fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #921 from pjbgf/bump-libgit2-image 

Bump libgit2 image and disable cosign verification for CI
This commit is contained in:
Paulo Gomes 2022-09-29 07:21:55 +01:00 committed by GitHub
parent ac80849d29 6c06f4e222
commit 5ea49229f7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 28 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/cifuzz.yaml vendored
View File

@ -33,3 +33,5 @@ jobs:
${{ runner.os }}-go ${{ runner.os }}-go
- name: Smoke test Fuzzers - name: Smoke test Fuzzers
run: make fuzz-smoketest run: make fuzz-smoketest
env:
SKIP_COSIGN_VERIFICATION: true

2
.github/workflows/e2e.yaml vendored
View File

@ -47,6 +47,7 @@ jobs:
uses: fluxcd/pkg/actions/helm@main uses: fluxcd/pkg/actions/helm@main
- name: Run E2E tests - name: Run E2E tests
env: env:
SKIP_COSIGN_VERIFICATION: true
CREATE_CLUSTER: false CREATE_CLUSTER: false
run: make e2e run: make e2e
@ -76,6 +77,7 @@ jobs:
kind create cluster --name ${{ steps.prep.outputs.CLUSTER }} --kubeconfig=/tmp/${{ steps.prep.outputs.CLUSTER }} kind create cluster --name ${{ steps.prep.outputs.CLUSTER }} --kubeconfig=/tmp/${{ steps.prep.outputs.CLUSTER }}
- name: Run e2e tests - name: Run e2e tests
env: env:
SKIP_COSIGN_VERIFICATION: true
KIND_CLUSTER_NAME: ${{ steps.prep.outputs.CLUSTER }} KIND_CLUSTER_NAME: ${{ steps.prep.outputs.CLUSTER }}
KUBECONFIG: /tmp/${{ steps.prep.outputs.CLUSTER }} KUBECONFIG: /tmp/${{ steps.prep.outputs.CLUSTER }}
CREATE_CLUSTER: false CREATE_CLUSTER: false

5
.github/workflows/tests.yaml vendored
View File

@ -34,6 +34,7 @@ jobs:
${{ runner.os }}-go- ${{ runner.os }}-go-
- name: Run tests - name: Run tests
env: env:
SKIP_COSIGN_VERIFICATION: true
TEST_AZURE_ACCOUNT_NAME: ${{ secrets.TEST_AZURE_ACCOUNT_NAME }} TEST_AZURE_ACCOUNT_NAME: ${{ secrets.TEST_AZURE_ACCOUNT_NAME }}
TEST_AZURE_ACCOUNT_KEY: ${{ secrets.TEST_AZURE_ACCOUNT_KEY }} TEST_AZURE_ACCOUNT_KEY: ${{ secrets.TEST_AZURE_ACCOUNT_KEY }}
run: make test run: make test
@ -51,6 +52,8 @@ jobs:
go-version: 1.19.x go-version: 1.19.x
- name: Run tests - name: Run tests
env: env:
SKIP_COSIGN_VERIFICATION: true
TEST_AZURE_ACCOUNT_NAME: ${{ secrets.TEST_AZURE_ACCOUNT_NAME }} TEST_AZURE_ACCOUNT_NAME: ${{ secrets.TEST_AZURE_ACCOUNT_NAME }}
TEST_AZURE_ACCOUNT_KEY: ${{ secrets.TEST_AZURE_ACCOUNT_KEY }} TEST_AZURE_ACCOUNT_KEY: ${{ secrets.TEST_AZURE_ACCOUNT_KEY }}
@ -87,3 +90,5 @@ jobs:
${{ runner.os }}-go- ${{ runner.os }}-go-
- name: Run tests - name: Run tests
run: make test run: make test
env:
SKIP_COSIGN_VERIFICATION: true

12
Dockerfile
View File

@ -3,7 +3,7 @@ ARG GO_VERSION=1.19
ARG XX_VERSION=1.1.2 ARG XX_VERSION=1.1.2
ARG LIBGIT2_IMG=ghcr.io/fluxcd/golang-with-libgit2-only ARG LIBGIT2_IMG=ghcr.io/fluxcd/golang-with-libgit2-only
ARG LIBGIT2_TAG=v0.2.0 ARG LIBGIT2_TAG=v0.3.0
FROM ${LIBGIT2_IMG}:${LIBGIT2_TAG} AS libgit2-libs FROM ${LIBGIT2_IMG}:${LIBGIT2_TAG} AS libgit2-libs
@ -64,11 +64,11 @@ ENV CGO_ENABLED=1
# Instead of using xx-go, (cross) compile with vanilla go leveraging musl tool chain. # Instead of using xx-go, (cross) compile with vanilla go leveraging musl tool chain.
RUN export PKG_CONFIG_PATH="/usr/local/$(xx-info triple)/lib/pkgconfig" && \ RUN export PKG_CONFIG_PATH="/usr/local/$(xx-info triple)/lib/pkgconfig" && \
export CGO_LDFLAGS="$(pkg-config --static --libs --cflags libgit2) -static -fuse-ld=lld" && \ export CGO_LDFLAGS="$(pkg-config --static --libs --cflags libgit2) -static -fuse-ld=lld" && \
xx-go build \ xx-go build \
-ldflags "-s -w" \ -ldflags "-s -w" \
-tags 'netgo,osusergo,static_build' \ -tags 'netgo,osusergo,static_build' \
-o /source-controller -trimpath main.go; -o /source-controller -trimpath main.go;
# Ensure that the binary was cross-compiled correctly to the target platform. # Ensure that the binary was cross-compiled correctly to the target platform.
RUN xx-verify --static /source-controller RUN xx-verify --static /source-controller

5
Makefile
View File

@ -4,7 +4,7 @@ TAG ?= latest
# Base image used to build the Go binary # Base image used to build the Go binary
LIBGIT2_IMG ?= ghcr.io/fluxcd/golang-with-libgit2-only LIBGIT2_IMG ?= ghcr.io/fluxcd/golang-with-libgit2-only
LIBGIT2_TAG ?= v0.2.0 LIBGIT2_TAG ?= v0.3.0
# Allows for defining additional Go test args, e.g. '-tags integration'. # Allows for defining additional Go test args, e.g. '-tags integration'.
GO_TEST_ARGS ?= -race GO_TEST_ARGS ?= -race
@ -12,6 +12,9 @@ GO_TEST_ARGS ?= -race
# Allows for filtering tests based on the specified prefix # Allows for filtering tests based on the specified prefix
GO_TEST_PREFIX ?= GO_TEST_PREFIX ?=
# Defines whether cosign verification should be skipped.
SKIP_COSIGN_VERIFICATION ?= false
# Allows for defining additional Docker buildx arguments, # Allows for defining additional Docker buildx arguments,
# e.g. '--push'. # e.g. '--push'.
BUILD_ARGS ?= BUILD_ARGS ?=

11
hack/install-libraries.sh
View File

@ -6,6 +6,7 @@ IMG="${IMG:-}"
TAG="${TAG:-}" TAG="${TAG:-}"
IMG_TAG="${IMG}:${TAG}" IMG_TAG="${IMG}:${TAG}"
DOWNLOAD_URL="https://github.com/fluxcd/golang-with-libgit2/releases/download/${TAG}" DOWNLOAD_URL="https://github.com/fluxcd/golang-with-libgit2/releases/download/${TAG}"
SKIP_COSIGN_VERIFICATION="${SKIP_COSIGN_VERIFICATION:-false}"
TMP_DIR=$(mktemp -d) TMP_DIR=$(mktemp -d)
@ -48,9 +49,13 @@ cosign_verify(){
assure_provenance() { assure_provenance() {
[[ $# -eq 1 ]] || fatal 'assure_provenance needs exactly 1 arguments' [[ $# -eq 1 ]] || fatal 'assure_provenance needs exactly 1 arguments'
cosign_verify "${TMP_DIR}/checksums.txt.pem" \ if "${SKIP_COSIGN_VERIFICATION}"; then
"${TMP_DIR}/checksums.txt.sig" \ echo 'Skipping cosign verification...'
"${TMP_DIR}/checksums.txt" else
cosign_verify "${TMP_DIR}/checksums.txt.pem" \
"${TMP_DIR}/checksums.txt.sig" \
"${TMP_DIR}/checksums.txt"
fi
pushd "${TMP_DIR}" || exit pushd "${TMP_DIR}" || exit
if command -v sha256sum; then if command -v sha256sum; then

2
tests/fuzz/oss_fuzz_build.sh
View File

@ -16,7 +16,7 @@
set -euxo pipefail set -euxo pipefail
LIBGIT2_TAG="${LIBGIT2_TAG:-v0.2.0}" LIBGIT2_TAG="${LIBGIT2_TAG:-v0.3.0}"
GOPATH="${GOPATH:-/root/go}" GOPATH="${GOPATH:-/root/go}"
GO_SRC="${GOPATH}/src" GO_SRC="${GOPATH}/src"
PROJECT_PATH="github.com/fluxcd/source-controller" PROJECT_PATH="github.com/fluxcd/source-controller"