diff --git a/cmd/image-builder/images/buildkit/Dockerfile b/cmd/image-builder/images/buildkit/Dockerfile index 1a2f3f3aca6e..e149a20653af 100644 --- a/cmd/image-builder/images/buildkit/Dockerfile +++ b/cmd/image-builder/images/buildkit/Dockerfile @@ -1,11 +1,16 @@ FROM alpine:3.17.1 AS creds -SHELL ["/bin/ash", "option", "-o", "pipefail"] RUN apk add --no-cache curl && \ curl -fsSL "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.1.5/docker-credential-gcr_linux_amd64-2.1.5.tar.gz" \ | tar xz docker-credential-gcr \ && chmod +x docker-credential-gcr && mv docker-credential-gcr /usr/bin/ +FROM europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:v20231128-9bb59ac6 AS builder + +WORKDIR / +COPY . /app/ +RUN cd /app/cmd/image-builder && CGO_ENABLED=0 go build -o /app/image-builder -a -ldflags '-extldflags "-static"' . + FROM moby/buildkit:v0.11.1-rootless COPY --from=creds /usr/bin/docker-credential-gcr /usr/bin/ @@ -13,6 +18,6 @@ RUN docker-credential-gcr configure-docker --registries=eu.gcr.io,europe-docker. ENV USE_BUILDKIT=true -COPY ./image-builder /image-builder +COPY --from=builder /app/image-builder /image-builder -ENTRYPOINT ["/image-builder"] \ No newline at end of file +ENTRYPOINT ["/image-builder"] diff --git a/prow/jobs/kyma-project/test-infra/images.yaml b/prow/jobs/kyma-project/test-infra/images.yaml index f43dac06e57a..25704452d343 100644 --- a/prow/jobs/kyma-project/test-infra/images.yaml +++ b/prow/jobs/kyma-project/test-infra/images.yaml @@ -9,7 +9,7 @@ presubmits: # runs on PRs prow.k8s.io/pubsub.runID: "pull-build-image-builder" prow.k8s.io/pubsub.topic: "prowjobs" preset-sa-kyma-push-images: "true" - run_if_changed: ^pkg/.*.go|cmd/image-builder/.*.go|^go.mod + run_if_changed: ^pkg/.*.go|cmd/image-builder/.*.go|^go.mod|cmd/image-builder/images/ decorate: true cluster: untrusted-workload max_concurrency: 10 @@ -47,6 +47,54 @@ presubmits: # runs on PRs - name: config configMap: name: kaniko-build-config + - name: pull-build-buildkit-image-builder + annotations: + description: "build buildkit image-builder image" + owner: "neighbors" + labels: + prow.k8s.io/pubsub.project: "sap-kyma-prow" + prow.k8s.io/pubsub.runID: "pull-build-image-builder" + prow.k8s.io/pubsub.topic: "prowjobs" + preset-sa-kyma-push-images: "true" + run_if_changed: ^pkg/.*.go|cmd/image-builder/.*.go|^go.mod|cmd/image-builder/images/ + decorate: true + cluster: untrusted-workload + max_concurrency: 10 + spec: + containers: + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20231213-b563bbe4" + securityContext: + privileged: false + seccompProfile: + type: RuntimeDefault + allowPrivilegeEscalation: false + env: + - name: "ADO_PAT" + valueFrom: + secretKeyRef: + name: "image-builder-ado-token" + key: "token" + command: + - "/image-builder" + args: + - "--name=image-builder" + - "--config=/config/kaniko-build-config.yaml" + - "--context=." + - "--dockerfile=cmd/image-builder/images/buildkit/Dockerfile" + - "--build-in-ado=true" + - "--tag=v{{ .Date }}-{{ .ShortSHA }}-buildkit" + resources: + requests: + memory: 500Mi + cpu: 500m + volumeMounts: + - name: config + mountPath: /config + readOnly: true + volumes: + - name: config + configMap: + name: kaniko-build-config - name: pull-main-build-testimages decorate: true labels: @@ -91,7 +139,7 @@ postsubmits: prow.k8s.io/pubsub.runID: "pull-build-image-builder" prow.k8s.io/pubsub.topic: "prowjobs" preset-sa-kyma-push-images: "true" - run_if_changed: ^pkg/.*.go|cmd/image-builder/.*.go|^go.mod + run_if_changed: ^pkg/.*.go|cmd/image-builder/.*.go|^go.mod|cmd/image-builder/images/ branches: - main decorate: true @@ -131,6 +179,54 @@ postsubmits: - name: config configMap: name: kaniko-build-config + - name: post-build-buildkit-image-builder + annotations: + description: "build buildkit image-builder image" + owner: "neighbors" + labels: + prow.k8s.io/pubsub.project: "sap-kyma-prow" + prow.k8s.io/pubsub.runID: "pull-build-image-builder" + prow.k8s.io/pubsub.topic: "prowjobs" + preset-sa-kyma-push-images: "true" + run_if_changed: ^pkg/.*.go|cmd/image-builder/.*.go|^go.mod|cmd/image-builder/images/ + decorate: true + cluster: trusted-workload + max_concurrency: 10 + spec: + containers: + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20231213-b563bbe4" + securityContext: + privileged: false + seccompProfile: + type: RuntimeDefault + allowPrivilegeEscalation: false + env: + - name: "ADO_PAT" + valueFrom: + secretKeyRef: + name: "image-builder-ado-token" + key: "token" + command: + - "/image-builder" + args: + - "--name=image-builder" + - "--config=/config/kaniko-build-config.yaml" + - "--context=." + - "--dockerfile=cmd/image-builder/images/buildkit/Dockerfile" + - "--build-in-ado=true" + - "--tag=v{{ .Date }}-{{ .ShortSHA }}-buildkit" + resources: + requests: + memory: 500Mi + cpu: 500m + volumeMounts: + - name: config + mountPath: /config + readOnly: true + volumes: + - name: config + configMap: + name: kaniko-build-config - name: post-main-build-testimages decorate: true labels: