diff --git a/.github/workflows/build-rust-injector.yml b/.github/workflows/build-rust-injector.yml index c4b3049916..f315c52f4f 100644 --- a/.github/workflows/build-rust-injector.yml +++ b/.github/workflows/build-rust-injector.yml @@ -1,7 +1,4 @@ -name: Build Rust Binary - -env: - zarfInjectorPath: 'src/injector/stage1/target/x86_64-unknown-linux-musl/release/zarf-injector' +name: Publish Injector Stage I on: workflow_dispatch: @@ -12,33 +9,39 @@ on: branchName: description: "Branch to build the injector from" required: false - default: 'master' + default: "master" jobs: build-injector: - runs-on: ubuntu-latest + runs-on: self-hosted steps: + - name: "Dependency: Install cosign" + uses: sigstore/cosign-installer@v2.5.0 + + - name: "Dependency: Setup rust toolchain" + run: | + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path + echo "$HOME/.cargo/bin" >> $GITHUB_PATH + - name: "Checkout Repo" uses: actions/checkout@v3 with: ref: ${{ github.event.inputs.branchName }} - - name: "Install cosign" - uses: sigstore/cosign-installer@v2.5.0 - - - name: "Install Rust And Build" - uses: gmiam/rust-musl-action@v1.1.1 - with: - args: cargo build --target x86_64-unknown-linux-musl --release --manifest-path src/injector/stage1/Cargo.toml + - name: "Build Rust Binary for x86_64" + working-directory: src/injector/stage1 + run: | + cargo build --target x86_64-unknown-linux-musl --release + strip target/x86_64-unknown-linux-musl/release/zarf-injector - - name: "Strip The Binary Down" - run: sudo strip ${{ env.zarfInjectorPath }} - - - name: "Upload Rust Binary" - uses: actions/upload-artifact@v3 - with: - name: zarf-injector - path: ${{ env.zarfInjectorPath }} + - name: "Build Rust Binary for aarch64" + working-directory: src/injector/stage1 + run: | + rustup target add aarch64-unknown-linux-musl + curl https://musl.cc/aarch64-linux-musl-cross.tgz | tar -xz + export PATH="$PWD/aarch64-linux-musl-cross/bin:$PATH" + cargo build --target aarch64-unknown-linux-musl --release + aarch64-linux-musl-strip target/aarch64-unknown-linux-musl/release/zarf-injector - name: Login to Docker Hub uses: docker/login-action@v2 @@ -46,14 +49,18 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: "Upload Binary To DockerHub" - run: cosign upload blob -f ${{ env.zarfInjectorPath }} defenseunicorns/zarf-injector:${{ github.event.inputs.versionTag }} + - name: "Upload Binaries To DockerHub" + working-directory: src/injector/stage1/target + run: | + cosign upload blob -f x86_64-unknown-linux-musl/release/zarf-injector defenseunicorns/zarf-injector:amd64-${{ github.event.inputs.versionTag }} + cosign upload blob -f aarch64-unknown-linux-musl/release/zarf-injector defenseunicorns/zarf-injector:arm64-${{ github.event.inputs.versionTag }} - - name: "Sign the binary" - run: cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-injector:${{ github.event.inputs.versionTag }} + - name: "Sign the binaries" + run: | + cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-injector:amd64-${{ github.event.inputs.versionTag }} + cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-injector:arm64-${{ github.event.inputs.versionTag }} env: COSIGN_EXPERIMENTAL: 1 AWS_REGION: ${{ secrets.COSIGN_AWS_REGION }} AWS_ACCESS_KEY_ID: ${{ secrets.COSIGN_AWS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.COSIGN_AWS_ACCESS_KEY }} - diff --git a/.github/workflows/build-zarf-agent.yml b/.github/workflows/build-zarf-agent.yml deleted file mode 100644 index 02fec3c786..0000000000 --- a/.github/workflows/build-zarf-agent.yml +++ /dev/null @@ -1,66 +0,0 @@ -name: Build and Publish Zarf Agent Image - -on: - workflow_dispatch: - inputs: - versionTag: - description: "Version tag" - required: true - branchName: - description: "Branch to build the agent from" - required: false - default: "master" - -jobs: - build-agent: - runs-on: ubuntu-latest - steps: - - name: "Install GoLang" - uses: actions/setup-go@v3 - with: - go-version: 1.18.x - - - name: "Checkout Repo" - uses: actions/checkout@v3 - with: - ref: ${{ github.event.inputs.branchName }} - - - name: "Setup caching" - uses: actions/cache@v3 - with: - path: | - ~/.cache/go-build - ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - - - name: "Install cosign" - uses: sigstore/cosign-installer@v2.5.0 - - - name: "Set up Docker Buildx" - id: buildx - uses: docker/setup-buildx-action@v2 - - - name: "Login to Docker Hub" - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: "Build zarf binaries" - run: make build-cli-linux - - - name: "Rename binaries for packaging" - run: mv build/zarf build/zarf-linux-amd64 && mv build/zarf-arm build/zarf-linux-arm64 - - - name: "Build and Publish the Image" - run: docker buildx build --push --platform linux/arm64/v8,linux/amd64 --tag defenseunicorns/zarf-agent:${{ github.event.inputs.versionTag }} . - - - name: "Sign the Image" - run: cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-agent:${{ github.event.inputs.versionTag }} - env: - COSIGN_EXPERIMENTAL: 1 - AWS_REGION: ${{ secrets.COSIGN_AWS_REGION }} - AWS_ACCESS_KEY_ID: ${{ secrets.COSIGN_AWS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.COSIGN_AWS_ACCESS_KEY }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index f4100c92b5..f3d775d89a 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -2,16 +2,21 @@ name: docs on: pull_request: paths: - - '**.md' - - '**.jpg' - - '**.png' - - '**.gif' - - '**.svg' - - 'adr/**' - - 'docs/**' + - "**.md" + - "**.jpg" + - "**.png" + - "**.gif" + - "**.svg" + - "adr/**" + - "docs/**" + +# Abort prior jobs in the same workflow / PR +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: validate: runs-on: ubuntu-latest steps: - - run: 'echo "Not required, non-code changes only." ' + - run: 'echo "Not required, non-code changes only." ' diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml index fb4808d439..609722b7c1 100644 --- a/.github/workflows/labels.yml +++ b/.github/workflows/labels.yml @@ -3,11 +3,15 @@ on: pull_request: types: [labeled, unlabeled, opened, edited, synchronize] +# Abort prior jobs in the same workflow / PR +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: enforce: runs-on: ubuntu-latest steps: - - uses: yogevbd/enforce-label-action@2.2.2 - with: - BANNED_LABELS: "needs-docs,needs-tests,needs-adr,needs-git-sign-off" + - uses: yogevbd/enforce-label-action@2.2.2 + with: + BANNED_LABELS: "needs-docs,needs-tests,needs-adr,needs-git-sign-off" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8d53c4b565..223db42d47 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,31 +3,56 @@ name: Publish Zarf Packages on Tag on: push: tags: - - 'v*' + - "v*" jobs: push-resources: runs-on: self-hosted steps: - - name: Install GoLang + - name: "Dependency: Install Golang" uses: actions/setup-go@v3 with: go-version: 1.18.x - - name: Checkout Repo + - name: "Dependency: Install Docker Buildx" + id: buildx + uses: docker/setup-buildx-action@v2 + + - name: "Checkout Repo" uses: actions/checkout@v3 with: fetch-depth: 0 - - name: "Setup caching" - uses: actions/cache@v3 + - name: "Build CLI" + run: make build-cli-linux + + - name: "Zarf Agent: Login to Docker Hub" + uses: docker/login-action@v2 with: - path: | - ~/.cache/go-build - ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: "Zarf Agent: Build and Publish the Image" + run: | + cp build/zarf build/zarf-linux-amd64 && cp build/zarf-arm build/zarf-linux-arm64 + docker buildx build --push linux/arm64/v8,linux/amd64 --tag defenseunicorns/zarf-agent:$GITHUB_REF_NAME . + + - name: "Zarf Agent: Sign the Image" + run: cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=$GITHUB_REF_NAME defenseunicorns/zarf-agent:$GITHUB_REF_NAME + env: + COSIGN_EXPERIMENTAL: 1 + AWS_REGION: ${{ secrets.COSIGN_AWS_REGION }} + AWS_ACCESS_KEY_ID: ${{ secrets.COSIGN_AWS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.COSIGN_AWS_ACCESS_KEY }} + + # Builds init packages since GoReleaser won't handle this for us + - name: "Build init-packages For Release" + run: | + make init-package ARCH=amd64 AGENT_IMAGE=defenseunicorns/zarf-agent:$GITHUB_REF_NAME + make init-package ARCH=arm64 AGENT_IMAGE=defenseunicorns/zarf-agent:$GITHUB_REF_NAME + + - name: "Run Tests" + run: sudo env "PATH=$PATH" CI=true APPLIANCE_MODE=true make test-e2e ARCH=amd64 # Set up AWS credentials for GoReleaser to upload backups of artifacts to S3 - name: Set AWS Credentials @@ -37,12 +62,6 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_GOV_SECRET_ACCESS_KEY }} aws-region: us-gov-west-1 - # Builds init packages since GoReleaser won't handle this for us - - name: "Build init-packages For Release" - run: | - make build-cli-linux-amd init-package ARCH=amd64 - make init-package ARCH=arm64 - # Create the GitHub release notes, upload artifact backups to S3, publish homebrew recipe - name: Run GoReleaser uses: goreleaser/goreleaser-action@v3 @@ -53,3 +72,6 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.ZARF_ORG_PROJECT_TOKEN }} + + - name: "Cleanup" + run: sudo make destroy diff --git a/.github/workflows/test-k3d.yml b/.github/workflows/test-k3d.yml index afe1322839..04b8707d00 100644 --- a/.github/workflows/test-k3d.yml +++ b/.github/workflows/test-k3d.yml @@ -10,26 +10,46 @@ on: - "adr/**" - "docs/**" +# Abort prior jobs in the same workflow / PR +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: validate: runs-on: self-hosted steps: - - name: "Install GoLang" + - name: "Dependency: Install Golang" uses: actions/setup-go@v3 with: go-version: 1.18.x - - name: "Checkout Repo" - uses: actions/checkout@v3 + - name: "Dependency: Install Docker Buildx" + id: buildx + uses: docker/setup-buildx-action@v2 - - name: "K3d cluster init" + - name: "Dependency: K3d cluster init" run: k3d cluster delete && k3d cluster create + - name: "Checkout Repo" + uses: actions/checkout@v3 + - name: "Build CLI" run: make build-cli-linux-amd ARCH=amd64 + - name: "Zarf Agent: Login to Docker Hub" + uses: docker/login-action@v2 + with: + username: zarfdev + password: ${{ secrets.ZARF_DEV_DOCKERHUB }} + + - name: "Zarf Agent: Build and Publish the Image" + run: | + cp build/zarf build/zarf-linux-amd64 + docker buildx build --push --platform linux/amd64 --tag zarfdev/agent:$GITHUB_SHA . + - name: "Make Packages" - run: make init-package build-examples ARCH=amd64 + run: make init-package build-examples ARCH=amd64 AGENT_IMAGE=zarfdev/agent:$GITHUB_SHA - name: "Run Tests" # NOTE: This test run will create its own K3d cluster. A single cluster will be used throughout the test run. diff --git a/.github/workflows/test-k3s.yml b/.github/workflows/test-k3s.yml index 72f1c1d82f..1734803182 100644 --- a/.github/workflows/test-k3s.yml +++ b/.github/workflows/test-k3s.yml @@ -10,23 +10,43 @@ on: - "adr/**" - "docs/**" +# Abort prior jobs in the same workflow / PR +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: validate: runs-on: self-hosted steps: - - name: "Install GoLang" + - name: "Dependency: Install Golang" uses: actions/setup-go@v3 with: go-version: 1.18.x + - name: "Dependency: Install Docker Buildx" + id: buildx + uses: docker/setup-buildx-action@v2 + - name: "Checkout Repo" uses: actions/checkout@v3 - name: "Build CLI" run: make build-cli-linux-amd ARCH=amd64 + - name: "Zarf Agent: Login to Docker Hub" + uses: docker/login-action@v2 + with: + username: zarfdev + password: ${{ secrets.ZARF_DEV_DOCKERHUB }} + + - name: "Zarf Agent: Build and Publish the Image" + run: | + cp build/zarf build/zarf-linux-amd64 + docker buildx build --push --platform linux/amd64 --tag zarfdev/agent:$GITHUB_SHA . + - name: "Make Packages" - run: make init-package build-examples ARCH=amd64 + run: make init-package build-examples ARCH=amd64 AGENT_IMAGE=zarfdev/agent:$GITHUB_SHA - name: "Run Tests" # NOTE: "PATH=$PATH" preserves the default user $PATH. This is needed to maintain the version of go installed diff --git a/.github/workflows/test-kind.yml b/.github/workflows/test-kind.yml index 297de82f3e..7870375474 100644 --- a/.github/workflows/test-kind.yml +++ b/.github/workflows/test-kind.yml @@ -10,26 +10,46 @@ on: - "adr/**" - "docs/**" +# Abort prior jobs in the same workflow / PR +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: validate: runs-on: self-hosted steps: - - name: "Install GoLang" + - name: "Dependency: Install Golang" uses: actions/setup-go@v3 with: go-version: 1.18.x - - name: "Checkout Repo" - uses: actions/checkout@v3 + - name: "Dependency: Install Docker Buildx" + id: buildx + uses: docker/setup-buildx-action@v2 - - name: "Kind Cluster Init" + - name: "Dependency: Kind Cluster Init" run: kind delete cluster && kind create cluster + - name: "Checkout Repo" + uses: actions/checkout@v3 + - name: "Build CLI" run: make build-cli-linux-amd ARCH=amd64 + - name: "Zarf Agent: Login to Docker Hub" + uses: docker/login-action@v2 + with: + username: zarfdev + password: ${{ secrets.ZARF_DEV_DOCKERHUB }} + + - name: "Zarf Agent: Build and Publish the Image" + run: | + cp build/zarf build/zarf-linux-amd64 + docker buildx build --push --platform linux/amd64 --tag zarfdev/agent:$GITHUB_SHA . + - name: "Make Packages" - run: make init-package build-examples ARCH=amd64 + run: make init-package build-examples ARCH=amd64 AGENT_IMAGE=zarfdev/agent:$GITHUB_SHA - name: "Run Tests" # NOTE: We want to test providing a cluster to the test framework so this one creates its own KinD cluster diff --git a/.github/workflows/zarf-schema-check.yml b/.github/workflows/zarf-schema-check.yml index a3c0f9a49a..9f086ea7a9 100644 --- a/.github/workflows/zarf-schema-check.yml +++ b/.github/workflows/zarf-schema-check.yml @@ -5,11 +5,16 @@ on: - "src/types/**" - "zarf.schema.json" +# Abort prior jobs in the same workflow / PR +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: validate: runs-on: ubuntu-latest steps: - - name: "Install GoLang" + - name: "Dependency: Install Golang" uses: actions/setup-go@v3 with: go-version: 1.18.x @@ -28,10 +33,10 @@ jobs: ${{ runner.os }}-go- - name: "Backup Repo Schema Version" - run: 'cp zarf.schema.json zarf.schema.json.bak' + run: "cp zarf.schema.json zarf.schema.json.bak" - name: "Regenerate Schema" - run: 'go run main.go internal config-schema > zarf.schema.json' + run: "go run main.go internal config-schema > zarf.schema.json" - name: "Compare Schemas" - run: 'cmp -s zarf.schema.json zarf.schema.json.bak' + run: "cmp -s zarf.schema.json zarf.schema.json.bak" diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 81e3006165..ca1aa74496 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -19,10 +19,6 @@ builds: goarch: - amd64 - arm64 - ignore: - - goos: linux - goarch: arm64 - # Save the built artifacts as binaries (instead of wrapping them in a tarball) archives: diff --git a/Makefile b/Makefile index b3214dcfd9..5c0cb48028 100644 --- a/Makefile +++ b/Makefile @@ -46,24 +46,27 @@ destroy: $(ZARF_BIN) destroy --confirm --remove-components rm -fr build -build-cli-linux-amd: build-injector-registry +build-cli-linux-amd: build-injector-registry-amd CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="$(BUILD_ARGS)" -o build/zarf main.go -build-cli-linux-arm: build-injector-registry +build-cli-linux-arm: build-injector-registry-arm CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="$(BUILD_ARGS)" -o build/zarf-arm main.go -build-cli-mac-intel: build-injector-registry +build-cli-mac-intel: build-injector-registry-amd GOOS=darwin GOARCH=amd64 go build -ldflags="$(BUILD_ARGS)" -o build/zarf-mac-intel main.go -build-cli-mac-apple: build-injector-registry +build-cli-mac-apple: build-injector-registry-arm GOOS=darwin GOARCH=arm64 go build -ldflags="$(BUILD_ARGS)" -o build/zarf-mac-apple main.go build-cli-linux: build-cli-linux-amd build-cli-linux-arm build-cli: build-cli-linux-amd build-cli-linux-arm build-cli-mac-intel build-cli-mac-apple ## Build the CLI -build-injector-registry: - cd src/injector/stage2 && $(MAKE) build-bootstrap-registry +build-injector-registry-amd: + CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o build/zarf-registry-amd64 src/injector/stage2/registry.go + +build-injector-registry-arm: + CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="-s -w" -o build/zarf-registry-arm64 src/injector/stage2/registry.go docs-and-schema: go run main.go internal generate-cli-docs diff --git a/docs/3-getting-started.md b/docs/3-getting-started.md index b467ee7d5d..b16076583b 100644 --- a/docs/3-getting-started.md +++ b/docs/3-getting-started.md @@ -43,7 +43,6 @@ The `make build-cli` command builds a binary for each combinations of OS and arc - `make build-cli-mac-apple` - `make build-cli-linux-amd` - `make build-cli-linux-arm` -- `make build-injector-registry` You can learn more about building [here](./4-user-guide/1-the-zarf-cli/1-building-your-own-cli.md). ::: diff --git a/docs/4-user-guide/1-the-zarf-cli/1-building-your-own-cli.md b/docs/4-user-guide/1-the-zarf-cli/1-building-your-own-cli.md index 0a8b269a7c..bcf456edaa 100644 --- a/docs/4-user-guide/1-the-zarf-cli/1-building-your-own-cli.md +++ b/docs/4-user-guide/1-the-zarf-cli/1-building-your-own-cli.md @@ -35,7 +35,6 @@ The `make build-cli` command builds a binary for each combinations of OS and arc - `make build-cli-mac-apple` - `make build-cli-linux-amd` - `make build-cli-linux-arm` -- `make build-injector-registry` ::: #### Breaking Down Whats Happening diff --git a/packages/zarf-injector/zarf.yaml b/packages/zarf-injector/zarf.yaml index 99c8907f6a..01c764deaa 100644 --- a/packages/zarf-injector/zarf.yaml +++ b/packages/zarf-injector/zarf.yaml @@ -6,13 +6,32 @@ metadata: components: - name: zarf-injector required: true + only: + cluster: + architecture: amd64 cosignKeyPath: ../../cosign.pub files: # Rust Injector Binary - - source: sget://defenseunicorns/zarf-injector:0.4.3 + - source: sget://defenseunicorns/zarf-injector:amd64-v0.20.0-31-g4e902fc target: "###ZARF_TEMP###/zarf-injector" executable: true # Go Registry Binary - - source: ../../build/zarf-registry + - source: ../../build/zarf-registry-amd64 + target: "###ZARF_TEMP###/zarf-registry" + executable: true + + - name: zarf-injector + required: true + only: + cluster: + architecture: arm64 + cosignKeyPath: ../../cosign.pub + files: + # Rust Injector Binary + - source: sget://defenseunicorns/zarf-injector:arm64-v0.20.0-31-g4e902fc + target: "###ZARF_TEMP###/zarf-injector" + executable: true + # Go Registry Binary + - source: ../../build/zarf-registry-arm64 target: "###ZARF_TEMP###/zarf-registry" executable: true diff --git a/src/injector/stage1/.cargo/config b/src/injector/stage1/.cargo/config new file mode 100644 index 0000000000..c00f890655 --- /dev/null +++ b/src/injector/stage1/.cargo/config @@ -0,0 +1,8 @@ +# Due to an issue with linking when cross-compiling, specify the +# linker and archiver for cross-compiled targets. +# +# More information: https://github.com/rust-lang/cargo/issues/4133 + +[target.aarch64-unknown-linux-musl] +linker = "aarch64-linux-musl-ld" +ar = "aarch64-linux-musl-ar" \ No newline at end of file