Extends builds.kpack.io with a new optional field spec.builder.ref (buildpacks-community#1857)

Extends builds.kpack.io with a new optional field spec.builder.ref. This allows build resources to reference resource and cluster builders directly. Few cosmetic cleanup. Added unit test for the new field validation and implementation

Signed-off-by: Rashed Kamal <rashed.kamal@broadcom.com>

Author: rashedkvm

api/openapi-spec/swagger.json

@@ -7187,6 +7187,10 @@
           "x-kubernetes-list-type": "",
           "x-kubernetes-patch-merge-key": "name",
           "x-kubernetes-patch-strategy": "merge"
+        },
+        "ref": {
+          "description": "Ref reference to an existing Builder/ClusterBuilder",
+          "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference"
         }
       }
     },

cmd/controller/main.go

@@ -169,6 +169,7 @@ func main() {
 		MaximumPlatformApiVersion: maxPlatformApi,
 		InjectedSidecarSupport:    featureFlags.InjectedSidecarSupport,
 		SSHTrustUnknownHost:       cfg.SshTrustUnknownHosts,
+		KpackClient:               client,
 	}
 
 	gitResolver := git.NewResolver(k8sClient, cfg.SshTrustUnknownHosts)

hack/local.sh

@@ -13,8 +13,9 @@ Builds and generates a deployment yaml for kpack. This only builds linux images.
 
 Prerequisites:
 - pack or ko installed
-- kubectl installed
+- kubectl installed (recommended)
 - docker login to your registry
+- kbld and kapp (https://carvel.dev/#install)
 
 OPTIONS
   --help                          -h  prints the command usage
@@ -102,7 +103,7 @@ function main() {
 
  if "${apply}"; then
   echo "Applying $output to cluster"
-  kubectl apply -f $output
+  kapp deploy -a kpack -f $output -y
  fi
 
 }

pkg/apis/build/v1alpha1/build_validation_test.go

@@ -80,7 +80,7 @@ func testBuildValidation(t *testing.T, when spec.G, it spec.S) {
 
 		it("missing builder name", func() {
 			build.Spec.Builder.Image = ""
-			assertValidationError(build, apis.ErrMissingField("image").ViaField("spec", "builder"))
+			assertValidationError(build, apis.ErrMissingField("image", "ref").ViaField("spec", "builder"))
 		})
 
 		it("invalid builder name", func() {
@@ -217,7 +217,7 @@ func testBuildValidation(t *testing.T, when spec.G, it spec.S) {
 			build.Spec.Builder.Image = ""
 			assertValidationError(build,
 				apis.ErrMissingField("tags").ViaField("spec").
-					Also(apis.ErrMissingField("image").ViaField("spec", "builder")))
+					Also(apis.ErrMissingField("image", "ref").ViaField("spec", "builder")))
 		})
 
 		it("validates spec is immutable", func() {

pkg/apis/build/v1alpha2/build_pod.go

@@ -104,11 +104,12 @@ type BuildContext struct {
 }
 
 type BuildPodBuilderConfig struct {
-	StackID      string
-	RunImage     string
-	Uid          int64
-	Gid          int64
-	PlatformAPIs []string
+	StackID       string
+	RunImage      string
+	Uid           int64
+	Gid           int64
+	PlatformAPIs  []string
+	ResolvedImage string
 }
 
 var (
@@ -240,7 +241,7 @@ func (b *Build) BuildPod(images BuildPodImages, buildContext BuildContext) (*cor
 
 	analyzeContainer := corev1.Container{
 		Name:      AnalyzeContainerName,
-		Image:     b.Spec.Builder.Image,
+		Image:     buildContext.BuildPodBuilderConfig.ResolvedImage,
 		Command:   []string{AnalyzeCommand},
 		Resources: b.Spec.Resources,
 		Args: args(
@@ -282,7 +283,7 @@ func (b *Build) BuildPod(images BuildPodImages, buildContext BuildContext) (*cor
 
 	detectContainer := corev1.Container{
 		Name:      DetectContainerName,
-		Image:     b.Spec.Builder.Image,
+		Image:     buildContext.BuildPodBuilderConfig.ResolvedImage,
 		Command:   []string{DetectCommand},
 		Resources: b.Spec.Resources,
 		Args: []string{
@@ -432,7 +433,7 @@ func (b *Build) BuildPod(images BuildPodImages, buildContext BuildContext) (*cor
 				step(
 					corev1.Container{
 						Name:            RestoreContainerName,
-						Image:           b.Spec.Builder.Image,
+						Image:           buildContext.BuildPodBuilderConfig.ResolvedImage,
 						Command:         []string{RestoreCommand},
 						Resources:       b.Spec.Resources,
 						SecurityContext: containerSecurityContext(),
@@ -456,7 +457,7 @@ func (b *Build) BuildPod(images BuildPodImages, buildContext BuildContext) (*cor
 				step(
 					corev1.Container{
 						Name:            BuildContainerName,
-						Image:           b.Spec.Builder.Image,
+						Image:           buildContext.BuildPodBuilderConfig.ResolvedImage,
 						Command:         []string{BuildCommand},
 						Resources:       b.Spec.Resources,
 						SecurityContext: containerSecurityContext(),
@@ -481,7 +482,7 @@ func (b *Build) BuildPod(images BuildPodImages, buildContext BuildContext) (*cor
 				step(
 					corev1.Container{
 						Name:            ExportContainerName,
-						Image:           b.Spec.Builder.Image,
+						Image:           buildContext.BuildPodBuilderConfig.ResolvedImage,
 						Command:         []string{ExportCommand},
 						Resources:       b.Spec.Resources,
 						SecurityContext: containerSecurityContext(),
@@ -919,7 +920,7 @@ func (b *Build) setupSecretVolumesAndArgs(secrets []corev1.Secret, filter func(s
 			annotatedUrl := secret.Annotations[BlobSecretAnnotationPrefix]
 			args = append(args, fmt.Sprintf("-blob=%s=%s", secret.Name, annotatedUrl))
 		default:
-			//ignoring secret
+			// ignoring secret
 			continue
 		}
 

pkg/apis/build/v1alpha2/build_pod_test.go

@@ -249,11 +249,12 @@ func testBuildPod(t *testing.T, when spec.G, it spec.S) {
 
 	buildContext := buildapi.BuildContext{
 		BuildPodBuilderConfig: buildapi.BuildPodBuilderConfig{
-			StackID:      "com.builder.stack.io",
-			RunImage:     "builderregistry.io/run",
-			Uid:          2000,
-			Gid:          3000,
-			PlatformAPIs: []string{"0.7", "0.8", "0.9"},
+			StackID:       "com.builder.stack.io",
+			RunImage:      "builderregistry.io/run",
+			Uid:           2000,
+			Gid:           3000,
+			PlatformAPIs:  []string{"0.7", "0.8", "0.9"},
+			ResolvedImage: builderImage,
 		},
 		Secrets:  secrets,
 		Bindings: serviceBindings,

pkg/apis/build/v1alpha2/build_validation_test.go

@@ -38,6 +38,27 @@ func testBuildValidation(t *testing.T, when spec.G, it spec.S) {
 			},
 		},
 	}
+	buildUsingRef := &Build{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "buildWithRef-name",
+		},
+		Spec: BuildSpec{
+			Tags: []string{"some/image"},
+			Builder: corev1alpha1.BuildBuilderSpec{
+				Ref: &corev1.ObjectReference{
+					Name: "default",
+					Kind: "ClusterBuilder",
+				},
+			},
+			ServiceAccountName: "some/service-account",
+			Source: corev1alpha1.SourceConfig{
+				Git: &corev1alpha1.Git{
+					URL:      "http://github.com/repo",
+					Revision: "master",
+				},
+			},
+		},
+	}
 	when("Default", func() {
 		it("does not modify already set fields", func() {
 			oldBuild := build.DeepCopy()
@@ -81,14 +102,32 @@ func testBuildValidation(t *testing.T, when spec.G, it spec.S) {
 
 		it("missing builder name", func() {
 			build.Spec.Builder.Image = ""
-			assertValidationError(build, context.TODO(), apis.ErrMissingField("image").ViaField("spec", "builder"))
+			assertValidationError(build, context.TODO(), apis.ErrMissingField("image", "ref").ViaField("spec", "builder"))
 		})
 
 		it("invalid builder name", func() {
 			build.Spec.Builder.Image = "foo.ioo/builder-but-not-a-builder@sha256:alksdifhjalsouidfh"
 			assertValidationError(build, context.TODO(), apis.ErrInvalidValue("foo.ioo/builder-but-not-a-builder@sha256:alksdifhjalsouidfh", "image").ViaField("spec", "builder"))
 		})
 
+		it("valid cluster builder by ref", func() {
+			assert.Nil(t, buildUsingRef.Validate(context.TODO()))
+		})
+
+		it("both image and builder by ref present", func() {
+			buildUsingRef.Spec.Builder.Image = "builder/bionic-builder@sha256:e431a4f94fb84854fd081da62762192f36fd093fdfb85ad3bc009b9309524e2d"
+			assertValidationError(buildUsingRef, context.TODO(), apis.ErrMultipleOneOf("image", "ref").ViaField("spec", "builder"))
+		})
+
+		it("validate namespaced builder by ref", func() {
+			buildUsingRef.Spec.Builder.Ref = &corev1.ObjectReference{
+				Kind:      "Builder",
+				Name:      "namespaced-builder",
+				Namespace: "default",
+			}
+			assert.Nil(t, buildUsingRef.Validate(context.TODO()))
+		})
+
 		it("multiple sources", func() {
 			build.Spec.Source.Git = &corev1alpha1.Git{
 				URL:      "http://github.com/repo",
@@ -331,7 +370,7 @@ func testBuildValidation(t *testing.T, when spec.G, it spec.S) {
 			build.Spec.Builder.Image = ""
 			assertValidationError(build, context.TODO(),
 				apis.ErrMissingField("tags").ViaField("spec").
-					Also(apis.ErrMissingField("image").ViaField("spec", "builder")))
+					Also(apis.ErrMissingField("image", "ref").ViaField("spec", "builder")))
 		})
 
 		it("validates spec is immutable", func() {

pkg/apis/build/v1alpha2/cluster_store_conversion_test.go

@@ -24,7 +24,7 @@ func testClusterStoreConversion(t *testing.T, when spec.G, it spec.S) {
 				Annotations: map[string]string{"some-key": "some-value"},
 			},
 			Spec: ClusterStoreSpec{
-				Sources: []corev1alpha1.ImageSource{{"some-image"}, {"another-image"}},
+				Sources: []corev1alpha1.ImageSource{{Image: "some-image"}, {Image: "another-image"}},
 				ServiceAccountRef: &corev1.ObjectReference{
 					Namespace: "some-namespace",
 					Name:      "some-service-account",
@@ -65,7 +65,7 @@ func testClusterStoreConversion(t *testing.T, when spec.G, it spec.S) {
 				},
 			},
 			Spec: v1alpha1.ClusterStoreSpec{
-				Sources: []corev1alpha1.ImageSource{{"some-image"}, {"another-image"}},
+				Sources: []corev1alpha1.ImageSource{{Image: "some-image"}, {Image: "another-image"}},
 			},
 			Status: v1alpha1.ClusterStoreStatus{
 				Status: corev1alpha1.Status{},

pkg/apis/core/v1alpha1/build_types.go

@@ -19,6 +19,9 @@ type BuildBuilderSpec struct {
 	// +patchStrategy=merge
 	// +listType
 	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,15,rep,name=imagePullSecrets"`
+
+	// Ref reference to an existing Builder/ClusterBuilder
+	Ref *corev1.ObjectReference `json:"ref,omitempty"`
 }
 
 // +k8s:openapi-gen=true

pkg/apis/core/v1alpha1/build_validation.go

@@ -5,13 +5,48 @@ import (
 	"fmt"
 	"regexp"
 
-	"knative.dev/pkg/apis"
-
+	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/pivotal/kpack/pkg/apis/validate"
+	corev1 "k8s.io/api/core/v1"
+	"knative.dev/pkg/apis"
 )
 
 func (bbs *BuildBuilderSpec) Validate(ctx context.Context) *apis.FieldError {
-	return validate.Image(bbs.Image)
+	return validateBuilderOrImagePresent(bbs).
+		Also(validateBuilderRefAndImageMutuallyExclusive(bbs)).
+		Also(validateBuilderRef(bbs.Ref).ViaField("ref")).
+		Also(validateImage(bbs.Image))
+}
+
+func validateImage(value string) *apis.FieldError {
+	if value != "" {
+		_, err := name.ParseReference(value, name.WeakValidation)
+		if err != nil {
+			return apis.ErrInvalidValue(value, "image")
+		}
+	}
+
+	return nil
+}
+
+func validateBuilderRef(ref *corev1.ObjectReference) *apis.FieldError {
+	if ref != nil {
+		return validate.FieldNotEmpty(ref.Name, "name").Also(validate.FieldNotEmpty(ref.Kind, "kind"))
+	}
+	return nil
+}
+
+func validateBuilderRefAndImageMutuallyExclusive(bbs *BuildBuilderSpec) *apis.FieldError {
+	if bbs.Image != "" && bbs.Ref != nil {
+		return apis.ErrMultipleOneOf("image", "ref")
+	}
+	return nil
+}
+func validateBuilderOrImagePresent(bbs *BuildBuilderSpec) *apis.FieldError {
+	if bbs.Image == "" && bbs.Ref == nil {
+		return apis.ErrMissingField("image", "ref")
+	}
+	return nil
 }
 
 func (bs CNBBindings) Validate(ctx context.Context) *apis.FieldError {