Switch to distroless

[upodroid]

A long-term optimization for the image-promoter is to switch the image to distroless. That means that everything has to be implemented in Go but we are making various os.exec calls in the code.

REDACTED  MCW0CDP3YY  ~  Desktop  Git  promo-tools   switch-to-distroless  1✎  1+  $   grep -r -e exec.Command -e gsutil -e gcloud . | grep -v e2e
./cmd/count-requests/main.go:   cmd = exec.Command("mktemp", "-d")
./cmd/count-requests/main.go:   cmd = exec.Command("git", "clone", "https://github.com/kubernetes/k8s.io.git", tmpDir)
./cmd/count-requests/main.go:   cmd = exec.Command("ls", subProjects)
./cmd/count-requests/main.go:   cmd = exec.Command("rm", "-r", tmpDir)
./cmd/kpromo/cmd/cip/cip.go:            "pass '--account=...' to all gcloud calls",
./cmd/kpromo/cmd/run/files.go:          "allow service account usage with gcloud calls",
./internal/legacy/gcloud/token.go:package gcloud
./internal/legacy/gcloud/token.go:// GetServiceAccountToken calls gcloud to get an access token for the specified
./internal/legacy/gcloud/token.go:      cmd := command.New("gcloud", args...)
./internal/legacy/gcloud/token.go:// ActivateServiceAccount activates the service account with gcloud.
./internal/legacy/gcloud/token.go:              "gcloud",
./internal/legacy/stream/subprocess.go: cmd := exec.Command(invocation[0], invocation[1:]...)
./internal/legacy/audit/types.go:       // for "gcloud logging logs list".
./internal/legacy/dockerregistry/inventory_test.go:             "gcloud",
./internal/legacy/dockerregistry/inventory_test.go:             "gcloud",
./internal/legacy/dockerregistry/inventory_test.go:             "gcloud",
./internal/legacy/dockerregistry/inventory_test.go:             "gcloud",
./internal/legacy/dockerregistry/types.go:      "sigs.k8s.io/promo-tools/v3/internal/legacy/gcloud"
./internal/legacy/dockerregistry/types.go:// (e.g., a "gcloud" command, or perhaps in the future, a REST call).
./internal/legacy/dockerregistry/types.go:      Tokens            map[RootRepo]gcloud.Token
./internal/legacy/dockerregistry/types.go:// generates the set of "gcloud ..." commands used to manipulate Docker
./internal/legacy/dockerregistry/registry/registry.go:                          out, err := exec.Command("curl", imgEndpoint).Output()
./internal/legacy/dockerregistry/registry/registry.go:                          out, err := exec.Command("curl", imgEndpoint).Output()
./internal/legacy/dockerregistry/registry/context.go:   "sigs.k8s.io/promo-tools/v3/internal/legacy/gcloud"
./internal/legacy/dockerregistry/registry/context.go:   Token          gcloud.Token   `yaml:"-"`
./internal/legacy/dockerregistry/inventory.go:  "sigs.k8s.io/promo-tools/v3/internal/legacy/gcloud"
./internal/legacy/dockerregistry/inventory.go:          Tokens:            make(map[RootRepo]gcloud.Token),
./internal/legacy/dockerregistry/inventory.go:          token, err := gcloud.GetServiceAccountToken(rc.ServiceAccount, sc.UseServiceAccount)
./internal/legacy/dockerregistry/inventory.go:                          // overwriting), do not bother shelling out to gcloud. Instead just
./internal/legacy/dockerregistry/inventory.go:// GetWriteCmd generates a gcloud command that is used to make modifications to
./internal/legacy/dockerregistry/inventory.go:                  "gcloud",
./internal/legacy/dockerregistry/inventory.go:  return gcloud.MaybeUseServiceAccount(
./internal/legacy/dockerregistry/inventory.go:          "gcloud",
./internal/legacy/dockerregistry/inventory.go:  return gcloud.MaybeUseServiceAccount(
./internal/promoter/image/sign.go:      "sigs.k8s.io/promo-tools/v3/internal/legacy/gcloud"
./internal/promoter/image/sign.go:              token     gcloud.Token
./internal/promoter/image/sign.go:                      token     gcloud.Token
./internal/promoter/image/impl.go:      "sigs.k8s.io/promo-tools/v3/internal/legacy/gcloud"
./internal/promoter/image/impl.go:      if err := gcloud.ActivateServiceAccounts(opts.KeyFiles); err != nil {
./docs/github-promotion.md:This subcommand directly depends on `gcloud` and `gsutil` to be installed on
./docs/file-promotion.md:      --use-service-account     allow service account usage with gcloud calls
Binary file ./.git/objects/pack/pack-4d13f9e7c1f81fe8a82f984fcf8c36bf168faf5c.pack matches
Binary file ./.git/index matches
./promoter/file/token.go:       "sigs.k8s.io/promo-tools/v3/internal/legacy/gcloud"
./promoter/file/token.go:// gcloudTokenSource implements oauth2.TokenSource.
./promoter/file/token.go:type gcloudTokenSource struct {
./promoter/file/token.go:func (s *gcloudTokenSource) Token() (*oauth2.Token, error) {
./promoter/file/token.go:       token, err := gcloud.GetServiceAccountToken(s.ServiceAccount, true)
./promoter/file/filestore.go:           ts := &gcloudTokenSource{ServiceAccount: filestore.ServiceAccount}

/area release-eng /kind feature

[saschagrunert]

Hm yeah, that is a long term goal for our libraries.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to [this](https://github.com/kubernetes-sigs/promo-tools/issues/658#issuecomment-1484240683): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue with `/reopen` >- Mark this issue as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close not-planned > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[upodroid]

/reopen /remove-lifecycle stale /priority important-longterm

[k8s-ci-robot]

@upodroid: Reopened this issue.

In response to [this](https://github.com/kubernetes-sigs/promo-tools/issues/658#issuecomment-1484248799): >/reopen >/remove-lifecycle stale >/priority important-longterm Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[BenTheElder]

/remove-lifecyle rotten