From f71472bc875a44c834a8813e5a801246c46003d7 Mon Sep 17 00:00:00 2001 From: Joep van Delft Date: Mon, 4 Nov 2024 15:13:31 +0100 Subject: [PATCH] Point ci build root images to multi --- ci_transforms/rhel-8/ci-build-root/Dockerfile | 77 ------------------- ci_transforms/rhel-8/ci-build-root/OWNERS | 14 ---- ci_transforms/rhel-8/golang/Dockerfile | 24 ------ ci_transforms/rhel-9/ci-build-root/Dockerfile | 76 ------------------ ci_transforms/rhel-9/golang/Dockerfile | 24 ------ .../ci-openshift-build-root-latest.rhel8.yml | 2 +- .../ci-openshift-build-root-latest.rhel9.yml | 2 +- ...enshift-build-root-previous.rhel8.disabled | 2 +- ...enshift-build-root-previous.rhel9.disabled | 2 +- streams.yml | 38 --------- 10 files changed, 4 insertions(+), 257 deletions(-) delete mode 100644 ci_transforms/rhel-8/ci-build-root/Dockerfile delete mode 100644 ci_transforms/rhel-8/ci-build-root/OWNERS delete mode 100644 ci_transforms/rhel-8/golang/Dockerfile delete mode 100644 ci_transforms/rhel-9/ci-build-root/Dockerfile delete mode 100644 ci_transforms/rhel-9/golang/Dockerfile diff --git a/ci_transforms/rhel-8/ci-build-root/Dockerfile b/ci_transforms/rhel-8/ci-build-root/Dockerfile deleted file mode 100644 index d49120453f..0000000000 --- a/ci_transforms/rhel-8/ci-build-root/Dockerfile +++ /dev/null @@ -1,77 +0,0 @@ -FROM replaced-by-buildconfig -# Serves as a standard build environment for OpenShift builds. It is based on the -# ART golang builder and has packages layered on top of support CI only use cases -# (e.g. compiling test cases) that simply don't occur downstream. -# Used as a template for 'images:streams gen-buildconfigs' - -# Turn off FIPSorDie. This was inspired by 4.13. o/kubernetes which compiles the hyperkube binary using -# a rhel8 ci-build-root and layers that on top of the rhel9 rhcos. This causes -# a FIPSorDie kubelet binary to fail to start on the bootstrap node. FIPSorDie is more -# trouble than it is worth and should not be need to catch actual FIPS issues. -ENV GO_COMPLIANCE_POLICY=exempt_all - -# Turn off information for CI environment. This is usually just noise for upstream -# engineers and can complicate debug. When issues arise, have repos export -# GO_COMPLIANCE_INFO=1 or GO_COMPLIANCE_DEBUG=1 before running go. -ENV GO_COMPLIANCE_INFO=0 - -# Install, matching upstream k8s, protobuf-3.x, see: -# https://github.com/kubernetes/kubernetes/blob/master/hack/lib/protoc.sh -# and etcd, see: -# https://github.com/kubernetes/kubernetes/blob/master/hack/lib/etcd.sh -# for CI only testing. -ENV PATH=/opt/google/protobuf/bin:$PATH -RUN set -euxo pipefail && \ - f=$( mktemp ) && \ - curl --fail -L https://github.com/protocolbuffers/protobuf/releases/download/v23.4/protoc-23.4-linux-x86_64.zip > "${f}" && \ - mkdir -p /opt/google/protobuf && \ - unzip "${f}" -d /opt/google/protobuf && \ - curl --fail -L https://github.com/coreos/etcd/releases/download/v3.5.15/etcd-v3.5.15-linux-amd64.tar.gz | tar -f - -xz --no-same-owner -C /usr/local/bin --strip-components=1 etcd-v3.5.15-linux-amd64/etcd - -# Install common CI tools used for unit testing. -# Note that CI_PINNED_GIT_VERSION restricts the version of git -# used. This is because RHEL released a new version of git (https://access.redhat.com/errata/RHSA-2024:0407) -# which disables safe.directory, which is used by our CI -# to permit non-root users from interacting with git in -# CI workload pods: https://github.com/openshift/ci-tools/blob/acad25edd747d5a21c839c60d480aaf7902961ec/pkg/steps/pod.go#L241 -RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \ - INSTALL_PKGS="bc procps-ng util-linux bind-utils bsdtar createrepo_c device-mapper device-mapper-persistent-data e2fsprogs ethtool file findutils gcc git glib2-devel gpgme gpgme-devel hostname iptables jq krb5-devel libassuan libassuan-devel libseccomp-devel libvirt-devel lsof make mercurial nmap-ncat openssl rsync socat systemd-devel tar tito tree wget which xfsprogs zip goversioninfo gettext python3 iproute" && \ - yum install -y $INSTALL_PKGS && \ - alternatives --set python /usr/bin/python3 && \ - yum clean all && \ - touch /os-build-image && \ - git config --system user.name origin-release-container && \ - git config --system user.email origin-release@redhat.com - -# Install common go tools upstream devs are expecting in CI. -# Pure cargo culting from https://github.com/openshift/release/blob/51d92eb6a6d730e932a5daf68829ca7936739904/projects/origin-release/golang-1.13/Dockerfile#L41 -# Clear GOFLAGS temporarily for 1.12 bug:https://github.com/golang/go/issues/32502 -RUN GOFLAGS='' go install golang.org/x/tools/cmd/cover@latest && \ - GOFLAGS='' go install golang.org/x/tools/cmd/goimports@latest && \ - GOFLAGS='' go install github.com/tools/godep@latest && \ - GOFLAGS='' go install golang.org/x/lint/golint@latest && \ - GOFLAGS='' go install gotest.tools/gotestsum@latest && \ - GOFLAGS='' go install github.com/openshift/release/tools/gotest2junit@latest && \ - GOFLAGS='' go install github.com/openshift/imagebuilder/cmd/imagebuilder@latest && \ - mv $GOPATH/bin/* /usr/bin/ && \ - rm -rf $GOPATH/* $GOPATH/.cache && \ - mkdir $GOPATH/bin && \ - mkdir -p /go/src/github.com/openshift/origin && \ - ln -s /usr/bin/imagebuilder $GOPATH/bin/imagebuilder && \ - ln -s /usr/bin/goimports $GOPATH/bin/goimports && \ - curl --fail -L https://github.com/golang/dep/releases/download/v0.5.4/dep-linux-amd64 > /usr/bin/dep && \ - chmod +x /usr/bin/dep - -# make go related directories writeable since builds in CI will run as non-root. -RUN mkdir -p $GOPATH && \ - chmod g+xw -R $GOPATH && \ - chmod g+xw -R $(go env GOROOT) - -# Assert packages in separate RUN block so we are sure env variables are set up correctly -RUN set -euxo pipefail && \ - command -v protoc && protoc --version && [ "$( protoc --version )" = "libprotoc 23.4" ] && \ - command -v etcd && etcd --version && [ "$( etcd --version | head -n1 )" = "etcd Version: 3.5.15" ] - -# Some image building tools don't create a missing WORKDIR -RUN mkdir -p /go/src/github.com/openshift/origin -WORKDIR /go/src/github.com/openshift/origin diff --git a/ci_transforms/rhel-8/ci-build-root/OWNERS b/ci_transforms/rhel-8/ci-build-root/OWNERS deleted file mode 100644 index 494c29e0af..0000000000 --- a/ci_transforms/rhel-8/ci-build-root/OWNERS +++ /dev/null @@ -1,14 +0,0 @@ -approvers: -- tnozicka -- jupierce -- sttts -- hexfusion -- mfojtik -- soltysh -reviewers: -- tnozicka -- jupierce -- sttts -- hexfusion -- mfojtik -- soltysh diff --git a/ci_transforms/rhel-8/golang/Dockerfile b/ci_transforms/rhel-8/golang/Dockerfile deleted file mode 100644 index ca160a3d25..0000000000 --- a/ci_transforms/rhel-8/golang/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -FROM replaced-by-buildconfig -# Layers CI appropriate yum repository configurations on top of the ART builder images. -# Used as a template for 'images:streams gen-buildconfigs' - -# Turn off information for CI environment. This is usually just noise for upstream -# engineers and can complicate debug. When issues arise, have repos export -# GO_COMPLIANCE_INFO=1 or GO_COMPLIANCE_DEBUG=1 before running go. -ENV GO_COMPLIANCE_INFO=0 - -ENV GOARM=5 \ - LOGNAME=deadbeef \ - GOCACHE=/go/.cache \ - GOPATH=/go \ - LOGNAME=deadbeef -ENV PATH=$PATH:$GOPATH/bin - -# make go related directories writeable since builds in CI will run as non-root. -RUN mkdir -p $GOPATH && \ - chmod g+xw -R $GOPATH && \ - chmod g+xw -R $(go env GOROOT) - -# Some image building tools don't create a missing WORKDIR -RUN mkdir -p /go/src/github.com/openshift/origin -WORKDIR /go/src/github.com/openshift/origin diff --git a/ci_transforms/rhel-9/ci-build-root/Dockerfile b/ci_transforms/rhel-9/ci-build-root/Dockerfile deleted file mode 100644 index 48f6a78de3..0000000000 --- a/ci_transforms/rhel-9/ci-build-root/Dockerfile +++ /dev/null @@ -1,76 +0,0 @@ -FROM replaced-by-buildconfig -# Serves as a standard build environment for OpenShift builds. It is based on the -# ART golang builder and has packages layered on top of support CI only use cases -# (e.g. compiling test cases) that simply don't occur downstream. -# Used as a template for 'images:streams gen-buildconfigs' - -# Turn off FIPSorDie. This was inspired by 4.13. o/kubernetes which compiles the hyperkube binary using -# a rhel8 ci-build-root and layers that on top of the rhel9 rhcos. This causes -# a FIPSorDie kubelet binary to fail to start on the bootstrap node. FIPSorDie is more -# trouble than it is worth and should not be need to catch actual FIPS issues. -ENV GO_COMPLIANCE_POLICY=exempt_all - -# Turn off information for CI environment. This is usually just noise for upstream -# engineers and can complicate debug. When issues arise, have repos export -# GO_COMPLIANCE_INFO=1 or GO_COMPLIANCE_DEBUG=1 before running go. -ENV GO_COMPLIANCE_INFO=0 - -# Install, matching upstream k8s, protobuf-3.x, see: -# https://github.com/kubernetes/kubernetes/blob/master/hack/lib/protoc.sh -# and etcd, see: -# https://github.com/kubernetes/kubernetes/blob/master/hack/lib/etcd.sh -# for CI only testing. -ENV PATH=/opt/google/protobuf/bin:$PATH -RUN set -euxo pipefail && \ - f=$( mktemp ) && \ - curl --fail -L https://github.com/protocolbuffers/protobuf/releases/download/v23.4/protoc-23.4-linux-x86_64.zip > "${f}" && \ - mkdir -p /opt/google/protobuf && \ - unzip "${f}" -d /opt/google/protobuf && \ - curl --fail -L https://github.com/coreos/etcd/releases/download/v3.5.15/etcd-v3.5.15-linux-amd64.tar.gz | tar -f - -xz --no-same-owner -C /usr/local/bin --strip-components=1 etcd-v3.5.15-linux-amd64/etcd - -# Install common CI tools used for unit testing. -# Note that CI_PINNED_GIT_VERSION restricts the version of git -# used. This is because RHEL released a new version of git (https://access.redhat.com/errata/RHSA-2024:0407) -# which disables safe.directory, which is used by our CI -# to permit non-root users from interacting with git in -# CI workload pods: https://github.com/openshift/ci-tools/blob/acad25edd747d5a21c839c60d480aaf7902961ec/pkg/steps/pod.go#L241 -RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \ - INSTALL_PKGS="bc procps-ng util-linux bind-utils bsdtar createrepo_c device-mapper device-mapper-persistent-data e2fsprogs ethtool file findutils gcc git glib2-devel gpgme gpgme-devel hostname iptables jq krb5-devel libassuan libassuan-devel libseccomp-devel lsof make nmap-ncat openssl rsync socat systemd-devel tar tree wget which xfsprogs zip goversioninfo gettext python3 iproute rpm-build" && \ - yum install -y $INSTALL_PKGS && \ - yum clean all && \ - touch /os-build-image && \ - git config --system user.name origin-release-container && \ - git config --system user.email origin-release@redhat.com - -# Install common go tools upstream devs are expecting in CI. -# Pure cargo culting from https://github.com/openshift/release/blob/51d92eb6a6d730e932a5daf68829ca7936739904/projects/origin-release/golang-1.13/Dockerfile#L41 -# Clear GOFLAGS temporarily for 1.12 bug:https://github.com/golang/go/issues/32502 -RUN GOFLAGS='' GO111MODULE=on go install golang.org/x/tools/cmd/cover@latest && \ - GOFLAGS='' GO111MODULE=on go install golang.org/x/tools/cmd/goimports@latest && \ - GOFLAGS='' GO111MODULE=on go install github.com/tools/godep@latest && \ - GOFLAGS='' GO111MODULE=on go install golang.org/x/lint/golint@latest && \ - GOFLAGS='' GO111MODULE=on go install gotest.tools/gotestsum@latest && \ - GOFLAGS='' GO111MODULE=on go install github.com/openshift/release/tools/gotest2junit@latest && \ - GOFLAGS='' GO111MODULE=on go install github.com/openshift/imagebuilder/cmd/imagebuilder@latest && \ - mv $GOPATH/bin/* /usr/bin/ && \ - rm -rf $GOPATH/* $GOPATH/.cache && \ - mkdir $GOPATH/bin && \ - mkdir -p /go/src/github.com/openshift/origin && \ - ln -s /usr/bin/imagebuilder $GOPATH/bin/imagebuilder && \ - ln -s /usr/bin/goimports $GOPATH/bin/goimports && \ - curl --fail -L https://github.com/golang/dep/releases/download/v0.5.4/dep-linux-amd64 > /usr/bin/dep && \ - chmod +x /usr/bin/dep - -# make go related directories writeable since builds in CI will run as non-root. -RUN mkdir -p $GOPATH && \ - chmod g+xw -R $GOPATH && \ - chmod g+xw -R $(go env GOROOT) - -# Assert packages in separate RUN block so we are sure env variables are set up correctly -RUN set -euxo pipefail && \ - command -v protoc && protoc --version && [ "$( protoc --version )" = "libprotoc 23.4" ] && \ - command -v etcd && etcd --version && [ "$( etcd --version | head -n1 )" = "etcd Version: 3.5.15" ] - -# Some image building tools don't create a missing WORKDIR -RUN mkdir -p /go/src/github.com/openshift/origin -WORKDIR /go/src/github.com/openshift/origin diff --git a/ci_transforms/rhel-9/golang/Dockerfile b/ci_transforms/rhel-9/golang/Dockerfile deleted file mode 100644 index ca160a3d25..0000000000 --- a/ci_transforms/rhel-9/golang/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -FROM replaced-by-buildconfig -# Layers CI appropriate yum repository configurations on top of the ART builder images. -# Used as a template for 'images:streams gen-buildconfigs' - -# Turn off information for CI environment. This is usually just noise for upstream -# engineers and can complicate debug. When issues arise, have repos export -# GO_COMPLIANCE_INFO=1 or GO_COMPLIANCE_DEBUG=1 before running go. -ENV GO_COMPLIANCE_INFO=0 - -ENV GOARM=5 \ - LOGNAME=deadbeef \ - GOCACHE=/go/.cache \ - GOPATH=/go \ - LOGNAME=deadbeef -ENV PATH=$PATH:$GOPATH/bin - -# make go related directories writeable since builds in CI will run as non-root. -RUN mkdir -p $GOPATH && \ - chmod g+xw -R $GOPATH && \ - chmod g+xw -R $(go env GOROOT) - -# Some image building tools don't create a missing WORKDIR -RUN mkdir -p /go/src/github.com/openshift/origin -WORKDIR /go/src/github.com/openshift/origin diff --git a/images/ci-openshift-build-root-latest.rhel8.yml b/images/ci-openshift-build-root-latest.rhel8.yml index c2e9800951..26ac638583 100644 --- a/images/ci-openshift-build-root-latest.rhel8.yml +++ b/images/ci-openshift-build-root-latest.rhel8.yml @@ -13,7 +13,7 @@ content: enabled: false mirror: true mirror_manifest_list: true - upstream_image: registry.ci.openshift.org/ocp/builder:rhel-8-golang-{GO_LATEST}-ci-build-root-multi-openshift-{MAJOR}.{MINOR} + upstream_image: registry.ci.openshift.org/openshift/release:rhel-8-release-golang-{GO_LATEST}-openshift-{MAJOR}.{MINOR} from: member: ci-openshift-golang-builder-latest.rhel8 labels: diff --git a/images/ci-openshift-build-root-latest.rhel9.yml b/images/ci-openshift-build-root-latest.rhel9.yml index 4822b61d73..f1d2a5d56e 100644 --- a/images/ci-openshift-build-root-latest.rhel9.yml +++ b/images/ci-openshift-build-root-latest.rhel9.yml @@ -13,7 +13,7 @@ content: enabled: false mirror: true mirror_manifest_list: true - upstream_image: registry.ci.openshift.org/ocp/builder:rhel-9-golang-{GO_LATEST}-ci-build-root-multi-openshift-{MAJOR}.{MINOR} + upstream_image: registry.ci.openshift.org/openshift/release:rhel-9-release-golang-{GO_LATEST}-openshift-{MAJOR}.{MINOR} from: member: ci-openshift-golang-builder-latest.rhel9 labels: diff --git a/images/ci-openshift-build-root-previous.rhel8.disabled b/images/ci-openshift-build-root-previous.rhel8.disabled index f89d52870d..4bf7ee1c8c 100644 --- a/images/ci-openshift-build-root-previous.rhel8.disabled +++ b/images/ci-openshift-build-root-previous.rhel8.disabled @@ -13,7 +13,7 @@ content: enabled: false mirror: true mirror_manifest_list: true - upstream_image: registry.ci.openshift.org/ocp/builder:rhel-8-golang-{GO_PREVIOUS}-ci-build-root-multi-openshift-{MAJOR}.{MINOR} + upstream_image: registry.ci.openshift.org/openshift/release:rhel-8-release-golang-{GO_PREVIOUS}-openshift-{MAJOR}.{MINOR} from: member: ci-openshift-golang-builder-previous.rhel8 labels: diff --git a/images/ci-openshift-build-root-previous.rhel9.disabled b/images/ci-openshift-build-root-previous.rhel9.disabled index c8242bb370..06158b6bec 100644 --- a/images/ci-openshift-build-root-previous.rhel9.disabled +++ b/images/ci-openshift-build-root-previous.rhel9.disabled @@ -13,7 +13,7 @@ content: enabled: false mirror: true mirror_manifest_list: true - upstream_image: registry.ci.openshift.org/ocp/builder:rhel-9-golang-{GO_PREVIOUS}-ci-build-root-multi-openshift-{MAJOR}.{MINOR} + upstream_image: registry.ci.openshift.org/openshift/release:rhel-9-release-golang-{GO_PREVIOUS}-openshift-{MAJOR}.{MINOR} from: member: ci-openshift-golang-builder-previous.rhel9 labels: diff --git a/streams.yml b/streams.yml index b33244851b..16da18184b 100644 --- a/streams.yml +++ b/streams.yml @@ -57,44 +57,6 @@ partner-rhel-9-golang-1.22: upstream_image_mirror: - quay.io/openshift-release-dev/golang-builder--ibm-share:rhel-9-golang-1.22-openshift-{MAJOR}.{MINOR} -# This image is not used by ART. It is an artifact required in upstream CI to build unit tests. -# Our transform is designed to create a buildconfig atop a specific golang version, layering on -# packages that upstream has traditionally had present in its build_roots. -rhel-8-golang-1.21-ci-build-root: - mirror: false - image: not_applicable - upstream_image_base: registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.21-openshift-{MAJOR}.{MINOR} - transform: rhel-8/ci-build-root - upstream_image: registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.21-openshift-{MAJOR}.{MINOR} - -# This image is not used by ART. It is an artifact required in upstream CI to build unit tests. -# Our transform is designed to create a buildconfig atop a specific golang version, layering on -# packages that upstream has traditionally had present in its build_roots. -rhel-8-golang-ci-build-root: - image: not_applicable - upstream_image_base: registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.22-openshift-{MAJOR}.{MINOR} - transform: rhel-8/ci-build-root - upstream_image: registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-{MAJOR}.{MINOR} - -# This image is not used by ART. It is an artifact required in upstream CI to build unit tests. -# Our transform is designed to create a buildconfig atop a specific golang version, layering on -# packages that upstream has traditionally had present in its build_roots. -rhel-9-golang-ci-build-root: - image: not_applicable - upstream_image_base: registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.22-openshift-{MAJOR}.{MINOR} - transform: rhel-9/ci-build-root - upstream_image: registry.ci.openshift.org/openshift/release:rhel-9-release-golang-1.22-openshift-{MAJOR}.{MINOR} - -# This image is not used by ART. It is an artifact required in upstream CI to build unit tests. -# Our transform is designed to create a buildconfig atop a specific golang version, layering on -# packages that upstream has traditionally had present in its build_roots. -rhel-9-golang-1.21-ci-build-root: - mirror: false - image: not_applicable - upstream_image_base: registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-{MAJOR}.{MINOR} - transform: rhel-9/ci-build-root - upstream_image: registry.ci.openshift.org/openshift/release:rhel-9-release-golang-1.21-openshift-{MAJOR}.{MINOR} - rhel8: # the most recent release at present. since we yum update this, it does not need to float. # it is important that we not build from unreleased builds and publish them.