k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/config/jobs/image-pushing/README.md

k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/config/jobs/image-pushing/README.md (about)

     1  # Image pushing jobs
     2  
     3  This directory contains jobs that run in the trusted cluster and kick off GCB
     4  jobs that then push images to staging GCR/AR repos. These jobs are the recommended
     5  way to regularly publish images to staging.
     6  
     7  ## Getting started
     8  
     9  You'll need a staging GCR. If you don't have one,
    10  [instructions are over here][registry instructions]. Once you have one, there are two
    11  components two getting set up:
    12  
    13  * A `cloudbuild.yaml` file in your repo, customised to build your images in
    14    whatever way works for you
    15  * A cookie-cutter prow job config in this directory. These are almost the same
    16    for all builds, and variance should be avoided wherever possible.
    17  
    18  ## cloudbuild.yaml
    19  
    20  The contents of `cloudbuild.yaml` depends on how your repo produces images.
    21  The [official documentation][gcb documentation] discusses these in the general
    22  case. If your image can be built using `go build` and pushed using
    23  `docker push`, that advice should be sufficient.
    24  
    25  ### Custom substitutions
    26  
    27  We add two [custom substitutions][substitution docs] to your GCB builds:
    28  `_GIT_TAG` and `_PULL_BASE_REF`.
    29  
    30  `_GIT_TAG` will contain a tag of the form `vYYYYMMDD-hash`, `vYYYYMMDD-tag`, or
    31  `vYYYYMMDD-tag-n-ghash`, depending on the git tags on your repo. We recommend
    32  using `$_GIT_TAG` to tag your images.
    33  
    34  `_PULL_BASE_REF` will contain the base ref that was pushed to - for instance,
    35  `master` or `release-0.2` for a PR merge, or `v0.2` for a tag. You can use this
    36  for logic in your build process (like deciding whether to update `latest`) if
    37  desired.
    38  
    39  ### Simple build example
    40  
    41  If your build just involves `go build` and `docker build`, you can use a
    42  `cloudbuild.yaml` that looks something like this (assuming you use go modules):
    43  
    44  ```yaml
    45  # See https://cloud.google.com/cloud-build/docs/build-config
    46  
    47  # this must be specified in seconds. If omitted, defaults to 600s (10 mins)
    48  timeout: 1200s
    49  steps:
    50    - name: golang:1.13
    51      args: ['go', 'build', '-o', 'somebin', '.']
    52      env:
    53      - CGO_ENABLED=0
    54      - GOOS=linux
    55      - GOARCH=amd64
    56    - name: gcr.io/cloud-builders/docker
    57      args:
    58      - build
    59      - --tag=gcr.io/$PROJECT_ID/some-image:$_GIT_TAG
    60      - --tag=gcr.io/$PROJECT_ID/some-image:latest
    61      - .
    62      # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx
    63      # set the home to /root explicitly to if using docker buildx
    64      # - HOME=/root
    65  substitutions:
    66    _GIT_TAG: '12345'
    67    _PULL_BASE_REF: 'master'
    68  # this prevents errors if you don't use both _GIT_TAG and _PULL_BASE_REF,
    69  # or any new substitutions added in the future.
    70  options:
    71    substitution_option: ALLOW_LOOSE
    72  # this will push these images, or cause the build to fail if they weren't built.
    73  images:
    74    - 'gcr.io/$PROJECT_ID/some-image:$_GIT_TAG'
    75    - 'gcr.io/$PROJECT_ID/some-image:latest'
    76  ```
    77  
    78  ### Makefile build example
    79  
    80  If your build process is driven by a Makefile or similar, you can use GCB to
    81  invoke that. We provide the [`gcr.io/k8s-testimages/gcb-docker-gcloud` image][gcb-docker-gcloud],
    82  which contains components that are likely to be useful for your builds. A sample
    83  `cloudbuild.yaml` using `make` to build and push might look like this:
    84  
    85  ```yaml
    86  # See https://cloud.google.com/cloud-build/docs/build-config
    87  
    88  # this must be specified in seconds. If omitted, defaults to 600s (10 mins)
    89  timeout: 1200s
    90  # this prevents errors if you don't use both _GIT_TAG and _PULL_BASE_REF,
    91  # or any new substitutions added in the future.
    92  options:
    93    substitution_option: ALLOW_LOOSE
    94  steps:
    95    - name: 'gcr.io/k8s-testimages/gcb-docker-gcloud:v20190906-745fed4'
    96      entrypoint: make
    97      env:
    98      - DOCKER_CLI_EXPERIMENTAL=enabled
    99      - TAG=$_GIT_TAG
   100      - BASE_REF=$_PULL_BASE_REF
   101      args:
   102      - release-staging
   103  substitutions:
   104    # _GIT_TAG will be filled with a git-based tag for the image, of the form vYYYYMMDD-hash, and
   105    # can be used as a substitution
   106    _GIT_TAG: '12345'
   107    # _PULL_BASE_REF will contain the ref that was pushed to to trigger this build -
   108    # a branch like 'master' or 'release-0.2', or a tag like 'v0.2'.
   109    _PULL_BASE_REF: 'master'
   110  ```
   111  
   112  ## Prow config template
   113  
   114  These jobs run in the trusted cluster. As such, we will not accept variants that
   115  run arbitrary code inside the prow job, or jobs that substantially deviate from
   116  this template. One day, we may automate this away.
   117  
   118  If you aren't sure, feel free to ask a [reviewer](./OWNERS) to do this part
   119  for you. 
   120  
   121  Prow config should be in a file named after your staging GCR project, and should
   122  be based on this template:
   123  
   124  ```yaml
   125  postsubmits:
   126    # This is the github repo we'll build from. This block needs to be repeated
   127    # for each repo.
   128    kubernetes-sigs/some-repo-name:
   129      # The name should be changed to match the repo name above
   130      - name: post-some-repo-name-push-images
   131        cluster: k8s-infra-prow-build-trusted
   132        annotations:
   133          # This is the name of some testgrid dashboard to report to.
   134          # If this is the first one for your sig, you may need to create one
   135          testgrid-dashboards: sig-something-image-pushes
   136        decorate: true
   137        # this causes the job to only run on the master branch. Remove it if your
   138        # job makes sense on every branch (unless it's setting a `latest` tag it
   139        # probably does).
   140        branches:
   141          - ^master$
   142        spec:
   143          serviceAccountName: gcb-builder
   144          containers:
   145            - image: gcr.io/k8s-staging-test-infra/image-builder:v20210913-fc7c4e84f6
   146              command:
   147                - /run.sh
   148              args:
   149                # this is the project GCB will run in, which is the same as the GCR
   150                # images are pushed to.
   151                - --project=k8s-staging-cluster-api
   152                # This is the same as above, but with -gcb appended.
   153                - --scratch-bucket=gs://k8s-staging-cluster-api-gcb
   154                - --env-passthrough=PULL_BASE_REF
   155                - .
   156  ```
   157  
   158  If you need the `.git` directory to be uploaded to your build environment:
   159  - pass the `--with-git-dir` command-line option to `run.sh`;
   160  - add an empty `.gcloudignore` file to your repository. This will override the
   161    [default values][gcloudignore].
   162  
   163  [registry instructions]: https://github.com/kubernetes/k8s.io/blob/main/registry.k8s.io/README.md
   164  [gcb documentation]: https://cloud.google.com/cloud-build/docs/configuring-builds/create-basic-configuration
   165  [gcb-docker-gcloud]: https://github.com/kubernetes/test-infra/blob/master/images/gcb-docker-gcloud/Dockerfile
   166  [gcloudignore]: https://cloud.google.com/sdk/gcloud/reference/topic/gcloudignore
   167  [substitution docs]: https://cloud.google.com/cloud-build/docs/configuring-builds/substitute-variable-values#using_user-defined_substitutions