To allow building a multi-platform container image using `buildx`.
Various configuration flags allow for fine(r)-grain control over the
build process:
- `BASE_IMG`: FQDN of the base image that should be used, without a
tag.
- `BASE_TAG: tag of the base image that should be used. Allows checksum
sum to be included.
- `BUILDX_PLATFORMS`: platforms to target for the final container
image.
- `BUILDX_ARGS`: additional `docker buildx build` arguments, e.g.
`--push` to push the result to a (local) image registry.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit updates `github.com/libgit2/git2go` to `v31.6.1` (with
`libgit2` `1.1.1`), and changes the container image build process so
that it makes use of `ghcr.io/hiddeco/golang-with-libgit2`.
This image provides a pre-build dynamic `libgit2` dependency linked
against OpenSSL and LibSSH2 (without gcrypt), and a set of cross-compile
build tools (see
[rationale](https://github.com/hiddeco/golang-with-libgit2#rationale) and
[usage](https://github.co/hiddeco/golang-with-libgit2#usage) for more
detailed information).
The linked set of dependency should solve most known issues around
unsupport private key types, but does not resolve the issues with ECDSA*
and ED25519 hostkeys yet. Solving this requires a newer version of
`libgit2` (`>=1.2.0`), which currently does not seem to work properly
with `git2go/v32`.
Some small changes have been made to the `libgit2` package to address
(future) deprecations.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Added Support for Google Cloud Storage with Workload Identity as Source Provider. This enables the use of GCP without enabling S3 compatible access.
Signed-off-by: pa250194 <pa250194@ncr.com>
This ensures the checksum is predictable, and not influenced by e.g.
different runtime configuration settings, or FS specific data.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Use fluxcd/pkg/actions/envtest to setup envtest.
Since the run-test action runs in a container, the host $PATH is not
passed to the test container. The ENV directive in actions/run-tests
Dockerfile is used to append the PATH with envtest binary path. This
helps avoid redownload of the envtest binaries when it's not found in
the path via the Makefile targets.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Use setup-envtest for installing the binaries required for using
envtest.
The latest envtest binaries for k8s v1.21.2 are not compatible with
kubebuilder < v3, which results in envtest suite test tear down
failure. envtest fails to stop the kube-apiserver.
```
timeout waiting for process kube-apiserver to stop
```
Pin to k8s v1.19.2 envtest binaries that work with kubebuilder v2.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
This commit changes the checksum method which is used to calculate the
revision of a Bucket source, so that the file paths are taken into
account and directory structure changes can be observed.
Signed-off-by: Hidde Beydals <hello@hidde.co>
controller-runtime's client package provides ObjectKeyFromObject() to
extract NamespacedName from a given object. ObjectKey() in
internal/util package is a helper for the same. Replace the internal
helper with controller-runtime's helper for the same.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
SetHeadDetached (git_repository_set_head_detached) only changes HEAD,
and does not actually checkout the files on disk. Use CheckoutHead with
the CheckoutForce Strategy to actually check the files out on disk.
Additionally add a test that validates the hash of a checked out file's
contents.
Previously, the hash of the desired tag was being reported as the
checked out revision by the GitRepository. However the wrong files were
checked out and an incorrect revision would be deployed by Flux.
Signed-off-by: Blake Burkhart <blake.burkhart@us.af.mil>
We received reports from users no longer being able to clone Git
repositories using libgit2 because of errors during the cloning
attempt: `error: Failed to authenticate SSH session: Unable to extract
public key from private key.`
After an extensive scavenger hunt I was able to pinpoint the issue to
`libssh2` being linked against `libgcrypt` instead of `openssl`. The
problem with this is that the libgcrypt backend in libssh2 contains
a hand written slimmed down ASN.1 parser to read out keys, while the
OpenSSL backend in libssh2 uses OpenSSL, which supports a lot more
formats (and more specifically, most PKCS* formats).
As Debian's bullseye/testing repository has been frozen, and a
backport has not been made available yet, fetching the dependency from
"unstable" seems to be the best option for now, as this has `libssh2`
available including OpenSSL.
Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668271
Signed-off-by: Hidde Beydals <hello@hidde.co>
Hidde Beydals
pa250194
Hidde Beydals
Stefan Prodan
Sunny
Blake Burkhart