Bake workflow

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>

hack/binaries

@@ -1,16 +0,0 @@
-#!/usr/bin/env bash
-
-. $(dirname $0)/util
-set -eu
-
-: ${TARGETPLATFORM=$CLI_PLATFORM}
-
-platformFlag=""
-if [ -n "$TARGETPLATFORM" ]; then
-  platformFlag="--platform $TARGETPLATFORM"
-fi
-
-buildxCmd build $platformFlag \
-  --target "binaries" \
-  --output "type=local,dest=./bin/" \
-  .

hack/build_ci_first_pass

@@ -1,38 +0,0 @@
-#!/usr/bin/env bash
-
-TYP=$1
-
-. $(dirname $0)/util
-set -e
-
-usage() {
-  echo "usage: ./hack/build_ci_first_pass <binaries>"
-  exit 1
-}
-
-if [ -z "$TYP" ]; then
-  usage
-fi
-
-importCacheFlags=""
-exportCacheFlags=""
-if [ "$GITHUB_ACTIONS" = "true" ]; then
-  if [ -n "$cacheRefFrom" ]; then
-    importCacheFlags="--cache-from=type=local,src=$cacheRefFrom"
-  fi
-  if [ -n "$cacheRefTo" ]; then
-    exportCacheFlags="--cache-to=type=local,dest=$cacheRefTo"
-  fi
-fi
-
-case $TYP in
-  "binaries")
-    buildxCmd build $importCacheFlags $exportCacheFlags \
-      --target "binaries" \
-      $currentcontext
-    ;;
-  *)
-    echo >&2 "Unknown type $TYP"
-    exit 1
-    ;;
-esac

hack/cross

@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-. $(dirname $0)/util
-set -e
-
-: ${TARGETPLATFORM=linux/amd64,linux/arm/v7,linux/arm64,darwin/amd64,windows/amd64,linux/ppc64le,linux/s390x,linux/riscv64}
-: ${EXPORT_LOCAL=}
-
-importCacheFlags=""
-if [ "$GITHUB_ACTIONS" = "true" ]; then
-  if [ -n "$cacheRefFrom" ]; then
-    importCacheFlags="--cache-from=type=local,src=$cacheRefFrom"
-  fi
-fi
-
-exportFlag=""
-if [ -n "$EXPORT_LOCAL" ]; then
-  exportFlag="--output=type=local,dest=$EXPORT_LOCAL"
-fi
-
-buildxCmd build $importCacheFlags $exportFlag \
-  --target "binaries" \
-  --platform "$TARGETPLATFORM" \
-  $currentcontext

hack/demo-env/entrypoint.sh

@@ -13,7 +13,3 @@ else
   ( $dockerdCmd &>/var/log/dockerd.log & )
   exec ash
 fi
-
-
-
-

hack/dockerfiles/authors.Dockerfile

@@ -0,0 +1,33 @@
+# syntax=docker/dockerfile:1.3-labs
+
+FROM alpine:3.14 AS gen
+RUN apk add --no-cache git
+WORKDIR /src
+RUN --mount=type=bind,target=. <<EOT
+#!/usr/bin/env bash
+set -e
+mkdir /out
+# see also ".mailmap" for how email addresses and names are deduplicated
+{
+  echo "# This file lists all individuals having contributed content to the repository."
+  echo "# For how it is generated, see hack/dockerfiles/authors.Dockerfile."
+  echo
+  git log --format='%aN <%aE>' | LC_ALL=C.UTF-8 sort -uf
+} > /out/AUTHORS
+cat /out/AUTHORS
+EOT
+
+FROM scratch AS update
+COPY --from=gen /out /
+
+FROM gen AS validate
+RUN --mount=type=bind,target=.,rw <<EOT
+set -e
+git add -A
+cp -rf /out/* .
+if [ -n "$(git status --porcelain -- AUTHORS)" ]; then
+  echo >&2 'ERROR: Authors result differs. Please update with "make authors"'
+  git status --porcelain -- AUTHORS
+  exit 1
+fi
+EOT

hack/dockerfiles/docs.Dockerfile

@@ -1,4 +1,4 @@
-# syntax=docker/dockerfile:1.3
+# syntax=docker/dockerfile:1.3-labs
 
 ARG GO_VERSION=1.17.0
 
@@ -13,19 +13,28 @@ RUN apk add --no-cache rsync git
 WORKDIR /src
 COPY --from=docsgen /out/docsgen /usr/bin
 RUN --mount=target=/context \
-  --mount=target=.,type=tmpfs,readwrite  \
-  rsync -a /context/. . && \
-  docsgen && \
-  mkdir /out && cp -r docs/reference /out
+  --mount=target=.,type=tmpfs <<EOT
+set -e
+rsync -a /context/. .
+docsgen
+mkdir /out
+cp -r docs/reference /out
+EOT
 
 FROM scratch AS update
 COPY --from=gen /out /out
 
 FROM gen AS validate
 RUN --mount=target=/context \
-  --mount=target=.,type=tmpfs,readwrite  \
-  rsync -a /context/. . && \
-  git add -A && \
-  rm -rf docs/reference/* && \
-  cp -rf /out/* ./docs/ && \
-  ./hack/validate-docs check
+  --mount=target=.,type=tmpfs <<EOT
+set -e
+rsync -a /context/. .
+git add -A
+rm -rf docs/reference/*
+cp -rf /out/* ./docs/
+if [ -n "$(git status --porcelain -- docs/reference)" ]; then
+  echo >&2 'ERROR: Docs result differs. Please update with "make docs"'
+  git status --porcelain -- docs/reference
+  exit 1
+fi
+EOT

hack/dockerfiles/vendor.Dockerfile

@@ -1,4 +1,4 @@
-# syntax=docker/dockerfile:1.3
+# syntax=docker/dockerfile:1.3-labs
 
 ARG GO_VERSION=1.17.0
 
@@ -6,20 +6,30 @@ FROM golang:${GO_VERSION}-alpine AS vendored
 RUN  apk add --no-cache git rsync
 WORKDIR /src
 RUN --mount=target=/context \
-  --mount=target=.,type=tmpfs,readwrite  \
-  --mount=target=/go/pkg/mod,type=cache \
-  rsync -a /context/. . && \
-  go mod tidy && go mod vendor && \
-  mkdir /out && cp -r go.mod go.sum vendor /out
+  --mount=target=.,type=tmpfs  \
+  --mount=target=/go/pkg/mod,type=cache <<EOT
+set -e
+rsync -a /context/. .
+go mod tidy
+go mod vendor
+mkdir /out
+cp -r go.mod go.sum vendor /out
+EOT
 
 FROM scratch AS update
 COPY --from=vendored /out /out
 
 FROM vendored AS validate
 RUN --mount=target=/context \
-  --mount=target=.,type=tmpfs,readwrite  \
-  rsync -a /context/. . && \
-  git add -A && \
-  rm -rf vendor && \
-  cp -rf /out/* . && \
-  ./hack/validate-vendor check
+  --mount=target=.,type=tmpfs <<EOT
+set -e
+rsync -a /context/. .
+git add -A
+rm -rf vendor
+cp -rf /out/* .
+if [ -n "$(git status --porcelain -- go.mod go.sum vendor)" ]; then
+  echo >&2 'ERROR: Vendor result differs. Please vendor your package with "make vendor"'
+  git status --porcelain -- go.mod go.sum vendor
+  exit 1
+fi
+EOT

hack/generate-authors

@@ -1,21 +0,0 @@
-#!/usr/bin/env bash
-
-set -eu -o pipefail -x
-
-if [ -x "$(command -v greadlink)" ]; then
-	# on macOS, GNU readlink is ava (greadlink) can be installed through brew install coreutils
-	cd "$(dirname "$(greadlink -f "$BASH_SOURCE")")/.."
-else
-	cd "$(dirname "$(readlink -f "$BASH_SOURCE")")/.."
-fi
-
-# see also ".mailmap" for how email addresses and names are deduplicated
-
-{
-	cat <<-'EOH'
-	# This file lists all individuals having contributed content to the repository.
-	# For how it is generated, see `scripts/generate-authors.sh`.
-	EOH
-	echo
-	git log --format='%aN <%aE>' | LC_ALL=C.UTF-8 sort -uf
-} > AUTHORS

hack/lint

@@ -1,6 +0,0 @@
-#!/usr/bin/env bash
-
-. $(dirname $0)/util
-set -eu
-
-buildxCmd build --file ./hack/dockerfiles/lint.Dockerfile .

hack/release

@@ -1,37 +1,20 @@
 #!/usr/bin/env bash
 
-OUT=${1:-release-out}
-
-. $(dirname $0)/util
 set -eu -o pipefail
 
-: ${PLATFORMS=linux/amd64}
-: ${CHECKSUMS=}
+: ${BUILDX_CMD=docker buildx}
+: ${RELEASE_OUT=./release-out}
 
-importCacheFlags=""
-if [[ -n "$cacheRefFrom" ]] && [[ "$cacheType" = "local" ]]; then
-  for ref in $cacheRefFrom; do
-    importCacheFlags="$importCacheFlags--cache-from=type=local,src=$ref "
-  done
-fi
-
-buildxCmd build $importCacheFlags \
-  --target "release" \
-  --platform "$PLATFORMS" \
-  --output "type=local,dest=$OUT" \
-  $currentcontext
+# release
+(set -x ; ${BUILDX_CMD} bake --set "*.output=$RELEASE_OUT" release)
 
 # wrap binaries
-{ set +x; } 2>/dev/null
-if [[ $PLATFORMS =~ "," ]]; then
-  mv -f ./$OUT/**/* ./$OUT/
-  find ./$OUT -type d -empty -delete
-fi
+mv -f ./${RELEASE_OUT}/**/* ./${RELEASE_OUT}/
+find ./${RELEASE_OUT} -type d -empty -delete
 
-if [ -n "$CHECKSUMS" ]; then
-  if ! type shasum > /dev/null 2>&1; then
-    echo >&2 "ERROR: shasum is required"
-    exit 1
-  fi
-  find ./$OUT/ -type f \( -iname "buildx-*" ! -iname "*darwin*" \) -print0 | sort -z | xargs -r0 shasum -a 256 -b | sed 's# .*/# #' > ./$OUT/checksums.txt
+# checksums
+if ! type shasum > /dev/null 2>&1; then
+  echo >&2 "ERROR: shasum is required"
+  exit 1
 fi
+find ./${RELEASE_OUT}/ -type f \( -iname "buildx-*" ! -iname "*darwin*" \) -print0 | sort -z | xargs -r0 shasum -a 256 -b | sed 's# .*/# #' > ./${RELEASE_OUT}/checksums.txt

hack/shell

@@ -2,17 +2,18 @@
 
 set -e
 
+: ${BUILDX_CMD=docker buildx}
 : ${TMUX=}
 
 function clean {
-  docker rmi $(cat $iidfile)
+  docker rmi $iid
 }
 
-iidfile=$(mktemp -t docker-iidfile.XXXXXXXXXX)
-DOCKER_BUILDKIT=1 docker build --iidfile $iidfile --target demo-env .
+iid=buildx-shell
+(set -x ; ${BUILDX_CMD} build --output "type=docker,name=$iid" --target shell .)
 trap clean EXIT
 SSH=
 if [ -n "$MOUNT_SSH_AUTH_SOCK" ]; then
-	SSH="-v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK -e SSH_AUTH_SOCK"
+  SSH="-v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK -e SSH_AUTH_SOCK"
 fi
-docker run $SSH -it --privileged --rm -e TMUX_ENTRYPOINT=$TMUX $(cat $iidfile)
+docker run $SSH -it --privileged --rm -e TMUX_ENTRYPOINT=$TMUX $iid

hack/test

@@ -1,47 +0,0 @@
-#!/usr/bin/env bash
-
-. $(dirname $0)/util
-set -eu -o pipefail
-
-: ${BUILDX_NOCACHE=}
-: ${TEST_COVERAGE=}
-
-importCacheFlags=""
-if [ -n "$cacheRefFrom" ]; then
-  if [ "$cacheType" = "local" ]; then
-    for ref in $cacheRefFrom; do
-      importCacheFlags="$importCacheFlags--cache-from=type=local,src=$ref "
-    done
-  fi
-fi
-
-iid="buildx-tests"
-iidfile=$(mktemp -t docker-iidfile.XXXXXXXXXX)
-
-coverageVol=""
-coverageFlags=""
-if [ "$TEST_COVERAGE" = "1" ]; then
-  covdir="$(pwd)/coverage"
-  mkdir -p "$covdir"
-  coverageVol="-v $covdir:/coverage"
-  coverageFlags="-coverprofile=/coverage/coverage.txt -covermode=atomic"
-fi
-
-buildxCmd build $importCacheFlags \
-  --target "integration-tests" \
-  --output "type=docker,name=$iid" \
-  $currentcontext
-
-cacheVolume="buildx-cache"
-if ! docker inspect "$cacheVolume" > /dev/null 2>&1; then
-  cacheVolume=$(docker create --name=buildx-cache -v /root/.cache -v /go/pkg/mod alpine)
-fi
-
-docker run --rm -v /tmp $coverageVol --volumes-from=$cacheVolume --privileged $iid go test $coverageFlags ${TESTFLAGS:--v} ${TESTPKGS:-./...}
-
-if [ -n "$BUILDX_NOCACHE" ]; then
-  docker rm -v $cacheVolume
-fi
-
-rm "$iidfile"
-docker rmi $iid

hack/update-docs

@@ -1,16 +1,11 @@
 #!/usr/bin/env bash
 
-. $(dirname $0)/util
-set -eu
+set -eu -o pipefail
+
+: ${BUILDX_CMD=docker buildx}
 
 output=$(mktemp -d -t buildx-output.XXXXXXXXXX)
-
-buildxCmd build \
-  --target "update" \
-  --output "type=local,dest=$output" \
-  --file "./hack/dockerfiles/docs.Dockerfile" \
-  .
-
+(set -x ; ${BUILDX_CMD} bake --set "*.output=$output" update-docs)
 rm -rf ./docs/reference/*
 cp -R "$output"/out/* ./docs/
 rm -rf $output

hack/update-vendor

@@ -1,16 +1,11 @@
 #!/usr/bin/env bash
 
-. $(dirname $0)/util
-set -eu
+set -eu -o pipefail
+
+: ${BUILDX_CMD=docker buildx}
 
 output=$(mktemp -d -t buildx-output.XXXXXXXXXX)
-
-buildxCmd build \
-  --target "update" \
-  --output "type=local,dest=$output" \
-  --file "./hack/dockerfiles/vendor.Dockerfile" \
-  .
-
+(set -x ; ${BUILDX_CMD} bake --set "*.output=$output" update-vendor)
 rm -rf ./vendor
 cp -R "$output"/out/* .
 rm -rf $output

hack/util

@@ -1,66 +0,0 @@
-#!/usr/bin/env sh
-
-: ${CI=}
-: ${PREFER_BUILDCTL=}
-: ${PREFER_LEGACY=}
-: ${CLI_PLATFORM=}
-: ${GITHUB_ACTIONS=}
-: ${CACHEDIR_FROM=}
-: ${CACHEDIR_TO=}
-
-if [ "$PREFER_BUILDCTL" = "1" ]; then
-  echo >&2 "WARNING: PREFER_BUILDCTL is no longer supported. Ignoring."
-fi
-
-if [ "$PREFER_LEGACY" = "1" ]; then
-  echo >&2 "WARNING: PREFER_LEGACY is no longer supported. Ignoring."
-fi
-
-progressFlag=""
-if [ "$CI" = "true" ]; then
-  progressFlag="--progress=plain"
-fi
-
-buildxCmd() {
-  if docker buildx version >/dev/null 2>&1; then
-    set -x
-    docker buildx "$@" $progressFlag
-  elif buildx version >/dev/null 2>&1; then
-    set -x
-    buildx "$@" $progressFlag
-  elif docker version >/dev/null 2>&1; then
-    set -x
-    DOCKER_BUILDKIT=1 docker "$@" $progressFlag
-  else
-    echo >&2 "ERROR: Please enable DOCKER_BUILDKIT or install standalone buildx"
-    exit 1
-  fi
-}
-
-if [ -z "$CLI_PLATFORM" ]; then
-  if [ "$(uname -s)" = "Darwin" ]; then
-      arch="$(uname -m)"
-      if [ "$arch" = "x86_64" ]; then
-          arch="amd64"
-      fi
-      CLI_PLATFORM="darwin/$arch"
-  elif uname -s | grep MINGW > /dev/null 2>&1 ; then
-    CLI_PLATFORM="windows/amd64"
-  fi
-fi
-
-cacheType=""
-cacheRefFrom=""
-cacheRefTo=""
-currentref=""
-if [ "$GITHUB_ACTIONS" = "true" ]; then
-  currentref="git://github.com/$GITHUB_REPOSITORY#$GITHUB_REF"
-  cacheType="local"
-  cacheRefFrom="$CACHEDIR_FROM"
-  cacheRefTo="$CACHEDIR_TO"
-fi
-
-currentcontext="."
-if [ -n "$currentref" ]; then
-  currentcontext="--build-arg BUILDKIT_CONTEXT_KEEP_GIT_DIR=1 $currentref"
-fi

hack/validate-docs

@@ -1,29 +0,0 @@
-#!/usr/bin/env sh
-set -eu
-
-case ${1:-} in
-  '')
-    . $(dirname $0)/util
-    buildxCmd build \
-      --target validate \
-      --file ./hack/dockerfiles/docs.Dockerfile \
-      .
-    ;;
-  check)
-    status="$(git status --porcelain -- docs/reference 2>/dev/null)"
-    diffs=$(echo "$status" | grep -v '^[RAD] ' || true)
-    if [ "$diffs" ]; then
-      {
-        set +x
-        echo 'The result of ./hack/update-docs differs'
-        echo
-        echo "$diffs"
-        echo
-        echo 'Please vendor your package with ./hack/update-docs'
-        echo
-      } >&2
-      exit 1
-    fi
-    echo 'Congratulations! All docs changes are done the right way.'
-    ;;
-esac

hack/validate-vendor

@@ -1,29 +0,0 @@
-#!/usr/bin/env sh
-set -eu
-
-case ${1:-} in
-  '')
-    . $(dirname $0)/util
-    buildxCmd build \
-      --target validate \
-      --file ./hack/dockerfiles/vendor.Dockerfile \
-      .
-    ;;
-  check)
-    status="$(git status --porcelain -- go.mod go.sum vendor 2>/dev/null)"
-    diffs=$(echo "$status" | grep -v '^[RAD] ' || true)
-    if [ "$diffs" ]; then
-      {
-        set +x
-        echo 'The result of "make vendor" differs'
-        echo
-        echo "$diffs"
-        echo
-        echo 'Please vendor your package with "make vendor"'
-        echo
-      } >&2
-      exit 1
-    fi
-    echo 'Congratulations! All vendoring changes are done the right way.'
-    ;;
-esac