From 5fcbf4d31e1c44966a46e0c806237bdeb8983d8e Mon Sep 17 00:00:00 2001 From: Vipin Sharma Date: Tue, 19 May 2026 12:09:02 -0700 Subject: [PATCH] PE-8711: switch internal Earthfile base from Alpine to Ubuntu MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Switch the file-level base and the targets that consumed $ALPINE_IMG (build-provider-images, install-k8s, download-sbctl, third-party) to use the existing +ubuntu target, which already handles the FIPS variant. Rename the BASE_ALPINE UDC to BASE_UBUNTU; its body (update-ca-certificates) is portable between distros. Add apt-get installs for packages the Alpine image had baked in: - build-provider-images: jq (used to read k8s_version.json) - download-sbctl: curl ca-certificates (used to fetch sbctl tarball) - third-party: upx-ucl (used by the UPX UDC) The +alpine / +alpine-all publish targets, earthly/dind:alpine, and golang:*-alpine remain unchanged — they are external/upstream and outside the scope of this switch. Validated with `earthly ls` (all 40 targets resolve). --- Earthfile | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/Earthfile b/Earthfile index be8ade00..d77e0042 100644 --- a/Earthfile +++ b/Earthfile @@ -7,13 +7,11 @@ ARG SPECTRO_PUB_REPO=us-docker.pkg.dev/palette-images ARG BUILDER_3RDPARTY_VERSION=4.8 ARG SPECTRO_THIRD_PARTY_IMAGE=us-docker.pkg.dev/palette-images/third-party/spectro-third-party:$BUILDER_3RDPARTY_VERSION ARG ALPINE_TAG=3.20 -ARG ALPINE_IMG=$SPECTRO_PUB_REPO/edge/canvos/alpine:$ALPINE_TAG -FROM $ALPINE_IMG +FROM +ubuntu ARG FIPS_ENABLED=false IF [ "$FIPS_ENABLED" = "true" ] && [ "$SPECTRO_PUB_REPO" = "us-docker.pkg.dev/palette-images" ] LET SPECTRO_PUB_REPO=us-docker.pkg.dev/palette-images-fips - LET ALPINE_IMG=$SPECTRO_PUB_REPO/edge/canvos/alpine:$ALPINE_TAG END ARG SPECTRO_LUET_REPO=us-docker.pkg.dev/palette-images/edge @@ -171,7 +169,8 @@ build-all-images: END build-provider-images: - FROM $ALPINE_IMG + FROM +ubuntu + RUN apt-get update && apt-get install -y --no-install-recommends jq && rm -rf /var/lib/apt/lists/* IF [ !-n "$K8S_DISTRIBUTION"] RUN echo "K8S_DISTRIBUTION is not set. Please set K8S_DISTRIBUTION to kubeadm, kubeadm-fips, k3s, nodeadm, rke2 or canonical." && exit 1 @@ -198,7 +197,7 @@ build-provider-images: build-provider-images-fips: BUILD +build-provider-images -BASE_ALPINE: +BASE_UBUNTU: COMMAND COPY --if-exists certs/ /etc/ssl/certs/ RUN update-ca-certificates @@ -248,8 +247,8 @@ kairos-agent: SAVE ARTIFACT /usr/bin/kairos-agent /kairos-agent install-k8s: - FROM --platform=linux/${ARCH} $ALPINE_IMG - DO +BASE_ALPINE + FROM --platform=linux/${ARCH} +ubuntu + DO +BASE_UBUNTU COPY (+third-party/luet --binary=luet) /usr/bin/luet IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] || [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] || [ "$K8S_DISTRIBUTION" = "nodeadm" ] || [ "$K8S_DISTRIBUTION" = "canonical" ] @@ -451,8 +450,9 @@ uki-genkey: END download-sbctl: - FROM $ALPINE_IMG - DO +BASE_ALPINE + FROM +ubuntu + DO +BASE_UBUNTU + RUN apt-get update && apt-get install -y --no-install-recommends curl ca-certificates && rm -rf /var/lib/apt/lists/* RUN curl -Ls https://github.com/Foxboron/sbctl/releases/download/0.13/sbctl-0.13-linux-amd64.tar.gz | tar -xvzf - && mv sbctl/sbctl /usr/bin/sbctl SAVE ARTIFACT /usr/bin/sbctl @@ -1267,7 +1267,8 @@ download-third-party: SAVE ARTIFACT /binaries/${binary}/latest/$BIN_TYPE/$TARGETARCH/${binary}.version ${binary}.version third-party: - FROM $ALPINE_IMG + FROM +ubuntu + RUN apt-get update && apt-get install -y --no-install-recommends upx-ucl && rm -rf /var/lib/apt/lists/* ARG binary WORKDIR /WORKDIR