Skip to content

feat: Tools multi-version selector helpers #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mallardduck merged 11 commits into from
Apr 30, 2026
Merged

feat: Tools multi-version selector helpers #31

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
cb2ecfe
Update helm to use v4 by default
mallardduck Apr 29, 2026
f68e82a
Add family selector support for CI tools
mallardduck Apr 29, 2026
22f2802
Add ci-select scripts for dynamic CI tool selection and helm version …
mallardduck Apr 29, 2026
a70c8cb
generate
mallardduck Apr 29, 2026
f8c13b7
fix script path
mallardduck Apr 29, 2026
e13e990
Simplify PATH setting
mallardduck Apr 29, 2026
d1879c6
Add tool-selector changelog support
mallardduck Apr 29, 2026
768ffd2
address copilot feedback
mallardduck Apr 30, 2026
6715828
Template dynamic `ci-select` and family selector scripts for modular …
mallardduck Apr 30, 2026
73631f9
make all bash vars uniform
mallardduck Apr 30, 2026
92d15ff
make generate
mallardduck Apr 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions deps.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ images:
- govulncheck
- oras
aliases:
helm_v3: helm
helm_v3: helmv3

- name: go1.26
description: "CI image with Go 1.26 toolchain"
Expand All @@ -25,7 +25,7 @@ images:
- govulncheck
- oras
aliases:
helm_v3: helm
helm_v3: helmv3

- name: python3.11
description: "CI image with Python 3.11 toolchain"
Expand Down Expand Up @@ -99,7 +99,8 @@ universal:
extract: "gh_{version|trimprefix:v}_{os}_{arch}/bin/gh"
checksum_template: "gh_{version|trimprefix:v}_checksums.txt"

- name: helm
- name: helmv3
family: helm
source: "https://get.helm.sh"
mode: static
version: v3.20.2
Expand All @@ -111,6 +112,8 @@ universal:
extract: "{os}-{arch}/helm"

- name: helmv4
family: helm
family_default: true
source: "https://get.helm.sh"
mode: static
version: v4.1.4
Expand Down
25 changes: 21 additions & 4 deletions dockerfiles/Dockerfile.charts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ ARG TARGETARCH
ENV ARCH=$TARGETARCH
ENV GH_TELEMETRY=false
ENV DO_NOT_TRACK=true
ENV PATH="/var/ci-tools/active:${PATH}"

RUN zypper -n refresh && \
zypper -n install \
Expand Down Expand Up @@ -65,14 +66,14 @@ RUN case "${ARCH}" in \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/gh" && \
rm -rf "${TMP_DIR}"

# helm v3.20.2
# helmv3 v3.20.2
RUN case "${ARCH}" in \
amd64) CHECKSUM="258e830a9e613c8a7a302d6059b4bb3b9758f2f3e1bb8ea0d707ce10a9a72fea" ;; \
arm64) CHECKSUM="5ea2d6bc2cda3f8edf985e028809f5a9278f404fb8ab24044de9b7cb9b79a691" ;; \
*) echo "Unsupported: ${ARCH}"; exit 1 ;; \
esac && \
export TMP_DIR=$(mktemp -d) && \
export TMP_FILE="${TMP_DIR}/helm.tar.gz" && \
export TMP_FILE="${TMP_DIR}/helmv3.tar.gz" && \
case "${ARCH}" in \
amd64) DOWNLOAD_URL="https://get.helm.sh/helm-v3.20.2-linux-amd64.tar.gz"; EXTRACT="linux-amd64/helm" ;; \
arm64) DOWNLOAD_URL="https://get.helm.sh/helm-v3.20.2-linux-arm64.tar.gz"; EXTRACT="linux-arm64/helm" ;; \
Expand All @@ -81,7 +82,7 @@ RUN case "${ARCH}" in \
printf "%s %s\n" "${CHECKSUM}" "${TMP_FILE}" > "${TMP_DIR}/checksum.sha256" && \
sha256sum -c "${TMP_DIR}/checksum.sha256" && \
tar xzf "${TMP_FILE}" -C "${TMP_DIR}" && \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/helm" && \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/helmv3" && \
rm -rf "${TMP_DIR}"

# helmv4 v4.1.4
Expand Down Expand Up @@ -213,9 +214,25 @@ RUN case "${ARCH}" in \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/oras" && \
rm -rf "${TMP_DIR}"

# Family selectors — copy scripts and set up manifest + active symlinks.
# /var/ci-tools/active is on PATH ahead of /usr/local/bin; runner can update
# the active symlink with: ci-select <family> <tool> or select-<family> <tool>
COPY dockerfiles/scripts/select-helm.sh /usr/local/bin/select-helm
COPY dockerfiles/scripts/ci-select.sh /usr/local/bin/ci-select
RUN chmod +x /usr/local/bin/select-helm && chmod +x /usr/local/bin/ci-select

# Create a new group with GID 121 and a new user with UID 1001, add the user
# to the group, create a home directory for the user.
RUN groupadd -g 121 runner && useradd -u 1001 -g 121 -m runner
# Also set up CI tool family infrastructure (requires runner group to exist).
RUN groupadd -g 121 runner && useradd -u 1001 -g 121 -m runner \
&& mkdir -p /var/ci-tools/active \
&& mkdir -p /usr/local/share/ci-tools/families/helm \
&& touch /usr/local/share/ci-tools/families/helm/helmv3 \
&& touch /usr/local/share/ci-tools/families/helm/helmv4 \
&& ln -sf helmv4 /usr/local/share/ci-tools/families/helm/default \
&& ln -sf /usr/local/bin/helmv4 /var/ci-tools/active/helm \
&& chown -R root:runner /var/ci-tools \
&& chmod 2775 /var/ci-tools/active

# We trust our base image and the repos that are pulled in workflows. Otherwise
# each workflow that uses our base images would have to add the step below.
Expand Down
27 changes: 22 additions & 5 deletions dockerfiles/Dockerfile.go1.25
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ ARG TARGETARCH
ENV ARCH=$TARGETARCH
ENV GH_TELEMETRY=false
ENV DO_NOT_TRACK=true
ENV PATH="/var/ci-tools/active:${PATH}"

RUN zypper -n refresh && \
zypper -n install \
Expand Down Expand Up @@ -64,14 +65,14 @@ RUN case "${ARCH}" in \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/gh" && \
rm -rf "${TMP_DIR}"

# helm v3.20.2
# helmv3 v3.20.2
RUN case "${ARCH}" in \
amd64) CHECKSUM="258e830a9e613c8a7a302d6059b4bb3b9758f2f3e1bb8ea0d707ce10a9a72fea" ;; \
arm64) CHECKSUM="5ea2d6bc2cda3f8edf985e028809f5a9278f404fb8ab24044de9b7cb9b79a691" ;; \
*) echo "Unsupported: ${ARCH}"; exit 1 ;; \
esac && \
export TMP_DIR=$(mktemp -d) && \
export TMP_FILE="${TMP_DIR}/helm.tar.gz" && \
export TMP_FILE="${TMP_DIR}/helmv3.tar.gz" && \
case "${ARCH}" in \
amd64) DOWNLOAD_URL="https://get.helm.sh/helm-v3.20.2-linux-amd64.tar.gz"; EXTRACT="linux-amd64/helm" ;; \
arm64) DOWNLOAD_URL="https://get.helm.sh/helm-v3.20.2-linux-arm64.tar.gz"; EXTRACT="linux-arm64/helm" ;; \
Expand All @@ -80,7 +81,7 @@ RUN case "${ARCH}" in \
printf "%s %s\n" "${CHECKSUM}" "${TMP_FILE}" > "${TMP_DIR}/checksum.sha256" && \
sha256sum -c "${TMP_DIR}/checksum.sha256" && \
tar xzf "${TMP_FILE}" -C "${TMP_DIR}" && \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/helm" && \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/helmv3" && \
rm -rf "${TMP_DIR}"

# helmv4 v4.1.4
Expand Down Expand Up @@ -181,15 +182,31 @@ RUN case "${ARCH}" in \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/oras" && \
rm -rf "${TMP_DIR}"

# Family selectors — copy scripts and set up manifest + active symlinks.
# /var/ci-tools/active is on PATH ahead of /usr/local/bin; runner can update
# the active symlink with: ci-select <family> <tool> or select-<family> <tool>
COPY dockerfiles/scripts/select-helm.sh /usr/local/bin/select-helm
COPY dockerfiles/scripts/ci-select.sh /usr/local/bin/ci-select
RUN chmod +x /usr/local/bin/select-helm && chmod +x /usr/local/bin/ci-select

# Aliases
RUN ln -sf /usr/local/bin/helm /usr/local/bin/helm_v3
RUN ln -sf /usr/local/bin/helmv3 /usr/local/bin/helm_v3

# Cleanup Go caches
RUN go clean -cache -modcache

# Create a new group with GID 121 and a new user with UID 1001, add the user
# to the group, create a home directory for the user.
RUN groupadd -g 121 runner && useradd -u 1001 -g 121 -m runner
# Also set up CI tool family infrastructure (requires runner group to exist).
RUN groupadd -g 121 runner && useradd -u 1001 -g 121 -m runner \
&& mkdir -p /var/ci-tools/active \
&& mkdir -p /usr/local/share/ci-tools/families/helm \
&& touch /usr/local/share/ci-tools/families/helm/helmv3 \
&& touch /usr/local/share/ci-tools/families/helm/helmv4 \
&& ln -sf helmv4 /usr/local/share/ci-tools/families/helm/default \
&& ln -sf /usr/local/bin/helmv4 /var/ci-tools/active/helm \
&& chown -R root:runner /var/ci-tools \
&& chmod 2775 /var/ci-tools/active

# We trust our base image and the repos that are pulled in workflows. Otherwise
# each workflow that uses our base images would have to add the step below.
Expand Down
27 changes: 22 additions & 5 deletions dockerfiles/Dockerfile.go1.26
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ ARG TARGETARCH
ENV ARCH=$TARGETARCH
ENV GH_TELEMETRY=false
ENV DO_NOT_TRACK=true
ENV PATH="/var/ci-tools/active:${PATH}"

RUN zypper -n refresh && \
zypper -n install \
Expand Down Expand Up @@ -64,14 +65,14 @@ RUN case "${ARCH}" in \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/gh" && \
rm -rf "${TMP_DIR}"

# helm v3.20.2
# helmv3 v3.20.2
RUN case "${ARCH}" in \
amd64) CHECKSUM="258e830a9e613c8a7a302d6059b4bb3b9758f2f3e1bb8ea0d707ce10a9a72fea" ;; \
arm64) CHECKSUM="5ea2d6bc2cda3f8edf985e028809f5a9278f404fb8ab24044de9b7cb9b79a691" ;; \
*) echo "Unsupported: ${ARCH}"; exit 1 ;; \
esac && \
export TMP_DIR=$(mktemp -d) && \
export TMP_FILE="${TMP_DIR}/helm.tar.gz" && \
export TMP_FILE="${TMP_DIR}/helmv3.tar.gz" && \
case "${ARCH}" in \
amd64) DOWNLOAD_URL="https://get.helm.sh/helm-v3.20.2-linux-amd64.tar.gz"; EXTRACT="linux-amd64/helm" ;; \
arm64) DOWNLOAD_URL="https://get.helm.sh/helm-v3.20.2-linux-arm64.tar.gz"; EXTRACT="linux-arm64/helm" ;; \
Expand All @@ -80,7 +81,7 @@ RUN case "${ARCH}" in \
printf "%s %s\n" "${CHECKSUM}" "${TMP_FILE}" > "${TMP_DIR}/checksum.sha256" && \
sha256sum -c "${TMP_DIR}/checksum.sha256" && \
tar xzf "${TMP_FILE}" -C "${TMP_DIR}" && \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/helm" && \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/helmv3" && \
rm -rf "${TMP_DIR}"

# helmv4 v4.1.4
Expand Down Expand Up @@ -181,15 +182,31 @@ RUN case "${ARCH}" in \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/oras" && \
rm -rf "${TMP_DIR}"

# Family selectors — copy scripts and set up manifest + active symlinks.
# /var/ci-tools/active is on PATH ahead of /usr/local/bin; runner can update
# the active symlink with: ci-select <family> <tool> or select-<family> <tool>
COPY dockerfiles/scripts/select-helm.sh /usr/local/bin/select-helm
COPY dockerfiles/scripts/ci-select.sh /usr/local/bin/ci-select
RUN chmod +x /usr/local/bin/select-helm && chmod +x /usr/local/bin/ci-select

# Aliases
RUN ln -sf /usr/local/bin/helm /usr/local/bin/helm_v3
RUN ln -sf /usr/local/bin/helmv3 /usr/local/bin/helm_v3

# Cleanup Go caches
RUN go clean -cache -modcache

# Create a new group with GID 121 and a new user with UID 1001, add the user
# to the group, create a home directory for the user.
RUN groupadd -g 121 runner && useradd -u 1001 -g 121 -m runner
# Also set up CI tool family infrastructure (requires runner group to exist).
RUN groupadd -g 121 runner && useradd -u 1001 -g 121 -m runner \
&& mkdir -p /var/ci-tools/active \
&& mkdir -p /usr/local/share/ci-tools/families/helm \
&& touch /usr/local/share/ci-tools/families/helm/helmv3 \
&& touch /usr/local/share/ci-tools/families/helm/helmv4 \
&& ln -sf helmv4 /usr/local/share/ci-tools/families/helm/default \
&& ln -sf /usr/local/bin/helmv4 /var/ci-tools/active/helm \
&& chown -R root:runner /var/ci-tools \
&& chmod 2775 /var/ci-tools/active

# We trust our base image and the repos that are pulled in workflows. Otherwise
# each workflow that uses our base images would have to add the step below.
Expand Down
25 changes: 21 additions & 4 deletions dockerfiles/Dockerfile.node22
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ ARG TARGETARCH
ENV ARCH=$TARGETARCH
ENV GH_TELEMETRY=false
ENV DO_NOT_TRACK=true
ENV PATH="/var/ci-tools/active:${PATH}"

RUN zypper -n refresh && \
zypper -n install \
Expand Down Expand Up @@ -62,14 +63,14 @@ RUN case "${ARCH}" in \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/gh" && \
rm -rf "${TMP_DIR}"

# helm v3.20.2
# helmv3 v3.20.2
RUN case "${ARCH}" in \
amd64) CHECKSUM="258e830a9e613c8a7a302d6059b4bb3b9758f2f3e1bb8ea0d707ce10a9a72fea" ;; \
arm64) CHECKSUM="5ea2d6bc2cda3f8edf985e028809f5a9278f404fb8ab24044de9b7cb9b79a691" ;; \
*) echo "Unsupported: ${ARCH}"; exit 1 ;; \
esac && \
export TMP_DIR=$(mktemp -d) && \
export TMP_FILE="${TMP_DIR}/helm.tar.gz" && \
export TMP_FILE="${TMP_DIR}/helmv3.tar.gz" && \
case "${ARCH}" in \
amd64) DOWNLOAD_URL="https://get.helm.sh/helm-v3.20.2-linux-amd64.tar.gz"; EXTRACT="linux-amd64/helm" ;; \
arm64) DOWNLOAD_URL="https://get.helm.sh/helm-v3.20.2-linux-arm64.tar.gz"; EXTRACT="linux-arm64/helm" ;; \
Expand All @@ -78,7 +79,7 @@ RUN case "${ARCH}" in \
printf "%s %s\n" "${CHECKSUM}" "${TMP_FILE}" > "${TMP_DIR}/checksum.sha256" && \
sha256sum -c "${TMP_DIR}/checksum.sha256" && \
tar xzf "${TMP_FILE}" -C "${TMP_DIR}" && \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/helm" && \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/helmv3" && \
rm -rf "${TMP_DIR}"

# helmv4 v4.1.4
Expand Down Expand Up @@ -119,9 +120,25 @@ RUN case "${ARCH}" in \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/slsactl" && \
rm -rf "${TMP_DIR}"

# Family selectors — copy scripts and set up manifest + active symlinks.
# /var/ci-tools/active is on PATH ahead of /usr/local/bin; runner can update
# the active symlink with: ci-select <family> <tool> or select-<family> <tool>
COPY dockerfiles/scripts/select-helm.sh /usr/local/bin/select-helm
COPY dockerfiles/scripts/ci-select.sh /usr/local/bin/ci-select
RUN chmod +x /usr/local/bin/select-helm && chmod +x /usr/local/bin/ci-select

# Create a new group with GID 121 and a new user with UID 1001, add the user
# to the group, create a home directory for the user.
RUN groupadd -g 121 runner && useradd -u 1001 -g 121 -m runner
# Also set up CI tool family infrastructure (requires runner group to exist).
RUN groupadd -g 121 runner && useradd -u 1001 -g 121 -m runner \
&& mkdir -p /var/ci-tools/active \
&& mkdir -p /usr/local/share/ci-tools/families/helm \
&& touch /usr/local/share/ci-tools/families/helm/helmv3 \
&& touch /usr/local/share/ci-tools/families/helm/helmv4 \
&& ln -sf helmv4 /usr/local/share/ci-tools/families/helm/default \
&& ln -sf /usr/local/bin/helmv4 /var/ci-tools/active/helm \
&& chown -R root:runner /var/ci-tools \
&& chmod 2775 /var/ci-tools/active

# We trust our base image and the repos that are pulled in workflows. Otherwise
# each workflow that uses our base images would have to add the step below.
Expand Down
25 changes: 21 additions & 4 deletions dockerfiles/Dockerfile.node24
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ ARG TARGETARCH
ENV ARCH=$TARGETARCH
ENV GH_TELEMETRY=false
ENV DO_NOT_TRACK=true
ENV PATH="/var/ci-tools/active:${PATH}"

RUN zypper -n refresh && \
zypper -n install \
Expand Down Expand Up @@ -62,14 +63,14 @@ RUN case "${ARCH}" in \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/gh" && \
rm -rf "${TMP_DIR}"

# helm v3.20.2
# helmv3 v3.20.2
RUN case "${ARCH}" in \
amd64) CHECKSUM="258e830a9e613c8a7a302d6059b4bb3b9758f2f3e1bb8ea0d707ce10a9a72fea" ;; \
arm64) CHECKSUM="5ea2d6bc2cda3f8edf985e028809f5a9278f404fb8ab24044de9b7cb9b79a691" ;; \
*) echo "Unsupported: ${ARCH}"; exit 1 ;; \
esac && \
export TMP_DIR=$(mktemp -d) && \
export TMP_FILE="${TMP_DIR}/helm.tar.gz" && \
export TMP_FILE="${TMP_DIR}/helmv3.tar.gz" && \
case "${ARCH}" in \
amd64) DOWNLOAD_URL="https://get.helm.sh/helm-v3.20.2-linux-amd64.tar.gz"; EXTRACT="linux-amd64/helm" ;; \
arm64) DOWNLOAD_URL="https://get.helm.sh/helm-v3.20.2-linux-arm64.tar.gz"; EXTRACT="linux-arm64/helm" ;; \
Expand All @@ -78,7 +79,7 @@ RUN case "${ARCH}" in \
printf "%s %s\n" "${CHECKSUM}" "${TMP_FILE}" > "${TMP_DIR}/checksum.sha256" && \
sha256sum -c "${TMP_DIR}/checksum.sha256" && \
tar xzf "${TMP_FILE}" -C "${TMP_DIR}" && \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/helm" && \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/helmv3" && \
rm -rf "${TMP_DIR}"

# helmv4 v4.1.4
Expand Down Expand Up @@ -119,9 +120,25 @@ RUN case "${ARCH}" in \
install "${TMP_DIR}/${EXTRACT}" "/usr/local/bin/slsactl" && \
rm -rf "${TMP_DIR}"

# Family selectors — copy scripts and set up manifest + active symlinks.
# /var/ci-tools/active is on PATH ahead of /usr/local/bin; runner can update
# the active symlink with: ci-select <family> <tool> or select-<family> <tool>
COPY dockerfiles/scripts/select-helm.sh /usr/local/bin/select-helm
COPY dockerfiles/scripts/ci-select.sh /usr/local/bin/ci-select
RUN chmod +x /usr/local/bin/select-helm && chmod +x /usr/local/bin/ci-select

# Create a new group with GID 121 and a new user with UID 1001, add the user
# to the group, create a home directory for the user.
RUN groupadd -g 121 runner && useradd -u 1001 -g 121 -m runner
# Also set up CI tool family infrastructure (requires runner group to exist).
RUN groupadd -g 121 runner && useradd -u 1001 -g 121 -m runner \
&& mkdir -p /var/ci-tools/active \
&& mkdir -p /usr/local/share/ci-tools/families/helm \
&& touch /usr/local/share/ci-tools/families/helm/helmv3 \
&& touch /usr/local/share/ci-tools/families/helm/helmv4 \
&& ln -sf helmv4 /usr/local/share/ci-tools/families/helm/default \
&& ln -sf /usr/local/bin/helmv4 /var/ci-tools/active/helm \
&& chown -R root:runner /var/ci-tools \
&& chmod 2775 /var/ci-tools/active

# We trust our base image and the repos that are pulled in workflows. Otherwise
# each workflow that uses our base images would have to add the step below.
Expand Down
Loading