From a36e1552c427e42a2555f85830f1ebeba13c3a44 Mon Sep 17 00:00:00 2001 From: Moshe Vayner Date: Thu, 2 Jul 2026 15:17:18 -0400 Subject: [PATCH] [ci] replace Docker with ko for image build and push Signed-off-by: Moshe Vayner --- .github/workflows/build-test.yml | 42 +++++++++++++++++--------------- .github/workflows/ci.yml | 4 ++- .github/workflows/release.yml | 26 +++++++++----------- .ko.yaml | 5 ++++ Dockerfile | 19 --------------- Makefile | 27 ++++++++++---------- docs/development/README.md | 25 +++++++++---------- mise.toml | 18 ++++++-------- 8 files changed, 73 insertions(+), 93 deletions(-) create mode 100644 .ko.yaml delete mode 100644 Dockerfile diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index f69f9aed..ce97f4a8 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -67,7 +67,6 @@ jobs: dl.k8s.io:443 get.helm.sh:443 githubapp.com:443 - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -95,7 +94,7 @@ jobs: - name: Build run: mise run build - docker-build: + ko-build: runs-on: ubuntu-latest steps: - name: Harden Runner @@ -106,36 +105,39 @@ jobs: allowed-endpoints: > api.github.com:443 auth.docker.io:443 - dl-cdn.alpinelinux.org:443 dl.google.com:443 github.com:443 production.cloudflare.docker.com:443 + golang.org:443 proxy.golang.org:443 registry-1.docker.io:443 + sum.golang.org:443 storage.googleapis.com:443 production.cloudfront.docker.com:443 sentry.io:443 + cli.codecov.io:443 + api.codecov.io:443 + ingest.codecov.io:443 + get.helm.sh:443 + golangci-lint.run:443 + tuf-repo-cdn.sigstore.dev:443 dl.k8s.io:443 get.helm.sh:443 githubapp.com:443 + cgr.dev:443 + mise.jdx.dev:443 + mise-versions.jdx.dev:443 + *.githubusercontent.com:443 + *.githubapp.com:443 + gcr.io:443 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - - name: Docker Meta - id: meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 - with: - images: | - linode/linode-cloud-controller-manager - tags: | - type=raw,value=pr-${{ github.event.pull_request.number }},enable=${{ github.event_name == 'pull_request' }} - type=raw,value=latest,enable=${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} - - name: Build Dockerfile - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + + - name: Set up Mise + uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4.2.0 with: - context: . - push: false - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - build-args: | - REV=${{ github.ref_name }} + install_args: go ko + + - name: Validate ko image build + run: mise run ko-build diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b34b201b..88a1a404 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -96,7 +96,9 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.github_token }} LINODE_TOKEN: ${{ secrets.LINODE_TOKEN }} - IMG: linode/linode-cloud-controller-manager:${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && 'latest' || format('pr-{0}', github.event.pull_request.number) || github.ref_name }} + KO_DOCKER_REPO: docker.io/linode/linode-cloud-controller-manager + IMAGE_TAGS: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && 'latest' || format('pr-{0}', github.event.pull_request.number) || github.ref_name }} + IMG: docker.io/linode/linode-cloud-controller-manager:${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && 'latest' || format('pr-{0}', github.event.pull_request.number) || github.ref_name }} LINODE_REGION: us-lax LINODE_CONTROL_PLANE_MACHINE_TYPE: g6-standard-2 LINODE_MACHINE_TYPE: g6-standard-2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 938cf2e4..95830cad 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,24 +29,20 @@ jobs: with: files: | ./release/helm-chart-${{ github.ref_name }}.tgz - - name: Docker Meta - id: meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + + - name: Set up Mise + uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4.2.0 with: - images: | - linode/linode-cloud-controller-manager - tags: | - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} - type=semver,pattern={{raw}},value=${{ github.ref_name }} + install_args: go ko + - name: Login to Docker Hub uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Build and Push to Docker Hub - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + + - name: Build and Push to Docker Hub with ko + run: mise run ko-publish + env: + KO_DOCKER_REPO: docker.io/linode/linode-cloud-controller-manager + IMAGE_TAGS: ${{ github.ref_name }} diff --git a/.ko.yaml b/.ko.yaml new file mode 100644 index 00000000..ab0eade0 --- /dev/null +++ b/.ko.yaml @@ -0,0 +1,5 @@ +defaultBaseImage: gcr.io/distroless/static:nonroot +defaultPlatforms: + - linux/arm64 + - linux/amd64 + diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 0a1ce064..00000000 --- a/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM golang:1.26-alpine AS builder -RUN mkdir -p /linode -WORKDIR /linode - -COPY go.mod . -COPY go.sum . -COPY main.go . -COPY cloud ./cloud -COPY sentry ./sentry - -RUN go mod download -RUN go build -a -ldflags '-extldflags "-static"' -o /bin/linode-cloud-controller-manager-linux /linode - -FROM alpine:3.24.0 -RUN apk add --update --no-cache ca-certificates -LABEL maintainers="Linode" -LABEL description="Linode Cloud Controller Manager" -COPY --from=builder /bin/linode-cloud-controller-manager-linux /linode-cloud-controller-manager-linux -ENTRYPOINT ["/linode-cloud-controller-manager-linux"] diff --git a/Makefile b/Makefile index 9c817e40..c139d0cc 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,6 @@ -IMG ?= linode/linode-cloud-controller-manager:canary +KO_DOCKER_REPO ?= docker.io/linode/linode-cloud-controller-manager +IMAGE_TAGS ?= canary +IMG ?= $(KO_DOCKER_REPO):canary RELEASE_DIR ?= release PLATFORM ?= linux/amd64 @@ -95,23 +97,20 @@ release: tar -czvf ./$(RELEASE_DIR)/helm-chart-$(IMAGE_VERSION).tgz -C ./deploy/chart . .PHONY: imgname -# print the Docker image name that will be used +# print the container image name that will be used # useful for subsequently defining it on the shell imgname: echo IMG=${IMG} -.PHONY: docker-build -# we cross compile the binary for linux, then build a container -docker-build: build-linux - DOCKER_BUILDKIT=1 docker build --platform=$(PLATFORM) --tag ${IMG} . +.PHONY: ko-build +# build the container image locally without pushing it to a registry +ko-build: + CGO_ENABLED=0 ko build --local --bare --tags "$(IMAGE_TAGS)" --platform=$(PLATFORM) . -.PHONY: docker-push -# must run the docker build before pushing the image -docker-push: - docker push ${IMG} - -.PHONY: build-and-push -build-and-push: docker-build docker-push +.PHONY: ko-publish +# build the container image and publish it to the registry named by IMG +ko-publish: + CGO_ENABLED=0 KO_DOCKER_REPO="$(KO_DOCKER_REPO)" ko build --bare --tags "$(IMAGE_TAGS)" --platform=$(PLATFORM) . .PHONY: run # run the ccm locally, really only makes sense on linux anyway @@ -135,7 +134,7 @@ run-debug: build ##################################################################### .PHONY: mgmt-and-capl-cluster -mgmt-and-capl-cluster: build-and-push mgmt-cluster +mgmt-and-capl-cluster: ko-publish mgmt-cluster $(MAKE) -j2 capl-ipv6-cluster capl-cluster .PHONY: capl-cluster diff --git a/docs/development/README.md b/docs/development/README.md index fb0e3227..73814c92 100644 --- a/docs/development/README.md +++ b/docs/development/README.md @@ -53,38 +53,37 @@ cd $(go env GOPATH)/src/github.com/linode/linode-cloud-controller-manager #### Build Binary -Use the following Make targets to build and run a local binary: +Use the following mise tasks to build and run a local binary: ```bash # Build the binary -make build +mise run build # Run the binary -make run +mise run run # You can also run the binary directly to pass additional args dist/linode-cloud-controller-manager ``` -#### Building Docker Images +#### Building Container Images -These targets still rely on a system Docker installation in this first migration phase. +The local image build task loads the built image into your local Docker-compatible daemon. -To build and push a Docker image: +To build and push an image with ko: ```bash -# Set the repo/image:tag with the TAG environment variable -# Then run the docker-build make target -IMG=linode/linode-cloud-controller-manager:canary make docker-build +# Build locally into your Docker-compatible daemon +IMAGE_TAGS=canary mise run ko-build -# Push Image -IMG=linode/linode-cloud-controller-manager:canary make docker-push +# Publish Image +KO_DOCKER_REPO=docker.io/linode/linode-cloud-controller-manager IMAGE_TAGS=canary mise run ko-publish ``` -To run the Docker image: +To run the locally built image after `ko-build`: ```bash -docker run -ti linode/linode-cloud-controller-manager:canary +docker run -ti ko.local/github.com/linode/linode-cloud-controller-manager:canary ``` ### Managing Dependencies diff --git a/mise.toml b/mise.toml index dead09dc..6d12e006 100644 --- a/mise.toml +++ b/mise.toml @@ -14,6 +14,7 @@ kustomize = "5.8.1" kind = "0.31.0" ctlptl = "0.9.0" clusterctl = "1.8.5" +ko = "0.19.1" "go:github.com/kyverno/chainsaw" = "0.2.15" "go:github.com/golang/mock/mockgen" = "1.6.0" yq = "4.52.2" @@ -32,13 +33,13 @@ run = "make clean" description = "Generate code" run = "make codegen" -[tasks.docker-build] -description = "Build the Docker image with the current Make target" -run = "make docker-build" +[tasks.ko-build] +description = "Build the container image locally with ko" +run = "make ko-build" -[tasks.docker-push] -description = "Push the Docker image built by the current Make target" -run = "make docker-push" +[tasks.ko-publish] +description = "Build and publish the container image with ko" +run = "make ko-publish" [tasks.fmt] description = "Run go fmt" @@ -120,8 +121,3 @@ run = "make run-debug" [tasks.test] description = "Run unit tests" run = "make test" - - - - -