From 6eb78fbd53215b4e2e864de6d8c85007ed765ccf Mon Sep 17 00:00:00 2001 From: Manuel Mendez <708570+mmlb@users.noreply.github.com> Date: Thu, 2 Apr 2020 10:35:03 -0400 Subject: [PATCH 1/6] Update push settings PRs should go to tink-pr using PULL_REQUEST instead of BRANCH because most PRs will (hopefully ;) ) come in from forks. --- .drone.yml | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/.drone.yml b/.drone.yml index 4d58d642e..c1ac48051 100644 --- a/.drone.yml +++ b/.drone.yml @@ -17,22 +17,37 @@ pipeline: commands: - CGO_ENABLED=0 go build - publish: + publish_pr: group: publish image: plugins/docker registry: quay.io repo: quay.io/tinkerbell/tink-pr tags: - - ${DRONE_BRANCH/\//-} - - ${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA} + - ${DRONE_PULL_REQUEST} + - ${DRONE_PULL_REQUEST}-${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA} when: - event: [push] + event: pull_request secrets: - - source: public_docker_username - target: docker_username - source: public_docker_password target: docker_password + - source: public_docker_username + target: docker_username + publish_master: + group: publish + image: plugins/docker + registry: quay.io + repo: quay.io/tinkerbell/tink + tags: + - latest + - ${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA} + when: + branch: master + event: push + secrets: + - docker_password + - docker_username + publish_tag: group: publish image: plugins/docker @@ -40,5 +55,7 @@ pipeline: repo: quay.io/tinkerbell/tink tags: ${DRONE_TAG} when: - event: [tag] - secrets: [docker_username, docker_password] + event: tag + secrets: + - docker_password + - docker_username From 037b65c840bfb3482722e90ce20275182cb0ed65 Mon Sep 17 00:00:00 2001 From: Manuel Mendez Date: Thu, 2 Apr 2020 11:06:45 -0400 Subject: [PATCH 2/6] Push cli/server/worker images to respective image repos --- .drone.yml | 123 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 84 insertions(+), 39 deletions(-) diff --git a/.drone.yml b/.drone.yml index c1ac48051..69fa842a9 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,5 +1,38 @@ --- +publish_pr_tmpl: &publish_pr_tmpl + group: publish + image: plugins/docker + registry: quay.io + tags: + - ${DRONE_PULL_REQUEST} + - ${DRONE_PULL_REQUEST}-${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA} + when: + event: pull_request + secrets: + - source: public_docker_password + target: docker_password + - source: public_docker_username + target: docker_username + +publish_master_tmpl: &publish_master_tmpl + <<: *publish_pr_tmpl + tags: + - latest + - ${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA} + when: + branch: master + event: push + secrets: + - docker_password + - docker_username + +publish_tag_tmpl: &publish_tag_tmpl + <<: *publish_master_tmpl + tags: ${DRONE_TAG} + when: + event: tag + workspace: base: /go path: src/github.com/tinkerbell/tink @@ -17,45 +50,57 @@ pipeline: commands: - CGO_ENABLED=0 go build - publish_pr: - group: publish - image: plugins/docker - registry: quay.io + publish_pr_tink-cli: + <<: *publish_pr_tmpl + context: cli/tink + dockerfile: cli/tink/Dockerfile + repo: quay.io/tinkerbell/tink-cli-pr + + publish_pr_tink-server: + <<: *publish_pr_tmpl + repo: quay.io/tinkerbell/tink-pr + context: . + dockerfile: Dockerfile repo: quay.io/tinkerbell/tink-pr - tags: - - ${DRONE_PULL_REQUEST} - - ${DRONE_PULL_REQUEST}-${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA} - when: - event: pull_request - secrets: - - source: public_docker_password - target: docker_password - - source: public_docker_username - target: docker_username - - publish_master: - group: publish - image: plugins/docker - registry: quay.io + + publish_pr_tink-worker: + <<: *publish_pr_tmpl + context: worker + dockerfile: worker/Dockerfile + repo: quay.io/tinkerbell/tink-worker-pr + + publish_master_tink-cli: + <<: *publish_master_tmpl + context: cli/tink + dockerfile: cli/tink/Dockerfile + repo: quay.io/tinkerbell/tink-cli + + publish_master_tink-server: + <<: *publish_master_tmpl + context: . + dockerfile: Dockerfile repo: quay.io/tinkerbell/tink - tags: - - latest - - ${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA} - when: - branch: master - event: push - secrets: - - docker_password - - docker_username - - publish_tag: - group: publish - image: plugins/docker - registry: quay.io + + publish_master_tink-worker: + <<: *publish_master_tmpl + context: worker + dockerfile: worker/Dockerfile + repo: quay.io/tinkerbell/tink-worker + + publish_tag_tink-cli: + <<: *publish_tag_tmpl + context: cli/tink + dockerfile: cli/tink/Dockerfile + repo: quay.io/tinkerbell/tink-cli + + publish_tag_tink-server: + <<: *publish_tag_tmpl + context: . + dockerfile: Dockerfile repo: quay.io/tinkerbell/tink - tags: ${DRONE_TAG} - when: - event: tag - secrets: - - docker_password - - docker_username + + publish_tag_tink-worker: + <<: *publish_tag_tmpl + context: worker + dockerfile: worker/Dockerfile + repo: quay.io/tinkerbell/tink-worker From fc02ab306e5f1484ea9e18daadc806e9e1e257af Mon Sep 17 00:00:00 2001 From: Manuel Mendez Date: Thu, 2 Apr 2020 11:11:31 -0400 Subject: [PATCH 3/6] CI: build with make instead of just go build So we build all the binaries. --- .drone.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 69fa842a9..b90d859a0 100644 --- a/.drone.yml +++ b/.drone.yml @@ -48,7 +48,8 @@ pipeline: group: ci image: golang:1.13-alpine commands: - - CGO_ENABLED=0 go build + - apk add --update make + - make publish_pr_tink-cli: <<: *publish_pr_tmpl From 8cdecbf961301e64cbe81262b3753fb001e8dcba Mon Sep 17 00:00:00 2001 From: Manuel Mendez Date: Thu, 2 Apr 2020 11:37:39 -0400 Subject: [PATCH 4/6] Do not build tink-server in the Dockerfile We build outside of the Dockerfile in CI. --- Dockerfile | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 044cd02fc..6dbe6910f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,18 +1,13 @@ -FROM golang:1.13-alpine +FROM alpine EXPOSE 42113 EXPOSE 42114 -WORKDIR /go/src/app - -COPY . . - -RUN apk update && \ - apk add ca-certificates postgresql-client && \ - apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing cfssl && \ - go build -o /go/bin/tink-server . +RUN apk add --update ca-certificates && \ + apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing cfssl COPY deploy/migrate /migrate COPY deploy/docker-entrypoint-initdb.d/tinkerbell-init.sql /init.sql +COPY tink-server /bin/ ENTRYPOINT ["tink-server"] From 2815062713aa2e53a2f77bf9b9f9b04635383fd7 Mon Sep 17 00:00:00 2001 From: Manuel Mendez Date: Thu, 2 Apr 2020 11:44:23 -0400 Subject: [PATCH 5/6] Unify alpine versions --- .drone.yml | 4 ++-- Dockerfile | 2 +- cli/tink/Dockerfile | 2 +- tls/Dockerfile | 2 +- worker/Dockerfile | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.drone.yml b/.drone.yml index b90d859a0..b798539a5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -40,13 +40,13 @@ workspace: pipeline: test: group: ci - image: golang:1.13-alpine + image: golang:1.13-alpine3.11 commands: - CGO_ENABLED=0 go test -v ./... build: group: ci - image: golang:1.13-alpine + image: golang:1.13-alpine3.11 commands: - apk add --update make - make diff --git a/Dockerfile b/Dockerfile index 6dbe6910f..1c1665999 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine +FROM alpine:3.11 EXPOSE 42113 EXPOSE 42114 diff --git a/cli/tink/Dockerfile b/cli/tink/Dockerfile index 2d03b37e6..98a84549e 100644 --- a/cli/tink/Dockerfile +++ b/cli/tink/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.7 +FROM alpine:3.11 CMD sleep 60d diff --git a/tls/Dockerfile b/tls/Dockerfile index 277aa3d09..34d224bbf 100644 --- a/tls/Dockerfile +++ b/tls/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.7 +FROM alpine:3.11 ENTRYPOINT [ "/entrypoint.sh" ] COPY . . RUN apk add --no-cache --update --upgrade ca-certificates postgresql-client diff --git a/worker/Dockerfile b/worker/Dockerfile index e6da2f0ba..5c265609a 100644 --- a/worker/Dockerfile +++ b/worker/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.10 +FROM alpine:3.11 RUN apk add --no-cache --update --upgrade ca-certificates COPY tink-worker /tink-worker From 414b3eaf97377132dabc75ad24201b18aa72eec2 Mon Sep 17 00:00:00 2001 From: Manuel Mendez Date: Thu, 2 Apr 2020 11:44:47 -0400 Subject: [PATCH 6/6] Tweak Dockerfiles for better cache use --- Dockerfile | 3 +-- cli/tink/Dockerfile | 3 ++- tls/Dockerfile | 3 ++- worker/Dockerfile | 4 +++- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1c1665999..bbb378a28 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,6 @@ FROM alpine:3.11 +ENTRYPOINT ["tink-server"] EXPOSE 42113 EXPOSE 42114 @@ -9,5 +10,3 @@ RUN apk add --update ca-certificates && \ COPY deploy/migrate /migrate COPY deploy/docker-entrypoint-initdb.d/tinkerbell-init.sql /init.sql COPY tink-server /bin/ - -ENTRYPOINT ["tink-server"] diff --git a/cli/tink/Dockerfile b/cli/tink/Dockerfile index 98a84549e..bf6c38ed8 100644 --- a/cli/tink/Dockerfile +++ b/cli/tink/Dockerfile @@ -1,7 +1,8 @@ FROM alpine:3.11 -CMD sleep 60d +CMD sleep infinity RUN apk add --no-cache --update --upgrade ca-certificates + COPY tink-cli /bin/tink COPY sample.tmpl /tmp diff --git a/tls/Dockerfile b/tls/Dockerfile index 34d224bbf..3162c8a98 100644 --- a/tls/Dockerfile +++ b/tls/Dockerfile @@ -1,6 +1,7 @@ FROM alpine:3.11 ENTRYPOINT [ "/entrypoint.sh" ] -COPY . . + RUN apk add --no-cache --update --upgrade ca-certificates postgresql-client RUN apk add --no-cache --update --upgrade --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing cfssl +COPY . . diff --git a/worker/Dockerfile b/worker/Dockerfile index 5c265609a..e264c2c8f 100644 --- a/worker/Dockerfile +++ b/worker/Dockerfile @@ -1,5 +1,7 @@ FROM alpine:3.11 +ENTRYPOINT [ "/tink-worker" ] + RUN apk add --no-cache --update --upgrade ca-certificates + COPY tink-worker /tink-worker -ENTRYPOINT [ "/tink-worker" ]