Install tooling for dev workflows

[arkodg]

Raising this issue to help reach an engineering decision on what is the best way for this project to install/leverage tooling
for supporting various developer workflows such as generating license for files, using linters and more...

Sharing three ways this is done in most projects today -

1. Use a build container which comes pre-installed with all tooling needed for developer workflows.
   Istio and Envoy use this method today

Pros

• Easy to add/rm tools for the project
• No binary artifacts

Cons

• Some devs prefer running tools natively rather than in a container since they are slower
• Docker builder docker image artifact

2. Use an indirection of replacing the tool name with a local script that lives in hack/ . The script can do
   clever things like either call the tool binary directly, or call the docker image of the tool directly.
   This approach is used in Contour today

Pros

• Script allows for flexibility

Cons

• Hard for the dev (user) and well as code owners to keep track of exact logic

3. Install the tool binary into the local bin/ directly using a make target and use it
   This approach is used by Kubebuilder based projects
   Pros

• The projects installs all the tooling with the right version into the local bin directory
  making the project
• The tooling installation and the dev workflow logic (make targets) live close to each other
  Cons
• Binary artifacts

[arkodg]

having used all these different patterns in various projects over the last few years, prefer going with 3 which uses minimal tools to get the job done, is a clean coding pattern (that can live in its own Makefile if needed) and is fast.
used it to implement adding license headers to files here

[lianghao208]

In option 3, are there always efficient ways to install binary artifacts?

For example, yaml linter doesn't seem to provide a binary installation doc. On the contrary, a build container which doesn't require particular user environment(e.g pip, yum) is easier to run.

xref: https://yamllint.readthedocs.io/en/stable/quickstart.html#installing-yamllint

[arkodg]

@lianghao208 good catch, so looks like we could either find a way to download yamllint using popular
package managers - pip, brew, apt or just move the hack/ logic into the Makefile (checks if binary is present, if not runs a docker image)

[danehans]

I lean towards 2 due to my familiarity with the workflow. I don't find the make -> ./hack/foo.sh indirection that difficult to follow and it's a very common approach. 1 would be my 2nd option since it's used by Envoy and provides consistency between the two projects, but running in a container does slow dev down.

[lizan]

re 1: Docker builder docker image artifact is a non-issue when using buildx or ko

I'm leaning toward 1, but we can also do hybrid with 3. Those keeps dev workflows close to CI as well. If you setup devcontainer correctly with 1 it doesn't slow dev down.

[lianghao208]

I don't find the make -> ./hack/foo.sh indirection that difficult to follow and it's a very common approach.

+1, I lean towards 2 as well. Compare to 1, 2 is more flexible and easier for extension as mention.

move the hack/ logic into the Makefile

@arkodg IMO, considering it's difficult to reuse docker run logic in Makefile(different tool container images may require different docker run option, e.g. different --volume, --workdir), moving the installation logic into Makefile could increase the complexity and reduce the readability of Makefile.

[youngnick]

I think my preference is 2, 1, 3.

I put 2 first because I think that encapsulating logic for operational things into scripts is less cognitive load because you don't need to care about what they do exactly until you need to change it. The scripts also allow you to version-check the tools to ensure a consistent experience (although we haven't done a good job on this with Contour).

At the end of the day, most people are going to be using make something to do their local loop anyway. I'd prefer to keep the local targets as similar as possible to the CI ones, so we encourage people to do as much testing as possible locally, and not use CI until you need to.

[arkodg]

looks like 1 & 2 seem to be the most popular choices. 2 seems to clearly be the most flexible option, but it could be more time consuming for some edge cases (where the user needs to run a docker container for every tool)
lets start with 2 and we could eventually provide 1 to the user using a RUN_MAKE_IN_CONTAINER env

[arkodg]

Based on the learnings from #79

• Some tools are maintained as a binary and not as a docker image
• The project should make it easier for the dev to run all make targets locally without having to manually install the prerequisite tools

Im in favor of 1
cc @envoyproxy/gateway-maintainers