Fix and add test for getContainerImage (#191)

apparently this can be trickier than it seems
pluralsh · May 19, 2024 · 0d8c432 · 0d8c432
1 parent 5488f2d
commit 0d8c432
Show file tree

Hide file tree

Showing 5 changed files with 97 additions and 8 deletions.
diff --git a/.github/workflows/publish-harness.yaml b/.github/workflows/publish-harness.yaml
@@ -71,7 +71,7 @@ jobs:
       uses: docker/build-push-action@v5
       with:
         context: "."
-        file: "./hack/harness/base.Dockerfile"
+        file: "./dockerfiles/harness/base.Dockerfile"
         push: true
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
@@ -113,8 +113,8 @@ jobs:
         with:
           # list of Docker images to use as base name for tags
           images: |
-            ghcr.io/pluralsh/stackrun-harness
-            docker.io/pluralsh/stackrun-harness
+            ghcr.io/pluralsh/harness
+            docker.io/pluralsh/harness
           tags: |
             type=semver,pattern={{version}},suffix=-terraform-${{ env.TERRAFORM_VERSION }},priority=1000
             type=sha,suffix=-terraform-${{ env.TERRAFORM_VERSION }},priority=800
@@ -138,7 +138,7 @@ jobs:
         uses: docker/build-push-action@v5
         with:
           context: "."
-          file: "./hack/harness/terraform.Dockerfile"
+          file: "./dockerfiles/harness/terraform.Dockerfile"
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

diff --git a/dockerfiles/harness/base.Dockerfile b/dockerfiles/harness/base.Dockerfile
@@ -0,0 +1,50 @@
+FROM golang:1.22-alpine3.19 as builder
+
+ARG TARGETARCH
+ARG TARGETOS
+ARG VERSION
+
+WORKDIR /workspace
+
+# Retrieve application dependencies.
+# This allows the container build to reuse cached dependencies.
+# Expecting to copy go.mod and if present go.sum.
+COPY go.* ./
+RUN go mod download
+
+COPY cmd/harness ./cmd/harness
+COPY pkg ./pkg
+COPY internal ./internal
+COPY api ./api
+
+RUN CGO_ENABLED=0 \
+    GOOS=${TARGETOS} \
+    GOARCH=${TARGETARCH} \
+    go build \
+    -trimpath \
+    -ldflags="-s -w -X github.com/pluralsh/deployment-operator/pkg/harness/environment.Version=${VERSION}" \
+    -o /plural/harness \
+    cmd/harness/main.go
+
+FROM busybox:1.35.0-uclibc as environment
+
+RUN mkdir /plural
+RUN mkdir /tmp/plural
+
+FROM gcr.io/distroless/base-debian12:nonroot as final
+
+# Switch to the nonroot user
+USER nonroot:nonroot
+
+# Set up the environment
+# 1. copy plural and tmp directories with proper permissions for the nonroot user
+# 2. copy the static shell and sleep binary into base image <- TODO: this should not be required for prod image
+# 3. copy the harness binary
+# 4. copy the terraform binary
+COPY --chown=nonroot --from=environment /plural /plural
+COPY --chown=nonroot --from=environment /tmp/plural /tmp
+COPY --chown=nonroot --from=environment /bin/sh /bin/sh
+COPY --chown=nonroot --from=environment /bin/sleep /bin/sleep
+COPY --from=builder /plural/harness /harness
+
+ENTRYPOINT ["/harness", "--working-dir=plural"]
diff --git a/dockerfiles/harness/terraform.Dockerfile b/dockerfiles/harness/terraform.Dockerfile
@@ -0,0 +1,11 @@
+ARG TERRAFORM_IMAGE_TAG=1.8.2
+ARG TERRAFORM_IMAGE=hashicorp/terraform:$TERRAFORM_IMAGE_TAG
+
+ARG HARNESS_BASE_IMAGE_TAG=latest
+ARG HARNESS_BASE_IMAGE_REPO=harness-base
+ARG HARNESS_BASE_IMAGE=$HARNESS_BASE_IMAGE_REPO:$HARNESS_BASE_IMAGE_TAG
+
+FROM $TERRAFORM_IMAGE as terraform
+FROM $HARNESS_BASE_IMAGE as final
+
+COPY --from=terraform /bin/terraform /bin/terraform
diff --git a/pkg/controller/stacks/job.go b/pkg/controller/stacks/job.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"os"
+	"strings"
 
 	console "github.com/pluralsh/console-client-go"
 	consoleclient "github.com/pluralsh/deployment-operator/pkg/client"
@@ -27,16 +28,16 @@ const (
 
 var (
 	defaultContainerImages = map[console.StackType]string{
-		console.StackTypeTerraform: "ghcr.io/pluralsh/stackrun-harness",
-		console.StackTypeAnsible:   "ghcr.io/pluralsh/stackrun-harness",
+		console.StackTypeTerraform: "ghcr.io/pluralsh/harness",
+		console.StackTypeAnsible:   "ghcr.io/pluralsh/harness",
 	}
 
 	defaultContainerVersions = map[console.StackType]string{
 		console.StackTypeTerraform: "latest",
 		console.StackTypeAnsible:   "latest",
 	}
 
-	defaultImageTag = "latest"
+	defaultImageTag = "0.4.28"
 )
 
 func init() {
@@ -199,7 +200,7 @@ func (r *StackReconciler) getDefaultContainerImage(run *console.StackRunFragment
 		version = run.Configuration.Version
 	}
 
-	return fmt.Sprintf("%s:%s-%s-%s", defaultImageTag, string(run.Type), image, version)
+	return fmt.Sprintf("%s:%s-%s-%s", image, defaultImageTag, strings.ToLower(string(run.Type)), version)
 }
 
 func (r *StackReconciler) getDefaultContainerArgs(runID string) []string {

diff --git a/pkg/controller/stacks/job_test.go b/pkg/controller/stacks/job_test.go
@@ -0,0 +1,27 @@
+package stacks
+
+import (
+	"testing"
+	"time"
+
+	console "github.com/pluralsh/console-client-go"
+	"github.com/pluralsh/deployment-operator/pkg/test/mocks"
+	"github.com/stretchr/testify/assert"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+func TestGetDefaultContainerImage(t *testing.T) {
+	var kClient client.Client
+	fakeConsoleClient := mocks.NewClientMock(t)
+	namespace := "default"
+	reconciler := NewStackReconciler(fakeConsoleClient, kClient, time.Minute, namespace, "", "")
+	run := &console.StackRunFragment{
+		Type: console.StackTypeTerraform,
+		Configuration: &console.StackConfigurationFragment{
+			Version: "1.8.4",
+		},
+	}
+
+	img := reconciler.getDefaultContainerImage(run)
+	assert.Equal(t, img, "ghcr.io/pluralsh/harness:0.4.28-terraform-1.8.4")
+}