Skip to content

Commit

Permalink
move builder step of Makefile to compile step of build.yaml
Browse files Browse the repository at this point in the history
Signed-off-by: jtcheng <[email protected]>
  • Loading branch information
jtcheng committed Apr 14, 2024
1 parent 1474dce commit 03c9f44
Show file tree
Hide file tree
Showing 3 changed files with 82 additions and 42 deletions.
66 changes: 49 additions & 17 deletions .build/build2.yaml → .build/build.v2.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,7 @@ spec:
#########
- name: compile-amd64
timeout: 2.5h
retries: 3
taskRef:
kind: Task
name: docker-in-docker
Expand All @@ -144,13 +145,33 @@ spec:
IMAGENAMESPACE=build-harbor.alauda.cn/devops
REGISTRY_SRC_TAG=v2.8.0
# compile harbor
BUILDPATH="$(workspaces.source.path)" make compile
# compile registry
cd ./make/photon/registry && ./builder ${REGISTRY_SRC_TAG}
cd ${BUILDPATH}/make/photon/registry && ./builder ${REGISTRY_SRC_TAG} && cd -
# compile trivy
TRIVYADAPTERVERSION=v0.30.7
mkdir -p ${BUILDPATH}/make/photon/trivy-adapter/binary
cd ${BUILDPATH}/make/photon/trivy-adapter && ./builder.sh ${TRIVYADAPTERVERSION} && cd -
# compile chartserver
GOBUILDIMAGE=golang:1.19.4
CHART_SERVER_CODE_BASE=https://github.com/alauda/chartmuseum.git
CHARTMUSEUM_SRC_TAG=v0.14.1
CHART_SERVER_MAIN_PATH=cmd/chartmuseum
CHART_SERVER_BIN_NAME=chartm
cd ${BUILDPATH}/make/photon/chartserver && ./builder ${GOBUILDIMAGE} ${CHART_SERVER_CODE_BASE} ${CHARTMUSEUM_SRC_TAG} ${CHART_SERVER_MAIN_PATH} ${CHART_SERVER_BIN_NAME} && cd -
# compile notary
NOTARYVERSION=v0.6.1
NOTARYMIGRATEVERSION=v4.11.0
cd ${BUILDPATH}/make/photon/notary && ./builder ${NOTARYVERSION} ${NOTARYMIGRATEVERSION} && cd -
- name: compile-arm64
timeout: 2.5h
retries: 3
taskRef:
kind: Task
name: docker-in-docker
Expand All @@ -169,10 +190,29 @@ spec:
IMAGENAMESPACE=build-harbor.alauda.cn/devops
REGISTRY_SRC_TAG=v2.8.0
# compile harbor
BUILDPATH="$(workspaces.source.path)" make compile
# compile registry
cd ./make/photon/registry && ./builder ${REGISTRY_SRC_TAG}
cd ${BUILDPATH}/make/photon/registry && ./builder ${REGISTRY_SRC_TAG} && cd -
# compile trivy
TRIVYADAPTERVERSION=v0.30.7
mkdir -p ${BUILDPATH}/make/photon/trivy-adapter/binary
cd ${BUILDPATH}/make/photon/trivy-adapter && ./builder.sh ${TRIVYADAPTERVERSION} && cd -
# compile chartserver
GOBUILDIMAGE=golang:1.19.4
CHART_SERVER_CODE_BASE=https://github.com/alauda/chartmuseum.git
CHARTMUSEUM_SRC_TAG=v0.14.1
CHART_SERVER_MAIN_PATH=cmd/chartmuseum
CHART_SERVER_BIN_NAME=chartm
cd ${BUILDPATH}/make/photon/chartserver && ./builder ${GOBUILDIMAGE} ${CHART_SERVER_CODE_BASE} ${CHARTMUSEUM_SRC_TAG} ${CHART_SERVER_MAIN_PATH} ${CHART_SERVER_BIN_NAME} && cd -
# compile notary
NOTARYVERSION=v0.6.1
NOTARYMIGRATEVERSION=v4.11.0
cd ${BUILDPATH}/make/photon/notary && ./builder ${NOTARYVERSION} ${NOTARYMIGRATEVERSION} && cd -
##########
# build-image amd64 and arm64
Expand Down Expand Up @@ -207,7 +247,7 @@ spec:
params:
- name: pre-command
value: |
set -x
set -ex
# some build target need wget
apt-get update && apt-get install -y wget
Expand All @@ -216,17 +256,13 @@ spec:
export BASEIMAGETAG=2.6.4-$(build.git.lastCommit.shortID)-amd64
export BASEIMAGENAMESPACE=build-harbor.alauda.cn/devops
export PUSHBASEIMAGE=false
export SKIP_BUILDBIN=true
export DOCKERBUILD="docker buildx build --platform=linux/amd64 --builder builder --push --metadata-file .build-metadata.txt --iidfile $(results.container-image-digest.path)"
- name: post-command
value: |
echo "==== build metadata"
cat .build-metadata.txt
echo "==== build metadata"
cat .build-metadata.txt | jq -r '."containerimage.buildinfo".sources[0].ref' > $(results.ociContainerImageBuild-url.path)
cat $(results.ociContainerImageBuild-url.path)
cat $(results.container-image-digest.path)
- name: build-image-arm64
timeout: 2.5h
retries: 3
Expand Down Expand Up @@ -257,7 +293,7 @@ spec:
params:
- name: pre-command
value: |
set -x
set -ex
# some build target need wget
apt-get update && apt-get install -y wget
Expand All @@ -266,17 +302,13 @@ spec:
export BASEIMAGETAG=2.6.4-$(build.git.lastCommit.shortID)-arm64
export BASEIMAGENAMESPACE=build-harbor.alauda.cn/devops
export PUSHBASEIMAGE=false
export SKIP_BUILDBIN=true
export DOCKERBUILD="docker buildx build --platform=linux/arm64 --builder builder --push --metadata-file .build-metadata.txt --iidfile $(results.container-image-digest.path)"
- name: post-command
value: |
echo "==== build metadata"
cat .build-metadata.txt
echo "==== build metadata"
cat .build-metadata.txt | jq -r '."containerimage.buildinfo".sources[0].ref' > $(results.ociContainerImageBuild-url.path)
cat $(results.ociContainerImageBuild-url.path)
cat $(results.container-image-digest.path)
##########
# merge
Expand Down Expand Up @@ -330,4 +362,4 @@ spec:
- build-harbor.alauda.cn/devops/goharbor-trivy-adapter-photon:2.6.4-$(build.git.lastCommit.shortID)-amd64
- build-harbor.alauda.cn/devops/goharbor-trivy-adapter-photon:2.6.4-$(build.git.lastCommit.shortID)-arm64
- build-harbor.alauda.cn/devops/goharbor-harbor-exporter:2.6.4-$(build.git.lastCommit.shortID)-amd64
- build-harbor.alauda.cn/devops/goharbor-harbor-exporter:2.6.4-$(build.git.lastCommit.shortID)-arm64
- build-harbor.alauda.cn/devops/goharbor-harbor-exporter:2.6.4-$(build.git.lastCommit.shortID)-arm64
56 changes: 32 additions & 24 deletions make/photon/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -165,15 +165,17 @@ _build_log:
_build_trivy_adapter:
@if [ "$(TRIVYFLAG)" = "true" ] ; then \
$(call _build_base,$(TRIVY_ADAPTER),$(DOCKERFILEPATH_TRIVY_ADAPTER)) ; \
rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary ; \
mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary ; \
echo "Downloading Trivy scanner $(TRIVYVERSION)..." ; \
$(call _extract_archive, $(TRIVY_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \
if [ "$(BUILDBIN)" != "true" ] ; then \
echo "Downloading Trivy adapter $(TRIVYADAPTERVERSION)..." ; \
$(call _extract_archive, $(TRIVY_ADAPTER_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \
else \
echo "Building Trivy adapter $(TRIVYADAPTERVERSION) from sources..." ; \
cd $(DOCKERFILEPATH_TRIVY_ADAPTER) && $(DOCKERFILEPATH_TRIVY_ADAPTER)/builder.sh $(TRIVYADAPTERVERSION) && cd - ; \
if [ ! "$(SKIP_BUILDBIN)" ] ; then \
if [ "$(BUILDBIN)" != "true" ] ; then \
echo "Downloading Trivy adapter $(TRIVYADAPTERVERSION)..." ; \
$(call _extract_archive, $(TRIVY_ADAPTER_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \
else \
echo "Building Trivy adapter $(TRIVYADAPTERVERSION) from sources..." ; \
cd $(DOCKERFILEPATH_TRIVY_ADAPTER) && $(DOCKERFILEPATH_TRIVY_ADAPTER)/builder.sh $(TRIVYADAPTERVERSION) && cd - ; \
fi ; \
fi ; \
echo "Building Trivy adapter container for photon..." ; \
$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) \
Expand All @@ -187,12 +189,14 @@ _build_trivy_adapter:

_build_chart_server:
@if [ "$(CHARTFLAG)" = "true" ] ; then \
$(call _build_base,$(CHARTSERVER),$(DOCKERFILEPATH_CHART_SERVER)); \
if [ "$(BUILDBIN)" != "true" ] ; then \
rm -rf $(DOCKERFILEPATH_CHART_SERVER)/binary && mkdir -p $(DOCKERFILEPATH_CHART_SERVER)/binary && \
$(call _get_binary, $(CHARTURL), $(DOCKERFILEPATH_CHART_SERVER)/binary/chartm); \
else \
cd $(DOCKERFILEPATH_CHART_SERVER) && $(DOCKERFILEPATH_CHART_SERVER)/builder $(GOBUILDIMAGE) $(CHART_SERVER_CODE_BASE) $(CHARTMUSEUM_SRC_TAG) $(CHART_SERVER_MAIN_PATH) $(CHART_SERVER_BIN_NAME) && cd - ; \
$(call _build_base,$(CHARTSERVER),$(DOCKERFILEPATH_CHART_SERVER)); \
if [ ! "$(SKIP_BUILDBIN)" ] ; then \
if [ "$(BUILDBIN)" != "true" ] ; then \
rm -rf $(DOCKERFILEPATH_CHART_SERVER)/binary && mkdir -p $(DOCKERFILEPATH_CHART_SERVER)/binary && \
$(call _get_binary, $(CHARTURL), $(DOCKERFILEPATH_CHART_SERVER)/binary/chartm); \
else \
cd $(DOCKERFILEPATH_CHART_SERVER) && $(DOCKERFILEPATH_CHART_SERVER)/builder $(GOBUILDIMAGE) $(CHART_SERVER_CODE_BASE) $(CHARTMUSEUM_SRC_TAG) $(CHART_SERVER_MAIN_PATH) $(CHART_SERVER_BIN_NAME) && cd - ; \
fi ; \
fi ; \
echo "building chartmuseum container for photon..." ; \
$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_CHART_SERVER)/$(DOCKERFILENAME_CHART_SERVER) -t $(DOCKERIMAGENAME_CHART_SERVER):$(VERSIONTAG) . ; \
Expand All @@ -210,12 +214,14 @@ _build_notary:
@if [ "$(NOTARYFLAG)" = "true" ] ; then \
$(call _build_base,$(NOTARYSERVER),$(DOCKERFILEPATH_NOTARYSERVER)) ; \
$(call _build_base,$(NOTARYSIGNER),$(DOCKERFILEPATH_NOTARYSIGNER)) ; \
if [ "$(BUILDBIN)" != "true" ] ; then \
rm -rf $(DOCKERFILEPATH_NOTARY)/binary && mkdir -p $(DOCKERFILEPATH_NOTARY)/binary && \
$(call _get_binary, $(NOTARYURL), $(DOCKERFILEPATH_NOTARY)/binary-bundle.tgz); \
cd $(DOCKERFILEPATH_NOTARY) && tar -zvxf binary-bundle.tgz && cd - ; \
else \
cd $(DOCKERFILEPATH_NOTARY) && $(DOCKERFILEPATH_NOTARY)/builder $(NOTARYVERSION) $(NOTARYMIGRATEVERSION) && cd - ; \
if [ ! "$(SKIP_BUILDBIN)" ] ; then \
if [ "$(BUILDBIN)" != "true" ] ; then \
rm -rf $(DOCKERFILEPATH_NOTARY)/binary && mkdir -p $(DOCKERFILEPATH_NOTARY)/binary && \
$(call _get_binary, $(NOTARYURL), $(DOCKERFILEPATH_NOTARY)/binary-bundle.tgz); \
cd $(DOCKERFILEPATH_NOTARY) && tar -zvxf binary-bundle.tgz && cd - ; \
else \
cd $(DOCKERFILEPATH_NOTARY) && $(DOCKERFILEPATH_NOTARY)/builder $(NOTARYVERSION) $(NOTARYMIGRATEVERSION) && cd - ; \
fi ; \
fi ; \
echo "building notary container for photon..."; \
chmod 655 $(DOCKERFILEPATH_NOTARY)/binary/notary-signer && $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_NOTARYSIGNER)/$(DOCKERFILENAME_NOTARYSIGNER) -t $(DOCKERIMAGENAME_NOTARYSIGNER):$(VERSIONTAG) . ; \
Expand All @@ -226,11 +232,13 @@ _build_notary:

_build_registry:
@$(call _build_base,$(REGISTRY),$(DOCKERFILEPATH_REG))
@if [ "$(BUILDBIN)" != "true" ] ; then \
rm -rf $(DOCKERFILEPATH_REG)/binary && mkdir -p $(DOCKERFILEPATH_REG)/binary && \
$(call _get_binary, $(REGISTRYURL), $(DOCKERFILEPATH_REG)/binary/registry); \
else \
cd $(DOCKERFILEPATH_REG) && $(DOCKERFILEPATH_REG)/builder $(REGISTRY_SRC_TAG) && cd - ; \
@if [ ! "$(SKIP_BUILDBIN)" ] ; then \
if [ "$(BUILDBIN)" != "true" ] ; then \
rm -rf $(DOCKERFILEPATH_REG)/binary && mkdir -p $(DOCKERFILEPATH_REG)/binary && \
$(call _get_binary, $(REGISTRYURL), $(DOCKERFILEPATH_REG)/binary/registry); \
else \
cd $(DOCKERFILEPATH_REG) && $(DOCKERFILEPATH_REG)/builder $(REGISTRY_SRC_TAG) && cd - ; \
fi ; \
fi
@echo "building registry container for photon..."
@chmod 655 $(DOCKERFILEPATH_REG)/binary/registry && $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REG)/$(DOCKERFILENAME_REG) -t $(DOCKERIMAGENAME_REG):$(VERSIONTAG) .
Expand Down
2 changes: 1 addition & 1 deletion make/photon/trivy-adapter/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ ARG trivy_version

COPY ./make/photon/common/install_cert.sh /home/scanner
COPY ./make/photon/trivy-adapter/entrypoint.sh /home/scanner
COPY ./make/photon/common/exports_env_in_dir.sh /home/scanner/
COPY ./make/photon/common/exports_env_in_dir.sh /home/scanner
COPY ./make/photon/trivy-adapter/binary/trivy /usr/local/bin/trivy
COPY ./make/photon/trivy-adapter/binary/scanner-trivy /home/scanner/bin/scanner-trivy

Expand Down

0 comments on commit 03c9f44

Please sign in to comment.