Support multi-arch config outputs (#421)

Prior to this change, apko_config had a single "config" property that
contained an apko config, where the package list was the intersection of
the arch-specific package lists.

Most of the time, the package list is identical across architectures,
but architecture-specific dependencies (like libatomic) can lead to
divergence. Since we only include the intersection, we would omit these
architecture specific packages. When apko_build re-solved the locked
package list, it would add the missing packages back, so this worked
out, but was suboptimal.

We want to solve this mostly because this information being incomplete
prevents us from relying on it, but this also solves an annoying hole in
our reproducibility story, because the missing packages would not be
pinned to any version and could float.

In the future, we may want to upgrade these locked versions (e.g.
"foo=1.2.3-r4") to locked hashes (e.g. "foo><sha1hashgoeshere") for the
architecture-specific configs, but apko does not currently support that
and there would be quite a lot of prep work we'd need to do, but at
least we have a place to do it now.

Signed-off-by: Jon Johnson <[email protected]>

docs/data-sources/config.md

@@ -18,6 +18,7 @@ This reads an apko configuration file into a structured form.
 ### Optional
 
 - `config_contents` (String) The raw contents of the apko configuration.
+- `configs` (Attributes Map) A map from the APK architecture to the config for that architecture. (see [below for nested schema](#nestedatt--configs))
 - `default_annotations` (Map of String) Default annotations to add.
 - `extra_packages` (List of String) A list of extra packages to install.
 
@@ -26,6 +27,102 @@ This reads an apko configuration file into a structured form.
 - `config` (Object) The parsed structure of the apko configuration. (see [below for nested schema](#nestedatt--config))
 - `id` (String) A unique identifier for this apko config.
 
+<a id="nestedatt--configs"></a>
+### Nested Schema for `configs`
+
+Read-Only:
+
+- `config` (Object) The parsed structure of the apko configuration. (see [below for nested schema](#nestedatt--configs--config))
+
+<a id="nestedatt--configs--config"></a>
+### Nested Schema for `configs.config`
+
+Optional:
+
+- `accounts` (Object) (see [below for nested schema](#nestedobjatt--configs--config--accounts))
+- `annotations` (Map of String)
+- `archs` (List of String)
+- `cmd` (String)
+- `contents` (Object) (see [below for nested schema](#nestedobjatt--configs--config--contents))
+- `entrypoint` (Object) (see [below for nested schema](#nestedobjatt--configs--config--entrypoint))
+- `environment` (Map of String)
+- `include` (String)
+- `paths` (List of Object) (see [below for nested schema](#nestedobjatt--configs--config--paths))
+- `stop-signal` (String)
+- `vcs-url` (String)
+- `volumes` (List of String)
+- `work-dir` (String)
+
+<a id="nestedobjatt--configs--config--accounts"></a>
+### Nested Schema for `configs.config.accounts`
+
+Optional:
+
+- `groups` (List of Object) (see [below for nested schema](#nestedobjatt--configs--config--accounts--groups))
+- `run-as` (String)
+- `users` (List of Object) (see [below for nested schema](#nestedobjatt--configs--config--accounts--users))
+
+<a id="nestedobjatt--configs--config--accounts--groups"></a>
+### Nested Schema for `configs.config.accounts.groups`
+
+Optional:
+
+- `gid` (Number)
+- `groupname` (String)
+- `members` (List of String)
+
+
+<a id="nestedobjatt--configs--config--accounts--users"></a>
+### Nested Schema for `configs.config.accounts.users`
+
+Optional:
+
+- `gid` (Number)
+- `homedir` (String)
+- `shell` (String)
+- `uid` (Number)
+- `username` (String)
+
+
+
+<a id="nestedobjatt--configs--config--contents"></a>
+### Nested Schema for `configs.config.contents`
+
+Optional:
+
+- `build_repositories` (List of String)
+- `keyring` (List of String)
+- `packages` (List of String)
+- `repositories` (List of String)
+
+
+<a id="nestedobjatt--configs--config--entrypoint"></a>
+### Nested Schema for `configs.config.entrypoint`
+
+Optional:
+
+- `command` (String)
+- `services` (Map of String)
+- `shell-fragment` (String)
+- `type` (String)
+
+
+<a id="nestedobjatt--configs--config--paths"></a>
+### Nested Schema for `configs.config.paths`
+
+Optional:
+
+- `gid` (Number)
+- `path` (String)
+- `permissions` (Number)
+- `recursive` (Boolean)
+- `source` (String)
+- `type` (String)
+- `uid` (Number)
+
+
+
+
 <a id="nestedatt--config"></a>
 ### Nested Schema for `config`
 

docs/resources/build.md

@@ -60,6 +60,7 @@ resource "apko_build" "example" {
 
 ### Optional
 
+- `configs` (Attributes Map) A map from the APK architecture to the config for that architecture. (see [below for nested schema](#nestedatt--configs))
 - `sboms` (Attributes Map) A map from the APK architecture to the digest for that architecture and its SBOM. (see [below for nested schema](#nestedatt--sboms))
 
 ### Read-Only
@@ -155,6 +156,102 @@ Required:
 
 
 
+<a id="nestedatt--configs"></a>
+### Nested Schema for `configs`
+
+Required:
+
+- `config` (Object) The parsed structure of the apko configuration. (see [below for nested schema](#nestedatt--configs--config))
+
+<a id="nestedatt--configs--config"></a>
+### Nested Schema for `configs.config`
+
+Optional:
+
+- `accounts` (Object) (see [below for nested schema](#nestedobjatt--configs--config--accounts))
+- `annotations` (Map of String)
+- `archs` (List of String)
+- `cmd` (String)
+- `contents` (Object) (see [below for nested schema](#nestedobjatt--configs--config--contents))
+- `entrypoint` (Object) (see [below for nested schema](#nestedobjatt--configs--config--entrypoint))
+- `environment` (Map of String)
+- `include` (String)
+- `paths` (List of Object) (see [below for nested schema](#nestedobjatt--configs--config--paths))
+- `stop-signal` (String)
+- `vcs-url` (String)
+- `volumes` (List of String)
+- `work-dir` (String)
+
+<a id="nestedobjatt--configs--config--accounts"></a>
+### Nested Schema for `configs.config.accounts`
+
+Optional:
+
+- `groups` (List of Object) (see [below for nested schema](#nestedobjatt--configs--config--accounts--groups))
+- `run-as` (String)
+- `users` (List of Object) (see [below for nested schema](#nestedobjatt--configs--config--accounts--users))
+
+<a id="nestedobjatt--configs--config--accounts--groups"></a>
+### Nested Schema for `configs.config.accounts.groups`
+
+Optional:
+
+- `gid` (Number)
+- `groupname` (String)
+- `members` (List of String)
+
+
+<a id="nestedobjatt--configs--config--accounts--users"></a>
+### Nested Schema for `configs.config.accounts.users`
+
+Optional:
+
+- `gid` (Number)
+- `homedir` (String)
+- `shell` (String)
+- `uid` (Number)
+- `username` (String)
+
+
+
+<a id="nestedobjatt--configs--config--contents"></a>
+### Nested Schema for `configs.config.contents`
+
+Optional:
+
+- `build_repositories` (List of String)
+- `keyring` (List of String)
+- `packages` (List of String)
+- `repositories` (List of String)
+
+
+<a id="nestedobjatt--configs--config--entrypoint"></a>
+### Nested Schema for `configs.config.entrypoint`
+
+Optional:
+
+- `command` (String)
+- `services` (Map of String)
+- `shell-fragment` (String)
+- `type` (String)
+
+
+<a id="nestedobjatt--configs--config--paths"></a>
+### Nested Schema for `configs.config.paths`
+
+Optional:
+
+- `gid` (Number)
+- `path` (String)
+- `permissions` (Number)
+- `recursive` (Boolean)
+- `source` (String)
+- `type` (String)
+- `uid` (Number)
+
+
+
+
 <a id="nestedatt--sboms"></a>
 ### Nested Schema for `sboms`
 

go.mod

@@ -14,17 +14,17 @@ require (
 	github.com/hashicorp/terraform-plugin-log v0.9.0
 	github.com/hashicorp/terraform-plugin-testing v1.10.0
 	github.com/sigstore/cosign/v2 v2.4.1
-	golang.org/x/sync v0.8.0
+	golang.org/x/sync v0.9.0
 	gopkg.in/yaml.v2 v2.4.0
-	k8s.io/apimachinery v0.31.2
+	k8s.io/apimachinery v0.31.3
 	knative.dev/pkg v0.0.0-20240912132815-3002873b449c
 )
 
 require (
 	chainguard.dev/go-grpc-kit v0.17.6 // indirect
 	chainguard.dev/sdk v0.1.28 // indirect
-	cloud.google.com/go/auth v0.9.9 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
+	cloud.google.com/go/auth v0.10.2 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect
 	cloud.google.com/go/compute/metadata v0.5.2 // indirect
 	dario.cat/mergo v1.0.1 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
@@ -91,6 +91,7 @@ require (
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
+	github.com/googleapis/gax-go/v2 v2.14.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
@@ -180,28 +181,28 @@ require (
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 // indirect
-	go.opentelemetry.io/otel v1.31.0 // indirect
-	go.opentelemetry.io/otel/metric v1.31.0 // indirect
-	go.opentelemetry.io/otel/trace v1.31.0 // indirect
-	go.step.sm/crypto v0.54.0 // indirect
+	go.opentelemetry.io/otel v1.32.0 // indirect
+	go.opentelemetry.io/otel/metric v1.32.0 // indirect
+	go.opentelemetry.io/otel/trace v1.32.0 // indirect
+	go.step.sm/crypto v0.54.2 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/crypto v0.29.0 // indirect
 	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
 	golang.org/x/mod v0.21.0 // indirect
-	golang.org/x/net v0.30.0 // indirect
-	golang.org/x/oauth2 v0.23.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/term v0.25.0 // indirect
-	golang.org/x/text v0.19.0 // indirect
-	golang.org/x/time v0.7.0 // indirect
+	golang.org/x/net v0.31.0 // indirect
+	golang.org/x/oauth2 v0.24.0 // indirect
+	golang.org/x/sys v0.27.0 // indirect
+	golang.org/x/term v0.26.0 // indirect
+	golang.org/x/text v0.20.0 // indirect
+	golang.org/x/time v0.8.0 // indirect
 	golang.org/x/tools v0.26.0 // indirect
-	google.golang.org/api v0.203.0 // indirect
+	google.golang.org/api v0.209.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f // indirect
 	google.golang.org/grpc v1.67.1 // indirect
-	google.golang.org/protobuf v1.35.1 // indirect
+	google.golang.org/protobuf v1.35.2 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect