build binaries locally

hack/make/build.mk

@@ -1,6 +1,6 @@
 ifeq ($(VERSION),)
 	# Define VERSION, which is used for image tags or to bake it into the
-	# compiled binary to enable the printing of the application version, 
+	# compiled binary to enable the printing of the application version,
 	# via the --version flag.
 	CHANGES = $(shell git status --porcelain --untracked-files=no)
 	ifneq ($(CHANGES),)

hack/make/deps.mk

@@ -1,21 +1,13 @@
 # renovate: datasource=github-release-attachments depName=rancher/helm
-HELM_VERSION := v3.18.4-rancher1
+HELM_VERSION := v3.20.0-rancher2
 
 # renovate-local: kubectl-amd64
-KUBECTL_VERSION := v1.33.9
-# renovate-local: kubectl-arm64=v1.33.9
-KUBECTL_SUM_arm64 := af4dc943a6f447ecb070340efe63c7f8ee2808e6c0bc42126efe7cde0cc1e69b
-# renovate-local: kubectl-amd64=v1.33.9
-KUBECTL_SUM_amd64 := 9e33e3234c0842cd44a12c13e334b4ce930145ea84b855ce7cc0a7b6bc670c22
+KUBECTL_VERSION := v1.33.12
 
 # renovate: datasource=github-release-attachments depName=derailed/k9s
-K9S_VERSION := v0.50.18
-# renovate: datasource=github-release-attachments depName=derailed/k9s digestVersion=v0.50.18
-K9S_SUM_arm64 := d3dcc051d6be26ee911c00f583412802ebe203a189e51bc079332cb410c83b38
-# renovate: datasource=github-release-attachments depName=derailed/k9s digestVersion=v0.50.18
-K9S_SUM_amd64 := 0b697ed4aa80997f7de4deeed6f1fba73df191b28bf691b1f28d2f45fa2a9e9b
+K9S_VERSION := v0.51.0
 
 # Reduces the code duplication on Makefile by keeping all args into a single variable.
 IMAGE_ARGS := --build-arg HELM_VERSION=$(HELM_VERSION) \
-			  --build-arg KUBECTL_VERSION=$(KUBECTL_VERSION) --build-arg KUBECTL_SUM_arm64=$(KUBECTL_SUM_arm64) --build-arg KUBECTL_SUM_amd64=$(KUBECTL_SUM_amd64) \
-			  --build-arg K9S_VERSION=$(K9S_VERSION) --build-arg K9S_SUM_arm64=$(K9S_SUM_arm64) --build-arg K9S_SUM_amd64=$(K9S_SUM_amd64)
+			  --build-arg KUBECTL_VERSION=$(KUBECTL_VERSION) \
+			  --build-arg K9S_VERSION=$(K9S_VERSION)

package/Dockerfile

@@ -1,49 +1,67 @@
-ARG BCI_VERSION=15.7
+ARG BCI_VERSION=16.0
+ARG GO_IMAGE=rancher/hardened-build-base:v1.25.11b1
 FROM registry.suse.com/bci/bci-busybox:${BCI_VERSION} AS final
 
 # Image that provides cross compilation tooling.
 FROM --platform=$BUILDPLATFORM rancher/mirrored-tonistiigi-xx:1.6.1 AS xx
 
-FROM --platform=$BUILDPLATFORM registry.suse.com/bci/golang:1.24 AS helm
+FROM --platform=$BUILDPLATFORM ${GO_IMAGE} AS helm
 
 # Clone repository once, and reuse it for target archs.
 ARG HELM_VERSION
 ADD --keep-git-dir=true https://github.com/rancher/helm.git#${HELM_VERSION} /helm
-RUN cd /helm && go mod download
+RUN --mount=type=cache,target=/go/pkg/mod \
+    cd /helm && go mod download
 
 COPY --from=xx / /
 
 # Cross-compile instead of emulating the compilation on the target arch.
 ARG TARGETPLATFORM
 RUN xx-go --wrap && mkdir -p /run/lock
-RUN make -C /helm
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    make -C /helm
 
 RUN xx-verify --static /helm/bin/helm
 
-FROM --platform=$BUILDPLATFORM registry.suse.com/bci/bci-base:${BCI_VERSION} AS build
-RUN zypper -n install curl gzip tar
+FROM --platform=$BUILDPLATFORM ${GO_IMAGE} AS kubectl
 
-# Define build arguments
-ARG KUBECTL_VERSION KUBECTL_SUM_arm64 KUBECTL_SUM_amd64 \
-    HELM_VERSION HELM_SUM_arm64 HELM_SUM_amd64 \
-    K9S_VERSION K9S_SUM_arm64 K9S_SUM_amd64
-
-ARG TARGETARCH
-# Stage kubectl into build
-ADD --chown=root:root --chmod=0755 \
-    "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl" \
-    /kubectl
-
-ENV KUBECTL_SUM="KUBECTL_SUM_${TARGETARCH}"
-RUN echo "${!KUBECTL_SUM}  /kubectl" | sha256sum -c -
+ARG KUBECTL_VERSION
+ADD https://github.com/kubernetes/kubernetes/archive/refs/tags/${KUBECTL_VERSION}.tar.gz /src.tar.gz
+RUN mkdir /src && tar -xzf /src.tar.gz -C /src --strip-components=1 && rm /src.tar.gz
 
+COPY --from=xx / /
+ARG TARGETPLATFORM
+RUN xx-go --wrap
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    cd /src && \
+    KUBE_GIT_VERSION=${KUBECTL_VERSION} \
+    KUBE_GIT_COMMIT=unknown \
+    KUBE_GIT_TREE_STATE=clean \
+    KUBE_BUILD_PLATFORMS=$(xx-info os)/$(xx-info arch) \
+    GOFLAGS="-tags=providerless" \
+    CGO_ENABLED=0 \
+    make WHAT=cmd/kubectl && \
+    cp /src/_output/local/bin/$(xx-info os)/$(xx-info arch)/kubectl /kubectl
+RUN xx-verify --static /kubectl
+
+FROM --platform=$BUILDPLATFORM ${GO_IMAGE} AS k9s
+
+ARG K9S_VERSION
+ADD https://github.com/derailed/k9s/archive/refs/tags/${K9S_VERSION}.tar.gz /src.tar.gz
+RUN mkdir /src && tar -xzf /src.tar.gz -C /src --strip-components=1 && rm /src.tar.gz
 
-# Stage k9s into build
-ADD "https://github.com/derailed/k9s/releases/download/${K9S_VERSION}/k9s_Linux_${TARGETARCH}.tar.gz" \
-    /tmp/k9s.tar.gz
-ENV K9S_SUM="K9S_SUM_${TARGETARCH}"
-RUN echo "${!K9S_SUM}  /tmp/k9s.tar.gz" | sha256sum -c - && \
-    tar -xvzf /tmp/k9s.tar.gz -C / k9s
+COPY --from=xx / /
+ARG TARGETPLATFORM
+RUN xx-go --wrap
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    cd /src && \
+    CGO_ENABLED=0 go build -trimpath \
+      -ldflags="-s -w -X github.com/derailed/k9s/cmd.version=${K9S_VERSION}" \
+      -o /k9s .
+RUN xx-verify --static /k9s
 
 FROM registry.suse.com/bci/bci-base:${BCI_VERSION} AS zypper
 
@@ -64,23 +82,24 @@ RUN zypper --non-interactive refresh && \
 
 RUN echo 'shell:x:1000:1000:shell,,,:/home/shell:/bin/bash' > /chroot/etc/passwd && \
         echo 'shell:x:1000:' > /chroot/etc/group && \
-        mkdir /chroot/home/shell && \
+        mkdir -p /chroot/home/shell/.kube /chroot/home/shell/helm-run && \
         echo '. /etc/profile.d/bash_completion.sh' >> /chroot/home/shell/.bashrc && \
         echo 'alias k="kubectl"' >> /chroot/home/shell/.bashrc && \
         echo 'alias ks="kubectl -n kube-system"' >> /chroot/home/shell/.bashrc && \
         echo 'source <(kubectl completion bash)' >> /chroot/home/shell/.bashrc && \
         echo 'complete -o default -F __start_kubectl k' >> /chroot/home/shell/.bashrc && \
         echo 'LANG=en_US.UTF-8' >> /chroot/home/shell/.bashrc && \
         echo 'PS1="> "' >> /chroot/home/shell/.bashrc && \
-        mkdir /chroot/home/shell/.kube && \
-        chown -R 1000:1000 /chroot/home/shell && \
-        chmod 700 /chroot/run
+        mkdir -p /chroot/tmp && \
+        chmod 1777 /chroot/tmp && \
+        chown -R 1000:1000 /chroot/home/shell
 
 FROM scratch
 
 COPY --from=zypper /chroot /
 COPY --chown=root:root --chmod=0755 --from=helm /helm/bin/helm /usr/local/bin/
-COPY --chown=root:root --chmod=0755 --from=build /kubectl /k9s /usr/local/bin/
+COPY --chown=root:root --chmod=0755 --from=kubectl /kubectl /usr/local/bin/
+COPY --chown=root:root --chmod=0755 --from=k9s /k9s /usr/local/bin/
 COPY --chown=root:root --chmod=0755 package/helm-cmd package/welcome package/kustomize /usr/local/bin/
 
 USER 1000