🌱 Ensure build images contains correct binary and for correct architecture #9932
Conversation
k8s-ci-robot
added
do-not-merge/invalid-commit-message
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @akshay196. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
size/M
akshay196
force-pushed
the
image-contains-correct-binary-9758
branch
from
b97f3f7 to
c658ab0
Compare
k8s-ci-robot
removed
the
do-not-merge/invalid-commit-message
|
/ok-to-test /assign @chrischdi |
k8s-ci-robot
added
ok-to-test
akshay196
force-pushed
the
image-contains-correct-binary-9758
branch
2 times, most recently
from
e68454e to
66f5574
Compare
|
Hey @chrischdi Can you please take a look at this PR? Let me know if you've any comments. |
|
Thanks for tackling this issue 👍 🏆 |
akshay196
force-pushed
the
image-contains-correct-binary-9758
branch
from
66f5574 to
b268da9
Compare
|
/retest |
|
@chrischdi @cahillsf Updated PR to address your comments. PTAL |
|
do we want this target to fail on verify failures? i think the current behavior will just echo a failure log and proceed with the rest of the release process, meaning that we will need to go into the Cloudbuild logs for each release to ensure no failures are found prior to promoting the images (and that image verification failures will not be reflected in the prow job state in the event that we merge a change that introduces a problem). I think it would be better if this target fails if any verify failures are encountered and bubbles them up to the prow job status wdyt @chrischdi? |
Good point, it definitely has to fail when failures are detected. |
|
Agree. Would be good if it fails, especially before pushing the broken images. |
akshay196
force-pushed
the
image-contains-correct-binary-9758
branch
from
b268da9 to
68f5253
Compare
|
Updated script to fail when image verification fails. |
|
Good job, thank you. /lgtm |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: b846df14dcce68702d2d00caec2a8f1d36cc4ce1
|
|
/assign |
|
@sbueringer Checking if you get a chance to take a look at this. |
| TESTIMAGE "${REGISTRY}/cluster-api-controller-${arch}:${TAG}" "${arch}" "sigs.k8s.io/cluster-api$" | ||
| TESTIMAGE "${REGISTRY}/kubeadm-bootstrap-controller-${arch}:${TAG}" "${arch}" "sigs.k8s.io/cluster-api/bootstrap/kubeadm$" | ||
| TESTIMAGE "${REGISTRY}/kubeadm-control-plane-controller-${arch}:${TAG}" "${arch}" "sigs.k8s.io/cluster-api/controlplane/kubeadm$" | ||
| TESTIMAGE "${REGISTRY}/capd-manager-${arch}:${TAG}" "${arch}" "command-line-arguments$" |
There was a problem hiding this comment.
@chrischdi Not super important. Do you have any idea why in CAPD we have command-line-arguments?
There was a problem hiding this comment.
Maybe due to difference between building both binaries.
CAPD build:
# Build the CAPD manager using the compiler cache folder
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} go build -trimpath -a -o /workspace/manager main.go
and
Core controller:
# Do not force rebuild of up-to-date packages (do not use -a) and use the compiler cache folder
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} \
go build -trimpath -ldflags "${ldflags} -extldflags '-static'" \
-o manager ${package}
Not sure if this is the actual reason.
There was a problem hiding this comment.
The reason is in CAPD we refer a file main.go and for the other controllers we pass the package.
Changing main.go to . (to refer the relative package inside the workdir) would fix the path also for capd:
path sigs.k8s.io/cluster-api/test/infrastructure/docker
There was a problem hiding this comment.
Maybe worth doing that change and change the test to sigs.k8s.io/cluster-api/test/infrastructure/docker ?
There was a problem hiding this comment.
Yeah. Let's do it in a separate PR though. Can one of you follow-up please?
(so we unblock @cahillsf)
There was a problem hiding this comment.
sure, I will raise a separate PR directly as it is small change.
There was a problem hiding this comment.
@akshay196 Just fyi @chrischdi already opened the follow-up PR (#10030). So we're good :)
Ensures build images contains the correct binary and are for the correct architecture. Signed-off-by: Akshay Gaikwad <[email protected]>
akshay196
force-pushed
the
image-contains-correct-binary-9758
branch
from
68f5253 to
e55cc52
Compare
k8s-ci-robot
removed
the
lgtm
|
/retest |
|
Thx! /lgtm |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: 9cfe001b80adaf3663549736fbbe6923dbb834e2
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sbueringer The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
Thanks @sbueringer @chrischdi @cahillsf for reviewing and merging. |
What this PR does / why we need it:
Ensures build images contains the correct binary and are for the correct architecture.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #9758
/area ci