forked from spiffe/spire
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Source binaries for linux artifacts from docker images
This gives us static binaries linked against musl for our release artifacts, unifying our libc dependency for both docker and non-docker and simplifying our build tooling. Since artifact building is now fairly complicated and really only part of the CI/CD pipeline, got rid of the Makefile target for it. Fixes: spiffe#4346 Signed-off-by: Andrew Harding <[email protected]>
- Loading branch information
Showing
7 changed files
with
190 additions
and
142 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
#!/bin/bash | ||
|
||
set -e | ||
|
||
REPODIR=$(git rev-parse --show-toplevel) | ||
|
||
TAG=${TAG:-$(git log -n1 --pretty=%h)} | ||
OUTDIR=${OUTDIR:-"${REPODIR}/artifacts"} | ||
|
||
TARCMD=tar | ||
if [[ $(uname -s) == "Darwin" ]]; then | ||
# When building linux artifacts from darwin, gtar is required. | ||
TARCMD="gtar" | ||
fi | ||
|
||
TAROPTS=("--owner=root" "--group=root") | ||
|
||
TMPDIR=$(mktemp -d) | ||
cleanup() { | ||
rm -rf "${TMPDIR}" | ||
} | ||
trap cleanup EXIT | ||
|
||
|
||
copy_binary_from_multiarch_tar() { | ||
local arch=$1 | ||
local binary=$2 | ||
local destdir=$3 | ||
|
||
local srcpath="/opt/spire/bin/${binary}" | ||
local destpath="${destdir}/${binary}" | ||
local ocidir="ocidir://${TMPDIR}/${arch}/oci/${binary}" | ||
local imagetar="${REPODIR}/${binary}-image.tar" | ||
local platform="linux/${arch}" | ||
|
||
echo "Importing multiarch image ${imagetar}..." | ||
regctl image import "${ocidir}" "${imagetar}" | ||
|
||
echo "Copying ${srcpath} for platform ${platform}..." | ||
regctl image get-file "${ocidir}" "${srcpath}" "${destpath}" -p "${platform}" | ||
|
||
# file does not retain permission bits, so fix up the executable bit. | ||
chmod +x "${destpath}" | ||
} | ||
|
||
build_artifact() { | ||
ARCH="$1" | ||
|
||
ARTIFACT="${OUTDIR}/spire-${TAG}-linux-${ARCH}-musl.tar.gz" | ||
CHECKSUM="${OUTDIR}/spire-${TAG}-linux-${ARCH}-musl_sha256sum.txt" | ||
|
||
EXTRAS_ARTIFACT="${OUTDIR}/spire-extras-${TAG}-linux-${ARCH}-musl.tar.gz" | ||
EXTRAS_CHECKSUM="${OUTDIR}/spire-extras-${TAG}-linux-${ARCH}-musl_sha256sum.txt" | ||
|
||
TARDIR="${TMPDIR}/${ARCH}/tar" | ||
mkdir -p "${TARDIR}" | ||
|
||
STAGING="${TARDIR}"/spire/spire-${TAG} | ||
EXTRAS_STAGING="${TARDIR}"/spire-extras/spire-extras-${TAG} | ||
mkdir -p "${STAGING}" "${EXTRAS_STAGING}" | ||
|
||
echo "Creating \"${ARTIFACT}\" and \"${EXTRAS_ARTIFACT}\"" | ||
|
||
# Copy in the contents under release/ | ||
cp -r "${REPODIR}"/release/posix/spire/* "${STAGING}" | ||
cp -r "${REPODIR}"/release/posix/spire-extras/* "${EXTRAS_STAGING}" | ||
|
||
# Copy in the LICENSE | ||
cp "${REPODIR}"/LICENSE "${STAGING}" | ||
cp "${REPODIR}"/LICENSE "${EXTRAS_STAGING}" | ||
|
||
# Copy in the SPIRE binaries from the docker images: | ||
# 1. import the image from the multiarch tarball into the OCI directory | ||
mkdir -p "${STAGING}"/bin "${EXTRAS_STAGING}"/bin | ||
copy_binary_from_multiarch_tar "$ARCH" "spire-server" "${STAGING}/bin" | ||
copy_binary_from_multiarch_tar "$ARCH" "spire-agent" "${STAGING}/bin" | ||
copy_binary_from_multiarch_tar "$ARCH" "oidc-discovery-provider" "${EXTRAS_STAGING}/bin" | ||
|
||
mkdir -p "${OUTDIR}" | ||
|
||
# Create the tarballs and checksums | ||
(cd "${TARDIR}/spire"; ${TARCMD} -cvzf "${ARTIFACT}" "${TAROPTS[@]}" -- *) | ||
(cd "${TARDIR}/spire-extras"; ${TARCMD} -cvzf "${EXTRAS_ARTIFACT}" "${TAROPTS[@]}" -- *) | ||
|
||
(cd "$(dirname "${ARTIFACT}")"; shasum -a 256 "$(basename "${ARTIFACT}")" > "${CHECKSUM}" ) | ||
(cd "$(dirname "${EXTRAS_ARTIFACT}")"; shasum -a 256 "$(basename "${EXTRAS_ARTIFACT}")" > "${EXTRAS_CHECKSUM}" ) | ||
} | ||
|
||
command -v regctl >/dev/null 2>&1 || { echo -e "The regctl cli is required to run this script." >&2 ; exit 1; } | ||
command -v "${TARCMD}" >/dev/null 2>&1 || { echo -e "The ${TARCMD} command is required to run this script." >&2 ; exit 1; } | ||
|
||
build_artifact amd64 | ||
build_artifact arm64 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
#!/bin/bash | ||
|
||
set -e | ||
|
||
REPODIR=$(git rev-parse --show-toplevel) | ||
BINDIR="${REPODIR}/bin" | ||
|
||
TAG=${TAG:-$(git log -n1 --pretty=%h)} | ||
OUTDIR=${OUTDIR:-"${REPODIR}/artifacts"} | ||
|
||
ARCH=amd64 | ||
|
||
ARTIFACT="${OUTDIR}/spire-${TAG}-windows-${ARCH}.zip" | ||
CHECKSUM="${OUTDIR}/spire-${TAG}-windows-${ARCH}_sha256sum.txt" | ||
|
||
EXTRAS_ARTIFACT="${OUTDIR}/spire-extras-${TAG}-windows-${ARCH}.zip" | ||
EXTRAS_CHECKSUM="${OUTDIR}/spire-extras-${TAG}-windows-${ARCH}_sha256sum.txt" | ||
|
||
TMPDIR=$(mktemp -d) | ||
cleanup() { | ||
rm -rf "${TMPDIR}" | ||
} | ||
trap cleanup EXIT | ||
|
||
STAGING="${TMPDIR}"/spire/spire-${TAG} | ||
EXTRAS_STAGING="${TMPDIR}"/spire-extras/spire-extras-${TAG} | ||
mkdir -p "${STAGING}" "${EXTRAS_STAGING}" | ||
|
||
echo "Creating \"${ARTIFACT}\" and \"${EXTRAS_ARTIFACT}\"" | ||
|
||
# Copy in the contents under release/ | ||
cp -r "${REPODIR}"/release/windows/spire/* "${STAGING}" | ||
cp -r "${REPODIR}"/release/windows/spire-extras/* "${EXTRAS_STAGING}" | ||
|
||
# Copy in the LICENSE | ||
cp "${REPODIR}"/LICENSE "${STAGING}" | ||
cp "${REPODIR}"/LICENSE "${EXTRAS_STAGING}" | ||
|
||
# Copy in the SPIRE binaries | ||
mkdir -p "${STAGING}"/bin "${EXTRAS_STAGING}"/bin | ||
cp "${BINDIR}"/spire-server.exe "${STAGING}"/bin | ||
cp "${BINDIR}"/spire-agent.exe "${STAGING}"/bin | ||
cp "${BINDIR}"/oidc-discovery-provider.exe "${EXTRAS_STAGING}"/bin | ||
|
||
mkdir -p "${OUTDIR}" | ||
|
||
(cd "${TMPDIR}/spire"; zip -rv "${ARTIFACT}" -- *) | ||
(cd "${TMPDIR}/spire-extras"; zip -rv "${EXTRAS_ARTIFACT}" -- *) | ||
|
||
(cd "$(dirname "${ARTIFACT}")"; CertUtil -hashfile "$(basename "${ARTIFACT}")" SHA256 > "${CHECKSUM}") | ||
(cd "$(dirname "${EXTRAS_ARTIFACT}")"; CertUtil -hashfile "$(basename "${EXTRAS_ARTIFACT}")" SHA256 > "${EXTRAS_CHECKSUM}") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.