From 92efa99c586d0b81971c7172edaed9c9efda50c5 Mon Sep 17 00:00:00 2001
From: Michael Plump <plumpy@google.com>
Date: Wed, 19 Jul 2023 09:32:02 -0400
Subject: [PATCH] chore: update the way the LTS images are built (#8953)
 (#8958)

* chore: update the way the LTS images are built

* Add the --build-arg and remove the Artifact Registry copy.
---
 deploy/cloudbuild-lts.yaml          |  55 -------------
 deploy/cloudbuild-release-lts.yaml  |  48 ++----------
 deploy/skaffold/Dockerfile.deps.lts | 110 --------------------------
 deploy/skaffold/Dockerfile.lts      | 116 +++++++++++++++++++++++++---
 4 files changed, 109 insertions(+), 220 deletions(-)
 delete mode 100644 deploy/cloudbuild-lts.yaml
 delete mode 100644 deploy/skaffold/Dockerfile.deps.lts

diff --git a/deploy/cloudbuild-lts.yaml b/deploy/cloudbuild-lts.yaml
deleted file mode 100644
index 3cebdd4ea94..00000000000
--- a/deploy/cloudbuild-lts.yaml
+++ /dev/null
@@ -1,55 +0,0 @@
-# using default substitutions, provided by Google Cloud Build
-# see: https://cloud.google.com/container-builder/docs/configuring-builds/substitute-variable-values#using_default_substitutions
-steps:
-# Build and tag skaffold-deps image using docker with cache-from
-  - name: 'gcr.io/cloud-builders/docker'
-    args:
-    - 'build'
-    - '-t'
-    - 'gcr.io/$PROJECT_ID/build_deps:latest-lts'
-    - '--cache-from'
-    - 'gcr.io/$PROJECT_ID/build_deps:latest-lts'
-    - '-f'
-    - 'deploy/skaffold/Dockerfile.deps.lts'
-    - '.'
-
-# Grab secret credentials from gcp bucket
-  - name: gcr.io/cloud-builders/gcloud
-    entrypoint: 'bash'
-    args: ['deploy/setup-secret.sh','-p', $PROJECT_ID]
-
-# Build and tag skaffold builder
-  - name: 'gcr.io/cloud-builders/docker'
-    args:
-    - 'build'
-    - '-t'
-    - 'gcr.io/$PROJECT_ID/skaffold-builder:latest'
-    - '--cache-from'
-    - 'gcr.io/$PROJECT_ID/skaffold-builder:latest'
-    - '-f'
-    - 'deploy/skaffold/Dockerfile'
-    - '.'
-
-# Do the go build & push the results to GCS
-  - name: 'gcr.io/$PROJECT_ID/skaffold-builder:latest'
-    args:
-    - 'make'
-    - 'release-lts-build'
-    - 'RELEASE_BUCKET=$_RELEASE_BUCKET'
-    - 'GCP_PROJECT=$PROJECT_ID'
-
-# Check that skaffold is in the image
-  - name: 'gcr.io/$PROJECT_ID/skaffold:edge-lts'
-    args:
-    - 'skaffold'
-    - 'version'
-
-images:
-- 'gcr.io/$PROJECT_ID/build_deps:latest-lts'
-- 'gcr.io/$PROJECT_ID/skaffold:edge-lts'
-- 'gcr.io/$PROJECT_ID/skaffold:$COMMIT_SHA-lts'
-
-options:
-  machineType: 'N1_HIGHCPU_8'
-
-timeout: 1500s
diff --git a/deploy/cloudbuild-release-lts.yaml b/deploy/cloudbuild-release-lts.yaml
index e3d8d9fa513..efe2b372ff8 100644
--- a/deploy/cloudbuild-release-lts.yaml
+++ b/deploy/cloudbuild-release-lts.yaml
@@ -6,53 +6,16 @@ steps:
   - name: 'gcr.io/cloud-builders/docker'
     args:
     - 'build'
+    - '--build-arg'
+    - 'SKAFFOLD_VERSION=$TAG_NAME'
     - '-t'
-    - 'gcr.io/$PROJECT_ID/build_deps:latest-lts'
-    - '--cache-from'
-    - 'gcr.io/k8s-skaffold/build_deps:latest-lts'
-    - '-f'
-    - 'deploy/skaffold/Dockerfile.deps.lts'
-    - '.'
-
-# Grab secret credentials from gcp bucket
-  - name: gcr.io/cloud-builders/gcloud
-    entrypoint: 'bash'
-    args: ['deploy/setup-secret.sh','-p', $PROJECT_ID]
-
-# Build and tag skaffold builder
-  - name: 'gcr.io/cloud-builders/docker'
-    args:
-    - 'build'
-    - '--cache-from'
-    - 'gcr.io/$PROJECT_ID/skaffold-builder:latest'
+    - 'gcr.io/$PROJECT_ID/skaffold:$TAG_NAME-lts'
     - '-t'
-    - 'gcr.io/$PROJECT_ID/skaffold-builder:latest'
+    - 'gcr.io/$PROJECT_ID/skaffold:$_SCANNING_MARKER-lts'
     - '-f'
-    - 'deploy/skaffold/Dockerfile'
+    - 'deploy/skaffold/Dockerfile.lts'
     - '.'
 
-# Build and tag distroless-skaffold image for scanning
-  - name: 'gcr.io/cloud-builders/docker'
-    args:
-      - 'build'
-      - '--build-arg'
-      - 'PROJECT_ID=$PROJECT_ID'
-      - '-t'
-      - 'us-east1-docker.pkg.dev/$PROJECT_ID/scanning/skaffold:$TAG_NAME-lts'
-      - '-f'
-      - 'deploy/skaffold/Dockerfile.skaffold'
-      - '.'
-
-# Do the go build & push the results to GCS
-  - name: 'gcr.io/$PROJECT_ID/skaffold-builder:latest'
-    args:
-    - 'make'
-    - 'release-lts'
-    - 'VERSION=$TAG_NAME'
-    - 'SCANNING_MARKER=$_SCANNING_MARKER'
-    - 'RELEASE_BUCKET=$_RELEASE_BUCKET'
-    - 'GCP_PROJECT=$PROJECT_ID'
-
 # Check that skaffold is in the image
   - name: 'gcr.io/$PROJECT_ID/skaffold:$TAG_NAME-lts'
     args:
@@ -62,7 +25,6 @@ steps:
 images:
 - 'gcr.io/$PROJECT_ID/skaffold:$TAG_NAME-lts'
 - 'gcr.io/$PROJECT_ID/skaffold:$_SCANNING_MARKER-lts'
-- 'us-east1-docker.pkg.dev/$PROJECT_ID/scanning/skaffold:$TAG_NAME-lts'
 
 options:
   machineType: 'N1_HIGHCPU_8'
diff --git a/deploy/skaffold/Dockerfile.deps.lts b/deploy/skaffold/Dockerfile.deps.lts
deleted file mode 100644
index 5eb59099d30..00000000000
--- a/deploy/skaffold/Dockerfile.deps.lts
+++ /dev/null
@@ -1,110 +0,0 @@
-# Copyright 2019 The Skaffold Authors All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ARG ARCH=amd64
-
-# Download kubectl
-FROM alpine:3.10 as download-kubectl
-ARG ARCH
-# Track default version installed by Google Cloud SDK: 424.0.0 moved to 1.24.12
-# https://cloud.google.com/sdk/docs/release-notes
-ENV KUBECTL_VERSION v1.27.2
-ENV KUBECTL_URL https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl
-# SHAs at gs://kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/
-COPY deploy/skaffold/digests/kubectl.${ARCH}.sha512 .
-RUN wget -O kubectl "${KUBECTL_URL}" && sha512sum -c kubectl.${ARCH}.sha512
-RUN chmod +x kubectl
-
-# Download helm (see https://github.com/helm/helm/releases/latest)
-FROM alpine:3.10 as download-helm
-ARG ARCH
-RUN echo arch=$ARCH
-ENV HELM_VERSION v3.12.0
-ENV HELM_URL https://storage.googleapis.com/skaffold/deps/helm/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz
-COPY deploy/skaffold/digests/helm.${ARCH}.sha256 .
-RUN wget -O helm.tar.gz "${HELM_URL}" && sha256sum -c helm.${ARCH}.sha256
-RUN tar -xvf helm.tar.gz --strip-components 1
-
-# Download kustomize
-FROM alpine:3.10 as download-kustomize
-ARG ARCH
-ENV KUSTOMIZE_VERSION 5.0.3
-ENV KUSTOMIZE_URL https://storage.googleapis.com/skaffold/deps/kustomize/v${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_${ARCH}.tar.gz
-COPY deploy/skaffold/digests/kustomize.${ARCH}.sha256 .
-RUN wget -O kustomize.tar.gz "${KUSTOMIZE_URL}" && sha256sum -c kustomize.${ARCH}.sha256
-RUN tar -xvf kustomize.tar.gz
-
-# Download kpt
-FROM alpine:3.10 as download-kpt
-ARG ARCH
-ENV KPT_VERSION 1.0.0-beta.33
-ENV KPT_URL https://storage.googleapis.com/skaffold/deps/kpt/v${KPT_VERSION}/kpt_linux_amd64
-COPY deploy/skaffold/digests/kpt.${ARCH}.sha256 .
-RUN wget -O kpt "${KPT_URL}" && sha256sum -c kpt.${ARCH}.sha256
-RUN chmod +x kpt
-
-# Download gcloud
-FROM alpine:3.10 as download-gcloud
-ARG ARCH
-ENV GCLOUD_VERSION 432.0.0
-ENV GCLOUD_URL https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${GCLOUD_VERSION}-linux-GCLOUDARCH.tar.gz
-# SHAs listed at https://cloud.google.com/sdk/docs/downloads-versioned-archives
-COPY deploy/skaffold/digests/gcloud.${ARCH}.sha256 .
-RUN \
-    GCLOUDARCH=$(case "${ARCH}" in amd64) echo x86_64;; *) echo ${ARCH};; esac); \
-    wget -O gcloud.tar.gz $(echo "${GCLOUD_URL}" | sed "s/GCLOUDARCH/${GCLOUDARCH}/g") && \
-    sha256sum -c gcloud.${ARCH}.sha256
-RUN tar -zxf gcloud.tar.gz
-
-
-FROM ubuntu:20.04 as runtime_deps
-
-RUN apt-get update && \
-    apt-get install --no-install-recommends --no-install-suggests -y \
-    git python3 unzip && \
-    rm -rf /var/lib/apt/lists/*
-
-COPY --from=download-kubectl kubectl /usr/local/bin/
-COPY --from=download-helm helm /usr/local/bin/
-COPY --from=download-kustomize kustomize /usr/local/bin/
-COPY --from=download-kpt kpt /usr/local/bin/
-COPY --from=download-gcloud google-cloud-sdk/ /google-cloud-sdk/
-
-# Finish installation of gcloud
-RUN /google-cloud-sdk/install.sh \
-    --usage-reporting=false \
-    --bash-completion=false \
-    --disable-installation-options
-ENV PATH=$PATH:/google-cloud-sdk/bin
-RUN gcloud auth configure-docker && gcloud components install --quiet \
-    gke-gcloud-auth-plugin \
-    alpha \
-    beta \
-    cloud-run-proxy \
-    log-streaming
-
-FROM runtime_deps
-ENV DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install --no-install-recommends --no-install-suggests -y \
-    build-essential \
-    python-setuptools \
-    lsb-release \
-    openjdk-17-jdk \
-    software-properties-common \
-    jq \
-    docker.io \
-    apt-transport-https && \
-    rm -rf /var/lib/apt/lists/*
-COPY --from=golang:1.19.10 /usr/local/go /usr/local/go
-ENV PATH /usr/local/go/bin:/root/go/bin:$PATH
diff --git a/deploy/skaffold/Dockerfile.lts b/deploy/skaffold/Dockerfile.lts
index c0bde9286b2..cd694e17d96 100644
--- a/deploy/skaffold/Dockerfile.lts
+++ b/deploy/skaffold/Dockerfile.lts
@@ -12,15 +12,107 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# This base image is built using docker from cache every single time as build step.
-FROM gcr.io/k8s-skaffold/build_deps:latest-lts as build
-WORKDIR /skaffold
-
-FROM build as builder
-ARG VERSION
-COPY . .
-RUN make clean out/skaffold VERSION=$VERSION && mv out/skaffold /usr/bin/skaffold && rm -rf secrets $SECRET
-
-FROM build as release
-COPY --from=builder /usr/bin/skaffold /usr/bin/skaffold
-RUN skaffold credits -d /THIRD_PARTY_NOTICES
+ARG ARCH=amd64
+ARG SKAFFOLD_VERSION
+
+# Download skaffold
+FROM alpine:3.10 as download-skaffold
+ARG ARCH
+ARG SKAFFOLD_VERSION
+ENV SKAFFOLD_URL https://storage.googleapis.com/skaffold/releases/${SKAFFOLD_VERSION}/skaffold-linux-${ARCH}
+RUN wget -O skaffold "${SKAFFOLD_URL}"
+RUN chmod +x skaffold
+
+# Download kubectl
+FROM alpine:3.10 as download-kubectl
+ARG ARCH
+# https://cloud.google.com/sdk/docs/release-notes
+ENV KUBECTL_VERSION v1.27.2
+ENV KUBECTL_URL https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl
+# SHAs at gs://kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/
+COPY deploy/skaffold/digests/kubectl.${ARCH}.sha512 .
+RUN wget -O kubectl "${KUBECTL_URL}" && sha512sum -c kubectl.${ARCH}.sha512
+RUN chmod +x kubectl
+
+# Download helm (see https://github.com/helm/helm/releases/latest)
+FROM alpine:3.10 as download-helm
+ARG ARCH
+RUN echo arch=$ARCH
+ENV HELM_VERSION v3.12.0
+ENV HELM_URL https://storage.googleapis.com/skaffold/deps/helm/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz
+COPY deploy/skaffold/digests/helm.${ARCH}.sha256 .
+RUN wget -O helm.tar.gz "${HELM_URL}" && sha256sum -c helm.${ARCH}.sha256
+RUN tar -xvf helm.tar.gz --strip-components 1
+
+# Download kustomize
+FROM alpine:3.10 as download-kustomize
+ARG ARCH
+ENV KUSTOMIZE_VERSION 5.0.3
+ENV KUSTOMIZE_URL https://storage.googleapis.com/skaffold/deps/kustomize/v${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_${ARCH}.tar.gz
+COPY deploy/skaffold/digests/kustomize.${ARCH}.sha256 .
+RUN wget -O kustomize.tar.gz "${KUSTOMIZE_URL}" && sha256sum -c kustomize.${ARCH}.sha256
+RUN tar -xvf kustomize.tar.gz
+
+# Download kpt
+FROM alpine:3.10 as download-kpt
+ARG ARCH
+ENV KPT_VERSION 1.0.0-beta.33
+ENV KPT_URL https://storage.googleapis.com/skaffold/deps/kpt/v${KPT_VERSION}/kpt_linux_amd64
+COPY deploy/skaffold/digests/kpt.${ARCH}.sha256 .
+RUN wget -O kpt "${KPT_URL}" && sha256sum -c kpt.${ARCH}.sha256
+RUN chmod +x kpt
+
+# Download gcloud
+FROM alpine:3.10 as download-gcloud
+ARG ARCH
+ENV GCLOUD_VERSION 432.0.0
+ENV GCLOUD_URL https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${GCLOUD_VERSION}-linux-GCLOUDARCH.tar.gz
+# SHAs listed at https://cloud.google.com/sdk/docs/downloads-versioned-archives
+COPY deploy/skaffold/digests/gcloud.${ARCH}.sha256 .
+RUN \
+    GCLOUDARCH=$(case "${ARCH}" in amd64) echo x86_64;; *) echo ${ARCH};; esac); \
+    wget -O gcloud.tar.gz $(echo "${GCLOUD_URL}" | sed "s/GCLOUDARCH/${GCLOUDARCH}/g") && \
+    sha256sum -c gcloud.${ARCH}.sha256
+RUN tar -zxf gcloud.tar.gz
+
+
+FROM ubuntu:20.04 as runtime_deps
+
+RUN apt-get update && \
+    apt-get install --no-install-recommends --no-install-suggests -y \
+    git python unzip && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY --from=download-skaffold skaffold /usr/local/bin/
+COPY --from=download-kubectl kubectl /usr/local/bin/
+COPY --from=download-helm helm /usr/local/bin/
+COPY --from=download-kustomize kustomize /usr/local/bin/
+COPY --from=download-kpt kpt /usr/local/bin/
+COPY --from=download-gcloud google-cloud-sdk/ /google-cloud-sdk/
+
+# Finish installation of gcloud
+RUN /google-cloud-sdk/install.sh \
+    --usage-reporting=false \
+    --bash-completion=false \
+    --disable-installation-options
+ENV PATH=$PATH:/google-cloud-sdk/bin
+RUN gcloud auth configure-docker && gcloud components install --quiet \
+    gke-gcloud-auth-plugin \
+    alpha \
+    beta \
+    cloud-run-proxy \
+    log-streaming
+
+FROM runtime_deps
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install --no-install-recommends --no-install-suggests -y \
+    curl \
+    build-essential \
+    python-setuptools \
+    lsb-release \
+    openjdk-17-jdk \
+    software-properties-common \
+    jq \
+    docker.io \
+    apt-transport-https && \
+    rm -rf /var/lib/apt/lists/*