forked from GoogleContainerTools/kpt-config-sync
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMakefile.build
259 lines (215 loc) · 10.3 KB
/
Makefile.build
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
# Included by Makefile.
# Rules related to building nomos and docker images.
###################################
# Build environment
###################################
# Pulls the cached buildenv docker image from GCR.
# Builds the image if it does not exist to enable testing with a new image
# version before publishing.
pull-buildenv:
@docker image inspect $(BUILDENV_IMAGE) &> /dev/null \
|| docker pull $(BUILDENV_IMAGE) || $(MAKE) build-buildenv
build-buildenv: build/buildenv/Dockerfile
@echo "+++ Creating the docker container for $(BUILDENV_IMAGE)"
@docker buildx build $(DOCKER_BUILD_QUIET) \
build/buildenv \
-t $(BUILDENV_IMAGE) \
$(DOCKER_BUILD_ARGS)
push-buildenv: build-buildenv
@gcloud $(GCLOUD_QUIET) auth configure-docker $(firstword $(subst /, ,$(BUILDENV_IMAGE)))
@docker push $(BUILDENV_IMAGE)
###################################
# Docker images
###################################
.PHONY: build
build: $(OUTPUT_DIR) pull-buildenv
@echo "+++ Build setup done"
# NOTE: this rule depends on OUTPUT_DIR because buildenv needs those dirs to
# exist in order to work.
PLATFORMS := linux_amd64 linux_arm64 darwin_amd64 darwin_arm64 windows_amd64
build-cli: pull-buildenv buildenv-dirs
@echo "+++ Compiling Nomos binaries for $(PLATFORMS)"
@echo "+++ Compiling with VERSION: $(VERSION)"
@mkdir -p $(addprefix $(OUTPUT_DIR)/go/bin/,$(PLATFORMS))
@docker run $(DOCKER_RUN_ARGS) ./scripts/build.sh \
--version $(VERSION) \
$(PLATFORMS)
.PHONY: copy-cli
copy-cli: buildenv-dirs
@cp $(OUTPUT_DIR)/go/bin/$(shell go env GOOS)_$(shell go env GOARCH)/nomos $(OUTPUT_DIR)/go/bin/nomos
@chmod 755 $(OUTPUT_DIR)/go/bin/nomos
# Targets for building individual images
BUILD_IMAGE_TARGETS := $(patsubst %,__build-image-%,$(IMAGES))
.PHONY: $(BUILD_IMAGE_TARGETS)
$(BUILD_IMAGE_TARGETS): "$(HELM)" "$(KUSTOMIZE)"
@echo "+++ Building the $(subst __build-image-,,$@) image: $(call gen_image_tag,$(subst __build-image-,,$@))"
@docker buildx build $(DOCKER_BUILD_QUIET) \
--target $(subst __build-image-,,$@) \
-t $(call gen_image_tag,$(subst __build-image-,,$@)) \
-f build/all/Dockerfile \
$(DOCKER_BUILD_ARGS) \
.
# Build Config Sync docker images
.PHONY: build-images
build-images: $(BUILD_IMAGE_TARGETS)
# Deprecated alias of build-images. Remove this once unused.
.PHONY: build-images-multirepo
build-images-multirepo: build-images
.PHONY: auth-docker
auth-docker:
@echo "+++ Using account:"
gcloud config get-value account
@gcloud $(GCLOUD_QUIET) auth configure-docker $(firstword $(subst /, ,$(REGISTRY)))
# Targets for pushing individual images
PUSH_IMAGE_TARGETS := $(patsubst %,__push-image-%,$(IMAGES))
.PHONY: $(PUSH_IMAGE_TARGETS)
$(PUSH_IMAGE_TARGETS): auth-docker
docker push $(call gen_image_tag,$(subst __push-image-,,$@))
# Pushes Config Sync docker images to REGISTRY.
.PHONY: push-images
push-images: $(PUSH_IMAGE_TARGETS)
# Deprecated alias of push-images. Remove this once unused.
.PHONY: push-images-multirepo
push-images-multirepo: push-images
# Targets for pulling individual images
PULL_IMAGE_TARGETS := $(patsubst %,__pull-image-%,$(IMAGES))
.PHONY: $(PULL_IMAGE_TARGETS)
$(PULL_IMAGE_TARGETS): auth-docker
docker pull $(call gen_image_tag,$(subst __pull-image-,,$@))
# Pulls all Config Sync images from REGISTRY
.PHONY: pull-images
pull-images: $(PULL_IMAGE_TARGETS)
# Deprecated alias of pull-images. Remove this once unused.
.PHONY: pull-images-multirepo
pull-images-multirepo: pull-images
# Targets for retagging individual images
RETAG_IMAGE_TARGETS := $(patsubst %,__retag-image-%,$(IMAGES))
.PHONY: $(RETAG_IMAGE_TARGETS)
$(RETAG_IMAGE_TARGETS):
docker tag $(OLD_REGISTRY)/$(subst __retag-image-,,$@):$(OLD_IMAGE_TAG) $(call gen_image_tag,$(subst __retag-image-,,$@))
# Retags previously built Config Sync images
.PHONY: retag-images
retag-images: $(RETAG_IMAGE_TARGETS)
# Deprecated alias of retag-images. Remove this once unused.
.PHONY: retag-images-multirepo
retag-images-multirepo: retag-images
###################################
# Config Sync manifest
###################################
# Build Config Sync manifests for ACM operator and OSS.
.PHONY: build-manifests
build-manifests: build-manifests-operator build-manifests-oss
# Build Config Sync manifests for OSS installations
.PHONY: build-manifests-oss
build-manifests-oss: "$(GOBIN)/addlicense" "$(KUSTOMIZE)" $(OUTPUT_DIR)
@ echo "+++ Generating manifests in $(OSS_MANIFEST_STAGING_DIR)"
@ echo " Using tags: $(REGISTRY)/*:$(IMAGE_TAG)"
@ rm -f $(OSS_MANIFEST_STAGING_DIR)/*
@ "$(KUSTOMIZE)" build --load-restrictor=LoadRestrictionsNone manifests/oss \
| sed \
-e "s|RECONCILER_IMAGE_NAME|$(call gen_image_tag,$(RECONCILER_IMAGE))|g" \
-e "s|OCI_SYNC_IMAGE_NAME|$(call gen_image_tag,$(OCI_SYNC_IMAGE))|g" \
-e "s|HELM_SYNC_IMAGE_NAME|$(call gen_image_tag,$(HELM_SYNC_IMAGE))|g" \
-e "s|HYDRATION_CONTROLLER_IMAGE_NAME|$(call gen_image_tag,$(HYDRATION_CONTROLLER_IMAGE))|g" \
-e "s|RECONCILER_MANAGER_IMAGE_NAME|$(call gen_image_tag,$(RECONCILER_MANAGER_IMAGE))|g" \
-e "s|ASKPASS_IMAGE_NAME|$(call gen_image_tag,$(ASKPASS_IMAGE))|g" \
-e "s|RESOURCE_GROUP_CONTROLLER_IMAGE_NAME|$(call gen_image_tag,$(RESOURCE_GROUP_IMAGE))|g" \
> $(OSS_MANIFEST_STAGING_DIR)/config-sync-manifest.yaml
@ "$(GOBIN)/addlicense" $(OSS_MANIFEST_STAGING_DIR)/config-sync-manifest.yaml
@ # Additional optional OSS manifests
@ cat "manifests/templates/admission-webhook.yaml" \
| sed -e "s|WEBHOOK_IMAGE_NAME|$(call gen_image_tag,$(ADMISSION_WEBHOOK_IMAGE))|g" \
> $(OSS_MANIFEST_STAGING_DIR)/admission-webhook.yaml
@ echo "+++ Manifests generated in $(OSS_MANIFEST_STAGING_DIR)"
# Build Config Sync manifests for ACM operator
.PHONY: build-manifests-operator
build-manifests-operator: "$(GOBIN)/addlicense" "$(KUSTOMIZE)" $(OUTPUT_DIR)
@ echo "+++ Generating manifests in $(NOMOS_MANIFEST_STAGING_DIR)"
@ echo " Using tags: $(REGISTRY)/*:$(IMAGE_TAG)"
@ rm -f $(NOMOS_MANIFEST_STAGING_DIR)/*
@ "$(KUSTOMIZE)" build --load-restrictor=LoadRestrictionsNone manifests/operator \
| sed \
-e "s|RECONCILER_IMAGE_NAME|$(call gen_image_tag,$(RECONCILER_IMAGE))|g" \
-e "s|OCI_SYNC_IMAGE_NAME|$(call gen_image_tag,$(OCI_SYNC_IMAGE))|g" \
-e "s|HELM_SYNC_IMAGE_NAME|$(call gen_image_tag,$(HELM_SYNC_IMAGE))|g" \
-e "s|HYDRATION_CONTROLLER_IMAGE_NAME|$(call gen_image_tag,$(HYDRATION_CONTROLLER_IMAGE))|g" \
-e "s|RECONCILER_MANAGER_IMAGE_NAME|$(call gen_image_tag,$(RECONCILER_MANAGER_IMAGE))|g" \
-e "s|WEBHOOK_IMAGE_NAME|$(call gen_image_tag,$(ADMISSION_WEBHOOK_IMAGE))|g" \
-e "s|ASKPASS_IMAGE_NAME|$(call gen_image_tag,$(ASKPASS_IMAGE))|g" \
-e "s|RESOURCE_GROUP_CONTROLLER_IMAGE_NAME|$(call gen_image_tag,$(RESOURCE_GROUP_IMAGE))|g" \
> $(NOMOS_MANIFEST_STAGING_DIR)/config-sync-manifest.yaml
@ "$(GOBIN)/addlicense" $(NOMOS_MANIFEST_STAGING_DIR)/config-sync-manifest.yaml
@ echo "+++ Manifests generated in $(NOMOS_MANIFEST_STAGING_DIR)"
# config-sync-manifest-no-push creates the config-sync-manifest.yaml and builds images without pushing
.PHONY: config-sync-manifest-no-push
config-sync-manifest-no-push: $(OUTPUT_DIR) build-images build-manifests
# config-sync-manifest creates config sync manifest and pushes its docker images
.PHONY: config-sync-manifest
config-sync-manifest: config-sync-manifest-no-push push-images
.PHONY: docker-registry
docker-registry: "$(KIND)"
@KIND_VERSION=$(KIND_VERSION) bash scripts/docker-registry.sh
# config-sync-manifest-local builds config sync for local testing in kind.
# starts local docker registry and pushes images to the local registry
.PHONY: config-sync-manifest-local
config-sync-manifest-local: REGISTRY := localhost:5000
config-sync-manifest-local: docker-registry config-sync-manifest
###################################
# E2E Git Server
###################################
# NOTE: when updating the git-server version, update
# e2e/nomostest/git-server.go to reflect the version change
GIT_SERVER_DOCKER := $(OUTPUT_DIR)/git-server-docker
GIT_SERVER_RELEASE := v1.0.0
GIT_SERVER_IMAGE := $(TEST_INFRA_REGISTRY)/git-server:$(GIT_SERVER_RELEASE)
# Creates docker image for the test git-server from github source
.PHONY: build-git-server
build-git-server:
@echo "+++ Building $(GIT_SERVER_IMAGE)"
@mkdir -p $(OUTPUT_DIR)
@rm -rf $(GIT_SERVER_DOCKER)
@git clone https://github.com/jkarlosb/git-server-docker.git $(GIT_SERVER_DOCKER)
@cd $(GIT_SERVER_DOCKER) && git checkout $(GIT_SERVER_RELEASE)
@docker buildx build $(DOCKER_BUILD_QUIET) \
$(GIT_SERVER_DOCKER) \
-t $(GIT_SERVER_IMAGE)
.PHONY: push-git-server
push-git-server:
@echo "+++ Pushing $(GIT_SERVER_IMAGE)"
@gcloud $(GCLOUD_QUIET) auth configure-docker $(firstword $(subst /, ,$(GIT_SERVER_IMAGE)))
@docker push $(GIT_SERVER_IMAGE)
# NOTE: when updating the git-server version, update
# e2e/nomostest/git-server.go to reflect the version change
E2E_TEST_IMAGE_HTTP_GIT_SERVER_TAG := v1.0.0-$(shell git rev-parse --short HEAD)
E2E_TEST_IMAGE_HTTP_GIT_SERVER := $(TEST_INFRA_REGISTRY)/http-git-server:$(E2E_TEST_IMAGE_HTTP_GIT_SERVER_TAG)
# Builds the container used by e2e tests to test git over HTTPS.
.PHONY: build-http-git-server
build-http-git-server:
@echo "+++ Building $(E2E_TEST_IMAGE_HTTP_GIT_SERVER)"
docker buildx build \
-t $(E2E_TEST_IMAGE_HTTP_GIT_SERVER) \
test/docker/http-git-server/
.PHONY: push-http-git-server
push-http-git-server:
@echo "+++ Pushing $(E2E_TEST_IMAGE_HTTP_GIT_SERVER)"
@gcloud $(GCLOUD_QUIET) auth configure-docker $(firstword $(subst /, ,$(E2E_TEST_IMAGE_HTTP_GIT_SERVER)))
@docker push $(E2E_TEST_IMAGE_HTTP_GIT_SERVER)
# Used by the vulnerability scanning periodic prow job.
VULNERABILITY_SCANNER_VERSION := v1.0.0-$(shell git rev-parse --short HEAD)
VULNERABILITY_SCANNER_IMAGE_TAG := $(TEST_INFRA_REGISTRY)/vulnerability-scanner:$(VULNERABILITY_SCANNER_VERSION)
.PHONY: build-vulnerability-scanner
build-vulnerability-scanner:
@echo "+++ Building $(VULNERABILITY_SCANNER_IMAGE_TAG)"
docker buildx build \
-t $(VULNERABILITY_SCANNER_IMAGE_TAG) \
$(DOCKER_BUILD_ARGS) \
build/prow/vulnerability-scanner/
# Push vulnerability-scanner image to registry. For now this is done manually.
.PHONY: push-vulnerability-scanner
push-vulnerability-scanner:
@echo "+++ Pushing $(VULNERABILITY_SCANNER_IMAGE_TAG)"
@gcloud $(GCLOUD_QUIET) auth configure-docker $(firstword $(subst /, ,$(VULNERABILITY_SCANNER_IMAGE_TAG)))
docker push $(VULNERABILITY_SCANNER_IMAGE_TAG)
.PHONY: deploy
deploy:
kubectl apply -f $(OSS_MANIFEST_STAGING_DIR)/config-sync-manifest.yaml