{"id":18136108,"url":"https://github.com/errordeveloper/cilium-image-tools-2","last_synced_at":"2025-10-08T23:08:38.475Z","repository":{"id":137924777,"uuid":"279892757","full_name":"errordeveloper/cilium-image-tools-2","owner":"errordeveloper","description":null,"archived":false,"fork":false,"pushed_at":"2020-07-15T19:47:25.000Z","size":84,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-06T16:50:22.364Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/errordeveloper.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-07-15T14:36:32.000Z","updated_at":"2020-07-15T16:08:04.000Z","dependencies_parsed_at":null,"dependency_job_id":"17e8e934-f459-4cbf-a286-5fc760457a39","html_url":"https://github.com/errordeveloper/cilium-image-tools-2","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/errordeveloper/cilium-image-tools-2","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/errordeveloper%2Fcilium-image-tools-2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/errordeveloper%2Fcilium-image-tools-2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/errordeveloper%2Fcilium-image-tools-2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/errordeveloper%2Fcilium-image-tools-2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/errordeveloper","download_url":"https://codeload.github.com/errordeveloper/cilium-image-tools-2/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/errordeveloper%2Fcilium-image-tools-2/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279000732,"owners_count":26082862,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-01T14:10:41.789Z","updated_at":"2025-10-08T23:08:38.457Z","avatar_url":"https://github.com/errordeveloper.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cilium Dependency Packaging\n\nThis repository contains build definitions for a number of images that are components of the official and development images of Cilium.\n\nThe builds are currently hosted in GitHub Actions, but can be ported to any other container-based CI system.\n\nPortability between CI systems and ability to run localy is critical, that's why some of these images are perfered over pre-packaged GitHub Actions.\nAlso, pre-package action often download dependencies on-the-fly, potentially increasing build times and causing flakiness. Registry is a network\nresource, which could be unreliable at times, hower it can be mirrored easily, unlike GitHub releases.\nSome of the image do depend on GitHub releases or other HTTP blol storage providers, but there is no easy way around that, as the only alrearnative\nwould be to build all of the dependencies from source, which is not feasible.\n\n## Images\n\n### [`images/maker`](images/maker/Dockerfile)\n\nThis image consists of core tools used for building all other images, which include `bash`, `make` and `docker` (with [`buildx`](https://github.com/docker/buildx))\nand [`crane`](https://github.com/google/go-containerregistry/blob/master/cmd/crane).\nThis image enables using latest BuildKit features without depending on whatever Docker daemon/client CI host provides.\nSince `buildx` runs a BuildKit daemon inside a container, it's largely independent of what version of Docker daemon it runs on.\n\nThis image also includes a secure credentials helper - [`docker-credential-env`](http://github.com/errordeveloper/docker-credential-env),\nwhich prevents having to use `docker login` which stores a plain text token in `${DOCKER_CONFIG}/config.json`.\n\n### [`images/kube-test`](images/kube-test/Dockerfile)\n\nThis image primarily provides `kubectl`, `helm`, `docker` and `kind`. The image is structurally similar to `maker`, and it also\ninclude `docker`, however the purpose is different and it is important to keep the size of `maker` relatively small.\nAlso, it's unlikely that `maker` image will be updated as often as the `kube-test`.\n\n### [`images/compiler`](images/compilers/Dockerfile)\n\nThis image consists of compilers and libraries needed to build other images for `amd64` and `arm64`.\n\nIt also includes multiple Bazel version to enable building different version of Istio and Envoy.\n\n### [`images/bpftool`](images/bpftool/Dockerfile)\n\nThis image builds `bpftool` binary for `amd64` and `arm64` using a cross-compiler. The resulting image has only one file -\n`/bin/bpftool`, it is a proper multi-platform image. The binary is dynamically linked to Ubuntu 20.04 glibc and other dependencies.\n\nThis image is uses a recent version of `bpftool` from `bpf-next` Linux kernel tree.\n\n### [`images/iproute2`](images/iproute2/Dockerfile)\n\nThis image builds `ip` and `tc` binaries for `amd64` and `arm64` using a cross-compiler. The resulting image has only two files -\n`/bin/ip` and `/bin/tc`, it is a proper multi-platform image. The binaries are dynamically linked to Ubuntu 20.04 glibc and other\ndependencies.\n\nThis image is uses [a fork of `iproute2`](https://github.com/cilium/iproute2), it has features that Cilium relies on.\n\n### [`images/llvm`](images/llvm/Dockerfile)\n\nThis image builds `llc` and `clang` binaries for `amd64` and `arm64` using a cross-compiler. The resulting image has only two\nfiles - `/bin/llc` and `/bin/clang`, it is a proper multi-platform image. The binaries are dynamically linked to Ubuntu 20.04 glibc\nand other dependencies.\n\nThis image is a custom BPF-only distribution of LLVM.\n\n### [`images/tester`](images/tester/Dockerfile)\n\nThis image contains a [simple Go program](images/tester/cst/main.go), which is a minimal version of [`container-structure-test`](https://github.com/GoogleContainerTools/container-structure-test).\nIt's adapted to run inside a container build context more easily then the original `container-structure-tests`.\n\nHere is how testing is accompilshed in the `llvm` image:\n- [`images/llvm/Dockerfile`](https://github.com/cilium/image-tools/blob/3686e2885e854242f8835d6edfc7413dd7c4c476/images/llvm/Dockerfile#L25-L27)\n- [`images/llvm/test/spec.yaml`](https://github.com/cilium/image-tools/blob/3686e2885e854242f8835d6edfc7413dd7c4c476/images/llvm/test/spec.yaml)\n\n## Usage\n\n### Making changes\n\nAll images get automatic tags based on checked-in contents of image subdirectory. At any point in git history of a subdirectory\nthere exists a unique [git tree object hash](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects), that is what's used for\nimage tags.\n\nAs the result of this, following stands:\n\n- image build definitions can be obtained with `git show \u003ctag\u003e`\n- image build is defined by contents of a directory\n- when changes are committed to image directory, new tag is generated\n    - if there is a new tag, image is rebuilt and pushed with that new tag\n\nThis does not cater for reproducible builds, however it serves as basis for reliable builds, especially when following rules\nare also applied to any build definitions:\n\n- all `FROM` statements use digests (use `scripts/get-image-digest.sh`)\n- any system packages are installed in a separate image that is references by a digests (that's how `images/compilers` is designed)\n    - pining system packages can be quite laborious, especially because most of the time what you want is latest that the distribution offers,\n      so what's much easier to let the package manager get the latest and then pin down the result by digest, so every time there is a change\n      in underlying system packages, that is explicitly recorded by change of digest in each image that uses the base image\n\nBe sure to use `make lint`, which will run [`shellcheck`](https://github.com/koalaman/shellcheck) and [`hadolint`](https://github.com/hadolint/hadolint).\n\nFor details of how this works, see the following:\n\n- [`Makefile`](Makefile)\n- [`scripts/build-image.sh`](`scripts/build-image.sh`)\n- [`scripts/make-image-tag.sh`](scripts/make-image-tag.sh).\n- [`images/maker`](images/maker/Dockerfile)\n- [`images/compilers`](images/compilers/Dockerfile)\n\n### Building Locally\n\nOne should be able to build images locally as long as they have Docker installed with [`buildx` plug-in](https://docs.docker.com/buildx/working-with-buildx/).\n\n### Updating `images/{maker,compilers}`\n\nWhen you have dependencies that need to be added to these image before using them in one of the other images, e.g. if you need to add a system\nlibrary in `compilers` image that will be used for compiling something else, you should make a PR to update `compilers` first.\nHowever, that's only required for full integration, and you can build images locally if you prefer, you can also push them to your own Docker Hub\naccount or whatever is your preferred registry.\n\nWhen changes to these images are merged into master, builds should run and push new images to each of the registries.\nOnce new images are out, a PR will be required to update all dependent images, please use the following commands to\nmake updates and commit the resulting changes:\n\n\u003e NOTE: You can only use the `update-*-image` make targets when you are _not building localy_. For example, if you have built a new `compilers`\n\u003e locally, or perahps even pushed it your Docker Hyb account, and you want to consume this new version to build new `llvm` image - you need to uptade\n\u003e `images/llvm/Dockerfile` manually, as the `scripts/update-*-images.sh` is not capable of handling this.\n\n- `make update-maker-image`\n- `make update-compilers-image`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ferrordeveloper%2Fcilium-image-tools-2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ferrordeveloper%2Fcilium-image-tools-2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ferrordeveloper%2Fcilium-image-tools-2/lists"}