diff --git a/.build/build.yaml b/.build/build.yaml index 04189bb15f0..7b669bf8e74 100644 --- a/.build/build.yaml +++ b/.build/build.yaml @@ -35,7 +35,7 @@ spec: - name: run_sonar type: string description: | - Controls whether to run a sonar scan. + Controls whether to run a sonar scan. The sonar of the open source component does not need to run frequently, and the sonar service may cause pipeline failure due to too many scanning tasks, which is a huge cost for building a harbor image, so the sonar scan is turned off by default, and the switch control is added, and it is turned on only when necessary. tasks: - name: readme-please @@ -139,14 +139,14 @@ spec: - name: command value: | set -ex - + BUILDPATH=$(workspaces.source.path) VERSIONTAG=2.12.0-$(build.git.lastCommit.shortID)-amd64 BASEIMAGETAG=${VERSIONTAG} BASEIMAGENAMESPACE=build-harbor.alauda.cn/devops IMAGENAMESPACE=build-harbor.alauda.cn/devops REGISTRY_SRC_TAG=v2.8.3 - + # compile harbor BUILDPATH="$(workspaces.source.path)" make compile - name: compile-amd64-thirdparty @@ -164,15 +164,15 @@ spec: - name: command value: | set -ex - + BUILDPATH=$(workspaces.source.path) VERSIONTAG=2.12.0-$(build.git.lastCommit.shortID)-amd64 BASEIMAGETAG=${VERSIONTAG} BASEIMAGENAMESPACE=build-harbor.alauda.cn/devops IMAGENAMESPACE=build-harbor.alauda.cn/devops - REGISTRY_SRC=https://github.com/distribution/distribution.git + REGISTRY_SRC=https://github.com/distribution/distribution.git REGISTRY_SRC_TAG=v2.8.3 - + # compile registry cd ${BUILDPATH}/make/photon/registry && ./builder ${REGISTRY_SRC_TAG} ${REGISTRY_SRC} && cd - @@ -196,14 +196,14 @@ spec: - name: command value: | set -ex - + BUILDPATH=$(workspaces.source.path) VERSIONTAG=2.12.0-$(build.git.lastCommit.shortID)-arm64 BASEIMAGETAG=${VERSIONTAG} BASEIMAGENAMESPACE=build-harbor.alauda.cn/devops IMAGENAMESPACE=build-harbor.alauda.cn/devops REGISTRY_SRC_TAG=v2.8.3 - + # compile harbor BUILDPATH="$(workspaces.source.path)" make compile - name: compile-arm64-thirdparty @@ -221,15 +221,15 @@ spec: - name: command value: | set -ex - + BUILDPATH=$(workspaces.source.path) VERSIONTAG=2.12.0-$(build.git.lastCommit.shortID)-arm64 BASEIMAGETAG=${VERSIONTAG} BASEIMAGENAMESPACE=build-harbor.alauda.cn/devops IMAGENAMESPACE=build-harbor.alauda.cn/devops - REGISTRY_SRC=https://github.com/distribution/distribution.git + REGISTRY_SRC=https://github.com/distribution/distribution.git REGISTRY_SRC_TAG=v2.8.3 - + # compile registry cd ${BUILDPATH}/make/photon/registry && ./builder ${REGISTRY_SRC_TAG} ${REGISTRY_SRC} && cd - @@ -257,6 +257,8 @@ spec: params: - name: command value: + - make build -e BUILDTARGET=_build_bitnami_redis + - make build -e BUILDTARGET=_build_db - make build -e BUILDTARGET=_build_portal - make build -e BUILDTARGET=_build_core - make build -e BUILDTARGET=_build_jobservice @@ -272,7 +274,7 @@ spec: set -ex # some build target need wget apt-get update && apt-get install -y wget - + export VERSIONTAG=2.12.0-$(build.git.lastCommit.shortID)-amd64 export IMAGENAMESPACE=build-harbor.alauda.cn/devops export BASEIMAGETAG=2.12.0-$(build.git.lastCommit.shortID)-amd64 @@ -300,6 +302,8 @@ spec: params: - name: command value: + - make build -e BUILDTARGET=_build_bitnami_redis + - make build -e BUILDTARGET=_build_db - make build -e BUILDTARGET=_build_portal - make build -e BUILDTARGET=_build_core - make build -e BUILDTARGET=_build_jobservice @@ -315,7 +319,7 @@ spec: set -ex # some build target need wget apt-get update && apt-get install -y wget - + export VERSIONTAG=2.12.0-$(build.git.lastCommit.shortID)-arm64 export IMAGENAMESPACE=build-harbor.alauda.cn/devops export BASEIMAGETAG=2.12.0-$(build.git.lastCommit.shortID)-arm64 @@ -346,6 +350,8 @@ spec: params: - name: container-images value: + - build-harbor.alauda.cn/devops/goharbor-harbor-db:2.12.0-$(build.git.lastCommit.shortID) + - build-harbor.alauda.cn/devops/goharbor-redis-photon:2.12.0-$(build.git.lastCommit.shortID) - build-harbor.alauda.cn/devops/goharbor-harbor-portal:2.12.0-$(build.git.lastCommit.shortID) - build-harbor.alauda.cn/devops/goharbor-harbor-registryctl:2.12.0-$(build.git.lastCommit.shortID) - build-harbor.alauda.cn/devops/goharbor-registry-photon:2.12.0-$(build.git.lastCommit.shortID) @@ -356,6 +362,10 @@ spec: - build-harbor.alauda.cn/devops/goharbor-harbor-exporter:2.12.0-$(build.git.lastCommit.shortID) - name: source-image-digests value: + - build-harbor.alauda.cn/devops/goharbor-harbor-db:2.12.0-$(build.git.lastCommit.shortID)-amd64 + - build-harbor.alauda.cn/devops/goharbor-harbor-db:2.12.0-$(build.git.lastCommit.shortID)-arm64 + - build-harbor.alauda.cn/devops/goharbor-redis-photon:2.12.0-$(build.git.lastCommit.shortID)-amd64 + - build-harbor.alauda.cn/devops/goharbor-redis-photon:2.12.0-$(build.git.lastCommit.shortID)-arm64 - build-harbor.alauda.cn/devops/goharbor-harbor-portal:2.12.0-$(build.git.lastCommit.shortID)-amd64 - build-harbor.alauda.cn/devops/goharbor-harbor-portal:2.12.0-$(build.git.lastCommit.shortID)-arm64 - build-harbor.alauda.cn/devops/goharbor-harbor-registryctl:2.12.0-$(build.git.lastCommit.shortID)-amd64 @@ -411,4 +421,4 @@ spec: - vulnerability.ignore-unfixed=true - vulnerability.type[0]=os - db.skip-update=false - - db.repository=build-harbor.alauda.cn/ops/aquasecurity/trivy-db \ No newline at end of file + - db.repository=build-harbor.alauda.cn/ops/aquasecurity/trivy-db diff --git a/make/photon/Makefile b/make/photon/Makefile index 1a3ad32f786..88fa6fb5909 100644 --- a/make/photon/Makefile +++ b/make/photon/Makefile @@ -200,6 +200,11 @@ _build_redis: @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REDIS)/$(DOCKERFILENAME_REDIS) -t $(DOCKERIMAGENAME_REDIS):$(VERSIONTAG) . @echo "Done." +_build_bitnami_redis: + @echo "building redis container for photon..." + @$(DOCKERBUILD_WITH_PULL_PARA) -f $(DOCKERFILEPATH_REDIS)/$(DOCKERFILENAME_REDIS).bitnami -t $(DOCKERIMAGENAME_REDIS):$(VERSIONTAG) . + @echo "Done." + _build_standalone_db_migrator: @echo "building standalone db migrator image for photon..." $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_STANDALONE_DB_MIGRATOR)/$(DOCKERFILENAME_STANDALONE_DB_MIGRATOR) -t $(DOCKERIMAGENAME_STANDALONE_DB_MIGRATOR):$(VERSIONTAG) . diff --git a/make/photon/redis/Dockerfile.bitnami b/make/photon/redis/Dockerfile.bitnami new file mode 100644 index 00000000000..3e2daa8ae42 --- /dev/null +++ b/make/photon/redis/Dockerfile.bitnami @@ -0,0 +1,16 @@ +FROM build-harbor.alauda.cn/3rdparty/bitnami/redis:7.0.15-debian-12-r13 + +USER root +RUN groupadd -g 999 redis \ + && useradd -u 999 -g 999 -c "Redis Database Server" -d /var/lib/redis -s /sbin/nologin -m redis + +VOLUME /var/lib/redis +WORKDIR /var/lib/redis +COPY ./make/photon/redis/docker-healthcheck /usr/bin/ +COPY ./make/photon/redis/redis.conf /etc/redis.conf +RUN chmod +x /usr/bin/docker-healthcheck \ + && chown redis:redis /etc/redis.conf + +HEALTHCHECK CMD ["docker-healthcheck"] +USER redis +CMD ["redis-server", "/etc/redis.conf"] diff --git a/make/photon/redis/redis.conf b/make/photon/redis/redis.conf index e36ef8c8c6f..5721ed4dd46 100644 --- a/make/photon/redis/redis.conf +++ b/make/photon/redis/redis.conf @@ -1291,3 +1291,5 @@ aof-rewrite-incremental-fsync yes # Maximal effort for defrag in CPU percentage # active-defrag-cycle-max 75 +# support kylin os +ignore-warnings ARM64-COW-BUG