Clean up build artifacts

- used simple README.md for release instead of the project README.md
- output SPIRE binaries under bin/ during `make build`
- created release specific configuration files
- removed cruft developer configuration files
- cleaned up .gitignore a bit for binaries built from various means
- cleaned up ldflags options so it was easier to see when a git hash/tag
  was being passed.
- tarball contents are now explicitly defined
- no longer root tarball configuration to /opt/spire

Signed-off-by: Andrew Harding <[email protected]>

Author: azdagron

.gitignore

@@ -9,20 +9,21 @@
 /test_results
 /artifacts
 /releases
+/bin
 bundle.*.pem
 svid.*.key
 svid.*.pem
 
-
-cmd/spire-agent/spire-agent
+# Ignore binaries built using go build either from the root of the repo or
+# within the respective main packages.
+/spire-server
+/spire-agent
+/k8s-workload-registrar
+/oidc-discovery-provider
 cmd/spire-server/spire-server
+cmd/spire-agent/spire-agent
 support/k8s/k8s-workload-registrar/k8s-workload-registrar
 support/oidc-discovery-provider/oidc-discovery-provider
-
-functional/tools/stresstest/stresstest
-functional/tools/tokengenerator/tokengenerator
-functional/tools/workload/workload
-
 tools/spire-plugingen/spire-plugingen
 
 # Travis CI encrypted files decryption paths

Dockerfile.images

@@ -7,10 +7,7 @@ ADD proto/spire/go.mod /spire/proto/spire/go.mod
 RUN cd /spire && go mod download
 ADD . /spire
 WORKDIR /spire
-RUN make cmd/spire-server
-RUN make cmd/spire-agent
-RUN make support/k8s/k8s-workload-registrar
-RUN make support/oidc-discovery-provider
+RUN make build
 
 # Common base
 FROM alpine AS spire-base
@@ -20,28 +17,28 @@ RUN mkdir -p /opt/spire/bin
 
 # SPIRE Server
 FROM spire-base AS spire-server
-COPY --from=builder /spire/cmd/spire-server/spire-server /opt/spire/bin/spire-server
+COPY --from=builder /spire/bin/spire-server /opt/spire/bin/spire-server
 WORKDIR /opt/spire
 ENTRYPOINT ["/usr/bin/dumb-init", "/opt/spire/bin/spire-server", "run"]
 CMD []
 
 # SPIRE Agent
 FROM spire-base AS spire-agent
-COPY --from=builder /spire/cmd/spire-agent/spire-agent /opt/spire/bin/spire-agent
+COPY --from=builder /spire/bin/spire-agent /opt/spire/bin/spire-agent
 WORKDIR /opt/spire
 ENTRYPOINT ["/usr/bin/dumb-init", "/opt/spire/bin/spire-agent", "run"]
 CMD []
 
 # K8S Workload Registrar
 FROM spire-base AS k8s-workload-registrar
-COPY --from=builder /spire/support/k8s/k8s-workload-registrar/k8s-workload-registrar /opt/spire/bin/k8s-workload-registrar
+COPY --from=builder /spire/bin/k8s-workload-registrar /opt/spire/bin/k8s-workload-registrar
 WORKDIR /opt/spire
 ENTRYPOINT ["/usr/bin/dumb-init", "/opt/spire/bin/k8s-workload-registrar"]
 CMD []
 
 # OIDC Discovery Provider
 FROM spire-base AS oidc-discovery-provider
-COPY --from=builder /spire/support/oidc-discovery-provider/oidc-discovery-provider /opt/spire/bin/oidc-discovery-provider
+COPY --from=builder /spire/bin/oidc-discovery-provider /opt/spire/bin/oidc-discovery-provider
 WORKDIR /opt/spire
 ENTRYPOINT ["/usr/bin/dumb-init", "/opt/spire/bin/oidc-discovery-provider"]
 CMD []

Makefile

@@ -13,7 +13,6 @@ endif
 export GO111MODULE=on
 
 # Makefile variables
-binary_dirs := $(shell find cmd/* support/k8s/* support/oidc-discovery-provider -maxdepth 0 -type d)
 docker_volume_gopath := $(shell echo $${GOPATH}/pkg/mod):/root/go/pkg/mod
 docker_volume_spire := $(shell echo $${PWD}):/root/spire
 docker_image = spire-dev:latest
@@ -23,12 +22,19 @@ goversion-required := $(shell cat .go-version)
 gittag := $(shell git tag --points-at HEAD)
 githash := $(shell git rev-parse --short=7 HEAD)
 gitdirty := $(shell git status -s)
-# don't provide the git tag if the git status is dirty.
-ifneq ($(gitdirty),)
-	gittag :=
-	githash :=
+
+# Determine the ldflags passed to the go linker. The git tag and hash will be
+# provided to the linker unless the git status is dirty.
+go_ldflags := -s -w
+ifeq ($(gitdirty),)
+  ifneq ($(gittag),)
+    go_ldflags += -X github.com/spiffe/spire/pkg/common/version.gittag=$(gittag)
+  endif
+  ifneq ($(githash),)
+    go_ldflags += -X github.com/spiffe/spire/pkg/common/version.githash=$(githash)
+  endif
 endif
-ldflags := '-s -w -X github.com/spiffe/spire/pkg/common/version.gittag=$(gittag) -X github.com/spiffe/spire/pkg/common/version.githash=$(githash)'
+go_ldflags := '${go_ldflags}'
 
 utils = github.com/spiffe/spire/tools/spire-plugingen
 
@@ -54,10 +60,22 @@ go-check:
 
 # Make targets
 ##@ Building
-build: $(binary_dirs) ## Build SPIRE binaries
 
-$(binary_dirs): go-check
-	$(docker) /bin/sh -c "cd $@; go build -ldflags $(ldflags)"
+build: bin/spire-server bin/spire-agent bin/k8s-workload-registrar bin/oidc-discovery-provider ## Build SPIRE binaries
+
+define binary_rule
+.PHONY: $1
+$1:
+	$$(docker) /bin/sh -c "go build -ldflags $$(go_ldflags) -o $1 $2"
+endef
+
+$(eval $(call binary_rule,bin/spire-server,./cmd/spire-server))
+$(eval $(call binary_rule,bin/spire-agent,./cmd/spire-agent))
+$(eval $(call binary_rule,bin/k8s-workload-registrar,./support/k8s/k8s-workload-registrar))
+$(eval $(call binary_rule,bin/oidc-discovery-provider,./support/oidc-discovery-provider))
+
+bin:
+	mkdir -p bin
 
 all: $(container) build test ## Build and run tests
 

build.sh

@@ -42,14 +42,6 @@ declare -r PROTOBUF_TGZ="protoc-${PROTOBUF_VERSION}-${OS2}-${ARCH1}.zip"
 _exit_error() { echo "ERROR: $*" 1>&2; exit 1; }
 _log_info() { echo "INFO: $*"; }
 
-_artifact_dirs() {
-	find cmd/* -maxdepth 0 -type d 2>/dev/null
-}
-
-_release_dirs() {
-	find cmd/* -maxdepth 0 -type d 2>/dev/null
-}
-
 _fetch_url() {
 	mkdir -p "${BUILD_CACHE}"
 	if [[ ! -r ${BUILD_CACHE}/${2} ]]; then
@@ -198,23 +190,15 @@ build_release() {
 	_tag="$(git describe --abbrev=0 2>/dev/null || true)"
 	_always="$(git describe --always || true)"
 	if [[ "$_tag" == "$_always" ]]; then
-		build_artifact "$_tag" "$(_release_dirs)"
+		build_artifact "$_tag"
 	fi
 }
 
 ## Create a distributable tar.gz of all the binaries
 build_artifact() {
-	local _version="$1" _dirs="$2"
+	local _version="$1"
 	local _libc _tgz _sum _binaries _n _tmp _tar_opts=()
 
-	[[ -z "$_dirs" ]] && _dirs="$(_artifact_dirs)"
-	_dirs_array=()
-	for _dir in $_dirs; do
-		_dirs_array+=( "$_dir" )
-	done
-	_binaries="$(find "${_dirs_array[@]}" -perm -u=x -a -type f)"
-
-
 	# handle the case that we're building for alpine
 	if [[ $OS1 == linux ]]; then
 		case $(ldd --version 2>&1) in
@@ -242,26 +226,16 @@ build_artifact() {
 	rm -rf "$(dirname "$_tmp")"
 	mkdir -p "$_tmp"
 
-	# ensure empty .data dir is available
-	mkdir "$_tmp/.data"
+	# Copy in the contents under release/
+	cp -r release/* "$_tmp"
 
-	# we munge the file structure a bit here
-	for _n in $_binaries; do
-		if [[ $_n == *cmd/* ]]; then
-			cp "$_n" $_tmp
-		else
-			mkdir -p "${_tmp}/$(dirname "$(dirname "$_n")")"
-			cp -r "$_n" "${_tmp}/$(dirname "$_n")"
-		fi
-	done
-	for _n in $RELEASE_FILES; do
-		cp -r "$_n" "$_tmp"
-	done
+	# Copy in the LICENSE
+	cp LICENSE "$_tmp"
 
-	# anchor relative paths in configuration files to /opt/spire. the backup
-	# extension supplied to sed is only for easy cross-platform in-place
-	# replacement because of differences between macOS and linux sed.
-	find "$_tmp/conf" -type f -name "*.conf" -print0 | xargs -0 -I % -n1 sh -c "sed -i.bak -e 's#= \"./#= \"/opt/spire/#g' %; rm %.bak"
+	# Copy in the SPIRE binaries
+	mkdir -p "$_tmp"/bin
+	cp bin/spire-server "$_tmp"/bin
+	cp bin/spire-agent "$_tmp"/bin
 
 	tar -cvzf "$_tgz" --directory .tmp "${_tar_opts[@]}" "$(basename "$_tmp")"
 	echo "$(shasum -a 256 "$_tgz" | cut -d' ' -f1) $(basename "$_tgz")" > "$_sum"