Merge pull request #10563 from sprt/csi-deploy

coco: ci: Fully implement compilation of CSI driver and require it for CoCo tests [2/x]

.github/workflows/ci.yaml

@@ -223,7 +223,10 @@ jobs:
 
   run-kata-coco-tests:
     if: ${{ inputs.skip-test != 'yes' }}
-    needs: [publish-kata-deploy-payload-amd64, build-and-publish-tee-confidential-unencrypted-image]
+    needs:
+     - publish-kata-deploy-payload-amd64
+     - build-and-publish-tee-confidential-unencrypted-image
+     - publish-csi-driver-amd64
     uses: ./.github/workflows/run-kata-coco-tests.yaml
     with:
       tarball-suffix: -${{ inputs.tag }}

src/tools/csi-kata-directvolume/.gitignore

@@ -0,0 +1 @@
+bin/

src/tools/csi-kata-directvolume/release-tools/build.make

@@ -56,7 +56,7 @@ ARCH := $(if $(GOARCH),$(GOARCH),$(shell go env GOARCH))
 # Specific packages can be excluded from each of the tests below by setting the *_FILTER_CMD variables
 # to something like "| grep -v 'github.com/kubernetes-csi/project/pkg/foobar'". See usage below.
 
-build-%: check-go-version-go
+build-%:
 	mkdir -p bin
 	CGO_ENABLED=0 GOOS=linux go build $(GOFLAGS_VENDOR) -a -ldflags '-X main.version=$(REV) -extldflags "-static"' -o ./bin/$* ./cmd/$*
 	if [ "$$ARCH" = "amd64" ]; then \
@@ -92,9 +92,6 @@ push: $(CMDS:%=push-%)
 clean:
 	-rm -rf bin
 
-test: check-go-version-go
-
-
 .PHONY: test-vet
 test: test-vet
 test-vet:
@@ -111,12 +108,3 @@ test-fmt:
 		gofmt -d $$files; \
 		false; \
 	fi
-
-
-# Targets in the makefile can depend on check-go-version-<path to go binary>
-# to trigger a warning if the x.y version of that binary does not match
-# what the project uses. Make ensures that this is only checked once per
-# invocation.
-.PHONY: check-go-version-%
-check-go-version-%:
-	./release-tools/verify-go-version.sh "$*"

src/tools/csi-kata-directvolume/release-tools/verify-go-version.sh

@@ -1,35 +0,0 @@
-#!/usr/bin/env bash
-#
-# Copyright 2019 The Kubernetes Authors.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-
-GO="$1"
-
-if [ ! "$GO" ]; then
-    echo >&2 "usage: $0 <path to go binary>"
-    exit 1
-fi
-
-die () {
-    echo "ERROR: $*"
-    exit 1
-}
-
-version=$("$GO" version) || die "determining version of $GO failed"
-# shellcheck disable=SC2001
-majorminor=$(echo "$version" | sed -e 's/.*go\([0-9]*\)\.\([0-9]*\).*/\1.\2/')
-
-if [ "$majorminor" != "$expected" ]; then
-    cat >&2 <<EOF
-
-======================================================
-                  WARNING
-
-  Compile the Project with Go version v$majorminor !
-
-======================================================
-
-EOF
-fi

tools/packaging/kata-deploy/local-build/Makefile

@@ -99,7 +99,7 @@ cloud-hypervisor-glibc-tarball:
 	${MAKE} $@-build
 
 csi-kata-directvolume-tarball: copy-scripts-for-the-tools-build
-	$(call DUMMY,$@)
+	${MAKE} $@-build
 
 firecracker-tarball:
 	${MAKE} $@-build

tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh

@@ -99,6 +99,7 @@ options:
 	coco-guest-components
 	cloud-hypervisor
 	cloud-hypervisor-glibc
+	csi-kata-directvolume
 	firecracker
 	genpolicy
 	kata-ctl
@@ -1022,6 +1023,7 @@ install_tools_helper() {
 
 	tool_binary=${tool}
 	[ ${tool} = "agent-ctl" ] && tool_binary="kata-agent-ctl"
+	[ ${tool} = "csi-kata-directvolume" ] && tool_binary="directvolplugin"
 	[ ${tool} = "trace-forwarder" ] && tool_binary="kata-trace-forwarder"
 	binary=$(find ${repo_root_dir}/src/tools/${tool}/ -type f -name ${tool_binary})
 
@@ -1043,6 +1045,7 @@ install_tools_helper() {
 
 	info "Install static ${tool_binary}"
 	mkdir -p "${destdir}/opt/kata/bin/"
+	[ ${tool} = "csi-kata-directvolume" ] && tool_binary="csi-kata-directvolume"
 	install -D --mode ${binary_permissions} ${binary} "${destdir}/opt/kata/bin/${tool_binary}"
 }
 
@@ -1054,6 +1057,10 @@ install_genpolicy() {
 	install_tools_helper "genpolicy"
 }
 
+install_csi_kata_directvolume() {
+	install_tools_helper "csi-kata-directvolume"
+}
+
 install_kata_ctl() {
 	install_tools_helper "kata-ctl"
 }
@@ -1131,6 +1138,8 @@ handle_build() {
 
 	cloud-hypervisor-glibc) install_clh_glibc ;;
 
+	csi-kata-directvolume) install_csi_kata_directvolume ;;
+
 	firecracker) install_firecracker ;;
 
 	genpolicy) install_genpolicy ;;
@@ -1350,6 +1359,7 @@ main() {
 		agent-ctl
 		cloud-hypervisor
 		coco-guest-components
+		csi-kata-directvolume
 		firecracker
 		genpolicy
 		kata-ctl

tools/packaging/static-build/tools/.gitignore

@@ -0,0 +1 @@
+install_libseccomp.sh

tools/packaging/static-build/tools/Dockerfile

@@ -10,9 +10,12 @@ COPY install_libseccomp.sh /usr/bin/install_libseccomp.sh
 
 ENV DEBIAN_FRONTEND=noninteractive
 
+ENV GO_HOME="/opt"
+ENV GOCACHE="${GO_HOME}/.cache"
+ENV GOMODCACHE="${GO_HOME}/.modcache"
 ENV RUSTUP_HOME="/opt/rustup"
 ENV CARGO_HOME="/opt/cargo"
-ENV PATH="/opt/cargo/bin/:${PATH}"
+ENV PATH="/opt/cargo/bin/:/opt/go/bin:${PATH}"
 ENV OPT_LIB="/opt/lib"
 
 ENV LIBSECCOMP_LINK_TYPE=static
@@ -44,6 +47,11 @@ RUN apt-get update && \
 # Tools only build for x86_64
 RUN rustup target add x86_64-unknown-linux-musl
 
+RUN kernelname=$(uname -s | tr '[:upper:]' '[:lower:]'); \
+    curl -OL "https://storage.googleapis.com/golang/go${GO_TOOLCHAIN}.${kernelname}-amd64.tar.gz" && \
+    tar -C "${GO_HOME}" -xzf "go${GO_TOOLCHAIN}.${kernelname}-amd64.tar.gz" && \
+    rm "go${GO_TOOLCHAIN}.${kernelname}-amd64.tar.gz"
+
 # cmake looks for musl binutils
 # For setting CMAKE_AR, find_program searches for musl-ar.
 # Symlink to system ar.

tools/packaging/static-build/tools/build.sh

@@ -20,6 +20,7 @@ container_image="${TOOLS_CONTAINER_BUILDER:-$(get_tools_image_name)}"
 
 docker pull ${container_image} || \
 	(docker $BUILDX build $PLATFORM \
+	    	--build-arg GO_TOOLCHAIN="$(get_from_kata_deps ".languages.golang.meta.newest-version")" \
 	    	--build-arg RUST_TOOLCHAIN="$(get_from_kata_deps ".languages.rust.meta.newest-version")" \
 		-t "${container_image}" "${script_dir}" && \
 	 # No-op unless PUSH_TO_REGISTRY is exported as "yes"