refactor: rootful/rootless bootstrapping (#40)

Signed-off-by: Mateusz Urbanek <mateusz.urbanek.98@gmail.com>

.github/workflows/tests.yaml

@@ -20,10 +20,10 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v4
         with:
-          go-version: '1.20'
+          go-version: '1.21'
           cache: false
       - run: |
           go test -race -covermode=atomic -coverprofile=coverage.out
-      - uses: codecov/codecov-action@v4
+      - uses: codecov/codecov-action@v3
         with:
           token: ${{ secrets.CODECOV_TOKEN }}

CODE_OF_CONDUCT.md

@@ -61,7 +61,7 @@ representative at an online or offline event.
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported to the community leaders responsible for enforcement at
-[INSERT CONTACT METHOD].
+[mateusz.urbanek.98@gmail.com](mailto:mateusz.urbanek.98@gmail.com).
 All complaints will be reviewed and investigated promptly and fairly.
 
 All community leaders are obligated to respect the privacy and security of the

cmd/bootstrap/internal/config/config.go

@@ -25,16 +25,13 @@ import (
 )
 
 type Config struct {
-	ModPath      *url.URL
-	TemplateRoot string
-	OutputDir    string
-	GoVersion    string
-	Year         int
-	Comment      string
-	Rootless     bool
-
+	ModPath           *url.URL
+	TemplateRoot      string
+	OutputDir         string
+	GoVersion         string
+	Year              int
+	Comment           string
 	COSISpecification *COSISpecification
-	Docker            *Docker
 }
 
 // New returns new Config struct, given that the modPath is a valid URL.
@@ -46,14 +43,11 @@ func New(modPath string, opts ...Option) (*Config, error) {
 	}
 
 	cfg := &Config{
-		ModPath:      modURL,
-		GoVersion:    trimVersion(runtime.Version()),
-		Year:         time.Now().Year(),
-		Comment:      "//",
-		TemplateRoot: "template",
-		Rootless:     false,
-
-		Docker:            newDocker(),
+		ModPath:           modURL,
+		GoVersion:         trimVersion(runtime.Version()),
+		Year:              time.Now().Year(),
+		Comment:           "//",
+		TemplateRoot:      "template",
 		COSISpecification: newSpecification(),
 	}
 

cmd/bootstrap/internal/config/options.go

@@ -18,32 +18,6 @@ import "errors"
 
 type Option func(c *Config) error
 
-// WithDockerImage ...
-func WithDockerImage(image string) Option {
-	return func(c *Config) error {
-		if image == "" {
-			return errors.New("empty image")
-		}
-
-		c.Docker.Image = image
-
-		return nil
-	}
-}
-
-// WithDockerRootlessImage ...
-func WithDockerRootlessImage(image string) Option {
-	return func(c *Config) error {
-		if image == "" {
-			return errors.New("empty image")
-		}
-
-		c.Docker.RootlessImage = image
-
-		return nil
-	}
-}
-
 // WithTemplateRoot ...
 func WithTemplateRoot(root string) Option {
 	return func(c *Config) error {
@@ -69,12 +43,3 @@ func WithOutputDir(output string) Option {
 		return nil
 	}
 }
-
-// WithRootless ...
-func WithRootless(yes bool) Option {
-	return func(c *Config) error {
-		c.Rootless = yes
-
-		return nil
-	}
-}

cmd/bootstrap/main.go

@@ -27,32 +27,23 @@ import (
 )
 
 var (
-	modPath       string
-	directory     string
-	image         string
-	rootlessImage string
-	rootless      bool
+	modPath   string
+	directory string
 )
 
 func main() {
 	flag.StringVar(&modPath, "module", "example.com/cosi-osp", "Override name for your new module.")
 	flag.StringVar(&directory, "dir", "cosi-osp", "Location/Path, where the module will be created.")
-	flag.StringVar(&image, "image", config.DefaultImage, "Override the default base Docker image.")
-	flag.StringVar(&rootlessImage, "rootless-image", config.DefaultRootlessImage, "Override the default base Docker image for rootless container.")
-	flag.BoolVar(&rootless, "rootless", false, "Generate the Dockerfile for rootless container.")
 	flag.Parse()
 
 	if err := realMain(modPath,
-		directory,
-		image,
-		rootlessImage,
-		rootless); err != nil {
+		directory); err != nil {
 		log.Fatal(err)
 	}
 }
 
-func realMain(modPath, location, image, rootlessImage string, rootless bool) error {
-	if modPath == "" || location == "" || image == "" || rootlessImage == "" {
+func realMain(modPath, location string) error {
+	if modPath == "" || location == "" {
 		return errors.New("invalid argument")
 	}
 
@@ -64,9 +55,6 @@ func realMain(modPath, location, image, rootlessImage string, rootless bool) err
 
 	cfg, err := config.New(modPath,
 		config.WithOutputDir(location),
-		config.WithDockerImage(image),
-		config.WithDockerRootlessImage(rootlessImage),
-		config.WithRootless(rootless),
 	)
 	if err != nil {
 		return fmt.Errorf("invalid config: %w", err)

cmd/bootstrap/main_docker_test.go

@@ -10,7 +10,6 @@ import (
 	"path"
 	"testing"
 
-	"github.com/doomshrine/gocosi/cmd/bootstrap/internal/config"
 	"github.com/doomshrine/testcontext"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -28,7 +27,7 @@ func TestRealMainWithDocker(t *testing.T) {
 
 	ospDir := path.Join(dir, "test-osp")
 
-	err = realMain(TestModPath, ospDir, config.DefaultImage, config.DefaultRootlessImage, false)
+	err = realMain(TestModPath, ospDir)
 	require.NoError(t, err)
 	require.FileExists(t, path.Join(ospDir, "go.mod"))
 
@@ -54,42 +53,3 @@ func TestRealMainWithDocker(t *testing.T) {
 	err = cmd.Run()
 	assert.NoError(t, err, "stdout: >>>%s<<<, stderr: >>>%s<<<", bufOut.String(), bufErr.String())
 }
-
-//nolint:paralleltest
-func TestRealMainWithDockerRootless(t *testing.T) {
-	ctx, cancel := testcontext.FromT(context.Background(), t)
-	defer cancel()
-
-	dir, err := os.MkdirTemp("", "*")
-	require.NoError(t, err)
-
-	defer os.RemoveAll(dir)
-
-	ospDir := path.Join(dir, "test-osp")
-
-	err = realMain(TestModPath, ospDir, config.DefaultImage, config.DefaultRootlessImage, false)
-	require.NoError(t, err)
-	require.FileExists(t, path.Join(ospDir, "go.mod"))
-
-	bufOut := new(bytes.Buffer)
-	bufErr := new(bytes.Buffer)
-
-	cmd := exec.CommandContext(ctx, "docker", "build", "--tag=gocosi:rootless", "--no-cache", ".")
-	cmd.Dir = ospDir
-	cmd.Stderr = bufErr
-	cmd.Stdout = bufOut
-
-	err = cmd.Run()
-	assert.NoError(t, err, "stdout: >>>%s<<<, stderr: >>>%s<<<", bufOut.String(), bufErr.String())
-
-	bufOut.Reset()
-	bufErr.Reset()
-
-	cmd = exec.CommandContext(ctx, "docker", "image", "rm", "gocosi:rootless")
-	cmd.Dir = ospDir
-	cmd.Stderr = bufErr
-	cmd.Stdout = bufOut
-
-	err = cmd.Run()
-	assert.NoError(t, err, "stdout: >>>%s<<<, stderr: >>>%s<<<", bufOut.String(), bufErr.String())
-}

cmd/bootstrap/main_test.go

@@ -8,7 +8,6 @@ import (
 	"path"
 	"testing"
 
-	"github.com/doomshrine/gocosi/cmd/bootstrap/internal/config"
 	"github.com/doomshrine/testcontext"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -29,7 +28,7 @@ func TestRealMain(t *testing.T) {
 
 	ospDir := path.Join(dir, "test-osp")
 
-	err = realMain(TestModPath, ospDir, config.DefaultImage, config.DefaultRootlessImage, false)
+	err = realMain(TestModPath, ospDir)
 	require.NoError(t, err)
 	require.FileExists(t, path.Join(ospDir, "go.mod"))
 

cmd/bootstrap/template/Dockerfile.tpl

@@ -2,7 +2,7 @@
 # First stage:
 #   - Building the COSI OSP using the default Go image.
 ###############################################################################
-FROM --platform=${BUILDPLATFORM} docker.io/library/golang:{{ .GoVersion }} AS builder
+FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.21.1 AS builder
 
 # Set the working directory.
 WORKDIR /cosi-osp
@@ -30,14 +30,10 @@ RUN go build -o build/cosi-osp main.go
 # Second Stage:
 #   - Runtime image.
 #
-# NOTE: you should replace the latest/ubi9 with specific digest, to ensure,
-#   that builds are consistent.
+# NOTE: you should replace the latest with specific digest, to ensure that
+#       builds are consistent.
 ###############################################################################
-{{ if .Rootless }}
-FROM --platform=${BUILDPLATFORM} {{ .Docker.RootlessImage }} AS runtime
-{{ else }}
-FROM --platform=${BUILDPLATFORM} {{ .Docker.Image }} AS runtime
-{{ end }}
+FROM --platform=${BUILDPLATFORM} gcr.io/distroless/static:latest AS runtime
 
 # Set the working directory.
 WORKDIR /cosi
@@ -53,25 +49,7 @@ HEALTHCHECK NONE
 
 # Set the default environment.
 ENV COSI_ENDPOINT="/var/lib/cosi/cosi.sock"
-{{ if .Rootless }}
-ENV X_COSI_ENDPOINT_PERMS="0755"
-ENV X_COSI_ENDPOINT_USER="1001"
-ENV X_COSI_ENDPOINT_GROUP="1001"
-
-# Create a non-root user and set permissions on the files.
-RUN echo "cosi:*:1001:cosi-user" >> /etc/group && \
-    echo "cosi-user:*:1001:1001::/cosi:/bin/false" >> /etc/passwd && \
-    chown 1001:1001 /cosi && \
-    chmod 0550 /cosi && \
-    mkdir -p /var/lib/cosi && \
-    chown -R 1001:1001 /var/lib/cosi
-
-# Copy the newly build binary to final image, and set the permissions.
-COPY --from=builder --chown=1001:1001 /cosi-osp/build/cosi-osp /usr/bin/cosi-osp
-RUN chmod 0550 /cosi
-{{ else }}
 COPY --from=builder /cosi-osp/build/cosi-osp /usr/bin/cosi-osp
-{{ end }}
 
 # Set the correct entrypoint and command arguments.
 ENTRYPOINT [ "/usr/bin/cosi-osp" ]

go.mod

@@ -1,6 +1,6 @@
 module github.com/doomshrine/gocosi
 
-go 1.20
+go 1.21
 
 require (
 	github.com/doomshrine/must v1.0.0