Build buildkit version of image-builder in ado

cmd/image-builder/images/buildkit/Dockerfile

@@ -1,18 +1,23 @@
 FROM alpine:3.17.1 AS creds
 
-SHELL ["/bin/ash", "option",  "-o", "pipefail"]
 RUN apk add --no-cache curl && \
   curl -fsSL "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.1.5/docker-credential-gcr_linux_amd64-2.1.5.tar.gz" \
   | tar xz docker-credential-gcr \
   && chmod +x docker-credential-gcr && mv docker-credential-gcr /usr/bin/
 
+FROM europe-docker.pkg.dev/kyma-project/prod/testimages/buildpack-go:v20231128-9bb59ac6 AS builder
+
+WORKDIR /
+COPY . /app/
+RUN cd /app/cmd/image-builder && CGO_ENABLED=0 go build -o /app/image-builder -a -ldflags '-extldflags "-static"' .
+
 FROM moby/buildkit:v0.11.1-rootless
 
 COPY --from=creds /usr/bin/docker-credential-gcr /usr/bin/
 RUN docker-credential-gcr configure-docker --registries=eu.gcr.io,europe-docker.pkg.dev
 
 ENV USE_BUILDKIT=true
 
-COPY ./image-builder /image-builder
+COPY --from=builder /app/image-builder /image-builder
 
-ENTRYPOINT ["/image-builder"]
+ENTRYPOINT ["/image-builder"]

prow/jobs/kyma-project/test-infra/images.yaml

@@ -9,7 +9,7 @@ presubmits: # runs on PRs
         prow.k8s.io/pubsub.runID: "pull-build-image-builder"
         prow.k8s.io/pubsub.topic: "prowjobs"
         preset-sa-kyma-push-images: "true"
-      run_if_changed: ^pkg/.*.go|cmd/image-builder/.*.go|^go.mod
+      run_if_changed: ^pkg/.*.go|cmd/image-builder/.*.go|^go.mod|cmd/image-builder/images/
       decorate: true
       cluster: untrusted-workload
       max_concurrency: 10
@@ -47,6 +47,54 @@ presubmits: # runs on PRs
           - name: config
             configMap:
               name: kaniko-build-config
+    - name: pull-build-buildkit-image-builder
+      annotations:
+        description: "build buildkit image-builder image"
+        owner: "neighbors"
+      labels:
+        prow.k8s.io/pubsub.project: "sap-kyma-prow"
+        prow.k8s.io/pubsub.runID: "pull-build-image-builder"
+        prow.k8s.io/pubsub.topic: "prowjobs"
+        preset-sa-kyma-push-images: "true"
+      run_if_changed: ^pkg/.*.go|cmd/image-builder/.*.go|^go.mod|cmd/image-builder/images/
+      decorate: true
+      cluster: untrusted-workload
+      max_concurrency: 10
+      spec:
+        containers:
+          - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20231213-b563bbe4"
+            securityContext:
+              privileged: false
+              seccompProfile:
+                type: RuntimeDefault
+              allowPrivilegeEscalation: false
+            env:
+              - name: "ADO_PAT"
+                valueFrom:
+                  secretKeyRef:
+                    name: "image-builder-ado-token"
+                    key: "token"
+            command:
+              - "/image-builder"
+            args:
+              - "--name=image-builder"
+              - "--config=/config/kaniko-build-config.yaml"
+              - "--context=."
+              - "--dockerfile=cmd/image-builder/images/buildkit/Dockerfile"
+              - "--build-in-ado=true"
+              - "--tag=v{{ .Date }}-{{ .ShortSHA }}-buildkit"
+            resources:
+              requests:
+                memory: 500Mi
+                cpu: 500m
+            volumeMounts:
+              - name: config
+                mountPath: /config
+                readOnly: true
+        volumes:
+          - name: config
+            configMap:
+              name: kaniko-build-config
     - name: pull-main-build-testimages
       decorate: true
       labels:
@@ -91,7 +139,7 @@ postsubmits:
         prow.k8s.io/pubsub.runID: "pull-build-image-builder"
         prow.k8s.io/pubsub.topic: "prowjobs"
         preset-sa-kyma-push-images: "true"
-      run_if_changed: ^pkg/.*.go|cmd/image-builder/.*.go|^go.mod
+      run_if_changed: ^pkg/.*.go|cmd/image-builder/.*.go|^go.mod|cmd/image-builder/images/
       branches:
         - main
       decorate: true
@@ -131,6 +179,54 @@ postsubmits:
           - name: config
             configMap:
               name: kaniko-build-config
+    - name: post-build-buildkit-image-builder
+      annotations:
+        description: "build buildkit image-builder image"
+        owner: "neighbors"
+      labels:
+        prow.k8s.io/pubsub.project: "sap-kyma-prow"
+        prow.k8s.io/pubsub.runID: "pull-build-image-builder"
+        prow.k8s.io/pubsub.topic: "prowjobs"
+        preset-sa-kyma-push-images: "true"
+      run_if_changed: ^pkg/.*.go|cmd/image-builder/.*.go|^go.mod|cmd/image-builder/images/
+      decorate: true
+      cluster: trusted-workload
+      max_concurrency: 10
+      spec:
+        containers:
+          - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20231213-b563bbe4"
+            securityContext:
+              privileged: false
+              seccompProfile:
+                type: RuntimeDefault
+              allowPrivilegeEscalation: false
+            env:
+              - name: "ADO_PAT"
+                valueFrom:
+                  secretKeyRef:
+                    name: "image-builder-ado-token"
+                    key: "token"
+            command:
+              - "/image-builder"
+            args:
+              - "--name=image-builder"
+              - "--config=/config/kaniko-build-config.yaml"
+              - "--context=."
+              - "--dockerfile=cmd/image-builder/images/buildkit/Dockerfile"
+              - "--build-in-ado=true"
+              - "--tag=v{{ .Date }}-{{ .ShortSHA }}-buildkit"
+            resources:
+              requests:
+                memory: 500Mi
+                cpu: 500m
+            volumeMounts:
+              - name: config
+                mountPath: /config
+                readOnly: true
+        volumes:
+          - name: config
+            configMap:
+              name: kaniko-build-config
     - name: post-main-build-testimages
       decorate: true
       labels: