Merge pull request #2 from anapsix/allow-writes-to-temp-file

anapsix · web-flow · commit a87e41662aec · 2022-12-07T12:14:23.000-05:00
Fixes #1 * making temp kubeconfig writable * updating build process.. + upgrading alpine `3.15 -> 3.17` + improving Dockerfile + improving Makefile
diff --git a/Dockerfile b/Dockerfile
@@ -1,26 +1,42 @@
+# syntax=docker/dockerfile:1.4
+
 ## this stage installs everything required to build the project
-FROM alpine:3.15 as build
-RUN apk add --no-cache musl-dev yaml-static upx && \
-    apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main \
-      llvm11-libs && \
-    apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
-      crystal shards
+FROM alpine:3.17 as build
+ARG TARGETPLATFORM
+ARG TARGETARCH
+ARG UPX_PACK=1
+RUN \
+  echo >&2 "## TARGETPLATFORM: ${TARGETPLATFORM}" && \
+  echo >&2 "## TARGETARCH: ${TARGETARCH}" && \
+  echo >&2 "## arch: $(arch)" && \
+  echo >&2 "## UPX_PACK: ${UPX_PACK}" && \
+  PACKAGES="musl-dev yaml-static crystal shards" && \
+  if [ "${UPX_PACK}" == "1" ]; then \
+    PACKAGES="${PACKAGES} upx"; \
+  fi && \
+  echo >&2 "### installing OS packages: ${PACKAGES}" && \
+  apk add --no-cache $PACKAGES
 WORKDIR /tmp
-COPY VERSION .
-COPY shard.yml .
-COPY k8s-vault_example.yaml .
-COPY k8s-vault-completion.bash .
-COPY ./src ./src
+COPY --link VERSION .
+COPY --link shard.yml .
+COPY --link k8s-vault_example.yaml .
+COPY --link k8s-vault-completion.bash .
+COPY --link ./src ./src
 RUN \
+    echo >&2 "### installing dependencies.." && \
     shards install && \
+    echo >&2 "### building.." && \
     crystal build --progress --release --static src/cli.cr -o /tmp/k8s-vault && \
-    upx /tmp/k8s-vault && \
+    if [ "${UPX_PACK}" == "1" ]; then \
+      echo >&2 "### upx packing.." && \
+      upx /tmp/k8s-vault; \
+    fi && \
     echo >&2 "## Version check: $(/tmp/k8s-vault -v)" && \
     echo >&2 "## Help Check" && \
     /tmp/k8s-vault --help
 
 
-## this stage created final docker image
+## this stage creates final docker image
 FROM busybox as release
 COPY --from=build /tmp/k8s-vault /bin/k8s-vault
 USER nobody
diff --git a/Makefile b/Makefile
@@ -6,8 +6,14 @@ ifeq ($(UNAME_S),Linux)
   OS:= linux
 endif
 UNAME_M:= $(shell uname -m)
-ifeq ($(UNAME_M),x86_64)
-  ARCH:= amd64
+ifeq ($(UNAME_M), x86_64)
+  ARCH ?= amd64
+else ifeq ($(UNAME_M), arm64)
+  ARCH ?= arm64
+else ifeq ($(UNAME_M), aarch64)
+  ARCH ?= arm64
+else
+  $(error the "$(UNAME_M)" arch is not supported)
 endif
 
 BINARY:= k8s-vault
@@ -16,33 +22,45 @@ TARGET:= src/cli
 RELEASE_DIR:= releases
 OUTPUT:= ./$(RELEASE_DIR)/$(BINARY)-$(VERSION)-$(OS)-$(ARCH)
 
-.PHONY: all clean version prepare
+.PHONY: all clean version prepare help
 
-all: clean prepare releases
+all: clean prepare releases ## Builds everything
 
-releases: prepare version $(TARGET) pack docker
-	docker run -it --rm -v ${PWD}/$(RELEASE_DIR):/app --entrypoint "sh" $(BINARY):$(VERSION) -c "cp /bin/$(BINARY) /app/$(BINARY)-$(VERSION)-linux-amd64"
+help: ## Show this help
+	@echo
+	@printf '\033[34mtargets:\033[0m\n'
+	@grep -hE '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) |\
+		sort |\
+		awk 'BEGIN {FS = ":.*?## "}; {printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2}'
 
-docker:
-	docker build -t $(BINARY):$(VERSION) .
-	docker tag $(BINARY):$(VERSION) $(BINARY):latest
+releases: prepare version $(TARGET) pack docker docker_arm64 ## Builds releases
+	docker run -it --rm --platform linux/amd64 -v ${PWD}/$(RELEASE_DIR):/app --entrypoint "sh" $(BINARY):$(VERSION)-amd64 -c "cp /bin/$(BINARY) /app/$(BINARY)-$(VERSION)-linux-amd64"
+	docker run -it --rm --platform linux/arm64 -v ${PWD}/$(RELEASE_DIR):/app --entrypoint "sh" $(BINARY):$(VERSION)-arm64 -c "cp /bin/$(BINARY) /app/$(BINARY)-$(VERSION)-linux-arm64"
+
+docker: ## Builds docker image amd64
+	docker build --platform linux/amd64 -t $(BINARY):$(VERSION)-amd64 .
+	docker tag $(BINARY):$(VERSION)-amd64 $(BINARY):latest-amd64
+
+docker_arm64: ## Builds docker image for arm64
+	docker build --platform linux/arm64 -t $(BINARY):$(VERSION)-arm64 .
+	docker tag $(BINARY):$(VERSION)-arm64 $(BINARY):latest-arm64
 
 prepare:
 	@if [ ! -d ./$(RELEASE_DIR) ]; then mkdir ./$(RELEASE_DIR); fi
 
-clean:
+clean: ## Removes release directory
 	@rm -f ./$(RELEASE_DIR)/*
 	@echo >&2 "cleaned up"
 
-version:
+version: ## Updates the version
 	@sed -i "" 's/^version:.*/version: "$(VERSION)"/g' k8s-vault_example.yaml
 	@sed -i "" 's/^version:.*/version: $(VERSION)/g' shard.yml
 	@echo "shard.yml updated with version $(VERSION)"
 
 $(TARGET): % : prepare $(filter-out $(TEMPS), $(OBJ)) %.cr
 	@crystal build src/cli.cr -o $(OUTPUT) --progress --release
 	@rm ./$(RELEASE_DIR)/*.dwarf
-	@echo "compiled binaries places to \"./$(RELEASE_DIR)\" directory"
+	@echo "compiled binaries placed to \"./$(RELEASE_DIR)\" directory"
 
-pack:
+pack: ## Runs UPX on locally built binary
 	@find ./$(RELEASE_DIR) -type f -name "$(BINARY)-$(VERSION)-$(OS)-$(ARCH)" | xargs upx
diff --git a/README.md b/README.md
@@ -24,7 +24,7 @@ Or build from source:
 ```sh
 git clone https://github.com/anapsix/k8s-vault.cr.git
 cd k8s-vault.cr
-shards build
+shards build # or "make src/cli"
 # copy ./bin/k8s-vault to some directory in your PATH
 ```
 
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.4.2
+0.4.3
diff --git a/k8s-vault_example.yaml b/k8s-vault_example.yaml
@@ -1,4 +1,4 @@
-version: "0.4.2"
+version: "0.4.3"
 k8s_api_timeout: 5 # in seconds
 ssh_forwarding_port:
   random: true
diff --git a/shard.yml b/shard.yml
@@ -1,5 +1,5 @@
 name: k8s-vault
-version: 0.4.2
+version: 0.4.3
 
 description: |
   k8s-vault makes it easy to reach K8s API via jumphost, using SSH port forwarding.
diff --git a/src/k8s-vault.cr b/src/k8s-vault.cr
@@ -271,7 +271,7 @@ module K8sVault
     begin
       config = K8sVault.config(kubecontext: kubecontext)
       # write temp KUBECONFIG
-      File.write(K8sVault::KUBECONFIG_TEMP, config.kubeconfig, perm = 0o0400)
+      File.write(K8sVault::KUBECONFIG_TEMP, config.kubeconfig, perm = 0o0600)
     rescue K8sVault::UnconfiguredContextError
       K8sVault::Log.error "\"#{kubecontext}\" context is not found in #{K8sVault::K8SVAULT_CONFIG}"
       cleanup

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-version: "0.4.2"`
	`1`	`+version: "0.4.3"`
`2`	`2`	`k8s_api_timeout: 5 # in seconds`
`3`	`3`	`ssh_forwarding_port:`
`4`	`4`	`random: true`