From a94cf107c0a206ac20b1df0cebafe784f21df825 Mon Sep 17 00:00:00 2001 From: Simon Baerlocher Date: Thu, 25 Jan 2024 22:29:17 +0100 Subject: [PATCH 1/2] feat: move to ansible-builder --- .github/workflows/publish.yml | 36 ++++++++++++++++----------- .github/workflows/test.yml | 44 +++++++++++++++++++++++++-------- .gitignore | 2 ++ LICENSE | 2 +- context/Dockerfile | 31 ----------------------- context/_build/bindep.txt | 4 --- context/_build/requirements.txt | 6 ----- context/_build/requirements.yml | 3 --- execution-environment.yml | 18 ++++++++------ 9 files changed, 69 insertions(+), 77 deletions(-) create mode 100644 .gitignore delete mode 100644 context/Dockerfile delete mode 100644 context/_build/bindep.txt delete mode 100644 context/_build/requirements.txt delete mode 100644 context/_build/requirements.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 4ee2814..c9417cf 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -10,32 +10,38 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v4 - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + - uses: actions/setup-python@v5 + with: + python-version: "3.9" + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install tox + pip install ansible-builder - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + - name: Build EE with Docker + env: + DOCKER_BUILDKIT: 1 + run: | + ansible-builder build -v3 --tag=ghcr.io/arillso/kubernetes:latest --tag=arillso/kubernetes:latest --container-runtime=docker - name: Login to DockerHub - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: username: sbaerlocher password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: context - push: true - tags: | - ghcr.io/arillso/kubernetes:latest - arillso/kubernetes:latest + - name: Push + run: | + docker push ghcr.io/arillso/kubernetes:latest + docker push arillso/kubernetes:latest diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 81a62c3..e94ace5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,21 +1,45 @@ - name: Testing Container on: [push] + jobs: testing: runs-on: ubuntu-latest steps: - - uses: actions/checkout@master + - uses: actions/checkout@v4 + + - uses: actions/setup-python@v5 + with: + python-version: "3.9" - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install ansible-builder - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + - name: Set branch name environment variable + run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | sed 's/\//-/g')" >> $GITHUB_ENV - - name: Build and push - uses: docker/build-push-action@v2 + - name: Build EE with Docker + env: + DOCKER_BUILDKIT: 1 + run: | + ansible-builder build -v3 --tag=ghcr.io/arillso/kubernetes:${{ env.BRANCH_NAME }} --tag=arillso/kubernetes:${{ env.BRANCH_NAME }} --container-runtime=docker + + - name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: sbaerlocher + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 with: - context: context - push: false + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push + run: | + docker push ghcr.io/arillso/kubernetes:${{ env.BRANCH_NAME }} + docker push arillso/kubernetes:${{ env.BRANCH_NAME }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5d26471 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.tox/* +context/* diff --git a/LICENSE b/LICENSE index 4796609..c8b6f84 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2021 Arillso +Copyright (c) 2023 Arillso Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/context/Dockerfile b/context/Dockerfile deleted file mode 100644 index 63f163c..0000000 --- a/context/Dockerfile +++ /dev/null @@ -1,31 +0,0 @@ -ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:latest -ARG EE_BUILDER_IMAGE=quay.io/ansible/ansible-builder:latest - -FROM $EE_BASE_IMAGE as galaxy -ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS= -USER root - -ADD _build /build -WORKDIR /build - -RUN ansible-galaxy role install -r requirements.yml --roles-path /usr/share/ansible/roles -RUN ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path /usr/share/ansible/collections - -FROM $EE_BUILDER_IMAGE as builder - -COPY --from=galaxy /usr/share/ansible /usr/share/ansible - -ADD _build/requirements.txt requirements.txt -ADD _build/bindep.txt bindep.txt -RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt -RUN assemble - -FROM $EE_BASE_IMAGE -USER root - -COPY --from=galaxy /usr/share/ansible /usr/share/ansible - -COPY --from=builder /output/ /output/ -RUN /output/install-from-bindep && rm -rf /output/wheels -RUN wget https://get.helm.sh/helm-v3.7.1-linux-amd64.tar.gz -O - | tar -xz && mv linux-amd64/helm /usr/bin/helm && chmod +x /usr/bin/helm && rm -rf linux-amd64 -RUN wget https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.4/kustomize_v4.5.4_linux_amd64.tar.gz -O - | tar -xz && mv kustomize /usr/bin/kustomize && chmod +x /usr/bin/kustomize diff --git a/context/_build/bindep.txt b/context/_build/bindep.txt deleted file mode 100644 index 881e15c..0000000 --- a/context/_build/bindep.txt +++ /dev/null @@ -1,4 +0,0 @@ -kubernetes-client [platform:fedora] -openshift-clients [platform:rhel-8] -wget -openssl diff --git a/context/_build/requirements.txt b/context/_build/requirements.txt deleted file mode 100644 index bd5341c..0000000 --- a/context/_build/requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -kubernetes>=12.0.0 -requests-oauthlib -jsonpatch -boto -botocore -boto3 diff --git a/context/_build/requirements.yml b/context/_build/requirements.yml deleted file mode 100644 index 14643e3..0000000 --- a/context/_build/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -collections: - - name: kubernetes.core diff --git a/execution-environment.yml b/execution-environment.yml index 368eeb1..842f1a7 100644 --- a/execution-environment.yml +++ b/execution-environment.yml @@ -1,12 +1,16 @@ --- -version: 1 +version: 3 dependencies: - galaxy: requirements.yml - python: requirements.txt - system: bindep.txt + galaxy: requirements.yml + python: requirements.txt + system: bindep.txt additional_build_steps: - append: - - RUN wget https://get.helm.sh/helm-v3.7.1-linux-amd64.tar.gz -O - | tar -xz && mv linux-amd64/helm /usr/bin/helm && chmod +x /usr/bin/helm && rm -rf linux-amd64 - - RUN wget https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.4/kustomize_v4.5.4_linux_amd64.tar.gz -O - | tar -xz && mv kustomize /usr/bin/kustomize && chmod +x /usr/bin/kustomize + append_final: + - RUN wget https://get.helm.sh/helm-v3.14.0-linux-amd64.tar.gz -O - | tar -xz && mv linux-amd64/helm /usr/bin/helm && chmod +x /usr/bin/helm && rm -rf linux-amd64 + - RUN wget https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.3.0/kustomize_v5.3.0_linux_amd64.tar.gz -O - | tar -xz && mv kustomize /usr/bin/kustomize && chmod +x /usr/bin/kustomize + +images: + base_image: + name: ghcr.io/ansible-community/community-ee-minimal:2.15.4-2 From 3d47e87a7efed0596b0785b45ac624450b1dc038 Mon Sep 17 00:00:00 2001 From: Simon Baerlocher Date: Fri, 26 Jan 2024 23:30:17 +0100 Subject: [PATCH 2/2] feat: move to rocky linux fix: dependabot --- .ansible/requirements.txt | 2 + .github/dependabot.yml | 69 +++++++++++++++++++++++++++ .github/workflows/publish.yml | 3 +- .gitignore | 2 +- bindep.txt | 6 +-- context/Dockerfile | 88 +++++++++++++++++++++++++++++++++++ execution-environment.yml | 6 ++- requirements.txt | 6 +-- 8 files changed, 172 insertions(+), 10 deletions(-) create mode 100644 .ansible/requirements.txt create mode 100644 .github/dependabot.yml create mode 100644 context/Dockerfile diff --git a/.ansible/requirements.txt b/.ansible/requirements.txt new file mode 100644 index 0000000..dee1112 --- /dev/null +++ b/.ansible/requirements.txt @@ -0,0 +1,2 @@ +ansible-core==2.15.8 # Transfer this version of ansible-core to execution-environment.yml +ansible-runner==2.3.1 # Transfer this version of ansible-runner to execution-environment.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..69da4a8 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,69 @@ +version: 2 +updates: + # This section configures Dependabot to update GitHub Actions workflows. + # It checks for updates weekly every Friday at 13:00 UTC. + # Any updates will be tagged with a 'chore' prefix in the commit message, + # reflecting routine maintenance tasks. Assigned to user 'sbaerlocher'. + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "friday" + time: "13:00" + commit-message: + prefix: "chore" + prefix-development: "chore" + include: "scope" + assignees: + - "sbaerlocher" + + # This section is for Docker dependencies in the 'context' directory. + # Dependabot will look for Docker updates weekly on Fridays at 13:00 UTC. + # Updates are committed with a 'chore' prefix, indicating non-code changes. + # The user 'sbaerlocher' is automatically assigned to these pull requests. + - package-ecosystem: "docker" + directory: "/context" + schedule: + interval: "weekly" + day: "friday" + time: "13:00" + commit-message: + prefix: "chore" + prefix-development: "chore" + include: "scope" + assignees: + - "sbaerlocher" + + # This section manages updates for Python packages listed in 'requirements.txt'. + # Checks are performed weekly on Fridays at 13:00 UTC. + # Commit messages will be prefixed with 'chore' to indicate maintenance updates. + # Pull requests for updates are assigned to 'sbaerlocher'. + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + day: "friday" + time: "13:00" + commit-message: + prefix: "chore" + prefix-development: "chore" + include: "scope" + assignees: + - "sbaerlocher" + + # This section manages updates for Python packages listed in 'ansible/requirements.txt'. + # Checks are conducted weekly on Fridays at 13:00 UTC. + # Commit messages will be prefixed with 'chore', signifying maintenance updates. + # Pull requests for updates are assigned to 'sbaerlocher'. + - package-ecosystem: "pip" + directory: "/.ansible" + schedule: + interval: "weekly" + day: "friday" + time: "13:00" + commit-message: + prefix: "chore" + prefix-development: "chore" + include: "scope" + assignees: + - "sbaerlocher" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c9417cf..f8bfc82 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -3,7 +3,7 @@ name: Publish on: push: branches: - - master + - main jobs: publish: @@ -19,7 +19,6 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - pip install tox pip install ansible-builder - name: Build EE with Docker diff --git a/.gitignore b/.gitignore index 5d26471..25f5734 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -.tox/* context/* +!context/Dockerfile diff --git a/bindep.txt b/bindep.txt index c5a82d3..06517f2 100644 --- a/bindep.txt +++ b/bindep.txt @@ -1,3 +1,3 @@ -kubernetes-client [platform:fedora] -openshift-clients [platform:rhel-8] -wget \ No newline at end of file +wget +openssh-clients +sshpass diff --git a/context/Dockerfile b/context/Dockerfile new file mode 100644 index 0000000..c4759b7 --- /dev/null +++ b/context/Dockerfile @@ -0,0 +1,88 @@ +ARG EE_BASE_IMAGE="rockylinux:9.3" +ARG PYCMD="/usr/bin/python3" +ARG PKGMGR_PRESERVE_CACHE="" +ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS="" +ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS="" +ARG ANSIBLE_INSTALL_REFS="ansible-core==2.15.8 ansible-runner==2.3.1" +ARG PKGMGR="/usr/bin/dnf" + +# Base build stage +FROM $EE_BASE_IMAGE as base +USER root +ARG EE_BASE_IMAGE +ARG PYCMD +ARG PKGMGR_PRESERVE_CACHE +ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS +ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS +ARG ANSIBLE_INSTALL_REFS +ARG PKGMGR + +RUN $PYCMD -m ensurepip +RUN $PYCMD -m pip install --no-cache-dir $ANSIBLE_INSTALL_REFS +COPY _build/scripts/ /output/scripts/ +COPY _build/scripts/entrypoint /opt/builder/bin/entrypoint + +# Galaxy build stage +FROM base as galaxy +ARG EE_BASE_IMAGE +ARG PYCMD +ARG PKGMGR_PRESERVE_CACHE +ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS +ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS +ARG ANSIBLE_INSTALL_REFS +ARG PKGMGR + +RUN /output/scripts/check_galaxy +COPY _build /build +WORKDIR /build + +RUN ansible-galaxy role install $ANSIBLE_GALAXY_CLI_ROLE_OPTS -r requirements.yml --roles-path "/usr/share/ansible/roles" +RUN ANSIBLE_GALAXY_DISABLE_GPG_VERIFY=1 ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path "/usr/share/ansible/collections" + +# Builder build stage +FROM base as builder +WORKDIR /build +ARG EE_BASE_IMAGE +ARG PYCMD +ARG PKGMGR_PRESERVE_CACHE +ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS +ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS +ARG ANSIBLE_INSTALL_REFS +ARG PKGMGR + +RUN $PYCMD -m pip install --no-cache-dir bindep pyyaml requirements-parser + +COPY --from=galaxy /usr/share/ansible /usr/share/ansible + +COPY _build/requirements.txt requirements.txt +COPY _build/bindep.txt bindep.txt +RUN $PYCMD /output/scripts/introspect.py introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt +RUN /output/scripts/assemble + +# Final build stage +FROM base as final +ARG EE_BASE_IMAGE +ARG PYCMD +ARG PKGMGR_PRESERVE_CACHE +ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS +ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS +ARG ANSIBLE_INSTALL_REFS +ARG PKGMGR + +RUN /output/scripts/check_ansible $PYCMD + +COPY --from=galaxy /usr/share/ansible /usr/share/ansible + +COPY --from=builder /output/ /output/ +RUN /output/scripts/install-from-bindep && rm -rf /output/wheels +RUN chmod ug+rw /etc/passwd +RUN mkdir -p /runner && chgrp 0 /runner && chmod -R ug+rwx /runner +WORKDIR /runner +RUN $PYCMD -m pip install --no-cache-dir 'dumb-init==1.2.5' +RUN wget https://get.helm.sh/helm-v3.14.0-linux-amd64.tar.gz -O - | tar -xz && mv linux-amd64/helm /usr/bin/helm && chmod +x /usr/bin/helm && rm -rf linux-amd64 +RUN wget https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.3.0/kustomize_v5.3.0_linux_amd64.tar.gz -O - | tar -xz && mv kustomize /usr/bin/kustomize && chmod +x /usr/bin/kustomize +RUN rm -rf /output +LABEL ansible-execution-environment=true +USER 1000 +ENTRYPOINT ["/opt/builder/bin/entrypoint", "dumb-init"] +CMD ["bash"] diff --git a/execution-environment.yml b/execution-environment.yml index 842f1a7..f25a5ce 100644 --- a/execution-environment.yml +++ b/execution-environment.yml @@ -5,6 +5,10 @@ dependencies: galaxy: requirements.yml python: requirements.txt system: bindep.txt + ansible_core: + package_pip: ansible-core==2.15.8 + ansible_runner: + package_pip: ansible-runner==2.3.1 additional_build_steps: append_final: @@ -13,4 +17,4 @@ additional_build_steps: images: base_image: - name: ghcr.io/ansible-community/community-ee-minimal:2.15.4-2 + name: rockylinux:9.3 diff --git a/requirements.txt b/requirements.txt index b56add9..1105b86 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ -kubernetes>=12.0.0 -requests-oauthlib -jsonpatch \ No newline at end of file +kubernetes==29.0.0 +requests-oauthlib==1.3.1 +jsonpatch==1.33