Skip to content

Commit 3e395ff

Browse files
authored
feat: buildkit-service optional feature (#345)
1 parent 922d532 commit 3e395ff

11 files changed

Lines changed: 768 additions & 89 deletions

packages/kontinuous/tests/__snapshots__/job-builds.dev.yaml

Lines changed: 70 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -159,7 +159,7 @@ spec:
159159
memory: \\"0\\"
160160
containers:
161161
- name: job
162-
image: moby/buildkit:v0.10.5-rootless
162+
image: moby/buildkit:v0.11.6-rootless
163163
imagePullPolicy: IfNotPresent
164164
envFrom:
165165
- secretRef:
@@ -181,6 +181,30 @@ spec:
181181
export CI_REGISTRY=\\"\\"
182182
fi
183183
184+
buildctl_options_cache=\\"\\"
185+
186+
buildctl_options_mtls=\\"\\"
187+
188+
189+
if [ \\"\\" != \\"\\" ]; then
190+
buildctl_cmd=\\"buildctl \\\\
191+
--addr tcp://buildkit-service.buildkit-service.svc:1234 \\\\
192+
\\"
193+
if [ -f /buildkit-certs/cert.pem ]; then
194+
buildctl_options_mtls=\\"\\\\
195+
--tlscacert /buildkit-certs/ca.pem \\\\
196+
--tlscert /buildkit-certs/cert.pem \\\\
197+
--tlskey /buildkit-certs/key.pem \\\\
198+
\\"
199+
fi
200+
else
201+
buildctl_cmd=buildctl-daemonless.sh
202+
buildctl_options_cache=\\"\\\\
203+
--export-cache type=inline \\\\
204+
--import-cache type=registry,ref=$IMAGE_PATH:feature-branch-1 \\\\
205+
\\"
206+
fi
207+
184208
mkdir -p /home/user/.docker
185209
186210
echo \\"{\\\\\\"auths\\\\\\":{\\\\\\"$CI_REGISTRY\\\\\\":{\\\\\\"username\\\\\\":\\\\\\"$CI_REGISTRY_USER\\\\\\",\\\\\\"password\\\\\\":\\\\\\"$CI_REGISTRY_PASSWORD\\\\\\"}}}\\" > /home/user/.docker/config.json
@@ -193,15 +217,15 @@ spec:
193217
export LATEST_TAG=\\",$IMAGE_PATH:latest\\"
194218
fi
195219
196-
buildctl-daemonless.sh \\\\
220+
$buildctl_cmd \\\\
221+
$buildctl_options_mtls \\\\
197222
build \\\\
198223
--frontend dockerfile.v0 \\\\
199224
--local context=/workspace/ \\\\
200225
--local dockerfile=/workspace \\\\
201226
--opt filename=./Dockerfile \\\\
202227
--output type=image,\\\\\\"name=$IMAGE_PATH:sha-ffac537e6cbbf934b08745a378932722df287a53,$IMAGE_PATH:feature-branch-1$LATEST_TAG\\\\\\",push=true \\\\
203-
--export-cache type=inline \\\\
204-
--import-cache type=registry,ref=$IMAGE_PATH:feature-branch-1 \\\\
228+
$buildctl_options_cache \\\\
205229
--opt build-arg:\\"NEXT_PUBLIC_HASURA_URL=https://hasura-test-job-builds-feature-branch-1.dev.fabrique.social.gouv.fr/v1/graphql\\" \\\\
206230
echo \\"$IMAGE_PATH:sha-ffac537e6cbbf934b08745a378932722df287a53\\" >$KONTINUOUS_OUTPUT/IMAGE
207231
resources:
@@ -226,6 +250,9 @@ spec:
226250
subPath: test-job-builds-feature-branch-1-ffac537e6cbbf934b087-5o9wuk2u/build-app.build-app.buildkit
227251
- mountPath: /home/user/.local/share/buildkit
228252
name: buildkitd
253+
- mountPath: /buildkit-certs
254+
name: certs
255+
readOnly: true
229256
securityContext:
230257
fsGroup: 1000
231258
volumes:
@@ -237,6 +264,10 @@ spec:
237264
emptyDir: {}
238265
- emptyDir: {}
239266
name: buildkitd
267+
- name: certs
268+
secret:
269+
optional: true
270+
secretName: buildkit-client-certs
240271
---
241272
apiVersion: batch/v1
242273
kind: Job
@@ -318,7 +349,7 @@ spec:
318349
memory: \\"0\\"
319350
containers:
320351
- name: job
321-
image: moby/buildkit:v0.10.5-rootless
352+
image: moby/buildkit:v0.11.6-rootless
322353
imagePullPolicy: IfNotPresent
323354
envFrom:
324355
- secretRef:
@@ -340,6 +371,30 @@ spec:
340371
export CI_REGISTRY=\\"\\"
341372
fi
342373
374+
buildctl_options_cache=\\"\\"
375+
376+
buildctl_options_mtls=\\"\\"
377+
378+
379+
if [ \\"\\" != \\"\\" ]; then
380+
buildctl_cmd=\\"buildctl \\\\
381+
--addr tcp://buildkit-service.buildkit-service.svc:1234 \\\\
382+
\\"
383+
if [ -f /buildkit-certs/cert.pem ]; then
384+
buildctl_options_mtls=\\"\\\\
385+
--tlscacert /buildkit-certs/ca.pem \\\\
386+
--tlscert /buildkit-certs/cert.pem \\\\
387+
--tlskey /buildkit-certs/key.pem \\\\
388+
\\"
389+
fi
390+
else
391+
buildctl_cmd=buildctl-daemonless.sh
392+
buildctl_options_cache=\\"\\\\
393+
--export-cache type=inline \\\\
394+
--import-cache type=registry,ref=$IMAGE_PATH:feature-branch-1 \\\\
395+
\\"
396+
fi
397+
343398
mkdir -p /home/user/.docker
344399
345400
echo \\"{\\\\\\"auths\\\\\\":{\\\\\\"$CI_REGISTRY\\\\\\":{\\\\\\"username\\\\\\":\\\\\\"$CI_REGISTRY_USER\\\\\\",\\\\\\"password\\\\\\":\\\\\\"$CI_REGISTRY_PASSWORD\\\\\\"}}}\\" > /home/user/.docker/config.json
@@ -352,15 +407,15 @@ spec:
352407
export LATEST_TAG=\\",$IMAGE_PATH:latest\\"
353408
fi
354409
355-
buildctl-daemonless.sh \\\\
410+
$buildctl_cmd \\\\
411+
$buildctl_options_mtls \\\\
356412
build \\\\
357413
--frontend dockerfile.v0 \\\\
358414
--local context=/workspace//packages/hasura \\\\
359415
--local dockerfile=/workspace/packages/hasura \\\\
360416
--opt filename=./Dockerfile \\\\
361417
--output type=image,\\\\\\"name=$IMAGE_PATH:sha-ffac537e6cbbf934b08745a378932722df287a53,$IMAGE_PATH:feature-branch-1$LATEST_TAG\\\\\\",push=true \\\\
362-
--export-cache type=inline \\\\
363-
--import-cache type=registry,ref=$IMAGE_PATH:feature-branch-1 \\\\
418+
$buildctl_options_cache \\\\
364419
echo \\"$IMAGE_PATH:sha-ffac537e6cbbf934b08745a378932722df287a53\\" >$KONTINUOUS_OUTPUT/IMAGE
365420
resources:
366421
limits:
@@ -384,6 +439,9 @@ spec:
384439
subPath: test-job-builds-feature-branch-1-ffac537e6cbbf934b087-5o9wuk2u/build-hasura.build-hasura.buildkit
385440
- mountPath: /home/user/.local/share/buildkit
386441
name: buildkitd
442+
- mountPath: /buildkit-certs
443+
name: certs
444+
readOnly: true
387445
securityContext:
388446
fsGroup: 1000
389447
volumes:
@@ -395,5 +453,9 @@ spec:
395453
emptyDir: {}
396454
- emptyDir: {}
397455
name: buildkitd
456+
- name: certs
457+
secret:
458+
optional: true
459+
secretName: buildkit-client-certs
398460
"
399461
`;

packages/kontinuous/tests/__snapshots__/jobs-build-options.dev.yaml

Lines changed: 35 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -160,7 +160,7 @@ spec:
160160
memory: \\"0\\"
161161
containers:
162162
- name: job
163-
image: moby/buildkit:v0.10.5-rootless
163+
image: moby/buildkit:v0.11.6-rootless
164164
imagePullPolicy: IfNotPresent
165165
envFrom:
166166
- secretRef:
@@ -182,6 +182,30 @@ spec:
182182
export CI_REGISTRY=\\"\\"
183183
fi
184184
185+
buildctl_options_cache=\\"\\"
186+
187+
buildctl_options_mtls=\\"\\"
188+
189+
190+
if [ \\"\\" != \\"\\" ]; then
191+
buildctl_cmd=\\"buildctl \\\\
192+
--addr tcp://buildkit-service.buildkit-service.svc:1234 \\\\
193+
\\"
194+
if [ -f /buildkit-certs/cert.pem ]; then
195+
buildctl_options_mtls=\\"\\\\
196+
--tlscacert /buildkit-certs/ca.pem \\\\
197+
--tlscert /buildkit-certs/cert.pem \\\\
198+
--tlskey /buildkit-certs/key.pem \\\\
199+
\\"
200+
fi
201+
else
202+
buildctl_cmd=buildctl-daemonless.sh
203+
buildctl_options_cache=\\"\\\\
204+
--export-cache type=inline \\\\
205+
--import-cache type=registry,ref=$IMAGE_PATH:feature-branch-1 \\\\
206+
\\"
207+
fi
208+
185209
mkdir -p /home/user/.docker
186210
187211
echo \\"{\\\\\\"auths\\\\\\":{\\\\\\"$CI_REGISTRY\\\\\\":{\\\\\\"username\\\\\\":\\\\\\"$CI_REGISTRY_USER\\\\\\",\\\\\\"password\\\\\\":\\\\\\"$CI_REGISTRY_PASSWORD\\\\\\"}}}\\" > /home/user/.docker/config.json
@@ -194,15 +218,15 @@ spec:
194218
export LATEST_TAG=\\",$IMAGE_PATH:latest\\"
195219
fi
196220
197-
buildctl-daemonless.sh \\\\
221+
$buildctl_cmd \\\\
222+
$buildctl_options_mtls \\\\
198223
build \\\\
199224
--frontend dockerfile.v0 \\\\
200225
--local context=/workspace/ \\\\
201226
--local dockerfile=/workspace \\\\
202227
--opt filename=./Dockerfile \\\\
203228
--output type=image,\\\\\\"name=$IMAGE_PATH:sha-ffac537e6cbbf934b08745a378932722df287a53,$IMAGE_PATH:feature-branch-1$LATEST_TAG\\\\\\",push=true \\\\
204-
--export-cache type=inline \\\\
205-
--import-cache type=registry,ref=$IMAGE_PATH:feature-branch-1 \\\\
229+
$buildctl_options_cache \\\\
206230
--opt build-arg:\\"arg1=value1\\" \\\\
207231
--opt build-arg:\\"arg2=value2\\" \\\\
208232
echo \\"$IMAGE_PATH:sha-ffac537e6cbbf934b08745a378932722df287a53\\" >$KONTINUOUS_OUTPUT/IMAGE
@@ -228,6 +252,9 @@ spec:
228252
subPath: test-jobs-build-options-feature-branch-1-ffac537e6cbb-63jpvbjn/jobs.build-app.buildkit
229253
- mountPath: /home/user/.local/share/buildkit
230254
name: buildkitd
255+
- mountPath: /buildkit-certs
256+
name: certs
257+
readOnly: true
231258
securityContext:
232259
fsGroup: 1000
233260
volumes:
@@ -239,6 +266,10 @@ spec:
239266
emptyDir: {}
240267
- emptyDir: {}
241268
name: buildkitd
269+
- name: certs
270+
secret:
271+
optional: true
272+
secretName: buildkit-client-certs
242273
---
243274
apiVersion: apps/v1
244275
kind: Deployment

packages/kontinuous/tests/__snapshots__/jobs-build-stage.dev.yaml

Lines changed: 70 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -456,7 +456,7 @@ spec:
456456
memory: \\"0\\"
457457
containers:
458458
- name: job
459-
image: moby/buildkit:v0.10.5-rootless
459+
image: moby/buildkit:v0.11.6-rootless
460460
imagePullPolicy: IfNotPresent
461461
envFrom:
462462
- secretRef:
@@ -478,6 +478,30 @@ spec:
478478
export CI_REGISTRY=\\"\\"
479479
fi
480480
481+
buildctl_options_cache=\\"\\"
482+
483+
buildctl_options_mtls=\\"\\"
484+
485+
486+
if [ \\"\\" != \\"\\" ]; then
487+
buildctl_cmd=\\"buildctl \\\\
488+
--addr tcp://buildkit-service.buildkit-service.svc:1234 \\\\
489+
\\"
490+
if [ -f /buildkit-certs/cert.pem ]; then
491+
buildctl_options_mtls=\\"\\\\
492+
--tlscacert /buildkit-certs/ca.pem \\\\
493+
--tlscert /buildkit-certs/cert.pem \\\\
494+
--tlskey /buildkit-certs/key.pem \\\\
495+
\\"
496+
fi
497+
else
498+
buildctl_cmd=buildctl-daemonless.sh
499+
buildctl_options_cache=\\"\\\\
500+
--export-cache type=inline \\\\
501+
--import-cache type=registry,ref=$IMAGE_PATH:feature-branch-1 \\\\
502+
\\"
503+
fi
504+
481505
mkdir -p /home/user/.docker
482506
483507
echo \\"{\\\\\\"auths\\\\\\":{\\\\\\"$CI_REGISTRY\\\\\\":{\\\\\\"username\\\\\\":\\\\\\"$CI_REGISTRY_USER\\\\\\",\\\\\\"password\\\\\\":\\\\\\"$CI_REGISTRY_PASSWORD\\\\\\"}}}\\" > /home/user/.docker/config.json
@@ -490,15 +514,15 @@ spec:
490514
export LATEST_TAG=\\",$IMAGE_PATH:latest\\"
491515
fi
492516
493-
buildctl-daemonless.sh \\\\
517+
$buildctl_cmd \\\\
518+
$buildctl_options_mtls \\\\
494519
build \\\\
495520
--frontend dockerfile.v0 \\\\
496521
--local context=/workspace/ \\\\
497522
--local dockerfile=/workspace \\\\
498523
--opt filename=./Dockerfile \\\\
499524
--output type=image,\\\\\\"name=$IMAGE_PATH:sha-ffac537e6cbbf934b08745a378932722df287a53,$IMAGE_PATH:feature-branch-1$LATEST_TAG\\\\\\",push=true \\\\
500-
--export-cache type=inline \\\\
501-
--import-cache type=registry,ref=$IMAGE_PATH:feature-branch-1 \\\\
525+
$buildctl_options_cache \\\\
502526
echo \\"$IMAGE_PATH:sha-ffac537e6cbbf934b08745a378932722df287a53\\" >$KONTINUOUS_OUTPUT/IMAGE
503527
resources:
504528
limits:
@@ -522,6 +546,9 @@ spec:
522546
subPath: test-jobs-build-stage-feature-branch-1-ffac537e6cbbf9-6bjy8r03/jobs.build-app.buildkit
523547
- mountPath: /home/user/.local/share/buildkit
524548
name: buildkitd
549+
- mountPath: /buildkit-certs
550+
name: certs
551+
readOnly: true
525552
securityContext:
526553
fsGroup: 1000
527554
volumes:
@@ -533,6 +560,10 @@ spec:
533560
emptyDir: {}
534561
- emptyDir: {}
535562
name: buildkitd
563+
- name: certs
564+
secret:
565+
optional: true
566+
secretName: buildkit-client-certs
536567
---
537568
apiVersion: batch/v1
538569
kind: Job
@@ -615,7 +646,7 @@ spec:
615646
memory: \\"0\\"
616647
containers:
617648
- name: job
618-
image: moby/buildkit:v0.10.5-rootless
649+
image: moby/buildkit:v0.11.6-rootless
619650
imagePullPolicy: IfNotPresent
620651
envFrom:
621652
- secretRef:
@@ -637,6 +668,30 @@ spec:
637668
export CI_REGISTRY=\\"\\"
638669
fi
639670
671+
buildctl_options_cache=\\"\\"
672+
673+
buildctl_options_mtls=\\"\\"
674+
675+
676+
if [ \\"\\" != \\"\\" ]; then
677+
buildctl_cmd=\\"buildctl \\\\
678+
--addr tcp://buildkit-service.buildkit-service.svc:1234 \\\\
679+
\\"
680+
if [ -f /buildkit-certs/cert.pem ]; then
681+
buildctl_options_mtls=\\"\\\\
682+
--tlscacert /buildkit-certs/ca.pem \\\\
683+
--tlscert /buildkit-certs/cert.pem \\\\
684+
--tlskey /buildkit-certs/key.pem \\\\
685+
\\"
686+
fi
687+
else
688+
buildctl_cmd=buildctl-daemonless.sh
689+
buildctl_options_cache=\\"\\\\
690+
--export-cache type=inline \\\\
691+
--import-cache type=registry,ref=$IMAGE_PATH:feature-branch-1 \\\\
692+
\\"
693+
fi
694+
640695
mkdir -p /home/user/.docker
641696
642697
echo \\"{\\\\\\"auths\\\\\\":{\\\\\\"$CI_REGISTRY\\\\\\":{\\\\\\"username\\\\\\":\\\\\\"$CI_REGISTRY_USER\\\\\\",\\\\\\"password\\\\\\":\\\\\\"$CI_REGISTRY_PASSWORD\\\\\\"}}}\\" > /home/user/.docker/config.json
@@ -649,15 +704,15 @@ spec:
649704
export LATEST_TAG=\\",$IMAGE_PATH:latest\\"
650705
fi
651706
652-
buildctl-daemonless.sh \\\\
707+
$buildctl_cmd \\\\
708+
$buildctl_options_mtls \\\\
653709
build \\\\
654710
--frontend dockerfile.v0 \\\\
655711
--local context=/workspace//hasura \\\\
656712
--local dockerfile=/workspace/hasura \\\\
657713
--opt filename=./Dockerfile \\\\
658714
--output type=image,\\\\\\"name=$IMAGE_PATH:sha-ffac537e6cbbf934b08745a378932722df287a53,$IMAGE_PATH:feature-branch-1$LATEST_TAG\\\\\\",push=true \\\\
659-
--export-cache type=inline \\\\
660-
--import-cache type=registry,ref=$IMAGE_PATH:feature-branch-1 \\\\
715+
$buildctl_options_cache \\\\
661716
echo \\"$IMAGE_PATH:sha-ffac537e6cbbf934b08745a378932722df287a53\\" >$KONTINUOUS_OUTPUT/IMAGE
662717
resources:
663718
limits:
@@ -681,6 +736,9 @@ spec:
681736
subPath: test-jobs-build-stage-feature-branch-1-ffac537e6cbbf9-6bjy8r03/jobs.build-hasura.buildkit
682737
- mountPath: /home/user/.local/share/buildkit
683738
name: buildkitd
739+
- mountPath: /buildkit-certs
740+
name: certs
741+
readOnly: true
684742
securityContext:
685743
fsGroup: 1000
686744
volumes:
@@ -692,6 +750,10 @@ spec:
692750
emptyDir: {}
693751
- emptyDir: {}
694752
name: buildkitd
753+
- name: certs
754+
secret:
755+
optional: true
756+
secretName: buildkit-client-certs
695757
---
696758
apiVersion: apps/v1
697759
kind: Deployment

0 commit comments

Comments
 (0)