", "gcr.io/kaniko-project/warmer:$TAG_NAME", + "gcr.io/kaniko-project/warmer:latest"] - bazel run //:gazelle - bazel run --host_force_python=PY2 //cmd/executor:image_amd64 - bazel run --host_force_python=PY2 //cmd/executor:image_arm64 - bazel run --host_force_python=PY2 //cmd/executor:image_s390x +# Finally executor:slim image +- name: "gcr.io/cloud-builders/docker" + args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_slim", + "-t", "gcr.io/kaniko-project/executor:$TAG_NAME-slim", "."] +- name: "gcr.io/cloud-builders/docker" + args: ["tag", "gcr.io/kaniko-project/executor:$TAG_NAME-slim", + "gcr.io/kaniko-project/executor:slim"] - # Publish the individual container images - - name: docker - entrypoint: sh - args: - - -c - - | - #!/bin/sh - set -o errexit - set -o xtrace - docker tag bazel/cmd/executor:image_amd64 gcr.io/kaniko-project/executor:amd64 - docker tag bazel/cmd/executor:image_amd64 gcr.io/kaniko-project/executor:amd64-$TAG_NAME - docker tag bazel/cmd/executor:image_arm64 gcr.io/kaniko-project/executor:arm64 - docker tag bazel/cmd/executor:image_arm64 gcr.io/kaniko-project/executor:arm64-$TAG_NAME - docker tag bazel/cmd/executor:image_arm64 gcr.io/kaniko-project/executor:s390x - docker tag bazel/cmd/executor:image_arm64 gcr.io/kaniko-project/executor:s390x-$TAG_NAME +images: ["gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:${TAG_NAME}", + "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:latest", + "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:${TAG_NAME}-slim", + "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:slim", + "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:debug-${TAG_NAME}", + "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:debug", + "gcr.io/$PROJECT_ID/${_WARMER_IMAGE_NAME}:latest", + "gcr.io/$PROJECT_ID/${_WARMER_IMAGE_NAME}:${TAG_NAME}"] - docker push gcr.io/kaniko-project/executor:amd64 - docker push gcr.io/kaniko-project/executor:amd64-$TAG_NAME - docker push gcr.io/kaniko-project/executor:arm64 - docker push gcr.io/kaniko-project/executor:arm64-$TAG_NAME - docker push gcr.io/kaniko-project/executor:s390x - docker push gcr.io/kaniko-project/executor:s390x-$TAG_NAME +options: + env: + - 'DOCKER_CLI_EXPERIMENTAL=enabled' - # Enable "manifest list" support in docker, and publish one covering the per-architecture - # images published above. - - name: docker - entrypoint: sh - args: - - -c - - | - #!/bin/sh - set -o errexit - set -o xtrace - - # Publish manifest lists second, after all of the binary material - # has been uploaded, so that it is fast. We want fast because enabling - # the experimental features in docker changes ~/.docker/config.json, which - # GCB periodically tramples. - # - # Enable support for 'docker manifest create' - # https://docs.docker.com/engine/reference/commandline/manifest_create/ - sed -i 's/^{/{"experimental": "enabled",/g' ~/.docker/config.json - - docker manifest create gcr.io/kaniko-project/executor:multi-arch \ - gcr.io/kaniko-project/executor:amd64 \ - gcr.io/kaniko-project/executor:arm64 \ - gcr.io/kaniko-project/executor:s390x - docker manifest push gcr.io/kaniko-project/executor:multi-arch - - docker manifest create gcr.io/kaniko-project/executor:multi-arch-$TAG_NAME \ - gcr.io/kaniko-project/executor:amd64-$TAG_NAME \ - gcr.io/kaniko-project/executor:arm64-$TAG_NAME \ - gcr.io/kaniko-project/executor:s390x-$TAG_NAME - docker manifest push gcr.io/kaniko-project/executor:multi-arch-$TAG_NAME - - -images: ["gcr.io/kaniko-project/executor:$TAG_NAME", - "gcr.io/kaniko-project/executor:latest", - "gcr.io/kaniko-project/executor:debug-$TAG_NAME", - "gcr.io/kaniko-project/executor:debug", - "gcr.io/kaniko-project/warmer:$TAG_NAME", - "gcr.io/kaniko-project/warmer:latest", - "gcr.io/kaniko-project/executor:$TAG_NAME-debug"] +substitutions: + _EXECUTOR_IMAGE_NAME: executor + _WARMER_IMAGE_NAME: warmer + _DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64,linux/s390x' \ No newline at end of file diff --git a/deploy/cloudbuild.yaml b/deploy/cloudbuild.yaml index d60c7412fd..eb9119ae9d 100644 --- a/deploy/cloudbuild.yaml +++ b/deploy/cloudbuild.yaml @@ -1,88 +1,67 @@ timeout: 1800s steps: + # Set up builder for muti-arch builds. + - name: 'gcr.io/cloud-builders/docker' + args: ['run', '--privileged', 'linuxkit/binfmt:v0.7'] + id: 'initialize-qemu' + - name: 'gcr.io/cloud-builders/docker' + args: ['buildx', 'create', '--name', 'mybuilder'] + id: 'create-builder' + - name: 'gcr.io/cloud-builders/docker' + args: ['buildx', 'use', 'mybuilder'] + id: 'select-builder' + - name: 'gcr.io/cloud-builders/docker' + args: ['buildx', 'inspect', '--bootstrap'] + id: 'show-target-build-platforms' # First, build kaniko - name: "gcr.io/cloud-builders/docker" - args: ["build", "-f", "deploy/Dockerfile", - "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:${COMMIT_SHA}", "."] + args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile", + "-t", "gcr.io/kaniko-project/executor:$TAG_NAME", "."] + - name: "gcr.io/cloud-builders/docker" + args: ["tag", "gcr.io/kaniko-project/executor:$TAG_NAME", + "gcr.io/kaniko-project/executor:latest"] + # Then, we want to build kaniko:debug - name: "gcr.io/cloud-builders/docker" - args: ["build", "-f", "deploy/Dockerfile_debug", - "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:debug-${COMMIT_SHA}", "."] + args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_debug", + "-t", "gcr.io/kaniko-project/executor:debug-$TAG_NAME", "."] - name: "gcr.io/cloud-builders/docker" - args: ["build", "-f", "deploy/Dockerfile_debug", - "-t", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:${COMMIT_SHA}-debug", "."] + args: ["tag", "gcr.io/kaniko-project/executor:debug-$TAG_NAME", + "gcr.io/kaniko-project/executor:debug"] + # Then, we want to build the cache warmer - name: "gcr.io/cloud-builders/docker" - args: ["build", "-f", "deploy/Dockerfile_warmer", - "-t", "gcr.io/$PROJECT_ID/${_WARMER_IMAGE_NAME}:${COMMIT_SHA}", "."] - - - # Build each of the multi-arch images with Bazel and load them into the Docker daemon. - - name: gcr.io/cloud-marketplace-containers/google/bazel:3.4.1 - entrypoint: sh - args: - - -c - - | - #!/bin/sh - set -o errexit - set -o xtrace - - bazel run //:gazelle - bazel run --host_force_python=PY2 //cmd/executor:image_amd64 - bazel run --host_force_python=PY2 //cmd/executor:image_arm64 - bazel run --host_force_python=PY2 //cmd/executor:image_s390x - - # Publish the individual container images - - name: docker - entrypoint: sh - args: - - -c - - | - #!/bin/sh - set -o errexit - set -o xtrace - - docker tag bazel/cmd/executor:image_amd64 gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:amd64-${COMMIT_SHA} - docker tag bazel/cmd/executor:image_arm64 gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:arm64-${COMMIT_SHA} - docker tag bazel/cmd/executor:image_s390x gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:s390x-${COMMIT_SHA} - - docker push gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:amd64-${COMMIT_SHA} - docker push gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:arm64-${COMMIT_SHA} - docker push gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:s390x-${COMMIT_SHA} - - # Enable "manifest list" support in docker, and publish one covering the per-architecture - # images published above. - - name: docker - entrypoint: sh - args: - - -c - - | - #!/bin/sh - set -o errexit - set -o xtrace - - # Publish manifest lists second, after all of the binary material - # has been uploaded, so that it is fast. We want fast because enabling - # the experimental features in docker changes ~/.docker/config.json, which - # GCB periodically tramples. - # - # Enable support for 'docker manifest create' - # https://docs.docker.com/engine/reference/commandline/manifest_create/ - sed -i 's/^{/{"experimental": "enabled",/g' ~/.docker/config.json + args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_warmer", + "-t", "gcr.io/kaniko-project/warmer:$TAG_NAME", "."] + - name: "gcr.io/cloud-builders/docker" + args: ["tag", "gcr.io/kaniko-project/warmer:$TAG_NAME", + "gcr.io/kaniko-project/warmer:latest"] - docker manifest create gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:multi-arch-${COMMIT_SHA} \ - gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:amd64-${COMMIT_SHA} \ - gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:arm64-${COMMIT_SHA} \ - gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:s390x-${COMMIT_SHA} - docker manifest push gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:multi-arch-${COMMIT_SHA} + # Finally executor:slim image + - name: "gcr.io/cloud-builders/docker" + args: ['buildx', 'build', '--platform', '$_DOCKER_BUILDX_PLATFORMS', "-f", "deploy/Dockerfile_slim", + "-t", "gcr.io/kaniko-project/executor:$TAG_NAME-slim", "."] + - name: "gcr.io/cloud-builders/docker" + args: ["tag", "gcr.io/kaniko-project/executor:$TAG_NAME-slim", + "gcr.io/kaniko-project/executor:slim"] images: ["gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:${COMMIT_SHA}", + "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:latest", + "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:${COMMIT_SHA}-slim", + "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:slim", "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:debug-${COMMIT_SHA}", + "gcr.io/$PROJECT_ID/${_EXECUTOR_IMAGE_NAME}:debug", + "gcr.io/$PROJECT_ID/${_WARMER_IMAGE_NAME}:latest", "gcr.io/$PROJECT_ID/${_WARMER_IMAGE_NAME}:${COMMIT_SHA}"] +options: + env: + - 'DOCKER_CLI_EXPERIMENTAL=enabled' + substitutions: _EXECUTOR_IMAGE_NAME: executor _WARMER_IMAGE_NAME: warmer + _DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64,linux/s390x' diff --git a/files/BUILD b/files/BUILD deleted file mode 100644 index b14343c978..0000000000 --- a/files/BUILD +++ /dev/null @@ -1,16 +0,0 @@ -load("@io_bazel_rules_docker//container:container.bzl", "container_image") - -container_image( - name = "nsswitch", - directory = "etc", - files = [":nsswitch.conf"], - visibility = ["//visibility:private"], -) - -container_image( - name = "image", - base = ":nsswitch", - directory = "kaniko/ssl/certs", - files = [":ca-certificates.crt"], - visibility = ["//visibility:public"], -) diff --git a/integration/BUILD b/integration/BUILD deleted file mode 100644 index 2ba82f9bc7..0000000000 --- a/integration/BUILD +++ /dev/null @@ -1,109 +0,0 @@ -load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") - -go_library( - name = "integration", - srcs = [ - "cleanup.go", - "cmd.go", - "config.go", - "gcs.go", - "images.go", - ], - importpath = "github.com/GoogleContainerTools/kaniko/integration", - tags = ["manual"], - visibility = ["//visibility:public"], - deps = ["//pkg/timing"], -) - -go_test( - name = "integration_test", - srcs = [ - "benchmark_test.go", - "integration_test.go", - "integration_with_context_test.go", - "integration_with_stdin_test.go", - "k8s_test.go", - ], - data = glob(["testdata/**"]), - embed = [":integration"], - tags = ["manual"], - deps = [ - "//pkg/timing", - "//pkg/util", - "//testutil", - "//vendor/github.com/google/go-containerregistry/pkg/name", - "//vendor/github.com/google/go-containerregistry/pkg/v1/daemon", - "//vendor/github.com/pkg/errors", - ], -) - -load("@io_bazel_rules_docker//container:container.bzl", "container_image") -load("@io_bazel_rules_docker//contrib:test.bzl", "container_test") - -ARCHITECTURES = [ - "amd64", - "arm64", -] - -# Image with testdata -[ - container_image( - name = "buildtest_image_" + arch, - architecture = arch, - base = "//cmd/executor:image_" + arch, - directory = "/workspace", - files = [ - ":testdata/Dockerfile.trivial", - ], - ) - for arch in ARCHITECTURES -] - -# Non-executable tests can run on any architecture, -# so do not tag them. -[ - container_test( - name = "image_files_" + arch + "_test", - configs = ["testdata/files.yaml"], - image = "//cmd/executor:image_" + arch, - ) - for arch in ARCHITECTURES -] - -[ - container_test( - name = "buildtest_image_" + arch + "_test", - configs = [ - "testdata/files.yaml", - "testdata/testfiles.yaml", - ], - image = ":buildtest_image_" + arch, - ) - for arch in ARCHITECTURES -] - -[ - container_test( - name = "image_exec_" + arch + "_test", - configs = ["testdata/exec.yaml"], - image = "//cmd/executor:image_" + arch, - tags = [ - "manual", - arch, - ], - ) - for arch in ARCHITECTURES -] - -[ - container_test( - name = "image_build_" + arch + "_test", - configs = ["testdata/build.yaml"], - image = ":buildtest_image_" + arch, - tags = [ - "manual", - arch, - ], - ) - for arch in ARCHITECTURES -] diff --git a/integration/integration_test.go b/integration/integration_test.go index ad8d7ab49f..7e43417437 100644 --- a/integration/integration_test.go +++ b/integration/integration_test.go @@ -47,6 +47,8 @@ const ( daemonPrefix = "daemon://" integrationPath = "integration" dockerfilesPath = "dockerfiles" + arch = "amd64" + platform = "linux" emptyContainerDiff = `[ { "Image1": "%s", @@ -134,21 +136,25 @@ func TestMain(m *testing.M) { } func buildRequiredImages() error { + dockerBuildArgsForAmd64 := []string{ + "--build-arg", fmt.Sprintf("BUILDPLATFORM=%s/%s", platform, arch), + "--build-arg", fmt.Sprintf("TARGETARCH=%s", arch)} + setupCommands := []struct { name string command []string }{ { name: "Building kaniko image", - command: []string{"docker", "build", "-t", ExecutorImage, "-f", "../deploy/Dockerfile", ".."}, + command: append([]string{"docker", "build", "-t", ExecutorImage, "-f", "../deploy/Dockerfile", ".."}, dockerBuildArgsForAmd64...), }, { name: "Building cache warmer image", - command: []string{"docker", "build", "-t", WarmerImage, "-f", "../deploy/Dockerfile_warmer", ".."}, + command: append([]string{"docker", "build", "-t", WarmerImage, "-f", "../deploy/Dockerfile_warmer", ".."}, dockerBuildArgsForAmd64...), }, { name: "Building onbuild base image", - command: []string{"docker", "build", "-t", config.onbuildBaseImage, "-f", fmt.Sprintf("%s/Dockerfile_onbuild_base", dockerfilesPath), "."}, + command: append([]string{"docker", "build", "-t", config.onbuildBaseImage, "-f", fmt.Sprintf("%s/Dockerfile_onbuild_base", dockerfilesPath), "."}, dockerBuildArgsForAmd64...), }, { name: "Pushing onbuild base image", @@ -464,21 +470,17 @@ func buildImage(t *testing.T, dockerfile string, imageBuilder *DockerFileBuilder func TestCache(t *testing.T) { populateVolumeCache() for dockerfile := range imageBuilder.TestCacheDockerfiles { - args := []string{} - if dockerfile == "Dockerfile_test_cache_copy" { - args = append(args, "--cache-copy-layers=true") - } t.Run("test_cache_"+dockerfile, func(t *testing.T) { dockerfile := dockerfile t.Parallel() cache := filepath.Join(config.imageRepo, "cache", fmt.Sprintf("%v", time.Now().UnixNano())) // Build the initial image which will cache layers - if err := imageBuilder.buildCachedImages(config, cache, dockerfilesPath, 0, args); err != nil { + if err := imageBuilder.buildCachedImages(config, cache, dockerfilesPath, 0); err != nil { t.Fatalf("error building cached image for the first time: %v", err) } // Build the second image which should pull from the cache - if err := imageBuilder.buildCachedImages(config, cache, dockerfilesPath, 1, args); err != nil { + if err := imageBuilder.buildCachedImages(config, cache, dockerfilesPath, 1); err != nil { t.Fatalf("error building cached image for the first time: %v", err) } // Make sure both images are the same @@ -764,4 +766,4 @@ func containerDiff(t *testing.T, image1, image2 string, flags ...string) []byte t.Logf("diff = %s", string(diff)) return diff -} +} \ No newline at end of file