ci/cd: Fix arm builds, use distroless final image

Signed-off-by: Petu Eusebiu <[email protected]>
eusebiu-constantin-petu-dbk · May 30, 2022 · dd4e312 · dd4e312
1 parent 62775cc
commit dd4e312
Show file tree

Hide file tree

Showing 5 changed files with 110 additions and 57 deletions.
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
@@ -129,15 +129,31 @@ jobs:
       - name: Run zot container image with docker
         run: |
           if [[ $OS == "linux" && $ARCH == "amd64" ]]; then
-            docker run -d ghcr.io/${{ github.repository_owner }}/zot-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}
+            docker run -d -p 5000:5000 ghcr.io/${{ github.repository_owner }}/zot-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}
+            sleep 2
+            curl --connect-timeout 5 \
+              --max-time 10 \
+              --retry 12 \
+              --retry-max-time 360 \
+              --retry-connrefused \
+              'http://localhost:5000/v2/'
+            docker kill $(docker ps -q)
           fi
         env:
           OS: ${{ matrix.os }}
           ARCH: ${{ matrix.arch }}
       - name: Run zot container image with podman
         run: |
           if [[ $OS == "linux" && $ARCH == "amd64" ]]; then
-            podman run -d ghcr.io/${{ github.repository_owner }}/zot-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}
+            podman run -d -p 5000:5000 ghcr.io/${{ github.repository_owner }}/zot-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}
+            sleep 2
+            curl --connect-timeout 5 \
+              --max-time 10 \
+              --retry 12 \
+              --retry-max-time 360 \
+              --retry-connrefused \
+              'http://localhost:5000/v2/'
+            podman kill --all
           fi
         env:
           OS: ${{ matrix.os }}
@@ -159,15 +175,31 @@ jobs:
       - name: Run zot-minimal container image with docker
         run: |
           if [[ $OS == "linux" && $ARCH == "amd64" ]]; then
-            docker run -d ghcr.io/${{ github.repository_owner }}/zot-minimal-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}
+            docker run -d -p 5000:5000 ghcr.io/${{ github.repository_owner }}/zot-minimal-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}
+            sleep 2
+            curl --connect-timeout 5 \
+              --max-time 10 \
+              --retry 12 \
+              --retry-max-time 360 \
+              --retry-connrefused \
+              'http://localhost:5000/v2/'
+            docker kill $(docker ps -q)
           fi
         env:
           OS: ${{ matrix.os }}
           ARCH: ${{ matrix.arch }}
       - name: Run zot-minimal container image with podman
         run: |
           if [[ $OS == "linux" && $ARCH == "amd64" ]]; then
-            podman run -d ghcr.io/${{ github.repository_owner }}/zot-minimal-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}
+            podman run -d -p 5000:5000 ghcr.io/${{ github.repository_owner }}/zot-minimal-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}
+            sleep 2
+            curl --connect-timeout 5 \
+              --max-time 10 \
+              --retry 12 \
+              --retry-max-time 360 \
+              --retry-connrefused \
+              'http://localhost:5000/v2/'
+            podman kill --all
           fi
         env:
           OS: ${{ matrix.os }}
@@ -188,15 +220,31 @@ jobs:
       - name: Run zot-exporter container image with docker
         run: |
           if [[ $OS == "linux" && $ARCH == "amd64" ]]; then
-            docker run -d ghcr.io/${{ github.repository_owner }}/zxp-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}
+            docker run -d -p 5001:5001 ghcr.io/${{ github.repository_owner }}/zxp-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}
+            sleep 2
+            curl --connect-timeout 5 \
+              --max-time 10 \
+              --retry 12 \
+              --retry-max-time 360 \
+              --retry-connrefused \
+              'http://localhost:5001/metrics'
+            docker kill $(docker ps -q)
           fi
         env:
           OS: ${{ matrix.os }}
           ARCH: ${{ matrix.arch }}
       - name: Run zot-exporter container image with podman
         run: |
           if [[ $OS == "linux" && $ARCH == "amd64" ]]; then
-            podman run -d ghcr.io/${{ github.repository_owner }}/zxp-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}
+            podman run -d -p 5001:5001 ghcr.io/${{ github.repository_owner }}/zxp-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}
+            sleep 2
+            curl --connect-timeout 5 \
+              --max-time 10 \
+              --retry 12 \
+              --retry-max-time 360 \
+              --retry-connrefused \
+              'http://localhost:5001/metrics'
+            podman kill --all
           fi
         env:
           OS: ${{ matrix.os }}
@@ -217,15 +265,15 @@ jobs:
       - name: Run zb container image with docker
         run: |
           if [[ $OS == "linux" && $ARCH == "amd64" ]]; then
-            docker run -d ghcr.io/${{ github.repository_owner }}/zb-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}
+            docker run ghcr.io/${{ github.repository_owner }}/zb-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} --help
           fi
         env:
           OS: ${{ matrix.os }}
           ARCH: ${{ matrix.arch }}
       - name: Run zb container image with podman
         run: |
           if [[ $OS == "linux" && $ARCH == "amd64" ]]; then
-            podman run -d ghcr.io/${{ github.repository_owner }}/zb-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}
+            podman run ghcr.io/${{ github.repository_owner }}/zb-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} --help
           fi
         env:
           OS: ${{ matrix.os }}

diff --git a/stacker-conformance.yaml b/stacker-conformance.yaml
@@ -14,7 +14,7 @@ build:
     cd /go/src/github.com/project-zot
     git clone /zotcopy zot
     cd /go/src/github.com/project-zot/zot
-    make COMMIT=${{COMMIT}} OS=${{OS}} ARCH=${{ARCH}} binary
+    make COMMIT=${{COMMIT}} clean binary
     cat > config.json << EOF
     {
       "storage":{
@@ -33,25 +33,28 @@ build:
     EOF
 
     cat config.json
+
+    mkdir -p /zotcopy/build/binary
+    mkdir -p /zotcopy/build/cert
+    mkdir -p /zotcopy/build/config
+    cp /go/src/github.com/project-zot/zot/bin/zot-linux-amd64 /zotcopy/build/binary
+    cp /go/src/github.com/project-zot/zot/config.json /zotcopy/build/config
+    cp /etc/ssl/certs/ca-certificates.crt /zotcopy/build/cert
   build_only: true
 
 "${{REPO_NAME:zot}}":
   from:
     type: docker
-    url: docker://alpine:3
-  import:
-    - stacker://build/go/src/github.com/project-zot/zot/bin/zot-${{OS}}-${{ARCH}}
-    - stacker://build/go/src/github.com/project-zot/zot/config.json
-    - stacker://build/etc/ssl/certs/ca-certificates.crt
-  run: |
-    cp /stacker/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
-    cp /stacker/zot-${{OS}}-${{ARCH}} /usr/bin/zot
-    mkdir -p /etc/zot
-    cp /stacker/config.json /etc/zot/config.json
-    # pie mode binaries need a runtime
-    apk add --no-cache libc6-compat
+    url: docker://gcr.io/distroless/base
+  overlay_dirs:
+    - source: ./build/binary
+      dest: /usr/local/bin
+    - source: ./build/cert
+      dest: /etc/ssl/certs
+    - source: ./build/config
+      dest: /etc/zot
   entrypoint:
-    - /usr/bin/zot
+    - /usr/bin/zot-linux-amd64
   volumes:
     - /var/lib/registry
   cmd:

diff --git a/stacker-zb.yaml b/stacker-zb.yaml
@@ -14,17 +14,17 @@ build:
     git clone /zotcopy zot
     cd /go/src/github.com/project-zot/zot
     make COMMIT=${{COMMIT}} OS=${{OS}} ARCH=${{ARCH}} clean bench
+
+    mkdir -p /zotcopy/build/binary
+    cp /go/src/github.com/project-zot/zot/bin/zb-${{OS}}-${{ARCH}} /zotcopy/build/binary
   build_only: true
 
 "${{REPO_NAME:zb}}":
   from:
     type: docker
-    url: docker://alpine:3
-  import:
-    - stacker://build/go/src/github.com/project-zot/zot/bin/zb-${{OS}}-${{ARCH}}
-  run: |
-    cp /stacker/zb-${{OS}}-${{ARCH}} /usr/bin/zb
-    # pie mode binaries need a runtime
-    apk add --no-cache libc6-compat
+    url: docker://gcr.io/distroless/base
+  overlay_dirs:
+    - source: ./build/binary
+      dest: /usr/local/bin
   entrypoint:
-    - /usr/bin/zb
+    - /usr/local/bin/zb-${{OS}}-${{ARCH}}
diff --git a/stacker-zxp.yaml b/stacker-zxp.yaml
@@ -32,23 +32,24 @@ build:
     EOF
 
     cat config.json
+
+    mkdir -p /zotcopy/build/binary
+    mkdir -p /zotcopy/build/config
+    cp /go/src/github.com/project-zot/zot/bin/zxp-${{OS}}-${{ARCH}} /zotcopy/build/binary
+    cp /go/src/github.com/project-zot/zot/config.json /zotcopy/build/config
   build_only: true
 
 "${{REPO_NAME:zxp}}":
   from:
     type: docker
-    url: docker://alpine:3
-  import:
-    - stacker://build/go/src/github.com/project-zot/zot/bin/zxp-${{OS}}-${{ARCH}}
-    - stacker://build/go/src/github.com/project-zot/zot/config.json
-  run: |
-    cp /stacker/zxp-${{OS}}-${{ARCH}} /usr/bin/zxp
-    mkdir -p /etc/zxp
-    cp /stacker/config.json /etc/zxp/config.json
-    # pie mode binaries need a runtime
-    apk add --no-cache libc6-compat
+    url: docker://gcr.io/distroless/base
+  overlay_dirs:
+    - source: ./build/binary
+      dest: /usr/local/bin
+    - source: ./build/config
+      dest: /etc/zxp
   entrypoint:
-    - /usr/bin/zxp
+    - /usr/local/bin/zxp-${{OS}}-${{ARCH}}
   cmd:
     - config
     - /etc/zxp/config.json
diff --git a/stacker.yaml b/stacker.yaml
@@ -5,7 +5,7 @@ build:
   binds:
     - . -> /zotcopy
   run: |
-    export GO111MODULE=on 
+    export GO111MODULE=on
     export GOPATH='/go'
     export HOME='/root'
     export PATH='/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
@@ -14,7 +14,7 @@ build:
     cd /go/src/github.com/project-zot
     git clone /zotcopy zot
     cd /go/src/github.com/project-zot/zot
-    make COMMIT=${{COMMIT}} OS=${{OS}} ARCH=${{ARCH}} binary${{EXT:}}
+    make COMMIT=${{COMMIT}} OS=${{OS}} ARCH=${{ARCH}} clean binary${{EXT:}}
     cat > config.json << EOF
     {
       "storage":{
@@ -31,28 +31,29 @@ build:
     EOF
 
     cat config.json
+    mkdir -p /zotcopy/build/binary
+    mkdir -p /zotcopy/build/cert
+    mkdir -p /zotcopy/build/config
+    cp /go/src/github.com/project-zot/zot/bin/zot-${{OS}}-${{ARCH}}${{EXT:}} /zotcopy/build/binary
+    cp /go/src/github.com/project-zot/zot/config.json /zotcopy/build/config
+    cp /etc/ssl/certs/ca-certificates.crt /zotcopy/build/cert
   build_only: true
 
 "${{REPO_NAME:zot}}":
   from:
     type: docker
-    url: docker://alpine:3
-  import:
-    - stacker://build/go/src/github.com/project-zot/zot/bin/zot-${{OS}}-${{ARCH}}${{EXT:}}
-    - stacker://build/go/src/github.com/project-zot/zot/config.json
-    - stacker://build/etc/ssl/certs/ca-certificates.crt
-  run: |
-    cp /stacker/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
-    cp /stacker/zot-${{OS}}-${{ARCH}}${{EXT:}} /usr/bin/zot
-    mkdir -p /etc/zot
-    cp /stacker/config.json /etc/zot/config.json
-    # pie mode binaries need a runtime
-    apk add --no-cache libc6-compat
+    url: docker://gcr.io/distroless/base
+  overlay_dirs:
+    - source: ./build/binary
+      dest: /usr/local/bin
+    - source: ./build/cert
+      dest: /etc/ssl/certs
+    - source: ./build/config
+      dest: /etc/zot
   entrypoint:
-    - /usr/bin/zot
+    - /usr/local/bin/zot-${{OS}}-${{ARCH}}${{EXT:}}
   volumes:
     - /var/lib/registry
   cmd:
     - serve
     - /etc/zot/config.json
-