feat: move to ansible-builder

.ansible/requirements.txt

@@ -0,0 +1,2 @@
+ansible-core==2.15.8 # Transfer this version of ansible-core to execution-environment.yml
+ansible-runner==2.3.1 # Transfer this version of ansible-runner to execution-environment.yml

.github/dependabot.yml

@@ -0,0 +1,69 @@
+version: 2
+updates:
+  # This section configures Dependabot to update GitHub Actions workflows.
+  # It checks for updates weekly every Friday at 13:00 UTC.
+  # Any updates will be tagged with a 'chore' prefix in the commit message,
+  # reflecting routine maintenance tasks. Assigned to user 'sbaerlocher'.
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "friday"
+      time: "13:00"
+    commit-message:
+      prefix: "chore"
+      prefix-development: "chore"
+      include: "scope"
+    assignees:
+      - "sbaerlocher"
+
+  # This section is for Docker dependencies in the 'context' directory.
+  # Dependabot will look for Docker updates weekly on Fridays at 13:00 UTC.
+  # Updates are committed with a 'chore' prefix, indicating non-code changes.
+  # The user 'sbaerlocher' is automatically assigned to these pull requests.
+  - package-ecosystem: "docker"
+    directory: "/context"
+    schedule:
+      interval: "weekly"
+      day: "friday"
+      time: "13:00"
+    commit-message:
+      prefix: "chore"
+      prefix-development: "chore"
+      include: "scope"
+    assignees:
+      - "sbaerlocher"
+
+  # This section manages updates for Python packages listed in 'requirements.txt'.
+  # Checks are performed weekly on Fridays at 13:00 UTC.
+  # Commit messages will be prefixed with 'chore' to indicate maintenance updates.
+  # Pull requests for updates are assigned to 'sbaerlocher'.
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "friday"
+      time: "13:00"
+    commit-message:
+      prefix: "chore"
+      prefix-development: "chore"
+      include: "scope"
+    assignees:
+      - "sbaerlocher"
+
+  # This section manages updates for Python packages listed in 'ansible/requirements.txt'.
+  # Checks are conducted weekly on Fridays at 13:00 UTC.
+  # Commit messages will be prefixed with 'chore', signifying maintenance updates.
+  # Pull requests for updates are assigned to 'sbaerlocher'.
+  - package-ecosystem: "pip"
+    directory: "/.ansible"
+    schedule:
+      interval: "weekly"
+      day: "friday"
+      time: "13:00"
+    commit-message:
+      prefix: "chore"
+      prefix-development: "chore"
+      include: "scope"
+    assignees:
+      - "sbaerlocher"

.github/workflows/publish.yml

@@ -3,39 +3,44 @@ name: Publish
 on:
   push:
     branches:
-      - master
+      - main
 
 jobs:
   publish:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v4
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.9"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible-builder
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+      - name: Build EE with Docker
+        env:
+          DOCKER_BUILDKIT: 1
+        run: |
+          ansible-builder build -v3 --tag=ghcr.io/arillso/kubernetes:latest --tag=arillso/kubernetes:latest --container-runtime=docker
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: sbaerlocher
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: context
-          push: true
-          tags: |
-            ghcr.io/arillso/kubernetes:latest
-            arillso/kubernetes:latest
+      - name: Push
+        run: |
+          docker push ghcr.io/arillso/kubernetes:latest
+          docker push arillso/kubernetes:latest

.github/workflows/test.yml

@@ -1,21 +1,45 @@
-
 name: Testing Container
 on: [push]
+
 jobs:
   testing:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.9"
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible-builder
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+      - name: Set branch name environment variable
+        run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | sed 's/\//-/g')" >> $GITHUB_ENV
 
-      - name: Build and push
-        uses: docker/build-push-action@v2
+      - name: Build EE with Docker
+        env:
+          DOCKER_BUILDKIT: 1
+        run: |
+          ansible-builder build -v3 --tag=ghcr.io/arillso/kubernetes:${{ env.BRANCH_NAME  }} --tag=arillso/kubernetes:${{ env.BRANCH_NAME  }} --container-runtime=docker
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: sbaerlocher
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
         with:
-          context: context
-          push: false
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push
+        run: |
+          docker push ghcr.io/arillso/kubernetes:${{ env.BRANCH_NAME  }}
+          docker push arillso/kubernetes:${{ env.BRANCH_NAME  }}

.gitignore

@@ -0,0 +1,2 @@
+context/*
+!context/Dockerfile

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2021 Arillso
+Copyright (c) 2023 Arillso
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

bindep.txt

@@ -1,3 +1,3 @@
-kubernetes-client [platform:fedora]
-openshift-clients [platform:rhel-8]
-wget
+wget
+openssh-clients
+sshpass

context/Dockerfile

@@ -1,31 +1,88 @@
-ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:latest
-ARG EE_BUILDER_IMAGE=quay.io/ansible/ansible-builder:latest
+ARG EE_BASE_IMAGE="rockylinux:9.3"
+ARG PYCMD="/usr/bin/python3"
+ARG PKGMGR_PRESERVE_CACHE=""
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=""
+ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS=""
+ARG ANSIBLE_INSTALL_REFS="ansible-core==2.15.8 ansible-runner==2.3.1"
+ARG PKGMGR="/usr/bin/dnf"
 
-FROM $EE_BASE_IMAGE as galaxy
-ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=
+# Base build stage
+FROM $EE_BASE_IMAGE as base
 USER root
+ARG EE_BASE_IMAGE
+ARG PYCMD
+ARG PKGMGR_PRESERVE_CACHE
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS
+ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS
+ARG ANSIBLE_INSTALL_REFS
+ARG PKGMGR
 
-ADD _build /build
+RUN $PYCMD -m ensurepip
+RUN $PYCMD -m pip install --no-cache-dir $ANSIBLE_INSTALL_REFS
+COPY _build/scripts/ /output/scripts/
+COPY _build/scripts/entrypoint /opt/builder/bin/entrypoint
+
+# Galaxy build stage
+FROM base as galaxy
+ARG EE_BASE_IMAGE
+ARG PYCMD
+ARG PKGMGR_PRESERVE_CACHE
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS
+ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS
+ARG ANSIBLE_INSTALL_REFS
+ARG PKGMGR
+
+RUN /output/scripts/check_galaxy
+COPY _build /build
 WORKDIR /build
 
-RUN ansible-galaxy role install -r requirements.yml --roles-path /usr/share/ansible/roles
-RUN ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path /usr/share/ansible/collections
+RUN ansible-galaxy role install $ANSIBLE_GALAXY_CLI_ROLE_OPTS -r requirements.yml --roles-path "/usr/share/ansible/roles"
+RUN ANSIBLE_GALAXY_DISABLE_GPG_VERIFY=1 ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path "/usr/share/ansible/collections"
+
+# Builder build stage
+FROM base as builder
+WORKDIR /build
+ARG EE_BASE_IMAGE
+ARG PYCMD
+ARG PKGMGR_PRESERVE_CACHE
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS
+ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS
+ARG ANSIBLE_INSTALL_REFS
+ARG PKGMGR
 
-FROM $EE_BUILDER_IMAGE as builder
+RUN $PYCMD -m pip install --no-cache-dir bindep pyyaml requirements-parser
 
 COPY --from=galaxy /usr/share/ansible /usr/share/ansible
 
-ADD _build/requirements.txt requirements.txt
-ADD _build/bindep.txt bindep.txt
-RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt
-RUN assemble
+COPY _build/requirements.txt requirements.txt
+COPY _build/bindep.txt bindep.txt
+RUN $PYCMD /output/scripts/introspect.py introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt
+RUN /output/scripts/assemble
 
-FROM $EE_BASE_IMAGE
-USER root
+# Final build stage
+FROM base as final
+ARG EE_BASE_IMAGE
+ARG PYCMD
+ARG PKGMGR_PRESERVE_CACHE
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS
+ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS
+ARG ANSIBLE_INSTALL_REFS
+ARG PKGMGR
+
+RUN /output/scripts/check_ansible $PYCMD
 
 COPY --from=galaxy /usr/share/ansible /usr/share/ansible
 
 COPY --from=builder /output/ /output/
-RUN /output/install-from-bindep && rm -rf /output/wheels
-RUN wget https://get.helm.sh/helm-v3.7.1-linux-amd64.tar.gz -O - | tar -xz && mv linux-amd64/helm /usr/bin/helm && chmod +x /usr/bin/helm && rm -rf linux-amd64
-RUN wget https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.4/kustomize_v4.5.4_linux_amd64.tar.gz -O - | tar -xz && mv kustomize /usr/bin/kustomize && chmod +x /usr/bin/kustomize 
+RUN /output/scripts/install-from-bindep && rm -rf /output/wheels
+RUN chmod ug+rw /etc/passwd
+RUN mkdir -p /runner && chgrp 0 /runner && chmod -R ug+rwx /runner
+WORKDIR /runner
+RUN $PYCMD -m pip install --no-cache-dir 'dumb-init==1.2.5'
+RUN wget https://get.helm.sh/helm-v3.14.0-linux-amd64.tar.gz -O - | tar -xz && mv linux-amd64/helm /usr/bin/helm && chmod +x /usr/bin/helm && rm -rf linux-amd64
+RUN wget https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.3.0/kustomize_v5.3.0_linux_amd64.tar.gz -O - | tar -xz && mv kustomize /usr/bin/kustomize && chmod +x /usr/bin/kustomize
+RUN rm -rf /output
+LABEL ansible-execution-environment=true
+USER 1000
+ENTRYPOINT ["/opt/builder/bin/entrypoint", "dumb-init"]
+CMD ["bash"]

execution-environment.yml

@@ -1,12 +1,20 @@
 ---
-version: 1
+version: 3
 
 dependencies:
- galaxy: requirements.yml
- python: requirements.txt
- system: bindep.txt
+  galaxy: requirements.yml
+  python: requirements.txt
+  system: bindep.txt
+  ansible_core:
+    package_pip: ansible-core==2.15.8
+  ansible_runner:
+    package_pip: ansible-runner==2.3.1
 
 additional_build_steps:
- append:
-    - RUN wget https://get.helm.sh/helm-v3.7.1-linux-amd64.tar.gz -O - | tar -xz && mv linux-amd64/helm /usr/bin/helm && chmod +x /usr/bin/helm && rm -rf linux-amd64
-    - RUN wget https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.4/kustomize_v4.5.4_linux_amd64.tar.gz -O - | tar -xz && mv kustomize /usr/bin/kustomize && chmod +x /usr/bin/kustomize 
+  append_final:
+    - RUN wget https://get.helm.sh/helm-v3.14.0-linux-amd64.tar.gz -O - | tar -xz && mv linux-amd64/helm /usr/bin/helm && chmod +x /usr/bin/helm && rm -rf linux-amd64
+    - RUN wget https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.3.0/kustomize_v5.3.0_linux_amd64.tar.gz -O - | tar -xz && mv kustomize /usr/bin/kustomize && chmod +x /usr/bin/kustomize
+
+images:
+  base_image:
+    name: rockylinux:9.3

requirements.txt

@@ -1,3 +1,3 @@
-kubernetes>=12.0.0
-requests-oauthlib
-jsonpatch
+kubernetes==29.0.0
+requests-oauthlib==1.3.1
+jsonpatch==1.33