refactor: clean up extensions versioning

Use new `bldr` variables and `eval` support to produce versions for each
extension which makes sense:

* `gvisor`: upstream version + extensions version (as it depends on
Talos)
* `hello-world-service`: extensions version
* `amd-ucode`, `bnx2-bnx2x`: linux firmware version
* `intel-ucode`: upstream version
* `nvidia-container-toolkit`: combination of upstream versions

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>

.gitignore

@@ -0,0 +1 @@
+_out/

Makefile

@@ -4,6 +4,16 @@ SHA ?= $(shell git describe --match=none --always --abbrev=8 --dirty)
 TAG ?= $(shell git describe --tag --always --dirty)
 BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
 REGISTRY_AND_USERNAME := $(REGISTRY)/$(USERNAME)
+ARTIFACTS ?= _out/
+OPERATING_SYSTEM := $(shell uname -s | tr "[:upper:]" "[:lower:]")
+GOARCH :=$(shell uname -m | tr '[:upper:]' '[:lower:]')
+
+ifeq ($(GOARCH),x86_64)
+GOARCH := amd64
+endif
+
+# keep in sync with Pkgfile
+BLDR_RELEASE ?= v0.2.0-alpha.8
 
 BUILD := docker buildx build
 PLATFORM ?= linux/amd64,linux/arm64
@@ -14,6 +24,7 @@ COMMON_ARGS += --progress=$(PROGRESS)
 COMMON_ARGS += --platform=$(PLATFORM)
 COMMON_ARGS += --build-arg=http_proxy=$(http_proxy)
 COMMON_ARGS += --build-arg=https_proxy=$(https_proxy)
+COMMON_ARGS += --build-arg=TAG=$(TAG)
 
 , := ,
 empty :=
@@ -24,6 +35,7 @@ NONFREE_TARGETS = nvidia-container-toolkit
 
 all: $(TARGETS) ## Builds all known pkgs.
 
+.PHONY: nonfree
 nonfree: $(NONFREE_TARGETS) ## Builds all known non-free pkgs.
 
 .PHONY: help
@@ -44,13 +56,19 @@ docker-%: ## Builds the specified target defined in the Dockerfile using the doc
 	@$(MAKE) target-$* TARGET_ARGS="$(TARGET_ARGS)"
 
 .PHONY: $(TARGETS) $(NONFREE_TARGETS)
-$(TARGETS) $(NONFREE_TARGETS):
-	@$(MAKE) docker-$@ TARGET_ARGS="--tag=$(REGISTRY)/$(USERNAME)/$@:$(TAG) --push=$(PUSH)"
+$(TARGETS) $(NONFREE_TARGETS): $(ARTIFACTS)/bldr
+	@$(MAKE) docker-$@ \
+		TARGET_ARGS="--tag=$(REGISTRY)/$(USERNAME)/$@:$(shell $(ARTIFACTS)/bldr eval --target $@ --build-arg TAG=$(TAG) '{{.VERSION}}' 2>/dev/null) --push=$(PUSH)"
 
 .PHONY: deps.png
-deps.png:
-	bldr graph | dot -Tpng > deps.png
+deps.png: $(ARTIFACTS)/bldr
+	$(ARTIFACTS)/bldr graph | dot -Tpng > deps.png
 
 .PHONY: conformance
 conformance: ## Performs policy checks against the commit and source code.
 	docker run --rm -it -v $(PWD):/src -w /src ghcr.io/siderolabs/conform:latest enforce
+
+$(ARTIFACTS)/bldr:
+	@mkdir -p $(ARTIFACTS)
+	@curl -L https://github.com/siderolabs/bldr/releases/download/$(BLDR_RELEASE)/bldr-$(OPERATING_SYSTEM)-$(GOARCH) -o $(ARTIFACTS)/bldr
+	@chmod +x $(ARTIFACTS)/bldr

Pkgfile

@@ -1,12 +1,11 @@
-# syntax = ghcr.io/siderolabs/bldr:v0.2.0-alpha.7-4-g81055c0-frontend
+# syntax = ghcr.io/siderolabs/bldr:v0.2.0-alpha.8-frontend
 
 format: v1alpha2
 
 vars:
   PKGS_PREFIX: ghcr.io/siderolabs
-  PKGS_VERSION: v1.1.0-alpha.0-17-g4dace49
-  NVIDIA_DRIVER_VERSION_MAJOR: 510
-  NVIDIA_DRIVER_VERSION_MINOR: 60.02
+  PKGS_VERSION: v1.1.0-alpha.0-21-gff13660
+  LINUX_FIRMWARE_VERSION: "20220310" # update this when updating PKGS_VERSION above
 
 labels:
   org.opencontainers.image.source: https://github.com/siderolabs/extensions

README.md

@@ -78,3 +78,7 @@ Any paths in the `rootfs` should be contained within the following hierarchies:
 - `/lib/firmware/`
 - `/usr/etc/udev/rules.d`
 - `/usr/local/`
+
+## Dependency Diagram
+
+![Dependency Diagram](/deps.png)

container-runtime/gvisor/manifest.yaml

@@ -1,8 +1,8 @@
 version: v1alpha1
 metadata:
   name: gvisor
-  version: 20220117.0-v1.0.0
-  author: Andrew Rynhard
+  version: "$VERSION"
+  author: Sidero Labs
   description: |
     This system extension provides gVisor using containerd's runtime handler.
   compatibility:

container-runtime/gvisor/pkg.yaml

@@ -5,14 +5,16 @@ dependencies:
   - stage: base
 steps:
   - sources:
-      # sync with commit in build
-      - url: https://github.com/google/gvisor/archive/c1512ec8067c772473a4d6bad12953848eab8552.tar.gz
+      # gvisor repo 'master' branch is Bazel-bazed, so we need to find matching commit in the "go" branch
+      - url: https://github.com/google/gvisor/archive/795f4f0139bb1f590528b3638ecc1bd3c6bba35e.tar.gz
         destination: gvisor.tar.gz
-        sha256: df41a38cc4d6068e6475f2f0a29c083bf11fd682869957b1b325980d3892725b
-        sha512: f4fd4bd5fbf482fceb7c46311c5dfd808cbf40e921c5f92ce4011f9b58e477af0dc3d5da8e1175c7ff22ad42d8351d6e8b9d8cc4d8339ded7cd782d617331002
+        sha256: 646b8e8a8edc32ef491a2e4e5630fcfc07fda0dec1eb3602ec7083d687c825a4
+        sha512: dc5bcdc43d02f51598f09f76e7b0a94412f44e5d8b589a3bc2b083c151879a02a23a6f7af673485e2d0433c74f8827cf6f864174e6d2066918c3d7231c7117a5
     env:
       GOPATH: /go
     prepare:
+      - |
+        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
       - |
         mkdir -p ${GOPATH}/src/github.com/google/gvisor
 

container-runtime/gvisor/vars.yaml

@@ -0,0 +1 @@
+VERSION: "{{ .GVISOR_VERSION }}-{{ .BUILD_ARG_TAG }}"

container-runtime/vars.yaml

@@ -0,0 +1 @@
+GVISOR_VERSION: "20220405.0"

examples/hello-world-service/manifest.yaml

@@ -1,8 +1,8 @@
 version: v1alpha1
 metadata:
   name: hello-world-service
-  version: v1.0.0
-  author: Andrey Smirnov
+  version: "$VERSION"
+  author: Sidero Labs
   description: |
     This system extension provides an example Talos extension service.
   compatibility:

examples/hello-world-service/pkg.yaml

@@ -8,6 +8,7 @@ steps:
       GOPATH: /go
     prepare:
       - |
+        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
     build:
       - |
         export PATH=${PATH}:${TOOLCHAIN}/go/bin

examples/hello-world-service/vars.yaml

@@ -0,0 +1 @@
+VERSION: "{{ .BUILD_ARG_TAG }}"

firmware/amd-ucode/manifest.yaml

@@ -1,8 +1,8 @@
 version: v1alpha1
 metadata:
   name: amd-ucode
-  version: 20211216-v1.0.0
-  author: Spencer Smith
+  version: "$VERSION"
+  author: Sidero Labs
   description: |
     This system extension provides AMD microcode binaries.
   compatibility:

firmware/amd-ucode/pkg.yaml

@@ -5,7 +5,10 @@ dependencies:
   - stage: base
   - image: "{{ .PKGS_PREFIX }}/linux-firmware:{{ .PKGS_VERSION }}"
 steps:
-  - install:
+  - prepare:
+      - |
+        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
+    install:
       - |
         mkdir -p /rootfs/lib/firmware
         cp -R -p /lib/firmware/amd-ucode /rootfs/lib/firmware

firmware/amd-ucode/vars.yaml

@@ -0,0 +1 @@
+VERSION: "{{ .LINUX_FIRMWARE_VERSION }}"

firmware/bnx2-bnx2x/manifest.yaml

@@ -1,8 +1,8 @@
 version: v1alpha1
 metadata:
   name: bnx2-bnx2x
-  version: 20211216-v1.0.0
-  author: Spencer Smith
+  version: "$VERSION"
+  author: Sidero Labs
   description: |
     This system extension provides bnx2 and bnx2x binaries.
   compatibility:

firmware/bnx2-bnx2x/pkg.yaml

@@ -5,7 +5,10 @@ dependencies:
   - stage: base
   - image: "{{ .PKGS_PREFIX }}/linux-firmware:{{ .PKGS_VERSION }}"
 steps:
-  - install:
+  - prepare:
+      - |
+        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
+    install:
       - |
         mkdir -p /rootfs/lib/firmware
         cp -R -p /lib/firmware/bnx2 /rootfs/lib/firmware

firmware/bnx2-bnx2x/vars.yaml

@@ -0,0 +1 @@
+VERSION: "{{ .LINUX_FIRMWARE_VERSION }}"

firmware/intel-ucode/manifest.yaml

@@ -1,8 +1,8 @@
 version: v1alpha1
 metadata:
   name: intel-ucode
-  version: microcode-20220207-v1.0.0
-  author: Spencer Smith
+  version: "$VERSION"
+  author: Sidero Labs
   description: |
     This system extension provides Intel microcode binaries.
   compatibility:

firmware/intel-ucode/pkg.yaml

@@ -5,11 +5,13 @@ dependencies:
   - stage: base
 steps:
   - sources:
-      - url: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/refs/tags/microcode-20220207.tar.gz
+      - url: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/refs/tags/microcode-{{ .INTEL_UCODE_VERSION }}.tar.gz
         destination: intel-ucode.tar.gz
         sha256: 532527bd17f3ea6664452b536699818a3bf896e4ace689a43a73624711b7c921
         sha512: efa9f80815947cf2be371e7da7185634cbacefe779d1d6dfef0c15b78ccae7d2740ea6681b967a19dfbcc3014edce5bcdcdba87c9dea1f19d0415a03fca9e936
     prepare:
+      - |
+        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
       - |
         tar -xzf intel-ucode.tar.gz --strip-components=1
     install:

firmware/intel-ucode/vars.yaml

@@ -0,0 +1 @@
+VERSION: "{{ .INTEL_UCODE_VERSION }}"

firmware/vars.yaml

@@ -0,0 +1 @@
+INTEL_UCODE_VERSION: "20220207"

nvidia-container-toolkit/manifest.yaml → nonfree/nvidia-container-toolkit/manifest.yaml

@@ -1,9 +1,8 @@
 version: v1alpha1
 metadata:
   name: nvidia-container-toolkit
-  # the first part is the driver version and the second the container-toolkit version
-  version: 510.60.02-v1.9.0
-  author: Andrew Rynhard
+  version: "$VERSION"
+  author: Sidero Labs
   description: |
     This system extension provides nvidia runtime and it's dependencies using NVIDIA's runtime handler.
   compatibility:

nvidia-container-toolkit/nvidia-container-cli/pkg.yaml → nonfree/nvidia-container-toolkit/nvidia-container-cli/pkg.yaml

@@ -9,7 +9,7 @@ dependencies:
 shell: /bin/bash
 steps:
   - sources:
-      - url: https://gitlab.com/nvidia/container-toolkit/libnvidia-container/-/archive/v1.9.0/libnvidia-container-v1.9.0.tar.gz
+      - url: https://gitlab.com/nvidia/container-toolkit/libnvidia-container/-/archive/{{ .NVIDIA_CONTAINER_TOOLKIT_VERSION }}/libnvidia-container-{{ .NVIDIA_CONTAINER_TOOLKIT_VERSION }}.tar.gz
         destination: libnvidia-container.tar.gz
         sha256: b33b83e90d5e07271c28f1fb330c2d32958fa91b3a8f3238e43d691728829299
         sha512: c1a2a43733580eb2bc1d0798c164dd5f8f5b65bfb3d6e47a067fd5a6a93cc18fd0d718e314881f9d4e596c1376363340d4a35f89973e0e43cdb25b07922c8430

nvidia-container-toolkit/nvidia-container-runtime/pkg.yaml → nonfree/nvidia-container-toolkit/nvidia-container-runtime/pkg.yaml

@@ -5,7 +5,7 @@ dependencies:
   - stage: base
 steps:
   - sources:
-      - url: https://gitlab.com/nvidia/container-toolkit/container-toolkit/-/archive/v1.9.0/container-toolkit-v1.9.0.tar.gz
+      - url: https://gitlab.com/nvidia/container-toolkit/container-toolkit/-/archive/{{ .NVIDIA_CONTAINER_TOOLKIT_VERSION }}/container-toolkit-{{ .NVIDIA_CONTAINER_TOOLKIT_VERSION }}.tar.gz
         destination: container-toolkit.tar.gz
         sha256: e95ad56d08bee14f54d3c15e5201ba502676afda3392a40c09f112a29a3e3679
         sha512: d742d297dc9cb29e2d775c64fe5dc668a230cd8b0a193eb9b44518efd1e092817038c8ed015ab28b0cf2a45ad03b99d0e215df9e18586bb917d8c5b5d783aa90
@@ -35,7 +35,7 @@ steps:
         cp ./nvidia-container-toolkit /rootfs/usr/local/bin/nvidia-container-toolkit
 
         ln -s nvidia-container-toolkit /rootfs/usr/local/bin/nvidia-container-runtime-hook
-        
+
         chmod +x /rootfs/usr/local/bin/nvidia-container-runtime
         chmod +x /rootfs/usr/local/bin/nvidia-container-toolkit
 finalize:

nvidia-container-toolkit/pkg.yaml → nonfree/nvidia-container-toolkit/pkg.yaml

@@ -7,7 +7,10 @@ dependencies:
   - stage: nvidia-container-runtime
   - stage: nvidia-device-create
 steps:
-  - install:
+  - prepare:
+      - |
+        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
+    install:
       - |
         mkdir -p /rootfs
 finalize:

nonfree/nvidia-container-toolkit/vars.yaml

@@ -0,0 +1,2 @@
+  # the first part is the driver version and the second the container-toolkit version
+  VERSION: "{{ .NVIDIA_DRIVER_VERSION_MAJOR }}.{{ .NVIDIA_DRIVER_VERSION_MINOR }}-{{ .NVIDIA_CONTAINER_TOOLKIT_VERSION }}"

nonfree/vars.yaml

@@ -0,0 +1,3 @@
+NVIDIA_DRIVER_VERSION_MAJOR: 510
+NVIDIA_DRIVER_VERSION_MINOR: 60.02
+NVIDIA_CONTAINER_TOOLKIT_VERSION: v1.9.0