From b3587e885ebf629a747556ed7bae8729bf7f367a Mon Sep 17 00:00:00 2001 From: Alf-Rune Siqveland Date: Mon, 27 May 2024 11:23:32 +0200 Subject: [PATCH 1/8] chore(Dockerfile): Refactor dockerfile to Debian Slim with no deps Signed-off-by: Alf-Rune Siqveland --- Dockerfile | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6e27bc65c..a66dbb820 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,10 @@ -# Keep golang version aligned with latest yocto release -FROM golang:1.17.13-bullseye as builder -RUN mkdir -p /go/src/github.com/mendersoftware/mender-artifact -WORKDIR /go/src/github.com/mendersoftware/mender-artifact -ADD ./ . -RUN make get-build-deps && \ - make build && \ - make install -ENTRYPOINT [ "/go/bin/mender-artifact" ] +FROM golang:1.22.4 as builder-deb +WORKDIR /build +COPY . . +RUN apt update && apt install -qy libssl-dev && \ + make build + +FROM debian:12.5-slim +COPY --from=builder-deb /build/mender-artifact /usr/bin/mender-artifact +RUN apt update && apt install -qy openssl +ENTRYPOINT ["/usr/bin/mender-artifact"] From c198a1ec4b02cfd2ec8ac15a1ea91581a94a3bab Mon Sep 17 00:00:00 2001 From: Alf-Rune Siqveland Date: Wed, 5 Jun 2024 10:16:25 +0200 Subject: [PATCH 2/8] ci: Add job for building with Yocto LTS golang version Signed-off-by: Alf-Rune Siqveland --- .gitlab-ci.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index eba38ae04..3e62d7116 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -49,6 +49,16 @@ build:docker: tags: - gitlab-org-docker +build:yoctocompat: + # Keep golang version aligned with latest yocto release + image: golang:1.17.13-bullseye + needs: [] + before_script: + - apt-get update + - apt-get install -qy libssl-dev + script: + - go build + build:make: image: docker needs: [] From 66d1ddde60a301604f1adfc5f0bc7a51f7b374a6 Mon Sep 17 00:00:00 2001 From: Alf-Rune Siqveland Date: Wed, 5 Jun 2024 10:42:55 +0200 Subject: [PATCH 3/8] ci: Update `build:docker` and publish image to Docker Hub Signed-off-by: Alf-Rune Siqveland --- .gitlab-ci.yml | 56 ++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 48 insertions(+), 8 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3e62d7116..87b64155e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -28,24 +28,34 @@ variables: S3_BUCKET_NAME: "mender" S3_BUCKET_PATH: "mender-artifact" DOCKER_BUILDKIT: 1 + DOCKER_PLATFORMS: + value: "linux/amd64,linux/arm64" + description: "Platforms for building and distributing container images" test:check-license-source: variables: LICENSE_HEADERS_IGNORE_FILES_REGEXP: './artifact/keyfactor/\(signer\|signer_test\)\.go' build:docker: - image: docker + image: docker:26-cli needs: [] services: - - docker:dind + - docker:26-dind stage: build + before_script: + - | + echo ${CI_REGISTRY_PASSWORD} | \ + docker login \ + --username "$CI_REGISTRY_USER" \ + --password-stdin \ + "$CI_REGISTRY" + - docker buildx create --platform "$DOCKER_PLATFORMS" --name builder --bootstrap --use script: - - docker build -t $DOCKER_REPOSITORY:pr . - - docker save $DOCKER_REPOSITORY:pr > image.tar - artifacts: - expire_in: 2w - paths: - - image.tar + - | + docker buildx build --push \ + --platform "$DOCKER_PLATFORMS" \ + --tag "$CI_REGISTRY_IMAGE:$CI_PIPELINE_IID" \ + . tags: - gitlab-org-docker @@ -270,6 +280,36 @@ publish:s3: only: - /^(master|[0-9]+\.[0-9]+\.x)$/ +publish:docker: + stage: publish + rules: + - if: '$CI_COMMIT_TAG' + - if: '$CI_COMMIT_BRANCH == "master"' + - when: manual # Fallback; allow manual trigger + allow_failure: true + image: + name: "quay.io/skopeo/stable:v1.15" + # https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#override-the-entrypoint-of-an-image + entrypoint: [""] + before_script: + - | + echo ${CI_REGISTRY_PASSWORD} | \ + skopeo login \ + --username "$CI_REGISTRY_USER" \ + --password-stdin \ + "$CI_REGISTRY" + - | + echo ${DOCKER_HUB_PASSWORD} | \ + skopeo login \ + --username "$DOCKER_HUB_USERNAME" \ + --password-stdin \ + docker.io + script: + - | + skopeo copy --multi-arch all \ + "docker://${CI_REGISTRY_IMAGE}:${CI_PIPELINE_IID}" \ + "docker://docker.io/mendersoftware/mender-artifact:${CI_COMMIT_REF_NAME}" + generate-qa-trigger: image: python:alpine stage: trigger_prep From ead6f3cce21c7497afb6c541ffc2e668aae22d28 Mon Sep 17 00:00:00 2001 From: Alf-Rune Siqveland Date: Tue, 11 Jun 2024 08:00:33 +0200 Subject: [PATCH 4/8] chore(make): Expose go buildflags as a variable Needs to be overwritten in some circumstances, for example when building with coverage instrumentation. Signed-off-by: Alf-Rune Siqveland --- Makefile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 356239424..89d9641bc 100644 --- a/Makefile +++ b/Makefile @@ -26,8 +26,9 @@ VERSION = $(shell git describe --tags --dirty --exact-match 2>/dev/null || git r GO_LDFLAGS = \ -ldflags "-X github.com/mendersoftware/mender-artifact/cli.Version=$(VERSION)" +BUILDFLAGS ?= -trimpath ifeq ($(V),1) -BUILDV = -v +BUILDFLAGS += -v endif TAGS ?= @@ -36,7 +37,7 @@ ifneq ($(GOOS),linux) endif build: - $(GO) build $(GO_LDFLAGS) $(BUILDV) -tags '$(TAGS)' + $(GO) build $(GO_LDFLAGS) $(BUILDFLAGS) -tags '$(TAGS)' PLATFORMS := darwin linux windows @@ -68,13 +69,13 @@ build-natives: build-native-linux build-native-mac build-native-windows build-contained: rm -f mender-artifact && \ image_id=$$(docker build -f Dockerfile -q .) && \ - docker run --rm --entrypoint "/bin/sh" -v $(shell pwd):/binary $$image_id -c "cp /go/bin/mender-artifact /binary" && \ + docker run --rm --entrypoint "/bin/sh" -v $(shell pwd):/binary $$image_id -c "cp /usr/bin/mender-artifact /binary" && \ docker image rm $$image_id build-natives-contained: rm -f mender-artifact-darwin mender-artifact-linux mender-artifact-windows.exe && \ image_id=$$(docker build -f Dockerfile.binaries -q .) && \ - docker run --rm --entrypoint "/bin/sh" -v $(shell pwd):/binary $$image_id -c "cp /go/bin/mender-artifact* /binary" && \ + docker run --rm --entrypoint "/bin/sh" -v $(shell pwd):/binary $$image_id -c "cp /usr/bin/mender-artifact* /binary" && \ docker image rm $$image_id install: From 791bd1baa991506eae0672e7894a11602e066924 Mon Sep 17 00:00:00 2001 From: Alf-Rune Siqveland Date: Tue, 11 Jun 2024 08:02:11 +0200 Subject: [PATCH 5/8] ci: Make pkcs11 tests use binaries built by host system Signed-off-by: Alf-Rune Siqveland --- .gitlab-ci.yml | 33 +++++++++++---------------------- 1 file changed, 11 insertions(+), 22 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 87b64155e..aa6a0f44f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -70,15 +70,13 @@ build:yoctocompat: - go build build:make: - image: docker + image: golang:1.17.13-bullseye needs: [] - services: - - docker:dind before_script: - apk add --no-cache make stage: build script: - - make build-natives-contained + - make build-natives artifacts: expire_in: 2w paths: @@ -94,20 +92,14 @@ build:make: build:coverage: stage: build - image: docker + image: golang:1.22.4 needs: [] - services: - - docker:dind - before_script: - - apk add --no-cache make - - make instrument-binary-contained script: - - make build-contained - - mv mender-artifact mender-artifact-linux-coverage + - make build BUILDFLAGS='-cover' artifacts: expire_in: 2w paths: - - mender-artifact-linux-coverage + - mender-artifact test:smoketests:mac: stage: test @@ -140,7 +132,7 @@ test:smoketests:linux: - job: build:make artifacts: true before_script: - - apt-get update && apt-get install -q -y make liblzma-dev libssl-dev + - apt-get update && apt-get install -q -y make libssl-dev - ./tests/test_sign_with_hsm/test_sign_with_hsm.sh --setup - export TEST_MENDER_ARTIFACT_PATH=./mender-artifact-linux script: @@ -161,7 +153,7 @@ test:smoketests:linux: test:coverage:linux: stage: test - image: debian:buster-slim + image: golang:1.22.4 needs: - job: build:coverage artifacts: true @@ -169,16 +161,13 @@ test:coverage:linux: COVERAGE_FILE: coverage-linux-pkcs.txt before_script: - ./tests/test_sign_with_hsm/test_sign_with_hsm.sh --setup - - export TEST_MENDER_ARTIFACT_PATH=./mender-artifact-linux-coverage + - COVERDIR=$(mktemp -d /tmp/cover-XXXX) + - export GOCOVERDIR=${COVERDIR} + - export TEST_MENDER_ARTIFACT_PATH=./mender-artifact script: - ./tests/test_sign_with_hsm/test_sign_with_hsm.sh after_script: - - set -- /tmp/coverage-artifact*.out - - head -n 1 $1 > ${COVERAGE_FILE} - - | - for cover in $@; do - tail -n +2 $cover >> ${COVERAGE_FILE} - done + - go tool covdata textfmt -i ${COVERDIR} -o ${COVERAGE_FILE} artifacts: expire_in: 2w untracked: true From b0fa4af33aaf82e500561f7c656ec2c2170a58f1 Mon Sep 17 00:00:00 2001 From: Alf-Rune Siqveland Date: Tue, 11 Jun 2024 08:59:11 +0200 Subject: [PATCH 6/8] ci: Bump golang version to go1.22.4 for distributing binaries Signed-off-by: Alf-Rune Siqveland --- .gitlab-ci.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index aa6a0f44f..e3308cf15 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -70,10 +70,8 @@ build:yoctocompat: - go build build:make: - image: golang:1.17.13-bullseye + image: golang:1.22.4 needs: [] - before_script: - - apk add --no-cache make stage: build script: - make build-natives @@ -126,8 +124,7 @@ test:smoketests:mac: test:smoketests:linux: stage: test - # Keep golang version aligned with latest yocto release - image: golang:1.17-buster + image: golang:1.22.4 needs: - job: build:make artifacts: true From 95dd769b836cdfc9bf2b0b622ab7e8e172ca31cd Mon Sep 17 00:00:00 2001 From: Alf-Rune Siqveland Date: Tue, 11 Jun 2024 09:10:08 +0200 Subject: [PATCH 7/8] ci: Add missing Openssl dependencies to build jobs Signed-off-by: Alf-Rune Siqveland --- .gitlab-ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e3308cf15..5e420ba16 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -73,6 +73,9 @@ build:make: image: golang:1.22.4 needs: [] stage: build + before_script: + - apt-get update + - apt-get install -qqy libssl-dev script: - make build-natives artifacts: @@ -92,6 +95,9 @@ build:coverage: stage: build image: golang:1.22.4 needs: [] + before_script: + - apt-get update + - apt-get install -qqy libssl-dev script: - make build BUILDFLAGS='-cover' artifacts: From 2919db0612402496b2f62e8fbb5706426d902b35 Mon Sep 17 00:00:00 2001 From: Alf-Rune Siqveland Date: Tue, 11 Jun 2024 14:16:51 +0200 Subject: [PATCH 8/8] revert: Explicitly build binaries with OpenSSL 1.1 reverts commit 634d64b7db639414236824370ab9415e079450e9 Signed-off-by: Alf-Rune Siqveland --- .gitlab-ci.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5e420ba16..2fe1aa243 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -150,8 +150,6 @@ test:smoketests:linux: - ./mender-artifact-linux read test-rfs.mender - ./mender-artifact-linux validate test-rfs.mender - ./tests/test_compressions/test_supported_compressions.sh - # QA-507: lock mender-artifact to OpenSSL 1.1 - - ldd ./mender-artifact-linux | grep libssl.so.1.1 - make build test:coverage:linux: