From 05fffb7e25dd417d92a1126cd74a6d3e165e33be Mon Sep 17 00:00:00 2001 From: Sebastiaan Koppe Date: Thu, 14 Sep 2023 21:13:46 +0200 Subject: [PATCH] Build and release a 'rootful' plugin See the top section in the readme for an explanation --- .github/machinesetup.sh | 32 ------- .github/workflows/build.yml | 111 ++++++----------------- .github/workflows/nightly-release.yml | 123 -------------------------- .github/workflows/tests.yml | 38 -------- Dockerfile | 6 ++ README.md | 13 +++ driver.go | 2 +- 7 files changed, 48 insertions(+), 277 deletions(-) delete mode 100755 .github/machinesetup.sh delete mode 100644 .github/workflows/nightly-release.yml delete mode 100644 .github/workflows/tests.yml create mode 100644 Dockerfile diff --git a/.github/machinesetup.sh b/.github/machinesetup.sh deleted file mode 100755 index 10e288e9..00000000 --- a/.github/machinesetup.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/env bash - -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -set -euo pipefail - -echo "====== Install tools from apt" -apt-get update -apt-get install -y ca-certificates podman curl build-essential - -echo "====== Install catatonit" -curl -v -L -o /usr/local/bin/catatonit https://github.com/openSUSE/catatonit/releases/download/v0.1.7/catatonit.x86_64 -chmod +x /usr/local/bin/catatonit - -echo "====== Podman info" -podman version -podman info - -echo "====== Setup archives" -podman pull alpine:3 -podman save --format docker-archive --output /tmp/docker-archive alpine:3 -podman save --format oci-archive --output /tmp/oci-archive alpine:3 -podman image rm alpine:3 - -echo "===== Configure registries" -cat < /etc/containers/registries.conf -unqualified-search-registries = ["docker.io", "quay.io"] -[[registry]] -location = "localhost:5000" -insecure = true -EOF diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0c83f19d..5a2c4b77 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,90 +1,35 @@ -name: build +name: ci -on: - push: - workflow_dispatch: - workflow_call: - -env: - PKG_NAME: "nomad-driver-podman" +on: push jobs: - get-go-version: - name: "Determine Go toolchain version" - runs-on: ubuntu-20.04 - outputs: - go-version: ${{ steps.get-go-version.outputs.go-version }} - steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - name: Determine Go version - id: get-go-version - run: | - echo "Building with Go $(cat .go-version)" - echo "::set-output name=go-version::$(cat .go-version)" - - get-product-version: - runs-on: ubuntu-20.04 - outputs: - product-version: ${{ steps.get-product-version.outputs.product-version }} - steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - name: get product version - id: get-product-version - run: | - make version - echo "::set-output name=product-version::$(make version)" - - generate-metadata-file: - needs: get-product-version - runs-on: ubuntu-20.04 - outputs: - filepath: ${{ steps.generate-metadata-file.outputs.filepath }} - steps: - - name: "Checkout directory" - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - name: Generate metadata file - id: generate-metadata-file - uses: hashicorp/actions-generate-metadata@v1 - with: - version: ${{ needs.get-product-version.outputs.product-version }} - product: ${{ env.PKG_NAME }} - repositoryOwner: "hashicorp" - - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 - if: ${{ !env.ACT }} - with: - name: metadata.json - path: ${{ steps.generate-metadata-file.outputs.filepath }} - - build-linux: - needs: - - get-go-version - - get-product-version - runs-on: ubuntu-20.04 - strategy: - matrix: - goos: ["linux"] - goarch: ["amd64", "arm64", "arm"] - fail-fast: true - - name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build - + docker: + runs-on: ubuntu-latest steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - name: Setup go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + - + name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - + name: Build and push + uses: docker/build-push-action@v3 with: - go-version: ${{ needs.get-go-version.outputs.go-version }} - - name: Build - env: - GOOS: ${{ matrix.goos }} - GOARCH: ${{ matrix.goarch }} + load: true + push: false + tags: nomad-driver-podman/build:latest + - + name: build run: | - make pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip - mv \ - pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip \ - ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip - - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 - if: ${{ !env.ACT }} + docker cp $(docker create --name tc nomad-driver-podman/build:latest):/app/pkg/linux_amd64/nomad-driver-podman ./nomad-driver-podman-rootful && docker rm tc + tar -czf nomad-driver-podman-rootful.tar.gz -C nomad-driver-podman-rootful + sha256sum nomad-driver-podman-rootful.tar.gz | awk '{ print $1 }' > nomad-driver-podman-rootful.tar.gz.sha256 + - + name: Release + uses: softprops/action-gh-release@v1 + if: startsWith(github.ref, 'refs/tags/') with: - name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip - path: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip + files: | + nomad-driver-podman-rootful.tar.gz + nomad-driver-podman-rootful.tar.gz.sha256 diff --git a/.github/workflows/nightly-release.yml b/.github/workflows/nightly-release.yml deleted file mode 100644 index 6924e465..00000000 --- a/.github/workflows/nightly-release.yml +++ /dev/null @@ -1,123 +0,0 @@ -# This GitHub action triggers a fresh set of nomad-driver-podman plugin -# builds and publishes them to GitHub Releases under the `nightly` tag. -# Note that artifacts available via GitHub Releases are not codesigned or -# notarized. -# Failures are reported to slack. -name: Nightly Release - -on: - schedule: - # Runs against the default branch every day overnight - - cron: "18 3 * * *" - workflow_dispatch: - -jobs: - # Build a fresh set of artifacts - build-artifacts: - uses: ./.github/workflows/build.yml - github-release: - needs: build-artifacts - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - name: Download built artifacts - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 - with: - path: out/ - # Set BUILD_OUTPUT_LIST to out\-.\*,out\... - # This is needed to attach the build artifacts to the GitHub Release - - name: Set BUILD_OUTPUT_LIST - run: | - echo "$(ls -xm1 out/)" > tmp.txt - cat tmp.txt | sed 's:.*:out/&/*:' > tmp2.txt - echo "BUILD_OUTPUT_LIST=$(cat tmp2.txt | tr '\n' ',' | perl -ple 'chop')" >> $GITHUB_ENV - rm -rf tmp.txt && rm -rf tmp2.txt - - name: Advance nightly tag - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - try { - await github.rest.git.deleteRef({ - owner: context.repo.owner, - repo: context.repo.repo, - ref: "tags/nightly" - }) - } catch (e) { - console.log("Warning: The nightly tag doesn't exist yet, so there's nothing to do. Trace: " + e) - } - await github.rest.git.createRef({ - owner: context.repo.owner, - repo: context.repo.repo, - ref: "refs/tags/nightly", - sha: context.sha - }) - # This will create a new GitHub Release called `nightly` - # If a release with this name already exists, it will overwrite the existing data - - name: Create a nightly GitHub prerelease - id: create_prerelease - uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0 - with: - name: nightly - artifacts: "${{ env.BUILD_OUTPUT_LIST }}" - tag: nightly - bodyFile: ".github/workflows/nightly-release-readme.md" - prerelease: true - allowUpdates: true - removeArtifacts: true - draft: false - token: ${{ secrets.GITHUB_TOKEN }} - - name: Publish nightly GitHub prerelease - uses: eregon/publish-release@46913fa2b3f7edc7345ae3c17f6d1b093a54916d # v1.0.5 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - release_id: ${{ steps.create_prerelease.outputs.id }} - # Send a slack notification if either job defined above fails - slack-notify: - needs: - - build-artifacts - - github-release - if: always() && (needs.build-artifacts.result == 'failure' || needs.github-release.result == 'failure') - runs-on: ubuntu-22.04 - steps: - - name: Send slack notification on failure - uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 - with: - payload: | - { - "text": ":x::moon::nomad-sob: nomad-driver-podman Nightly Release *FAILED*", - "attachments": [ - { - "color": "#C41E3A", - "blocks": [ - { - "type": "section", - "fields": [ - { - "type": "mrkdwn", - "text": "*Branch:*\n`${{ github.ref_name }}`" - }, - { - "type": "mrkdwn", - "text": "*Ref:*\n${{ github.sha }}" - } - ] - }, - { - "type": "section", - "fields": [ - { - "type": "mrkdwn", - "text": "*Workflow:*\n${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - ] - } - ] - } - ] - } - env: - # the slack webhook url links to #feed-nomad-releases - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml deleted file mode 100644 index 0f4d4fb0..00000000 --- a/.github/workflows/tests.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Run CI Tests - -on: - pull_request: - paths-ignore: - - 'build/**' - - 'examples/**' - - 'scripts/**' - - 'CHANGELOG.md' - - 'README.md' - - 'Vagrantfile' - push: - branches: - - main - paths-ignore: - - 'build/**' - - 'examples/**' - - 'scripts/**' - - 'CHANGELOG.md' - - 'README.md' - - 'Vagrantfile' - -jobs: - run-tests: - runs-on: ubuntu-22.04 - timeout-minutes: 15 - steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - uses: hashicorp/setup-golang@v1 - - name: Machine Setup - run: sudo .github/machinesetup.sh - - name: Make Setup - run: | - make deps - make check - make dev - - name: Make test - run: sudo -E env "PATH=$PATH" make test-ci diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..50c92bed --- /dev/null +++ b/Dockerfile @@ -0,0 +1,6 @@ +FROM docker.io/golang + +COPY . /app +WORKDIR /app + +RUN make pkg/linux_amd64/nomad-driver-podman diff --git a/README.md b/README.md index 337cd367..a839bcf0 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,16 @@ +Fork +==== + +Unfortunately the `nomad-podman-driver` can only run either rootful or rootless. +We have actual needs to run some workloads rootfull, but want to run most of them rootless. + +The workaround employed here is to fork the `nomad-podman-driver` and change the `pluginName` so that we +can register 2 podman plugins to Nomad, one configured to be rootful and the other to be rootless. + +This happens on the `rootful` branch (this branch), where we also deploy from. + +Normal readme follows: + Nomad podman Driver ================== diff --git a/driver.go b/driver.go index 4ee5d350..42bc4032 100644 --- a/driver.go +++ b/driver.go @@ -41,7 +41,7 @@ import ( const ( // pluginName is the name of the plugin - pluginName = "podman" + pluginName = "podman-rootful" // fingerprintPeriod is the interval at which the driver will send fingerprint responses fingerprintPeriod = 30 * time.Second