build: build all images + run tests using them (#1069)
TODO
Add patches
Figure out why cache misses for Git clone (or something else)
diff --git a/Earthfile b/Earthfile
index e418ea9..3de16b3 100644
--- a/Earthfile
+++ b/Earthfile
@@ -36,47 +36,23 @@
SAVE ARTIFACT /src/junit-go.xml AS LOCAL junit-go.xml
END
+builder:
+ FROM ubuntu:jammy
+ RUN apt-get update -qq
+ RUN \
+ apt-get install -qq -y --no-install-recommends \
+ build-essential git python3-dev python3-pip python3-venv
+ ARG POETRY_VERSION=1.4.2
+ RUN pip3 install --no-cache-dir poetry==${POETRY_VERSION}
+
build.collection:
FROM registry.gitlab.com/pipeline-components/ansible-lint:latest
COPY . /src
RUN ansible-galaxy collection build /src
SAVE ARTIFACT /code/*.tar.gz AS LOCAL dist/
-go.build:
- FROM golang:1.21
- WORKDIR /src
- ARG GOOS=linux
- ARG GOARCH=amd64
- ARG VARIANT
- COPY --dir go.mod go.sum ./
- RUN go mod download
-
-libvirt-tls-sidecar.build:
- FROM +go.build
- ARG GOOS=linux
- ARG GOARCH=amd64
- ARG VARIANT
- COPY --dir cmd internal ./
- RUN GOARM=${VARIANT#"v"} go build -o main cmd/libvirt-tls-sidecar/main.go
- SAVE ARTIFACT ./main
-
-libvirt-tls-sidecar.platform-image:
- ARG TARGETPLATFORM
- ARG TARGETARCH
- ARG TARGETVARIANT
- FROM --platform=$TARGETPLATFORM ./images/base+image
- COPY \
- --platform=linux/amd64 \
- (+libvirt-tls-sidecar.build/main --GOARCH=$TARGETARCH --VARIANT=$TARGETVARIANT) /usr/bin/libvirt-tls-sidecar
- ENTRYPOINT ["/usr/bin/libvirt-tls-sidecar"]
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- SAVE IMAGE --push ${REGISTRY}/libvirt-tls-sidecar:latest
-
-libvirt-tls-sidecar.image:
- BUILD --platform=linux/amd64 --platform=linux/arm64 +libvirt-tls-sidecar.platform-image
-
build.wheels:
- FROM ./images/builder+image
+ FROM +builder
COPY pyproject.toml poetry.lock ./
ARG --required only
RUN poetry export --only=${only} -f requirements.txt --without-hashes > requirements.txt
@@ -114,10 +90,14 @@
SAVE IMAGE --cache-hint
image:
- ARG RELEASE=2023.1
- FROM ./images/cloud-archive-base+image --RELEASE ${RELEASE}
+ FROM ubuntu:jammy
ENV ANSIBLE_PIPELINING=True
- DO ./images+APT_INSTALL --PACKAGES "rsync openssh-client"
+ RUN \
+ apt-get update -qq && \
+ apt-get install -qq -y --no-install-recommends \
+ rsync openssh-client && \
+ apt-get clean && \
+ rm -rf /var/lib/apt/lists/*
COPY +build.venv.runtime/venv /venv
ENV PATH=/venv/bin:$PATH
COPY +build.collections/ /usr/share/ansible
@@ -125,60 +105,6 @@
ARG REGISTRY=ghcr.io/vexxhost/atmosphere
SAVE IMAGE --push ${REGISTRY}:${tag}
-images:
- ARG REGISTRY=ghcr.io/vexxhost/atmosphere
- BUILD +libvirt-tls-sidecar.image --REGISTRY=${REGISTRY}
- BUILD ./images/cinder+image --REGISTRY=${REGISTRY}
- BUILD ./images/cluster-api-provider-openstack+image --REGISTRY=${REGISTRY}
- BUILD ./images/designate+image --REGISTRY=${REGISTRY}
- BUILD ./images/glance+image --REGISTRY=${REGISTRY}
- BUILD ./images/heat+image --REGISTRY=${REGISTRY}
- BUILD ./images/horizon+image --REGISTRY=${REGISTRY}
- BUILD ./images/ironic+image --REGISTRY=${REGISTRY}
- BUILD ./images/keystone+image --REGISTRY=${REGISTRY}
- BUILD ./images/kubernetes-entrypoint+image --REGISTRY=${REGISTRY}
- BUILD ./images/libvirtd+image --REGISTRY=${REGISTRY}
- BUILD ./images/magnum+image --REGISTRY=${REGISTRY}
- BUILD ./images/manila+image --REGISTRY=${REGISTRY}
- BUILD ./images/netoffload+image --REGISTRY=${REGISTRY}
- BUILD ./images/neutron+image --REGISTRY=${REGISTRY}
- BUILD ./images/nova-ssh+image --REGISTRY=${REGISTRY}
- BUILD ./images/nova+image --REGISTRY=${REGISTRY}
- BUILD ./images/octavia+image --REGISTRY=${REGISTRY}
- BUILD ./images/openvswitch+image --REGISTRY=${REGISTRY}
- BUILD ./images/ovn+images --REGISTRY=${REGISTRY}
- BUILD ./images/placement+image --REGISTRY=${REGISTRY}
- BUILD ./images/senlin+image --REGISTRY=${REGISTRY}
- BUILD ./images/staffeln+image --REGISTRY=${REGISTRY}
- BUILD ./images/tempest+image --REGISTRY=${REGISTRY}
-
-SCAN_IMAGE:
- FUNCTION
- ARG --required IMAGE
- # TODO(mnaser): Include secret scanning when it's more reliable.
- RUN \
- trivy image \
- --skip-db-update \
- --skip-java-db-update \
- --scanners vuln \
- --exit-code 1 \
- --ignore-unfixed \
- --timeout 10m \
- ${IMAGE}
-
-scan-image:
- FROM ./images/trivy+image
- ARG --required IMAGE
- DO +SCAN_IMAGE --IMAGE ${IMAGE}
-
-scan-images:
- FROM ./images/trivy+image
- COPY roles/defaults/vars/main.yml /defaults.yml
- # TODO(mnaser): Scan all images eventually
- FOR IMAGE IN $(cat /defaults.yml | egrep -E 'ghcr.io/vexxhost|registry.atmosphere.dev' | cut -d' ' -f4 | sort | uniq)
- BUILD +scan-image --IMAGE ${IMAGE}
- END
-
pin-images:
FROM +build.venv.dev
COPY roles/defaults/vars/main.yml /defaults.yml