diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index faaf039..caa7182 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,11 +13,21 @@ # limitations under the License. name: build -on: ['push'] +on: + push: + branches: + - 'main' jobs: - linux-utils: + images: runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - image: linux-utils + - image: alpine-sh + - image: alpine-bash steps: - name: Checkout uses: actions/checkout@v4 @@ -48,9 +58,9 @@ jobs: with: # add each registry to which the image needs to be pushed here images: | - ${{ env.IMAGE_ORG }}/linux-utils - quay.io/${{ env.IMAGE_ORG }}/linux-utils - ghcr.io/${{ env.IMAGE_ORG }}/linux-utils + ${{ env.IMAGE_ORG }}/${{ matrix.image }} + quay.io/${{ env.IMAGE_ORG }}/${{ matrix.image }} + ghcr.io/${{ env.IMAGE_ORG }}/${{ matrix.image }} tags: | type=raw,value=latest,enable=false type=raw,value=${{ env.TAG }} @@ -93,7 +103,7 @@ jobs: - name: Build & Push Image uses: docker/build-push-action@v5 with: - file: ./Dockerfile + file: ./dockerfiles/${{ matrix.image }}/Dockerfile push: true platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/ppc64le tags: | @@ -102,20 +112,27 @@ jobs: DBUILD_DATE=${{ steps.date.outputs.DATE }} DBUILD_REPO_URL=https://github.com/openebs/linux-utils DBUILD_SITE_URL=https://openebs.io - + trivy: runs-on: ubuntu-latest - needs: ['linux-utils'] + needs: ['images'] + strategy: + fail-fast: false + matrix: + include: + - image: linux-utils + - image: alpine-sh + - image: alpine-bash steps: - name: Checkout code uses: actions/checkout@v4 - + - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: # the tag will be always ci since only main branch is present # in this repository - image-ref: 'openebs/linux-utils:ci' + image-ref: 'openebs/${{ matrix.image }}:ci' format: 'table' exit-code: '1' ignore-unfixed: true diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 4386db7..be580f7 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -24,6 +24,13 @@ on: jobs: linux-utils: runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - image: linux-utils + - image: alpine-sh + - image: alpine-bash steps: - name: Checkout uses: actions/checkout@v4 @@ -42,17 +49,17 @@ jobs: - name: Build Image uses: docker/build-push-action@v5 with: - file: ./Dockerfile + file: ./dockerfiles/${{ matrix.image }}/Dockerfile push: false load: true platforms: linux/amd64 tags: | - openebs/linux-utils:ci - + openebs/${{ matrix.image }}:ci + - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'openebs/linux-utils:ci' + image-ref: 'openebs/${{ matrix.image }}:ci' format: 'table' exit-code: '1' ignore-unfixed: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9dd7e98..f1dd6d0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,8 +19,15 @@ on: - 'created' jobs: - linux-utils: + images: runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - image: linux-utils + - image: alpine-sh + - image: alpine-bash steps: - name: Checkout uses: actions/checkout@v4 @@ -47,9 +54,9 @@ jobs: with: # add each registry to which the image needs to be pushed here images: | - ${{ env.IMAGE_ORG }}/linux-utils - quay.io/${{ env.IMAGE_ORG }}/linux-utils - ghcr.io/${{ env.IMAGE_ORG }}/linux-utils + ${{ env.IMAGE_ORG }}/${{ matrix.image }} + quay.io/${{ env.IMAGE_ORG }}/${{ matrix.image }} + ghcr.io/${{ env.IMAGE_ORG }}/${{ matrix.image }} tags: | type=semver,pattern={{version}} @@ -92,7 +99,7 @@ jobs: - name: Build & Push Image uses: docker/build-push-action@v5 with: - file: ./Dockerfile + file: ./dockerfiles/${{ matrix.image }}/Dockerfile push: true platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/ppc64le tags: | @@ -105,20 +112,27 @@ jobs: trivy: runs-on: ubuntu-latest - needs: ['linux-utils'] + strategy: + fail-fast: false + matrix: + include: + - image: linux-utils + - image: alpine-sh + - image: alpine-bash + needs: ['images'] steps: - name: Checkout code uses: actions/checkout@v4 - + - name: Set Release Tag run: | TAG="${GITHUB_REF#refs/*/v}" echo "RELEASE_TAG=${TAG}" >> $GITHUB_ENV - + - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: openebs/linux-utils:${{ env.RELEASE_TAG }} + image-ref: openebs/${{ matrix.image }}:${{ env.RELEASE_TAG }} format: 'table' exit-code: '1' ignore-unfixed: true diff --git a/Makefile b/Makefile index 6491baf..e00a64e 100644 --- a/Makefile +++ b/Makefile @@ -22,15 +22,13 @@ SHELL:=/bin/bash BUILDX:=false ifeq (${IMAGE_ORG}, ) - IMAGE_ORG="openebs" + IMAGE_ORG=openebs export IMAGE_ORG endif -# Determine the DIMAGE associated with given arch/os -ifeq (${DIMAGE}, ) - #Default image name - DIMAGE:=openebs/linux-utils - export DIMAGE +ifeq (${DIMAGES}, ) + DIMAGES:=linux-utils alpine-sh alpine-bash + export DIMAGES endif #Initialize Docker build arguments. Each of these @@ -60,27 +58,38 @@ build: image push .PHONY: header header: @echo "------------------------------------" - @echo "--> Building linux utils image " + @echo "--> Building linux utils images " @echo "------------------------------------" @echo .PHONY: image image: header - @sudo docker build -t "${DIMAGE}:ci" -f Dockerfile . ${DBUILD_ARGS} - @echo - + @for image in $$DIMAGES; do \ + sudo docker build -t "$$IMAGE_ORG/$$image:ci" -f ./dockerfiles/$$image/Dockerfile . ${DBUILD_ARGS}; \ + done + @echo "Done" .PHONY: test test: @echo "---------------------------------------" @echo "--> Test required tools are available " @echo "---------------------------------------" - @sudo docker run "${DIMAGE}:ci" which mkdir - @sudo docker run "${DIMAGE}:ci" which rm - @sudo docker run "${DIMAGE}:ci" which wipefs - -.PHONY: push -push: - ./buildscripts/push; - -include Makefile.buildx.mk + @sudo docker run --rm "$$IMAGE_ORG/linux-utils:ci" which mkdir + @sudo docker run --rm "$$IMAGE_ORG/linux-utils:ci" which rm + @sudo docker run --rm "$$IMAGE_ORG/linux-utils:ci" which wipefs + @sudo docker run --rm "$$IMAGE_ORG/alpine-sh:ci" which /bin/sh + @sudo docker run --rm "$$IMAGE_ORG/alpine-sh:ci" which nc + @sudo docker run --rm "$$IMAGE_ORG/alpine-sh:ci" which chown + @sudo docker run --rm "$$IMAGE_ORG/alpine-bash:ci" which /bin/sh + @sudo docker run --rm "$$IMAGE_ORG/alpine-bash:ci" which /bin/bash + @sudo docker run --rm "$$IMAGE_ORG/alpine-bash:ci" which nc + @sudo docker run --rm "$$IMAGE_ORG/alpine-bash:ci" which chown + +.PHONY: clobber +clobber: + @for image in $$DIMAGES; do \ + docker rmi $$IMAGE_ORG/$$image:$$TAG || true; \ + done + docker image prune -f + +include Makefile.buildx.mk \ No newline at end of file diff --git a/Makefile.buildx.mk b/Makefile.buildx.mk index 2fd1d3d..29c0e3c 100644 --- a/Makefile.buildx.mk +++ b/Makefile.buildx.mk @@ -33,19 +33,32 @@ else export PUSH_ARG="--push" endif -DOCKERX_IMAGE=${IMAGE_ORG}/linux-utils:${TAG} - .PHONY: buildx.image buildx.image: @if ! docker buildx ls | grep -q container-builder; then\ docker buildx create --platform ${PLATFORMS} --name container-builder --use;\ fi - @docker buildx build --platform ${PLATFORMS} \ - -t "$(DOCKERX_IMAGE)" ${DBUILD_ARGS} -f Dockerfile \ - . ${PUSH_ARG} - @echo "--> Build docker image: $(DOCKERX_IMAGE)" + @echo "Building $$DIMAGES for platforms ${PLATFORMS}" + @for image in $$DIMAGES; do \ + DOCKERX_IMAGE=$$IMAGE_ORG/$$image:$$TAG; \ + echo "--> Building $$DOCKERX_IMAGE"; \ + docker buildx build --platform ${PLATFORMS} \ + -t "$$DOCKERX_IMAGE" ${DBUILD_ARGS} -f ./dockerfiles/$$image/Dockerfile \ + . ${PUSH_ARG}; \ + echo "--> Built docker image: $$DOCKERX_IMAGE"; \ + echo; \ + done + @echo "Built $$DIMAGES for platforms ${PLATFORMS}" + @docker buildx stop --builder container-builder @echo -.PHONY: buildx.push -buildx.push: - BUILDX=true DIMAGE=${IMAGE_ORG}/linux-utils ./buildscripts/push +.PHONY: buildx.clean +buildx.clean: + docker buildx rm --builder container-builder || true + +.PHONY: buildx.clobber +buildx.clobber: buildx.clean + @for image in $$DIMAGES; do \ + docker rmi $$IMAGE_ORG/$$image:$$TAG || true; \ + done + docker rmi moby/buildkit:buildx-stable-1 diff --git a/buildscripts/push b/buildscripts/push deleted file mode 100755 index a856990..0000000 --- a/buildscripts/push +++ /dev/null @@ -1,149 +0,0 @@ -#!/bin/bash - -# Copyright 2020 The OpenEBS Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -if [ -z ${DIMAGE} ]; -then - echo "Error: DIMAGE is not specified"; - exit 1 -fi - -function pushBuildx() { - BUILD_TAG="latest" - TARGET_IMG=${DIMAGE} - -# TODO Currently ci builds with commit tag will not be generated, -# since buildx does not support multiple repo - # if not a release build set the tag and ci image - if [ -z "${RELEASE_TAG}" ]; then - return -# BUILD_ID=$(git describe --tags --always) -# BUILD_TAG="${BRANCH}-${BUILD_ID}" -# TARGET_IMG="${DIMAGE}-ci" - fi - - echo "Tagging and pushing ${DIMAGE}:${TAG} as ${TARGET_IMG}:${BUILD_TAG}" - docker buildx imagetools create "${DIMAGE}:${TAG}" -t "${TARGET_IMG}:${BUILD_TAG}" -} - -# if the push is for a buildx build -if [[ ${BUILDX} ]]; then - pushBuildx - exit 0 -fi - -IMAGEID=$( sudo docker images -q ${DIMAGE}:ci ) -echo "${DIMAGE}:ci -> $IMAGEID" -if [ -z ${IMAGEID} ]; -then - echo "Error: unable to get IMAGEID for ${DIMAGE}:ci"; - exit 1 -fi - -# Generate a unique tag based on the commit and tag -BUILD_ID=$(git describe --tags --always) - -# Determine the current branch -CURRENT_BRANCH="" -if [ -z ${BRANCH} ]; -then - CURRENT_BRANCH=$(git branch | grep \* | cut -d ' ' -f2) -else - CURRENT_BRANCH=${BRANCH} -fi - -#Depending on the branch where builds are generated, -# set the tag CI (fixed) and build tags. -BUILD_TAG="${CURRENT_BRANCH}-${BUILD_ID}" -CI_TAG="${CURRENT_BRANCH}-ci" -if [ ${CURRENT_BRANCH} = "master" ]; then - CI_TAG="ci" -fi - -echo "Set the fixed ci image tag as: ${CI_TAG}" -echo "Set the build/unique image tag as: ${BUILD_TAG}" - -function TagAndPushImage() { - REPO="$1" - # Trim the `v` from the TAG if it exists - # Example: v1.10.0 maps to 1.10.0 - # Example: 1.10.0 maps to 1.10.0 - # Example: v1.10.0-custom maps to 1.10.0-custom - TAG="${2#v}" - - #Add an option to specify a custom TAG_SUFFIX - #via environment variable. Default is no tag. - #Example suffix could be "-debug" of "-dev" - IMAGE_URI="${REPO}:${TAG}${TAG_SUFFIX}"; - sudo docker tag ${IMAGEID} ${IMAGE_URI}; - echo " push ${IMAGE_URI}"; - sudo docker push ${IMAGE_URI}; -} - - -if [ ! -z "${DNAME}" ] && [ ! -z "${DPASS}" ]; -then - sudo docker login -u "${DNAME}" -p "${DPASS}"; - - # Push CI tagged image - :ci or :branch-ci - TagAndPushImage "${DIMAGE}" "${CI_TAG}" - - # Push unique tagged image - :master- or :branch- - # This unique/build image will be pushed to corresponding ci repo. - TagAndPushImage "${DIMAGE}-ci" "${BUILD_TAG}" - - if [ ! -z "${RELEASE_TAG}" ] ; - then - # Push with different tags if tagged as a release - # When github is tagged with a release, then github action will - # set the release tag in env RELEASE_TAG - TagAndPushImage "${DIMAGE}" "${RELEASE_TAG}" - TagAndPushImage "${DIMAGE}" "latest" - fi; -else - echo "No docker credentials provided. Skip uploading ${DIMAGE} to docker hub"; -fi; - -# Push ci image to quay.io for security scanning -if [ ! -z "${QNAME}" ] && [ ! -z "${QPASS}" ]; -then - sudo docker login -u "${QNAME}" -p "${QPASS}" quay.io; - - # Push CI tagged image - :ci or :branch-ci - TagAndPushImage "quay.io/${DIMAGE}" "${CI_TAG}" - - if [ ! -z "${RELEASE_TAG}" ] ; - then - # Push with different tags if tagged as a release - # When github is tagged with a release, then github action will - # set the release tag in env RELEASE_TAG - # Trim the `v` from the RELEASE_TAG if it exists - TagAndPushImage "quay.io/${DIMAGE}" "${RELEASE_TAG}" - TagAndPushImage "quay.io/${DIMAGE}" "latest" - fi; -else - echo "No docker credentials provided. Skip uploading ${DIMAGE} to quay"; -fi; - -#Push image to run openebs-e2e based on git commit -if [ ! -z "${COMMIT}" ]; -then - sudo docker login -u "${GITLAB_DNAME}" -p "${GITLAB_DPASS}"; - - # Push COMMIT tagged image - :COMMIT - TagAndPushImage "${DIMAGE}" "${COMMIT}" -fi; diff --git a/dockerfiles/alpine-bash/Dockerfile b/dockerfiles/alpine-bash/Dockerfile new file mode 100644 index 0000000..96dd87a --- /dev/null +++ b/dockerfiles/alpine-bash/Dockerfile @@ -0,0 +1,14 @@ +FROM alpine:3.20.1 + +RUN apk add --no-cache bash + +ARG DBUILD_DATE +ARG DBUILD_REPO_URL="https://github.com/openebs/linux-utils" +ARG DBUILD_SITE_URL="https://www.openebs.io/" + +LABEL org.label-schema.schema-version="1.0" +LABEL org.label-schema.name="linux-utils" +LABEL org.label-schema.description="Linux Container for OpenEBS Helper jobs" +LABEL org.label-schema.build-date=$DBUILD_DATE +LABEL org.label-schema.vcs-url=$DBUILD_REPO_URL +LABEL org.label-schema.url=$DBUILD_SITE_URL diff --git a/dockerfiles/alpine-sh/Dockerfile b/dockerfiles/alpine-sh/Dockerfile new file mode 100644 index 0000000..87f8065 --- /dev/null +++ b/dockerfiles/alpine-sh/Dockerfile @@ -0,0 +1,12 @@ +FROM alpine:3.20.1 + +ARG DBUILD_DATE +ARG DBUILD_REPO_URL="https://github.com/openebs/linux-utils" +ARG DBUILD_SITE_URL="https://www.openebs.io/" + +LABEL org.label-schema.schema-version="1.0" +LABEL org.label-schema.name="linux-utils" +LABEL org.label-schema.description="Linux Container for OpenEBS Helper jobs" +LABEL org.label-schema.build-date=$DBUILD_DATE +LABEL org.label-schema.vcs-url=$DBUILD_REPO_URL +LABEL org.label-schema.url=$DBUILD_SITE_URL diff --git a/Dockerfile b/dockerfiles/linux-utils/Dockerfile similarity index 100% rename from Dockerfile rename to dockerfiles/linux-utils/Dockerfile