Repo controlled build go version

.github/workflows/build.yaml

@@ -7,7 +7,9 @@ jobs:
     if: github.repository == 'aws/amazon-eks-pod-identity-webhook'
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v3
+    - name: Setup Go Version
+      run: echo "GO_VERSION=$(cat .go-version)" >> $GITHUB_ENV
     - name: Set up Docker Buildx
       id: buildx
       uses: crazy-max/ghaction-docker-buildx@v3
@@ -27,6 +29,7 @@ jobs:
         if [[ -z "${{ secrets.DOCKERHUB_USER }}" || -z "${{ secrets.DOCKERHUB_TOKEN }}" ]]; then
           docker buildx build \
                 -t $REPO:$TAG \
+                --build-arg golang_image=public.ecr.aws/eks-distro-build-tooling/golang:${{ env.GO_VERSION }}-gcc \
                 --platform=linux/amd64,linux/arm64 \
                 --progress plain \
                 .
@@ -36,12 +39,14 @@ jobs:
 
         docker buildx build \
               -t $REPO:$TAG \
+              --build-arg golang_image=public.ecr.aws/eks-distro-build-tooling/golang:${{ env.GO_VERSION }}-gcc \
               --platform=linux/amd64,linux/arm64 \
               --progress plain \
               --push .
         if [ "$BRANCH" = "master" ]; then
           docker buildx build \
                 -t $REPO:latest \
+                --build-arg golang_image=public.ecr.aws/eks-distro-build-tooling/golang:${{ env.GO_VERSION }}-gcc \
                 --platform=linux/amd64,linux/arm64 \
                 --progress plain \
                 --push .

.github/workflows/test.yaml

@@ -7,11 +7,13 @@ jobs:
     if: github.repository == 'aws/amazon-eks-pod-identity-webhook'
     runs-on: ubuntu-latest
     steps:
+    - name: Setup Go Version
+      run: echo "GO_VERSION=$(cat .go-version)" >> $GITHUB_ENV
     - name: Install Go
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v3
       with:
-        go-version: 1.19.x
+        go-version: ${{ env.GO_VERSION }}
     - name: Checkout code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Test
       run: go mod tidy && go mod vendor && go test ./...

.gitignore

@@ -3,6 +3,7 @@
 amazon-eks-pod-identity-webhook
 deploy/deployment.yaml
 build
+bin
 /certs/
 SAMToolkit.*
 coverage.out

.go-version

@@ -0,0 +1 @@
+1.21.6

Dockerfile

@@ -1,7 +1,9 @@
-FROM --platform=$BUILDPLATFORM golang:1.21 AS builder
+ARG golang_image=public.ecr.aws/eks-distro-build-tooling/golang:1.21
 
+FROM --platform=$BUILDPLATFORM $golang_image AS builder
 WORKDIR $GOPATH/src/github.com/aws/amazon-eks-pod-identity-webhook
 COPY . ./
+RUN go version
 ARG TARGETOS TARGETARCH
 RUN GOPROXY=direct CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o /webhook -v -a -ldflags="-buildid='' -w -s" .
 

Makefile

@@ -2,39 +2,44 @@
 -include build/private/bgo_exports.makefile
 include ${BGO_MAKEFILE}
 
-export CGO_ENABLED=0
-export T=github.com/aws/amazon-eks-pod-identity-webhook
-UNAME_S = $(shell uname -s)
-GO_LDFLAGS = -ldflags='-s -w -buildid=""'
-
 install:: build
-ifeq ($(UNAME_S), Darwin)
-	GOOS=darwin GOARCH=amd64 go build -o build/gopath/bin/darwin_amd64/amazon-eks-pod-identity-webhook $(GO_LDFLAGS) $V $T
-endif
-	GOOS=linux GOARCH=amd64 go build -o build/gopath/bin/linux_amd64/amazon-eks-pod-identity-webhook $(GO_LDFLAGS) $V $T
+	hack/install.sh
 
 # Generic make
-REGISTRY_ID?=602401143452
+REGISTRY?=public.ecr.aws
 IMAGE_NAME?=eks/pod-identity-webhook
-REGION?=us-west-2
-IMAGE?=$(REGISTRY_ID).dkr.ecr.$(REGION).amazonaws.com/$(IMAGE_NAME)
+IMAGE?=$(REGISTRY)/$(IMAGE_NAME)
+
+GIT_COMMIT ?= $(shell git log -1 --pretty=%h)
+
+# Architectures for binary builds
+BIN_ARCH_LINUX ?= amd64 arm64
 
 test:
-	go test -coverprofile=coverage.out ./...
-	go tool cover -html=coverage.out
+	hack/test.sh
+
+# Function build-image
+# Parameters:
+# 1: Target architecture
+define build-image
+$(MAKE) .image-linux-$(1)
+endef
+
+.PHONY: build-all-images
+build-all-images:
+	$(foreach arch,$(BIN_ARCH_LINUX),$(call build-image,$(arch)))
 
-docker:
-	@echo 'Building image $(IMAGE)...'
-	docker buildx build --output=type=docker --platform linux/amd64 --no-cache -t $(IMAGE) .
+.PHONY: image
+image: .image-linux-amd64
 
-push: docker
-	if ! aws ecr get-login-password --region $(REGION) | docker login --username AWS --password-stdin $(REGISTRY_ID).dkr.ecr.$(REGION).amazonaws.com; then \
-	  eval $$(aws ecr get-login --registry-ids $(REGISTRY_ID) --no-include-email); \
-	fi
-	docker push $(IMAGE)
+.PHONY: .image-linux-%
+.image-linux-%:
+	docker buildx build --output=type=docker --platform linux/$* \
+		--build-arg golang_image=$(shell hack/setup-go.sh) --no-cache \
+		--tag $(IMAGE):$(GIT_COMMIT)-linux_$* .
 
 amazon-eks-pod-identity-webhook:
-	go build
+	hack/amazon-eks-pod-identity-webhook.sh
 
 certs/tls.key:
 	mkdir -p certs
@@ -92,6 +97,6 @@ clean::
 	rm -rf ./amazon-eks-pod-identity-webhook
 	rm -rf ./certs/ coverage.out
 
-.PHONY: docker push build local-serve local-request cluster-up cluster-down prep-config deploy-config delete-config clean
+.PHONY: image build local-serve local-request cluster-up cluster-down prep-config deploy-config delete-config clean
 
 

go.sum

@@ -282,8 +282,6 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
 golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -351,8 +349,6 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
 golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -416,15 +412,11 @@ golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
-golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -435,8 +427,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

hack/amazon-eks-pod-identity-webhook.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+source hack/setup-go.sh
+
+go version
+
+go build

hack/install.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+source hack/setup-go.sh
+
+T=github.com/aws/amazon-eks-pod-identity-webhook
+GOOS=$(go env GOOS)
+go version
+
+GOARCH=amd64 go build -o build/gopath/bin/${_amd64/amazon-eks-pod-identity-webhook -ldflags='-s -w -buildid=""' $T

hack/setup-go.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+# Copyright 2020 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# script to setup go version as needed
+# MUST BE RUN FROM THE REPO ROOT DIRECTORY
+
+# read go-version file unless EKSD_GO_IMAGE_TAG & GO_VERSION are set
+GO_VERSION="${GO_VERSION:-"$(cat .go-version)"}"
+EKSD_GO_IMAGE_TAG="${EKSD_GO_IMAGE_TAG:-"${GO_VERSION}"}"
+GO_IMAGE=public.ecr.aws/eks-distro-build-tooling/golang:$EKSD_GO_IMAGE_TAG-gcc
+
+# gotoolchain
+# https://go.dev/doc/toolchain
+export GOSUMDB="sum.golang.org"
+export GOTOOLCHAIN=go${GO_VERSION}
+
+# force go modules
+export GO111MODULE=on
+
+echo $GO_IMAGE

hack/test.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+source hack/setup-go.sh
+
+go version
+go test -coverprofile=coverage.out ./...
+go tool cover -html=coverage.out