build: add melange support. (#1391)

Author: hugosantos

internal/build/binary/binary.go

@@ -329,6 +329,10 @@ func buildSpec(ctx context.Context, pl pkggraph.PackageLoader, env cfg.Context,
 		}
 	}
 
+	if src.MelangeBuild != nil {
+		return melangeBuild{loc.Rel(), src.MelangeBuild.Files, src.MelangeBuild.Platforms}, nil
+	}
+
 	return nil, fnerrors.NewWithLocation(loc, "don't know how to build binary image: `from` statement does not yield a build unit")
 }
 

internal/build/binary/melange.go

@@ -0,0 +1,102 @@
+// Copyright 2022 Namespace Labs Inc; All rights reserved.
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+
+package binary
+
+import (
+	"context"
+	"fmt"
+	"io/fs"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	"github.com/google/go-containerregistry/pkg/v1/empty"
+	"github.com/google/go-containerregistry/pkg/v1/mutate"
+	"namespacelabs.dev/foundation/internal/artifacts/oci"
+	"namespacelabs.dev/foundation/internal/build"
+	"namespacelabs.dev/foundation/internal/compute"
+	"namespacelabs.dev/foundation/internal/console"
+	"namespacelabs.dev/foundation/internal/fnfs/memfs"
+	"namespacelabs.dev/foundation/internal/sdk/host"
+	"namespacelabs.dev/foundation/internal/sdk/melange"
+	"namespacelabs.dev/foundation/std/pkggraph"
+	"namespacelabs.dev/foundation/std/tasks"
+)
+
+type melangeBuild struct {
+	rel string
+
+	files     []string
+	platforms []string
+}
+
+func (m melangeBuild) BuildImage(ctx context.Context, env pkggraph.SealedContext, conf build.Configuration) (compute.Computable[oci.Image], error) {
+	action := tasks.Action("melange.build").Scope(conf.SourcePackage())
+
+	mbin, err := melange.SDK(ctx, host.HostPlatform())
+	if err != nil {
+		return nil, err
+	}
+
+	localfs := memfs.DeferSnapshot(conf.Workspace().ReadOnlyFS(m.rel), memfs.SnapshotOpts{
+		IncludeFiles: m.files,
+	})
+
+	return compute.Map(action, compute.Inputs().Computable("mbin", mbin).JSON("platform", m.platforms).Computable("localfs", localfs), compute.Output{},
+		func(ctx context.Context, deps compute.Resolved) (oci.Image, error) {
+			mb := compute.MustGetDepValue(deps, mbin, "mbin")
+			contents := compute.MustGetDepValue(deps, localfs, "localfs")
+
+			dir, err := os.MkdirTemp("", "melange")
+			if err != nil {
+				return nil, err
+			}
+
+			fmt.Fprintf(console.Debug(ctx), "melange: created %s\n", dir)
+
+			defer os.RemoveAll(dir)
+
+			for _, path := range m.files {
+				c, err := fs.ReadFile(contents, path)
+				if err != nil {
+					return nil, err
+				}
+
+				if err := os.WriteFile(filepath.Join(dir, path), c, 0660); err != nil {
+					return nil, err
+				}
+			}
+
+			out := console.Output(ctx, "melange")
+
+			cmd := exec.CommandContext(ctx, string(mb),
+				append([]string{
+					"build",
+					"-k", "https://packages.wolfi.dev/os/wolfi-signing.rsa.pub",
+					"-r", "https://packages.wolfi.dev/os",
+					"--arch", strings.Join(m.platforms, ","),
+				}, m.files...)...,
+			)
+			cmd.Stdout = out
+			cmd.Stderr = out
+			cmd.Dir = dir
+
+			if err := cmd.Run(); err != nil {
+				return nil, err
+			}
+
+			layer, err := oci.LayerFromFS(ctx, os.DirFS(filepath.Join(dir, "packages")))
+			if err != nil {
+				return nil, err
+			}
+
+			return mutate.AppendLayers(empty.Image, layer)
+		}), nil
+}
+
+func (m melangeBuild) PlatformIndependent() bool { return true }
+
+func (m melangeBuild) Description() string { return fmt.Sprintf("melangeBuild()") }

internal/cli/cmd/sdk/sdk.go

@@ -28,12 +28,13 @@ import (
 	"namespacelabs.dev/foundation/internal/sdk/host"
 	"namespacelabs.dev/foundation/internal/sdk/k3d"
 	"namespacelabs.dev/foundation/internal/sdk/kubectl"
+	"namespacelabs.dev/foundation/internal/sdk/melange"
 	"namespacelabs.dev/foundation/std/module"
 	"namespacelabs.dev/foundation/std/tasks"
 )
 
 func NewSdkCmd(hidden bool) *cobra.Command {
-	sdks := []string{"go", "k3d", "kubectl", "grpcurl", "deno", "buildctl"}
+	sdks := []string{"go", "k3d", "kubectl", "grpcurl", "deno", "buildctl", "melange"}
 
 	goSdkVersion := "1.22"
 
@@ -85,6 +86,7 @@ func sdkList(sdks []string, goVersion string) []sdk {
 		simpleFileSDK("kubectl", kubectl.SDK),
 		simpleFileSDK("grpcurl", grpcurl.SDK),
 		simpleFileSDK("buildctl", buildctl.SDK),
+		simpleFileSDK("melange", melange.SDK),
 	}
 
 	var ret []sdk

internal/frontend/cuefrontend/binary.go

@@ -48,6 +48,7 @@ type cueImageBuildPlan struct {
 	FilesFrom                *cueImageBuildPlan_FilesFrom           `json:"files_from,omitempty"`
 	MakeFilesystemImage      *cueImageBuildPlan_MakeFilesystemImage `json:"make_fs_image,omitempty"`
 	ImageID                  string                                 `json:"image_id,omitempty"`
+	MelangeBuild             *schema.ImageBuildPlan_MelangeBuild    `json:"melange_build,omitempty"`
 }
 
 type cueImageBuildPlan_LLBPlan struct {
@@ -281,6 +282,11 @@ func (bp cueImageBuildPlan) ToSchema(ctx context.Context, pl parsing.EarlyPackag
 		set = append(set, "image_id")
 	}
 
+	if bp.MelangeBuild != nil {
+		plan.MelangeBuild = bp.MelangeBuild
+		set = append(set, "melange_build")
+	}
+
 	if len(set) == 0 {
 		return nil, fnerrors.NewWithLocation(loc, "plan is missing at least one instruction")
 	} else if len(set) > 1 {

internal/sdk/melange/melange.go

@@ -0,0 +1,83 @@
+// Copyright 2022 Namespace Labs Inc; All rights reserved.
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+
+package melange
+
+import (
+	"context"
+	"fmt"
+	"path/filepath"
+
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"namespacelabs.dev/foundation/internal/artifacts"
+	"namespacelabs.dev/foundation/internal/artifacts/download"
+	"namespacelabs.dev/foundation/internal/artifacts/unpack"
+	"namespacelabs.dev/foundation/internal/compute"
+	"namespacelabs.dev/foundation/internal/fnerrors"
+	"namespacelabs.dev/foundation/internal/fnfs/tarfs"
+	"namespacelabs.dev/foundation/schema"
+	"namespacelabs.dev/foundation/std/tasks"
+)
+
+const version = "0.19.4"
+
+var Pins = map[string]artifacts.Reference{
+	"linux/amd64": {
+		URL: fmt.Sprintf("https://github.com/chainguard-dev/melange/releases/download/v%s/melange_%s_linux_amd64.tar.gz", version, version),
+		Digest: schema.Digest{
+			Algorithm: "sha256",
+			Hex:       "940df40fd759b50c9426150496a83a6eff48ef864bd790eeb8b27d3e9bbcb5ff",
+		},
+	},
+	"linux/arm64": {
+		URL: fmt.Sprintf("https://github.com/chainguard-dev/melange/releases/download/v%s/melange_%s_linux_arm64.tar.gz", version, version),
+		Digest: schema.Digest{
+			Algorithm: "sha256",
+			Hex:       "f1da4af66164ba9ba9aa83a90fe6080b1800838f2cadc2dc49bc49d6bc266884",
+		},
+	},
+	"darwin/arm64": {
+		URL: fmt.Sprintf("https://github.com/chainguard-dev/melange/releases/download/v%s/melange_%s_darwin_arm64.tar.gz", version, version),
+		Digest: schema.Digest{
+			Algorithm: "sha256",
+			Hex:       "9a511cb67618f6782dfb29a44b5ed47a44b184c3ea783e13b418b22f56c696b4",
+		},
+	},
+	"darwin/amd64": {
+		URL: fmt.Sprintf("https://github.com/chainguard-dev/melange/releases/download/v%s/melange_%s_darwin_amd64.tar.gz", version, version),
+		Digest: schema.Digest{
+			Algorithm: "sha256",
+			Hex:       "f3306ba66f9f4d83947ecf0b05ae52d2d75a8cfca9e470ad8a4b83430a889c2b",
+		},
+	},
+}
+
+type Melange string
+
+func EnsureSDK(ctx context.Context, p specs.Platform) (Melange, error) {
+	sdk, err := SDK(ctx, p)
+	if err != nil {
+		return "", err
+	}
+
+	return compute.GetValue(ctx, sdk)
+}
+
+func SDK(ctx context.Context, p specs.Platform) (compute.Computable[Melange], error) {
+	key := fmt.Sprintf("%s/%s", p.OS, p.Architecture)
+	ref, ok := Pins[key]
+	if !ok {
+		return nil, fnerrors.New("platform not supported: %s", key)
+	}
+
+	w := unpack.Unpack("melange", tarfs.TarGunzip(download.URL(ref)))
+
+	return compute.Map(
+		tasks.Action("melange.ensure").Arg("version", version).HumanReadablef("Ensuring melange %s is installed", version),
+		compute.Inputs().Computable("melange", w),
+		compute.Output{},
+		func(ctx context.Context, r compute.Resolved) (Melange, error) {
+			return Melange(filepath.Join(compute.MustGetDepValue(r, w, "melange").Files, fmt.Sprintf("melange_%s_%s_%s", version, p.OS, p.Architecture), "melange")), nil
+		}), nil
+}

internal/versions/versions.json

@@ -1,5 +1,5 @@
 {
-	"api_version": 141,
+	"api_version": 142,
 	"minimum_api_version": 40,
 	"cache_version": 1
 }