crossplane
/
crossplane-runtime
mirror of https://github.com/crossplane/crossplane-runtime.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Strip down build and CI to only things runtime needs 

Removes all jobs and targets that are specific to crossplane/crossplane.

Signed-off-by: Nic Cope <nicc@rk0n.org>
This commit is contained in:
Nic Cope 2024-05-29 15:32:16 -07:00
parent 04814f24f8
commit 4b32f0e040
4 changed files with 14 additions and 516 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -21,7 +21,6 @@ I have: <!--You MUST either [x] check or [ ] ~strike through~ every item.-->
- [ ] Read and followed Crossplane's [contribution process].
- [ ] Run `earthly +reviewable` to ensure this PR is ready for review.
- [ ] Added or updated unit tests.
- [ ] Added or updated e2e tests.
- [ ] Linked a PR or a [docs tracking issue] to [document this change].
- [ ] Added `backport release-x.y` labels to auto-backport this PR.

184
.github/workflows/ci.yml vendored
View File

@ -19,9 +19,6 @@ env:
# a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether
# credentials have been provided before trying to run steps that need them.
DOCKER_USR: ${{ secrets.DOCKER_USR }}
AWS_USR: ${{ secrets.AWS_USR }}
UPBOUND_MARKETPLACE_PUSH_ROBOT_USR: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR }}
jobs:
check-diff:
@ -58,7 +55,7 @@ jobs:
echo "EARTHLY_MAX_REMOTE_CACHE=true" >> $GITHUB_ENV
- name: Generate Files
run: earthly --strict --remote-cache ghcr.io/crossplane/earthly-cache:${{ github.job }} +generate
run: earthly --strict --remote-cache ghcr.io/crossplane/crossplane-runtime-earthly-cache:${{ github.job }} +generate
- name: Count Changed Files
id: changed_files
@ -104,7 +101,7 @@ jobs:
echo "EARTHLY_MAX_REMOTE_CACHE=true" >> $GITHUB_ENV
- name: Lint
run: earthly --strict --remote-cache ghcr.io/crossplane/earthly-cache:${{ github.job }} +lint
run: earthly --strict --remote-cache ghcr.io/crossplane/crossplane-runtime-earthly-cache:${{ github.job }} +lint
codeql:
runs-on: ubuntu-22.04
@ -140,7 +137,7 @@ jobs:
echo "EARTHLY_MAX_REMOTE_CACHE=true" >> $GITHUB_ENV
- name: Run CodeQL
run: earthly --strict --remote-cache ghcr.io/crossplane/earthly-cache:${{ github.job }} +ci-codeql
run: earthly --strict --remote-cache ghcr.io/crossplane/crossplane-runtime-earthly-cache:${{ github.job }} +ci-codeql
- name: Upload CodeQL Results to GitHub
uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3
@ -204,7 +201,7 @@ jobs:
echo "EARTHLY_MAX_REMOTE_CACHE=true" >> $GITHUB_ENV
- name: Run Unit Tests
run: earthly --strict --remote-cache ghcr.io/crossplane/earthly-cache:${{ github.job }} +test
run: earthly --strict --remote-cache ghcr.io/crossplane/crossplane-runtime-earthly-cache:${{ github.job }} +test
- name: Publish Unit Test Coverage
uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4
@ -213,177 +210,6 @@ jobs:
file: _output/tests/coverage.txt
token: ${{ secrets.CODECOV_TOKEN }}
e2e-tests:
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
test-suite:
- base
- environment-configs
- usage
- ssa-claims
- realtime-compositions
steps:
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
- name: Setup Earthly
uses: earthly/actions-setup@v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ env.EARTHLY_VERSION }}
- name: Login to DockerHub
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
if: env.DOCKER_USR != ''
with:
username: ${{ secrets.DOCKER_USR }}
password: ${{ secrets.DOCKER_PSW }}
- name: Login to GitHub Container Registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Configure Earthly to Push Cache to GitHub Container Registry
if: github.ref == 'refs/heads/master'
run: |
echo "EARTHLY_PUSH=true" >> $GITHUB_ENV
echo "EARTHLY_MAX_REMOTE_CACHE=true" >> $GITHUB_ENV
- name: Run E2E Tests
run: |
earthly --strict --allow-privileged --remote-cache ghcr.io/crossplane/earthly-cache:${{ github.job }}-${{ matrix.test-suite}} \
+e2e --FLAGS="-test.failfast -fail-fast --test-suite ${{ matrix.test-suite }}"
- name: Publish E2E Test Flakes
if: '!cancelled()'
uses: buildpulse/buildpulse-action@d0d30f53585cf16b2e01811a5a753fd47968654a # v0.11.0
with:
account: 45158470
repository: 147886080
key: ${{ secrets.BUILDPULSE_ACCESS_KEY_ID }}
secret: ${{ secrets.BUILDPULSE_SECRET_ACCESS_KEY }}
path: _output/tests/e2e-tests.xml
publish-artifacts:
runs-on: ubuntu-22.04
steps:
- name: Cleanup Disk
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
with:
android: true
dotnet: true
haskell: true
tool-cache: true
swap-storage: false
# This works, and saves ~5GiB, but takes ~2 minutes to do it.
large-packages: false
# TODO(negz): Does having these around avoid Earthly needing to pull
# large images like golang?
docker-images: false
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
with:
fetch-depth: 0
- name: Setup Earthly
uses: earthly/actions-setup@v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ env.EARTHLY_VERSION }}
- name: Login to DockerHub
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
if: env.DOCKER_USR != ''
with:
username: ${{ secrets.DOCKER_USR }}
password: ${{ secrets.DOCKER_PSW }}
- name: Login to Upbound
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
if: env.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR != ''
with:
registry: xpkg.upbound.io
username: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR }}
password: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_PSW }}
- name: Login to GitHub Container Registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Configure Earthly to Push Cache to GitHub Container Registry
if: github.ref == 'refs/heads/master'
run: echo "EARTHLY_MAX_REMOTE_CACHE=true" >> $GITHUB_ENV
- name: Configure Earthly to Push Artifacts
if: env.DOCKER_USR != '' && env.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR != '' && env.AWS_USR != ''
run: echo "EARTHLY_PUSH=true" >> $GITHUB_ENV
- name: Set CROSSPLANE_VERSION GitHub Environment Variable
run: earthly +ci-version
- name: Build and Push Artifacts
run: earthly --strict --remote-cache ghcr.io/crossplane/earthly-cache:${{ github.job }} +ci-artifacts --CROSSPLANE_VERSION=${CROSSPLANE_VERSION}
- name: Push Artifacts to https://releases.crossplane.io/build/
if: env.AWS_USR != ''
run: |
earthly --strict \
--secret=AWS_ACCESS_KEY_ID=${{ secrets.AWS_USR }} \
--secret=AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_PSW }} \
+ci-push-build-artifacts --AWS_DEFAULT_REGION=us-east-1 --CROSSPLANE_VERSION=${CROSSPLANE_VERSION}
- name: Push Artifacts to https://releases.crossplane.io/master/ and https://charts.crossplane.io/master
if: env.AWS_USR != '' && github.ref == 'refs/heads/master'
run: |
earthly --strict \
--secret=AWS_ACCESS_KEY_ID=${{ secrets.AWS_USR }} \
--secret=AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_PSW }} \
+ci-promote-build-artifacts --AWS_DEFAULT_REGION=us-east-1 --CROSSPLANE_VERSION=${CROSSPLANE_VERSION} --CHANNEL=master
- name: Upload Artifacts to GitHub
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
with:
name: output
path: _output/**
fuzz-test:
runs-on: ubuntu-22.04
steps:
# TODO(negz): Can we make this use our Go build and dependency cache? It
# seems to build Crossplane inside of a Docker image.
- name: Build Fuzzers
id: build
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
with:
oss-fuzz-project-name: "crossplane"
language: go
- name: Run Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
with:
oss-fuzz-project-name: "crossplane"
fuzz-seconds: 300
language: go
- name: Upload Crash
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
if: failure() && steps.build.outcome == 'success'
with:
name: artifacts
path: ./out/artifacts
protobuf-schemas:
runs-on: ubuntu-22.04
@ -412,7 +238,7 @@ jobs:
against: "https://github.com/${GITHUB_REPOSITORY}.git#branch=master,subdir=apis"
- name: Push Protocol Buffers to Buf Schema Registry
if: ${{ github.repository == 'crossplane/crossplane' && github.ref == 'refs/heads/master' }}
if: ${{ github.repository == 'crossplane/crossplane-runtime' && github.ref == 'refs/heads/master' }}
uses: bufbuild/buf-push-action@v1
with:
input: apis

48
.github/workflows/promote.yml vendored
View File

@ -1,48 +0,0 @@
name: Promote
on:
workflow_dispatch:
inputs:
version:
description: 'Release version (e.g. v0.1.0)'
required: true
channel:
description: 'Release channel'
required: true
default: 'alpha'
env:
# Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run
# a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether
# credentials have been provided before trying to run steps that need them.
DOCKER_USR: ${{ secrets.DOCKER_USR }}
AWS_USR: ${{ secrets.AWS_USR }}
jobs:
promote-artifacts:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
submodules: true
- name: Fetch History
run: git fetch --prune --unshallow
- name: Login to Docker
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
if: env.DOCKER_USR != ''
with:
username: ${{ secrets.DOCKER_USR }}
password: ${{ secrets.DOCKER_PSW }}
- name: Promote Artifacts in S3 and Docker Hub
if: env.AWS_USR != '' && env.DOCKER_USR != ''
run: make -j2 promote BRANCH_NAME=${GITHUB_REF##*/}
env:
VERSION: ${{ github.event.inputs.version }}
CHANNEL: ${{ github.event.inputs.channel }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }}

297
Earthfile
View File

@ -1,7 +1,7 @@
# See https://docs.earthly.dev/docs/earthfile/features
VERSION --try --raw-output 0.8
PROJECT crossplane/crossplane
PROJECT crossplane/crossplane-runtime
ARG --global GO_VERSION=1.22.3
@ -21,18 +21,14 @@ test:
# lint runs linters.
lint:
BUILD +go-lint
BUILD +helm-lint
# build builds Crossplane for your native OS and architecture.
build:
BUILD +image
BUILD +helm-build
BUILD +go-build
# multiplatform-build builds Crossplane for all supported OS and architectures.
multiplatform-build:
BUILD +go-multiplatform-build
BUILD +multiplatform-image
BUILD +helm-build
# generate runs code generation. To keep builds fast, it doesn't run as part of
# the build target. It's important to run it explicitly when code needs to be
@ -40,65 +36,6 @@ multiplatform-build:
generate:
BUILD +go-modules-tidy
BUILD +go-generate
BUILD +helm-generate
# e2e runs end-to-end tests. See test/e2e/README.md for details.
e2e:
ARG FLAGS="-test-suite=base"
# Docker installs faster on Alpine, and we only need Go for go tool test2json.
FROM golang:${GO_VERSION}-alpine3.20
RUN apk add --no-cache docker jq
COPY +helm-setup/helm /usr/local/bin/helm
COPY +kind-setup/kind /usr/local/bin/kind
COPY +gotestsum-setup/gotestsum /usr/local/bin/gotestsum
COPY +go-build-e2e/e2e .
COPY --dir cluster test .
# Using a static CROSSPLANE_VERSION allows Earthly to cache E2E runs as long
# as no code changed. If the version contains a git commit (the default) the
# build layer cache is invalidated on every commit.
WITH DOCKER --load crossplane-e2e/crossplane:latest=(+image --CROSSPLANE_VERSION=v0.0.0-e2e)
TRY
# TODO(negz:) Set GITHUB_ACTIONS=true and use RUN --raw-output when
# https://github.com/earthly/earthly/issues/4143 is fixed.
RUN gotestsum --no-color=false --format testname --junitfile e2e-tests.xml --raw-command go tool test2json -t -p E2E ./e2e -test.v ${FLAGS}
FINALLY
SAVE ARTIFACT --if-exists e2e-tests.xml AS LOCAL _output/tests/e2e-tests.xml
END
END
# hack builds Crossplane, and deploys it to a kind cluster. It runs in your
# local environment, not a container. The kind cluster will keep running until
# you run the unhack target. Run hack again to rebuild Crossplane and restart
# the kind cluster with the new build.
hack:
# TODO(negz): This could run an interactive shell inside a temporary container
# once https://github.com/earthly/earthly/issues/3206 is fixed.
ARG USERPLATFORM
LOCALLY
WAIT
BUILD +unhack
END
COPY --platform=${USERPLATFORM} +helm-setup/helm .hack/helm
COPY --platform=${USERPLATFORM} +kind-setup/kind .hack/kind
COPY (+helm-build/output --CROSSPLANE_VERSION=v0.0.0-hack) .hack/charts
WITH DOCKER --load crossplane-hack/crossplane:hack=+image
RUN \
.hack/kind create cluster --name crossplane-hack && \
.hack/kind load docker-image --name crossplane-hack crossplane-hack/crossplane:hack && \
.hack/helm install --create-namespace --namespace crossplane-system crossplane .hack/charts/crossplane-0.0.0-hack.tgz \
--set "image.pullPolicy=Never,image.repository=crossplane-hack/crossplane,image.tag=hack" \
--set "args={--debug}"
END
RUN docker image rm crossplane-hack/crossplane:hack
RUN rm -rf .hack
# unhack deletes the kind cluster created by the hack target.
unhack:
ARG USERPLATFORM
LOCALLY
COPY --platform=${USERPLATFORM} +kind-setup/kind .hack/kind
RUN .hack/kind delete cluster --name crossplane-hack
RUN rm -rf .hack
# go-modules downloads Crossplane's go modules. It's the base target of most Go
# related target (go-build, etc).
@ -116,7 +53,7 @@ go-modules:
go-modules-tidy:
FROM +go-modules
CACHE --id go-build --sharing shared /root/.cache/go-build
COPY --dir apis/ cmd/ internal/ pkg/ test/ .
COPY --dir apis/ pkg/ .
RUN go mod tidy
RUN go mod verify
SAVE ARTIFACT go.mod AS LOCAL go.mod
@ -126,38 +63,21 @@ go-modules-tidy:
go-generate:
FROM +go-modules
CACHE --id go-build --sharing shared /root/.cache/go-build
COPY +kubectl-setup/kubectl /usr/local/bin/kubectl
COPY --dir cluster/crd-patches cluster/crd-patches
COPY --dir hack/ apis/ internal/ .
COPY --dir apis/ hack/ .
RUN go generate -tags 'generate' ./apis/...
# TODO(negz): Can this move into generate.go? Ideally it would live there with
# the code that actually generates the CRDs, but it depends on kubectl.
RUN kubectl patch --local --type=json \
--patch-file cluster/crd-patches/pkg.crossplane.io_deploymentruntimeconfigs.yaml \
--filename cluster/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml \
--output=yaml > /tmp/patched.yaml \
&& mv /tmp/patched.yaml cluster/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml
SAVE ARTIFACT apis/ AS LOCAL apis
SAVE ARTIFACT cluster/crds AS LOCAL cluster/crds
# go-build builds Crossplane binaries for your native OS and architecture.
go-build:
ARG EARTHLY_GIT_SHORT_HASH
ARG EARTHLY_GIT_COMMIT_TIMESTAMP
ARG CROSSPLANE_VERSION=v0.0.0-${EARTHLY_GIT_COMMIT_TIMESTAMP}-${EARTHLY_GIT_SHORT_HASH}
ARG TARGETARCH
ARG TARGETOS
ARG GOARCH=${TARGETARCH}
ARG GOOS=${TARGETOS}
ARG GOFLAGS="-ldflags=-X=github.com/crossplane/crossplane/internal/version.version=${CROSSPLANE_VERSION}"
ARG CGO_ENABLED=0
FROM +go-modules
CACHE --id go-build --sharing shared /root/.cache/go-build
COPY --dir apis/ cmd/ internal/ pkg/ .
RUN go build -o crossplane ./cmd/crossplane
RUN go build -o crank ./cmd/crank
SAVE ARTIFACT crossplane AS LOCAL _output/bin/${GOOS}_${GOARCH}/crossplane
SAVE ARTIFACT crank AS LOCAL _output/bin/${GOOS}_${GOARCH}/crank
COPY --dir apis/ pkg/ .
RUN go build ./...
# go-multiplatform-build builds Crossplane binaries for all supported OS
# and architectures.
@ -172,20 +92,11 @@ go-multiplatform-build:
--platform=windows/amd64 \
+go-build
# go-build-e2e builds Crossplane's end-to-end tests.
go-build-e2e:
ARG CGO_ENABLED=0
FROM +go-modules
CACHE --id go-build --sharing shared /root/.cache/go-build
COPY --dir apis/ internal/ test/ .
RUN go test -c -o e2e ./test/e2e
SAVE ARTIFACT e2e
# go-test runs Go unit tests.
go-test:
FROM +go-modules
CACHE --id go-build --sharing shared /root/.cache/go-build
COPY --dir apis/ cmd/ internal/ pkg/ .
COPY --dir apis/ pkg/ .
RUN go test -covermode=count -coverprofile=coverage.txt ./...
SAVE ARTIFACT coverage.txt AS LOCAL _output/tests/coverage.txt
@ -198,131 +109,10 @@ go-lint:
CACHE --id go-build --sharing shared /root/.cache/go-build
RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
COPY .golangci.yml .
COPY --dir apis/ cmd/ internal/ pkg/ test/ .
COPY --dir apis/ pkg/ .
RUN golangci-lint run --fix
SAVE ARTIFACT apis AS LOCAL apis
SAVE ARTIFACT cmd AS LOCAL cmd
SAVE ARTIFACT internal AS LOCAL internal
SAVE ARTIFACT pkg AS LOCAL pkg
SAVE ARTIFACT test AS LOCAL test
# image builds the Crossplane OCI image for your native architecture.
image:
ARG EARTHLY_GIT_BRANCH
ARG EARTHLY_GIT_SHORT_HASH
ARG EARTHLY_GIT_COMMIT_TIMESTAMP
ARG CROSSPLANE_REPO=build-${EARTHLY_GIT_SHORT_HASH}/crossplane
ARG CROSSPLANE_VERSION=v0.0.0-${EARTHLY_GIT_COMMIT_TIMESTAMP}-${EARTHLY_GIT_SHORT_HASH}
ARG NATIVEPLATFORM
ARG TARGETPLATFORM
ARG TARGETARCH
ARG TARGETOS
FROM --platform=${TARGETPLATFORM} gcr.io/distroless/static@sha256:41972110a1c1a5c0b6adb283e8aa092c43c31f7c5d79b8656fbffff2c3e61f05
COPY --platform=${NATIVEPLATFORM} (+go-build/crossplane --GOOS=${TARGETOS} --GOARCH=${TARGETARCH}) /usr/local/bin/
COPY --dir cluster/crds/ /crds
COPY --dir cluster/webhookconfigurations/ /webhookconfigurations
EXPOSE 8080
USER 65532
ENTRYPOINT ["crossplane"]
SAVE IMAGE --push ${CROSSPLANE_REPO}:${CROSSPLANE_VERSION}
SAVE IMAGE --push ${CROSSPLANE_REPO}:${EARTHLY_GIT_BRANCH}
# multiplatform-image builds the Crossplane OCI image for all supported
# architectures.
multiplatform-image:
BUILD \
--platform=linux/amd64 \
--platform=linux/arm64 \
--platform=linux/arm \
--platform=linux/ppc64le \
+image
# helm-lint lints the Crossplane Helm chart.
helm-lint:
FROM alpine:3.20
WORKDIR /chart
COPY +helm-setup/helm /usr/local/bin/helm
COPY cluster/charts/crossplane/ .
RUN --entrypoint helm lint
# helm-generate runs Helm code generation - specifically helm-docs.
helm-generate:
FROM alpine:3.20
WORKDIR /chart
COPY +helm-docs-setup/helm-docs /usr/local/bin/helm-docs
COPY cluster/charts/crossplane/ .
RUN helm-docs
SAVE ARTIFACT . AS LOCAL cluster/charts/crossplane
# helm-build packages the Crossplane Helm chart.
helm-build:
ARG EARTHLY_GIT_SHORT_HASH
ARG EARTHLY_GIT_COMMIT_TIMESTAMP
ARG CROSSPLANE_VERSION=v0.0.0-${EARTHLY_GIT_COMMIT_TIMESTAMP}-${EARTHLY_GIT_SHORT_HASH}
FROM alpine:3.20
WORKDIR /chart
COPY +helm-setup/helm /usr/local/bin/helm
COPY cluster/charts/crossplane/ .
# We strip the leading v from Helm chart versions.
LET CROSSPLANE_CHART_VERSION=$(echo ${CROSSPLANE_VERSION}|sed -e 's/^v//')
RUN helm dependency update
RUN helm package --version ${CROSSPLANE_CHART_VERSION} --app-version ${CROSSPLANE_CHART_VERSION} -d output .
SAVE ARTIFACT output AS LOCAL _output/charts
# kubectl-setup is used by other targets to setup kubectl.
kubectl-setup:
ARG KUBECTL_VERSION=v1.30.1
ARG NATIVEPLATFORM
ARG TARGETOS
ARG TARGETARCH
FROM --platform=${NATIVEPLATFORM} curlimages/curl:8.8.0
RUN curl -fsSL https://dl.k8s.io/${KUBECTL_VERSION}/kubernetes-client-${TARGETOS}-${TARGETARCH}.tar.gz|tar zx
SAVE ARTIFACT kubernetes/client/bin/kubectl
# kind-setup is used by other targets to setup kind.
kind-setup:
ARG KIND_VERSION=v0.21.0
ARG NATIVEPLATFORM
ARG TARGETOS
ARG TARGETARCH
FROM --platform=${NATIVEPLATFORM} curlimages/curl:8.8.0
RUN curl -fsSLo kind https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-${TARGETOS}-${TARGETARCH}&&chmod +x kind
SAVE ARTIFACT kind
# gotestsum-setup is used by other targets to setup gotestsum.
gotestsum-setup:
ARG GOTESTSUM_VERSION=1.11.0
ARG NATIVEPLATFORM
ARG TARGETOS
ARG TARGETARCH
FROM --platform=${NATIVEPLATFORM} curlimages/curl:8.8.0
RUN curl -fsSL https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz|tar zx>gotestsum
SAVE ARTIFACT gotestsum
# helm-docs-setup is used by other targets to setup helm-docs.
helm-docs-setup:
ARG HELM_DOCS_VERSION=1.11.0
ARG NATIVEPLATFORM
ARG TARGETOS
ARG TARGETARCH
FROM --platform=${NATIVEPLATFORM} curlimages/curl:8.8.0
IF [ "${TARGETARCH}" = "amd64" ]
LET ARCH=x86_64
ELSE
LET ARCH=${TARGETARCH}
END
RUN curl -fsSL https://github.com/norwoodj/helm-docs/releases/download/v${HELM_DOCS_VERSION}/helm-docs_${HELM_DOCS_VERSION}_${TARGETOS}_${ARCH}.tar.gz|tar zx>helm-docs
SAVE ARTIFACT helm-docs
# helm-setup is used by other targets to setup helm.
helm-setup:
ARG HELM_VERSION=v3.15.1
ARG NATIVEPLATFORM
ARG TARGETOS
ARG TARGETARCH
FROM --platform=${NATIVEPLATFORM} curlimages/curl:8.8.0
RUN curl -fsSL https://get.helm.sh/helm-${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz|tar zx --strip-components=1
SAVE ARTIFACT helm
# Targets below this point are intended only for use in GitHub Actions CI. They
# may not work outside of that environment. For example they may depend on
@ -336,18 +126,6 @@ helm-setup:
# target requires copying the entire git repository into the container. Doing so
# would invalidate all dependent target caches any time any file in git changed.
# ci-version is used by CI to set the CROSSPLANE_VERSION environment variable.
ci-version:
LOCALLY
RUN echo "CROSSPLANE_VERSION=$(git describe --dirty --always --tags|sed -e 's/-/./2g')" > $GITHUB_ENV
# ci-artifacts is used by CI to build and push the Crossplane image, chart, and
# binaries.
ci-artifacts:
BUILD +multiplatform-build \
--CROSSPLANE_REPO=index.docker.io/crossplane/crossplane \
--CROSSPLANE_REPO=xpkg.upbound.io/crossplane/crossplane
# ci-codeql-setup sets up CodeQL for the ci-codeql target.
ci-codeql-setup:
ARG CODEQL_VERSION=v2.17.3
@ -369,64 +147,7 @@ ci-codeql:
END
COPY --dir +ci-codeql-setup/codeql /codeql
CACHE --id go-build --sharing shared /root/.cache/go-build
COPY --dir apis/ cmd/ internal/ pkg/ .
COPY --dir apis/ pkg/ .
RUN /codeql/codeql database create /codeqldb --language=go
RUN /codeql/codeql database analyze /codeqldb --threads=0 --format=sarif-latest --output=go.sarif --sarif-add-baseline-file-info
SAVE ARTIFACT go.sarif AS LOCAL _output/codeql/go.sarif
# ci-promote-image is used by CI to promote a Crossplane image to a channel.
# In practice, this means creating a new channel tag (e.g. master or stable)
# that points to the supplied version.
ci-promote-image:
ARG --required CROSSPLANE_REPO
ARG --required CROSSPLANE_VERSION
ARG --required CHANNEL
FROM alpine:3.20
RUN apk add docker
RUN --secret DOCKER_USER --secret DOCKER_PASSWORD docker login -u ${DOCKER_USER} -p ${DOCKER_PASSWORD}
RUN --push docker buildx imagetools create \
--tag ${CROSSPLANE_REPO}:${CHANNEL} \
--tag ${CROSSPLANE_REPO}:${CROSSPLANE_VERSION}-${CHANNEL} \
${CROSSPLANE_REPO}:${CROSSPLANE_VERSION}
# TODO(negz): Ideally ci-push-build-artifacts would be merged into ci-artifacts,
# i.e. just build and push them all in the same target. Currently we're relying
# on the fact that ci-artifacts does a bunch of SAVE ARTIFACT AS LOCAL, which
# ci-push-build-artifacts then loads. That's an anti-pattern in Earthly. We're
# supposed to use COPY instead, but I'm not sure how to COPY artifacts from a
# matrix build.
# ci-push-build-artifacts is used by CI to push binary artifacts to S3.
ci-push-build-artifacts:
ARG --required CROSSPLANE_VERSION
ARG ARTIFACTS_DIR=_output
ARG EARTHLY_GIT_BRANCH
ARG BUCKET_RELEASES=crossplane.releases
ARG AWS_DEFAULT_REGION
FROM amazon/aws-cli:2.15.57
COPY --dir ${ARTIFACTS_DIR} artifacts
RUN --push --secret=AWS_ACCESS_KEY_ID --secret=AWS_SECRET_ACCESS_KEY aws s3 sync --delete --only-show-errors artifacts s3://${BUCKET_RELEASES}/build/${EARTHLY_GIT_BRANCH}/${CROSSPLANE_VERSION}
# ci-promote-build-artifacts is used by CI to promote binary artifacts and Helm
# charts to a channel. In practice, this means copying them from one S3
# directory to another.
ci-promote-build-artifacts:
ARG --required CROSSPLANE_VERSION
ARG --required CHANNEL
ARG HELM_REPO_URL=https://charts.crossplane.io
ARG EARTHLY_GIT_BRANCH
ARG BUCKET_RELEASES=crossplane.releases
ARG BUCKET_CHARTS=crossplane.charts
ARG PRERELEASE=false
ARG AWS_DEFAULT_REGION
FROM amazon/aws-cli:2.15.57
COPY +helm-setup/helm /usr/local/bin/helm
RUN --secret=AWS_ACCESS_KEY_ID --secret=AWS_SECRET_ACCESS_KEY aws s3 sync --only-show-errors s3://${BUCKET_CHARTS}/${CHANNEL} repo
RUN --secret=AWS_ACCESS_KEY_ID --secret=AWS_SECRET_ACCESS_KEY aws s3 sync --only-show-errors s3://${BUCKET_RELEASES}/build/${EARTHLY_GIT_BRANCH}/${CROSSPLANE_VERSION}/charts repo
RUN helm repo index --url ${HELM_REPO_URL} repo
RUN --push --secret=AWS_ACCESS_KEY_ID --secret=AWS_SECRET_ACCESS_KEY aws s3 sync --delete --only-show-errors repo s3://${BUCKET_CHARTS}/${CHANNEL}
RUN --push --secret=AWS_ACCESS_KEY_ID --secret=AWS_SECRET_ACCESS_KEY aws s3 cp --only-show-errors --cache-control "private, max-age=0, no-transform" repo/index.yaml s3://${BUCKET_CHARTS}/${CHANNEL}/index.yaml
RUN --push --secret=AWS_ACCESS_KEY_ID --secret=AWS_SECRET_ACCESS_KEY aws s3 sync --delete --only-show-errors s3://${BUCKET_RELEASES}/build/${EARTHLY_GIT_BRANCH}/${CROSSPLANE_VERSION} s3://${BUCKET_RELEASES}/${CHANNEL}/${CROSSPLANE_VERSION}
IF [ "${PRERELEASE}" = "false" ]
RUN --push --secret=AWS_ACCESS_KEY_ID --secret=AWS_SECRET_ACCESS_KEY aws s3 sync --delete --only-show-errors s3://${BUCKET_RELEASES}/build/${EARTHLY_GIT_BRANCH}/${CROSSPLANE_VERSION} s3://${BUCKET_RELEASES}/${CHANNEL}/current
END