build: Use ko for building OCI image

Author: jimmidyson

.github/workflows/checks.yml

@@ -151,18 +151,6 @@ jobs:
           fail_on_error: true
           reporter: github-pr-review
 
-  lint-dockerfile:
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-
-      - name: actionlint
-        uses: reviewdog/action-hadolint@v1
-        with:
-          fail_on_error: true
-          reporter: github-pr-review
-
   pre-commit:
     runs-on: ubuntu-22.04
     defaults:
@@ -254,7 +242,7 @@ jobs:
           devbox run -- \
             kind load docker-image \
               --name chart-testing \
-              "$(devbox run -- gojq -r '.[] | select(.type == "Docker Image" and .goos == "linux" and .goarch == "amd64").name' dist/artifacts.json)"
+              "ko.local/capi-runtime-extensions:$(devbox run -- gojq -r .version dist/metadata.json)"
 
       - if: steps.list-changed.outputs.changed == 'true'
         name: Setup Cluster API and cert-manager
@@ -270,7 +258,7 @@ jobs:
           devbox run -- \
             ct install \
               --config charts/ct-config.yaml \
-              --helm-extra-set-args "--set=image.tag=$(devbox run -- jq -r .version dist/metadata.json)"
+              --helm-extra-set-args "--set-string image.repository=ko.local/capi-runtime-extensions --set-string image.tag=$(devbox run -- gojq -r .version dist/metadata.json)"
         env:
           KUBECONFIG: ct-kind-kubeconfig
 

.goreleaser.yml

@@ -49,58 +49,47 @@ builds:
       - arm64
     mod_timestamp: '{{ .CommitTimestamp }}'
     hooks:
-      post:
-        - cmd: make SKIP_UPX={{ if index .Env "SKIP_UPX" }}{{ .Env.SKIP_UPX }}{{ else }}{{ .IsSnapshot }}{{ end }} GOOS={{ .Os }} GOARCH={{ .Arch }} UPX_TARGET={{ .Path }} upx
+      post: |
+        sh -ec 'if [ {{ .IsSnapshot }} == true ] && [ {{ .Runtime.Goarch }} == {{ .Arch }} ]; then
+          env GOOS=linux GOARCH={{ .Arch }} \
+              SOURCE_DATE_EPOCH=$(date +%s) \
+              KO_DOCKER_REPO=ko.local/capi-runtime-extensions \
+              ko build \
+                --bare \
+                -t {{ .Version }} \
+                ./cmd
+        fi'
 archives:
   - name_template: '{{ .ProjectName }}_v{{trimprefix .Version "v"}}_{{ .Os }}_{{ .Arch }}'
     rlcp: true
     builds:
       - capi-runtime-extensions
-dockers:
-  - image_templates:
-      # Specify the image tag including `-amd64` suffix if the build is not a snapshot build or is not being built on
-      # arm64 machine. This allows for using the snapshot image build without the architecture specific suffix
-      # consistently on local machines, i.e. can always use `ghcr.io/d2iq-labs/capi-runtime-extensions:v<VERSION>` on the machine the snapshot
-      # is built on.
-      #
-      # For a release build the `-amd64` suffix will always be included and the `docker_manifests` specification below
-      # will create the final multiplatform manifest to be pushed to the registry.
-      - ghcr.io/d2iq-labs/{{.ProjectName}}:v{{trimprefix .Version "v"}}{{ if or (not .IsSnapshot) (not (eq .Runtime.Goarch "amd64")) }}-amd64{{ end }}
-    use: buildx
-    dockerfile: Dockerfile
-    build_flag_templates:
-      - "--platform=linux/amd64"
-      - "--pull"
-      - "--label=org.opencontainers.image.created={{.Date}}"
-      - "--label=org.opencontainers.image.title={{.ProjectName}}"
-      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=org.opencontainers.image.source={{.GitURL}}"
-  - image_templates:
-      # Specify the image tag including `-amd64v8` suffix if the build is not a snapshot build or is not being built on
-      # arm64 machine. This allows for using the snapshot image build without the architecture specific suffix
-      # consistently on local machines, i.e. can always use `ghcr.io/d2iq-labs/capi-runtime-extensions:v<VERSION>` on the machine the snapshot
-      # is built on.
-      #
-      # For a release build the `-amd64v8` suffix will always be included and the `docker_manifests` specification below
-      # will create the final multiplatform manifest to be pushed to the registry.
-    - ghcr.io/d2iq-labs/{{.ProjectName}}:v{{trimprefix .Version "v"}}{{ if or (not .IsSnapshot) (not (eq .Runtime.Goarch "arm64")) }}-arm64v8{{ end }}
-    use: buildx
-    goarch: arm64
-    dockerfile: Dockerfile
-    build_flag_templates:
-      - "--platform=linux/arm64"
-      - "--pull"
-      - "--label=org.opencontainers.image.created={{.Date}}"
-      - "--label=org.opencontainers.image.title={{.ProjectName}}"
-      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=org.opencontainers.image.source={{.GitURL}}"
-docker_manifests:
-  - name_template: ghcr.io/d2iq-labs/{{.ProjectName}}:v{{trimprefix .Version "v"}}
-    image_templates:
-    - ghcr.io/d2iq-labs/{{.ProjectName}}:v{{trimprefix .Version "v"}}-amd64
-    - ghcr.io/d2iq-labs/{{.ProjectName}}:v{{trimprefix .Version "v"}}-arm64v8
+kos:
+  - id: capi-runtime-extensions
+    build: capi-runtime-extensions
+    ldflags:
+      - -s
+      - -w
+      - -X 'k8s.io/component-base/version.buildDate={{ .CommitDate }}'
+      - -X 'k8s.io/component-base/version.gitCommit={{ .FullCommit }}'
+      - -X 'k8s.io/component-base/version.gitTreeState={{ .Env.GIT_TREE_STATE }}'
+      - -X 'k8s.io/component-base/version.gitVersion=v{{ trimprefix .Version "v" }}'
+      - -X 'k8s.io/component-base/version.major={{ .Major }}'
+      - -X 'k8s.io/component-base/version.minor={{ .Minor }}'
+      - -X 'k8s.io/component-base/version/verflag.programName={{ .ProjectName }}'
+    labels:
+      org.opencontainers.image.created: "{{ .CommitDate }}"
+      org.opencontainers.image.title: capi-runtime-extensions
+      org.opencontainers.image.revision: "{{ .FullCommit }}"
+      org.opencontainers.image.version: v{{trimprefix .Version "v"}}
+      org.opencontainers.image.source: "{{ .GitURL }}"
+    platforms:
+      - linux/amd64
+      - linux/arm64
+    repository: '{{ envOrDefault "KO_DOCKER_REPO" "ghcr.io/d2iq-labs/capi-runtime-extensions" }}'
+    bare: true
+    tags:
+      - v{{trimprefix .Version "v"}}
 checksum:
   name_template: 'checksums.txt'
 snapshot:

.pre-commit-config.yaml

@@ -73,10 +73,6 @@ repos:
   hooks:
   - id: actionlint-system
     stages: [commit]
-- repo: https://github.com/hadolint/hadolint
-  rev: v2.12.1-beta
-  hooks:
-  - id: hadolint
 - repo: https://github.com/jorisroovers/gitlint
   rev: v0.19.1
   hooks:

Dockerfile

@@ -1,7 +1,7 @@
 {
   "packages": [
     "actionlint@latest",
-    "chart-testing@3.8.0",
+    "chart-testing@latest",
     "clusterctl@latest",
     "coreutils@latest",
     "crane@latest",
@@ -17,10 +17,10 @@
     "golines@latest",
     "goreleaser@latest",
     "gotestsum@latest",
-    "hadolint@latest",
     "helm-docs@latest",
-    "hugo@0.117.0",
+    "hugo@latest",
     "kind@latest",
+    "ko@latest",
     "kubebuilder@latest",
     "kubectl@latest",
     "kubernetes-controller-tools@latest",
@@ -29,7 +29,6 @@
     "pre-commit@latest",
     "rsync@latest",
     "shfmt@latest",
-    "upx@latest",
     "yamale@latest",
     "yamllint@latest",
     "path:./hack/flakes#go-mod-upgrade",