From b7875105167ac1f17eac804fdbe6b23ef217cad1 Mon Sep 17 00:00:00 2001 From: Jon Johnson Date: Sat, 16 Nov 2024 13:36:10 -0800 Subject: [PATCH] Drop tests that are failing Alpine doesn't keep their archs in sync and only keeps around the latest revision in edge, which breaks a bunch of our test, so I've cut down the alpine tests to a single arch. Signed-off-by: Jon Johnson --- .github/workflows/build-samples.yml | 47 +++++------------------------ examples/alias-only.yaml | 5 ++- examples/alpine-386_amd64.yaml | 11 ------- examples/alpine-base-rootless.yaml | 3 ++ examples/alpine-base.yaml | 3 ++ examples/alpine-python3.yaml | 3 ++ examples/alpine-slim.yaml | 3 ++ examples/apko-devenv.yaml | 3 ++ examples/nginx-rootless.yaml | 3 ++ examples/nginx.yaml | 9 ++++-- hack/ci/00-build.sh | 2 +- hack/ci/01-publish.sh | 2 +- 12 files changed, 39 insertions(+), 55 deletions(-) delete mode 100644 examples/alpine-386_amd64.yaml diff --git a/.github/workflows/build-samples.yml b/.github/workflows/build-samples.yml index 04b4e2f7e..f832fbcb6 100644 --- a/.github/workflows/build-samples.yml +++ b/.github/workflows/build-samples.yml @@ -19,7 +19,7 @@ jobs: strategy: fail-fast: false matrix: - arch: [x86_64, "386", armv7, aarch64, riscv64, s390x, ppc64le] + arch: [x86_64, aarch64] steps: - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 @@ -50,37 +50,6 @@ jobs: docker run --rm -v $(pwd)/$f:/sbom.json cgr.dev/chainguard/ntia-conformance-checker -v --file /sbom.json done - # Build a multi-arch nginx image for all archs. - build-nginx-multiarch: - name: build-nginx-multiarch - runs-on: ubuntu-latest - - permissions: - contents: read - - steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 - with: - egress-policy: audit - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v2.1.5 - with: - go-version-file: 'go.mod' - check-latest: true - - run: | - make apko - ./apko build ./examples/nginx.yaml nginx:build /tmp/nginx.tar --arch x86_64,386,armv7,aarch64,s390x,ppc64le - - - name: Check SBOM Conformance - run: | - set -euxo pipefail - for f in *.spdx.json; do - echo ::group::sbom.json - cat $f - echo ::endgroup:: - docker run --rm -v $(pwd)/$f:/sbom.json cgr.dev/chainguard/ntia-conformance-checker -v --file /sbom.json - done - build-all-examples-one-arch: name: build-all-examples-amd64 @@ -116,7 +85,7 @@ jobs: fi done - build-alpine-source-date-epoch: + build-wolfi-source-date-epoch: name: source-date-epoch runs-on: ubuntu-latest @@ -141,11 +110,11 @@ jobs: SOURCE_DATE_EPOCH: "0" run: | make apko - FIRST=$(./apko publish ./examples/alpine-base.yaml localhost:5000/alpine --arch x86_64,386,armv7,aarch64,s390x,ppc64le 2> /dev/null) + FIRST=$(./apko publish ./examples/wolfi-base.yaml localhost:5000/wolfi --arch x86_64,aarch64 2> /dev/null) for idx in {2..10} do - NEXT=$(./apko publish ./examples/alpine-base.yaml localhost:5000/alpine --arch x86_64,386,armv7,aarch64,s390x,ppc64le 2> /dev/null) + NEXT=$(./apko publish ./examples/wolfi-base.yaml localhost:5000/wolfi --arch x86_64,aarch64 2> /dev/null) if [ "${FIRST}" = "${NEXT}" ]; then echo "Build ${idx} matches." @@ -155,7 +124,7 @@ jobs: fi done - build-alpine-build-date-epoch: + build-wolfi-build-date-epoch: name: build-date-epoch runs-on: ubuntu-latest @@ -180,11 +149,11 @@ jobs: make apko # Without SOURCE_DATE_EPOCH set, the timestamp of the image will be computed to be # the maximum build date of the resolved APKs. - FIRST=$(./apko publish ./examples/alpine-base.yaml localhost:5000/alpine --arch x86_64,386,armv7,aarch64,s390x,ppc64le 2> /dev/null) + FIRST=$(./apko publish ./examples/wolfi-base.yaml localhost:5000/wolfi --arch x86_64,aarch64 2> /dev/null) for idx in {2..10} do - NEXT=$(./apko publish ./examples/alpine-base.yaml localhost:5000/alpine --arch x86_64,386,armv7,aarch64,s390x,ppc64le 2> /dev/null) + NEXT=$(./apko publish ./examples/wolfi-base.yaml localhost:5000/wolfi --arch x86_64,aarch64 2> /dev/null) if [ "${FIRST}" = "${NEXT}" ]; then echo "Build ${idx} matches." @@ -218,7 +187,7 @@ jobs: make apko # Build image with annotations. - ref=$(./apko publish ./examples/nginx.yaml localhost:5000/nginx --arch x86_64,386,armv7,aarch64,s390x,ppc64le) + ref=$(./apko publish ./examples/nginx.yaml localhost:5000/nginx --arch x86_64,aarch64) # Check index annotations. crane manifest $ref | jq -r '.annotations.foo' | grep bar diff --git a/examples/alias-only.yaml b/examples/alias-only.yaml index 084cbfb0b..82d1382ca 100644 --- a/examples/alias-only.yaml +++ b/examples/alias-only.yaml @@ -2,4 +2,7 @@ contents: repositories: - https://dl-cdn.alpinelinux.org/alpine/edge/main packages: - - openssh-client \ No newline at end of file + - openssh-client + +archs: +- x86_64 diff --git a/examples/alpine-386_amd64.yaml b/examples/alpine-386_amd64.yaml deleted file mode 100644 index c74489da0..000000000 --- a/examples/alpine-386_amd64.yaml +++ /dev/null @@ -1,11 +0,0 @@ -contents: - repositories: - - https://dl-cdn.alpinelinux.org/alpine/edge/main - packages: - - alpine-base - -cmd: /bin/sh -l - -archs: - - amd64 - - 386 diff --git a/examples/alpine-base-rootless.yaml b/examples/alpine-base-rootless.yaml index 597350f5f..31a56deb7 100644 --- a/examples/alpine-base-rootless.yaml +++ b/examples/alpine-base-rootless.yaml @@ -18,3 +18,6 @@ cmd: /bin/sh -l # optional environment configuration environment: PATH: /usr/sbin:/sbin:/usr/bin:/bin + +archs: + - amd64 diff --git a/examples/alpine-base.yaml b/examples/alpine-base.yaml index acb623070..7e230ef32 100644 --- a/examples/alpine-base.yaml +++ b/examples/alpine-base.yaml @@ -9,3 +9,6 @@ cmd: /bin/sh -l # optional environment configuration environment: PATH: /usr/sbin:/sbin:/usr/bin:/bin + +archs: + - amd64 diff --git a/examples/alpine-python3.yaml b/examples/alpine-python3.yaml index cf1109a67..de03b62f8 100644 --- a/examples/alpine-python3.yaml +++ b/examples/alpine-python3.yaml @@ -10,3 +10,6 @@ cmd: /bin/sh -l # optional environment configuration environment: PATH: /usr/sbin:/sbin:/usr/bin:/bin + +archs: + - amd64 diff --git a/examples/alpine-slim.yaml b/examples/alpine-slim.yaml index 15ec12c8a..0e2a5c07f 100644 --- a/examples/alpine-slim.yaml +++ b/examples/alpine-slim.yaml @@ -11,3 +11,6 @@ environment: PATH: /usr/sbin:/sbin:/usr/bin:/bin cmd: /bin/sh -l + +archs: + - amd64 diff --git a/examples/apko-devenv.yaml b/examples/apko-devenv.yaml index b7f3c1384..79838606a 100644 --- a/examples/apko-devenv.yaml +++ b/examples/apko-devenv.yaml @@ -32,3 +32,6 @@ contents: - docker-cli entrypoint: command: /bin/sh -l + +archs: + - amd64 diff --git a/examples/nginx-rootless.yaml b/examples/nginx-rootless.yaml index 88e9f6714..5bf125d11 100644 --- a/examples/nginx-rootless.yaml +++ b/examples/nginx-rootless.yaml @@ -36,3 +36,6 @@ paths: uid: 10000 gid: 10000 permissions: 0o644 + +archs: + - amd64 diff --git a/examples/nginx.yaml b/examples/nginx.yaml index 558f389f5..e31b61cad 100644 --- a/examples/nginx.yaml +++ b/examples/nginx.yaml @@ -1,8 +1,10 @@ contents: + keyring: + - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub repositories: - - https://dl-cdn.alpinelinux.org/alpine/edge/main + - https://packages.wolfi.dev/os packages: - - alpine-baselayout + - wolfi-baselayout - nginx entrypoint: @@ -41,3 +43,6 @@ work-dir: /usr/share/nginx annotations: foo: bar + +archs: + - amd64 diff --git a/hack/ci/00-build.sh b/hack/ci/00-build.sh index dbd6580f7..1633c64dd 100755 --- a/hack/ci/00-build.sh +++ b/hack/ci/00-build.sh @@ -10,7 +10,7 @@ REF="apko.local/ci-testing:test" trap "rm -f ${OUTPUT_TAR}" EXIT -for f in examples/alpine-base-rootless.yaml examples/wolfi-base.yaml; do +for f in examples/wolfi-base.yaml; do echo "=== building $f" REF="apko.local/ci-testing:$(basename ${f})" diff --git a/hack/ci/01-publish.sh b/hack/ci/01-publish.sh index fbf4c8fef..1d3fc0e46 100755 --- a/hack/ci/01-publish.sh +++ b/hack/ci/01-publish.sh @@ -16,7 +16,7 @@ docker rm -f "${REGISTRY_CONTAINER_NAME}" docker run --name "${REGISTRY_CONTAINER_NAME}" \ -d -p ${PORT}:5000 "${REGISTRY_BASE_IMAGE}" -for f in examples/alpine-base-rootless.yaml examples/wolfi-base.yaml; do +for f in examples/wolfi-base.yaml; do echo "=== building $f" REF="localhost:${PORT}/ci-testing:$(basename ${f})"