From 928c7b936fd4a12c3d60c2b6afe7b1b0a6f0bc70 Mon Sep 17 00:00:00 2001 From: Manuel Buil Date: Wed, 24 Jan 2024 11:28:27 +0100 Subject: [PATCH] First commit Signed-off-by: Manuel Buil --- .drone.yml | 143 ++++++++++++++++++++++++++ Dockerfile | 33 ++++++ LICENSE | 150 ++++++++++++++++++++++++++++ Makefile | 55 ++++++++++ manifest.tmpl | 12 +++ updatecli/updatecli.d/updatecli.yml | 81 +++++++++++++++ updatecli/validate.yml | 1 + updatecli/values.yaml | 5 + 8 files changed, 480 insertions(+) create mode 100644 .drone.yml create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 Makefile create mode 100644 manifest.tmpl create mode 100644 updatecli/updatecli.d/updatecli.yml create mode 100644 updatecli/validate.yml create mode 100644 updatecli/values.yaml diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..2729e1e --- /dev/null +++ b/.drone.yml @@ -0,0 +1,143 @@ +--- +kind: pipeline +type: docker +name: linux-amd64 + +platform: + os: linux + arch: amd64 + +steps: +- name: build + pull: always + image: rancher/hardened-build-base:v1.20.7b3 + commands: + - make DRONE_TAG=${DRONE_TAG} + volumes: + - name: docker + path: /var/run/docker.sock + when: + ref: + include: + - refs/heads/main + - refs/pull/** + - refs/tags/* + +- name: publish + image: rancher/hardened-build-base:v1.20.7b3 + commands: + - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD + - make DRONE_TAG=${DRONE_TAG} image-push + environment: + DOCKER_PASSWORD: + from_secret: docker_password + DOCKER_USERNAME: + from_secret: docker_username + volumes: + - name: docker + path: /var/run/docker.sock + when: + event: + - tag + +- name: scan + image: rancher/hardened-build-base:v1.20.7b3 + commands: + - make DRONE_TAG=${DRONE_TAG} image-scan + volumes: + - name: docker + path: /var/run/docker.sock + when: + ref: + include: + - refs/heads/main + - refs/pull/** + - refs/tags/* + +volumes: +- name: docker + host: + path: /var/run/docker.sock +--- +kind: pipeline +type: docker +name: linux-arm64 + +platform: + os: linux + arch: arm64 + +steps: +- name: build + pull: always + image: rancher/hardened-build-base:v1.20.7b3 + commands: + - make DRONE_TAG=${DRONE_TAG} + volumes: + - name: docker + path: /var/run/docker.sock + when: + ref: + include: + - refs/heads/main + - refs/pull/** + - refs/tags/* + +- name: publish + image: rancher/hardened-build-base:v1.20.7b3 + commands: + - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD + - make DRONE_TAG=${DRONE_TAG} image-push + environment: + DOCKER_PASSWORD: + from_secret: docker_password + DOCKER_USERNAME: + from_secret: docker_username + volumes: + - name: docker + path: /var/run/docker.sock + when: + event: + - tag + +- name: scan + image: rancher/hardened-build-base:v1.20.7b3 + commands: + - make DRONE_TAG=${DRONE_TAG} image-scan + volumes: + - name: docker + path: /var/run/docker.sock + when: + ref: + include: + - refs/heads/main + - refs/pull/** + - refs/tags/* + +volumes: +- name: docker + host: + path: /var/run/docker.sock +--- +kind: pipeline +type: docker +name: manifest +platform: + os: linux + arch: amd64 +steps: +- name: push + image: plugins/manifest:1.2.3 + settings: + password: + from_secret: docker_password + username: + from_secret: docker_username + spec: manifest.tmpl + ignore_missing: true + when: + event: + - tag +depends_on: +- linux-amd64 +- linux-arm64 diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..278b5f1 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,33 @@ +ARG GO_IMAGE=rancher/hardened-build-base:v1.20.7b3 +ARG TAG="v1.8.10" +ARG ARCH="amd64" +FROM ${GO_IMAGE} as base-builder +# setup required packages +RUN set -x && \ + apk --no-cache add \ + file \ + gcc \ + git \ + make + +# setup the autoscaler build +FROM base-builder as autoscaler-builder +ARG SRC=github.com/kubernetes-sigs/cluster-proportional-autoscaler +ARG PKG=github.com/kubernetes-sigs/cluster-proportional-autoscaler +RUN git clone --depth=1 https://${SRC}.git $GOPATH/src/${PKG} +ARG TAG="1.8.10" +ARG ARCH="amd64" +WORKDIR $GOPATH/src/${PKG} +RUN git fetch --all --tags --prune +RUN git checkout tags/${TAG} -b ${TAG} +RUN GOARCH=${ARCH} GO_LDFLAGS="-linkmode=external -X ${PKG}/pkg/version.VERSION=${TAG}" \ + go-build-static.sh -gcflags=-trimpath=${GOPATH}/src -o . ./... +RUN go-assert-static.sh cluster-proportional-autoscaler +RUN if [ "${ARCH}" = "amd64" ]; then \ + go-assert-boring.sh cluster-proportional-autoscaler; \ + fi +RUN install -s cluster-proportional-autoscaler /usr/local/bin + +FROM scratch as autoscaler +COPY --from=autoscaler-builder /usr/local/bin/cluster-proportional-autoscaler /cluster-proportional-autoscaler +ENTRYPOINT ["/cluster-proportional-autoscaler"] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..2eb95ed --- /dev/null +++ b/LICENSE @@ -0,0 +1,150 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + 1. Definitions. + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + END OF TERMS AND CONDITIONSn \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..bc4ab11 --- /dev/null +++ b/Makefile @@ -0,0 +1,55 @@ +SEVERITIES = HIGH,CRITICAL + +UNAME_M = $(shell uname -m) +ARCH= +ifeq ($(UNAME_M), x86_64) + ARCH=amd64 +else ifeq ($(UNAME_M), aarch64) + ARCH=arm64 +else + ARCH=$(UNAME_M) +endif + +BUILD_META=-build$(shell date +%Y%m%d) +ORG ?= rancher +PKG ?= github.com/kubernetes-sigs/cluster-proportional-autoscaler +SRC ?= github.com/kubernetes-sigs/cluster-proportional-autoscaler +TAG ?= v1.8.10$(BUILD_META) +export DOCKER_BUILDKIT?=1 + +ifneq ($(DRONE_TAG),) + TAG := $(DRONE_TAG) +endif + +ifeq (,$(filter %$(BUILD_META),$(TAG))) + $(error TAG needs to end with build metadata: $(BUILD_META)) +endif + +.PHONY: image-build +image-build: + docker build \ + --pull \ + --build-arg PKG=$(PKG) \ + --build-arg SRC=$(SRC) \ + --build-arg TAG=$(TAG:$(BUILD_META)=) \ + --build-arg ARCH=$(ARCH) \ + --target autoscaler \ + --tag $(ORG)/hardened-cluster-autoscaler:$(TAG) \ + --tag $(ORG)/hardened-cluster-autoscaler:$(TAG)-$(ARCH) \ + . + +.PHONY: image-push +image-push: + docker push $(ORG)/hardened-cluster-autoscaler:$(TAG)-$(ARCH) + +.PHONY: image-manifest +image-manifest: + DOCKER_CLI_EXPERIMENTAL=enabled docker manifest create --amend \ + $(ORG)/hardened-cluster-autoscaler:$(TAG) \ + $(ORG)/hardened-cluster-autoscaler:$(TAG)-$(ARCH) + DOCKER_CLI_EXPERIMENTAL=enabled docker manifest push \ + $(ORG)/hardened-cluster-autoscaler:$(TAG) + +.PHONY: image-scan +image-scan: + trivy image --severity $(SEVERITIES) --no-progress --ignore-unfixed $(ORG)/hardened-cluster-autoscaler:$(TAG) diff --git a/manifest.tmpl b/manifest.tmpl new file mode 100644 index 0000000..7d5d3b7 --- /dev/null +++ b/manifest.tmpl @@ -0,0 +1,12 @@ +image: rancher/hardened-cluster-autoscaler:{{build.tag}} +manifests: + - + image: rancher/hardened-cluster-autoscaler:{{build.tag}}-amd64 + platform: + architecture: amd64 + os: linux + - + image: rancher/hardened-cluster-autoscaler:{{build.tag}}-arm64 + platform: + architecture: arm64 + os: linux diff --git a/updatecli/updatecli.d/updatecli.yml b/updatecli/updatecli.d/updatecli.yml new file mode 100644 index 0000000..2b70099 --- /dev/null +++ b/updatecli/updatecli.d/updatecli.yml @@ -0,0 +1,81 @@ +# This small test makes sure that updatecli is working properly on a repo. +# To test this: +# have "UPDATECLI_GITHUB_ACTOR" env set to your github username +# have "UPDATECLI_GITHUB_TOKEN" env set to your github token +# have the latest version of updatecli installed +# 'updatecli diff -v updatecli/values.yaml -c updatecli/updatecli.d/updatecli.yml' +# In the future, more useful files should be added to this directory. +--- +name: "Introduce updatecli to repo and validate basic functionality" +# Make sure we can pull in github repos from multiple orgs +scms: + image-build-autoscaler: + kind: "github" + spec: + user: "{{ .github.user }}" + email: "{{ .github.email }}" + username: "{{ requiredEnv .github.username }}" + token: '{{ requiredEnv .github.token }}' + owner: rancher + repository: image-build-dns-nodecache + branch: master + go: + kind: "github" + spec: + user: "{{ .github.user }}" + email: "{{ .github.email }}" + username: "{{ requiredEnv .github.username }}" + token: '{{ requiredEnv .github.token }}' + owner: golang + repository: go + branch: master + +sources: + # validate gittag parsing external public repos + goTag: + name: "Get Go 1.20.2 tag" + kind: "gittag" + scmid: "go" + spec: + versionfilter: + kind: "regex" + pattern: '^go1\.20\.2$' + +# Validate read access to local repo +## continue to targets if the go version in the validate file doesn't match the goTag source +conditions: + testVersionShouldMatchGoTag: + name: + kind: yaml + sourceid: goTag + spec: + file: "updatecli/validate.yml" + key: version + failwhen: true #if set to true, continue to targets when condition is true rather than false + +# Validate the ability to generate branches, commits, what the commits look like, and what branches look like +## allow validation of workflow to delete unused branch after merge +## generate a commit on a branch named updatecli_<256 sha of change> +## the commit message will be automatically generated by updatecli based on the change +targets: + updateValidateFile: + name: "Update the version in the validate file" + kind: "yaml" + scmid: image-build-dns-nodecache + sourceid: goTag + spec: + file: "updatecli/validate.yml" + key: version + +# Validate generating a pull request +actions: + # create a pull request which is not allowed to automerge + # the title matches the commit message + github: + kind: "github/pullrequest" + scmid: image-build-dns-nodecache + spec: + automerge: false + draft: false + mergemethod: squash + parent: false # this would allow for making a PR to an upstream fork, if we ran updatecli from a fork diff --git a/updatecli/validate.yml b/updatecli/validate.yml new file mode 100644 index 0000000..ce81ec9 --- /dev/null +++ b/updatecli/validate.yml @@ -0,0 +1 @@ +version: go1.20.2 diff --git a/updatecli/values.yaml b/updatecli/values.yaml new file mode 100644 index 0000000..cf13045 --- /dev/null +++ b/updatecli/values.yaml @@ -0,0 +1,5 @@ +github: + user: "github-actions[bot]" + email: "41898282+github-actions[bot]@users.noreply.github.com" + username: "UPDATECLI_GITHUB_ACTOR" + token: "UPDATECLI_GITHUB_TOKEN"