* Support --tag and --tag-only with nop publisher
* log the output, for debugging
* unset KO_DOCKER_REPO for push=false test
* run e2e test first before other stuff
* review feedback
* Produce OCI images by default
This changes build logic to prefer to produce OCI images and indexes,
even if original base images are Docker manifests or manifest lists.
OCI indexes support annotations, while Docker manifest lists do not, and
we'd like to inject base image information in annotations wherever possible.
Since Quay.io recently added support for OCI manifests, this is no
longer a serious breaking change -- and anyway, producing SBOMs by default
already breaks Quay.io without --sbom=none.
This behavior can be disabled with --preserve-docker-media-type=true,
which will result in Docker-type manifests being produced if and only if
the base image was a Docker-typed manifest.
This partially reverts commit 42723d75e7.
* drop e2e test
* update generated docs
* --preserve-media-type
* docs
* Generate CycloneDX SBOMs using our own JSON generation
* fix some errors
* Add support to ko deps
* Add e2e SBOM validation
* ignore empty hashes (why are hashes empty?)
This adds implicit support for Google, Amazon, Azure and GitHub
container registries if the environment provides credentials.
Binary size increases from 22 MB -> 26 MB
* Pre-parse platform string with StringSliceVar
This allows users to declare --platform multiple times and have the
values appended, i.e.:
ko build --platform=linux/amd64 --platform=linux/arm64
is equivalent to
ko build --platform=linux/amd64,linux/arm64
As a side effect, platformMatcher.spec and gobuildOpener.platforms are
now of type []string (instead of string) to maintain structure of
information from flag parsing.
* Adjust comments and styling for clarity.
* The flag --platform is now of type strings.
Internally cobra/pflag defines StringSliceVar as "strings" whereas
StringVar is defined as "string".
This change is updated by running hack/update-codegen.sh script.
* Add backwards compatibility for WithPlatforms function signature
Update comments to reflect implementation as well.
* Fix syntax failure on unit test
* Add support for `--image-refs`
This change adds a new `--image-refs=FILE` flag that can be used to
direct `ko` to write a file containing a `\n` delimited list of published
references. In the common case, this will contain the list of digest
references, but if flags directing the use of tags are present this
will reflect the style of reference requested.
* Fix dates, interface check.
* Support osversion when selecting base images
Use this in e2e tests.
Also clean up usage of bo.Platform vs a new platform var.
* use correct osversion
* Build each platform concurrently
At least on my machine, this is slightly faster on a cold build and
saves significant time on a warm build.
* Plumb --jobs down to multi-arch
* Add deprecation warning for build.Limiter
We were emitting package checksum hashes as `h1:{base64}`. `h1:` is a prefix that indicates "Hash 1", which is a SHA-256 based hash of the files, which is then base64 encoded as the suffix.
This change detects/strips the `h1:` prefix and re-encodes the base64 data as hex.
* Connect SBOMs with SPDX support.
This combines Jason's SPDX stuff and my SBOM stuff to support
SPDX-based SBOMs by default instead of our `go version -m`
invention.
* Make ko deps use SPDX by default
This adds functionality that enables the default publisher to
publish SBOMs (and later signatures and attestations) when the
`build.Result` is an `oci.SignedEntity`.
This also changes the `gobuild` logic to start producing
`oci.Signed*` as its `build.Result`s, so when executed we get an
SBOM for each architecture image.
For example, see the "Published SBOM" lines below:
```shell
2021/11/19 19:24:50 Using base gcr.io/distroless/static:nonroot for github.com/google/ko
2021/11/19 19:24:51 Building github.com/google/ko for linux/amd64
2021/11/19 19:24:52 Building github.com/google/ko for linux/arm64
2021/11/19 19:24:57 Publishing ghcr.io/mattmoor/ko:latest
2021/11/19 19:24:58 existing blob: sha256:c78c74e7bb4a511f7d31061fbf140d55d5549a62d33cdbdf0c57ffe43603bbeb
2021/11/19 19:24:58 existing blob: sha256:4aa59d0bf53d4190174fbbfa3e9b15fdab72e5a95077025abfa8435ccafa2920
2021/11/19 19:24:58 ghcr.io/mattmoor/ko:sha256-d2bc030f5ed083d5e6a30a7969c9a8e599511b8d7a6e20695bf5ea029b6e2c3f.sbom: digest: sha256:c67ec671aaa82902e619883a7ac7486e6f9af36653449e2eb030ba273fe5a022 size: 348
2021/11/19 19:24:58 Published SBOM ghcr.io/mattmoor/ko:sha256-d2bc030f5ed083d5e6a30a7969c9a8e599511b8d7a6e20695bf5ea029b6e2c3f.sbom
2021/11/19 19:24:58 existing blob: sha256:c78c74e7bb4a511f7d31061fbf140d55d5549a62d33cdbdf0c57ffe43603bbeb
2021/11/19 19:24:58 existing blob: sha256:4aa59d0bf53d4190174fbbfa3e9b15fdab72e5a95077025abfa8435ccafa2920
2021/11/19 19:24:59 ghcr.io/mattmoor/ko:sha256-b74c230f20efd94981e5fd823bacc23cbd71055a1b3b6a0893152b398c67743b.sbom: digest: sha256:c67ec671aaa82902e619883a7ac7486e6f9af36653449e2eb030ba273fe5a022 size: 348
2021/11/19 19:24:59 Published SBOM ghcr.io/mattmoor/ko:sha256-b74c230f20efd94981e5fd823bacc23cbd71055a1b3b6a0893152b398c67743b.sbom
2021/11/19 19:24:59 existing blob: sha256:3f7e3c6765a6abc682cd40ea256fbea5c1d4debbc07659efbc0dedc13eee0da6
2021/11/19 19:24:59 existing blob: sha256:250c06f7c38e52dc77e5c7586c3e40280dc7ff9bb9007c396e06d96736cf8542
2021/11/19 19:24:59 existing blob: sha256:e8614d09b7bebabd9d8a450f44e88a8807c98a438a2ddd63146865286b132d1b
2021/11/19 19:24:59 existing blob: sha256:7067b1bc6f9ce59f3a4ed2216946ebbb27a4f7a102f55d96c6af1dc90e77b510
2021/11/19 19:25:00 ghcr.io/mattmoor/ko@sha256:d2bc030f5ed083d5e6a30a7969c9a8e599511b8d7a6e20695bf5ea029b6e2c3f: digest: sha256:d2bc030f5ed083d5e6a30a7969c9a8e599511b8d7a6e20695bf5ea029b6e2c3f size: 751
2021/11/19 19:25:01 existing blob: sha256:250c06f7c38e52dc77e5c7586c3e40280dc7ff9bb9007c396e06d96736cf8542
2021/11/19 19:25:02 pushed blob: sha256:121c637d5c84562b51404a6f71c1f995ad059740293a3911a0dc33eb223e41a4
2021/11/19 19:25:02 pushed blob: sha256:859e03b7461b2a512159493ef1504d2859ed37c05ed1ef781ff98394ea4799b5
2021/11/19 19:25:02 pushed blob: sha256:d1b55c3db0f16b5056776c6d2c279efd16d28dbf1aae3eef1f3f9b7551d1f490
2021/11/19 19:25:03 ghcr.io/mattmoor/ko@sha256:b74c230f20efd94981e5fd823bacc23cbd71055a1b3b6a0893152b398c67743b: digest: sha256:b74c230f20efd94981e5fd823bacc23cbd71055a1b3b6a0893152b398c67743b size: 751
2021/11/19 19:25:03 ghcr.io/mattmoor/ko:latest: digest: sha256:e4466a7dd9be66c7c1b43a8ecc19247041ece232407a14e3d6ea3c51d2561a71 size: 529
2021/11/19 19:25:03 Published ghcr.io/mattmoor/ko@sha256:e4466a7dd9be66c7c1b43a8ecc19247041ece232407a14e3d6ea3c51d2561a71
ghcr.io/mattmoor/ko@sha256:e4466a7dd9be66c7c1b43a8ecc19247041ece232407a14e3d6ea3c51d2561a71
```
The "SBOM" being attached in this change is the raw output of `go version -m`,
which we will convert to one of the standard formats in a subsequent change.
Enables programmatic control of whether `ko` adds the `-trimpath`
flag to `go build`.
The `-trimpath` flag removes file system paths from the resulting
binary. `ko` adds `-trimpath` by default as it aids in achieving
reproducible builds.
However, removing file system paths makes interactive debugging more
challenging, in particular in mapping source file locations in the
IDE to debug information in the binary.
If you set `Trimpath` to `false` to enable interactive debugging, you
probably also want to set `DisableOptimizations` to `true` to disable
compiler optimizations and inlining.
Reference for `-trimpath`:
https://pkg.go.dev/cmd/go#hdr-Compile_packages_and_dependenciesResolves: #500
Related: #71, #78, https://github.com/GoogleContainerTools/skaffold/issues/6843
Ensure that the directory specified in build configs in `.ko.yaml` is
used to:
1. Load module information
2. Resolve local paths to Go import paths
3. Working directory for compilation
The change achieves this by introducing `gobuilds`, which contains a
map of import path to `build.Interface` instances. Each entry maps to a
`builds` entry from `.ko.yaml`. `gobuilds` dispatches to the builder
instances based on the requested import path, and falls back to a
default builder if there's no match.
Thanks to @jonjohnsonjr for the suggestions in
https://github.com/google/ko/issues/422#issuecomment-909408527
Also removes mutable globals in the `commands` package.
Fixes: #422
* Use working directory and build config `dir`
Use the working directory from `BuildOptions` to load `.ko.yaml`.
Also, use the `dir` build config field to load package information,
instead of assuming that `go.mod` is in the current working directory.
This removes the `init()` function from `./pkg/commands/config.go`.
And avoids the global viper instance, which caused some Heisenbugs (and
associated hair loss).
Fixes: #422, #424
* Return error instead of log.Fatal
`log.Fatal` is no longer needed in `loadConfig()`, since it's no longer
an `init()` function.
Also removed `log.Fatal` from `createBuildConfigMap()`.
* Set build config via BuildOptions
Enables programmatically overriding build configs when ko is
embedded in another tool.
Related: #340, #419
* Use local registry for base images in unit tests
Tests create a local registry (using ggcr) with a dummy base image. This
speeds up tests, since they don't need to hit gcr.io to fetch the
default distroless base image.
* Update function comment to refer to random image
* Generate Markdown docs
This is largely copied from similar work in go-containerregistry
This required moving the Root command definition out of main() into a
place where it could be referenced from the gendoc tooling.
* fix boilerplate
* moar fix boilerplate
* update cmd/ko/main.go
* set -j to GOMAXPROCS at runtime
* rebase on cli-runtime change
* remove trailing whitespace
There are use cases, where multiple Go build flags need to be set. However, the
environment variable to pass flags to Go build has some limits for `ldFlags`.
Add GoReleaser inspired configuration section to `.ko.yaml` to support setting
specific Go build and ldFlags to be used by the build. Like GoReleaser the
content of the configuration can use Go templates. Currently, only a section
for environment variables is included.
In order to reduce dependency overhead, only the respective config structs from
https://github.com/goreleaser/goreleaser/blob/master/pkg/config/config.go are
used internally to load from `.ko.yaml`.
This change adds a `WorkingDirectory` field to `options.BuildOptions`,
but doesn't expose this as a CLI flag. The default zero value means the
current working directory. The value is used as the directory for
executing `go` tool commands.
When embedding ko in other tools, it is sometimes necessary to set the
working directory for executing the `go` tool, instead of assuming the
current process working directory.
An example of where this is required from Skaffold:
https://github.com/GoogleContainerTools/skaffold/tree/master/examples/microservices
In this example, the working directory doesn't contain either `go.mod`
or any Go files. The `skaffold.yaml` configuration file specifies
a `context` field for each image, which is the directory where the `go`
tool can find package information.
- Export functions and a variable to enable embedding of ko's
`publish` functionality to be embedded in other tools.
See https://github.com/GoogleContainerTools/skaffold/pull/5611
- Remove DockerRepo PublishOption and flag.
This removes the `DockerRepo` config option and `--docker-repo`
flag from the PR.
New PR with the extracted config option:
https://github.com/google/ko/pull/351
- Fix copyright headers for boilerplate check.
- Use DockerRepo PublishOption instead of env var.
- Override defaultBaseImage using BuildOptions.
Remove exported package global SetDefaultBaseImage and instead
allow programmatic override of the default base image using
the field `BaseImage` in `options.BuildOptions`.
Also fix copyright header years.
- Add BuildOptions parameter to getBaseImage
This enables access to BaseImage for programmatically overriding
the default base image from `.ko.yaml`.
- Add UserAgent to BuildOptions and PublishOptions
This enables programmatically overriding the `User-Agent` HTTP
request header for both pulling the base image and pushing the
built image.
- Rename MakeBuilder to NewBuilder and MakePublisher to NewPublisher.
For more idiomatic constructor function names.
* Enable override of daemon publisher local domain
Add a `LocalDomain` field to `PublishOptions`, but no flag (yet?).
This allows use of a domain (base repo) other than `ko.local` for images
that are side-loaded to the local Docker daemon.
An alternative implementation would be to add a boolean field that
indicates that `ko publish` should use the value of the `KO_DOCKER_REPO`
environment variable (or the `DockerRepo` field in `PublishOptions`) as
the base name for images side-loaded to the local Docker daemon. I'd be
happy to get feedback on which option would work best.
* Restore NewDaemon tags positional arg
* Add flag and PublishOption for destination repo
This enables programmatically setting the destination image repository
when embedding ko's `publish` functionality in other tools.
See https://github.com/google/ko/pull/348
* Set DockerRepo PublishOption from KO_DOCKER_REPO
This enables programmatically setting the destination image repository
and avoids exposing a flag.
* Update comment on DockerRepo option
* Fix readme and copyright headers
This was using remote.WithTransport to set it manually, and this is much
simpler (also annotates with the go-containerregistry version). This is
really nice because it will give us at least some version information
where we had none before (for non-releases).
Before:
ko
ko/(devel)
ko/v0.7.0
After:
ko go-containerregistry/v0.4.0
ko/(devel) go-containerregistry/v0.4.0
ko/v0.7.0 go-containerregistry/v0.4.0
We dropped this flag, so we're always in non-strict mode by default,
so if there is a ko:// reference that fails to build, we don't error
out. This drops some guards so that we are always in strict mode and
only build ko:// things.
* Allow comma-separated list of platforms
* Parse platform spec once
* Update --platform docs in README
* Update pkg/build/gobuild_test.go
Co-authored-by: Matt Moore <mattmoor@vmware.com>
* Return err for bad defaulting for --platform
Also respect GOARM as variant if the goarch is arm.
* Refactor platform matching
* Update README.md to mention GOARM
* Fix travis test
Co-authored-by: Matt Moore <mattmoor@vmware.com>
* Add ctx to publish.Interface
I noticed that hitting ctrl-C didn't work when pushing images, this
should fix that.
* Use context everywhere that makes sense
* Refactor the publish.Namer to produce the full repo name.
* Add --naked to have image publishing use ${KO_DOCKER_REPO}:tag
* Change flag name, add disclaimer
MultiPublisher now returns an error when it's configured with no
publishers, and resolver.go now appends a nop publisher when it's
configured not to publish, that simulates a publish without actually
pushing any images.
.
* Create a MultiPublisher
MultiPublisher mimics io.MultiWriter in that it will publish an image to
multiple publish.Interface implementations.
* Add publish.{Tarball,Layout}Publisher
This adds support for publishing in the tarball format and to an OCI
image layout.
The tarball format isn't great, yet. It only supports writing once
instead of appending.
* Consolidate options
These were spread all over the place for no reasons. Now all the
publisher related options are grouped together.
* Add options for tarball/layout
Adds --oci-layout-path, --tarball, and --push flags.
--push=false will disable the default behavior of publishing to a
registry.
* go mod vendor
* Add Close method to publish.Interface
This allows us to defer writing to the tarball until we've collected all
the images that have been published.
* Fix tests
When resolving files, we would just log.Fatal if we encountered an
error. This seems to be racy and causes ko to exit with a 0 error code
when it shouldn't. To fix this, we synchronize the builder goroutines
with the kubectl go routine and exit with an error if either of them
failed.
This fix also happened to fix a goroutine leak. If the kubectl goroutine
failed, we never properly cancelled the builds, which would happily
conitnue compiling packages and consuming resources.
* Preserve YAML comments & style when resolving/applying
This is accomplished by adopting the yaml.v3 lib. It
exposes a Node struct that's used internally by the
yaml encoder/decoder
ko internally now manipulates YAML documents using this struct
Fixes#101
* add/remove vendored modules
* Apply suggestions from code review
Fix comments
Co-Authored-By: jonjohnsonjr <jonjohnson@google.com>
* update doc link
* Fix use of yaml.Decoder in a test
When the yaml.Decoder returns an io.EOF it implies
there were no YAML documents decoded and that there
are no more!
* Update pkg/resolve/resolve.go
resolve comment suggestion
Co-Authored-By: jonjohnsonjr <jonjohnson@google.com>
* leave ko prefix if we're not operating in strict mode
* move testutils to internal/testing
* Add build.Limiter
You can limit the number of concurrent builds with -j (a la make).
The default value for this is GOMAXPROCS, which seems reasonable.
When ko is invoked in this mode, import paths must have the `ko://`
prefix. If a human marks an import path with `ko://` and ko can't
resolve the resulting import path, it fails. In "loose mode", such an
import path would be silently ignored and passed on to the resolved
YAML, often resulting in invalid image names (e.g., `image:
github.com/foo/bar`)
In loose mode, `ko://` prefixes are always ignored for
backward-compatibility.
