diff --git a/.build/build2.yaml b/.build/build2.yaml index 9e7b382fcf51..310353d7c956 100644 --- a/.build/build2.yaml +++ b/.build/build2.yaml @@ -144,10 +144,31 @@ spec: IMAGENAMESPACE=build-harbor.alauda.cn/devops REGISTRY_SRC_TAG=v2.8.0 - BUILDPATH="$(workspaces.source.path)" make compile - - # compile registry - cd ./make/photon/registry && ./builder ${REGISTRY_SRC_TAG} + TRIVYADAPTERVERSION=v0.30.7 + cd ${BUILDPATH}/make/photon/trivy-adapter && ./builder.sh ${TRIVYADAPTERVERSION} && cd - + + +# # compile registry +# cd ${BUILDPATH}/make/photon/registry && ./builder ${REGISTRY_SRC_TAG} && cd - +# +# TRIVYADAPTERVERSION=v0.30.7 +# cd ${BUILDPATH}/make/photon/trivy-adapter && ./builder.sh ${TRIVYADAPTERVERSION} && cd - +# +# # compile chartserver +# GOBUILDIMAGE=golang:1.19.4 +# CHART_SERVER_CODE_BASE=https://github.com/alauda/chartmuseum.git +# CHARTMUSEUM_SRC_TAG=v0.14.1 +# CHART_SERVER_MAIN_PATH=cmd/chartmuseum +# CHART_SERVER_BIN_NAME=chartm +# cd ${BUILDPATH}/make/photon/chartserver && ./builder ${GOBUILDIMAGE} ${CHART_SERVER_CODE_BASE} ${CHARTMUSEUM_SRC_TAG} ${CHART_SERVER_MAIN_PATH} ${CHART_SERVER_BIN_NAME} && cd - +# +# # compile notary +# NOTARYVERSION=v0.6.1 +# NOTARYMIGRATEVERSION=v4.11.0 +# cd ${BUILDPATH}/make/photon/notary && ./builder ${NOTARYVERSION} ${NOTARYMIGRATEVERSION} && cd - +# +# BUILDPATH="$(workspaces.source.path)" make compile + - name: compile-arm64 timeout: 2.5h @@ -169,10 +190,29 @@ spec: IMAGENAMESPACE=build-harbor.alauda.cn/devops REGISTRY_SRC_TAG=v2.8.0 - BUILDPATH="$(workspaces.source.path)" make compile - - # compile registry - cd ./make/photon/registry && ./builder ${REGISTRY_SRC_TAG} + TRIVYADAPTERVERSION=v0.30.7 + cd ${BUILDPATH}/make/photon/trivy-adapter && ./builder.sh ${TRIVYADAPTERVERSION} && cd - + +# # compile registry +# cd ${BUILDPATH}/make/photon/registry && ./builder ${REGISTRY_SRC_TAG} && cd - +# +# TRIVYADAPTERVERSION=v0.30.7 +# cd ${BUILDPATH}/make/photon/trivy-adapter && ./builder.sh ${TRIVYADAPTERVERSION} && cd - +# +# # compile chartserver +# GOBUILDIMAGE=golang:1.19.4 +# CHART_SERVER_CODE_BASE=https://github.com/alauda/chartmuseum.git +# CHARTMUSEUM_SRC_TAG=v0.14.1 +# CHART_SERVER_MAIN_PATH=cmd/chartmuseum +# CHART_SERVER_BIN_NAME=chartm +# cd ${BUILDPATH}/make/photon/chartserver && ./builder ${GOBUILDIMAGE} ${CHART_SERVER_CODE_BASE} ${CHARTMUSEUM_SRC_TAG} ${CHART_SERVER_MAIN_PATH} ${CHART_SERVER_BIN_NAME} && cd - +# +# # compile notary +# NOTARYVERSION=v0.6.1 +# NOTARYMIGRATEVERSION=v4.11.0 +# cd ${BUILDPATH}/make/photon/notary && ./builder ${NOTARYVERSION} ${NOTARYMIGRATEVERSION} && cd - +# +# BUILDPATH="$(workspaces.source.path)" make compile ########## # build-image amd64 and arm64 @@ -193,21 +233,21 @@ spec: params: - name: command value: - - make build -e BUILDTARGET=_build_portal - - make build -e BUILDTARGET=_build_core - - make build -e BUILDTARGET=_build_jobservice - - make build -e BUILDTARGET=_build_log - - make build -e BUILDTARGET=_build_nginx - - make build -e BUILDTARGET=_build_registry - - make build -e BUILDTARGET=_build_registryctl - - make build -e BUILDTARGET=_build_notary +# - make build -e BUILDTARGET=_build_portal +# - make build -e BUILDTARGET=_build_core +# - make build -e BUILDTARGET=_build_jobservice +# - make build -e BUILDTARGET=_build_log +# - make build -e BUILDTARGET=_build_nginx +# - make build -e BUILDTARGET=_build_registry +# - make build -e BUILDTARGET=_build_registryctl +# - make build -e BUILDTARGET=_build_notary - make build -e BUILDTARGET=_build_trivy_adapter - - make build -e BUILDTARGET=_build_chart_server - - make build -e BUILDTARGET=_compile_and_build_exporter +# - make build -e BUILDTARGET=_build_chart_server +# - make build -e BUILDTARGET=_compile_and_build_exporter params: - name: pre-command value: | - set -x + set -ex # some build target need wget apt-get update && apt-get install -y wget @@ -216,6 +256,7 @@ spec: export BASEIMAGETAG=2.6.4-$(build.git.lastCommit.shortID)-amd64 export BASEIMAGENAMESPACE=build-harbor.alauda.cn/devops export PUSHBASEIMAGE=false + export SKIP_BUILDBIN=true export DOCKERBUILD="docker buildx build --platform=linux/amd64 --builder builder --push --metadata-file .build-metadata.txt --iidfile $(results.container-image-digest.path)" - name: post-command value: | @@ -223,7 +264,7 @@ spec: cat .build-metadata.txt echo "==== build metadata" - cat .build-metadata.txt | jq -r '."containerimage.buildinfo".sources[0].ref' > $(results.ociContainerImageBuild-url.path) + cat .build-metadata.txt | jq -r '."image.name"' > $(results.ociContainerImageBuild-url.path) cat $(results.ociContainerImageBuild-url.path) cat $(results.container-image-digest.path) @@ -243,21 +284,21 @@ spec: params: - name: command value: - - make build -e BUILDTARGET=_build_portal - - make build -e BUILDTARGET=_build_core - - make build -e BUILDTARGET=_build_jobservice - - make build -e BUILDTARGET=_build_log - - make build -e BUILDTARGET=_build_nginx - - make build -e BUILDTARGET=_build_registry - - make build -e BUILDTARGET=_build_registryctl - - make build -e BUILDTARGET=_build_notary +# - make build -e BUILDTARGET=_build_portal +# - make build -e BUILDTARGET=_build_core +# - make build -e BUILDTARGET=_build_jobservice +# - make build -e BUILDTARGET=_build_log +# - make build -e BUILDTARGET=_build_nginx +# - make build -e BUILDTARGET=_build_registry +# - make build -e BUILDTARGET=_build_registryctl +# - make build -e BUILDTARGET=_build_notary - make build -e BUILDTARGET=_build_trivy_adapter - - make build -e BUILDTARGET=_build_chart_server - - make build -e BUILDTARGET=_compile_and_build_exporter +# - make build -e BUILDTARGET=_build_chart_server +# - make build -e BUILDTARGET=_compile_and_build_exporter params: - name: pre-command value: | - set -x + set -ex # some build target need wget apt-get update && apt-get install -y wget @@ -266,6 +307,7 @@ spec: export BASEIMAGETAG=2.6.4-$(build.git.lastCommit.shortID)-arm64 export BASEIMAGENAMESPACE=build-harbor.alauda.cn/devops export PUSHBASEIMAGE=false + export SKIP_BUILDBIN=true export DOCKERBUILD="docker buildx build --platform=linux/arm64 --builder builder --push --metadata-file .build-metadata.txt --iidfile $(results.container-image-digest.path)" - name: post-command value: | @@ -330,4 +372,7 @@ spec: - build-harbor.alauda.cn/devops/goharbor-trivy-adapter-photon:2.6.4-$(build.git.lastCommit.shortID)-amd64 - build-harbor.alauda.cn/devops/goharbor-trivy-adapter-photon:2.6.4-$(build.git.lastCommit.shortID)-arm64 - build-harbor.alauda.cn/devops/goharbor-harbor-exporter:2.6.4-$(build.git.lastCommit.shortID)-amd64 - - build-harbor.alauda.cn/devops/goharbor-harbor-exporter:2.6.4-$(build.git.lastCommit.shortID)-arm64 \ No newline at end of file + - build-harbor.alauda.cn/devops/goharbor-harbor-exporter:2.6.4-$(build.git.lastCommit.shortID)-arm64 +CHARTMUSEUM_SRC_TAG=v0: + 14: + 1: \ No newline at end of file diff --git a/make/photon/Makefile b/make/photon/Makefile index c58fa55c3fac..6a1d4fb7fc2f 100644 --- a/make/photon/Makefile +++ b/make/photon/Makefile @@ -168,12 +168,14 @@ _build_trivy_adapter: rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary ; \ echo "Downloading Trivy scanner $(TRIVYVERSION)..." ; \ $(call _extract_archive, $(TRIVY_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \ - if [ "$(BUILDBIN)" != "true" ] ; then \ - echo "Downloading Trivy adapter $(TRIVYADAPTERVERSION)..." ; \ - $(call _extract_archive, $(TRIVY_ADAPTER_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \ - else \ - echo "Building Trivy adapter $(TRIVYADAPTERVERSION) from sources..." ; \ - cd $(DOCKERFILEPATH_TRIVY_ADAPTER) && $(DOCKERFILEPATH_TRIVY_ADAPTER)/builder.sh $(TRIVYADAPTERVERSION) && cd - ; \ + if [ ! "$(SKIP_BUILDBIN)" ] ; then \ + if [ "$(BUILDBIN)" != "true" ] ; then \ + echo "Downloading Trivy adapter $(TRIVYADAPTERVERSION)..." ; \ + $(call _extract_archive, $(TRIVY_ADAPTER_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \ + else \ + echo "Building Trivy adapter $(TRIVYADAPTERVERSION) from sources..." ; \ + cd $(DOCKERFILEPATH_TRIVY_ADAPTER) && $(DOCKERFILEPATH_TRIVY_ADAPTER)/builder.sh $(TRIVYADAPTERVERSION) && cd - ; \ + fi ; \ fi ; \ echo "Building Trivy adapter container for photon..." ; \ $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) \ @@ -187,12 +189,14 @@ _build_trivy_adapter: _build_chart_server: @if [ "$(CHARTFLAG)" = "true" ] ; then \ - $(call _build_base,$(CHARTSERVER),$(DOCKERFILEPATH_CHART_SERVER)); \ - if [ "$(BUILDBIN)" != "true" ] ; then \ - rm -rf $(DOCKERFILEPATH_CHART_SERVER)/binary && mkdir -p $(DOCKERFILEPATH_CHART_SERVER)/binary && \ - $(call _get_binary, $(CHARTURL), $(DOCKERFILEPATH_CHART_SERVER)/binary/chartm); \ - else \ - cd $(DOCKERFILEPATH_CHART_SERVER) && $(DOCKERFILEPATH_CHART_SERVER)/builder $(GOBUILDIMAGE) $(CHART_SERVER_CODE_BASE) $(CHARTMUSEUM_SRC_TAG) $(CHART_SERVER_MAIN_PATH) $(CHART_SERVER_BIN_NAME) && cd - ; \ + $(call _build_base,$(CHARTSERVER),$(DOCKERFILEPATH_CHART_SERVER)); \ + if [ ! "$(SKIP_BUILDBIN)" ] ; then \ + if [ "$(BUILDBIN)" != "true" ] ; then \ + rm -rf $(DOCKERFILEPATH_CHART_SERVER)/binary && mkdir -p $(DOCKERFILEPATH_CHART_SERVER)/binary && \ + $(call _get_binary, $(CHARTURL), $(DOCKERFILEPATH_CHART_SERVER)/binary/chartm); \ + else \ + cd $(DOCKERFILEPATH_CHART_SERVER) && $(DOCKERFILEPATH_CHART_SERVER)/builder $(GOBUILDIMAGE) $(CHART_SERVER_CODE_BASE) $(CHARTMUSEUM_SRC_TAG) $(CHART_SERVER_MAIN_PATH) $(CHART_SERVER_BIN_NAME) && cd - ; \ + fi ; \ fi ; \ echo "building chartmuseum container for photon..." ; \ $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_CHART_SERVER)/$(DOCKERFILENAME_CHART_SERVER) -t $(DOCKERIMAGENAME_CHART_SERVER):$(VERSIONTAG) . ; \ @@ -210,12 +214,14 @@ _build_notary: @if [ "$(NOTARYFLAG)" = "true" ] ; then \ $(call _build_base,$(NOTARYSERVER),$(DOCKERFILEPATH_NOTARYSERVER)) ; \ $(call _build_base,$(NOTARYSIGNER),$(DOCKERFILEPATH_NOTARYSIGNER)) ; \ - if [ "$(BUILDBIN)" != "true" ] ; then \ - rm -rf $(DOCKERFILEPATH_NOTARY)/binary && mkdir -p $(DOCKERFILEPATH_NOTARY)/binary && \ - $(call _get_binary, $(NOTARYURL), $(DOCKERFILEPATH_NOTARY)/binary-bundle.tgz); \ - cd $(DOCKERFILEPATH_NOTARY) && tar -zvxf binary-bundle.tgz && cd - ; \ - else \ - cd $(DOCKERFILEPATH_NOTARY) && $(DOCKERFILEPATH_NOTARY)/builder $(NOTARYVERSION) $(NOTARYMIGRATEVERSION) && cd - ; \ + if [ ! "$(SKIP_BUILDBIN)" ] ; then \ + if [ "$(BUILDBIN)" != "true" ] ; then \ + rm -rf $(DOCKERFILEPATH_NOTARY)/binary && mkdir -p $(DOCKERFILEPATH_NOTARY)/binary && \ + $(call _get_binary, $(NOTARYURL), $(DOCKERFILEPATH_NOTARY)/binary-bundle.tgz); \ + cd $(DOCKERFILEPATH_NOTARY) && tar -zvxf binary-bundle.tgz && cd - ; \ + else \ + cd $(DOCKERFILEPATH_NOTARY) && $(DOCKERFILEPATH_NOTARY)/builder $(NOTARYVERSION) $(NOTARYMIGRATEVERSION) && cd - ; \ + fi ; \ fi ; \ echo "building notary container for photon..."; \ chmod 655 $(DOCKERFILEPATH_NOTARY)/binary/notary-signer && $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_NOTARYSIGNER)/$(DOCKERFILENAME_NOTARYSIGNER) -t $(DOCKERIMAGENAME_NOTARYSIGNER):$(VERSIONTAG) . ; \ @@ -226,11 +232,13 @@ _build_notary: _build_registry: @$(call _build_base,$(REGISTRY),$(DOCKERFILEPATH_REG)) - @if [ "$(BUILDBIN)" != "true" ] ; then \ - rm -rf $(DOCKERFILEPATH_REG)/binary && mkdir -p $(DOCKERFILEPATH_REG)/binary && \ - $(call _get_binary, $(REGISTRYURL), $(DOCKERFILEPATH_REG)/binary/registry); \ - else \ - cd $(DOCKERFILEPATH_REG) && $(DOCKERFILEPATH_REG)/builder $(REGISTRY_SRC_TAG) && cd - ; \ + @if [ ! "$(SKIP_BUILDBIN)" ] ; then \ + if [ "$(BUILDBIN)" != "true" ] ; then \ + rm -rf $(DOCKERFILEPATH_REG)/binary && mkdir -p $(DOCKERFILEPATH_REG)/binary && \ + $(call _get_binary, $(REGISTRYURL), $(DOCKERFILEPATH_REG)/binary/registry); \ + else \ + cd $(DOCKERFILEPATH_REG) && $(DOCKERFILEPATH_REG)/builder $(REGISTRY_SRC_TAG) && cd - ; \ + fi ; \ fi @echo "building registry container for photon..." @chmod 655 $(DOCKERFILEPATH_REG)/binary/registry && $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REG)/$(DOCKERFILENAME_REG) -t $(DOCKERIMAGENAME_REG):$(VERSIONTAG) .