From 96b38abb02720d4ce610e56cff9549926730a92b Mon Sep 17 00:00:00 2001 From: Michael Vittrup Larsen Date: Thu, 4 Dec 2025 17:19:21 +0100 Subject: [PATCH 1/3] refactor built, lint and test targets --- .github/workflows/tests.yaml | 25 +- .gitignore | 5 - Makefile | 453 +++-------------------------------- Makefile.test | 24 +- build/build.sh | 57 ----- build/lint.sh | 37 --- build/test.sh | 26 -- 7 files changed, 56 insertions(+), 571 deletions(-) delete mode 100755 build/build.sh delete mode 100755 build/lint.sh delete mode 100755 build/test.sh diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index d5db42d..8bd28cf 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -3,25 +3,22 @@ name: Run tests on: pull_request: paths-ignore: - - 'README.md' - - 'scripts/**' - - 'docs/**' + - "README.md" + - "scripts/**" + - "docs/**" jobs: test: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Install devbox - uses: jetify-com/devbox-install-action@a0d2d53632934ae004f878c840055956d9f741b0 # v0.14.0 + - name: Install devbox + uses: jetify-com/devbox-install-action@a0d2d53632934ae004f878c840055956d9f741b0 # v0.14.0 - - name: build local binaries for test - run: devbox run -- make build lint test + - name: build local binaries for test + run: devbox run -- make build lint test - - name: code tests - run: make test GOFLAGS="-v" - - - name: e2e tests - run: devbox run -- make e2e-tests + - name: e2e tests + run: devbox run -- make e2e-tests diff --git a/.gitignore b/.gitignore index f4bf1e4..54b1d93 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,3 @@ *~ /bin /.go -/.push-* -/.container-* -/.dockerfile-* -/.licenses -/.buildx-initialized diff --git a/Makefile b/Makefile index b83ad5c..8d18986 100644 --- a/Makefile +++ b/Makefile @@ -1,36 +1,13 @@ -include Makefile.local include Makefile.test include Makefile.cosign -# Copyright 2016 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -DBG_MAKEFILE ?= -ifeq ($(DBG_MAKEFILE),1) - $(warning ***** starting Makefile for goal(s) "$(MAKECMDGOALS)") - $(warning ***** $(shell date)) -else - # If we're not debugging the Makefile, don't echo recipes. - MAKEFLAGS += -s -endif - -# The binaries to build (just the basenames) -BINS ?= apply-setters digester gatekeeper-set-enforcement-action helm-upgrader kubeconform remove-local-config-resources render-helm-chart set-annotations set-labels source-helm-chart package-compositor # template-kyaml +# The packages to build +GO_PACKAGES ?= cmd/apply-setters cmd/digester cmd/gatekeeper-set-enforcement-action cmd/helm-upgrader cmd/kubeconform cmd/remove-local-config-resources cmd/render-helm-chart cmd/set-annotations cmd/set-labels cmd/source-helm-chart cmd/package-compositor # cmd/template-kyaml # The platforms we support #ALL_PLATFORMS ?= linux/amd64 linux/arm linux/arm64 linux/ppc64le linux/s390x ALL_PLATFORMS ?= linux/amd64 linux/arm linux/arm64 -#ALL_PLATFORMS ?= linux/amd64 # The "FROM" part of the Dockerfile. This should be a manifest-list which # supports all of the platforms listed in ALL_PLATFORMS. @@ -38,6 +15,10 @@ BUILDER_IMAGE ?= alpine:3.20.3 BASE_IMAGE ?= alpine:3.20.3 BASE_IMAGE_DISTROLESS ?= gcr.io/distroless/static +CGO_ENABLED ?= 0 +BIN_DIR ?= bin +MAKEFLAGS += --no-print-directory + # For functions building on top of Helm HELM_VERSION=v3.16.1 @@ -49,409 +30,41 @@ VERSION ?= $(shell git describe --tags --always --dirty) # This version-strategy uses a manual value to set the version string #VERSION ?= 1.2.3 -# Set this to 1 to build a debugger-friendly binaries. -DBG ?= - -### -### These variables should not need tweaking. -### - -# We don't need make's built-in rules. -MAKEFLAGS += --no-builtin-rules -# Be pedantic about undefined variables. -MAKEFLAGS += --warn-undefined-variables -.SUFFIXES: - -# Used internally. Users should pass GOOS and/or GOARCH. -OS := $(if $(GOOS),$(GOOS),$(shell GOTOOLCHAIN=local go env GOOS)) -ARCH := $(if $(GOARCH),$(GOARCH),$(shell GOTOOLCHAIN=local go env GOARCH)) - -TAG := $(VERSION)__$(OS)_$(ARCH) - -GO_VERSION := 1.24 -BUILD_IMAGE := golang:$(GO_VERSION)-alpine - -BIN_EXTENSION := -ifeq ($(OS), windows) - BIN_EXTENSION := .exe -endif - -# It's necessary to set this because some environments don't link sh -> bash. SHELL := /usr/bin/env bash -o errexit -o pipefail -o nounset -# This is used in docker buildx commands -BUILDX_NAME := $(shell basename $$(pwd)) - -# Satisfy --warn-undefined-variables. -GOFLAGS ?= -HTTP_PROXY ?= -HTTPS_PROXY ?= - -# Because we store the module cache locally. -GOFLAGS := $(GOFLAGS) -modcacherw - -# If you want to build all binaries, see the 'all-build' rule. -# If you want to build all containers, see the 'all-container' rule. -# If you want to build AND push all containers, see the 'all-push' rule. -all: # @HELP builds binaries for one platform ($OS/$ARCH) -all: build - -# For the following OS/ARCH expansions, we transform OS/ARCH into OS_ARCH -# because make pattern rules don't match with embedded '/' characters. - -build-%: - $(MAKE) build \ - --no-print-directory \ - GOOS=$(firstword $(subst _, ,$*)) \ - GOARCH=$(lastword $(subst _, ,$*)) - -container-%: - $(MAKE) container \ - --no-print-directory \ - GOOS=$(firstword $(subst _, ,$*)) \ - GOARCH=$(lastword $(subst _, ,$*)) - -push-%: - $(MAKE) push \ - --no-print-directory \ - GOOS=$(firstword $(subst _, ,$*)) \ - GOARCH=$(lastword $(subst _, ,$*)) - -all-build: # @HELP builds binaries for all platforms -all-build: $(addprefix build-, $(subst /,_, $(ALL_PLATFORMS))) - -all-container: # @HELP builds containers for all platforms -all-container: $(addprefix container-, $(subst /,_, $(ALL_PLATFORMS))) - -all-push: # @HELP pushes containers for all platforms to the defined registry -all-push: $(addprefix push-, $(subst /,_, $(ALL_PLATFORMS))) - -# The following structure defeats Go's (intentional) behavior to always touch -# result files, even if they have not changed. This will still run `go` but -# will not trigger further work if nothing has actually changed. -OUTBINS = $(foreach bin,$(BINS),bin/$(OS)_$(ARCH)/$(bin)$(BIN_EXTENSION)) - -build: $(OUTBINS) - echo +## test: run all tests +.PHONY: test +test: + go test ./... -# Directories that we need created to build/test. -BUILD_DIRS := bin/$(OS)_$(ARCH) \ - bin/tools \ - .go/bin/$(OS)_$(ARCH) \ - .go/bin/$(OS)_$(ARCH)/$(OS)_$(ARCH) \ - .go/cache \ - .go/pkg - -# Each outbin target is just a facade for the respective stampfile target. -# This `eval` establishes the dependencies for each. -$(foreach outbin,$(OUTBINS),$(eval \ - $(outbin): .go/$(outbin).stamp \ -)) -# This is the target definition for all outbins. -$(OUTBINS): - true - -# Each stampfile target can reference an $(OUTBIN) variable. -$(foreach outbin,$(OUTBINS),$(eval $(strip \ - .go/$(outbin).stamp: OUTBIN = $(outbin) \ -))) -# This is the target definition for all stampfiles. -# This will build the binary under ./.go and update the real binary iff needed. -STAMPS = $(foreach outbin,$(OUTBINS),.go/$(outbin).stamp) -.PHONY: $(STAMPS) -$(STAMPS): go-build - echo -ne "binary: $(OUTBIN) " - if ! cmp -s .go/$(OUTBIN) $(OUTBIN); then \ - mv .go/$(OUTBIN) $(OUTBIN); \ - date >$@; \ - echo; \ - else \ - echo "(cached)"; \ - fi - -# This runs the actual `go build` which updates all binaries. -go-build: | $(BUILD_DIRS) - echo "# building for $(OS)/$(ARCH)" - docker run \ - -i \ - --rm \ - -u $$(id -u):$$(id -g) \ - -v $$(pwd):/src \ - -w /src \ - -v $$(pwd)/.go/bin/$(OS)_$(ARCH):/go/bin \ - -v $$(pwd)/.go/bin/$(OS)_$(ARCH):/go/bin/$(OS)_$(ARCH) \ - -v $$(pwd)/.go/cache:/.cache \ - --env GOCACHE="/.cache/gocache" \ - --env GOMODCACHE="/.cache/gomodcache" \ - --env ARCH="$(ARCH)" \ - --env OS="$(OS)" \ - --env VERSION="$(VERSION)" \ - --env DEBUG="$(DBG)" \ - --env GOFLAGS="$(GOFLAGS)" \ - --env HTTP_PROXY="$(HTTP_PROXY)" \ - --env HTTPS_PROXY="$(HTTPS_PROXY)" \ - $(BUILD_IMAGE) \ - ./build/build.sh ./... - -# Example: make shell CMD="-c 'date > datefile'" -shell: # @HELP launches a shell in the containerized build environment -shell: | $(BUILD_DIRS) - echo "# launching a shell in the containerized build environment" - docker run \ - -ti \ - --rm \ - -u $$(id -u):$$(id -g) \ - -v $$(pwd):/src \ - -w /src \ - -v $$(pwd)/.go/bin/$(OS)_$(ARCH):/go/bin \ - -v $$(pwd)/.go/bin/$(OS)_$(ARCH):/go/bin/$(OS)_$(ARCH) \ - -v $$(pwd)/.go/cache:/.cache \ - --env GOCACHE="/.cache/gocache" \ - --env GOMODCACHE="/.cache/gomodcache" \ - --env ARCH="$(ARCH)" \ - --env OS="$(OS)" \ - --env VERSION="$(VERSION)" \ - --env DEBUG="$(DBG)" \ - --env GOFLAGS="$(GOFLAGS)" \ - --env HTTP_PROXY="$(HTTP_PROXY)" \ - --env HTTPS_PROXY="$(HTTPS_PROXY)" \ - $(BUILD_IMAGE) \ - /bin/sh $(CMD) - -LICENSES = .licenses - -$(LICENSES): | $(BUILD_DIRS) - # Don't assume that `go` is available locally. - docker run \ - -i \ - --rm \ - -u $$(id -u):$$(id -g) \ - -v $$(pwd)/tools:/src \ - -w /src \ - -v $$(pwd)/bin/tools:/go/bin \ - -v $$(pwd)/.go/cache:/.cache \ - --env GOCACHE="/.cache/gocache" \ - --env GOMODCACHE="/.cache/gomodcache" \ - --env CGO_ENABLED=0 \ - --env HTTP_PROXY="$(HTTP_PROXY)" \ - --env HTTPS_PROXY="$(HTTPS_PROXY)" \ - $(BUILD_IMAGE) \ - go install github.com/google/go-licenses/v2 - # The tool runs in a container because it execs `go`, which doesn't - # play nicely with CI. The tool also wants its output dir to not - # exist, so we can't just volume mount $(LICENSES). - rm -rf $(LICENSES).tmp - mkdir $(LICENSES).tmp - docker run \ - -i \ - --rm \ - -u $$(id -u):$$(id -g) \ - -v $$(pwd)/$(LICENSES).tmp:/output \ - -v $$(pwd):/src \ - -w /src \ - -v $$(pwd)/bin/tools:/go/bin \ - -v $$(pwd)/.go/cache:/.cache \ - -v $$(pwd)/.go/pkg:/go/pkg \ - --env HTTP_PROXY="$(HTTP_PROXY)" \ - --env HTTPS_PROXY="$(HTTPS_PROXY)" \ - $(BUILD_IMAGE) \ - go-licenses save ./... --save_path=/output/licenses - rm -rf $(LICENSES) - mv $(LICENSES).tmp/licenses $(LICENSES) - rmdir $(LICENSES).tmp - find $(LICENSES) -type d | xargs chmod 0755 - find $(LICENSES) -type f | xargs chmod 0644 - -CONTAINER_DOTFILES = $(foreach bin,$(BINS),.container-$(subst /,_,$(REGISTRY)/$(bin))-$(TAG)) - -# We print the container names here, rather than in CONTAINER_DOTFILES so -# they are always at the end of the output. -container containers: # @HELP builds containers for one platform ($OS/$ARCH) -container containers: $(CONTAINER_DOTFILES) - for bin in $(BINS); do \ - echo "container: $(REGISTRY)/$$bin:$(TAG)"; \ - done - echo - -# Each container-dotfile target can reference a $(BIN) variable. -# This is done in 2 steps to enable target-specific variables. -$(foreach bin,$(BINS),$(eval $(strip \ - .container-$(subst /,_,$(REGISTRY)/$(bin))-$(TAG): BIN = $(bin) \ -))) -$(foreach bin,$(BINS),$(eval \ - .container-$(subst /,_,$(REGISTRY)/$(bin))-$(TAG): bin/$(OS)_$(ARCH)/$(bin)$(BIN_EXTENSION) $(LICENSES) Dockerfile.in \ -)) -# This is the target definition for all container-dotfiles. -# These are used to track build state in hidden files. -$(CONTAINER_DOTFILES): .buildx-initialized - echo - DOCKERFILE="Dockerfile.in"; \ - [[ -f "cmd/$(BIN)/Dockerfile.in" ]] && DOCKERFILE="cmd/$(BIN)/Dockerfile.in"; \ - sed \ - -e 's|{ARG_BIN}|$(BIN)$(BIN_EXTENSION)|g' \ - -e 's|{ARG_ARCH}|$(ARCH)|g' \ - -e 's|{ARG_OS}|$(OS)|g' \ - -e 's|{ARG_BUILDER_IMAGE}|$(BUILDER_IMAGE)|g' \ - -e 's|{ARG_FROM}|$(BASE_IMAGE)|g' \ - -e 's|{ARG_FROM_DISTROLESS}|$(BASE_IMAGE_DISTROLESS)|g' \ - -e 's|{ARG_HELM_VERSION}|$(HELM_VERSION)|g' \ - $$DOCKERFILE > .dockerfile-$(BIN)-$(OS)_$(ARCH) - HASH_LICENSES=$$(find $(LICENSES) -type f \ - | xargs md5sum | md5sum | cut -f1 -d' '); \ - HASH_BINARY=$$(md5sum bin/$(OS)_$(ARCH)/$(BIN)$(BIN_EXTENSION) \ - | cut -f1 -d' '); \ - FORCE=0; \ - docker buildx build \ - --builder "$(BUILDX_NAME)" \ - --build-arg FORCE_REBUILD="$$FORCE" \ - --build-arg HASH_LICENSES="$$HASH_LICENSES" \ - --build-arg HASH_BINARY="$$HASH_BINARY" \ - --progress=plain \ - --load \ - --platform "$(OS)/$(ARCH)" \ - --build-arg HTTP_PROXY="$(HTTP_PROXY)" \ - --build-arg HTTPS_PROXY="$(HTTPS_PROXY)" \ - -t $(REGISTRY)/$(BIN):$(TAG) \ - -f .dockerfile-$(BIN)-$(OS)_$(ARCH) \ - . - docker images -q $(REGISTRY)/$(BIN):$(TAG) > $@ - echo - -push: # @HELP pushes the container for one platform ($OS/$ARCH) to the defined registry -push: container - for bin in $(BINS); do \ - docker push $(REGISTRY)/$$bin:$(TAG); \ - done - echo - -# This depends on github.com/estesp/manifest-tool. -manifest-list: # @HELP builds a manifest list of containers for all platforms -manifest-list: all-push manifest-tool - for bin in $(BINS); do \ - platforms=$$(echo $(ALL_PLATFORMS) | sed 's/ /,/g'); \ - bin/tools/manifest-tool \ - push from-args \ - --platforms "$$platforms" \ - --template $(REGISTRY)/$$bin:$(VERSION)__OS_ARCH \ - --tags latest \ - --target $(REGISTRY)/$$bin:$(VERSION); \ - done - -manifest-tool: # @HELP builds manifest-tool -manifest-tool: - # Don't assume that `go` is available locally. - docker run \ - -i \ - --rm \ - -u $$(id -u):$$(id -g) \ - -v $$(pwd)/tools:/src \ - -w /src \ - -v $$(pwd)/bin/tools:/go/bin \ - -v $$(pwd)/.go/cache:/.cache \ - --env GOCACHE="/.cache/gocache" \ - --env GOMODCACHE="/.cache/gomodcache" \ - --env CGO_ENABLED=0 \ - --env HTTP_PROXY="$(HTTP_PROXY)" \ - --env HTTPS_PROXY="$(HTTPS_PROXY)" \ - $(BUILD_IMAGE) \ - go install github.com/estesp/manifest-tool/v2/cmd/manifest-tool - -version: # @HELP outputs the version string -version: - echo $(VERSION) - -test: # @HELP runs tests, as defined in ./build/test.sh -test: | $(BUILD_DIRS) - docker run \ - -i \ - --rm \ - -u $$(id -u):$$(id -g) \ - -v $$(pwd):/src \ - -w /src \ - -v $$(pwd)/.go/bin/$(OS)_$(ARCH):/go/bin \ - -v $$(pwd)/.go/bin/$(OS)_$(ARCH):/go/bin/$(OS)_$(ARCH) \ - -v $$(pwd)/.go/cache:/.cache \ - --env GOCACHE="/.cache/gocache" \ - --env GOMODCACHE="/.cache/gomodcache" \ - --env ARCH="$(ARCH)" \ - --env OS="$(OS)" \ - --env VERSION="$(VERSION)" \ - --env DEBUG="$(DBG)" \ - --env GOFLAGS="$(GOFLAGS)" \ - --env HTTP_PROXY="$(HTTP_PROXY)" \ - --env HTTPS_PROXY="$(HTTPS_PROXY)" \ - $(BUILD_IMAGE) \ - ./build/test.sh ./... - -# lint: # @HELP runs golangci-lint +## test: run golangci-lint +.PHONY: lint lint: golangci-lint run ./... -# lint: | $(BUILD_DIRS) -# docker run \ -# -i \ -# --rm \ -# -u $$(id -u):$$(id -g) \ -# -v $$(pwd):/src \ -# -w /src \ -# -v $$(pwd)/.go/bin/$(OS)_$(ARCH):/go/bin \ -# -v $$(pwd)/.go/bin/$(OS)_$(ARCH):/go/bin/$(OS)_$(ARCH) \ -# -v $$(pwd)/.go/cache:/.cache \ -# --env GOCACHE="/.cache/gocache" \ -# --env GOMODCACHE="/.cache/gomodcache" \ -# --env ARCH="$(ARCH)" \ -# --env OS="$(OS)" \ -# --env VERSION="$(VERSION)" \ -# --env DEBUG="$(DBG)" \ -# --env GOFLAGS="$(GOFLAGS)" \ -# --env HTTP_PROXY="$(HTTP_PROXY)" \ -# --env HTTPS_PROXY="$(HTTPS_PROXY)" \ -# $(BUILD_IMAGE) \ -# ./build/lint.sh ./... - -fmt: - goimports-reviser cmd/ pkg/ - -$(BUILD_DIRS): - mkdir -p $@ +$(BIN_DIR): + mkdir -p $(BIN_DIR) -clean: # @HELP removes built binaries and temporary files -clean: container-clean container-image-clean bin-clean - -container-clean: - rm -rf .container-* .dockerfile-* .push-* .buildx-initialized $(LICENSES) - -container-image-clean: # @HELP removes built container images -container-image-clean: - for bin in $(BINS); do \ - docker image ls $(REGISTRY)/$$bin -q | xargs docker image rm; \ +## Build all go packages +.PHONY: build +build: $(BIN_DIR) + for package in $(GO_PACKAGES); do \ + make build-package PACKAGE=$$package; \ done -bin-clean: - test -d .go && chmod -R u+w .go || true - rm -rf .go bin +.PHONY: build-package +build-package: + @echo "Building $(PACKAGE)" + @if [ -f "$(PACKAGE)/Makefile" ]; then \ + echo make -C $(PACKAGE) build; \ + else \ + CGO_ENABLED=$(CGO_ENABLED) \ + go build \ + -o $(BIN_DIR)/$(notdir $(PACKAGE)) \ + ./$(PACKAGE); \ + fi -help: # @HELP prints this message -help: - echo "VARIABLES:" - echo " BINS = $(BINS)" - echo " OS = $(OS)" - echo " ARCH = $(ARCH)" - echo " DBG = $(DBG)" - echo " GOFLAGS = $(GOFLAGS)" - echo " REGISTRY = $(REGISTRY)" - echo - echo "TARGETS:" - grep -E '^.*: *# *@HELP' $(MAKEFILE_LIST) \ - | awk ' \ - BEGIN {FS = ": *# *@HELP"}; \ - { printf " %-30s %s\n", $$1, $$2 }; \ - ' +.PHONY: clean +clean: + rm -rf $(BIN_DIR) -# Help set up multi-arch build tools. This assumes you have the tools -# installed. If you already have a buildx builder available, you don't need -# this. -.buildx-initialized: - docker buildx create --name "$(BUILDX_NAME)" --node "$(BUILDX_NAME)-0" >/dev/null - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes >/dev/null - date > $@ diff --git a/Makefile.test b/Makefile.test index 25ab27c..5f27f6a 100644 --- a/Makefile.test +++ b/Makefile.test @@ -31,18 +31,18 @@ SET_LABELS_IMAGE := ghcr.io/krm-functions/set-labels:$(CONTAINER_TAG) endif ifeq ($(FN_MODE),exec) -APPLY_SETTERS := --exec bin/linux_amd64/apply-setters -DIGESTER := --exec bin/linux_amd64/digester -GATEKEEPER_SET_ENFORCEMENT_ACTION := --exec bin/linux_amd64/gatekeeper-set-enforcement-action -HELM_RENDER := --exec bin/linux_amd64/render-helm-chart -HELM_SOURCE := --exec bin/linux_amd64/source-helm-chart -HELM_UPGRADER := --exec bin/linux_amd64/helm-upgrader -KUBECONFORM := --exec bin/linux_amd64/kubeconform -TEMPLATE_KYAML := --exec bin/linux_amd64/template-kyaml -PACKAGE_COMPOSITOR := --exec bin/linux_amd64/package-compositor -REMOVE_LOCAL_CONFIG_RESOURCES := --exec bin/linux_amd64/remove-local-config-resources -SET_ANNOTATIONS := --exec bin/linux_amd64/set-annotations -SET_LABELS := --exec bin/linux_amd64/set-labels +APPLY_SETTERS := --exec bin/apply-setters +DIGESTER := --exec bin/digester +GATEKEEPER_SET_ENFORCEMENT_ACTION := --exec bin/gatekeeper-set-enforcement-action +HELM_RENDER := --exec bin/render-helm-chart +HELM_SOURCE := --exec bin/source-helm-chart +HELM_UPGRADER := --exec bin/helm-upgrader +KUBECONFORM := --exec bin/kubeconform +TEMPLATE_KYAML := --exec bin/template-kyaml +PACKAGE_COMPOSITOR := --exec bin/package-compositor +REMOVE_LOCAL_CONFIG_RESOURCES := --exec bin/remove-local-config-resources +SET_ANNOTATIONS := --exec bin/set-annotations +SET_LABELS := --exec bin/set-labels else APPLY_SETTERS := --image $(APPLY_SETTERS_IMAGE) DIGESTER := --network --image $(DIGESTER_IMAGE) diff --git a/build/build.sh b/build/build.sh deleted file mode 100755 index 77369df..0000000 --- a/build/build.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/sh - -# Copyright 2016 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o errexit -set -o nounset -set -o pipefail - -if [ -z "${OS:-}" ]; then - echo "OS must be set" - exit 1 -fi -if [ -z "${ARCH:-}" ]; then - echo "ARCH must be set" - exit 1 -fi -if [ -z "${VERSION:-}" ]; then - echo "VERSION must be set" - exit 1 -fi - -export CGO_ENABLED=0 -export GOARCH="${ARCH}" -export GOOS="${OS}" -export GO111MODULE=on - -if [[ "${DEBUG:-}" == 1 ]]; then - # Debugging - disable optimizations and inlining - gogcflags="all=-N -l" - goasmflags="" - goldflags="" -else - # Not debugging - trim paths, disable symbols and DWARF. - goasmflags="all=-trimpath=$(pwd)" - gogcflags="all=-trimpath=$(pwd)" - goldflags="-s -w" -fi - -always_ldflags="-X $(go list -m)/pkg/version.Version=${VERSION}" -go install \ - -installsuffix "static" \ - -gcflags="${gogcflags}" \ - -asmflags="${goasmflags}" \ - -ldflags="${always_ldflags} ${goldflags}" \ - "$@" diff --git a/build/lint.sh b/build/lint.sh deleted file mode 100755 index 59bf12b..0000000 --- a/build/lint.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh - -# Copyright 2022 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o errexit -set -o nounset -set -o pipefail - -export CGO_ENABLED=0 -export GO111MODULE=on - -cd tools >/dev/null -go install github.com/golangci/golangci-lint/cmd/golangci-lint -cd - >/dev/null - -echo -n "Running golangci-lint: " -ERRS=$(golangci-lint run "$@" 2>&1 || true) -if [ -n "${ERRS}" ]; then - echo "FAIL" - echo "${ERRS}" - echo - exit 1 -fi -echo "PASS" -echo diff --git a/build/test.sh b/build/test.sh deleted file mode 100755 index 413cdbf..0000000 --- a/build/test.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh - -# Copyright 2016 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o errexit -set -o nounset -set -o pipefail - -export CGO_ENABLED=0 -export GO111MODULE=on - -echo "Running tests:" -go test -installsuffix "static" "$@" -echo From 609687013e03b8d45b0f2875e67f252cb0f5718c Mon Sep 17 00:00:00 2001 From: Michael Vittrup Larsen Date: Sun, 7 Dec 2025 17:40:43 +0100 Subject: [PATCH 2/3] add go flags, fix version --- Makefile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Makefile b/Makefile index 8d18986..1c191ea 100644 --- a/Makefile +++ b/Makefile @@ -16,6 +16,10 @@ BASE_IMAGE ?= alpine:3.20.3 BASE_IMAGE_DISTROLESS ?= gcr.io/distroless/static CGO_ENABLED ?= 0 +GCFLAGS ?= +LD_FLAGS += -s -w +LD_FLAGS += -X '$(shell go list -m)/pkg/version.Version=$(VERSION)' + BIN_DIR ?= bin MAKEFLAGS += --no-print-directory @@ -60,6 +64,8 @@ build-package: else \ CGO_ENABLED=$(CGO_ENABLED) \ go build \ + -ldflags '$(LD_FLAGS)' \ + -gcflags '$(GCFLAGS)' \ -o $(BIN_DIR)/$(notdir $(PACKAGE)) \ ./$(PACKAGE); \ fi From 2c387ff96ee68ec1dcf4bfd1fc2e1473b64085eb Mon Sep 17 00:00:00 2001 From: Michael Vittrup Larsen Date: Sun, 7 Dec 2025 18:15:00 +0100 Subject: [PATCH 3/3] add ko build --- Makefile | 14 +++++++++++++- devbox.json | 1 + devbox.lock | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 62 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1c191ea..f6475c8 100644 --- a/Makefile +++ b/Makefile @@ -5,6 +5,8 @@ include Makefile.cosign # The packages to build GO_PACKAGES ?= cmd/apply-setters cmd/digester cmd/gatekeeper-set-enforcement-action cmd/helm-upgrader cmd/kubeconform cmd/remove-local-config-resources cmd/render-helm-chart cmd/set-annotations cmd/set-labels cmd/source-helm-chart cmd/package-compositor # cmd/template-kyaml +KO_PACKAGES ?= cmd/kubeconform cmd/remove-local-config-resources + # The platforms we support #ALL_PLATFORMS ?= linux/amd64 linux/arm linux/arm64 linux/ppc64le linux/s390x ALL_PLATFORMS ?= linux/amd64 linux/arm linux/arm64 @@ -26,7 +28,9 @@ MAKEFLAGS += --no-print-directory # For functions building on top of Helm HELM_VERSION=v3.16.1 -REGISTRY ?= ghcr.io/krm-functions +# REGISTRY ?= ghcr.io/krm-functions +REGISTRY ?= ko.local +CONTAINER_PUSH ?= false # This version-strategy uses git tags to set the version string VERSION ?= $(shell git describe --tags --always --dirty) @@ -70,6 +74,14 @@ build-package: ./$(PACKAGE); \ fi +## Build all containers +.PHONY: containers +containers: + export KO_DOCKER_REPO=$(REGISTRY); \ + for package in $(KO_PACKAGES); do \ + ko build ./$$package --base-import-paths --push=$(CONTAINER_PUSH); \ + done + .PHONY: clean clean: rm -rf $(BIN_DIR) diff --git a/devbox.json b/devbox.json index fa8b24a..209af6e 100644 --- a/devbox.json +++ b/devbox.json @@ -4,6 +4,7 @@ "gnumake@4.4.1", "go@1.24.3", "golangci-lint@2.1.6", + "ko@0.18.0", "kpt@1.0.0-beta.55", "yq@3.4.3" ] diff --git a/devbox.lock b/devbox.lock index 19c9274..21ea513 100644 --- a/devbox.lock +++ b/devbox.lock @@ -193,6 +193,54 @@ } } }, + "ko@0.18.0": { + "last_modified": "2025-11-23T21:50:36Z", + "resolved": "github:NixOS/nixpkgs/ee09932cedcef15aaf476f9343d1dea2cb77e261#ko", + "source": "devbox-search", + "version": "0.18.0", + "systems": { + "aarch64-darwin": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/fv07zmsacfcx03prilrls23ng12783rz-ko-0.18.0", + "default": true + } + ], + "store_path": "/nix/store/fv07zmsacfcx03prilrls23ng12783rz-ko-0.18.0" + }, + "aarch64-linux": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/bb7zb20f0vxbpq2ddxzvba2lih4xmlj1-ko-0.18.0", + "default": true + } + ], + "store_path": "/nix/store/bb7zb20f0vxbpq2ddxzvba2lih4xmlj1-ko-0.18.0" + }, + "x86_64-darwin": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/sblcy1ciry7msqa0y4m5nmb3s1grrpyf-ko-0.18.0", + "default": true + } + ], + "store_path": "/nix/store/sblcy1ciry7msqa0y4m5nmb3s1grrpyf-ko-0.18.0" + }, + "x86_64-linux": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/6an2xmjlzjlvid1qxhsjsf7g6bs7ljvr-ko-0.18.0", + "default": true + } + ], + "store_path": "/nix/store/6an2xmjlzjlvid1qxhsjsf7g6bs7ljvr-ko-0.18.0" + } + } + }, "kpt@1.0.0-beta.55": { "last_modified": "2025-06-20T02:24:11Z", "resolved": "github:NixOS/nixpkgs/076e8c6678d8c54204abcb4b1b14c366835a58bb#kpt",