Container to wrap tooling and generate package

[castelblanque]

This PR wraps most of the tooling needed to generate the Carvel package into a container.

For whoever needs to publish a new Kubeapps Carvel package, it is not needed anymore to have locally:

• Carvel toolset
• Kind
• Helm
• Bitnami's Readme generator
• yq processor

Plus it will allow us to automate it, adding it in a CI/GitHub actions pipeline so that the only needed parameter to generate a package will be the desired version.

Only logic part left outside of the container is the actual Git committing and release generation in GitHub, because it needs user identification and authentication. This can be improved later and added into the container logic completely.

Resolves #11

[antgamdia]

Great improvements, thanks!

[antgamdia]

We better use a BAC image instead with no rolling tags for reproducibility, like FROM bitnami/node:16.16.0, no?

[antgamdia]

Suggested change

	RUN git clone --single-branch --no-tags https://github.com/bitnami-labs/readme-generator-for-helm readmenator
	RUN git clone --single-branch --depth 1 --no-tags https://github.com/bitnami-labs/readme-generator-for-helm readmenator

[antgamdia]

We may want to use the npm ci command instead to honor the package-lock.json ?

[castelblanque]

Oddly enough, it does not work for global packages. Will take a look in the future combining ci with the global modifier.

[antgamdia]

Does it install kapp-ctrl CLI as well?

[castelblanque]

These are the binaries installed:

• kctrl
• ytt
• imgpkg
• kbld
• kapp
• kwt
• vendir

[antgamdia]

What about relying on the helm binary directly instead of the OS packaging system? I mean, for having control of which version we are installing, like:

      wget https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz
      tar zxf helm-$HELM_VERSION-linux-amd64.tar.gz
      sudo mv linux-amd64/helm /usr/local/bin/

[castelblanque]

Agree, will add it.

[antgamdia]

also, for reproducibility, perhaps setting sticking to a version is useful, like:
(don't know which versions, though)

Suggested change

	RUN apt-get update && apt-get install --yes docker-ce docker-ce-cli containerd.io
	RUN apt-get update && apt-get install --yes docker-ce=x.y.z docker-ce-cli=x.y.z containerd.io=x.y.z

[antgamdia]

Idem with the version:

Suggested change

	RUN apt-get update && apt-get install --yes kubectl
	RUN apt-get update && apt-get install --yes kubectl=x.y.z

[antgamdia]

Why adding here a check whereas in other binaries we are not doing it?

[castelblanque]

Oops, development leftover. Will remove.

[antgamdia]

What the fw in TANZU_FW_VERSION stands for? Why not TANZU_CLI_VERSION? Not really important, though

[castelblanque]

It stands for "framework", which comes from the actual name of the project: tanzu-framework. I'll rename it to TANZU_FRAMEWORK_VERSION.

[antgamdia]

Should we be installing the GitHub CLI as well in the container?

[castelblanque]

I've added a comment about it in this PR's description. For the Git+GitHub operations we need valid credentials, which makes things more complex. I decided to have it mostly automated, except this part, that can be improved in a later PR.

[antgamdia]

Ah, ok... but can't we just run the container and pass through it some env vars with the credentials docker run ... -e XXXX=YYY ? Anyway, ok with the semi-automated way for now.

[castelblanque]

can't we just run the container and pass through it some env vars with the credentials

Exactly, that will be done in a later PR. I've added a comment in the issue and will leave it opened.

[antgamdia]

Should we also add the -s and -S flags to DCO and GPG-sign the commits and tags?

[castelblanque]

Agree, added issue #31 to do it in a separate PR.