diff --git a/.github/workflows/build-rust-injector.yml b/.github/workflows/build-rust-injector.yml index 1754799603..f4d6a56832 100644 --- a/.github/workflows/build-rust-injector.yml +++ b/.github/workflows/build-rust-injector.yml @@ -25,46 +25,24 @@ jobs: - name: Install tools uses: ./.github/actions/install-tools - - name: "Dependency: Setup rust toolchain" + - name: "Build Rust Binary for x86_64 and arm64" run: | - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path - echo "$HOME/.cargo/bin" >> $GITHUB_PATH - sudo apt install build-essential -y - - - name: "Build Rust Binary for x86_64" - working-directory: src/injector - run: | - rustup target add x86_64-unknown-linux-musl - cargo build --target x86_64-unknown-linux-musl --release - strip target/x86_64-unknown-linux-musl/release/zarf-injector - - - name: "Build Rust Binary for aarch64" - working-directory: src/injector - run: | - rustup target add aarch64-unknown-linux-musl - curl https://zarf-public.s3-us-gov-west-1.amazonaws.com/pipelines/aarch64-linux-musl-cross.tgz | tar -xz - export PATH="$PWD/aarch64-linux-musl-cross/bin:$PATH" - cargo build --target aarch64-unknown-linux-musl --release - aarch64-linux-musl-strip target/aarch64-unknown-linux-musl/release/zarf-injector - - - name: Login to Docker Hub - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 + make build-injector-linux + cd src/injector/target + mkdir -p ../dist + cp x86_64-unknown-linux-musl/release/zarf-injector ../dist/zarf-injector-amd64 + cp aarch64-unknown-linux-musl/release/zarf-injector ../dist/zarf-injector-arm64 + cd ../dist + shasum zarf-injector-amd64 >> checksums.txt + shasum zarf-injector-arm64 >> checksums.txt + + - name: Set AWS Credentials + uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: "Upload Binaries To DockerHub" - working-directory: src/injector/target - run: | - cosign upload blob -f x86_64-unknown-linux-musl/release/zarf-injector defenseunicorns/zarf-injector:amd64-${{ github.event.inputs.versionTag }} - cosign upload blob -f aarch64-unknown-linux-musl/release/zarf-injector defenseunicorns/zarf-injector:arm64-${{ github.event.inputs.versionTag }} + aws-access-key-id: ${{ secrets.AWS_GOV_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_GOV_SECRET_ACCESS_KEY }} + aws-region: us-gov-west-1 - - name: "Sign the binaries" + - name: Sync Artifacts to S3 run: | - cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-injector:amd64-${{ github.event.inputs.versionTag }} - cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-injector:arm64-${{ github.event.inputs.versionTag }} - env: - COSIGN_EXPERIMENTAL: 1 - AWS_REGION: ${{ secrets.COSIGN_AWS_REGION }} - AWS_ACCESS_KEY_ID: ${{ secrets.COSIGN_AWS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.COSIGN_AWS_ACCESS_KEY }} + aws s3 sync src/injector/dist/ s3://zarf-public/injector/${{ github.event.inputs.versionTag }}/ diff --git a/Makefile b/Makefile index 4716a0748f..82f9290dad 100644 --- a/Makefile +++ b/Makefile @@ -151,6 +151,9 @@ build-examples: ## Build all of the example packages @test -s ./build/zarf-package-yolo-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/yolo -o build -a $(ARCH) --confirm +build-injector-linux: ## Build the Zarf injector for AMD64 and ARM64 + docker run --rm --user "$(id -u)":"$(id -g)" -v $$PWD/src/injector:/usr/src/zarf-injector -w /usr/src/zarf-injector rust:1.71.0-bookworm make build-injector-linux + ## NOTE: Requires an existing cluster or the env var APPLIANCE_MODE=true .PHONY: test-e2e test-e2e: build-examples ## Run all of the core Zarf CLI E2E tests (builds any deps that aren't present) diff --git a/packages/zarf-registry/zarf.yaml b/packages/zarf-registry/zarf.yaml index 8b7c3c6d09..dd622acadd 100644 --- a/packages/zarf-registry/zarf.yaml +++ b/packages/zarf-registry/zarf.yaml @@ -56,11 +56,29 @@ components: Bootstraps a Kubernetes cluster by cloning a running pod in the cluster and hosting the registry image. Removed and destroyed after the Zarf Registry is self-hosting the registry image. required: true - cosignKeyPath: ../../cosign.pub + only: + cluster: + architecture: amd64 files: # Rust Injector Binary - - source: sget://defenseunicorns/zarf-injector:###ZARF_PKG_ARCH###-###ZARF_PKG_TMPL_INJECTOR_VERSION### + - source: https://zarf-public.s3-us-gov-west-1.amazonaws.com/injector/###ZARF_PKG_TMPL_INJECTOR_VERSION###/zarf-injector-amd64 target: "###ZARF_TEMP###/zarf-injector" + shasum: "###ZARF_PKG_TMPL_INJECTOR_AMD64_SHASUM###" + executable: true + + - name: zarf-injector + description: | + Bootstraps a Kubernetes cluster by cloning a running pod in the cluster and hosting the registry image. + Removed and destroyed after the Zarf Registry is self-hosting the registry image. + required: true + only: + cluster: + architecture: arm64 + files: + # Rust Injector Binary + - source: https://zarf-public.s3-us-gov-west-1.amazonaws.com/injector/###ZARF_PKG_TMPL_INJECTOR_VERSION###/zarf-injector-arm64 + target: "###ZARF_TEMP###/zarf-injector" + shasum: "###ZARF_PKG_TMPL_INJECTOR_ARM64_SHASUM###" executable: true - name: zarf-seed-registry diff --git a/src/injector/.cargo/config b/src/injector/.cargo/config deleted file mode 100644 index c00f890655..0000000000 --- a/src/injector/.cargo/config +++ /dev/null @@ -1,8 +0,0 @@ -# Due to an issue with linking when cross-compiling, specify the -# linker and archiver for cross-compiled targets. -# -# More information: https://github.com/rust-lang/cargo/issues/4133 - -[target.aarch64-unknown-linux-musl] -linker = "aarch64-linux-musl-ld" -ar = "aarch64-linux-musl-ar" \ No newline at end of file diff --git a/src/injector/.gitignore b/src/injector/.gitignore index 2f7896d1d1..95e8af5205 100644 --- a/src/injector/.gitignore +++ b/src/injector/.gitignore @@ -1 +1,3 @@ target/ +aarch64-linux-musl-cross/ +x86_64-linux-musl-cross/ diff --git a/src/injector/Cargo.lock b/src/injector/Cargo.lock index 5a93506677..f9ed1a6982 100644 --- a/src/injector/Cargo.lock +++ b/src/injector/Cargo.lock @@ -964,7 +964,7 @@ dependencies = [ [[package]] name = "zarf-injector" -version = "0.4.3" +version = "0.5.0" dependencies = [ "flate2", "glob", diff --git a/src/injector/Cargo.toml b/src/injector/Cargo.toml index db75390dc8..50e52f398f 100644 --- a/src/injector/Cargo.toml +++ b/src/injector/Cargo.toml @@ -10,7 +10,7 @@ strip = true [package] name = "zarf-injector" -version = "0.4.3" +version = "0.5.0" edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html diff --git a/src/injector/Makefile b/src/injector/Makefile new file mode 100644 index 0000000000..8f40fbadbf --- /dev/null +++ b/src/injector/Makefile @@ -0,0 +1,41 @@ +# SPDX-License-Identifier: Apache-2.0 +# SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +.PHONY: help +help: ## Display this help information + @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) \ + | sort | awk 'BEGIN {FS = ":.*?## "}; \ + {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' + +clean: ## Clean the build directory + rm -rf target + +build-injector-linux: build-injector-linux-amd build-injector-linux-arm ## Build the Zarf injector for AMD64 and ARM64 + +build-injector-linux-amd: ## Build the Zarf injector for AMD64 + rustup target add x86_64-unknown-linux-musl + + if [ "$(shell uname -m)" = "arm64" ] || [ "$(shell uname -m)" = "aarch64" ]; then \ + test -s x86_64-linux-musl-cross || curl https://zarf-public.s3-us-gov-west-1.amazonaws.com/pipelines/x86_64-linux-musl-cross.tgz | tar -xz; \ + export PATH="$$PWD/x86_64-linux-musl-cross/bin:$$PATH"; \ + export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=x86_64-linux-musl-cc; \ + cargo build --target x86_64-unknown-linux-musl --release; \ + elif [ "$(shell uname -m)" = "x86_64" ]; then \ + cargo build --target x86_64-unknown-linux-musl --release; \ + fi + + du --si target/x86_64-unknown-linux-musl/release/zarf-injector + +build-injector-linux-arm: ## Build the Zarf injector for ARM64 + rustup target add aarch64-unknown-linux-musl + + if [ "$(shell uname -m)" = "arm64" ] || [ "$(shell uname -m)" = "aarch64" ]; then \ + cargo build --target aarch64-unknown-linux-musl --release; \ + elif [ "$(shell uname -m)" = "x86_64" ]; then \ + test -s aarch64-linux-musl-cross || curl https://zarf-public.s3-us-gov-west-1.amazonaws.com/pipelines/aarch64-linux-musl-cross.tgz | tar -xz; \ + export PATH="$$PWD/aarch64-linux-musl-cross/bin:$$PATH"; \ + export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=aarch64-linux-musl-cc; \ + cargo build --target aarch64-unknown-linux-musl --release; \ + fi + + du --si target/aarch64-unknown-linux-musl/release/zarf-injector diff --git a/zarf-config.toml b/zarf-config.toml index e1e2ba100e..1bec205426 100644 --- a/zarf-config.toml +++ b/zarf-config.toml @@ -5,7 +5,9 @@ agent_image = 'defenseunicorns/zarf/agent' agent_image_tag = 'local' # Tag for the zarf injector binary to use -injector_version = '2023-07-19' +injector_version = '2023-08-02' +injector_amd64_shasum = '91de0768855ee2606a4f85a92bb480ff3a14ca205fd8d05eb397c18e15aa0247' +injector_arm64_shasum = '663df681deea957b0ec53538eab221691a83de8e95d86b8a29008af711934bee' # The image reference to use for the registry that Zarf deploys into the cluster registry_image_domain = ''