├── .gitignore ├── images ├── calico-rust-build │ ├── versions.yaml │ └── Dockerfile ├── calico-go-build │ ├── google │ │ └── google-cloud-sdk.repo │ ├── almalinux │ │ ├── almalinux.repo │ │ ├── almalinux-appstream.repo │ │ ├── almalinux-powertools.repo │ │ └── RPM-GPG-KEY-AlmaLinux │ ├── versions.yaml │ ├── ssh_known_hosts │ ├── entrypoint.sh │ ├── patches │ │ └── controller-gen-Support-Calico-NumOrString-types.patch │ └── Dockerfile ├── calico-base │ ├── nsswitch.conf │ ├── licenses │ │ ├── ISC │ │ ├── BSD │ │ ├── Mozilla-public │ │ ├── MIT │ │ ├── GPLv2 │ │ └── Apache-2.0 │ ├── Dockerfile │ ├── Dockerfile.ubi8 │ └── tmp.tar └── Makefile ├── go.mod ├── lib.Makefile ├── cmd ├── Makefile └── semvalidator │ ├── README.md │ └── main.go ├── Makefile ├── hack ├── generate-go-branch-name.sh └── generate-version-tag-name.sh ├── .semaphore ├── promotions │ ├── calico-base.yml │ ├── calico-rust-build.yml │ └── calico-go-build.yml └── semaphore.yml ├── go.sum ├── .github └── workflows │ ├── create-tag-on-version-change.yml │ └── create-branch-on-go-version-change.yml ├── README.md └── Makefile.common /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | cmd/bin 3 | images/calico-go-build/bin 4 | -------------------------------------------------------------------------------- /images/calico-rust-build/versions.yaml: -------------------------------------------------------------------------------- 1 | rust: 2 | version: 1.91.1 3 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/projectcalico/go-build 2 | 3 | go 1.25.5 4 | 5 | require github.com/sirupsen/logrus v1.9.3 6 | 7 | require golang.org/x/sys v0.38.0 // indirect 8 | -------------------------------------------------------------------------------- /lib.Makefile: -------------------------------------------------------------------------------- 1 | ARCHES = amd64 arm64 ppc64le s390x 2 | 3 | DEV_REGISTRIES ?= calico 4 | 5 | ifdef CI 6 | DOCKER_PROGRESS := --progress=plain 7 | endif 8 | 9 | DOCKER_BUILD=docker buildx build $(DOCKER_PROGRESS) --load --platform=linux/$(ARCH) 10 | -------------------------------------------------------------------------------- /images/calico-go-build/google/google-cloud-sdk.repo: -------------------------------------------------------------------------------- 1 | [google-cloud-cli] 2 | name=Google Cloud CLI 3 | baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el$releasever-$basearch 4 | enabled=0 5 | gpgcheck=1 6 | repo_gpgcheck=0 7 | gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 8 | -------------------------------------------------------------------------------- /images/calico-base/nsswitch.conf: -------------------------------------------------------------------------------- 1 | passwd: files 2 | shadow: files 3 | group: files 4 | hosts: files dns 5 | services: files 6 | automount: files 7 | 8 | aliases: files 9 | ethers: files 10 | gshadow: files 11 | networks: files dns 12 | protocols: files 13 | publickey: files 14 | rpc: files 15 | -------------------------------------------------------------------------------- /images/calico-go-build/almalinux/almalinux.repo: -------------------------------------------------------------------------------- 1 | # almalinux.repo 2 | 3 | [baseos] 4 | name=AlmaLinux $releasever - BaseOS 5 | mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos 6 | # baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/$basearch/os/ 7 | enabled=0 8 | gpgcheck=1 9 | countme=1 10 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux 11 | -------------------------------------------------------------------------------- /images/calico-go-build/almalinux/almalinux-appstream.repo: -------------------------------------------------------------------------------- 1 | # almalinux-appstream.repo 2 | 3 | [appstream] 4 | name=AlmaLinux $releasever - AppStream 5 | mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream 6 | # baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/$basearch/os/ 7 | enabled=0 8 | gpgcheck=1 9 | countme=1 10 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux 11 | -------------------------------------------------------------------------------- /images/calico-go-build/almalinux/almalinux-powertools.repo: -------------------------------------------------------------------------------- 1 | # almalinux-powertools.repo 2 | 3 | [powertools] 4 | name=AlmaLinux $releasever - PowerTools 5 | mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/powertools 6 | # baseurl=https://repo.almalinux.org/almalinux/$releasever/PowerTools/$basearch/os/ 7 | enabled=0 8 | gpgcheck=1 9 | countme=1 10 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux 11 | -------------------------------------------------------------------------------- /cmd/Makefile: -------------------------------------------------------------------------------- 1 | include ../lib.Makefile 2 | include ../Makefile.common 3 | 4 | .PHONY: build 5 | build: semvalidator-build-$(ARCH) 6 | 7 | .PHONY: semvalidator-build-$(ARCH) 8 | semvalidator-build-$(ARCH): semvalidator/main.go 9 | CGO_ENABLED=0 GOOS=linux GOARCH=$(ARCH) \ 10 | go build -o bin/semvalidator-$(ARCH) -v -buildvcs=false -ldflags "-s -w" semvalidator/main.go 11 | 12 | .PHONY: clean 13 | clean: 14 | rm -fr bin/ 15 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | include Makefile.common 2 | 3 | .PHONY: build 4 | build: 5 | $(MAKE) -C cmd build 6 | 7 | .PHONY: image 8 | image: 9 | $(MAKE) -C images image 10 | 11 | .PHONY: clean 12 | clean: 13 | $(MAKE) -C cmd clean 14 | $(MAKE) -C images clean 15 | 16 | .PHONY: update-go-build-pins 17 | update-go-build-pins: 18 | SEMAPHORE_AUTO_PIN_UPDATE_PROJECT_IDS=$(SEMAPHORE_CALICO_PROJECT_ID) \ 19 | SEMAPHORE_WORKFLOW_FILE=update-go-build-pins.yml \ 20 | $(MAKE) semaphore-run-auto-pin-update-workflows 21 | -------------------------------------------------------------------------------- /images/calico-go-build/versions.yaml: -------------------------------------------------------------------------------- 1 | golang: 2 | version: 1.25.5 3 | checksum: 4 | sha256: 5 | amd64: 9e9b755d63b36acf30c12a9a3fc379243714c1c6d3dd72861da637f336ebb35b 6 | arm64: b00b694903d126c588c378e72d3545549935d3982635ba3f7a964c9fa23fe3b9 7 | ppc64le: f0904b647b5b8561efc5d48bb59a34f2b7996afab83ccd41c93b1aeb2c0067e4 8 | s390x: a5d0a72b0dfd57f9c2c0cdd8b7e0f401e0afb9e8c304d3410f9b0982ce0953da 9 | kubernetes: 10 | version: 1.34.2 11 | llvm: 12 | version: 18.1.8 13 | -------------------------------------------------------------------------------- /hack/generate-go-branch-name.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | ver_file="" 6 | 7 | while getopts ":f:" opt; do 8 | case $opt in 9 | f) 10 | ver_file="$OPTARG" 11 | ;; 12 | :) 13 | echo "option: -$OPTARG requires an argument" >&2 14 | exit 1 15 | ;; 16 | *) 17 | echo "invalid argument -$OPTARG" >&2 18 | exit 1 19 | ;; 20 | esac 21 | done 22 | 23 | golang_ver=$(yq -r .golang.version "$ver_file") 24 | 25 | if [[ -z $golang_ver ]]; then 26 | echo "golang version is empty" >&2 27 | exit 1 28 | fi 29 | 30 | # transform 1.xy.z to go1.xy 31 | echo "go${golang_ver%.*}" 32 | -------------------------------------------------------------------------------- /images/calico-go-build/ssh_known_hosts: -------------------------------------------------------------------------------- 1 | github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= 2 | github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl 3 | github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= 4 | -------------------------------------------------------------------------------- /images/calico-base/licenses/ISC: -------------------------------------------------------------------------------- 1 | ISC License 2 | 3 | Copyright (c) 2012-2016 Dave Collins 4 | 5 | Permission to use, copy, modify, and/or distribute this software for any 6 | purpose with or without fee is hereby granted, provided that the above 7 | copyright notice and this permission notice appear in all copies. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | ==================================================================== 18 | 19 | -------------------------------------------------------------------------------- /hack/generate-version-tag-name.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | ver_file="" 6 | go_ver_only=false 7 | 8 | while getopts ":f:g" opt; do 9 | case $opt in 10 | f) 11 | ver_file="$OPTARG" 12 | ;; 13 | g) 14 | go_ver_only=true 15 | ;; 16 | :) 17 | echo "option: -$OPTARG requires an argument" >&2 18 | exit 1 19 | ;; 20 | *) 21 | echo "invalid option: -$OPTARG" >&2 22 | exit 1 23 | ;; 24 | esac 25 | done 26 | 27 | golang_ver=$(yq -r .golang.version "$ver_file") 28 | k8s_ver=$(yq -r .kubernetes.version "$ver_file") 29 | llvm_ver=$(yq -r .llvm.version "$ver_file") 30 | 31 | if [[ -z $golang_ver ]] || [[ -z $k8s_ver ]] || [[ -z $llvm_ver ]]; then 32 | echo "one of the golang, llvm, or kubernetes versions is empty" >&2 33 | exit 1 34 | fi 35 | 36 | if [[ "$go_ver_only" = true ]]; then 37 | echo "${golang_ver}" 38 | else 39 | echo "${golang_ver}-llvm${llvm_ver}-k8s${k8s_ver}" 40 | fi 41 | -------------------------------------------------------------------------------- /.semaphore/promotions/calico-base.yml: -------------------------------------------------------------------------------- 1 | version: v1.0 2 | name: Publish calico/base images 3 | agent: 4 | machine: 5 | type: f1-standard-2 6 | os_image: ubuntu2204 7 | 8 | execution_time_limit: 9 | minutes: 30 10 | 11 | global_job_config: 12 | env_vars: 13 | - name: DEV_REGISTRIES 14 | value: calico 15 | secrets: 16 | - name: docker 17 | prologue: 18 | commands: 19 | - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin 20 | - checkout 21 | 22 | blocks: 23 | - name: Publish calico/base multi-arch images 24 | dependencies: [] 25 | run: 26 | when: "branch = 'master' OR tag =~ '^1\\.\\d+\\.\\d+-llvm\\d+\\.\\d\\.\\d-k8s1\\.\\d+\\.\\d+'" 27 | task: 28 | env_vars: 29 | - name: BRANCH_NAME 30 | value: ${SEMAPHORE_JOB_CREATION_TIME} 31 | jobs: 32 | - name: Linux multi-arch 33 | commands: 34 | - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C images calico-base-cd CONFIRM=true; fi 35 | -------------------------------------------------------------------------------- /images/calico-go-build/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Add local user 4 | # Either use the LOCAL_USER_ID if passed in at runtime or fallback 5 | 6 | USER_ID=${LOCAL_USER_ID:-9001} 7 | 8 | if [ "${RUN_AS_ROOT}" = "true" ]; then 9 | exec "$@" 10 | fi 11 | 12 | echo "Starting with UID: $USER_ID" 1>&2 13 | # Don't pass "-m" to useradd if the home directory already exists, 14 | # (which can occur if it was volume mounted in) otherwise it will fail. 15 | if [[ ! -d "/home/user" ]]; then 16 | useradd -m -U -s /bin/bash -u "$USER_ID" user 17 | else 18 | useradd -U -s /bin/bash -u "$USER_ID" user 19 | fi 20 | 21 | export HOME=/home/user 22 | 23 | if [ -n "$EXTRA_GROUP_ID" ]; then 24 | echo "Adding user to additional GID: $EXTRA_GROUP_ID" 1>&2 25 | # Adding the group can fail if it already exists. 26 | if groupadd --gid "$EXTRA_GROUP_ID" group; then 27 | usermod -a -G group user 28 | else 29 | echo "Adding user to existing group instead" 1>&2 30 | usermod -a -G "$(getent group "$EXTRA_GROUP_ID" | cut -d: -f1)" user 31 | fi 32 | fi 33 | 34 | exec /usr/bin/su-exec user "$@" 35 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 2 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 3 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 4 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 5 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 6 | github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= 7 | github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= 8 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 9 | github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= 10 | github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 11 | golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 12 | golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= 13 | golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= 14 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 15 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= 16 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 17 | -------------------------------------------------------------------------------- /.semaphore/promotions/calico-rust-build.yml: -------------------------------------------------------------------------------- 1 | version: v1.0 2 | name: Publish calico/rust-build images 3 | agent: 4 | machine: 5 | type: f1-standard-2 6 | os_image: ubuntu2204 7 | 8 | execution_time_limit: 9 | minutes: 60 10 | 11 | global_job_config: 12 | env_vars: 13 | - name: DEV_REGISTRIES 14 | value: calico 15 | secrets: 16 | - name: docker 17 | prologue: 18 | commands: 19 | - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin 20 | - checkout 21 | - export BRANCH_NAME=$(yq -r '.rust.version' images/calico-rust-build/versions.yaml) 22 | 23 | blocks: 24 | - name: Publish calico/rust-build images 25 | dependencies: [] 26 | run: 27 | when: "branch = 'master' AND change_in('/images/calico-rust-build/')" 28 | task: 29 | jobs: 30 | - name: Linux multi-arch 31 | commands: 32 | - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C images calico-rust-build-cd VALIDARCHES=$ARCH CONFIRM=true; fi 33 | matrix: 34 | - env_var: ARCH 35 | values: ["amd64", "arm64", "ppc64le", "s390x"] 36 | - name: Publish calico/rust-build multi-arch manifests 37 | dependencies: 38 | - Publish calico/rust-build images 39 | run: 40 | when: "branch = 'master' AND change_in('/images/calico-rust-build/')" 41 | task: 42 | jobs: 43 | - name: Linux multi-arch manifests 44 | commands: 45 | - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C images push-calico-rust-build-manifests CONFIRM=true; fi 46 | -------------------------------------------------------------------------------- /.github/workflows/create-tag-on-version-change.yml: -------------------------------------------------------------------------------- 1 | name: Create new Git tag on compiler version change 2 | 3 | on: 4 | # create a new release tag when changes are merged to the go1.x release branches 5 | pull_request: 6 | types: 7 | - closed 8 | branches: 9 | - go1.* 10 | 11 | jobs: 12 | create-tag: 13 | if: github.event.pull_request.merged == true 14 | runs-on: ubuntu-latest 15 | permissions: 16 | contents: write 17 | 18 | steps: 19 | - name: Checkout repository 20 | uses: actions/checkout@v4 21 | 22 | - name: Generate tag name 23 | id: generate-tag-name 24 | run: | 25 | tag_name=$(hack/generate-version-tag-name.sh -f images/calico-go-build/versions.yaml) 26 | echo "Git tag name: $tag_name" 27 | echo "tag_name=$tag_name" >> $GITHUB_OUTPUT 28 | 29 | - name: Create and push new tag (if not exists) 30 | run: | 31 | tag_name=${{ steps.generate-tag-name.outputs.tag_name }} 32 | count=$(git ls-remote --tags --refs origin "$tag_name*" | grep -c "refs/tags/$tag_name" || :) 33 | if [ "$count" -gt 0 ] ; then 34 | echo "Git tag $tag_name already exists. Using new tag $tag_name-$count." 35 | tag_name="$tag_name-$count" 36 | fi 37 | git config user.name "${{ github.actor }}" 38 | git config user.email "${{ github.actor }}@users.noreply.github.com" 39 | git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git 40 | 41 | git tag -a "$tag_name" -m "Release $tag_name" 42 | git push origin "$tag_name" 43 | echo "Created Git tag $tag_name" 44 | -------------------------------------------------------------------------------- /images/calico-base/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG UBI_VERSION 2 | 3 | FROM registry.access.redhat.com/${UBI_VERSION}/ubi-minimal:latest AS ubi 4 | 5 | ARG LDSONAME 6 | 7 | RUN microdnf upgrade -y 8 | 9 | # Prepare a rootfs for necessary files from UBI. 10 | # Symbolic links are preserved. 11 | RUN mkdir -p /rootfs/lib64 /rootfs/etc 12 | 13 | # Copy dynamic loader and symbolic links. 14 | RUN set -eux; \ 15 | if [ -f /lib64/${LDSONAME} ]; then \ 16 | cp -a /lib64/${LDSONAME} /rootfs/lib64/${LDSONAME}; \ 17 | fi; \ 18 | if [ -f /lib/${LDSONAME} ]; then \ 19 | mkdir -p /rootfs/lib && cp -a /lib/${LDSONAME} /rootfs/lib/${LDSONAME}; \ 20 | fi 21 | 22 | # Required external C dependencies for CGO builds. 23 | RUN cp /lib64/libc.so.6 /rootfs/lib64/libc.so.6 24 | RUN cp /lib64/libpthread.so.0 /rootfs/lib64/libpthread.so.0 25 | RUN cp /lib64/libresolv.so.2 /rootfs/lib64/libresolv.so.2 26 | 27 | # Glibc NSS plugins and config files. 28 | # Use our customized configuration, since the base image only includes the dns and files plugins. 29 | COPY nsswitch.conf /rootfs/etc/nsswitch.conf 30 | 31 | RUN cp /lib64/libnss_dns.so.2 /rootfs/lib64/libnss_dns.so.2 32 | RUN cp /lib64/libnss_files.so.2 /rootfs/lib64/libnss_files.so.2 33 | 34 | RUN cp /etc/host.conf /rootfs/etc/host.conf 35 | RUN cp /etc/hosts /rootfs/etc/hosts 36 | RUN cp /etc/networks /rootfs/etc/networks 37 | 38 | # Copy base image release info. 39 | RUN cp /etc/os-release /rootfs/etc/os-release 40 | 41 | FROM scratch AS source 42 | 43 | COPY --from=ubi /rootfs / 44 | 45 | # Verify if glibc is properly loaded. 46 | # This check ensures that the dynamic loader and symbolic links are copied correctly. 47 | RUN ["/lib64/libc.so.6"] 48 | 49 | # tmp.tar has a /tmp with the correct permissions 01777. 50 | ADD tmp.tar / 51 | 52 | COPY licenses /licenses/ 53 | 54 | FROM scratch 55 | 56 | COPY --from=source / / 57 | -------------------------------------------------------------------------------- /images/calico-base/Dockerfile.ubi8: -------------------------------------------------------------------------------- 1 | FROM registry.access.redhat.com/ubi8/ubi-minimal:latest AS ubi 2 | 3 | ARG LDSONAME 4 | ARG TARGETARCH 5 | 6 | RUN microdnf upgrade -y 7 | 8 | # Prepare a rootfs for necessary files from UBI. 9 | # Symbolic links are preserved. 10 | RUN mkdir -p /rootfs/lib64 /rootfs/etc 11 | 12 | # Copy dynamic loader and symbolic links. 13 | # For s390x architecture, modify the /lib/${LDSONAME} symlink to ../lib64/${LDSONAME} 14 | # instead of /usr/lib64 as the /usr/lib64 directory is not included in our base. 15 | RUN cp /lib64/ld-2.28.so /rootfs/lib64/ld-2.28.so 16 | RUN set -eux; \ 17 | cp -a /lib64/${LDSONAME} /rootfs/lib64/${LDSONAME}; \ 18 | if [ -f /lib/${LDSONAME} ]; then \ 19 | mkdir -p /rootfs/lib && cp -a /lib/${LDSONAME} /rootfs/lib/${LDSONAME}; \ 20 | if [ "${TARGETARCH}" = "s390x" ]; then \ 21 | ln -sf ../lib64/${LDSONAME} /rootfs/lib/${LDSONAME}; \ 22 | fi \ 23 | fi 24 | 25 | # Required external C dependencies for CGO builds. 26 | RUN cp /lib64/libc.so.6 /rootfs/lib64/libc.so.6 27 | RUN cp /lib64/libpthread.so.0 /rootfs/lib64/libpthread.so.0 28 | RUN cp /lib64/libresolv.so.2 /rootfs/lib64/libresolv.so.2 29 | 30 | # Glibc NSS plugins and config files. 31 | # Use our customized configuration, since the base image only includes the dns and files plugins. 32 | COPY nsswitch.conf /rootfs/etc/nsswitch.conf 33 | 34 | RUN cp /lib64/libnss_dns.so.2 /rootfs/lib64/libnss_dns.so.2 35 | RUN cp /lib64/libnss_files.so.2 /rootfs/lib64/libnss_files.so.2 36 | 37 | RUN cp /etc/host.conf /rootfs/etc/host.conf 38 | RUN cp /etc/hosts /rootfs/etc/hosts 39 | RUN cp /etc/networks /rootfs/etc/networks 40 | 41 | # Copy base image release info. 42 | RUN cp /etc/os-release /rootfs/etc/os-release 43 | 44 | FROM scratch AS source 45 | 46 | COPY --from=ubi /rootfs / 47 | 48 | # Verify if glibc can be properly loaded. 49 | # This check ensures that the dynamic loader and symbolic links are copied correctly. 50 | RUN ["/lib64/libc.so.6"] 51 | 52 | # tmp.tar has a /tmp with the correct permissions 01777. 53 | ADD tmp.tar / 54 | 55 | COPY licenses /licenses/ 56 | 57 | FROM scratch 58 | 59 | COPY --from=source / / 60 | -------------------------------------------------------------------------------- /.github/workflows/create-branch-on-go-version-change.yml: -------------------------------------------------------------------------------- 1 | name: Create new Git branch on Go compiler version change 2 | 3 | on: 4 | # create a new go1.x branch and a release tag when changes are merged to the master branch 5 | pull_request: 6 | types: 7 | - closed 8 | branches: 9 | - master 10 | 11 | jobs: 12 | create-branch: 13 | if: github.event.pull_request.merged == true 14 | runs-on: ubuntu-latest 15 | permissions: 16 | contents: write 17 | 18 | steps: 19 | - name: Checkout repository 20 | uses: actions/checkout@v4 21 | 22 | - name: Generate Go branch name 23 | id: generate-go-branch-name 24 | run: | 25 | branch_name=$(hack/generate-go-branch-name.sh -f images/calico-go-build/versions.yaml) 26 | echo "Git branch name: $branch_name" 27 | echo "branch_name=$branch_name" >> $GITHUB_OUTPUT 28 | 29 | - name: Generate tag name 30 | id: generate-tag-name 31 | run: | 32 | tag_name=$(hack/generate-version-tag-name.sh -f images/calico-go-build/versions.yaml) 33 | echo "Git tag name: $tag_name" 34 | echo "tag_name=$tag_name" >> $GITHUB_OUTPUT 35 | 36 | - name: Create and push new branch (if not exists) 37 | run: | 38 | branch_name=${{ steps.generate-go-branch-name.outputs.branch_name }} 39 | if git ls-remote --heads origin "$branch_name" | grep -q "$branch_name"; then 40 | echo "Git branch $branch_name already exists" 41 | else 42 | git config user.name "${{ github.actor }}" 43 | git config user.email "${{ github.actor }}@users.noreply.github.com" 44 | git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git 45 | 46 | git checkout -b "$branch_name" 47 | git push origin "$branch_name" 48 | echo "Created Git branch $branch_name" 49 | 50 | tag_name=${{ steps.generate-tag-name.outputs.tag_name }} 51 | git tag -a "$tag_name" -m "Release $tag_name" 52 | git push origin "$tag_name" 53 | echo "Created Git tag $tag_name" 54 | fi 55 | -------------------------------------------------------------------------------- /.semaphore/promotions/calico-go-build.yml: -------------------------------------------------------------------------------- 1 | version: v1.0 2 | name: Publish calico/go-build images 3 | agent: 4 | machine: 5 | type: f1-standard-2 6 | os_image: ubuntu2204 7 | 8 | execution_time_limit: 9 | minutes: 60 10 | 11 | global_job_config: 12 | env_vars: 13 | - name: DEV_REGISTRIES 14 | value: calico 15 | secrets: 16 | - name: docker 17 | prologue: 18 | commands: 19 | - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin 20 | - checkout 21 | # If an image build is triggered from a git tag, use the git tag name set by semaphore. 22 | # For utility changes that don't affect calico/go-build versions, we will append a release 23 | # number in the tag. This is handled in create-tag-on-version-change github workflow. 24 | - | 25 | if [ "${SEMAPHORE_GIT_REF_TYPE}" = "tag" ]; then 26 | export BRANCH_NAME=${SEMAPHORE_GIT_TAG_NAME} 27 | else 28 | export BRANCH_NAME=${SEMAPHORE_GIT_WORKING_BRANCH} 29 | fi 30 | 31 | blocks: 32 | - name: Publish calico/go-build images 33 | dependencies: [] 34 | run: 35 | when: "branch = 'master' OR tag =~ '^1\\.\\d+\\.\\d+-llvm\\d+\\.\\d\\.\\d-k8s1\\.\\d+\\.\\d+'" 36 | task: 37 | jobs: 38 | - name: Linux multi-arch 39 | commands: 40 | - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C images calico-go-build-cd VALIDARCHES=$ARCH CONFIRM=true; fi 41 | matrix: 42 | - env_var: ARCH 43 | values: ["amd64", "arm64", "ppc64le", "s390x"] 44 | - name: Publish calico/go-build multi-arch manifests 45 | dependencies: 46 | - Publish calico/go-build images 47 | run: 48 | when: "branch = 'master' OR tag =~ '^1\\.\\d+\\.\\d+-llvm\\d+\\.\\d\\.\\d-k8s1\\.\\d+\\.\\d+'" 49 | task: 50 | jobs: 51 | - name: Linux multi-arch manifests 52 | commands: 53 | - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C images push-calico-go-build-manifests CONFIRM=true; fi 54 | - name: Trigger calico/go-build pin updates 55 | dependencies: 56 | - Publish calico/go-build multi-arch manifests 57 | run: 58 | when: "tag =~ '^1\\.\\d+\\.\\d+-llvm\\d+\\.\\d\\.\\d-k8s1\\.\\d+\\.\\d+'" 59 | task: 60 | secrets: 61 | - name: semaphore-api 62 | jobs: 63 | - name: Auto calico/go-build update 64 | commands: 65 | - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make update-go-build-pins CONFIRM=true; fi 66 | -------------------------------------------------------------------------------- /images/calico-go-build/patches/controller-gen-Support-Calico-NumOrString-types.patch: -------------------------------------------------------------------------------- 1 | From d3db9cd382359bdb1afa94f40e29ad9bebdeaf61 Mon Sep 17 00:00:00 2001 2 | From: Jiawei Huang 3 | Date: Fri, 6 Dec 2024 15:35:46 -0800 4 | Subject: [PATCH] Support Calico NumOrString types 5 | 6 | --- 7 | pkg/crd/known_types.go | 35 +++++++++++++++++++++++++++++++++++ 8 | 1 file changed, 35 insertions(+) 9 | 10 | diff --git a/pkg/crd/known_types.go b/pkg/crd/known_types.go 11 | index ab939328..8f9fa67d 100644 12 | --- a/pkg/crd/known_types.go 13 | +++ b/pkg/crd/known_types.go 14 | @@ -22,6 +22,35 @@ import ( 15 | "sigs.k8s.io/controller-tools/pkg/loader" 16 | ) 17 | 18 | +// Custom logic for numOrString types. 19 | +var numOrString = func(p *Parser, pkg *loader.Package) { 20 | + p.Schemata[TypeIdent{Name: "NumOrString", Package: pkg}] = apiext.JSONSchemaProps{ 21 | + XIntOrString: true, 22 | + AnyOf: []apiext.JSONSchemaProps{ 23 | + {Type: "integer"}, 24 | + {Type: "string"}, 25 | + }, 26 | + Pattern: "^.*", 27 | + } 28 | + p.Schemata[TypeIdent{Name: "Protocol", Package: pkg}] = apiext.JSONSchemaProps{ 29 | + XIntOrString: true, 30 | + AnyOf: []apiext.JSONSchemaProps{ 31 | + {Type: "integer"}, 32 | + {Type: "string"}, 33 | + }, 34 | + Pattern: "^.*", 35 | + } 36 | + p.Schemata[TypeIdent{Name: "Port", Package: pkg}] = apiext.JSONSchemaProps{ 37 | + XIntOrString: true, 38 | + AnyOf: []apiext.JSONSchemaProps{ 39 | + {Type: "integer"}, 40 | + {Type: "string"}, 41 | + }, 42 | + Pattern: "^.*", 43 | + } 44 | + p.AddPackage(pkg) // get the rest of the types 45 | +} 46 | + 47 | // KnownPackages overrides types in some comment packages that have custom validation 48 | // but don't have validation markers on them (since they're from core Kubernetes). 49 | var KnownPackages = map[string]PackageOverride{ 50 | @@ -50,6 +79,12 @@ var KnownPackages = map[string]PackageOverride{ 51 | p.AddPackage(pkg) // get the rest of the types 52 | }, 53 | 54 | + // numorstring could come from different places. It was moved to the api repository 55 | + // around the time of Calico v3.20. 56 | + "github.com/projectcalico/libcalico-go/lib/numorstring": numOrString, 57 | + "github.com/projectcalico/api/pkg/lib/numorstring": numOrString, 58 | + "github.com/tigera/api/pkg/lib/numorstring": numOrString, 59 | + 60 | "k8s.io/apimachinery/pkg/api/resource": func(p *Parser, pkg *loader.Package) { 61 | p.Schemata[TypeIdent{Name: "Quantity", Package: pkg}] = apiext.JSONSchemaProps{ 62 | // TODO(directxman12): regexp validation for this (or get kube to support it as a format value) 63 | -- 64 | 2.47.1 65 | 66 | -------------------------------------------------------------------------------- /cmd/semvalidator/README.md: -------------------------------------------------------------------------------- 1 | # semvalidator 2 | 3 | This allows running validations on semaphore pipeline files. 4 | 5 | ## Usage 6 | 7 | The help give all the required options. 8 | 9 | ```sh 10 | $ docker run --rm calico/go-build:${GOBUILD_VERSION} semvalidator --help 11 | Usage of semvalidator: 12 | -debug 13 | enable debug logging 14 | -dirs string 15 | comma separated list of directories to search for Semaphore pipeline files 16 | -files string 17 | comma separated list of Semaphore pipeline files 18 | -org string 19 | Semaphore organization 20 | -org-url string 21 | Semaphore organization URL 22 | -skip-dirs string 23 | comma separated list of directories to skip when searching for Semaphore pipeline files 24 | -token string 25 | Semaphore API token 26 | ``` 27 | 28 | You can specify dirs that contain semaphore pipeline files (using `-dirs`) 29 | and/or files that are semphore pipeline files (using `-files`). 30 | If using `-dirs`, this tool assumes all YAML files in the folder recursively are Semaphore pipeline files. 31 | To skip specific folders in the directories specified, use `-skip-dirs` 32 | 33 | Set the organization using either `-org` or `-org-url` as it is needed to determine 34 | where to send the validation requests. 35 | 36 | The token needs to be a valid [Semaphore API token](https://docs.semaphoreci.com/reference/api-v1alpha/#authentication). 37 | It will try to use the `SEMAPHORE_API_TOKEN` environment variable if flag is empty. 38 | 39 | ### Examples 40 | 41 | Using `latest` as `${GOBUILD_VERSION}` 42 | 43 | 1. Give a project `` with semaphore files in `/.semaphore` directory, 44 | below is how to validate the files in that directory. 45 | 46 | ```sh 47 | docker run --rm -v ::ro calico/go-build:latest semvalidator -dirs /.semaphore -org -token 48 | ``` 49 | 50 | 1. Give a project `` with semaphore files in `/.semaphore` directory, 51 | below is how to validate the files in that directory using `-org-url` flag with `$SEMAPHORE_ORGANIZATION_URL` environment variable. 52 | 53 | ```sh 54 | docker run --rm -v ::ro calico/go-build:latest semvalidator -dirs /.semaphore -org-url ${SEMAPHORE_ORGANIZATION_URL} -token 55 | ``` 56 | 57 | 1. Give a project `` with semaphore file in `/.semaphore/semaphore.yml` directory, 58 | below is how to validate the files in that directory. 59 | 60 | ```sh 61 | docker run --rm -v ::ro calico/go-build:latest semvalidator -files /.semaphore/semaphore.yml -org -token 62 | ``` 63 | -------------------------------------------------------------------------------- /images/calico-rust-build/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM registry.access.redhat.com/ubi9/ubi:latest AS ubi 2 | 3 | ARG TARGETARCH 4 | 5 | ARG PROTOC_VERSION=32.1 6 | ARG YQ_VERSION=v4.48.1 7 | 8 | RUN dnf upgrade -y && dnf install -y \ 9 | bsdtar \ 10 | gcc \ 11 | make \ 12 | wget 13 | 14 | RUN dnf clean all 15 | 16 | # Install yq and copy versions.yaml 17 | RUN curl -sfL https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_${TARGETARCH} -o /usr/local/bin/yq && chmod +x /usr/local/bin/yq 18 | 19 | COPY versions.yaml /etc/versions.yaml 20 | 21 | # Install Rust official release 22 | ENV RUSTUP_HOME=/usr/local/rustup 23 | ENV CARGO_HOME=/usr/local/cargo 24 | ENV PATH=/usr/local/cargo/bin:$PATH 25 | 26 | RUN set -eux; \ 27 | case "${TARGETARCH}" in \ 28 | 'amd64') \ 29 | rustup_arch='x86_64-unknown-linux-gnu'; \ 30 | rustup_sha256='20a06e644b0d9bd2fbdbfd52d42540bdde820ea7df86e92e533c073da0cdd43c'; \ 31 | ;; \ 32 | 'arm64') \ 33 | rustup_arch='aarch64-unknown-linux-gnu'; \ 34 | rustup_sha256='e3853c5a252fca15252d07cb23a1bdd9377a8c6f3efa01531109281ae47f841c'; \ 35 | ;; \ 36 | 'ppc64le') \ 37 | rustup_arch='powerpc64le-unknown-linux-gnu'; \ 38 | rustup_sha256='acd89c42b47c93bd4266163a7b05d3f26287d5148413c0d47b2e8a7aa67c9dc0'; \ 39 | ;; \ 40 | 's390x') \ 41 | rustup_arch='s390x-unknown-linux-gnu'; \ 42 | rustup_sha256='726b7fd5d8805e73eab4a024a2889f8859d5a44e36041abac0a2436a52d42572'; \ 43 | ;; \ 44 | *) echo >&2 "error: unsupported architecture '${TARGETARCH}'"; exit 1 ;; \ 45 | esac; \ 46 | \ 47 | url="https://static.rust-lang.org/rustup/archive/1.28.2/${rustup_arch}/rustup-init"; \ 48 | wget --progress=dot:giga "$url"; \ 49 | echo "${rustup_sha256} *rustup-init" | sha256sum -c -; \ 50 | \ 51 | chmod +x rustup-init; \ 52 | ./rustup-init -y \ 53 | --no-modify-path \ 54 | --profile minimal \ 55 | --component clippy --component llvm-tools --component rustfmt \ 56 | --default-toolchain $(yq -r .rust.version /etc/versions.yaml) --default-host ${rustup_arch}; \ 57 | rm rustup-init; \ 58 | chmod -R a+w $RUSTUP_HOME $CARGO_HOME; \ 59 | \ 60 | rustup --version; \ 61 | cargo --version; \ 62 | rustc --version 63 | 64 | # Install Protocol Buffers compiler 65 | RUN set -eux; \ 66 | case "${TARGETARCH}" in \ 67 | 'amd64') \ 68 | url="https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-x86_64.zip"; \ 69 | ;; \ 70 | 'arm64') \ 71 | url="https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-aarch_64.zip"; \ 72 | ;; \ 73 | 'ppc64le') \ 74 | url="https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-ppcle_64.zip"; \ 75 | ;; \ 76 | 's390x') \ 77 | url="https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-s390_64.zip"; \ 78 | ;; \ 79 | *) echo >&2 "error: unsupported architecture '${TARGETARCH}'"; exit 1 ;; \ 80 | esac; \ 81 | \ 82 | curl -sfL "$url" | bsdtar -xf - -C /usr && chmod +x /usr/bin/protoc; \ 83 | \ 84 | protoc --version 85 | 86 | FROM scratch 87 | 88 | ENV RUSTUP_HOME=/usr/local/rustup 89 | ENV CARGO_HOME=/usr/local/cargo 90 | ENV PATH=/usr/local/cargo/bin:$PATH 91 | 92 | COPY --from=ubi / / 93 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![Build Status](https://tigera.semaphoreci.com/badges/go-build/branches/master.svg?style=shields)](https://tigera.semaphoreci.com/projects/go-build) 2 | 3 | # Calico go-build 4 | 5 | Calico go-build image holds Go and Clang toolchains and necessary utilities for building various [Calico](https://projectcalico.org) projects. 6 | 7 | ## Building the image 8 | 9 | To build the image: 10 | 11 | ```bash 12 | make image 13 | ``` 14 | 15 | The above will build for whatever architecture you are running on. To force a different architecture: 16 | 17 | ```bash 18 | ARCH= make image 19 | ``` 20 | 21 | ## Tagging 22 | 23 | The image tag is generated from Go, Clang, and Kubernetes versions. A new branch will be created automatically when one of the versions is changed. Semaphore jobs will run on the new branch and push images to Docker Hub. In addition, the given architecture is appended to the end. A multi-arch image manifest is generated from all supported architectures. 24 | 25 | ## Cross building using go-build 26 | 27 | Any supported platform can be built natively from its own platform, i.e.g `amd64` from `amd64`, `arm64` from `arm64` and `ppc64le` from `ppc64le`. In addition, `ppc64le` and `arm64` are supported for cross-building from `amd64` only. We do not (yet) support cross-building from `arm64` and `ppc64le`. 28 | 29 | The cross-build itself will function normally on any platform, since golang supports cross-compiling using `GOARCH= go build`. 30 | 31 | ```bash 32 | docker run -e GOARCH= calico/go-build:latest-amd64 sh -c 'go build hello.go || ./hello' 33 | ``` 34 | 35 | The above will output a binary `hello` built for the architecture ``. 36 | 37 | ## Cross-running Binaries binfmt 38 | 39 | The Linux kernel has the ability to run binaries built for one arch on another, e.g. `arm64` binaries on an `amd64` architecture. Support requires two things: 40 | 41 | 1. Registering an interpreter that can run the binary for the other architecture along with configuration information on how to identify which binaries are for which platform and which emulator will handle them. 42 | 2. Making the interpreter binary available. 43 | 44 | The interpreter must exist in one of two places: 45 | 46 | * The container where you are running the other-architecture binary. 47 | * The container where you run registration, if you pass the correct flag during registration. This is supported **only** from Linux kernel version 4.8+. 48 | 49 | For example, if you registered the `s390x` emulator at `/usr/bin/qemu-s390x-static`, and then wanted to run `docker run -it --rm s390x/alpine sh` on an `amd64`, it wouldn't work in the first method, because the new container doesn't have an emulator in it. However, if you followed the second method, it would work, since the kernel already found and loaded the emulator. This works **even if you delete the registration container.** 50 | 51 | To register emulators, we run: 52 | 53 | ```bash 54 | docker run --privileged --rm tonistiigi/binfmt --install all 55 | ``` 56 | 57 | or simply 58 | 59 | ```bash 60 | make register 61 | ``` 62 | 63 | After the above registration, your system can handle other-architecture binaries. The above registration uses the first method, since _all_ kernels that support `binfmt` support this method, while only kernels from version 4.8+ support the latter. While docker-for-mac and docker-for-windows both use supporting kernels, almost every CI-as-a-service does not. 64 | 65 | ## Running a Binary 66 | 67 | To _run_ a binary from a different architecture, you need to use `binfmt` and `qemu` static. 68 | 69 | Register `qemu-*-static` for all supported processors except the current one using the following command: 70 | 71 | ```bash 72 | docker run --privileged --rm tonistiigi/binfmt --install all 73 | ``` 74 | 75 | If a cross built binary is executed in the go-build container qemu-static will automatically be used. 76 | -------------------------------------------------------------------------------- /.semaphore/semaphore.yml: -------------------------------------------------------------------------------- 1 | version: v1.0 2 | name: go-build 3 | agent: 4 | machine: 5 | type: f1-standard-2 6 | os_image: ubuntu2204 7 | auto_cancel: 8 | running: 9 | when: "branch != 'master'" 10 | queued: 11 | when: "branch != 'master'" 12 | 13 | execution_time_limit: 14 | minutes: 60 15 | 16 | global_job_config: 17 | secrets: 18 | - name: docker-hub 19 | prologue: 20 | commands: 21 | - echo $DOCKERHUB_PASSWORD | docker login --username "$DOCKERHUB_USERNAME" --password-stdin 22 | - checkout 23 | # Semaphore is doing shallow clone on a commit without tags. 24 | # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always) @ Makefile.common 25 | - git fetch --unshallow 26 | 27 | promotions: 28 | # Publish base and go-build images for master or release tags (example: 1.23.3-llvm18.1.8-k8s1.30.5). 29 | - name: Publish calico/base images 30 | pipeline_file: promotions/calico-base.yml 31 | auto_promote: 32 | when: "branch = 'master' OR tag =~ '^1\\.\\d+\\.\\d+-llvm\\d+\\.\\d\\.\\d-k8s1\\.\\d+\\.\\d+'" 33 | - name: Publish calico/go-build images 34 | pipeline_file: promotions/calico-go-build.yml 35 | auto_promote: 36 | when: "branch = 'master' OR tag =~ '^1\\.\\d+\\.\\d+-llvm\\d+\\.\\d\\.\\d-k8s1\\.\\d+\\.\\d+'" 37 | # Publish rust-build images for master and files under images/calico-rust-build have changed. 38 | - name: Publish calico/rust-build images 39 | pipeline_file: promotions/calico-rust-build.yml 40 | auto_promote: 41 | when: "branch = 'master' AND change_in('/images/calico-rust-build/')" 42 | 43 | blocks: 44 | - name: calico/go-build image 45 | dependencies: [] 46 | task: 47 | env_vars: 48 | # The branch to test the current go-build against 49 | - name: CALICO_BRANCH 50 | value: master 51 | prologue: 52 | commands: 53 | - | 54 | if [ "${SEMAPHORE_GIT_REF_TYPE}" = "tag" ]; then 55 | export CALICO_GO_BUILD_IMAGETAG=${SEMAPHORE_GIT_TAG_NAME} 56 | else 57 | export CALICO_GO_BUILD_IMAGETAG=${SEMAPHORE_GIT_WORKING_BRANCH} 58 | fi 59 | jobs: 60 | - name: Build calico/go-build image 61 | commands: 62 | - make -C images calico-go-build-image ARCH=$ARCH 63 | - git clone -b "${CALICO_BRANCH}" --depth 1 git@github.com:projectcalico/calico.git calico 64 | - cd calico 65 | - sed -i 's/^GO_BUILD_VER=.*$/GO_BUILD_VER=${CALICO_GO_BUILD_IMAGETAG}/' metadata.mk 66 | - if [ "${ARCH}" == "amd64" ]; then cd felix && make ut && cd ../calicoctl && make ut && cd ../libcalico-go && make ut; fi 67 | matrix: 68 | - env_var: ARCH 69 | values: ["amd64", "arm64", "ppc64le", "s390x"] 70 | 71 | - name: calico/rust-build image 72 | dependencies: [] 73 | task: 74 | prologue: 75 | commands: 76 | - | 77 | if [ "${SEMAPHORE_GIT_REF_TYPE}" = "tag" ]; then 78 | export CALICO_RUST_BUILD_IMAGETAG=${SEMAPHORE_GIT_TAG_NAME} 79 | else 80 | export CALICO_RUST_BUILD_IMAGETAG=${SEMAPHORE_GIT_WORKING_BRANCH} 81 | fi 82 | jobs: 83 | - name: Build calico/rust-build image 84 | commands: 85 | - make -C images calico-rust-build-image ARCH=$ARCH 86 | matrix: 87 | - env_var: ARCH 88 | values: ["amd64", "arm64", "ppc64le", "s390x"] 89 | 90 | - name: calico/base image 91 | dependencies: [] 92 | task: 93 | jobs: 94 | - name: Build calico/base image 95 | commands: 96 | - make -C images calico-base-image ARCH=$ARCH 97 | matrix: 98 | - env_var: ARCH 99 | values: ["amd64", "arm64", "ppc64le", "s390x"] 100 | -------------------------------------------------------------------------------- /images/Makefile: -------------------------------------------------------------------------------- 1 | include ../lib.Makefile 2 | include ../Makefile.common 3 | 4 | CALICO_BASE ?= base 5 | CALICO_GO_BUILD ?= go-build 6 | CALICO_RUST_BUILD ?= rust-build 7 | 8 | .PHONY: image 9 | image: calico-base-image calico-go-build-image calico-rust-build-image 10 | 11 | .PHONY: image-all 12 | image-all: calico-base-image-all calico-go-build-image-all calico-rust-build-image-all 13 | 14 | # Base image for all calico components. 15 | 16 | # ELF interpreter (dynamic loader) soname 17 | LDSONAME=ld64.so.1 18 | ifeq ($(ARCH),amd64) 19 | override LDSONAME=ld-linux-x86-64.so.2 20 | else ifeq ($(ARCH),arm64) 21 | override LDSONAME=ld-linux-aarch64.so.1 22 | else ifeq ($(ARCH),ppc64le) 23 | override LDSONAME=ld64.so.2 24 | else ifeq ($(ARCH),s390) 25 | override LDSONAME=ld64.so.1 26 | endif 27 | 28 | UBI_VERSIONS ?= ubi8 ubi9 ubi10 29 | 30 | .PHONY: calico-base-image 31 | calico-base-image: $(addprefix calico-base-image-,$(UBI_VERSIONS)) 32 | 33 | .PHONY: calico-base-image-% 34 | calico-base-image-%: register 35 | $(eval DOCKERFILE := $(if $(filter ubi8,$*),Dockerfile.ubi8,Dockerfile)) 36 | $(DOCKER_BUILD) --build-arg LDSONAME=$(LDSONAME) --build-arg=UBI_VERSION=$* -t $(CALICO_BASE):$*-latest-$(ARCH) -f calico-base/$(DOCKERFILE) calico-base/ 37 | $(MAKE) BUILD_IMAGES=$(CALICO_BASE) retag-build-images-with-registries VALIDARCHES=$(ARCH) LATEST_IMAGE_TAG=$*-latest IMAGETAG=$*-latest 38 | 39 | .PHONY: calico-base-image-all 40 | calico-base-image-all: $(addprefix sub-calico-base-image-,$(VALIDARCHES)) 41 | sub-calico-base-image-%: 42 | $(MAKE) calico-base-image ARCH=$* 43 | 44 | .PHONY: calico-base-cd 45 | calico-base-cd: calico-base-image-all var-require-one-of-CONFIRM-DRYRUN var-require-all-BRANCH_NAME 46 | $(foreach version,$(UBI_VERSIONS),$(MAKE) BUILD_IMAGES=$(CALICO_BASE) retag-build-images-with-registries push-images-to-registries push-manifests LATEST_IMAGE_TAG=$(version)-latest IMAGETAG=$(version)-$(BRANCH_NAME) EXCLUDEARCH="$(EXCLUDEARCH)";) 47 | 48 | # Calico builder which contains Go/Clang compilers and necessary utilities for UT/FVs. 49 | .PHONY: build 50 | build: 51 | $(MAKE) -C ../cmd build 52 | mkdir -p calico-go-build/bin/ 53 | cp ../cmd/bin/semvalidator-$(ARCH) calico-go-build/bin/semvalidator-$(ARCH) 54 | 55 | CALICO_GO_BUILD_IMAGETAG ?= latest 56 | 57 | .PHONY: calico-go-build-image 58 | calico-go-build-image: register build 59 | $(DOCKER_BUILD) -t $(CALICO_GO_BUILD):latest-$(ARCH) -f calico-go-build/Dockerfile calico-go-build/ 60 | $(MAKE) BUILD_IMAGES=$(CALICO_GO_BUILD) retag-build-images-with-registries VALIDARCHES=$(ARCH) IMAGETAG=$(CALICO_GO_BUILD_IMAGETAG) 61 | 62 | .PHONY: calico-go-build-image-all 63 | calico-go-build-image-all: $(addprefix sub-calico-go-build-image-,$(VALIDARCHES)) 64 | sub-calico-go-build-image-%: 65 | $(MAKE) calico-go-build-image ARCH=$* 66 | 67 | .PHONY: calico-go-build-cd 68 | calico-go-build-cd: calico-go-build-image var-require-one-of-CONFIRM-DRYRUN var-require-all-BRANCH_NAME 69 | $(MAKE) BUILD_IMAGES=$(CALICO_GO_BUILD) retag-build-images-with-registries push-images-to-registries IMAGETAG=$(BRANCH_NAME) EXCLUDEARCH="$(EXCLUDEARCH)" 70 | ifeq ($(BRANCH_NAME),master) 71 | $(MAKE) BUILD_IMAGES=$(CALICO_GO_BUILD) retag-build-images-with-registries push-images-to-registries IMAGETAG=latest EXCLUDEARCH="$(EXCLUDEARCH)" 72 | endif 73 | 74 | .PHONY: push-calico-go-build-manifests 75 | push-calico-go-build-manifests: var-require-one-of-CONFIRM-DRYRUN var-require-all-BRANCH_NAME 76 | $(MAKE) BUILD_IMAGES=$(CALICO_GO_BUILD) push-manifests IMAGETAG=$(BRANCH_NAME) EXCLUDEARCH="$(EXCLUDEARCH)" 77 | ifeq ($(BRANCH_NAME),master) 78 | $(MAKE) BUILD_IMAGES=$(CALICO_GO_BUILD) push-manifests IMAGETAG=latest EXCLUDEARCH="$(EXCLUDEARCH)" 79 | endif 80 | 81 | # Calico rust-build image with Rust toolchain. 82 | CALICO_RUST_BUILD_IMAGETAG ?= latest 83 | 84 | .PHONY: calico-rust-build-image 85 | calico-rust-build-image: register 86 | $(DOCKER_BUILD) -t $(CALICO_RUST_BUILD):latest-$(ARCH) -f calico-rust-build/Dockerfile calico-rust-build/ 87 | $(MAKE) BUILD_IMAGES=$(CALICO_RUST_BUILD) retag-build-images-with-registries VALIDARCHES=$(ARCH) IMAGETAG=$(CALICO_RUST_BUILD_IMAGETAG) 88 | 89 | .PHONY: calico-rust-build-image-all 90 | calico-rust-build-image-all: $(addprefix sub-calico-rust-build-image-,$(VALIDARCHES)) 91 | sub-calico-rust-build-image-%: 92 | $(MAKE) calico-rust-build-image ARCH=$* 93 | 94 | .PHONY: calico-rust-build-cd 95 | calico-rust-build-cd: calico-rust-build-image var-require-one-of-CONFIRM-DRYRUN var-require-all-BRANCH_NAME 96 | $(MAKE) BUILD_IMAGES=$(CALICO_RUST_BUILD) retag-build-images-with-registries push-images-to-registries IMAGETAG=$(BRANCH_NAME) EXCLUDEARCH="$(EXCLUDEARCH)" 97 | 98 | .PHONY: push-calico-rust-build-manifests 99 | push-calico-rust-build-manifests: var-require-one-of-CONFIRM-DRYRUN var-require-all-BRANCH_NAME 100 | $(MAKE) BUILD_IMAGES=$(CALICO_RUST_BUILD) push-manifests IMAGETAG=$(BRANCH_NAME) EXCLUDEARCH="$(EXCLUDEARCH)" 101 | 102 | .PHONY: clean 103 | clean: 104 | rm -fr calico-go-build/bin 105 | -docker image rm -f $$(docker images $(CALICO_BASE) -a -q) 106 | -docker image rm -f $$(docker images $(CALICO_GO_BUILD) -a -q) 107 | -docker image rm -f $$(docker images $(CALICO_RUST_BUILD) -a -q) 108 | -------------------------------------------------------------------------------- /images/calico-go-build/almalinux/RPM-GPG-KEY-AlmaLinux: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v1 3 | 4 | mQINBF/9iQ4BEADguRE+cjShp7JujKkiVH3+ZYYD5ncX7IMh7Ig0DbDC8ldtm84k 5 | 4vi8266IIBLM3eRgkF9sgHciRikTPow50R+Ww7jJzehV9vjTkRzWr8ikog6X3ZPw 6 | rh9QAqOdTOIn4bBSS6j5+xdxYKG7yEWXjADbkFVSiLvejp3FrLZGlNFdPCkGKFhC 7 | vTCgbEKtAkXHx/jFDJCYbnJkzrecCSd+a3yQ4Ehp6TCxnywXdseX4WGyNT3E6Ppu 8 | JRIXLKrVwP/5pZxqgBS9EDsQpaqxmkS8iJe9j8Bkzm4mL0K4Y8B5vApIyxRO0i0C 9 | 8Eb8UgLSoOwWsZjWpDcYtLgCTNT1CCaOe5lG6qy3HD6Y7LiXinnMgq5uXbfTEKxZ 10 | rUyQ9Jepxe5hk5GJ1mTbQ6vEj0oYOWYWCwLZKOHucRh8BmvYEbhMBGsgBGcMruql 11 | Na+gw1eVIMTknGCdGGwceb3DLNHXGolU3GDTKd8d6lEaXkFx9zXWBicOIDyG72tU 12 | vZMj2RVzmgEhxcw1vKxoJIUOegjpdqBqTJRnM/tnimm4eE65hHhuqRYIngwHWqL0 13 | K+Daxt+J+4l5Xo56AEYc+2i8JA1nGT/nw13KE/7S79wRVaJPzDccI7/mefDKcF3R 14 | EGWG7f9jWqoCB+wvXD+0FpHDcp0TPgDcWTObUs3yBoySbgj8IXL3z2R64wARAQAB 15 | tCJBbG1hTGludXggPHBhY2thZ2VyQGFsbWFsaW51eC5vcmc+iQI+BBMBAgAoBQJf 16 | /YkOAhsBBQkFo5qABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBIj898Ors0 17 | +IsjD/9/F/PIu7kSn4P8Ud9j/iyoO8hH53qXKMimarg920ugt2uUyl6SzaJqV0dK 18 | ACrczvC0VmxrNaJ1jB31TGPpdJZpey5AJbefofu/RgAlxHN6o3QX0Br4bEHahF20 19 | 21q2eIjoMrq8eiz8X5D2wfx6CyOA6RZY96MVQ2whXjQHV+hwo65xyMUyjTuFx5Pb 20 | nl7gdYr9EkH3EafdNrpuVurp+Zrgur+973nUrzKq8c2rlDiEQz/ZG+bgasTDYkcz 21 | q6NUPP5OQ5BVpFCkuE9YuziZD+37hxN07P2gyz9NRrfAOZqBXj8er4vqNhpR/lLA 22 | h5QF1erb0mjcMFEhkV8ETN0ceJzL/t829BlQ7MB7LdQ5v9kc5p5cwcsBly54ouI0 23 | l9LjSN95Al0VPoWE8zgjnytecu2UN5+0k12bfcj0zjKdAxEVD3y9Id1MJIze7/PA 24 | 6v3LOk+SSs8M0ASmZEnDBTCbDRpXlDDUKEEmMIBRdvpTxjiUnwD2tHwhXR8m6vw6 25 | 749i+mdc8fgljTey8sJLKxTabbYNgTHLi9lCMdmPlKU2QJYsIwIBpqF2/eenNyZT 26 | LvlW/aBUU7Li3etUnJeP9ig+V2LuDhyT6TlVPsFKCCruoy7faSjW2/2wlVcasGQp 27 | YqqqqtQJyVDRud6ig7oH3EWSvUySEmywjBp5zfwrMw3jeWkwHbkBjQRf/YnGAQwA 28 | tk5NBR7SCwYwEsmPDUX/SJ98eGHb1nux/cRaX+K2KgX7Yi3hhlFs/InkiiNKs+Au 29 | 0N5ZBIXltypguo5jE3MwXQxLr2MfJ74bdDXR7z3BmBB92BMaS+tHNJWroYnqiSQ7 30 | 2PXfWRF9PtlChF12NyK6SVrQg58IqJjf5MQ8hodgIk0t21qCvxe/IotktjKHy2Vn 31 | gvKPjtT05qXpAK0CP8N5wtOc4WnFCxvNTI7e1KkYS4dvXHL6V+WvqL3saGIXY5Iy 32 | 0jYZW5xMxh691C+HvHQ8/Lof3Enenz3hDJR0X9wvzusxBJWwg/vqRIR8+YYKSHj1 33 | VEFycTabqGLlnPpYpFqDOdqS2gDtdrD6FEsrSpy9pBd98XAzjkn6BW4Rf0PTaJ/z 34 | b3paHsqxEnWbamANs5GYs1Y/1rEIl66jOhZB9Sua22/wfGd3PvfM6nxi825l4coO 35 | bbivRY6U4/WtxQUcK8zdoF97zUlvbNNN0LsluZ0tBF44o5vt7f4aCGXZ8XMVIef1 36 | ABEBAAGJA8QEGAECAA8FAl/9icYCGwIFCQWjmoABqQkQSI/PfDq7NPjA3SAEGQEC 37 | AAYFAl/9icYACgkQUdZkfsIa1upqtQv/R9oLsG3g4Rg2MKDrXYSa94n1CBY5ESDL 38 | 1N0mZTWQ5nVdfIWWifnpe72VDBR3Y+r5ootnCHq09DbK+K3q82q2UmGEq968mR96 39 | LKGjWuTS1rY/MCbQbW+jcrnju0T3bCcImggMJoYCzuUnBfIkexObwi/YidqgL92+ 40 | nw3NzqeWnq+gu/1Q2ngzhN8Ft4mwOcFr9H0px0476LLvR+7lrSu2HqGeHk+fUA4c 41 | ZNwvsgGYgCAJhz8fPwKCoLrxsE82bkZ86JgUJEcMu0ki4UFo3rg6NmkDwnrYO61l 42 | MOrBCxt/lPJz7d8L9oCLu9pJSBsKH9RNqO10NAoEMppKwnQSz6RQFRJj7WNW+OEs 43 | mjZt7sNrTr0Y+udx58Sqd0C5k7lGUtYWKKGpLfdz0RLnBTTFmjnB3Y2uyOJFc4FS 44 | g251yjk9ds1AFjdRThQ2kFpZzQAo5ei6zMBaZATg0E2uk4HAfpQ58CPGj4f1k3py 45 | 1N2hYUA+qksZIVxjFfwYr5LCv4tMZumZl6UP/je7EHh5IGkB1+Bpeyj3dudZblvM 46 | lE6kdGridxInbiJvgqBSdprIksR8wm1Vy/Z1/lHEM6QnUODGyRAbjQHL3kPKloPj 47 | lKr8TNAELbmVTZjBRJowsGw27rhYAaji/qEet/0ALfu2l3QuOQ38dyuPpxlDSTLY 48 | WnajVIgvSJUU3Yl38Lp3UTuHdtdiNWgyHkLOA/11GK14RSWYsjZAamstlSpl24Op 49 | yKLN5z+q4tNAs+tfQrWNRi3SMG7UDroxztJVkHGvuJ2DT/Q6tANigPzipLzSgOIO 50 | 8Wa2aQmqtQ4V0eB2S4DxcMckHti3+4fbrzBzeN/PFaIVLwUtdsUdBs+TtSZFdN9e 51 | i0oLUChIYKDvVBGqgmIor6YgenNSSZni3rj+RRA3gQom7jyVrQPgUv7lsv/MLCmg 52 | Ogpibxs3+SDbbZ6tP0D8uxdRnB4NVeENewlqw/ImacgjLtjBHaq+BebjWErIAkdX 53 | VnjWoLdZoV3B4ComKsjFNf7sfbzV/T2Xpg/r/u1WkiSjvD0mkSZ+3seDjd6oL20s 54 | p7jGLnSGZqGsUksJym0tWRvuyspgTELZlcjuMfHKuKmYudYFi+Y48+YsdJ7UetNT 55 | kAIBinjtZwEEAP4GumNNy7f4l4tt1CBy1EgoYtYCcJC5SGyhWMee3L3hLhHe7Iwd 56 | 72EHtteVBoVn0eg6 57 | =rEWJ 58 | -----END PGP PUBLIC KEY BLOCK----- 59 | -----BEGIN PGP PUBLIC KEY BLOCK----- 60 | 61 | mQINBGUlFG8BEADc0kEC57b722MbPVkI8aoYFAEWM+lj084H26msZpAYVfW7fCi5 62 | S7g3n6htVdvvnB6MrJANitZgQhMyC7tchNQz5sjrFffasNkOoI5Q27PSrG676ILP 63 | diowPWfJkwrN0f0UcJsV3w5KBedvUXJnoa64lP/oBFkbz3SvUTqZFkSBzOfCTdXW 64 | bvpZonghgm/AEU8wqsdOitXU23Xn4fsPB7aULgR31jz3irnaUDFXUnNqoiQpU6JB 65 | P6WiFqN/IZMH95HW1WlMBGSOalSbQUlNEND3J0lxK2a33UBmTdR3aLyS+o9P8+7b 66 | Cdzbkrs1fXXVxxvlaQdSWBSjVULUZjKIZ+HtqhIaTiBELa7JHBEBbEZgNHpymmc8 67 | hIF6fdTbzbbYx9MbNmpzCcr+SKHubCdvZyX2FsWK1CHvYx6iPc9wcu4x9yh8MIfp 68 | KpLSJG1SaSCHbUdatpsOSQK2pbIN3THsvFrKPVssLrMgVjwp22Q3vMFL+ldq0vZ5 69 | 6uIIiNRKrX2CKKrUy1kF7FjDNMx4riaCQHs5vp7qOttxv0E/X4Z9B4QZdC02H2Mq 70 | Ea5LoDxONutv+JMzWFyxIEQvbnfdDSu4QUDkn3H1WkBNmqTUwny5DSxZNjGB8a6P 71 | ISaIE+kN2pp5v9eB8Q4+4BxbU2G2/Jy/V6bFC8eLL+PIKodPKbpCqoPyGwARAQAB 72 | tCdBbG1hTGludXggT1MgOCA8cGFja2FnZXJAYWxtYWxpbnV4Lm9yZz6JAk8EEwEI 73 | ADkWIQS8Xt3K31AsB38Vgogq6B6KztcliwUCZSUUbwIbAwQLCQgHAyICAQQVCgkI 74 | BBYCAwECHgcCF4AACgkQKugeis7XJYvOeA/9E/hJwfd7UPtvsv+y7Wiei1NCt+OJ 75 | AzJQPjEzHJNmLAD157AHtpA2yZpB9GlRQkjRu40fn0It20mwjnl0j5oHF9HnQ+/H 76 | Qtiw9pwgNpZJaTe5YnzETbGqrrOVgWihkJyJhn42vtuirNu7pKJvWilRvz1a81JK 77 | i/okezXp1KBrgrxR/bG26c8k61AK6n/ExI1MoHZhyaAAebFqG8vTiWTuC2a4t7SD 78 | pxbzsn5CMuXqVY1gxIdiUGzgrXfSm5WgpSYEG01VN+VF885caPvtMHoLBy/pLGN3 79 | 5TKp4pKiA9JGQxtlZLdO666UbpgbjoxFYxNZEwY3Tdx37zbsP4pHcaN8fOGbk5mG 80 | h8LwkjppPZzoXONyBfUJ+uHBEzRJEw4KtVRgaZZfCcojRvmyJB4TAM1SYkikaw8F 81 | 0gi3OPRWtVdEogxP0XD/tTrPSKo7pTDEk17HIyKCU0KxF4ZSbxXFMeH5OZUQAQM4 82 | l7ECGNg3bVhXC66AHE72mz/PN39M2Z0Sww7GWYCf6IDhhkeTxYx+I7VW1Uo9ht5L 83 | i3ZRMbX/h6NBYTUaPJEx3fwixNv2+RtE3m4JIxg76xBOYGLyIRlaImWNGKTnGz5m 84 | IBRP5Vm7nRdFOOFhNz+iDIyq0LEyhGU7xCriFaL+ozXLiIzycidgTTZW3WfkHxlr 85 | ZEzov/wIBeoaIp8= 86 | =mC/C 87 | -----END PGP PUBLIC KEY BLOCK----- 88 | -------------------------------------------------------------------------------- /cmd/semvalidator/main.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2024 Tigera, Inc. All rights reserved. 2 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | import ( 18 | "bytes" 19 | "encoding/json" 20 | "flag" 21 | "fmt" 22 | "net/http" 23 | "os" 24 | "path/filepath" 25 | "strings" 26 | 27 | "github.com/sirupsen/logrus" 28 | ) 29 | 30 | var ( 31 | dir string 32 | skipDir string 33 | file string 34 | org string 35 | orgURL string 36 | token string 37 | debug bool 38 | ) 39 | 40 | func init() { 41 | flag.StringVar(&dir, "dirs", "", "comma separated list of directories to search for Semaphore pipeline files") 42 | flag.StringVar(&skipDir, "skip-dirs", "", "comma separated list of directories to skip when searching for Semaphore pipeline files") 43 | flag.StringVar(&file, "files", "", "comma separated list of Semaphore pipeline files") 44 | flag.StringVar(&org, "org", "", "Semaphore organization") 45 | flag.StringVar(&orgURL, "org-url", "", "Semaphore organization URL") 46 | flag.StringVar(&token, "token", "", "Semaphore API token") 47 | flag.BoolVar(&debug, "debug", false, "enable debug logging") 48 | } 49 | 50 | func inSkipDirs(path string, skipDirs []string) bool { 51 | if len(skipDirs) == 0 { 52 | return false 53 | } 54 | for _, skipDir := range skipDirs { 55 | if strings.HasSuffix(path, skipDir) { 56 | return true 57 | } 58 | } 59 | return false 60 | } 61 | 62 | func getPipelineYAMLFiles(dir string, skipDirs []string) ([]string, error) { 63 | var files []string 64 | err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error { 65 | if err != nil { 66 | return err 67 | } 68 | // Skip the YAML .semaphore/semaphore.yml.d directory 69 | // as it contains building blocks which are not full pipeline definitions 70 | // The resulting pipeline will be validated as part of semaphore.yml and semaphore-scheduled-builds.yml 71 | if info.IsDir() && !inSkipDirs(path, skipDirs) { 72 | return filepath.SkipDir 73 | } 74 | if !info.IsDir() && (filepath.Ext(path) == ".yml" || filepath.Ext(path) == ".yaml") { 75 | files = append(files, path) 76 | } 77 | return nil 78 | }) 79 | return files, err 80 | } 81 | 82 | func validateYAML(file, baseURL, token string) error { 83 | logrus.WithField("file", file).Info("validating YAML") 84 | content, err := os.ReadFile(file) 85 | if err != nil { 86 | logrus.WithError(err).Error("failed to read file") 87 | return err 88 | } 89 | payload := map[string]string{ 90 | "yaml_definition": fmt.Sprintf("%v", string(content)), 91 | } 92 | data, err := json.Marshal(payload) 93 | if err != nil { 94 | logrus.WithError(err).Error("failed to marshal payload for yaml validation") 95 | return err 96 | } 97 | req, err := http.NewRequest(http.MethodPost, fmt.Sprintf("%s/api/v1alpha/yaml", baseURL), bytes.NewBuffer(data)) 98 | if err != nil { 99 | logrus.WithError(err).Error("failed to create request for yaml validation") 100 | return err 101 | } 102 | req.Header.Set("Content-Type", "application/json") 103 | req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) 104 | resp, err := http.DefaultClient.Do(req) 105 | if err != nil { 106 | logrus.WithError(err).Error("failed to make request for yaml validation") 107 | return err 108 | } 109 | defer resp.Body.Close() 110 | if resp.StatusCode != http.StatusOK { 111 | return fmt.Errorf("failed to validate YAML: %s", resp.Status) 112 | } 113 | result := map[string]interface{}{} 114 | if err := json.NewDecoder(resp.Body).Decode(&result); err != nil { 115 | logrus.WithError(err).Error("failed to decode response for yaml validation") 116 | return err 117 | } 118 | logrus.Debug(result["message"].(string)) 119 | return nil 120 | } 121 | 122 | func main() { 123 | flag.Parse() 124 | if debug { 125 | logrus.SetLevel(logrus.DebugLevel) 126 | } 127 | // Validate flags 128 | if orgURL == "" && org == "" { 129 | logrus.Fatal("Either Semaphore organization URL or organization name is required, use the -org-url or -org flag to specify the organization") 130 | } else if orgURL != "" && org != "" { 131 | logrus.Fatal("Only one of Semaphore organization URL or organization name is required, use either the -org-url or -org flag to specify the organization") 132 | } 133 | if token == "" { 134 | if os.Getenv("SEMAPHORE_API_TOKEN") == "" { 135 | logrus.Fatal("Semaphore API token is required, use the -token flag to specify the token or set as environment variable SEMAPHORE_API_TOKEN") 136 | } else { 137 | token = os.Getenv("SEMAPHORE_API_TOKEN") 138 | } 139 | } 140 | 141 | // Get YAML files 142 | var yamlFiles []string 143 | if file != "" { 144 | yamlFiles = strings.Split(file, ",") 145 | } 146 | if dir != "" { 147 | semaphoreDirs := strings.Split(dir, ",") 148 | logrus.WithField("semaphoreDirs", semaphoreDirs).Debug("looking for pipeline YAML files") 149 | for _, semaphoreDir := range semaphoreDirs { 150 | files, err := getPipelineYAMLFiles(semaphoreDir, strings.Split(skipDir, ",")) 151 | if err != nil { 152 | logrus.WithError(err).Errorf("failed to get YAML files in %s", semaphoreDir) 153 | continue 154 | } 155 | yamlFiles = append(yamlFiles, files...) 156 | } 157 | } 158 | if len(yamlFiles) == 0 { 159 | logrus.Fatal("no YAML files found, use either -dirs or -files to specify the location of Semaphore pipeline files") 160 | } 161 | logrus.Debugf("will validate %d YAML pipeline file(s)", len(yamlFiles)) 162 | var failedFiles []string 163 | 164 | // Send YAML files for validation 165 | baseURL := orgURL 166 | if org != "" { 167 | baseURL = fmt.Sprintf("https://%s.semaphoreci.com", org) 168 | } 169 | for _, file := range yamlFiles { 170 | err := validateYAML(file, baseURL, token) 171 | if err != nil { 172 | logrus.WithError(err).Error("invalid YAML definition") 173 | failedFiles = append(failedFiles, file) 174 | } 175 | } 176 | if len(failedFiles) > 0 { 177 | logrus.Fatalf("failed to validate %d files", len(failedFiles)) 178 | } else { 179 | logrus.Info("all pipeline YAML files are valid") 180 | } 181 | } 182 | -------------------------------------------------------------------------------- /images/calico-base/licenses/BSD: -------------------------------------------------------------------------------- 1 | Copyright (c) 2017 The Go Authors. All rights reserved. 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are 5 | met: 6 | 7 | * Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above 10 | copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the 12 | distribution. 13 | * Neither the name of Google Inc. nor the names of its 14 | contributors may be used to endorse or promote products derived from 15 | this software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | ==================================================================== 30 | 31 | Copyright (c) 2009,2014 Google Inc. All rights reserved. 32 | 33 | Redistribution and use in source and binary forms, with or without 34 | modification, are permitted provided that the following conditions are 35 | met: 36 | 37 | * Redistributions of source code must retain the above copyright 38 | notice, this list of conditions and the following disclaimer. 39 | * Redistributions in binary form must reproduce the above 40 | copyright notice, this list of conditions and the following disclaimer 41 | in the documentation and/or other materials provided with the 42 | distribution. 43 | * Neither the name of Google Inc. nor the names of its 44 | contributors may be used to endorse or promote products derived from 45 | this software without specific prior written permission. 46 | 47 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 48 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 49 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 50 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 51 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 52 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 53 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 54 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 55 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 56 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 57 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 58 | 59 | ==================================================================== 60 | 61 | Copyright (c) 2013 Dario Castañé. All rights reserved. 62 | Copyright (c) 2012 The Go Authors. All rights reserved. 63 | 64 | Redistribution and use in source and binary forms, with or without 65 | modification, are permitted provided that the following conditions are 66 | met: 67 | 68 | * Redistributions of source code must retain the above copyright 69 | notice, this list of conditions and the following disclaimer. 70 | * Redistributions in binary form must reproduce the above 71 | copyright notice, this list of conditions and the following disclaimer 72 | in the documentation and/or other materials provided with the 73 | distribution. 74 | * Neither the name of Google Inc. nor the names of its 75 | contributors may be used to endorse or promote products derived from 76 | this software without specific prior written permission. 77 | 78 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 79 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 80 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 81 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 82 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 83 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 84 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 85 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 86 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 87 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 88 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 89 | 90 | ==================================================================== 91 | 92 | Copyright (c) 2015, Dave Cheney 93 | All rights reserved. 94 | 95 | Redistribution and use in source and binary forms, with or without 96 | modification, are permitted provided that the following conditions are met: 97 | 98 | * Redistributions of source code must retain the above copyright notice, this 99 | list of conditions and the following disclaimer. 100 | 101 | * Redistributions in binary form must reproduce the above copyright notice, 102 | this list of conditions and the following disclaimer in the documentation 103 | and/or other materials provided with the distribution. 104 | 105 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 106 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 107 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 108 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 109 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 110 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 111 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 112 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 113 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 114 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 115 | 116 | ==================================================================== 117 | 118 | Copyright (c) 2012 Alex Ogier. All rights reserved. 119 | Copyright (c) 2012 The Go Authors. All rights reserved. 120 | 121 | Redistribution and use in source and binary forms, with or without 122 | modification, are permitted provided that the following conditions are 123 | met: 124 | 125 | * Redistributions of source code must retain the above copyright 126 | notice, this list of conditions and the following disclaimer. 127 | * Redistributions in binary form must reproduce the above 128 | copyright notice, this list of conditions and the following disclaimer 129 | in the documentation and/or other materials provided with the 130 | distribution. 131 | * Neither the name of Google Inc. nor the names of its 132 | contributors may be used to endorse or promote products derived from 133 | this software without specific prior written permission. 134 | 135 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 136 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 137 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 138 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 139 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 140 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 141 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 142 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 143 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 144 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 145 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 146 | 147 | ==================================================================== 148 | 149 | -------------------------------------------------------------------------------- /images/calico-base/tmp.tar: -------------------------------------------------------------------------------- 1 | tmp/0001777000000000000000000000000013140662635010367 5ustar rootroot -------------------------------------------------------------------------------- /images/calico-go-build/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG TARGETARCH=${TARGETARCH} 2 | 3 | FROM calico/bpftool:v7.4.0 AS bpftool 4 | 5 | FROM registry.access.redhat.com/ubi8/ubi:latest AS ubi 6 | 7 | ARG TARGETARCH 8 | 9 | ARG CONTAINERREGISTRY_VERSION=v0.20.7 10 | ARG CONTROLLER_TOOLS_VERSION=v0.18.0 11 | ARG GO_LINT_VERSION=v2.6.2 12 | ARG MOCKERY_VERSION=3.5.5 13 | ARG PROTOC_VERSION=33.1 14 | ARG YQ_VERSION=v4.49.2 15 | 16 | ENV PATH=/usr/local/go/bin:$PATH 17 | 18 | # Install system dependencies 19 | RUN dnf upgrade -y && dnf install -y \ 20 | autoconf \ 21 | automake \ 22 | bsdtar \ 23 | gcc \ 24 | gcc-c++ \ 25 | git \ 26 | iputils \ 27 | jq \ 28 | libcurl-devel \ 29 | libpcap-devel \ 30 | libtool \ 31 | make \ 32 | openssh-clients \ 33 | patch \ 34 | pcre-devel \ 35 | pkg-config \ 36 | wget \ 37 | xz \ 38 | zip 39 | 40 | # Install yq and copy versions.yaml 41 | RUN curl -sfL https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_${TARGETARCH} -o /usr/local/bin/yq && chmod +x /usr/local/bin/yq 42 | 43 | COPY versions.yaml /etc/versions.yaml 44 | 45 | # Install system dependencies that are not in UBI repos 46 | COPY almalinux/RPM-GPG-KEY-AlmaLinux /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux 47 | COPY almalinux/almalinux*.repo /etc/yum.repos.d/ 48 | 49 | RUN set -eux; \ 50 | llvm_version=$(yq -r .llvm.version /etc/versions.yaml); \ 51 | dnf --enablerepo=baseos,powertools,appstream install -y \ 52 | clang-${llvm_version} \ 53 | elfutils-libelf-devel \ 54 | iproute-devel \ 55 | iproute-tc \ 56 | libbpf-devel \ 57 | llvm-${llvm_version} 58 | 59 | RUN set -eux; \ 60 | if [ "${TARGETARCH}" = "amd64" ]; then \ 61 | dnf --enablerepo=powertools install -y \ 62 | mingw64-gcc; \ 63 | fi 64 | 65 | # Install Google Cloud SDK for GCR/GAR 66 | # See https://cloud.google.com/sdk/docs/install#rpm for installation details 67 | COPY google/google-cloud-sdk.repo /etc/yum.repos.d/google-cloud-sdk.repo 68 | 69 | RUN set -eux; \ 70 | if [ "${TARGETARCH}" = "amd64" ] || [ "${TARGETARCH}" = "arm64" ]; then \ 71 | dnf --enablerepo=google-cloud-cli install -y \ 72 | google-cloud-cli \ 73 | google-cloud-cli-docker-credential-gcr; \ 74 | fi 75 | 76 | RUN dnf clean all 77 | 78 | # Install Go official release 79 | RUN set -eux; \ 80 | golang_version=$(yq -r .golang.version /etc/versions.yaml); \ 81 | golang_checksum=$(yq -r .golang.checksum.sha256.${TARGETARCH} /etc/versions.yaml); \ 82 | url=; \ 83 | case "${TARGETARCH}" in \ 84 | 'amd64') \ 85 | url="https://dl.google.com/go/go${golang_version}.linux-amd64.tar.gz"; \ 86 | sha256="${golang_checksum}"; \ 87 | ;; \ 88 | 'arm64') \ 89 | url="https://dl.google.com/go/go${golang_version}.linux-arm64.tar.gz"; \ 90 | sha256="${golang_checksum}"; \ 91 | ;; \ 92 | 'ppc64le') \ 93 | url="https://dl.google.com/go/go${golang_version}.linux-ppc64le.tar.gz"; \ 94 | sha256="${golang_checksum}"; \ 95 | ;; \ 96 | 's390x') \ 97 | url="https://dl.google.com/go/go${golang_version}.linux-s390x.tar.gz"; \ 98 | sha256="${golang_checksum}"; \ 99 | ;; \ 100 | *) echo >&2 "error: unsupported architecture '${TARGETARCH}'"; exit 1 ;; \ 101 | esac; \ 102 | \ 103 | wget -O go.tgz.asc "$url.asc"; \ 104 | wget -O go.tgz "$url" --progress=dot:giga; \ 105 | echo "$sha256 *go.tgz" | sha256sum -c -; \ 106 | \ 107 | # https://github.com/golang/go/issues/14739#issuecomment-324767697 108 | GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ 109 | # https://www.google.com/linuxrepositories/ 110 | gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796'; \ 111 | # let's also fetch the specific subkey of that key explicitly that we expect "go.tgz.asc" to be signed by, just to make sure we definitely have it 112 | gpg --batch --keyserver keyserver.ubuntu.com --recv-keys '2F52 8D36 D67B 69ED F998 D857 78BD 6547 3CB3 BD13'; \ 113 | gpg --batch --verify go.tgz.asc go.tgz; \ 114 | gpgconf --kill all; \ 115 | rm -rf "$GNUPGHOME" go.tgz.asc; \ 116 | \ 117 | tar -C /usr/local -xzf go.tgz; \ 118 | rm -f go.tgz*; \ 119 | \ 120 | go version 121 | 122 | # don't auto-upgrade the gotoolchain 123 | # https://github.com/docker-library/golang/issues/472 124 | ENV GOTOOLCHAIN=local 125 | 126 | ENV GOPATH=/go 127 | ENV PATH=$GOPATH/bin:$PATH 128 | RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH" 129 | 130 | # su-exec is used by the entrypoint script to execute the user's command with the right UID/GID. 131 | RUN set -eux; \ 132 | curl -sfL https://raw.githubusercontent.com/ncopa/su-exec/master/su-exec.c -o /tmp/su-exec.c; \ 133 | gcc -Wall -O2 /tmp/su-exec.c -o /usr/bin/su-exec; \ 134 | rm -f /tmp/su-exec.c 135 | 136 | # Install Protocol Buffers compiler 137 | RUN set -eux; \ 138 | case "${TARGETARCH}" in \ 139 | 'amd64') \ 140 | url="https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-x86_64.zip"; \ 141 | ;; \ 142 | 'arm64') \ 143 | url="https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-aarch_64.zip"; \ 144 | ;; \ 145 | 'ppc64le') \ 146 | url="https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-ppcle_64.zip"; \ 147 | ;; \ 148 | 's390x') \ 149 | url="https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-s390_64.zip"; \ 150 | ;; \ 151 | *) echo >&2 "error: unsupported architecture '${TARGETARCH}'"; exit 1 ;; \ 152 | esac; \ 153 | \ 154 | curl -sfL "$url" | bsdtar -xf - -C /usr && chmod +x /usr/bin/protoc; \ 155 | \ 156 | protoc --version 157 | 158 | # Install Go utilities 159 | 160 | # controller-gen is used for generating CRD files. 161 | COPY patches/controller-gen-Support-Calico-NumOrString-types.patch /tmp/controller-tools/calico.patch 162 | 163 | RUN set -eux; \ 164 | curl -sfL https://github.com/kubernetes-sigs/controller-tools/archive/refs/tags/${CONTROLLER_TOOLS_VERSION}.tar.gz | tar xz --strip-components 1 -C /tmp/controller-tools; \ 165 | cd /tmp/controller-tools && patch -p1 < calico.patch && CGO_ENABLED=0 go build -o /usr/local/bin/controller-gen -v -buildvcs=false \ 166 | -ldflags "-X sigs.k8s.io/controller-tools/pkg/version.version=${CONTROLLER_TOOLS_VERSION} -s -w" ./cmd/controller-gen; \ 167 | rm -fr /tmp/controller-tools 168 | 169 | # crane is needed for our release targets to copy images from the dev registries to the release registries. 170 | RUN set -eux; \ 171 | if [ "${TARGETARCH}" = "amd64" ]; then \ 172 | curl -sfL https://github.com/google/go-containerregistry/releases/download/${CONTAINERREGISTRY_VERSION}/go-containerregistry_Linux_x86_64.tar.gz | tar xz -C /usr/local/bin crane; \ 173 | fi 174 | 175 | RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b /usr/local/bin $GO_LINT_VERSION 176 | 177 | # Install necessary Kubernetes binaries used in tests. 178 | RUN set -eux; \ 179 | k8s_version=$(yq -r .kubernetes.version /etc/versions.yaml); \ 180 | curl -sfL https://dl.k8s.io/v${k8s_version}/bin/linux/${TARGETARCH}/kube-apiserver -o /usr/local/bin/kube-apiserver && chmod +x /usr/local/bin/kube-apiserver && \ 181 | curl -sfL https://dl.k8s.io/release/v${k8s_version}/bin/linux/${TARGETARCH}/kubectl -o /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl && \ 182 | curl -sfL https://dl.k8s.io/v${k8s_version}/bin/linux/${TARGETARCH}/kube-controller-manager -o /usr/local/bin/kube-controller-manager && chmod +x /usr/local/bin/kube-controller-manager 183 | 184 | RUN set -eux; \ 185 | case "${TARGETARCH}" in \ 186 | 'amd64') \ 187 | curl -sfL https://github.com/vektra/mockery/releases/download/v${MOCKERY_VERSION}/mockery_${MOCKERY_VERSION}_Linux_x86_64.tar.gz | tar xz -C /usr/local/bin --extract mockery; \ 188 | ;; \ 189 | 'arm64') \ 190 | curl -sfL https://github.com/vektra/mockery/releases/download/v${MOCKERY_VERSION}/mockery_${MOCKERY_VERSION}_Linux_arm64.tar.gz | tar xz -C /usr/local/bin --extract mockery; \ 191 | ;; \ 192 | *) echo >&2 "warning: unsupported architecture '${TARGETARCH}'" ;; \ 193 | esac 194 | 195 | # Install go programs that we rely on 196 | # Install ginkgo v2 as ginkgo2 and keep ginkgo v1 as ginkgo 197 | RUN set -eux; \ 198 | k8s_libs_version=$(yq -r .kubernetes.version /etc/versions.yaml | sed 's/^1/0/'); \ 199 | go install github.com/onsi/ginkgo/v2/ginkgo@v2.27.2 && mv /go/bin/ginkgo /go/bin/ginkgo2 && \ 200 | go install github.com/onsi/ginkgo/ginkgo@v1.16.5 && \ 201 | go install github.com/jstemmer/go-junit-report@v1.0.0 && \ 202 | go install github.com/wadey/gocovmerge@v0.0.0-20160331181800-b5bfa59ec0ad && \ 203 | go install golang.org/x/tools/cmd/goimports@v0.39.0 && \ 204 | go install golang.org/x/tools/cmd/stringer@v0.39.0 && \ 205 | go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.6.0 && \ 206 | go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.36.10 && \ 207 | go install gotest.tools/gotestsum@v1.13.0 && \ 208 | go install k8s.io/code-generator/cmd/client-gen@v${k8s_libs_version} && \ 209 | go install k8s.io/code-generator/cmd/conversion-gen@v${k8s_libs_version} && \ 210 | go install k8s.io/code-generator/cmd/deepcopy-gen@v${k8s_libs_version} && \ 211 | go install k8s.io/code-generator/cmd/defaulter-gen@v${k8s_libs_version} && \ 212 | go install k8s.io/code-generator/cmd/informer-gen@v${k8s_libs_version} && \ 213 | go install k8s.io/code-generator/cmd/lister-gen@v${k8s_libs_version} && \ 214 | go install k8s.io/kube-openapi/cmd/openapi-gen@v0.0.0-20251125145642-4e65d59e963e && \ 215 | go install mvdan.cc/gofumpt@v0.9.2 216 | 217 | # Cleanup module cache after we have built and installed all Go utilities 218 | RUN go clean -modcache && go clean -cache 219 | 220 | # Ensure that everything under the GOPATH is writable by everyone 221 | RUN chmod -R 777 $GOPATH 222 | 223 | # Do not create mail box. 224 | RUN sed -i 's/^CREATE_MAIL_SPOOL=yes/CREATE_MAIL_SPOOL=no/' /etc/default/useradd 225 | 226 | # Allow validated remote servers 227 | COPY ssh_known_hosts /etc/ssh/ssh_known_hosts 228 | 229 | # Copy bpftool for Felix UT/FV. 230 | COPY --from=bpftool /bpftool /usr/bin 231 | 232 | # Copy semvalidator release tool. 233 | COPY bin/semvalidator-${TARGETARCH} /usr/local/bin/semvalidator 234 | 235 | COPY entrypoint.sh /usr/local/bin/entrypoint.sh 236 | 237 | # Squash into a single layer 238 | FROM scratch 239 | 240 | ENV GOPATH=/go 241 | ENV GOTOOLCHAIN=local 242 | ENV PATH=$GOPATH/bin:/usr/local/go/bin:$PATH 243 | 244 | COPY --from=ubi / / 245 | 246 | ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] 247 | -------------------------------------------------------------------------------- /images/calico-base/licenses/Mozilla-public: -------------------------------------------------------------------------------- 1 | Mozilla Public License, version 2.0 2 | 3 | 1. Definitions 4 | 5 | 1.1. “Contributor” 6 | 7 | means each individual or legal entity that creates, contributes to the 8 | creation of, or owns Covered Software. 9 | 10 | 1.2. “Contributor Version” 11 | 12 | means the combination of the Contributions of others (if any) used by a 13 | Contributor and that particular Contributor’s Contribution. 14 | 15 | 1.3. “Contribution” 16 | 17 | means Covered Software of a particular Contributor. 18 | 19 | 1.4. “Covered Software” 20 | 21 | means Source Code Form to which the initial Contributor has attached the 22 | notice in Exhibit A, the Executable Form of such Source Code Form, and 23 | Modifications of such Source Code Form, in each case including portions 24 | thereof. 25 | 26 | 1.5. “Incompatible With Secondary Licenses” 27 | means 28 | 29 | a. that the initial Contributor has attached the notice described in 30 | Exhibit B to the Covered Software; or 31 | 32 | b. that the Covered Software was made available under the terms of version 33 | 1.1 or earlier of the License, but not also under the terms of a 34 | Secondary License. 35 | 36 | 1.6. “Executable Form” 37 | 38 | means any form of the work other than Source Code Form. 39 | 40 | 1.7. “Larger Work” 41 | 42 | means a work that combines Covered Software with other material, in a separate 43 | file or files, that is not Covered Software. 44 | 45 | 1.8. “License” 46 | 47 | means this document. 48 | 49 | 1.9. “Licensable” 50 | 51 | means having the right to grant, to the maximum extent possible, whether at the 52 | time of the initial grant or subsequently, any and all of the rights conveyed by 53 | this License. 54 | 55 | 1.10. “Modifications” 56 | 57 | means any of the following: 58 | 59 | a. any file in Source Code Form that results from an addition to, deletion 60 | from, or modification of the contents of Covered Software; or 61 | 62 | b. any new file in Source Code Form that contains any Covered Software. 63 | 64 | 1.11. “Patent Claims” of a Contributor 65 | 66 | means any patent claim(s), including without limitation, method, process, 67 | and apparatus claims, in any patent Licensable by such Contributor that 68 | would be infringed, but for the grant of the License, by the making, 69 | using, selling, offering for sale, having made, import, or transfer of 70 | either its Contributions or its Contributor Version. 71 | 72 | 1.12. “Secondary License” 73 | 74 | means either the GNU General Public License, Version 2.0, the GNU Lesser 75 | General Public License, Version 2.1, the GNU Affero General Public 76 | License, Version 3.0, or any later versions of those licenses. 77 | 78 | 1.13. “Source Code Form” 79 | 80 | means the form of the work preferred for making modifications. 81 | 82 | 1.14. “You” (or “Your”) 83 | 84 | means an individual or a legal entity exercising rights under this 85 | License. For legal entities, “You” includes any entity that controls, is 86 | controlled by, or is under common control with You. For purposes of this 87 | definition, “control” means (a) the power, direct or indirect, to cause 88 | the direction or management of such entity, whether by contract or 89 | otherwise, or (b) ownership of more than fifty percent (50%) of the 90 | outstanding shares or beneficial ownership of such entity. 91 | 92 | 93 | 2. License Grants and Conditions 94 | 95 | 2.1. Grants 96 | 97 | Each Contributor hereby grants You a world-wide, royalty-free, 98 | non-exclusive license: 99 | 100 | a. under intellectual property rights (other than patent or trademark) 101 | Licensable by such Contributor to use, reproduce, make available, 102 | modify, display, perform, distribute, and otherwise exploit its 103 | Contributions, either on an unmodified basis, with Modifications, or as 104 | part of a Larger Work; and 105 | 106 | b. under Patent Claims of such Contributor to make, use, sell, offer for 107 | sale, have made, import, and otherwise transfer either its Contributions 108 | or its Contributor Version. 109 | 110 | 2.2. Effective Date 111 | 112 | The licenses granted in Section 2.1 with respect to any Contribution become 113 | effective for each Contribution on the date the Contributor first distributes 114 | such Contribution. 115 | 116 | 2.3. Limitations on Grant Scope 117 | 118 | The licenses granted in this Section 2 are the only rights granted under this 119 | License. No additional rights or licenses will be implied from the distribution 120 | or licensing of Covered Software under this License. Notwithstanding Section 121 | 2.1(b) above, no patent license is granted by a Contributor: 122 | 123 | a. for any code that a Contributor has removed from Covered Software; or 124 | 125 | b. for infringements caused by: (i) Your and any other third party’s 126 | modifications of Covered Software, or (ii) the combination of its 127 | Contributions with other software (except as part of its Contributor 128 | Version); or 129 | 130 | c. under Patent Claims infringed by Covered Software in the absence of its 131 | Contributions. 132 | 133 | This License does not grant any rights in the trademarks, service marks, or 134 | logos of any Contributor (except as may be necessary to comply with the 135 | notice requirements in Section 3.4). 136 | 137 | 2.4. Subsequent Licenses 138 | 139 | No Contributor makes additional grants as a result of Your choice to 140 | distribute the Covered Software under a subsequent version of this License 141 | (see Section 10.2) or under the terms of a Secondary License (if permitted 142 | under the terms of Section 3.3). 143 | 144 | 2.5. Representation 145 | 146 | Each Contributor represents that the Contributor believes its Contributions 147 | are its original creation(s) or it has sufficient rights to grant the 148 | rights to its Contributions conveyed by this License. 149 | 150 | 2.6. Fair Use 151 | 152 | This License is not intended to limit any rights You have under applicable 153 | copyright doctrines of fair use, fair dealing, or other equivalents. 154 | 155 | 2.7. Conditions 156 | 157 | Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in 158 | Section 2.1. 159 | 160 | 161 | 3. Responsibilities 162 | 163 | 3.1. Distribution of Source Form 164 | 165 | All distribution of Covered Software in Source Code Form, including any 166 | Modifications that You create or to which You contribute, must be under the 167 | terms of this License. You must inform recipients that the Source Code Form 168 | of the Covered Software is governed by the terms of this License, and how 169 | they can obtain a copy of this License. You may not attempt to alter or 170 | restrict the recipients’ rights in the Source Code Form. 171 | 172 | 3.2. Distribution of Executable Form 173 | 174 | If You distribute Covered Software in Executable Form then: 175 | 176 | a. such Covered Software must also be made available in Source Code Form, 177 | as described in Section 3.1, and You must inform recipients of the 178 | Executable Form how they can obtain a copy of such Source Code Form by 179 | reasonable means in a timely manner, at a charge no more than the cost 180 | of distribution to the recipient; and 181 | 182 | b. You may distribute such Executable Form under the terms of this License, 183 | or sublicense it under different terms, provided that the license for 184 | the Executable Form does not attempt to limit or alter the recipients’ 185 | rights in the Source Code Form under this License. 186 | 187 | 3.3. Distribution of a Larger Work 188 | 189 | You may create and distribute a Larger Work under terms of Your choice, 190 | provided that You also comply with the requirements of this License for the 191 | Covered Software. If the Larger Work is a combination of Covered Software 192 | with a work governed by one or more Secondary Licenses, and the Covered 193 | Software is not Incompatible With Secondary Licenses, this License permits 194 | You to additionally distribute such Covered Software under the terms of 195 | such Secondary License(s), so that the recipient of the Larger Work may, at 196 | their option, further distribute the Covered Software under the terms of 197 | either this License or such Secondary License(s). 198 | 199 | 3.4. Notices 200 | 201 | You may not remove or alter the substance of any license notices (including 202 | copyright notices, patent notices, disclaimers of warranty, or limitations 203 | of liability) contained within the Source Code Form of the Covered 204 | Software, except that You may alter any license notices to the extent 205 | required to remedy known factual inaccuracies. 206 | 207 | 3.5. Application of Additional Terms 208 | 209 | You may choose to offer, and to charge a fee for, warranty, support, 210 | indemnity or liability obligations to one or more recipients of Covered 211 | Software. However, You may do so only on Your own behalf, and not on behalf 212 | of any Contributor. You must make it absolutely clear that any such 213 | warranty, support, indemnity, or liability obligation is offered by You 214 | alone, and You hereby agree to indemnify every Contributor for any 215 | liability incurred by such Contributor as a result of warranty, support, 216 | indemnity or liability terms You offer. You may include additional 217 | disclaimers of warranty and limitations of liability specific to any 218 | jurisdiction. 219 | 220 | 4. Inability to Comply Due to Statute or Regulation 221 | 222 | If it is impossible for You to comply with any of the terms of this License 223 | with respect to some or all of the Covered Software due to statute, judicial 224 | order, or regulation then You must: (a) comply with the terms of this License 225 | to the maximum extent possible; and (b) describe the limitations and the code 226 | they affect. Such description must be placed in a text file included with all 227 | distributions of the Covered Software under this License. Except to the 228 | extent prohibited by statute or regulation, such description must be 229 | sufficiently detailed for a recipient of ordinary skill to be able to 230 | understand it. 231 | 232 | 5. Termination 233 | 234 | 5.1. The rights granted under this License will terminate automatically if You 235 | fail to comply with any of its terms. However, if You become compliant, 236 | then the rights granted under this License from a particular Contributor 237 | are reinstated (a) provisionally, unless and until such Contributor 238 | explicitly and finally terminates Your grants, and (b) on an ongoing basis, 239 | if such Contributor fails to notify You of the non-compliance by some 240 | reasonable means prior to 60 days after You have come back into compliance. 241 | Moreover, Your grants from a particular Contributor are reinstated on an 242 | ongoing basis if such Contributor notifies You of the non-compliance by 243 | some reasonable means, this is the first time You have received notice of 244 | non-compliance with this License from such Contributor, and You become 245 | compliant prior to 30 days after Your receipt of the notice. 246 | 247 | 5.2. If You initiate litigation against any entity by asserting a patent 248 | infringement claim (excluding declaratory judgment actions, counter-claims, 249 | and cross-claims) alleging that a Contributor Version directly or 250 | indirectly infringes any patent, then the rights granted to You by any and 251 | all Contributors for the Covered Software under Section 2.1 of this License 252 | shall terminate. 253 | 254 | 5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user 255 | license agreements (excluding distributors and resellers) which have been 256 | validly granted by You or Your distributors under this License prior to 257 | termination shall survive termination. 258 | 259 | 6. Disclaimer of Warranty 260 | 261 | Covered Software is provided under this License on an “as is” basis, without 262 | warranty of any kind, either expressed, implied, or statutory, including, 263 | without limitation, warranties that the Covered Software is free of defects, 264 | merchantable, fit for a particular purpose or non-infringing. The entire 265 | risk as to the quality and performance of the Covered Software is with You. 266 | Should any Covered Software prove defective in any respect, You (not any 267 | Contributor) assume the cost of any necessary servicing, repair, or 268 | correction. This disclaimer of warranty constitutes an essential part of this 269 | License. No use of any Covered Software is authorized under this License 270 | except under this disclaimer. 271 | 272 | 7. Limitation of Liability 273 | 274 | Under no circumstances and under no legal theory, whether tort (including 275 | negligence), contract, or otherwise, shall any Contributor, or anyone who 276 | distributes Covered Software as permitted above, be liable to You for any 277 | direct, indirect, special, incidental, or consequential damages of any 278 | character including, without limitation, damages for lost profits, loss of 279 | goodwill, work stoppage, computer failure or malfunction, or any and all 280 | other commercial damages or losses, even if such party shall have been 281 | informed of the possibility of such damages. This limitation of liability 282 | shall not apply to liability for death or personal injury resulting from such 283 | party’s negligence to the extent applicable law prohibits such limitation. 284 | Some jurisdictions do not allow the exclusion or limitation of incidental or 285 | consequential damages, so this exclusion and limitation may not apply to You. 286 | 287 | 8. Litigation 288 | 289 | Any litigation relating to this License may be brought only in the courts of 290 | a jurisdiction where the defendant maintains its principal place of business 291 | and such litigation shall be governed by laws of that jurisdiction, without 292 | reference to its conflict-of-law provisions. Nothing in this Section shall 293 | prevent a party’s ability to bring cross-claims or counter-claims. 294 | 295 | 9. Miscellaneous 296 | 297 | This License represents the complete agreement concerning the subject matter 298 | hereof. If any provision of this License is held to be unenforceable, such 299 | provision shall be reformed only to the extent necessary to make it 300 | enforceable. Any law or regulation which provides that the language of a 301 | contract shall be construed against the drafter shall not be used to construe 302 | this License against a Contributor. 303 | 304 | 305 | 10. Versions of the License 306 | 307 | 10.1. New Versions 308 | 309 | Mozilla Foundation is the license steward. Except as provided in Section 310 | 10.3, no one other than the license steward has the right to modify or 311 | publish new versions of this License. Each version will be given a 312 | distinguishing version number. 313 | 314 | 10.2. Effect of New Versions 315 | 316 | You may distribute the Covered Software under the terms of the version of 317 | the License under which You originally received the Covered Software, or 318 | under the terms of any subsequent version published by the license 319 | steward. 320 | 321 | 10.3. Modified Versions 322 | 323 | If you create software not governed by this License, and you want to 324 | create a new license for such software, you may create and use a modified 325 | version of this License if you rename the license and remove any 326 | references to the name of the license steward (except to note that such 327 | modified license differs from this License). 328 | 329 | 10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses 330 | If You choose to distribute Source Code Form that is Incompatible With 331 | Secondary Licenses under the terms of this version of the License, the 332 | notice described in Exhibit B of this License must be attached. 333 | 334 | Exhibit A - Source Code Form License Notice 335 | 336 | This Source Code Form is subject to the 337 | terms of the Mozilla Public License, v. 338 | 2.0. If a copy of the MPL was not 339 | distributed with this file, You can 340 | obtain one at 341 | http://mozilla.org/MPL/2.0/. 342 | 343 | If it is not possible or desirable to put the notice in a particular file, then 344 | You may include the notice in a location (such as a LICENSE file in a relevant 345 | directory) where a recipient would be likely to look for such a notice. 346 | 347 | You may add additional accurate notices of copyright ownership. 348 | 349 | Exhibit B - “Incompatible With Secondary Licenses” Notice 350 | 351 | This Source Code Form is “Incompatible 352 | With Secondary Licenses”, as defined by 353 | the Mozilla Public License, v. 2.0. 354 | -------------------------------------------------------------------------------- /images/calico-base/licenses/MIT: -------------------------------------------------------------------------------- 1 | The MIT License 2 | 3 | Copyright (c) 2010-2017 Alex Flint. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | 23 | ==================================================================== 24 | 25 | Copyright (C) 2013 Blake Mizerany 26 | 27 | Permission is hereby granted, free of charge, to any person obtaining 28 | a copy of this software and associated documentation files (the 29 | "Software"), to deal in the Software without restriction, including 30 | without limitation the rights to use, copy, modify, merge, publish, 31 | distribute, sublicense, and/or sell copies of the Software, and to 32 | permit persons to whom the Software is furnished to do so, subject to 33 | the following conditions: 34 | 35 | The above copyright notice and this permission notice shall be 36 | included in all copies or substantial portions of the Software. 37 | 38 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 39 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 40 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 41 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 42 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 43 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 44 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 45 | 46 | ==================================================================== 47 | 48 | Copyright (c) 2012 Dave Grijalva 49 | 50 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 51 | 52 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 53 | 54 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 55 | 56 | 57 | ==================================================================== 58 | 59 | Copyright (c) 2012 Caleb Doxsey 60 | 61 | Permission is hereby granted, free of charge, to any person obtaining 62 | a copy of this software and associated documentation files (the 63 | "Software"), to deal in the Software without restriction, including 64 | without limitation the rights to use, copy, modify, merge, publish, 65 | distribute, sublicense, and/or sell copies of the Software, and to 66 | permit persons to whom the Software is furnished to do so, subject to 67 | the following conditions: 68 | 69 | The above copyright notice and this permission notice shall be included 70 | in all copies or substantial portions of the Software. 71 | 72 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 73 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 74 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 75 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 76 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 77 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 78 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 79 | ==================================================================== 80 | 81 | The MIT License (MIT) 82 | 83 | Copyright (c) 2016 Go Playground 84 | 85 | Permission is hereby granted, free of charge, to any person obtaining a copy 86 | of this software and associated documentation files (the "Software"), to deal 87 | in the Software without restriction, including without limitation the rights 88 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 89 | copies of the Software, and to permit persons to whom the Software is 90 | furnished to do so, subject to the following conditions: 91 | 92 | The above copyright notice and this permission notice shall be included in all 93 | copies or substantial portions of the Software. 94 | 95 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 96 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 97 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 98 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 99 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 100 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 101 | SOFTWARE. 102 | ==================================================================== 103 | 104 | MIT License 105 | 106 | Copyright (c) 2016 json-iterator 107 | 108 | Permission is hereby granted, free of charge, to any person obtaining a copy 109 | of this software and associated documentation files (the "Software"), to deal 110 | in the Software without restriction, including without limitation the rights 111 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 112 | copies of the Software, and to permit persons to whom the Software is 113 | furnished to do so, subject to the following conditions: 114 | 115 | The above copyright notice and this permission notice shall be included in all 116 | copies or substantial portions of the Software. 117 | 118 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 119 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 120 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 121 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 122 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 123 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 124 | SOFTWARE. 125 | 126 | ==================================================================== 127 | 128 | Copyright (c) 2014 Kelsey Hightower 129 | 130 | Permission is hereby granted, free of charge, to any person obtaining a copy of 131 | this software and associated documentation files (the "Software"), to deal in 132 | the Software without restriction, including without limitation the rights to 133 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 134 | of the Software, and to permit persons to whom the Software is furnished to do 135 | so, subject to the following conditions: 136 | 137 | The above copyright notice and this permission notice shall be included in all 138 | copies or substantial portions of the Software. 139 | 140 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 141 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 142 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 143 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 144 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 145 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 146 | SOFTWARE. 147 | 148 | ==================================================================== 149 | 150 | (The MIT License) 151 | 152 | Copyright (c) 2017 marvin + konsorten GmbH (open-source@konsorten.de) 153 | 154 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 155 | 156 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 157 | 158 | THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 159 | 160 | ==================================================================== 161 | 162 | The MIT License (MIT) 163 | 164 | Copyright (c) 2018 Peter Lithammer 165 | 166 | Permission is hereby granted, free of charge, to any person obtaining a copy 167 | of this software and associated documentation files (the "Software"), to deal 168 | in the Software without restriction, including without limitation the rights 169 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 170 | copies of the Software, and to permit persons to whom the Software is 171 | furnished to do so, subject to the following conditions: 172 | 173 | The above copyright notice and this permission notice shall be included in 174 | all copies or substantial portions of the Software. 175 | 176 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 177 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 178 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 179 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 180 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 181 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 182 | THE SOFTWARE. 183 | 184 | ==================================================================== 185 | 186 | Copyright (c) 2013-2014 Onsi Fakhouri 187 | 188 | Permission is hereby granted, free of charge, to any person obtaining 189 | a copy of this software and associated documentation files (the 190 | "Software"), to deal in the Software without restriction, including 191 | without limitation the rights to use, copy, modify, merge, publish, 192 | distribute, sublicense, and/or sell copies of the Software, and to 193 | permit persons to whom the Software is furnished to do so, subject to 194 | the following conditions: 195 | 196 | The above copyright notice and this permission notice shall be 197 | included in all copies or substantial portions of the Software. 198 | 199 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 200 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 201 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 202 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 203 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 204 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 205 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 206 | 207 | ==================================================================== 208 | 209 | Copyright (C) 2013-2018 by Maxim Bublis 210 | 211 | Permission is hereby granted, free of charge, to any person obtaining 212 | a copy of this software and associated documentation files (the 213 | "Software"), to deal in the Software without restriction, including 214 | without limitation the rights to use, copy, modify, merge, publish, 215 | distribute, sublicense, and/or sell copies of the Software, and to 216 | permit persons to whom the Software is furnished to do so, subject to 217 | the following conditions: 218 | 219 | The above copyright notice and this permission notice shall be 220 | included in all copies or substantial portions of the Software. 221 | 222 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 223 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 224 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 225 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 226 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 227 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 228 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 229 | 230 | ==================================================================== 231 | 232 | The MIT License (MIT) 233 | 234 | Copyright (c) 2014 Simon Eskildsen 235 | 236 | Permission is hereby granted, free of charge, to any person obtaining a copy 237 | of this software and associated documentation files (the "Software"), to deal 238 | in the Software without restriction, including without limitation the rights 239 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 240 | copies of the Software, and to permit persons to whom the Software is 241 | furnished to do so, subject to the following conditions: 242 | 243 | The above copyright notice and this permission notice shall be included in 244 | all copies or substantial portions of the Software. 245 | 246 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 247 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 248 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 249 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 250 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 251 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 252 | THE SOFTWARE. 253 | 254 | ==================================================================== 255 | 256 | The MIT License (MIT) 257 | 258 | Copyright (c) 2014 Sam Ghods 259 | 260 | Permission is hereby granted, free of charge, to any person obtaining a copy 261 | of this software and associated documentation files (the "Software"), to deal 262 | in the Software without restriction, including without limitation the rights 263 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 264 | copies of the Software, and to permit persons to whom the Software is 265 | furnished to do so, subject to the following conditions: 266 | 267 | The above copyright notice and this permission notice shall be included in all 268 | copies or substantial portions of the Software. 269 | 270 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 271 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 272 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 273 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 274 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 275 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 276 | SOFTWARE. 277 | 278 | 279 | Copyright (c) 2012 The Go Authors. All rights reserved. 280 | 281 | Redistribution and use in source and binary forms, with or without 282 | modification, are permitted provided that the following conditions are 283 | met: 284 | 285 | * Redistributions of source code must retain the above copyright 286 | notice, this list of conditions and the following disclaimer. 287 | * Redistributions in binary form must reproduce the above 288 | copyright notice, this list of conditions and the following disclaimer 289 | in the documentation and/or other materials provided with the 290 | distribution. 291 | * Neither the name of Google Inc. nor the names of its 292 | contributors may be used to endorse or promote products derived from 293 | this software without specific prior written permission. 294 | 295 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 296 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 297 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 298 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 299 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 300 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 301 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 302 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 303 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 304 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 305 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 306 | 307 | ==================================================================== 308 | 309 | -------------------------------------------------------------------------------- /images/calico-base/licenses/GPLv2: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc., 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Lesser General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | 294 | Copyright (C) 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License along 307 | with this program; if not, write to the Free Software Foundation, Inc., 308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 309 | 310 | Also add information on how to contact you by electronic and paper mail. 311 | 312 | If the program is interactive, make it output a short notice like this 313 | when it starts in an interactive mode: 314 | 315 | Gnomovision version 69, Copyright (C) year name of author 316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 317 | This is free software, and you are welcome to redistribute it 318 | under certain conditions; type `show c' for details. 319 | 320 | The hypothetical commands `show w' and `show c' should show the appropriate 321 | parts of the General Public License. Of course, the commands you use may 322 | be called something other than `show w' and `show c'; they could even be 323 | mouse-clicks or menu items--whatever suits your program. 324 | 325 | You should also get your employer (if you work as a programmer) or your 326 | school, if any, to sign a "copyright disclaimer" for the program, if 327 | necessary. Here is a sample; alter the names: 328 | 329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 330 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 331 | 332 | , 1 April 1989 333 | Ty Coon, President of Vice 334 | 335 | This General Public License does not permit incorporating your program into 336 | proprietary programs. If your program is a subroutine library, you may 337 | consider it more useful to permit linking proprietary applications with the 338 | library. If this is what you want to do, use the GNU Lesser General 339 | Public License instead of this License. 340 | -------------------------------------------------------------------------------- /images/calico-base/licenses/Apache-2.0: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | =================================================================================================== 204 | 205 | Apache License 206 | Version 2.0, January 2004 207 | http://www.apache.org/licenses/ 208 | 209 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 210 | 211 | 1. Definitions. 212 | 213 | "License" shall mean the terms and conditions for use, reproduction, 214 | and distribution as defined by Sections 1 through 9 of this document. 215 | 216 | "Licensor" shall mean the copyright owner or entity authorized by 217 | the copyright owner that is granting the License. 218 | 219 | "Legal Entity" shall mean the union of the acting entity and all 220 | other entities that control, are controlled by, or are under common 221 | control with that entity. For the purposes of this definition, 222 | "control" means (i) the power, direct or indirect, to cause the 223 | direction or management of such entity, whether by contract or 224 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 225 | outstanding shares, or (iii) beneficial ownership of such entity. 226 | 227 | "You" (or "Your") shall mean an individual or Legal Entity 228 | exercising permissions granted by this License. 229 | 230 | "Source" form shall mean the preferred form for making modifications, 231 | including but not limited to software source code, documentation 232 | source, and configuration files. 233 | 234 | "Object" form shall mean any form resulting from mechanical 235 | transformation or translation of a Source form, including but 236 | not limited to compiled object code, generated documentation, 237 | and conversions to other media types. 238 | 239 | "Work" shall mean the work of authorship, whether in Source or 240 | Object form, made available under the License, as indicated by a 241 | copyright notice that is included in or attached to the work 242 | (an example is provided in the Appendix below). 243 | 244 | "Derivative Works" shall mean any work, whether in Source or Object 245 | form, that is based on (or derived from) the Work and for which the 246 | editorial revisions, annotations, elaborations, or other modifications 247 | represent, as a whole, an original work of authorship. For the purposes 248 | of this License, Derivative Works shall not include works that remain 249 | separable from, or merely link (or bind by name) to the interfaces of, 250 | the Work and Derivative Works thereof. 251 | 252 | "Contribution" shall mean any work of authorship, including 253 | the original version of the Work and any modifications or additions 254 | to that Work or Derivative Works thereof, that is intentionally 255 | submitted to Licensor for inclusion in the Work by the copyright owner 256 | or by an individual or Legal Entity authorized to submit on behalf of 257 | the copyright owner. For the purposes of this definition, "submitted" 258 | means any form of electronic, verbal, or written communication sent 259 | to the Licensor or its representatives, including but not limited to 260 | communication on electronic mailing lists, source code control systems, 261 | and issue tracking systems that are managed by, or on behalf of, the 262 | Licensor for the purpose of discussing and improving the Work, but 263 | excluding communication that is conspicuously marked or otherwise 264 | designated in writing by the copyright owner as "Not a Contribution." 265 | 266 | "Contributor" shall mean Licensor and any individual or Legal Entity 267 | on behalf of whom a Contribution has been received by Licensor and 268 | subsequently incorporated within the Work. 269 | 270 | 2. Grant of Copyright License. Subject to the terms and conditions of 271 | this License, each Contributor hereby grants to You a perpetual, 272 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 273 | copyright license to reproduce, prepare Derivative Works of, 274 | publicly display, publicly perform, sublicense, and distribute the 275 | Work and such Derivative Works in Source or Object form. 276 | 277 | 3. Grant of Patent License. Subject to the terms and conditions of 278 | this License, each Contributor hereby grants to You a perpetual, 279 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 280 | (except as stated in this section) patent license to make, have made, 281 | use, offer to sell, sell, import, and otherwise transfer the Work, 282 | where such license applies only to those patent claims licensable 283 | by such Contributor that are necessarily infringed by their 284 | Contribution(s) alone or by combination of their Contribution(s) 285 | with the Work to which such Contribution(s) was submitted. If You 286 | institute patent litigation against any entity (including a 287 | cross-claim or counterclaim in a lawsuit) alleging that the Work 288 | or a Contribution incorporated within the Work constitutes direct 289 | or contributory patent infringement, then any patent licenses 290 | granted to You under this License for that Work shall terminate 291 | as of the date such litigation is filed. 292 | 293 | 4. Redistribution. You may reproduce and distribute copies of the 294 | Work or Derivative Works thereof in any medium, with or without 295 | modifications, and in Source or Object form, provided that You 296 | meet the following conditions: 297 | 298 | (a) You must give any other recipients of the Work or 299 | Derivative Works a copy of this License; and 300 | 301 | (b) You must cause any modified files to carry prominent notices 302 | stating that You changed the files; and 303 | 304 | (c) You must retain, in the Source form of any Derivative Works 305 | that You distribute, all copyright, patent, trademark, and 306 | attribution notices from the Source form of the Work, 307 | excluding those notices that do not pertain to any part of 308 | the Derivative Works; and 309 | 310 | (d) If the Work includes a "NOTICE" text file as part of its 311 | distribution, then any Derivative Works that You distribute must 312 | include a readable copy of the attribution notices contained 313 | within such NOTICE file, excluding those notices that do not 314 | pertain to any part of the Derivative Works, in at least one 315 | of the following places: within a NOTICE text file distributed 316 | as part of the Derivative Works; within the Source form or 317 | documentation, if provided along with the Derivative Works; or, 318 | within a display generated by the Derivative Works, if and 319 | wherever such third-party notices normally appear. The contents 320 | of the NOTICE file are for informational purposes only and 321 | do not modify the License. You may add Your own attribution 322 | notices within Derivative Works that You distribute, alongside 323 | or as an addendum to the NOTICE text from the Work, provided 324 | that such additional attribution notices cannot be construed 325 | as modifying the License. 326 | 327 | You may add Your own copyright statement to Your modifications and 328 | may provide additional or different license terms and conditions 329 | for use, reproduction, or distribution of Your modifications, or 330 | for any such Derivative Works as a whole, provided Your use, 331 | reproduction, and distribution of the Work otherwise complies with 332 | the conditions stated in this License. 333 | 334 | 5. Submission of Contributions. Unless You explicitly state otherwise, 335 | any Contribution intentionally submitted for inclusion in the Work 336 | by You to the Licensor shall be under the terms and conditions of 337 | this License, without any additional terms or conditions. 338 | Notwithstanding the above, nothing herein shall supersede or modify 339 | the terms of any separate license agreement you may have executed 340 | with Licensor regarding such Contributions. 341 | 342 | 6. Trademarks. This License does not grant permission to use the trade 343 | names, trademarks, service marks, or product names of the Licensor, 344 | except as required for reasonable and customary use in describing the 345 | origin of the Work and reproducing the content of the NOTICE file. 346 | 347 | 7. Disclaimer of Warranty. Unless required by applicable law or 348 | agreed to in writing, Licensor provides the Work (and each 349 | Contributor provides its Contributions) on an "AS IS" BASIS, 350 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 351 | implied, including, without limitation, any warranties or conditions 352 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 353 | PARTICULAR PURPOSE. You are solely responsible for determining the 354 | appropriateness of using or redistributing the Work and assume any 355 | risks associated with Your exercise of permissions under this License. 356 | 357 | 8. Limitation of Liability. In no event and under no legal theory, 358 | whether in tort (including negligence), contract, or otherwise, 359 | unless required by applicable law (such as deliberate and grossly 360 | negligent acts) or agreed to in writing, shall any Contributor be 361 | liable to You for damages, including any direct, indirect, special, 362 | incidental, or consequential damages of any character arising as a 363 | result of this License or out of the use or inability to use the 364 | Work (including but not limited to damages for loss of goodwill, 365 | work stoppage, computer failure or malfunction, or any and all 366 | other commercial damages or losses), even if such Contributor 367 | has been advised of the possibility of such damages. 368 | 369 | 9. Accepting Warranty or Additional Liability. While redistributing 370 | the Work or Derivative Works thereof, You may choose to offer, 371 | and charge a fee for, acceptance of support, warranty, indemnity, 372 | or other liability obligations and/or rights consistent with this 373 | License. However, in accepting such obligations, You may act only 374 | on Your own behalf and on Your sole responsibility, not on behalf 375 | of any other Contributor, and only if You agree to indemnify, 376 | defend, and hold each Contributor harmless for any liability 377 | incurred by, or claims asserted against, such Contributor by reason 378 | of your accepting any such warranty or additional liability. 379 | 380 | END OF TERMS AND CONDITIONS 381 | 382 | APPENDIX: How to apply the Apache License to your work. 383 | 384 | To apply the Apache License to your work, attach the following 385 | boilerplate notice, with the fields enclosed by brackets "{}" 386 | replaced with your own identifying information. (Don't include 387 | the brackets!) The text should be enclosed in the appropriate 388 | comment syntax for the file format. We also recommend that a 389 | file or class name and description of purpose be included on the 390 | same "printed page" as the copyright notice for easier 391 | identification within third-party archives. 392 | 393 | Copyright 2016 The Kubernetes Authors 394 | 395 | Licensed under the Apache License, Version 2.0 (the "License"); 396 | you may not use this file except in compliance with the License. 397 | You may obtain a copy of the License at 398 | 399 | http://www.apache.org/licenses/LICENSE-2.0 400 | 401 | Unless required by applicable law or agreed to in writing, software 402 | distributed under the License is distributed on an "AS IS" BASIS, 403 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 404 | See the License for the specific language governing permissions and 405 | limitations under the License. 406 | 407 | =================================================================================================== 408 | 409 | -------------------------------------------------------------------------------- /Makefile.common: -------------------------------------------------------------------------------- 1 | # Disable built-in rules 2 | .SUFFIXES: 3 | 4 | # Shortcut targets 5 | default: build 6 | 7 | ## Build binary for current platform 8 | all: build 9 | 10 | ## Run the tests for the current platform/architecture 11 | test: ut fv st 12 | 13 | ############################################################################### 14 | # Both native and cross architecture builds are supported. 15 | # The target architecture is select by setting the ARCH variable. 16 | # When ARCH is undefined it is set to the detected host architecture. 17 | # When ARCH differs from the host architecture a crossbuild will be performed. 18 | # This variable is only set if ARCHES is not set 19 | ARCHES ?= $(patsubst docker-image/Dockerfile.%,%,$(wildcard docker-image/Dockerfile.*)) 20 | 21 | # Some repositories keep their Dockerfile(s) in the root directory instead of in 22 | # the 'docker-image' subdir. Make sure ARCHES gets filled in either way. 23 | ifeq ($(ARCHES),) 24 | ARCHES=$(patsubst Dockerfile.%,%,$(wildcard Dockerfile.*)) 25 | endif 26 | 27 | # list of arches *not* to build when doing *-all 28 | EXCLUDEARCH ?= 29 | VALIDARCHES = $(filter-out $(EXCLUDEARCH),$(ARCHES)) 30 | 31 | # BUILDARCH is the host architecture 32 | # ARCH is the target architecture 33 | # we need to keep track of them separately 34 | # Note: OS is always set on Windows 35 | ifeq ($(OS),Windows_NT) 36 | BUILDARCH = x86_64 37 | BUILDOS = x86_64 38 | else 39 | BUILDARCH ?= $(shell uname -m) 40 | BUILDOS ?= $(shell uname -s | tr A-Z a-z) 41 | endif 42 | 43 | # canonicalized names for host architecture 44 | ifeq ($(BUILDARCH),aarch64) 45 | BUILDARCH=arm64 46 | endif 47 | ifeq ($(BUILDARCH),x86_64) 48 | BUILDARCH=amd64 49 | endif 50 | 51 | # unless otherwise set, I am building for my own architecture, i.e. not cross-compiling 52 | ARCH ?= $(BUILDARCH) 53 | 54 | # canonicalized names for target architecture 55 | ifeq ($(ARCH),aarch64) 56 | override ARCH=arm64 57 | endif 58 | ifeq ($(ARCH),x86_64) 59 | override ARCH=amd64 60 | endif 61 | 62 | LATEST_IMAGE_TAG?=latest 63 | 64 | # these macros create a list of valid architectures for pushing manifests 65 | comma := , 66 | 67 | ## Targets used when cross building. 68 | .PHONY: native register 69 | native: 70 | ifneq ($(BUILDARCH),$(ARCH)) 71 | @echo "Target $(MAKECMDGOALS)" is not supported when cross building! && false 72 | endif 73 | 74 | # Enable binfmt adding support for miscellaneous binary formats. 75 | # This is only needed when running non-native binaries. 76 | register: 77 | ifneq ($(BUILDARCH),$(ARCH)) 78 | docker run --privileged --rm tonistiigi/binfmt --install all || true 79 | endif 80 | 81 | # If this is a release, also tag and push additional images. 82 | ifeq ($(RELEASE),true) 83 | PUSH_IMAGES+=$(RELEASE_IMAGES) 84 | endif 85 | 86 | DOCKERHUB_REGISTRY ?=registry.hub.docker.com 87 | # filter-registry filters out registries we don't want to include when tagging / pushing docker images. For instance, 88 | # we don't include the registry name when pushing to docker hub because that registry is the default. 89 | filter-registry ?= $(if $(filter-out $(1),$(DOCKERHUB_REGISTRY)),$(1)/) 90 | 91 | # Convenience function to get the first dev image repo in the list. 92 | DEV_REGISTRY ?= $(firstword $(DEV_REGISTRIES)) 93 | 94 | MANIFEST_REGISTRIES ?= $(DEV_REGISTRIES) 95 | 96 | PUSH_MANIFEST_IMAGES := $(foreach registry,$(MANIFEST_REGISTRIES),$(foreach image,$(BUILD_IMAGES),$(call filter-registry,$(registry))$(image))) 97 | 98 | # location of docker credentials to push manifests 99 | DOCKER_CONFIG ?= $(HOME)/.docker/config.json 100 | 101 | # location of gcloud config 102 | GCLOUD_CONFIG ?= $(HOME)/.config/gcloud 103 | 104 | # If a repository still relies on vendoring, it must set GOMOD_VENDOR to "true". 105 | # If that's not the case and we're running in CI, set -mod=readonly to prevent builds 106 | # from being flagged as dirty due to updates in go.mod or go.sum _except_ for: 107 | # - for local builds, which _require_ a change to go.mod. 108 | # - the targets 'commit-pin-updates' and 'golangci-lint' which require 109 | # updating go.mod and/or go.sum 110 | SKIP_GOMOD_READONLY_FLAG = 111 | ifeq ($(MAKECMDGOALS),commit-pin-updates) 112 | SKIP_GOMOD_READONLY_FLAG = yes 113 | endif 114 | ifeq ($(MAKECMDGOALS),golangci-lint) 115 | SKIP_GOMOD_READONLY_FLAG = yes 116 | endif 117 | ifeq ($(LOCAL_BUILD),true) 118 | SKIP_GOMOD_READONLY_FLAG = yes 119 | endif 120 | 121 | ifeq ($(GOMOD_VENDOR),true) 122 | GOFLAGS?="-mod=vendor" 123 | else 124 | ifeq ($(CI),true) 125 | ifndef SKIP_GOMOD_READONLY_FLAG 126 | GOFLAGS?="-mod=readonly" 127 | endif 128 | endif 129 | endif 130 | 131 | # For building, we use the go-build image for the *host* architecture, even if the target is different 132 | # the one for the host should contain all the necessary cross-compilation tools 133 | # we do not need to use the arch since go-build:v0.15 now is multi-arch manifest 134 | GO_BUILD_IMAGE ?= calico/go-build 135 | CALICO_BUILD = $(GO_BUILD_IMAGE):$(GO_BUILD_VER)-$(BUILDARCH) 136 | 137 | PROTOC_CONTAINER=calico/protoc:$(PROTOC_VER)-$(BUILDARCH) 138 | 139 | ifeq ($(GIT_USE_SSH),true) 140 | GIT_CONFIG_SSH ?= git config --global url."ssh://git@github.com/".insteadOf "https://github.com/"; 141 | endif 142 | 143 | # Get version from git. 144 | GIT_VERSION:=$(shell git describe --tags --dirty --always --abbrev=12) 145 | ifeq ($(LOCAL_BUILD),true) 146 | GIT_VERSION = $(shell git describe --tags --dirty --always --abbrev=12)-dev-build 147 | endif 148 | 149 | # Figure out version information. To support builds from release tarballs, we default to 150 | # if this isn't a git checkout. 151 | GIT_COMMIT:=$(shell git rev-parse HEAD || echo '') 152 | BUILD_ID:=$(shell git rev-parse HEAD || uuidgen | sed 's/-//g') 153 | 154 | # Lazily set the git version we embed into the binaries we build. We want the 155 | # git tag at the time we build the binary. 156 | # Variables elsewhere that depend on this (such as LDFLAGS) must also be lazy. 157 | GIT_DESCRIPTION=$(shell git describe --tags --dirty --always --abbrev=12 || echo '') 158 | 159 | # Calculate a timestamp for any build artefacts. 160 | ifneq ($(OS),Windows_NT) 161 | DATE:=$(shell date -u +'%FT%T%z') 162 | endif 163 | 164 | # Figure out the users UID/GID. These are needed to run docker containers 165 | # as the current user and ensure that files built inside containers are 166 | # owned by the current user. 167 | ifneq ($(OS),Windows_NT) 168 | LOCAL_USER_ID:=$(shell id -u) 169 | LOCAL_GROUP_ID:=$(shell id -g) 170 | endif 171 | 172 | ifeq ("$(LOCAL_USER_ID)", "0") 173 | # The build needs to run as root. 174 | EXTRA_DOCKER_ARGS+=-e RUN_AS_ROOT='true' 175 | endif 176 | 177 | # Allow the ssh auth sock to be mapped into the build container. 178 | ifdef SSH_AUTH_SOCK 179 | EXTRA_DOCKER_ARGS += -v $(SSH_AUTH_SOCK):/ssh-agent --env SSH_AUTH_SOCK=/ssh-agent 180 | endif 181 | 182 | # Volume-mount gopath into the build container to cache go module's packages. If the environment is using multiple 183 | # comma-separated directories for gopath, use the first one, as that is the default one used by go modules. 184 | ifneq ($(GOPATH),) 185 | # If the environment is using multiple comma-separated directories for gopath, use the first one, as that 186 | # is the default one used by go modules. 187 | GOMOD_CACHE = $(shell echo $(GOPATH) | cut -d':' -f1)/pkg/mod 188 | else 189 | # If gopath is empty, default to $(HOME)/go. 190 | GOMOD_CACHE = $(HOME)/go/pkg/mod 191 | endif 192 | 193 | EXTRA_DOCKER_ARGS += -e GO111MODULE=on -v $(GOMOD_CACHE):/go/pkg/mod:rw 194 | 195 | ifeq ($(LOCAL_BUILD),true) 196 | GIT_DESCRIPTION = $(shell git describe --tags --dirty --always --abbrev=12 || echo '')-dev-build 197 | # If local build is set, then always build the binary since we might not 198 | # detect when another local repository has been modified. 199 | .PHONY: $(SRC_FILES) 200 | endif 201 | # Define go architecture flags to support arm variants 202 | GOARCH_FLAGS :=-e GOARCH=$(ARCH) 203 | 204 | 205 | DOCKER_RUN := mkdir -p .go-pkg-cache bin $(GOMOD_CACHE) && \ 206 | docker run --rm \ 207 | --net=host \ 208 | --init \ 209 | $(EXTRA_DOCKER_ARGS) \ 210 | -e LOCAL_USER_ID=$(LOCAL_USER_ID) \ 211 | -e GOCACHE=/go-cache \ 212 | $(GOARCH_FLAGS) \ 213 | -e GOPATH=/go \ 214 | -e OS=$(BUILDOS) \ 215 | -e GOOS=$(BUILDOS) \ 216 | -e GOFLAGS=$(GOFLAGS) \ 217 | -v $(CURDIR):/go/src/$(PACKAGE_NAME):rw \ 218 | -v $(CURDIR)/.go-pkg-cache:/go-cache:rw \ 219 | -w /go/src/$(PACKAGE_NAME) 220 | 221 | DOCKER_RUN_RO := mkdir -p .go-pkg-cache bin $(GOMOD_CACHE) && \ 222 | docker run --rm \ 223 | --net=host \ 224 | --init \ 225 | $(EXTRA_DOCKER_ARGS) \ 226 | -e LOCAL_USER_ID=$(LOCAL_USER_ID) \ 227 | -e GOCACHE=/go-cache \ 228 | $(GOARCH_FLAGS) \ 229 | -e GOPATH=/go \ 230 | -e OS=$(BUILDOS) \ 231 | -e GOOS=$(BUILDOS) \ 232 | -e GOFLAGS=$(GOFLAGS) \ 233 | -v $(CURDIR):/go/src/$(PACKAGE_NAME):ro \ 234 | -v $(CURDIR)/.go-pkg-cache:/go-cache:rw \ 235 | -w /go/src/$(PACKAGE_NAME) 236 | 237 | DOCKER_GO_BUILD := $(DOCKER_RUN) $(CALICO_BUILD) 238 | 239 | ############################################################################### 240 | # Updating pins 241 | # the repo importing this Makefile _must_ define the update-pins target 242 | # for example: 243 | # update-pins: update-libcalico-pin update-typha-pin 244 | ############################################################################### 245 | PIN_BRANCH?=$(shell git rev-parse --abbrev-ref HEAD) 246 | 247 | # The docker entrypoint script might echo output that could be included in the output of the following command, so this 248 | # prefixes the commit tag with "commit-tag:" so can reliable get the commit tag from the output. 249 | define get_remote_version 250 | $(shell $(DOCKER_RUN) $(CALICO_BUILD) sh -c '$(GIT_CONFIG_SSH) echo "commit-tag:$$(git ls-remote https://$(1) $(2) | cut -f1)"' | awk -F "commit-tag:" '{print $$2}') 251 | endef 252 | 253 | # update_pin updates the given package's version to the latest available in the specified repo and branch. 254 | # $(1) should be the name of the package, $(2) and $(3) the repository and branch from which to update it. 255 | # If $(4) is specified it's treated as the module version and use in the go get -d command. 256 | define update_pin 257 | $(eval new_ver := $(call get_remote_version,$(2),$(3))) 258 | $(eval repo := $(if $(4),$(1)/$(4),$(1))) 259 | 260 | $(DOCKER_RUN) -i $(CALICO_BUILD) sh -c '\ 261 | if [ ! -z "$(new_ver)" ]; then \ 262 | $(GIT_CONFIG_SSH) \ 263 | go get -d $(repo)@$(new_ver); \ 264 | go mod tidy; \ 265 | fi' 266 | endef 267 | 268 | # update_replace_pin updates the given package's version to the latest available in the specified repo and branch. 269 | # This routine can only be used for packages being replaced in go.mod, such as private versions of open-source packages. 270 | # $(1) should be the name of the package, $(2) and $(3) the repository and branch from which to update it. If $(4) is 271 | # specified it's treated as the module version and use in the go mod edit -replace command. 272 | define update_replace_pin 273 | $(eval new_ver := $(call get_remote_version,$(2),$(3))) 274 | $(eval original_repo := $(if $(4),$(1)/$(4),$(1))) 275 | $(eval replace_repo := $(if $(4),$(2)/$(4),$(2))) 276 | 277 | $(DOCKER_RUN) -i $(CALICO_BUILD) sh -c '\ 278 | if [ ! -z "$(new_ver)" ]; then \ 279 | $(GIT_CONFIG_SSH) \ 280 | go mod edit -replace $(original_repo)=$(replace_repo)@$(new_ver); \ 281 | go mod tidy; \ 282 | fi' 283 | endef 284 | 285 | # update_replace_submodule_pin is used similarly as update_replace_pin without retrieving the git commit SHA of the 286 | # replacing repo. It would take parameter $(3) as the version used by go mod edit. Used for updating pins for 287 | # modules or directory within a repository. as git cannot resolve a version given a repo path deeper than the top repo folder. 288 | # $(1) should be the name of the package, $(2) and $(3) the repository and branch from which to update it. If $(4) is 289 | # specified it's treated as the module version and use in the go mod edit -replace command. 290 | define update_replace_submodule_pin 291 | $(eval replace_repo_branch := $(if $(3),$(3),master)) 292 | $(eval original_repo := $(if $(4),$(1)/$(4),$(1))) 293 | $(eval replace_repo := $(if $(4),$(2)/$(4),$(2))) 294 | 295 | $(DOCKER_RUN) -i $(CALICO_BUILD) sh -c '\ 296 | if [ ! -z "$(replace_repo_branch)" ]; then \ 297 | $(GIT_CONFIG_SSH) \ 298 | go mod edit -replace $(original_repo)=$(replace_repo)@$(replace_repo_branch); \ 299 | go mod tidy; \ 300 | fi' 301 | endef 302 | 303 | GIT_REMOTE?=origin 304 | API_BRANCH?=$(PIN_BRANCH) 305 | API_REPO?=github.com/projectcalico/api 306 | BASE_API_REPO?=github.com/projectcalico/api 307 | APISERVER_BRANCH?=$(PIN_BRANCH) 308 | APISERVER_REPO?=github.com/projectcalico/apiserver 309 | TYPHA_BRANCH?=$(PIN_BRANCH) 310 | TYPHA_REPO?=github.com/projectcalico/typha 311 | LIBCALICO_BRANCH?=$(PIN_BRANCH) 312 | LIBCALICO_REPO?=github.com/projectcalico/libcalico-go 313 | CONFD_BRANCH?=$(PIN_BRANCH) 314 | CONFD_REPO?=github.com/projectcalico/confd 315 | FELIX_BRANCH?=$(PIN_BRANCH) 316 | FELIX_REPO?=github.com/projectcalico/felix 317 | CNI_BRANCH?=$(PIN_BRANCH) 318 | CNI_REPO?=github.com/projectcalico/cni-plugin 319 | CALICO_BRANCH?=$(PIN_BRANCH) 320 | CALICO_REPO?=github.com/projectcalico/calico 321 | 322 | update-api-pin: 323 | $(call update_pin,$(API_REPO),$(API_REPO),$(API_BRANCH)) 324 | 325 | replace-api-pin: 326 | $(call update_replace_pin,$(BASE_API_REPO),$(API_REPO),$(API_BRANCH)) 327 | 328 | update-apiserver-pin: 329 | $(call update_pin,github.com/projectcalico/apiserver,$(APISERVER_REPO),$(APISERVER_BRANCH)) 330 | 331 | replace-apiserver-pin: 332 | $(call update_replace_pin,github.com/projectcalico/apiserver,$(APISERVER_REPO),$(APISERVER_BRANCH)) 333 | 334 | update-typha-pin: 335 | $(call update_pin,github.com/projectcalico/typha,$(TYPHA_REPO),$(TYPHA_BRANCH)) 336 | 337 | replace-typha-pin: 338 | $(call update_replace_pin,github.com/projectcalico/typha,$(TYPHA_REPO),$(TYPHA_BRANCH)) 339 | 340 | update-libcalico-pin: 341 | $(call update_pin,github.com/projectcalico/libcalico-go,$(LIBCALICO_REPO),$(LIBCALICO_BRANCH)) 342 | 343 | replace-libcalico-pin: 344 | $(call update_replace_pin,github.com/projectcalico/libcalico-go,$(LIBCALICO_REPO),$(LIBCALICO_BRANCH)) 345 | 346 | update-confd-pin: 347 | $(call update_replace_pin,github.com/kelseyhightower/confd,$(CONFD_REPO),$(CONFD_BRANCH)) 348 | 349 | update-felix-pin: 350 | $(call update_pin,github.com/projectcalico/felix,$(FELIX_REPO),$(FELIX_BRANCH)) 351 | 352 | replace-felix-pin: 353 | $(call update_replace_pin,github.com/projectcalico/felix,$(FELIX_REPO),$(FELIX_BRANCH)) 354 | 355 | update-cni-plugin-pin: 356 | $(call update_pin,github.com/projectcalico/cni-plugin,$(CNI_REPO),$(CNI_BRANCH)) 357 | 358 | replace-cni-pin: 359 | $(call update_replace_pin,github.com/projectcalico/cni-plugin,$(CNI_REPO),$(CNI_BRANCH)) 360 | 361 | update-calico-pin: 362 | $(call update_pin,github.com/projectcalico/calico,$(CALICO_REPO),$(CALICO_BRANCH)) 363 | 364 | replace-calico-pin: 365 | $(call update_replace_pin,github.com/projectcalico/calico,$(CALICO_REPO),$(CALICO_BRANCH)) 366 | 367 | git-status: 368 | git status --porcelain 369 | 370 | git-config: 371 | ifdef CONFIRM 372 | git config --global user.name "marvin-tigera" 373 | git config --global user.email "marvin@projectcalico.io" 374 | endif 375 | 376 | git-commit: 377 | git diff --quiet HEAD || git commit -m "Semaphore Automatic Update" go.mod go.sum $(EXTRA_FILES_TO_COMMIT) 378 | 379 | ############################################################################### 380 | # External resource affecting macros 381 | # The following macros affect resources outside of the local environment that 382 | # they're run in, i.e. pushing to docker or github. If CONFIM is not defined, 383 | # then the commands are just printed, instead of run. 384 | # 385 | # The -cmd macro should never be run directly, it's used to define 386 | # the command the macro runs but depending on whether CONFIRM is defined the 387 | # command may be printed or run. 388 | # 389 | # You can redefine -cmd to have the targets in this makefile use a 390 | # different implementation. 391 | ############################################################################### 392 | 393 | CRANE_CMD = docker run -e LOCAL_USER_ID=$(LOCAL_USER_ID) -v $(DOCKER_CONFIG):/home/user/.docker/config.json -v $(GCLOUD_CONFIG):/home/user/.config/gcloud $(CALICO_BUILD) crane 394 | GIT_CMD = git 395 | DOCKER_CMD = docker 396 | 397 | ifdef CONFIRM 398 | CRANE = $(CRANE_CMD) 399 | GIT = $(GIT_CMD) 400 | DOCKER = $(DOCKER_CMD) 401 | else 402 | CRANE = echo [DRY RUN] $(CRANE_CMD) 403 | GIT = echo [DRY RUN] $(GIT_CMD) 404 | DOCKER = echo [DRY RUN] $(DOCKER_CMD) 405 | endif 406 | 407 | commit-and-push-pr: 408 | $(GIT) add $(GIT_COMMIT_FILES) 409 | $(GIT) commit -m $(GIT_COMMIT_MESSAGE) 410 | $(GIT) push $(GIT_REMOTE) $(GIT_PR_BRANCH_HEAD) 411 | 412 | ############################################################################### 413 | # Github API helpers 414 | # Helper macros and targets to help with communicating with the github API 415 | ############################################################################### 416 | GIT_COMMIT_MESSAGE?="Automatic Pin Updates" 417 | GIT_PR_BRANCH_BASE?=$(SEMAPHORE_GIT_BRANCH) 418 | PIN_UPDATE_BRANCH?=semaphore-auto-pin-updates-$(GIT_PR_BRANCH_BASE) 419 | GIT_PR_BRANCH_HEAD?=$(PIN_UPDATE_BRANCH) 420 | GIT_REPO_SLUG?=$(SEMAPHORE_GIT_REPO_SLUG) 421 | GIT_PIN_UPDATE_COMMIT_FILES?=go.mod go.sum 422 | GIT_PIN_UPDATE_COMMIT_EXTRA_FILES?=$(GIT_COMMIT_EXTRA_FILES) 423 | GIT_COMMIT_FILES?=$(GIT_PIN_UPDATE_COMMIT_FILES) $(GIT_PIN_UPDATE_COMMIT_EXTRA_FILES) 424 | 425 | # Call the github API. $(1) is the http method type for the https request, $(2) is the repo slug, and is $(3) is for json 426 | # data (if omitted then no data is set for the request). If GITHUB_API_EXIT_ON_FAILURE is set then the macro exits with 1 427 | # on failure. On success, the ENV variable GITHUB_API_RESPONSE will contain the response from github 428 | define github_call_api 429 | $(eval CMD := curl -f -X$(1) \ 430 | -H "Content-Type: application/json"\ 431 | -H "Authorization: token ${GITHUB_TOKEN}"\ 432 | https://api.github.com/repos/$(2) $(if $(3),--data '$(3)',)) 433 | $(eval GITHUB_API_RESPONSE := $(shell $(CMD) | sed -e 's/#/\\\#/g')) 434 | $(if $(GITHUB_API_EXIT_ON_FAILURE), $(if $(GITHUB_API_RESPONSE),,exit 1),) 435 | endef 436 | 437 | # Create the pull request. $(1) is the repo slug, $(2) is the title, $(3) is the head branch and $(4) is the base branch. 438 | # If the call was successful then the ENV variable PR_NUMBER will contain the pull request number of the created pull request. 439 | define github_pr_create 440 | $(eval JSON := {"title": "$(2)", "head": "$(3)", "base": "$(4)"}) 441 | $(call github_call_api,POST,$(1)/pulls,$(JSON)) 442 | $(eval PR_NUMBER := $(filter-out null,$(shell echo '$(GITHUB_API_RESPONSE)' | jq '.number'))) 443 | endef 444 | 445 | # Create a comment on a pull request. $(1) is the repo slug, $(2) is the pull request number, and $(3) is the comment 446 | # body. 447 | define github_pr_add_comment 448 | $(eval JSON := {"body":"$(3)"}) 449 | $(call github_call_api,POST,$(1)/issues/$(2)/comments,$(JSON)) 450 | endef 451 | 452 | # List pull open pull requests for a head and base. $(1) is the repo slug, $(2) is the branch head, $(3) is the branch base, 453 | # and $(4) is the state. 454 | define github_pr_list 455 | $(eval QUERY := $(if $(2),head=$(2),)$(if $(3),\&base=$(3))$(if $(4),\&state=$(4),)) 456 | $(call github_call_api,GET,$(1)/pulls?$(QUERY),) 457 | endef 458 | 459 | # Check if there is a pull request with head GIT_PR_BRANCH_HEAD and base GIT_PR_BRANCH_BASE for the repo with slug 460 | # GIT_REPO_SLUG. If there is a PR that exists the PR_EXISTS will be set to 0, otherwise it is set to 1. 461 | check-if-pin-update-pr-exists: 462 | ifndef ORGANIZATION 463 | @echo "ORGANIZATION must be set for the project." 464 | exit 1 465 | endif 466 | $(call github_pr_list,$(GIT_REPO_SLUG),$(ORGANIZATION):$(GIT_PR_BRANCH_HEAD),$(GIT_PR_BRANCH_BASE),open) 467 | $(eval PR_EXISTS := $(if $(filter-out 0,$(shell echo '$(GITHUB_API_RESPONSE)' | jq '. | length')),0,1)) 468 | 469 | ############################################################################### 470 | # Auto pin update targets 471 | # Targets updating the pins 472 | ############################################################################### 473 | GITHUB_API_EXIT_ON_FAILURE?=1 474 | 475 | ## Update dependency pins to their latest changeset, committing and pushing it. 476 | ## DEPRECATED This will be removed along with associated helper functions in future releases. Use the trigger-auto-pin-update-process 477 | ## to create PR with the pin updates. 478 | .PHONY: commit-pin-updates 479 | commit-pin-updates: update-pins git-status git-config git-commit ci git-push 480 | 481 | # Creates and checks out the branch defined by GIT_PR_BRANCH_HEAD. It attempts to delete the branch from the local and 482 | # remote repositories. Requires CONFIRM to be set, otherwise it fails with an error. 483 | create-pin-update-head: var-require-one-of-CONFIRM-DRYRUN 484 | ifeq ($(shell git rev-parse --abbrev-ref HEAD),$(GIT_PR_BRANCH_HEAD)) 485 | @echo "Current branch is pull request head, cannot set it up." 486 | exit 1 487 | endif 488 | -git branch -D $(GIT_PR_BRANCH_HEAD) 489 | -$(GIT) push $(GIT_REMOTE) --delete $(GIT_PR_BRANCH_HEAD) 490 | git checkout -b $(GIT_PR_BRANCH_HEAD) 491 | 492 | create-pin-update-pr: 493 | $(call github_pr_create,$(GIT_REPO_SLUG),[$(GIT_PR_BRANCH_BASE)] Semaphore Auto Pin Update,$(GIT_PR_BRANCH_HEAD),$(GIT_PR_BRANCH_BASE)) 494 | echo 'Created pin update pull request $(PR_NUMBER)' 495 | 496 | # Add the "/merge-when-ready" comment to enable the "merge when ready" functionality, i.e. when the pull request is passing 497 | # the tests and approved merge it. The PR_NUMBER is set by the dependent target 498 | set-merge-when-ready-on-pin-update-pr: 499 | $(call github_pr_add_comment,$(GIT_REPO_SLUG),$(PR_NUMBER),/merge-when-ready delete-branch) 500 | echo "Added '/merge-when-ready' comment command to pull request $(PR_NUMBER)" 501 | 502 | # Call the update-pins target with the GIT_PR_BRANCH_BASE as the PIN_BRANCH 503 | trigger-pin-updates: 504 | PIN_BRANCH=$(GIT_PR_BRANCH_BASE) $(MAKE) update-pins 505 | 506 | # POST_PIN_UPDATE_TARGETS is used to specify targets that should be run after the pins have been updated to run targets 507 | # that modify files that are tied to the dependencies. An example would be generated files that would changed based on 508 | # a dependency update. This target would likely need to be used in tandem with GIT_PIN_UPDATE_COMMIT_EXTRA_FILES so the 509 | # update files are committed with the pin update. 510 | POST_PIN_UPDATE_TARGETS ?= 511 | 512 | # Trigger the auto pin update process. This involves updating the pins, committing and pushing them to github, creating 513 | # a pull request, and add the "/merge-when-ready" comment command. If there is already a pin update PR for the base 514 | # branch the pin update is not done and the target will exit. 515 | trigger-auto-pin-update-process: check-if-pin-update-pr-exists 516 | $(if $(filter $(PR_EXISTS),0),echo "A pull request for head '$(GIT_PR_BRANCH_HEAD)' and base '$(GIT_PR_BRANCH_BASE)' already exists.",\ 517 | $(MAKE) trigger-auto-pin-update-process-wrapped) 518 | 519 | trigger-auto-pin-update-process-wrapped: create-pin-update-head trigger-pin-updates $(POST_PIN_UPDATE_TARGETS) 520 | $(if $(shell git diff --quiet HEAD $(GIT_COMMIT_FILES) || echo "true"),\ 521 | $(MAKE) commit-and-push-pr create-pin-update-pr set-merge-when-ready-on-pin-update-pr,echo "Pins are up to date") 522 | 523 | ############################################################################### 524 | # Static checks 525 | # repos can specify additional checks by setting LOCAL_CHECKS 526 | ############################################################################### 527 | .PHONY: static-checks 528 | ## Run static source code checks (lint, formatting, ...) 529 | static-checks: $(LOCAL_CHECKS) 530 | $(MAKE) check-fmt golangci-lint 531 | 532 | LINT_ARGS ?= --max-issues-per-linter 0 --max-same-issues 0 --timeout 12m 533 | 534 | .PHONY: golangci-lint 535 | golangci-lint: $(GENERATED_FILES) 536 | $(DOCKER_RUN) $(CALICO_BUILD) sh -c '$(GIT_CONFIG_SSH) golangci-lint run $(LINT_ARGS)' 537 | 538 | .PHONY: go-fmt goimports fix 539 | fix go-fmt goimports: 540 | $(DOCKER_RUN) $(CALICO_BUILD) sh -c 'find . -iname "*.go" ! -wholename "./vendor/*" | xargs goimports -w -local github.com/projectcalico/' 541 | 542 | check-fmt: 543 | @echo "Checking code formatting. Any listed files don't match goimports:" 544 | $(DOCKER_RUN) $(CALICO_BUILD) bash -c 'exec 5>&1; ! [[ `find . -iname "*.go" ! -wholename "./vendor/*" | xargs goimports -l -local github.com/projectcalico/ | tee >(cat >&5)` ]]' 545 | 546 | .PHONY: pre-commit 547 | pre-commit: 548 | $(DOCKER_RUN) $(CALICO_BUILD) git-hooks/pre-commit-in-container 549 | 550 | .PHONY: install-git-hooks 551 | install-git-hooks: 552 | ./install-git-hooks 553 | 554 | .PHONY: foss-checks 555 | foss-checks: 556 | $(DOCKER_RUN) -e FOSSA_API_KEY=$(FOSSA_API_KEY) $(CALICO_BUILD) /usr/local/bin/fossa 557 | 558 | .PHONY: check-module-path-tigera-api 559 | check-module-path-tigera-api: 560 | @echo "Checking the repo importing tigera/api and not importing projectcalico/api" 561 | @IMPORT_TIGERA_API=$$($(DOCKER_GO_BUILD) sh -c 'go list -m github.com/tigera/api > /dev/null 2>&1 && echo yes || echo no'); \ 562 | echo Is tigera/api imported? $$IMPORT_TIGERA_API; \ 563 | if [ "$$IMPORT_TIGERA_API" != "yes" ]; then \ 564 | echo "Error: This repo should import tigera/api module."; \ 565 | false; \ 566 | fi 567 | @IMPORT_PROJECTCALICO_API=$$($(DOCKER_GO_BUILD) sh -c 'go list -m github.com/projectcalico/api > /dev/null 2>&1 && echo yes || echo no'); \ 568 | echo Is projectcalico/api imported? $$IMPORT_PROJECTCALICO_API; \ 569 | if [ "$$IMPORT_PROJECTCALICO_API" != "no" ]; then \ 570 | echo "Error: This repo should NOT import projectcalico/api module."; \ 571 | false; \ 572 | fi 573 | 574 | .PHONY: check-module-path-projectcalico-api 575 | check-module-path-projectcalico-api: 576 | @echo "Checking the repo importing projectcalico/api and not importing tigera/api" 577 | @IMPORT_PROJECTCALICO_API=$$($(DOCKER_GO_BUILD) sh -c 'go list -m github.com/projectcalico/api > /dev/null 2>&1 && echo yes || echo no'); \ 578 | echo Is projectcalico/api imported? $$IMPORT_PROJECTCALICO_API; \ 579 | if [ "$$IMPORT_PROJECTCALICO_API" != "yes" ]; then \ 580 | echo "Error: This repo should import projectcalico/api module."; \ 581 | false; \ 582 | fi 583 | @IMPORT_TIGERA_API=$$($(DOCKER_GO_BUILD) sh -c 'go list -m github.com/tigera/api > /dev/null 2>&1 && echo yes || echo no'); \ 584 | echo Is tigera/api imported? $$IMPORT_TIGERA_API; \ 585 | if [ "$$IMPORT_TIGERA_API" != "no" ]; then \ 586 | echo "Error: This repo should NOT import tigera/api module."; \ 587 | false; \ 588 | fi 589 | 590 | ############################################################################### 591 | # go mod helpers 592 | ############################################################################### 593 | mod-download: 594 | -$(DOCKER_RUN) $(CALICO_BUILD) sh -c '$(GIT_CONFIG_SSH) go mod download' 595 | 596 | mod-tidy: 597 | -$(DOCKER_RUN) $(CALICO_BUILD) sh -c '$(GIT_CONFIG_SSH) go mod tidy' 598 | 599 | ############################################################################### 600 | # Semaphore helpers 601 | ############################################################################### 602 | 603 | # This semaphore project IDs are defined here because you cannot easily look them up in the semaphore API. This gives 604 | # us a single place to define these values, then projects can reference the readable ENV variable when they need a semaphore 605 | # project ID. 606 | SEMAPHORE_ALERTMANAGER_DOCKER_PROJECT_ID=30a83379-34b4-4956-aa60-b9dd3c720ba7 607 | SEMAPHORE_API_PROJECT_ID=9625623e-bfc5-435f-9c22-74f9cd8622fc 608 | SEMAPHORE_API_TIGERA_PROJECT_ID=48d23719-405f-4827-b58a-7de0598a6bf5 609 | SEMAPHORE_ANOMALY_DETECTION_JOBS_PROJECT_ID=e506a098-3e89-4802-8165-c59b2a95f8ae 610 | SEMAPHORE_API_SERVER_PROJECT_ID=6e4eb5b2-0150-4624-968d-f96a1cd9c37d 611 | SEMAPHORE_API_SERVER_OSS_PROJECT_ID=10f6c7c1-7eaa-4e75-a9d1-83e5426158b1 612 | SEMAPHORE_APP_POLICY_PRIVATE_PROJECT_ID=fa098f05-b2d2-4cf6-ac83-aa1e38e95670 613 | SEMAPHORE_APP_POLICY_PROJECT_ID=bc654d5c-bb68-4b00-9d02-289291762b1d 614 | SEMAPHORE_BIRD_PROJECT_ID=c1cc5eaf-873b-4113-a85e-a555361413e6 615 | SEMAPHORE_CC_PORTAL=2b3f9721-a851-4a97-981f-0cb81f93ddd0 616 | SEMAPHORE_CALICO_PRIVATE_PROJECT_ID=8a309869-f767-49dc-924f-fa927edbf657 617 | SEMAPHORE_CALICO_PROJECT_ID=828e6de6-ed4b-49c7-9cb5-ac1246d454de 618 | SEMAPHORE_CALICO_USAGE_PROJECT_ID=29f53c2b-8266-4873-879d-19b65960b3fd 619 | SEMAPHORE_CALICOCTL_PRIVATE_PROJECT_ID=8d885379-6a1b-4fc8-aa45-dc0cfb87894a 620 | SEMAPHORE_CALICOCTL_PROJECT_ID=193ce75a-7a47-4c9f-b966-f25c83e62213 621 | SEMAPHORE_CALICOQ_PROJECT_ID=dc79e0e9-a7b3-40f5-8dc2-2818210ee0a9 622 | SEMAPHORE_CLOUD_CONTROLLERS_PRIVATE_PROJECT_ID=f70e6c08-887b-481d-9591-68e243b32b32 623 | SEMAPHORE_CNI_PLUGIN_PRIVATE_PROJECT_ID=f2c02a84-5fcd-49ed-b4cb-a6273409f0de 624 | SEMAPHORE_CNI_PLUGIN_PROJECT_ID=741ec781-5dbb-4494-ba90-ec6831a9b176 625 | SEMAPHORE_COMPLIANCE_PROJECT_ID=958a9147-ec94-4e99-b4c8-de7857653bb9 626 | SEMAPHORE_CONFD_PROJECT_ID=4c6b815f-d42c-4436-aafa-651fbaf5859e 627 | SEMAPHORE_CONFD_PRIVATE_PROJECT_ID=d3a7649a-3a39-45bf-95e9-fd6df3d0a7b1 628 | SEMAPHORE_CURATOR_PROJECT_ID=c391dcff-6933-40e7-a6d1-1dcf7e6e231d 629 | SEMAPHORE_DEEP_PACKET_INSPECTION_PROJECT_ID=81c0981e-979c-4741-8143-22166384afa1 630 | SEMAPHORE_DEXIDP_DOCKER_PROJECT_ID=ee618372-35c8-4f83-bd05-d3a96ac2b276 631 | SEMAPHORE_ECK_OPERATOR_DOCKER_PROJECT_ID=9bf58b3b-d261-4f7e-a0c0-6aeb5a2c00eb 632 | SEMAPHORE_EGRESS_GATEWAY_PROJECT_ID=f01056ec-75f9-46a0-9ae2-6fc5e391136c 633 | SEMAPHORE_ELASTICSEARCH_DOCKER_PROJECT_ID=0a3a5bf6-19e4-4210-a3fa-15fc857596ac 634 | SEMAPHORE_ELASTICSEARCH_METRICS_PROJECT_ID=306b29c0-aa86-4b76-9c3e-c78a327e7d83 635 | SEMAPHORE_ENVOY_DOCKER_PROJECT_ID=b8db000b-c2c4-44cd-a22d-51df73dfdcba 636 | SEMAPHORE_ES_PROXY_IMAGE_PROJECT_ID=bc7ee48d-0051-4ceb-961d-03659463ada4 637 | SEMAPHORE_ES_GATEWAY_PROJECT_ID=3c01c819-532b-4ccc-8305-5dd45c10bf93 638 | SEMAPHORE_FELIX_PRIVATE_PROJECT_ID=e439cca4-156c-4d23-b611-002601440ad0 639 | SEMAPHORE_FELIX_PROJECT_ID=48267e65-4acc-4f27-a88f-c3df0e8e2c3b 640 | SEMAPHORE_FIREWALL_INTEGRATION_PROJECT_ID=d4307a31-1e46-4622-82e2-886165b77008 641 | SEMAPHORE_FLUENTD_DOCKER_PROJECT_ID=50383fb9-d234-461a-ae00-23e18b7cd5b8 642 | SEMAPHORE_HONEYPOD_CONTROLLER_PROJECT_ID=c010a63a-ac85-48b4-9077-06188408eaee 643 | SEMAPHORE_HONEYPOD_RECOMMENDATION_PROJECT_ID=f07f5fd4-b15a-4ded-ae1e-04801ae4d99a 644 | SEMAPHORE_INGRESS_COLLECTOR_PROJECT_ID=cf7947e4-a886-404d-ac6a-c3f3ac1a7b93 645 | SEMAPHORE_INTRUSION_DETECTION_PROJECT_ID=2beffe81-b05a-41e0-90ce-e0d847dee2ee 646 | SEMAPHORE_KEY_CERT_PROVISIONER_PROJECT_ID=9efb25f3-8c5d-4f22-aab5-4a1f5519bc7c 647 | SEMAPHORE_KUBE_CONTROLLERS_PRIVATE_PROJECT_ID=0b8651d0-6c5d-4076-ab1d-25b120d0f670 648 | SEMAPHORE_KUBE_CONTROLLERS_PROJECT_ID=d688e2ce-8c4a-4402-ba54-3aaa0eb53e5e 649 | SEMAPHORE_KUBECTL_CALICO_PROJECT_ID=37d7cb2b-62b0-4178-9424-de766f2de59b 650 | SEMAPHORE_KIBANA_DOCKER_PROJECT_ID=eaafdbad-4546-4582-b8fa-cea05a80a04d 651 | SEMAPHORE_LIBCALICO_GO_PRIVATE_PROJECT_ID=72fa12b5-5ad5-43ae-b0ac-17f9f7c71030 652 | SEMAPHORE_LIBCALICO_GO_PROJECT_ID=ce3e6bed-1fb6-4501-80e5-2121a266a386 653 | SEMAPHORE_LICENSE_AGENT_PROJECT_ID=beb13609-8ee0-461a-a08b-dab86af1c128 654 | SEMAPHORE_LICENSING_PROJECT_ID=344f1cf0-0c3f-4fa3-b89b-3c35127b3054 655 | SEMAPHORE_L7_COLLECTOR_PROJECT_ID=b02e7bbf-39ee-4c0c-a6f6-793cdf89daa7 656 | SEMAPHORE_LMA_PROJECT_ID=5130e1d3-d9cd-4270-9e62-57f98d34495e 657 | SEMAPHORE_MANAGER_PROJECT_ID=325ca49d-5111-4b07-a54f-dc0c7ec538bb 658 | SEMAPHORE_NETWORKING_CALICO_PROJECT_ID=0a7883cb-b727-4113-948d-b95cb00df6b6 659 | SEMAPHORE_NODE_PRIVATE_PROJECT_ID=edd8246c-7116-473a-81c8-7a3bbbc07228 660 | SEMAPHORE_NODE_PROJECT_ID=980a06a4-9d43-43f8-aedd-a3bfad258de6 661 | SEMAPHORE_OPERATOR_PROJECT_ID=8343e619-cc44-4be4-a9d7-21963ebc1c8f 662 | SEMAPHORE_PACKETCAPTURE_API_PROJECT_ID=f505b00c-57c3-4859-8b97-ff4095b5ab25 663 | SEMAPHORE_PERFORMANCE_HOTSPOTS_PROJECT_ID=6a343a02-0acf-4c52-9cc7-24ee51377e32 664 | SEMAPHORE_POD2DAEMON_PROJECT_ID=eb2eea4f-c185-408e-9837-da0d231428fb 665 | SEMAPHORE_PROMETHEUS_OPERATOR_DOCKER_PROJECT_ID=2c4156e2-b6ea-4eb8-9976-cf7fdcf46c86 666 | SEMAPHORE_PROMETHEUS_SERVICE_PROJECT_ID=d5b7ed99-8966-46cc-90f2-9027c428db48 667 | SEMAPHORE_PROMETHEUS_DOCKER_PROJECT_ID=e5af5f7c-9fce-40f5-938e-d9d3c6d91d6a 668 | SEMAPHORE_SKIMBLE_PROJECT_ID=35171baf-8daf-4725-882f-c301851a6e1d 669 | SEMAPHORE_TS_QUERYSERVER_PROJECT_ID=5dbe4688-0c21-40fb-89f7-a2d64c17401b 670 | SEMAPHORE_TYPHA_PROJECT_ID=c2ea3f0a-58a0-427a-9ed5-6eff8d6543b3 671 | SEMAPHORE_TYPHA_PRIVATE_PROJECT_ID=51e84cb9-0f38-408a-a113-0f5ca71844d7 672 | SEMAPHORE_VOLTRON_PROJECT_ID=9d239362-9594-4c84-8983-868ee19ebd41 673 | 674 | SEMAPHORE_WORKFLOW_BRANCH?=master 675 | SEMAPHORE_WORKFLOW_FILE?=update_pins.yml 676 | 677 | # Sends a request to the semaphore API to run the request workflow. It requires setting the SEMAPHORE_API_TOKEN, SEMAPHORE_PROJECT_ID, 678 | # SEMAPHORE_WORKFLOW_BRANCH, and SEMAPHORE_WORKFLOW_FILE ENV variables. 679 | semaphore-run-workflow: 680 | $(eval CMD := curl -f -X POST \ 681 | -H "Authorization: Token $(SEMAPHORE_API_TOKEN)" \ 682 | -d "project_id=$(SEMAPHORE_PROJECT_ID)&reference=$(SEMAPHORE_WORKFLOW_BRANCH)&commit_sha=$(SEMAPHORE_COMMIT_SHA)&pipeline_file=.semaphore/$(SEMAPHORE_WORKFLOW_FILE)" \ 683 | "https://tigera.semaphoreci.com/api/v1alpha/plumber-workflows") 684 | $(eval SEMAPHORE_API_RESPONSE := $(shell $(CMD) | jq -R '.' | sed -e 's/#/\\\#/g')) 685 | $(if $(SEMAPHORE_API_RESPONSE),,exit 1) 686 | $(eval WORKFLOW_ID := $(shell echo $(SEMAPHORE_API_RESPONSE) | jq -r '.workflow_id')) 687 | @echo Semaphore workflow successfully created here https://tigera.semaphoreci.com/workflows/$(WORKFLOW_ID) 688 | 689 | # This is a helpful wrapper of the semaphore-run-workflow target to run the update_pins workflow file for a project. 690 | semaphore-run-auto-pin-update-workflow: 691 | $(MAKE) semaphore-run-workflow 692 | @echo Successully triggered the semaphore pin update workflow 693 | 694 | # This target triggers the 'semaphore-run-auto-pin-update-workflow' target for every SEMAPHORE_PROJECT_ID in the list of 695 | # SEMAPHORE_AUTO_PIN_UPDATE_PROJECT_IDS. 696 | semaphore-run-auto-pin-update-workflows: 697 | for ID in $(SEMAPHORE_AUTO_PIN_UPDATE_PROJECT_IDS); do\ 698 | SEMAPHORE_PROJECT_ID=$$ID $(MAKE) semaphore-run-auto-pin-update-workflow; \ 699 | done 700 | 701 | ############################################################################### 702 | # Mock helpers 703 | ############################################################################### 704 | # Helper targets for testify mock generation 705 | 706 | # Generate testify mocks in the build container. 707 | gen-mocks: 708 | $(DOCKER_RUN) $(CALICO_BUILD) sh -c '$(MAKE) mockery-run' 709 | 710 | # MOCKERY_IN_PACKAGE flags if the mocks should be generated in the package that defines the interface or under a mocks 711 | # subfolder in the package that defines the interface. This defaults to true since most packages have this in package 712 | # already. 713 | # We should eventually pick one way of doing this for all projects and remove the option. 714 | MOCKERY_IN_PACKAGE=true 715 | # Run mockery for each path in MOCKERY_FILE_PATHS. The the generated mocks are 716 | # created in package and in test files. Look here for more information https://github.com/vektra/mockery 717 | 718 | mockery-run: 719 | for FILE_PATH in $(MOCKERY_FILE_PATHS); do\ 720 | DIR=$$(dirname $$FILE_PATH); \ 721 | INTERFACE_NAME=$$(basename $$FILE_PATH); \ 722 | mockery --dir $$DIR --name $$INTERFACE_NAME $(if $(filter $(MOCKERY_IN_PACKAGE),true),--inpackage,--output $$DIR/mocks) $(MOCKERY_EXTRA_ARGS); \ 723 | done 724 | 725 | ############################################################################### 726 | # Docker helpers 727 | ############################################################################### 728 | # Helper targets working with docker images. 729 | 730 | # docker-compress takes the docker image specified by IMAGE_NAME and compresses all the layers into a single one. This is 731 | # done by exporting the given image then re importing it with the given IMAGE_NAME. 732 | # 733 | # When a docker image is exported all of the instructions are lost (i.e. ENTRYPOINT, ENV, ...), so before the image is 734 | # compressed the target inspects the image and pulls out the instructions. Each instruction that is pulled out is converted 735 | # into a change directive, or change directives, of the format "--change 'INSTRUCTION ". These directives 736 | # are given to the docker import command so the instructions can be re added to the compressed image. 737 | # 738 | # NOTE: This target does not attempt to copy every instruction from the original image to the compressed one. Any user of 739 | # this target should ensure that any required instructions are copied over by this target. 740 | docker-compress: 741 | $(eval JSONOBJ := "$(shell docker inspect $(IMAGE_NAME) | jq '.[0].Config' | jq -R '.' | sed -e 's/#/\\\#/g' ) ") 742 | # Re add the entry point. 743 | $(eval CHANGE := $(shell echo $(CHANGE) | sed -e 's/#/\\\#/g')$(shell echo $(JSONOBJ) | jq -r \ 744 | "if has(\"Entrypoint\") and .Entrypoint != \"\" then \" --change 'ENTRYPOINT \(.Entrypoint)'\" else \"\" end"\ 745 | | sed -e 's/#/\\\#/g')) 746 | # Re add the command. 747 | $(eval CHANGE := $(shell echo $(CHANGE) | sed -e 's/#/\\\#/g')$(shell echo $(JSONOBJ) | jq -r \ 748 | "if has(\"Cmd\") and .Cmd != \"\" then \" --change 'CMD \(.Cmd)'\" else \"\" end"\ 749 | | sed -e 's/#/\\\#/g')) 750 | # Re add the working directory. 751 | $(eval CHANGE := $(shell echo $(CHANGE) | sed -e 's/#/\\\#/g')$(shell echo $(JSONOBJ) | jq -r \ 752 | "if has(\"WorkingDir\") and .WorkingDir != \"\" then \" --change 'WORKDIR \(.WorkingDir)'\" else \"\" end"\ 753 | | sed -e 's/#/\\\#/g')) 754 | # Re add the user. 755 | $(eval CHANGE := $(shell echo $(CHANGE) | sed -e 's/#/\\\#/g')$(shell echo $(JSONOBJ) | jq -r \ 756 | "if has(\"User\") and .User != \"\" then \" --change 'USER \(.User)'\" else \"\" end"\ 757 | | sed -e 's/#/\\\#/g')) 758 | # Re add the environment variables. .Env is an array of strings so add a "--change 'ENV '" for each value in 759 | # the array. 760 | $(eval CHANGE := $(shell echo $(CHANGE) | sed -e 's/#/\\\#/g')$(shell echo $(JSONOBJ) | jq -r \ 761 | "if has(\"Env\") and (.Env | length) > 0 then .Env | map(\" --change 'ENV \(.)'\") | join(\"\") else \"\" end"\ 762 | | sed -e 's/#/\\\#/g')) 763 | # Re add the labels. .Labels is a map of label names to label values, so add a "--change 'LABEL '" for 764 | # each map entry. 765 | $(eval CHANGE := $(shell echo $(CHANGE) | sed -e 's/#/\\\#/g')$(shell echo $(JSONOBJ) | jq -r \ 766 | "if has(\"Labels\") and (.Labels | length) > 0 then .Labels | to_entries | map(\" --change 'LABEL \(.key) \(.value)'\") | join(\"\") else \"\" end"\ 767 | | sed -e 's/#/\\\#/g')) 768 | # Re add the exposed ports. .ExposedPorts is a map, but we're only interested in the keys of the map so for each key 769 | # add "--change EXPOSE ". 770 | $(eval CHANGE := $(shell echo $(CHANGE) | sed -e 's/#/\\\#/g')$(shell echo $(JSONOBJ) | jq -r \ 771 | "if has(\"ExposedPorts\") and (.ExposedPorts | length) > 0 then .ExposedPorts | keys | map(\" --change 'EXPOSE \(.)'\") | join(\"\") else \"\" end"\ 772 | | sed -e 's/#/\\\#/g')) 773 | $(eval CONTAINER_ID := $(shell docker run -d -it --entrypoint /bin/true $(IMAGE_NAME) /bin/true)) 774 | docker export $(CONTAINER_ID) | docker import $(CHANGE) - $(IMAGE_NAME) 775 | 776 | ############################################################################### 777 | # Image building and pushing 778 | ############################################################################### 779 | 780 | ############################################################################### 781 | # we want to be able to run the same recipe on multiple targets keyed on the image name 782 | # to do that, we would use the entire image name, e.g. calico/node:abcdefg, as the stem, or '%', in the target 783 | # however, make does **not** allow the usage of invalid filename characters - like / and : - in a stem, and thus errors out 784 | # to get around that, we "escape" those characters by converting all : to --- and all / to ___ , so that we can use them 785 | # in the target, we then unescape them back 786 | escapefs = $(subst :,---,$(subst /,___,$(1))) 787 | unescapefs = $(subst ---,:,$(subst ___,/,$(1))) 788 | 789 | # retag-build-images-with-registries retags the build / arch images specified by BUILD_IMAGES and VALIDARCHES with 790 | # the registries specified by DEV_REGISTRIES. The end tagged images are of the format 791 | # $(REGISTRY)/$(BUILD_IMAGES):-$(ARCH). 792 | retag-build-images-with-registries: $(addprefix retag-build-images-with-registry-,$(call escapefs,$(DEV_REGISTRIES))) 793 | 794 | # retag-build-images-with-registry-% retags the build / arch images specified by BUILD_IMAGES and VALIDARCHES with 795 | # the registry specified by $*. 796 | retag-build-images-with-registry-%: 797 | $(MAKE) $(addprefix retag-build-image-with-registry-,$(call escapefs,$(BUILD_IMAGES))) REGISTRY=$(call unescapefs,$*) 798 | 799 | # retag-build-image-with-registry-% retags the build arch images specified by $* and VALIDARCHES with the 800 | # registry specified by REGISTRY. 801 | retag-build-image-with-registry-%: var-require-all-REGISTRY-BUILD_IMAGES 802 | $(MAKE) $(addprefix retag-build-image-arch-with-registry-,$(VALIDARCHES)) BUILD_IMAGE=$(call unescapefs,$*) 803 | 804 | # retag-build-image-arch-with-registry-% retags the build / arch image specified by $* and BUILD_IMAGE with the 805 | # registry specified by REGISTRY. 806 | retag-build-image-arch-with-registry-%: var-require-all-REGISTRY-BUILD_IMAGE-IMAGETAG 807 | docker tag $(BUILD_IMAGE):$(LATEST_IMAGE_TAG)-$* $(call filter-registry,$(REGISTRY))$(BUILD_IMAGE):$(IMAGETAG)-$* 808 | $(if $(filter $*,amd64),\ 809 | docker tag $(BUILD_IMAGE):$(LATEST_IMAGE_TAG)-$(ARCH) $(REGISTRY)/$(BUILD_IMAGE):$(IMAGETAG),\ 810 | $(NOECHO) $(NOOP)\ 811 | ) 812 | 813 | # push-images-to-registries pushes the build / arch images specified by BUILD_IMAGES and VALIDARCHES to the registries 814 | # specified by DEV_REGISTRY. 815 | push-images-to-registries: $(addprefix push-images-to-registry-,$(call escapefs,$(DEV_REGISTRIES))) 816 | 817 | # push-images-to-registry-% pushes the build / arch images specified by BUILD_IMAGES and VALIDARCHES to the registry 818 | # specified by %*. 819 | push-images-to-registry-%: 820 | $(MAKE) $(addprefix push-image-to-registry-,$(call escapefs,$(BUILD_IMAGES))) REGISTRY=$(call unescapefs,$*) 821 | 822 | # push-image-to-registry-% pushes the build / arch images specified by $* and VALIDARCHES to the registry 823 | # specified by REGISTRY. 824 | push-image-to-registry-%: 825 | $(MAKE) $(addprefix push-image-arch-to-registry-,$(VALIDARCHES)) BUILD_IMAGE=$(call unescapefs,$*) 826 | 827 | # push-image-arch-to-registry-% pushes the build / arch image specified by $* and BUILD_IMAGE to the registry 828 | # specified by REGISTRY. 829 | push-image-arch-to-registry-%: 830 | # If the registry we want to push to doesn't not support manifests don't push the ARCH image. 831 | $(DOCKER) push $(call filter-registry,$(REGISTRY))$(BUILD_IMAGE):$(IMAGETAG)-$* 832 | $(if $(filter $*,amd64),\ 833 | $(DOCKER) push $(REGISTRY)/$(BUILD_IMAGE):$(IMAGETAG),\ 834 | $(NOECHO) $(NOOP)\ 835 | ) 836 | 837 | # push multi-arch manifest where supported. 838 | push-manifests: var-require-all-IMAGETAG $(addprefix sub-manifest-,$(call escapefs,$(PUSH_MANIFEST_IMAGES))) 839 | sub-manifest-%: 840 | $(DOCKER) manifest create $(call unescapefs,$*):$(IMAGETAG) $(addprefix --amend ,$(addprefix $(call unescapefs,$*):$(IMAGETAG)-,$(VALIDARCHES))) 841 | $(DOCKER) manifest push --purge $(call unescapefs,$*):$(IMAGETAG) 842 | 843 | # cd-common tags and pushes images with the branch name and git version. This target uses PUSH_IMAGES, BUILD_IMAGE, 844 | # and BRANCH_NAME env variables to figure out what to tag and where to push it to. 845 | cd-common: var-require-one-of-CONFIRM-DRYRUN var-require-all-BRANCH_NAME 846 | $(MAKE) retag-build-images-with-registries push-images-to-registries push-manifests IMAGETAG=$(if $(IMAGETAG_PREFIX),$(IMAGETAG_PREFIX)-)$(BRANCH_NAME) EXCLUDEARCH="$(EXCLUDEARCH)" 847 | $(MAKE) retag-build-images-with-registries push-images-to-registries push-manifests IMAGETAG=$(if $(IMAGETAG_PREFIX),$(IMAGETAG_PREFIX)-)$(call git-dev-tag) EXCLUDEARCH="$(EXCLUDEARCH)" 848 | 849 | ############################################################################### 850 | # Release targets and helpers 851 | # 852 | # The followings targets and macros are used to help start and cut releases. 853 | # At high level, this involves: 854 | # - Creating release branches 855 | # - Adding empty commits to start next release, and updating the 'dev' tag 856 | # - Adding 'release' tag to the commit that will be release 857 | # - Creating an empty commit for the next potential patch release, and updating 858 | # the dev tag on that commit 859 | # - Copying images for the released commit over to the release registries, and 860 | # re tagging those images with the release tag 861 | # 862 | # The following definitions will be helpful in understanding this process: 863 | # - 'dev' tag: A git tag of the form of `v3.8.0-calient-0.dev-36-g3a618e61c2d3` 864 | # that every commit has. The start of the dev tag, i.e. v3.8.0, is the 865 | # the release that this commit will go into. 866 | # - 'release' tag: A git tag of the form of `v3.8.0`. The commit that a release 867 | # is cut from will have this tag, i.e. you can find the commit that release 868 | # 3.8 uses by finding the commit with the tag v3.8.0. 869 | # - 'dev' image: The image that is created for evey commit that is merged to 870 | # master or a release branch. This image is tagged with the dev tag, i.e. 871 | # if commit 3a618e61c2d3 is on master or a release branch, there will be 872 | # an image for that commit in the dev registry with the tag 873 | # `v3.8.0-calient-0.dev-36-g3a618e61c2d3`. 874 | # - 'release' image: The public image the customers will use to install our 875 | # our product. Producing this is the goal of cutting the release. This image 876 | # will be in the release registries, and will be tagged with the release tag, 877 | # i.e. the release image for release 3.8 will have the v3.8.0 tag, or if it's 878 | # a patch release it will be v3.8. 879 | ############################################################################### 880 | fetch-all: 881 | git fetch --all -q 882 | 883 | # git-dev-tag retrieves the dev tag for the current commit (the one are dev images are tagged with). 884 | git-dev-tag = $(shell git describe --tags --long --always --abbrev=12 --match "*dev*") 885 | # git-release-tag-from-dev-tag get's the release version from the current commits dev tag. 886 | git-release-tag-from-dev-tag = $(shell echo $(call git-dev-tag) | grep -P -o "^v\d*.\d*.\d*(-.*)?(?=-$(DEV_TAG_SUFFIX))") 887 | # git-release-tag-for-current-commit gets the release tag for the current commit if there is one. 888 | git-release-tag-for-current-commit = $(shell git describe --tags --exact-match --exclude "*dev*") 889 | 890 | # release-branch-for-tag finds the latest branch that corresponds to the given tag. 891 | release-branch-for-tag = $(firstword $(shell git --no-pager branch --format='%(refname:short)' --contains $1 | grep -P "^release")) 892 | # commit-for-tag finds the latest commit that corresponds to the given tag. 893 | commit-for-tag = $(shell git rev-list -n 1 $1) 894 | git-commit-for-remote-tag = $(shell git ls-remote -q --tags $(GIT_REMOTE) $1 | awk '{print $$1}') 895 | # current-branch gets the name of the branch for the current commit. 896 | current-branch = $(shell git rev-parse --abbrev-ref HEAD) 897 | 898 | # RELEASE_BRANCH_BASE is used when creating a release branch to confirm the correct base is being used. It's 899 | # configurable so that a dry run can be done from a PR branch. 900 | RELEASE_BRANCH_BASE ?=master 901 | 902 | # var-set-% checks if there is a non empty variable for the value describe by %. If FAIL_NOT_SET is set, then var-set-% 903 | # fails with an error message. If FAIL_NOT_SET is not set, then var-set-% appends a 1 to VARSET if the variable isn't 904 | # set. 905 | var-set-%: 906 | $(if $($*),$(eval VARSET+=1),$(if $(FAIL_NOT_SET),$(error $* is required but not set),)) 907 | 908 | # var-require is used to check if one or all of the variables are set in REQUIRED_VARS, and fails if not. The variables 909 | # in REQUIRE_VARS are hyphen separated. 910 | # 911 | # If FAIL_NOT_SET is set, then all variables described in REQUIRED_VARS must be set for var-require to not fail, 912 | # otherwise only one variable needs to be set for var-require to not fail. 913 | var-require: $(addprefix var-set-,$(subst -, ,$(REQUIRED_VARS))) 914 | $(if $(VARSET),,$(error one of $(subst -, ,$(REQUIRED_VARS)) is not set or empty, but at least one is required)) 915 | 916 | # var-require-all-% checks if the there are non empty variables set for the hyphen separated values in %, and fails if 917 | # there isn't a non empty variable for each given value. For instance, to require FOO and BAR both must be set you would 918 | # call var-require-all-FOO-BAR. 919 | var-require-all-%: 920 | $(MAKE) var-require REQUIRED_VARS=$* FAIL_NOT_SET=true 921 | 922 | # var-require-one-of-% checks if the there are non empty variables set for the hyphen separated values in %, and fails 923 | # there isn't a non empty variable for at least one of the given values. For instance, to require either FOO or BAR both 924 | # must be set you would call var-require-all-FOO-BAR. 925 | var-require-one-of-%: 926 | $(MAKE) var-require REQUIRED_VARS=$* 927 | 928 | # sem-cut-release triggers the cut-release pipeline (or test-cut-release if CONFIRM is not specified) in semaphore to 929 | # cut the release. The pipeline is triggered for the current commit, and the branch it's triggered on is calculated 930 | # from the RELEASE_VERSION, CNX, and OS variables given. 931 | # 932 | # Before the pipeline is triggered, this target validates that the expected release will be cut using the 933 | # RELEASE_TAG (optional and defaults to the current tag) and RELEASE_VERSION (required) variables. The RELEASE_TAG 934 | # should be the dev tag that the release is cut from, and RELEASE_VERSION should be the version expected to be released. 935 | # This target verifies that the current commit is tagged with the RELEASE_TAG and that cutting this commit will result 936 | # in RELEASE_VERSION being cut. 937 | sem-cut-release: var-require-one-of-CONFIRM-DRYRUN var-require-all-RELEASE_VERSION var-require-one-of-CNX-OS 938 | ifndef RELEASE_TAG 939 | $(eval RELEASE_TAG = $(call git-dev-tag)) 940 | else 941 | $(eval RELEASE_TAG_COMMIT = $(call commit-for-tag,$(RELEASE_TAG))) 942 | $(if $(filter-out $(RELEASE_TAG_COMMIT),$(GIT_COMMIT)),\ 943 | echo Current commit is not tagged with $(RELEASE_TAG) && exit 1) 944 | endif 945 | $(eval CURRENT_RELEASE_VERSION = $(call git-release-tag-from-dev-tag)) 946 | $(if $(filter-out $(CURRENT_RELEASE_VERSION),$(RELEASE_VERSION)),\ 947 | echo Given release version $(RELEASE_VERSION) does not match current commit release version $(CURRENT_RELEASE_VERSION). && exit 1) 948 | 949 | $(eval RELEASE_BRANCH = release-$(if $CNX,calient-,)$(shell echo "$(RELEASE_VERSION)" | awk -F "." '{print $$1"."$$2}')$(shell echo "$(RELEASE_VERSION)" | awk '/1.0/ { print -1 }')) 950 | $(eval WORKFLOW_FILE = $(if $(CONFIRM),cut-release.yml,test-cut-release.yml)) 951 | 952 | @echo Cutting release for $(RELEASE_VERSION) from dev tag $(RELEASE_TAG) \(commit $(GIT_COMMIT)\) 953 | SEMAPHORE_WORKFLOW_BRANCH=$(RELEASE_BRANCH) SEMAPHORE_COMMIT_SHA=$(GIT_COMMIT) SEMAPHORE_WORKFLOW_FILE=$(WORKFLOW_FILE) $(MAKE) semaphore-run-workflow 954 | 955 | # cut-release uses the dev tags on the current commit to cut the release, more specifically cut-release does the 956 | # following: 957 | # - Calculates the release tag from the dev tag on the commit 958 | # - tags the current commit with the release tag then pushes that tag to github 959 | # - retags the build images (specified by BUILD_IMAGES) in the dev registries (specified DEV_REGISTRIES) with the 960 | # release tag 961 | # - copies the build images (specified by BUILD_IMAGES) from the first dev registry to the release registries (specified 962 | # by RELEASE_REGISTRIES) and retags those images with the release tag 963 | # - tags an empty commit at the head of the release branch with the next patch release dev tag and pushed that to github 964 | cut-release: var-require-one-of-CONFIRM-DRYRUN 965 | $(MAKE) cut-release-wrapped RELEASE=true 966 | 967 | cut-release-wrapped: var-require-one-of-CONFIRM-DRYRUN 968 | $(eval DEV_TAG = $(call git-dev-tag)) 969 | $(eval RELEASE_TAG = $(call git-release-tag-from-dev-tag)) 970 | $(eval RELEASE_BRANCH = $(call release-branch-for-tag,$(DEV_TAG))) 971 | ifdef EXPECTED_RELEASE_TAG 972 | $(if $(filter-out $(RELEASE_TAG),$(EXPECTED_RELEASE_TAG)),\ 973 | @echo "Failed to verify release tag$(comma) expected release version is $(EXPECTED_RELEASE_TAG)$(comma) actual is $(RELEASE_TAG)."\ 974 | && exit 1) 975 | endif 976 | $(eval NEXT_RELEASE_VERSION = $(shell echo "$(call git-release-tag-from-dev-tag)" | awk '{ split($$0,tag,"-"); if (tag[2] ~ /^1\./) { split(tag[2],subver,"."); print tag[1]"-"subver[1]".subver[2]+1" } else { split(tag[1],ver,"."); print ver[1]"."ver[2]"."ver[3]+1 } }')) 977 | ifndef IMAGE_ONLY 978 | $(MAKE) maybe-tag-release maybe-push-release-tag\ 979 | RELEASE_TAG=$(RELEASE_TAG) BRANCH=$(RELEASE_BRANCH) DEV_TAG=$(DEV_TAG) 980 | endif 981 | ifdef BUILD_IMAGES 982 | $(eval IMAGE_DEV_TAG = $(if $(IMAGETAG_PREFIX),$(IMAGETAG_PREFIX)-)$(DEV_TAG)) 983 | $(eval IMAGE_RELEASE_TAG = $(if $(IMAGETAG_PREFIX),$(IMAGETAG_PREFIX)-)$(RELEASE_TAG)) 984 | $(MAKE) release-dev-images\ 985 | RELEASE_TAG=$(IMAGE_RELEASE_TAG) BRANCH=$(RELEASE_BRANCH) DEV_TAG=$(IMAGE_DEV_TAG) 986 | endif 987 | ifndef IMAGE_ONLY 988 | $(MAKE) maybe-dev-tag-next-release maybe-push-next-release-dev-tag\ 989 | NEXT_RELEASE_VERSION=$(NEXT_RELEASE_VERSION) BRANCH=$(RELEASE_BRANCH) DEV_TAG=$(DEV_TAG) 990 | endif 991 | 992 | # maybe-tag-release calls the tag-release target only if the current commit is not tagged with the tag in RELEASE_TAG. 993 | # If the current commit is already tagged with the value in RELEASE_TAG then this is a NOOP. 994 | maybe-tag-release: var-require-all-RELEASE_TAG 995 | $(if $(filter-out $(call git-release-tag-for-current-commit),$(RELEASE_TAG)),\ 996 | $(MAKE) tag-release,\ 997 | @echo "Current commit already tagged with $(RELEASE_TAG)") 998 | 999 | # tag-release tags the current commit with an annotated tag with the value in RELEASE_TAG. This target throws an error 1000 | # if the current branch is not master. 1001 | tag-release: var-require-one-of-CONFIRM-DRYRUN var-require-all-DEV_TAG_SUFFIX-RELEASE_TAG 1002 | $(if $(filter-out $(RELEASE_BRANCH_BASE),$(call current-branch)),,$(error tag-release cannot be called on $(RELEASE_BRANCH_BASE))) 1003 | git tag -a $(RELEASE_TAG) -m "Release $(RELEASE_TAG)" 1004 | 1005 | # maybe-push-release-tag calls the push-release-tag target only if the tag in RELEASE_TAG is not already pushed to 1006 | # github. If the tag is pushed to github then this is a NOOP. 1007 | # TODO should we check the commit tagged in remote is the current commit? Probably yes... that could catch some annoying problems that would be hard to find if they happened... 1008 | maybe-push-release-tag: var-require-all-RELEASE_TAG 1009 | $(if $(shell git ls-remote -q --tags $(GIT_REMOTE) $(RELEASE_TAG)),\ 1010 | @echo Release $(RELEASE_TAG) already in github,\ 1011 | $(MAKE) push-release-tag) 1012 | 1013 | # push-release-tag pushes the tag in RELEASE_TAG to github. If the current commit is not tagged with this tag then this 1014 | # target fails. 1015 | push-release-tag: var-require-one-of-CONFIRM-DRYRUN var-require-all-DEV_TAG_SUFFIX-RELEASE_TAG 1016 | $(if $(call git-release-tag-for-current-commit),,$(error Commit does not have a release tag)) 1017 | $(GIT) push $(GIT_REMOTE) $(RELEASE_TAG) 1018 | 1019 | # maybe-dev-tag-next-release calls the dev-tag-next-release-target only if the tag NEXT_RELEASE_VERSION-DEV_TAG_SUFFIX 1020 | # doesn't exist locally. If the tag does exist then this is a NOOP. 1021 | maybe-dev-tag-next-release: var-require-all-NEXT_RELEASE_VERSION-DEV_TAG_SUFFIX 1022 | $(if $(shell git rev-parse --verify -q "$(NEXT_RELEASE_VERSION)-$(DEV_TAG_SUFFIX)"),\ 1023 | echo "Tag for next release $(NEXT_RELEASE_VERSION) already exists$(comma) not creating.",\ 1024 | $(MAKE) dev-tag-next-release) 1025 | 1026 | # dev-tag-next-release creates a new commit empty commit at the head of BRANCH and tags it with 1027 | # NEXT_RELEASE_VERSION-DEV_TAG_SUFFIX. 1028 | dev-tag-next-release: var-require-one-of-CONFIRM-DRYRUN var-require-all-NEXT_RELEASE_VERSION-DEV_TAG_SUFFIX-BRANCH 1029 | git checkout $(BRANCH) 1030 | $(GIT) pull $(GIT_REMOTE) $(BRANCH) 1031 | git commit --allow-empty -m "Begin development on $(NEXT_RELEASE_VERSION)" 1032 | git tag $(NEXT_RELEASE_VERSION)-$(DEV_TAG_SUFFIX) 1033 | 1034 | # maybe-push-next-release-dev-tag calls the push-next-release-dev-tag target if the tag 1035 | # NEXT_RELEASE_VERSION-DEV_TAG_SUFFIX doesn't exist remotely. If the tag exists remotely then this is a NOOP. 1036 | maybe-push-next-release-dev-tag: var-require-one-of-CONFIRM-DRYRUN var-require-all-NEXT_RELEASE_VERSION-DEV_TAG_SUFFIX 1037 | $(if $(shell git ls-remote --tags $(GIT_REMOTE) $(NEXT_RELEASE_VERSION)-$(DEV_TAG_SUFFIX)),\ 1038 | echo "Dev tag for next release $(NEXT_RELEASE_VERSION) already pushed to github.",\ 1039 | $(MAKE) push-next-release-dev-tag) 1040 | 1041 | # push-next-release-dev-tag pushes the tag NEXT_RELEASE_VERSION-DEV_TAG_SUFFIX and the current branch to github. If 1042 | # the current branch is not the head of the branch then this target fails. 1043 | push-next-release-dev-tag: var-require-one-of-CONFIRM-DRYRUN var-require-all-NEXT_RELEASE_VERSION-DEV_TAG_SUFFIX 1044 | # The next release commit should always be at the head of a release branch. 1045 | $(if $(filter-out HEAD,$(call current-branch)),,\ 1046 | $(error "Refusing to push commit for next release while in a detached state.")) 1047 | $(GIT) push $(GIT_REMOTE) $(call current-branch) 1048 | $(GIT) push $(GIT_REMOTE) $(NEXT_RELEASE_VERSION)-$(DEV_TAG_SUFFIX) 1049 | 1050 | # release-dev-images releases the dev images by calling the release-tag-dev-image-% and publish-dev-image-% on each 1051 | # value in BUILD_IMAGES. This results in retagging all the dev images with the release tag and copying the dev images 1052 | # over to the release registries. 1053 | ifndef SKIP_DEV_IMAGE_RETAG 1054 | RELEASE_DEV_IMAGES_RETAG_TARGETS ?= $(addprefix release-retag-dev-images-in-registry-,$(call escapefs, $(DEV_REGISTRIES))) 1055 | endif 1056 | 1057 | RELEASE_DEV_IMAGES_TARGETS ?= $(addprefix release-dev-images-to-registry-,$(call escapefs, $(RELEASE_REGISTRIES))) 1058 | release-dev-images: var-require-one-of-CONFIRM-DRYRUN var-require-all-BUILD_IMAGES $(RELEASE_DEV_IMAGES_RETAG_TARGETS) $(RELEASE_DEV_IMAGES_TARGETS) 1059 | 1060 | # release-retag-dev-images-in-registry-% retags all the build / arch images specified by BUILD_IMAGES and VALIDARCHES in 1061 | # the registry specified by $* with the release tag specified by RELEASE_TAG. 1062 | release-retag-dev-images-in-registry-%: 1063 | $(MAKE) $(addprefix release-retag-dev-image-in-registry-,$(call escapefs, $(BUILD_IMAGES))) DEV_REGISTRY=$(call unescapefs,$*) 1064 | 1065 | # release-retag-dev-image-in-registry-% retags the build image specified by $* in the dev registry specified by 1066 | # DEV_REGISTRY with the release tag specified by RELEASE_TAG. If DEV_REGISTRY is in the list of registries specified by 1067 | # RELEASE_REGISTRIES then the retag is not done 1068 | release-retag-dev-image-in-registry-%: 1069 | $(if $(filter-out $(RELEASE_REGISTRIES),$(DEV_REGISTRY)),\ 1070 | $(CRANE) cp $(DEV_REGISTRY)/$(call unescapefs,$*):$(DEV_TAG) $(DEV_REGISTRY)/$(call unescapefs,$*):$(RELEASE_TAG)) 1071 | 1072 | # release-dev-images-to-registry-% copies and retags all the build / arch images specified by BUILD_IMAGES and 1073 | # VALIDARCHES from the registry specified by DEV_REGISTRY to the registry specified by RELEASE_REGISTRY using the tag 1074 | # specified by DEV_TAG and RELEASE_TAG. 1075 | release-dev-images-to-registry-%: 1076 | $(MAKE) $(addprefix release-dev-image-to-registry-,$(call escapefs, $(BUILD_IMAGES))) RELEASE_REGISTRY=$(call unescapefs,$*) 1077 | 1078 | # release-dev-image-to-registry-% copies the build image and build arch images specified by $* and VALIDARCHES from 1079 | # the dev repo specified by DEV_TAG and RELEASE. 1080 | release-dev-image-to-registry-%: 1081 | $(if $(SKIP_MANIFEST_RELEASE),,\ 1082 | $(CRANE) cp $(DEV_REGISTRY)/$(call unescapefs,$*):$(DEV_TAG) $(RELEASE_REGISTRY)/$(call unescapefs,$*):$(RELEASE_TAG)) 1083 | $(if $(SKIP_ARCH_RELEASE),,\ 1084 | $(MAKE) $(addprefix release-dev-image-arch-to-registry-,$(VALIDARCHES)) BUILD_IMAGE=$(call unescapefs,$*)) 1085 | 1086 | # release-dev-image-to-registry-% copies the build arch image specified by BUILD_IMAGE and ARCH from the dev repo 1087 | # specified by DEV_TAG and RELEASE. 1088 | release-dev-image-arch-to-registry-%: 1089 | $(CRANE) cp $(DEV_REGISTRY)/$(BUILD_IMAGE):$(DEV_TAG)-$* $(RELEASE_REGISTRY)/$(BUILD_IMAGE):$(RELEASE_TAG)-$* 1090 | 1091 | # create-release-branch creates a release branch based off of the dev tag for the current commit on master. After the 1092 | # release branch is created and pushed, git-create-next-dev-tag is called to create a new empty commit on master and 1093 | # tag that empty commit with an incremented minor version of the previous dev tag for the next release. 1094 | create-release-branch: var-require-one-of-CONFIRM-DRYRUN var-require-all-DEV_TAG_SUFFIX-RELEASE_BRANCH_PREFIX fetch-all 1095 | $(if $(filter-out $(RELEASE_BRANCH_BASE),$(call current-branch)),$(error create-release-branch must be called on $(RELEASE_BRANCH_BASE)),) 1096 | $(eval NEXT_RELEASE_VERSION := $(shell echo "$(call git-release-tag-from-dev-tag)" | awk '{ split($$0,tag,"-"); if (tag[2] ~ /^1\./) { split(tag[2],subver,"."); print tag[1]"-"subver[1]+1".0" } else { split(tag[1],ver,"."); print ver[1]"."ver[2]+1"."ver[3] } }')) 1097 | $(eval RELEASE_BRANCH_VERSION = $(shell echo "$(call git-release-tag-from-dev-tag)" | awk '{ split($$0,tag,"-"); split(tag[1],ver,"."); if (tag[2] ~ /^1\./) { split(tag[2],subver,"."); print ver[1]"."ver[2]"-"subver[1] } else { print ver[1]"."ver[2] } }')) 1098 | git checkout -B $(RELEASE_BRANCH_PREFIX)-$(RELEASE_BRANCH_VERSION) $(GIT_REMOTE)/$(RELEASE_BRANCH_BASE) 1099 | $(GIT) push $(GIT_REMOTE) $(RELEASE_BRANCH_PREFIX)-$(RELEASE_BRANCH_VERSION) 1100 | $(MAKE) dev-tag-next-release push-next-release-dev-tag\ 1101 | BRANCH=$(call current-branch) NEXT_RELEASE_VERSION=$(NEXT_RELEASE_VERSION) DEV_TAG_SUFFIX=$(DEV_TAG_SUFFIX) 1102 | 1103 | ############################################################################### 1104 | # Helpers 1105 | ############################################################################### 1106 | ## Help 1107 | .PHONY: help 1108 | help: 1109 | $(info Available targets) 1110 | @echo 1111 | @awk '/^[a-zA-Z\-\_\%0-9\/]+:/ { \ 1112 | nb = sub( /^## /, "", helpMsg ); \ 1113 | if(nb == 0) { \ 1114 | helpMsg = $$0; \ 1115 | nb = sub( /^[^:]*:.* ## /, "", helpMsg ); \ 1116 | } \ 1117 | if (nb) \ 1118 | printf "\033[1;31m%-" width "s\033[0m %s\n", $$1, helpMsg; \ 1119 | } \ 1120 | { helpMsg = $$0 }' \ 1121 | width=30 \ 1122 | $(MAKEFILE_LIST) 1123 | @echo 1124 | @echo "-----------------------------------------------------------" 1125 | @echo "Building for $(BUILDOS)-$(ARCH) INSTALL_FLAG=$(INSTALL_FLAG)" 1126 | @echo 1127 | @echo "ARCH (target): $(ARCH)" 1128 | @echo "OS (target): $(BUILDOS)" 1129 | @echo "BUILDARCH (host): $(BUILDARCH)" 1130 | @echo "CALICO_BUILD: $(CALICO_BUILD)" 1131 | @echo "-----------------------------------------------------------" 1132 | --------------------------------------------------------------------------------