Add gcp-workertools

OctopusDeployLabs · Feb 6, 2024 · 6081eb6 · 6081eb6
1 parent d31d2c2
commit 6081eb6
Show file tree

Hide file tree

Showing 4 changed files with 295 additions and 0 deletions.
diff --git a/.github/workflows/gcp-docker-build-push.yml b/.github/workflows/gcp-docker-build-push.yml
@@ -0,0 +1,231 @@
+name: Build gcp-workertools image
+
+on:
+  push:
+    branches: 
+    - minimal-manifest
+    paths:
+    - gcp/**
+  #schedule:
+  #  - cron: '0 4 * * *'
+  workflow_dispatch:
+
+env:
+   REGISTRY_IMAGE_BASE: ${{ secrets.TESTING_DOCKER_HUB_USER }}/labs-workertools
+   REGISTRY_IMAGE: ${{ secrets.TESTING_DOCKER_HUB_USER }}/labs-gcp-workertools
+
+jobs:
+
+  get-version-number:
+    runs-on: windows-latest
+    outputs:
+      CONTINUE: ${{ steps.check-version.outputs.CONTINUE }}
+      VERSION: ${{ steps.check-version.outputs.VERSION }}
+      WIN2022_VERSION: ${{ steps.check-version.outputs.WIN2022_VERSION }}
+    steps:    
+    - uses: actions/checkout@v4
+    - id: check-version
+      name: Compare latest version with container
+      run: |
+        Write-Output "Getting GCLOUD CLI version (needed for gke-auth-plugin)"
+        $googleCloudSdkInfo = Invoke-RestMethod "https://registry.hub.docker.com/v2/repositories/google/cloud-sdk/tags?page=1"
+        $otherImages = $googleCloudSdkInfo.results | Where-Object { $_.name -ine "latest" }
+        $latestTag = $googleCloudSdkInfo.results | Where-Object { $_.name -ieq "latest" }
+        
+        if($null -eq $latestTag)  {
+            throw "Couldnt find latest tag for Google Cloud SDK version from DockerHub"
+        }
+        
+        $latestTagImage = $latestTag.images | Where-Object {$_.os -ieq "linux" -and $_.architecture -ieq "amd64" -and $_.status -ieq "active"} | Select-Object -First 1
+        if($null -eq $latestTagImage)  {
+            throw "Couldnt find latest tag image for Google Cloud SDK version for linux/amd64"
+        }
+        $latestDigest = $latestTagImage.digest
+        Write-Output "Found latest digest: $latestDigest"
+
+        $versionToCompare = ""
+        foreach($result in $otherImages) {
+            $matchingImageDigest = $result.images | Where-Object {$_.os -ieq "linux" -and $_.architecture -ieq "amd64" -and $_.status -ieq "active" -and $_.digest -ieq $latestDigest } | Select-Object -First 1
+            if($null -eq $matchingImageDigest) {
+                continue;
+            }
+            else {
+                $version = $result.name
+                Write-Output "Found version '$version' that matches digest: $latestDigest"
+                $versionSplit = $version.Split(".")
+                $versionToCompare = "$($versionSplit[0]).$($versionSplit[1]).$($versionSplit[2])"
+                break;
+            }
+        }
+
+        if ([string]::IsNullOrWhiteSpace($versionToCompare)) {
+            throw "No version with digest $latestDigest found"
+        }
+
+        $workerToolsTags = Invoke-RestMethod "https://registry.hub.docker.com/v2/repositories/${{ env.REGISTRY_IMAGE }}/tags?page_size=50"
+        $matchingTag = $workerToolsTags.results | Where-Object { $_.name -eq $versionToCompare }
+
+        echo "VERSION=$versionToCompare" >> $env:GITHUB_OUTPUT
+
+        if ($null -ne $matchingTag)
+        {
+            Write-Host "Docker container already has latest version"
+            echo "CONTINUE=No" >> $env:GITHUB_OUTPUT
+        }
+        else
+        {
+            Write-Host "We need to upgrade the container to $versionToCompare"            
+
+            Write-Host "Getting OS versions for windows 2022"
+            $win2022_manifest = (docker manifest inspect --verbose "mcr.microsoft.com/dotnet/framework/runtime:4.8.1-windowsservercore-ltsc2022" | ConvertFrom-Json)
+            $WIN2022_VERSION = $win2022_manifest.Descriptor.Platform.'os.version'
+            Write-Host "WIN2022_VERSION: $WIN2022_VERSION"
+
+            if([string]::IsNullOrWhiteSpace($WIN2022_VERSION)) {
+              throw "Could not establish OS versions for windows 2022 needed for docker manifest"
+            }
+
+            echo "WIN2022_VERSION=$WIN2022_VERSION" >> $env:GITHUB_OUTPUT
+
+            Write-Host "We have everything we need, continuing."
+            echo "CONTINUE=Yes" >> $env:GITHUB_OUTPUT
+        }
+      shell: powershell
+
+  build-linux:
+    needs: [get-version-number]
+    if: ${{ needs.get-version-number.outputs.CONTINUE == 'Yes' }}
+    strategy:
+      matrix:
+        os: 
+          - ubuntu-latest
+        platform:
+          - linux/amd64
+          - linux/arm64
+    runs-on: ${{ matrix.os }}
+    env:
+      VERSION_NUMBER: ${{ needs.get-version-number.outputs.VERSION }}-0
+    steps:
+
+    - name: Prepare
+      run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV 
+          echo "PLATFORM_ARCH=${platform//[linux\/]/}" >> $GITHUB_ENV 
+
+    - name: Checkout  
+      uses: actions/checkout@v4
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+      with:
+        platforms: linux/amd64,linux/arm64
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.TESTING_DOCKER_HUB_USER }}
+        password: ${{ secrets.TESTING_DOCKER_HUB_PAT }}
+
+    - name: Build and push by digest
+      id: build  
+      uses: docker/build-push-action@v5
+      with:
+        context: gcp/${{ env.PLATFORM_PAIR }}
+        platforms: ${{ matrix.platform }}
+        build-args: |
+          BASE_IMAGE=${{ env.REGISTRY_IMAGE_BASE }}
+          GCLOUD_CLI_VERSION=${{ env.VERSION_NUMBER }}
+        outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
+
+    - name: Export digest
+      run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+                    
+    - name: Upload digest
+      uses: actions/upload-artifact@v4
+      with:
+        name: digests-${{ env.PLATFORM_PAIR }}
+        path: /tmp/digests/*
+        if-no-files-found: error
+        retention-days: 1
+  build-win-2022:
+    needs: [get-version-number]
+    if: ${{ needs.get-version-number.outputs.CONTINUE == 'Yes' }}
+    runs-on: windows-2022
+    env:
+      VERSION_NUMBER: ${{ needs.get-version-number.outputs.VERSION }}
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.TESTING_DOCKER_HUB_USER }}
+        password: ${{ secrets.TESTING_DOCKER_HUB_PAT }}
+
+    - name: Build the win2022 image
+      working-directory: ./gcp
+      run: docker build ./windows-2022 --build-arg BASE_IMAGE=${{ env.REGISTRY_IMAGE_BASE}} --build-arg GCLOUD_CLI_VERSION=${{ env.VERSION_NUMBER}} --tag ${{ env.REGISTRY_IMAGE }}:${{ env.VERSION_NUMBER }}-win.2022
+
+    - name: Push the win2022 version-specific image
+      run: docker push ${{ env.REGISTRY_IMAGE }}:${{ env.VERSION_NUMBER }}-win.2022
+
+    - name: Export windows digest
+      run: |
+        New-Item -Type Directory -Path "$($env:TEMP)/digests" -Force
+        $imageManifestOutput = $(docker manifest inspect --verbose ${{ env.REGISTRY_IMAGE }}:${{ env.VERSION_NUMBER }}-win.2022)
+        $fullDigest = ($imageManifestOutput | ConvertFrom-Json).Descriptor.digest
+        $digest = $fulldigest -Replace "sha256:", ""
+        $winDigestPath = "$($env:TEMP)/digests/$digest"
+        New-Item -Type File -Path $winDigestPath
+        echo "WIN_DIGEST_PATH=$($env:TEMP)/digests" >> $env:GITHUB_ENV
+    - name: Upload windows digest
+      uses: actions/upload-artifact@v4
+      with:
+        name: digests-windows-amd64
+        path: ${{ env.WIN_DIGEST_PATH }}/*
+        if-no-files-found: error
+        retention-days: 1
+
+  merge:
+    needs: [get-version-number, build-linux, build-win-2022]
+    if: ${{ needs.get-version-number.outputs.CONTINUE == 'Yes' }}
+    runs-on: ubuntu-latest
+    env:
+      VERSION_NUMBER: ${{ needs.get-version-number.outputs.VERSION }}
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: /tmp/digests
+          pattern: digests-*
+          merge-multiple: true
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY_IMAGE }}
+          tags: |
+            ${{ env.VERSION_NUMBER }}
+            latest
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.TESTING_DOCKER_HUB_USER }}
+          password: ${{ secrets.TESTING_DOCKER_HUB_PAT }}
+      - name: Create manifest list and push
+        working-directory: /tmp/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)          
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
diff --git a/gcp/linux-amd64/Dockerfile b/gcp/linux-amd64/Dockerfile
@@ -0,0 +1,18 @@
+ARG BASE_IMAGE
+FROM --platform=linux/amd64 ${BASE_IMAGE}:latest
+
+ARG DEBIAN_FRONTEND noninteractive
+ARG GOOGLE_CLOUD_CLI_VERSION=462.0.0-0
+
+# Get Terraform
+# https://developer.hashicorp.com/terraform/downloads
+RUN wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | tee /usr/share/keyrings/hashicorp-archive-keyring.gpg && \
+    echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list && \
+    apt update && apt install -y terraform
+
+# Install Google Cloud CLI
+# https://cloud.google.com/sdk/docs/downloads-apt-get
+RUN apt-get install -y ca-certificates gnupg && \
+    curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg && \
+    echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \
+    apt-get update && apt-get install -y google-cloud-sdk=${GOOGLE_CLOUD_CLI_VERSION}
diff --git a/gcp/linux-arm64/Dockerfile b/gcp/linux-arm64/Dockerfile
@@ -0,0 +1,18 @@
+ARG BASE_IMAGE
+FROM --platform=linux/arm64 ${BASE_IMAGE}:latest
+
+ARG DEBIAN_FRONTEND noninteractive
+ARG GOOGLE_CLOUD_CLI_VERSION=462.0.0-0
+
+# Get Terraform
+# https://developer.hashicorp.com/terraform/downloads
+RUN wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | tee /usr/share/keyrings/hashicorp-archive-keyring.gpg && \
+    echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list && \
+    apt update && apt install -y terraform
+
+# Install Google Cloud CLI
+# https://cloud.google.com/sdk/docs/downloads-apt-get
+RUN apt-get install -y ca-certificates gnupg && \
+    curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg && \
+    echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \
+    apt-get update && apt-get install -y google-cloud-sdk=${GOOGLE_CLOUD_CLI_VERSION}
diff --git a/gcp/windows-2022/Dockerfile b/gcp/windows-2022/Dockerfile
@@ -0,0 +1,28 @@
+# escape=`
+ARG BASE_IMAGE
+FROM --platform=windows/amd64 ${BASE_IMAGE}:latest
+SHELL ["powershell", "-Command"]
+
+ARG GOOGLE_CLOUD_CLI_VERSION=462.0.0
+
+# Install Terraform
+RUN choco install terraform -y --no-progress
+
+# Install gcloud
+RUN $GCLOUD_VERSION = $env:GOOGLE_CLOUD_CLI_VERSION; `
+    Write-Host "GCLOUD_VERSION: ${env:GOOGLE_CLOUD_CLI_VERSION}"; `
+    Write-Host "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${env:GOOGLE_CLOUD_CLI_VERSION}-windows-x86_64.zip"; `
+    Invoke-WebRequest "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${env:GOOGLE_CLOUD_CLI_VERSION}-windows-x86_64.zip" -OutFile google-cloud-sdk-$env:GOOGLE_CLOUD_CLI_VERSION-windows-x86_64.zip; `
+    & '.\Program Files\7-Zip\7z.exe' x .\google-cloud-sdk-$env:GOOGLE_CLOUD_CLI_VERSION-windows-x86_64.zip; `
+    .\google-cloud-sdk\install.bat --quiet; `
+    rm .\google-cloud-sdk-$env:GOOGLE_CLOUD_CLI_VERSION-windows-x86_64.zip
+
+# Update Path
+RUN $old = (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name path).path; `
+    Write-Host $old; `
+    $gcloudPath = ';C:\google-cloud-sdk\bin'; `    
+    $new = $old + $gcloudPath; `
+    Write-Host $new; `
+    Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name path -Value $new; `
+    Import-Module $env:ChocolateyInstall\helpers\chocolateyProfile.psm1; `
+    refreshenv