diff --git a/.github/workflows/ci-master-pr.yml b/.github/workflows/ci-master-pr.yml index 108feb0..eddc092 100644 --- a/.github/workflows/ci-master-pr.yml +++ b/.github/workflows/ci-master-pr.yml @@ -33,6 +33,193 @@ jobs: run: | git diff --exit-code + build-1-29-0: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Display system info (linux) + run: | + set -e + hostname + whoami + cat /etc/*release + lscpu + free + df -h + pwd + docker info + docker version + + # See: https://github.com/docker/build-push-action/blob/v2.6.1/docs/advanced/cache.md#github-cache + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v2 + + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-1.29.0-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-1.29.0- + ${{ runner.os }}-buildx- + + - name: Login to Docker Hub registry + # Run on master and tags + if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/') + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_REGISTRY_USER }} + password: ${{ secrets.DOCKERHUB_REGISTRY_PASSWORD }} + + # This step generates the docker tags + - name: Prepare + id: prep-1-29-0 + run: | + set -e + + # Get ref, i.e. from refs/heads/, or from refs/tags/. E.g. 'master' or 'v0.0.0' + REF=$( echo "${GITHUB_REF}" | rev | cut -d '/' -f 1 | rev ) + + # Get short commit hash E.g. 'abc0123' + SHA=$( echo "${GITHUB_SHA}" | cut -c1-7 ) + + # Generate docker image tags + # E.g. 'v0.0.0-' and 'v0.0.0-abc0123-' + # E.g. 'master-' and 'master-abc0123-' + VARIANT="1.29.0" + REF_VARIANT="${REF}-${VARIANT}" + REF_SHA_VARIANT="${REF}-${SHA}-${VARIANT}" + + # Pass variables to next step + echo "VARIANT_BUILD_DIR=$VARIANT_BUILD_DIR" >> $GITHUB_OUTPUT + echo "VARIANT=$VARIANT" >> $GITHUB_OUTPUT + echo "REF_VARIANT=$REF_VARIANT" >> $GITHUB_OUTPUT + echo "REF_SHA_VARIANT=$REF_SHA_VARIANT" >> $GITHUB_OUTPUT + + - name: 1.29.0 - Build (PRs) + # Run only on pull requests + if: github.event_name == 'pull_request' + uses: docker/build-push-action@v3 + with: + context: variants/1.29.0 + platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x + push: false + tags: | + ${{ github.repository }}:${{ steps.prep-1-29-0.outputs.REF_VARIANT }} + ${{ github.repository }}:${{ steps.prep-1-29-0.outputs.REF_SHA_VARIANT }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + + - name: 1.29.0 - Build and push (master) + # Run only on master + if: github.ref == 'refs/heads/master' + uses: docker/build-push-action@v3 + with: + context: variants/1.29.0 + platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x + push: true + tags: | + ${{ github.repository }}:${{ steps.prep-1-29-0.outputs.REF_VARIANT }} + ${{ github.repository }}:${{ steps.prep-1-29-0.outputs.REF_SHA_VARIANT }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + + - name: 1.29.0 - Build and push (release) + if: startsWith(github.ref, 'refs/tags/') + uses: docker/build-push-action@v3 + with: + context: variants/1.29.0 + platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x + push: true + tags: | + ${{ github.repository }}:${{ steps.prep-1-29-0.outputs.VARIANT }} + ${{ github.repository }}:${{ steps.prep-1-29-0.outputs.REF_VARIANT }} + ${{ github.repository }}:${{ steps.prep-1-29-0.outputs.REF_SHA_VARIANT }} + ${{ github.repository }}:latest + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + + # This step generates the docker tags + - name: Prepare + id: prep-1-29-0-envsubst-git-jq-kustomize-sops-ssh + run: | + set -e + + # Get ref, i.e. from refs/heads/, or from refs/tags/. E.g. 'master' or 'v0.0.0' + REF=$( echo "${GITHUB_REF}" | rev | cut -d '/' -f 1 | rev ) + + # Get short commit hash E.g. 'abc0123' + SHA=$( echo "${GITHUB_SHA}" | cut -c1-7 ) + + # Generate docker image tags + # E.g. 'v0.0.0-' and 'v0.0.0-abc0123-' + # E.g. 'master-' and 'master-abc0123-' + VARIANT="1.29.0-envsubst-git-jq-kustomize-sops-ssh" + REF_VARIANT="${REF}-${VARIANT}" + REF_SHA_VARIANT="${REF}-${SHA}-${VARIANT}" + + # Pass variables to next step + echo "VARIANT_BUILD_DIR=$VARIANT_BUILD_DIR" >> $GITHUB_OUTPUT + echo "VARIANT=$VARIANT" >> $GITHUB_OUTPUT + echo "REF_VARIANT=$REF_VARIANT" >> $GITHUB_OUTPUT + echo "REF_SHA_VARIANT=$REF_SHA_VARIANT" >> $GITHUB_OUTPUT + + - name: 1.29.0-envsubst-git-jq-kustomize-sops-ssh - Build (PRs) + # Run only on pull requests + if: github.event_name == 'pull_request' + uses: docker/build-push-action@v3 + with: + context: variants/1.29.0-envsubst-git-jq-kustomize-sops-ssh + platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x + push: false + tags: | + ${{ github.repository }}:${{ steps.prep-1-29-0-envsubst-git-jq-kustomize-sops-ssh.outputs.REF_VARIANT }} + ${{ github.repository }}:${{ steps.prep-1-29-0-envsubst-git-jq-kustomize-sops-ssh.outputs.REF_SHA_VARIANT }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + + - name: 1.29.0-envsubst-git-jq-kustomize-sops-ssh - Build and push (master) + # Run only on master + if: github.ref == 'refs/heads/master' + uses: docker/build-push-action@v3 + with: + context: variants/1.29.0-envsubst-git-jq-kustomize-sops-ssh + platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x + push: true + tags: | + ${{ github.repository }}:${{ steps.prep-1-29-0-envsubst-git-jq-kustomize-sops-ssh.outputs.REF_VARIANT }} + ${{ github.repository }}:${{ steps.prep-1-29-0-envsubst-git-jq-kustomize-sops-ssh.outputs.REF_SHA_VARIANT }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + + - name: 1.29.0-envsubst-git-jq-kustomize-sops-ssh - Build and push (release) + if: startsWith(github.ref, 'refs/tags/') + uses: docker/build-push-action@v3 + with: + context: variants/1.29.0-envsubst-git-jq-kustomize-sops-ssh + platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x + push: true + tags: | + ${{ github.repository }}:${{ steps.prep-1-29-0-envsubst-git-jq-kustomize-sops-ssh.outputs.VARIANT }} + ${{ github.repository }}:${{ steps.prep-1-29-0-envsubst-git-jq-kustomize-sops-ssh.outputs.REF_VARIANT }} + ${{ github.repository }}:${{ steps.prep-1-29-0-envsubst-git-jq-kustomize-sops-ssh.outputs.REF_SHA_VARIANT }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + build-1-28-4: runs-on: ubuntu-latest steps: @@ -141,7 +328,6 @@ jobs: ${{ github.repository }}:${{ steps.prep-1-28-4.outputs.VARIANT }} ${{ github.repository }}:${{ steps.prep-1-28-4.outputs.REF_VARIANT }} ${{ github.repository }}:${{ steps.prep-1-28-4.outputs.REF_SHA_VARIANT }} - ${{ github.repository }}:latest cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max @@ -2826,6 +3012,7 @@ jobs: update-draft-release: needs: + - build-1-29-0 - build-1-28-4 - build-1-27-8 - build-1-26-11 @@ -2854,6 +3041,7 @@ jobs: publish-draft-release: needs: + - build-1-29-0 - build-1-28-4 - build-1-27-8 - build-1-26-11 @@ -2884,6 +3072,7 @@ jobs: update-dockerhub-description: needs: + - build-1-29-0 - build-1-28-4 - build-1-27-8 - build-1-26-11 diff --git a/README.md b/README.md index 3e36540..f876d7c 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,9 @@ Dockerized `kubectl` with useful tools. | Tag | Dockerfile Build Context | |:-------:|:---------:| -| `:1.28.4`, `:latest` | [View](variants/1.28.4) | +| `:1.29.0`, `:latest` | [View](variants/1.29.0) | +| `:1.29.0-envsubst-git-jq-kustomize-sops-ssh` | [View](variants/1.29.0-envsubst-git-jq-kustomize-sops-ssh) | +| `:1.28.4` | [View](variants/1.28.4) | | `:1.28.4-envsubst-git-jq-kustomize-sops-ssh` | [View](variants/1.28.4-envsubst-git-jq-kustomize-sops-ssh) | | `:1.27.8` | [View](variants/1.27.8) | | `:1.27.8-envsubst-git-jq-kustomize-sops-ssh` | [View](variants/1.27.8-envsubst-git-jq-kustomize-sops-ssh) | diff --git a/generate/definitions/versions.json b/generate/definitions/versions.json index bcb6628..10fe78b 100644 --- a/generate/definitions/versions.json +++ b/generate/definitions/versions.json @@ -1,6 +1,7 @@ { "kubectl": { "versions": [ + "1.29.0", "1.28.4", "1.27.8", "1.26.11", diff --git a/variants/1.29.0-envsubst-git-jq-kustomize-sops-ssh/Dockerfile b/variants/1.29.0-envsubst-git-jq-kustomize-sops-ssh/Dockerfile new file mode 100644 index 0000000..68b6151 --- /dev/null +++ b/variants/1.29.0-envsubst-git-jq-kustomize-sops-ssh/Dockerfile @@ -0,0 +1,57 @@ +FROM alpine:3.15 +ARG TARGETPLATFORM +ARG BUILDPLATFORM +RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" + +RUN apk add --no-cache ca-certificates + +# When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.29.0/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "^$SHA512 " \ + && kubectl version --client + +# From: https://github.com/nginxinc/docker-nginx/blob/1.17.0/stable/alpine/Dockerfile +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. +RUN apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ + +RUN apk add --no-cache git + +RUN apk add --no-cache jq + +RUN apk add --no-cache curl \ + && curl -L https://github.com/kubernetes-sigs/kustomize/releases/download/v2.0.3/kustomize_2.0.3_linux_amd64 -o /usr/local/bin/kustomize \ + && chmod +x /usr/local/bin/kustomize \ + && apk del curl + +RUN set -eux; \ + wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \ + chmod +x /usr/local/bin/sops; \ + sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \ + sops --version + +RUN apk add --no-cache gnupg + +RUN apk add --no-cache openssh-client + +COPY docker-entrypoint.sh /docker-entrypoint.sh +RUN chmod +x /docker-entrypoint.sh + +ENTRYPOINT [ "/docker-entrypoint.sh" ] diff --git a/variants/1.29.0-envsubst-git-jq-kustomize-sops-ssh/docker-entrypoint.sh b/variants/1.29.0-envsubst-git-jq-kustomize-sops-ssh/docker-entrypoint.sh new file mode 100644 index 0000000..2cbc6d4 --- /dev/null +++ b/variants/1.29.0-envsubst-git-jq-kustomize-sops-ssh/docker-entrypoint.sh @@ -0,0 +1,10 @@ +#!/bin/sh +set -eu + +if [ $# -gt 0 ] && [ "${1#-}" != "$1" ]; then + set -- kubectl "$@" +elif [ $# -gt 0 ] && kubectl "$1" --help > /dev/null 2>&1; then + set -- kubectl "$@" +fi + +exec "$@" \ No newline at end of file diff --git a/variants/1.29.0/Dockerfile b/variants/1.29.0/Dockerfile new file mode 100644 index 0000000..d46429b --- /dev/null +++ b/variants/1.29.0/Dockerfile @@ -0,0 +1,19 @@ +FROM alpine:3.15 +ARG TARGETPLATFORM +ARG BUILDPLATFORM +RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" + +RUN apk add --no-cache ca-certificates + +# When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.29.0/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "^$SHA512 " \ + && kubectl version --client + +COPY docker-entrypoint.sh /docker-entrypoint.sh +RUN chmod +x /docker-entrypoint.sh + +ENTRYPOINT [ "/docker-entrypoint.sh" ] diff --git a/variants/1.29.0/docker-entrypoint.sh b/variants/1.29.0/docker-entrypoint.sh new file mode 100644 index 0000000..2cbc6d4 --- /dev/null +++ b/variants/1.29.0/docker-entrypoint.sh @@ -0,0 +1,10 @@ +#!/bin/sh +set -eu + +if [ $# -gt 0 ] && [ "${1#-}" != "$1" ]; then + set -- kubectl "$@" +elif [ $# -gt 0 ] && kubectl "$1" --help > /dev/null 2>&1; then + set -- kubectl "$@" +fi + +exec "$@" \ No newline at end of file