diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index f3c48ef24..e48dc62c5 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -7,7 +7,9 @@ jobs: if: github.repository == 'aws/amazon-eks-pod-identity-webhook' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 + - name: Setup Go Version + run: echo "GO_VERSION=$(cat .go-version)" >> $GITHUB_ENV - name: Set up Docker Buildx id: buildx uses: crazy-max/ghaction-docker-buildx@v3 @@ -27,6 +29,7 @@ jobs: if [[ -z "${{ secrets.DOCKERHUB_USER }}" || -z "${{ secrets.DOCKERHUB_TOKEN }}" ]]; then docker buildx build \ -t $REPO:$TAG \ + --build-arg golang_image=public.ecr.aws/eks-distro-build-tooling/golang:${{ env.GO_VERSION }}-gcc \ --platform=linux/amd64,linux/arm64 \ --progress plain \ . @@ -36,12 +39,14 @@ jobs: docker buildx build \ -t $REPO:$TAG \ + --build-arg golang_image=public.ecr.aws/eks-distro-build-tooling/golang:${{ env.GO_VERSION }}-gcc \ --platform=linux/amd64,linux/arm64 \ --progress plain \ --push . if [ "$BRANCH" = "master" ]; then docker buildx build \ -t $REPO:latest \ + --build-arg golang_image=public.ecr.aws/eks-distro-build-tooling/golang:${{ env.GO_VERSION }}-gcc \ --platform=linux/amd64,linux/arm64 \ --progress plain \ --push . diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index e8f41087a..d505b8ad3 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -7,11 +7,13 @@ jobs: if: github.repository == 'aws/amazon-eks-pod-identity-webhook' runs-on: ubuntu-latest steps: + - name: Setup Go Version + run: echo "GO_VERSION=$(cat .go-version)" >> $GITHUB_ENV - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: - go-version: 1.19.x + go-version: ${{ env.GO_VERSION }} - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Test run: go mod tidy && go mod vendor && go test ./... diff --git a/.gitignore b/.gitignore index 77c60ee74..c3b37c777 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,7 @@ amazon-eks-pod-identity-webhook deploy/deployment.yaml build +bin /certs/ SAMToolkit.* coverage.out diff --git a/.go-version b/.go-version new file mode 100644 index 000000000..c262b1f0d --- /dev/null +++ b/.go-version @@ -0,0 +1 @@ +1.21.6 diff --git a/Dockerfile b/Dockerfile index 2a0047496..2125b1730 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,9 @@ -FROM --platform=$BUILDPLATFORM golang:1.21 AS builder +ARG golang_image=public.ecr.aws/eks-distro-build-tooling/golang:1.21 +FROM --platform=$BUILDPLATFORM $golang_image AS builder WORKDIR $GOPATH/src/github.com/aws/amazon-eks-pod-identity-webhook COPY . ./ +RUN go version ARG TARGETOS TARGETARCH RUN GOPROXY=direct CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o /webhook -v -a -ldflags="-buildid='' -w -s" . diff --git a/Makefile b/Makefile index eaf2cc893..75bace1d6 100644 --- a/Makefile +++ b/Makefile @@ -2,39 +2,44 @@ -include build/private/bgo_exports.makefile include ${BGO_MAKEFILE} -export CGO_ENABLED=0 -export T=github.com/aws/amazon-eks-pod-identity-webhook -UNAME_S = $(shell uname -s) -GO_LDFLAGS = -ldflags='-s -w -buildid=""' - install:: build -ifeq ($(UNAME_S), Darwin) - GOOS=darwin GOARCH=amd64 go build -o build/gopath/bin/darwin_amd64/amazon-eks-pod-identity-webhook $(GO_LDFLAGS) $V $T -endif - GOOS=linux GOARCH=amd64 go build -o build/gopath/bin/linux_amd64/amazon-eks-pod-identity-webhook $(GO_LDFLAGS) $V $T + hack/install.sh # Generic make -REGISTRY_ID?=602401143452 +REGISTRY?=public.ecr.aws IMAGE_NAME?=eks/pod-identity-webhook -REGION?=us-west-2 -IMAGE?=$(REGISTRY_ID).dkr.ecr.$(REGION).amazonaws.com/$(IMAGE_NAME) +IMAGE?=$(REGISTRY)/$(IMAGE_NAME) + +GIT_COMMIT ?= $(shell git log -1 --pretty=%h) + +# Architectures for binary builds +BIN_ARCH_LINUX ?= amd64 arm64 test: - go test -coverprofile=coverage.out ./... - go tool cover -html=coverage.out + hack/test.sh + +# Function build-image +# Parameters: +# 1: Target architecture +define build-image +$(MAKE) .image-linux-$(1) +endef + +.PHONY: build-all-images +build-all-images: + $(foreach arch,$(BIN_ARCH_LINUX),$(call build-image,$(arch))) -docker: - @echo 'Building image $(IMAGE)...' - docker buildx build --output=type=docker --platform linux/amd64 --no-cache -t $(IMAGE) . +.PHONY: image +image: .image-linux-amd64 -push: docker - if ! aws ecr get-login-password --region $(REGION) | docker login --username AWS --password-stdin $(REGISTRY_ID).dkr.ecr.$(REGION).amazonaws.com; then \ - eval $$(aws ecr get-login --registry-ids $(REGISTRY_ID) --no-include-email); \ - fi - docker push $(IMAGE) +.PHONY: .image-linux-% +.image-linux-%: + docker buildx build --output=type=docker --platform linux/$* \ + --build-arg golang_image=$(shell hack/setup-go.sh) --no-cache \ + --tag $(IMAGE):$(GIT_COMMIT)-linux_$* . amazon-eks-pod-identity-webhook: - go build + hack/amazon-eks-pod-identity-webhook.sh certs/tls.key: mkdir -p certs @@ -92,6 +97,6 @@ clean:: rm -rf ./amazon-eks-pod-identity-webhook rm -rf ./certs/ coverage.out -.PHONY: docker push build local-serve local-request cluster-up cluster-down prep-config deploy-config delete-config clean +.PHONY: image build local-serve local-request cluster-up cluster-down prep-config deploy-config delete-config clean diff --git a/go.sum b/go.sum index a34809e79..f1cadcd69 100644 --- a/go.sum +++ b/go.sum @@ -282,8 +282,6 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= -golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -351,8 +349,6 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -416,15 +412,11 @@ golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -435,8 +427,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/hack/amazon-eks-pod-identity-webhook.sh b/hack/amazon-eks-pod-identity-webhook.sh new file mode 100755 index 000000000..308325b9b --- /dev/null +++ b/hack/amazon-eks-pod-identity-webhook.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -euo pipefail + +source hack/setup-go.sh + +go version + +go build diff --git a/hack/install.sh b/hack/install.sh new file mode 100755 index 000000000..d4a8cbf31 --- /dev/null +++ b/hack/install.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +set -euo pipefail + +source hack/setup-go.sh + +T=github.com/aws/amazon-eks-pod-identity-webhook +GOOS=$(go env GOOS) +go version + +GOARCH=amd64 go build -o build/gopath/bin/${_amd64/amazon-eks-pod-identity-webhook -ldflags='-s -w -buildid=""' $T diff --git a/hack/setup-go.sh b/hack/setup-go.sh new file mode 100755 index 000000000..461982ad8 --- /dev/null +++ b/hack/setup-go.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# Copyright 2020 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# script to setup go version as needed +# MUST BE RUN FROM THE REPO ROOT DIRECTORY + +# read go-version file unless EKSD_GO_IMAGE_TAG & GO_VERSION are set +GO_VERSION="${GO_VERSION:-"$(cat .go-version)"}" +EKSD_GO_IMAGE_TAG="${EKSD_GO_IMAGE_TAG:-"${GO_VERSION}"}" +GO_IMAGE=public.ecr.aws/eks-distro-build-tooling/golang:$EKSD_GO_IMAGE_TAG-gcc + +# gotoolchain +# https://go.dev/doc/toolchain +export GOSUMDB="sum.golang.org" +export GOTOOLCHAIN=go${GO_VERSION} + +# force go modules +export GO111MODULE=on + +echo $GO_IMAGE diff --git a/hack/test.sh b/hack/test.sh new file mode 100755 index 000000000..110c0c6ff --- /dev/null +++ b/hack/test.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -euo pipefail + +source hack/setup-go.sh + +go version +go test -coverprofile=coverage.out ./... +go tool cover -html=coverage.out