Skip to content

Commit

Permalink
Merge pull request #235 from darkowlzz/libgit2-build-cherry-pick
Browse files Browse the repository at this point in the history
libgit2 build cherry pick
  • Loading branch information
darkowlzz authored Nov 11, 2021
2 parents 0c495d1 + a6dcadc commit 4674222
Show file tree
Hide file tree
Showing 10 changed files with 231 additions and 93 deletions.
1 change: 1 addition & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
hack/libgit2/
38 changes: 27 additions & 11 deletions .github/actions/run-tests/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,19 +1,35 @@
FROM golang:1.16-buster as builder

# Up-to-date libgit2 dependencies are only available in sid (unstable).
RUN echo "deb http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list \
&& echo "deb-src http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list
RUN set -eux; \
apt-get update \
&& apt-get install -y libgit2-dev/unstable zlib1g-dev/unstable libssh2-1-dev/unstable libpcre3-dev/unstable \
&& apt-get clean \
&& apt-get autoremove --purge -y \
&& rm -rf /var/lib/apt/lists/*
ARG BASE_VARIANT=bullseye
ARG GO_VERSION=1.16.8
ARG XX_VERSION=1.0.0-rc.2

ARG LIBGIT2_IMG=ghcr.io/fluxcd/golang-with-libgit2
ARG LIBGIT2_TAG=libgit2-1.1.1-1

FROM tonistiigi/xx:${XX_VERSION} AS xx
FROM ${LIBGIT2_IMG}:${LIBGIT2_TAG} as libgit2

FROM golang:${GO_VERSION}-${BASE_VARIANT} as gostable

# Copy the build utiltiies
COPY --from=xx / /
COPY --from=libgit2 /Makefile /libgit2/

# Install the libgit2 build dependencies
RUN make -C /libgit2 cmake

RUN make -C /libgit2 dependencies

# Compile and install libgit2
RUN FLAGS=$(xx-clang --print-cmake-defines) make -C /libgit2 libgit2

# Use the GitHub Actions uid:gid combination for proper fs permissions
RUN groupadd -g 116 test && \
useradd -u 1001 --gid test --shell /bin/sh --create-home test

# Run as test user
USER test

# Set path to envtest binaries.
ENV PATH="/github/workspace/envtest:${PATH}"

ENTRYPOINT ["/bin/sh", "-c"]
5 changes: 4 additions & 1 deletion .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,11 @@ jobs:
${{ runner.os }}-go-
- name: Set up kubebuilder
uses: fluxcd/pkg/actions/kubebuilder@main
- name: Setup envtest
uses: fluxcd/pkg/actions/envtest@main
with:
version: "1.19.2"
- name: Run tests
uses: ./.github/actions/run-tests
env:
GOPATH: /github/home/go
KUBEBUILDER_ASSETS: ${{ github.workspace }}/kubebuilder/bin
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,6 @@ bin
*.swp
*.swo
*~

# Exclude all libgit2 related files
hack/libgit2/
34 changes: 34 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,40 @@ to join the conversation (this will also add an invitation to your
Google calendar for our [Flux
meeting](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/edit#)).

### Installing required dependencies

The dependency [libgit2](https://libgit2.org/) needs to be installed to be able
to run source-controller or its test-suite locally (not in a container).

In case this dependency is not present on your system (at the expected
version), the first invocation of a `make` target that requires the
dependency will attempt to compile it locally to `hack/libgit2`. For this build
to succeed; CMake, OpenSSL 1.1 and LibSSH2 must be present on the system.

Triggering a manual build of the dependency is possible as well by running
`make libgit2`. To enforce the build, for example if your system dependencies
match but are not linked in a compatible way, append `LIBGIT2_FORCE=1` to the
`make` command.

#### macOS

```console
$ # Ensure libgit2 dependencies are available
$ brew install cmake [email protected] libssh2 pkg-config
$ LIBGIT2_FORCE=1 make libgit2
```

#### Linux

```console
$ # Ensure libgit2 dependencies are available
$ pacman -S cmake openssl libssh2
$ LIBGIT2_FORCE=1 make libgit2
```

**Note:** Example shown is for Arch Linux, but likewise procedure can be
followed using any other package manager, e.g. `apt`.

### How to run the test suite

Prerequisites:
Expand Down
102 changes: 69 additions & 33 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,26 +1,49 @@
FROM golang:1.16-buster as builder

# Up-to-date libgit2 dependencies are only available in sid (unstable).
# The libgit2 dependencies must be listed here to be able to build on ARM64.
RUN echo "deb http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list \
&& echo "deb-src http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list
RUN set -eux; \
apt-get update \
&& apt-get install -y libgit2-dev/unstable zlib1g-dev/unstable libssh2-1-dev/unstable libpcre3-dev/unstable \
&& apt-get clean \
&& apt-get autoremove --purge -y \
&& rm -rf /var/lib/apt/lists/*
ARG BASE_VARIANT=bullseye
ARG GO_VERSION=1.16.8
ARG XX_VERSION=1.0.0-rc.2

WORKDIR /workspace
ARG LIBGIT2_IMG=ghcr.io/fluxcd/golang-with-libgit2
ARG LIBGIT2_TAG=libgit2-1.1.1-1

# Copy the Go Modules manifests
COPY go.mod go.mod
COPY go.sum go.sum
FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
FROM ${LIBGIT2_IMG}:${LIBGIT2_TAG} as libgit2

FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-${BASE_VARIANT} as gostable
FROM --platform=$BUILDPLATFORM golang:1.17rc1-${BASE_VARIANT} AS golatest

FROM gostable AS go-linux

FROM go-${TARGETOS} AS build-base-bullseye

# Copy the build utiltiies
COPY --from=xx / /
COPY --from=libgit2 /Makefile /libgit2/

# Install the libgit2 build dependencies
RUN make -C /libgit2 cmake

ARG TARGETPLATFORM
RUN make -C /libgit2 dependencies

FROM build-base-${BASE_VARIANT} as libgit2-bullseye

# Compile and install libgit2
ARG TARGETPLATFORM
RUN FLAGS=$(xx-clang --print-cmake-defines) make -C /libgit2 libgit2

FROM libgit2-${BASE_VARIANT} as build-bullseye

# Configure workspace
WORKDIR /workspace

# This has its own go.mod, which needs to be present so go mod
# download works.
COPY api/ api/

# Copy modules manifests
COPY go.mod go.mod
COPY go.sum go.sum

# cache deps before building and copying source so that we don't need to re-download as much
# and so that source changes don't invalidate our downloaded layer
RUN go mod download
Expand All @@ -30,30 +53,43 @@ COPY main.go main.go
COPY pkg/ pkg/
COPY controllers/ controllers/

# Build
RUN CGO_ENABLED=1 go build -o image-automation-controller main.go
# Build the binary
ENV CGO_ENABLED=1
ARG TARGETPLATFORM
RUN xx-go build -o image-automation-controller -trimpath \
main.go

FROM debian:buster-slim as controller
FROM build-${BASE_VARIANT} as prepare-bullseye

LABEL org.opencontainers.image.source="https://github.com/fluxcd/image-automation-controller"
# Move libgit2 lib to generic and predictable location
ARG TARGETPLATFORM
RUN mkdir -p /libgit2/lib/ \
&& cp -d /usr/lib/$(xx-info triple)/libgit2.so* /libgit2/lib/

# Up-to-date libgit2 dependencies are only available in
# unstable, as libssh2 in testing/bullseye has been linked
# against gcrypt which causes issues with PKCS* formats.
RUN echo "deb http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list \
&& echo "deb-src http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list
RUN set -eux; \
apt-get update \
&& apt-get install -y ca-certificates libgit2-1.1 \
&& apt-get clean \
&& apt-get autoremove --purge -y \
&& rm -rf /var/lib/apt/lists/*
FROM prepare-${BASE_VARIANT} as build

COPY --from=builder /workspace/image-automation-controller /usr/local/bin/
FROM debian:${BASE_VARIANT}-slim as controller

# Configure user
RUN groupadd controller && \
useradd --gid controller --shell /bin/sh --create-home controller

USER controller
# Copy libgit2
COPY --from=build /libgit2/lib/ /usr/local/lib/
RUN ldconfig

# Upgrade packages and install runtime dependencies
RUN echo "deb http://deb.debian.org/debian sid main" >> /etc/apt/sources.list \
&& echo "deb-src http://deb.debian.org/debian sid main" >> /etc/apt/sources.list \
&& apt update \
&& apt install --no-install-recommends -y zlib1g/sid libssl1.1/sid libssh2-1/sid \
&& apt install --no-install-recommends -y ca-certificates \
&& apt clean \
&& apt autoremove --purge -y \
&& rm -rf /var/lib/apt/lists/*

# Copy over binary from build
COPY --from=build /workspace/image-automation-controller /usr/local/bin/

USER controller
ENTRYPOINT [ "image-automation-controller" ]
Loading

0 comments on commit 4674222

Please sign in to comment.