Skip to content

Commit

Permalink
feat: push Dockerfile to registry
Browse files Browse the repository at this point in the history
STONEBLD-2522

Signed-off-by: Chenxiong Qi <[email protected]>
  • Loading branch information
tkdchen committed Jul 5, 2024
1 parent 3b51b71 commit 1859ba7
Show file tree
Hide file tree
Showing 6 changed files with 146 additions and 0 deletions.
23 changes: 23 additions & 0 deletions task/build-image-manifest/0.1/build-image-manifest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -105,3 +105,26 @@ spec:
capabilities:
add:
- SETFCAP

- name: push-dockerfile
image: quay.io/konflux-ci/oras@sha256:5d0a8a5535fcc4ba467264cacbdeab2fb8662a538a61cb7fc8b3155e3f20fa39
env:
- name: IMAGE_DIGEST_FILE
value: $(results.IMAGE_DIGEST.path)
script: |
suffix=".dockerfile"
image_without_tag=${IMAGE%:*}
# remove the potential existing newline
manifest_digest=$(cat "${IMAGE_DIGEST_FILE}" | tr -d '\r\n')
df_image=${image_without_tag}:${manifest_digest/:/-}${suffix}
artype=application/vnd.konflux.dockerfile
dockerfile_path=$(mktemp --suffix="${suffix}")
arch_image_digest=$(oras manifest fetch "$IMAGE" | yq -P -oy | yq '.manifests[0].digest')
oras pull "${image_without_tag}@${arch_image_digest/:/-}${suffix}" >"$dockerfile_path"
echo "Selecting auth for $IMAGE"
select-oci-auth $IMAGE >auth.json
retry oras push --no-tty --registry-config auth.json --artifact-type "$artype" "$df_image" "$dockerfile_path"
24 changes: 24 additions & 0 deletions task/buildah-oci-ta/0.1/buildah-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,10 @@ spec:
echo "Cannot find Dockerfile $DOCKERFILE"
exit 1
fi
# Record the original Dockerfile for pushing later.
cp "$dockerfile_path" /shared/Dockerfile
if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] && grep -q '^\s*RUN \(./\)\?mvn' "$dockerfile_path"; then
sed -i -e "s|^\s*RUN \(\(./\)\?mvn\)\(.*\)|RUN echo \"<settings><mirrors><mirror><id>mirror.default</id><url>http://$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR/v1/cache/default/0/</url><mirrorOf>*</mirrorOf></mirror></mirrors></settings>\" > /tmp/settings.yaml; \1 -s /tmp/settings.yaml \3|g" "$dockerfile_path"
touch /var/lib/containers/java
Expand Down Expand Up @@ -544,3 +548,23 @@ spec:
- cyclonedx
- $(params.IMAGE)
workingDir: /var/workdir
- name: push-dockerfile
image: quay.io/konflux-ci/oras@sha256:5d0a8a5535fcc4ba467264cacbdeab2fb8662a538a61cb7fc8b3155e3f20fa39
env:
- name: IMAGE_DIGEST_FILE
value: $(results.IMAGE_DIGEST.path)
- name: DOCKERFILE_PATH
value: /shared/Dockerfile
script: |
suffix=".dockerfile"
image_without_tag=${IMAGE%:*}
# remove the potential existing newline
manifest_digest=$(cat "${IMAGE_DIGEST_FILE}" | tr -d '\r\n')
df_image=${image_without_tag}:${manifest_digest/:/-}${suffix}
artype=application/vnd.konflux.dockerfile
echo "Selecting auth for $IMAGE"
select-oci-auth $IMAGE >auth.json
cd "$(dirname $DOCKERFILE_PATH)"
retry oras push --no-tty --registry-config auth.json --artifact-type "$artype" "$df_image" "$(basename $DOCKERFILE_PATH)"
25 changes: 25 additions & 0 deletions task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,10 @@ spec:
echo "Cannot find Dockerfile $DOCKERFILE"
exit 1
fi
# Record the original Dockerfile for pushing later.
cp "$dockerfile_path" /shared/Dockerfile
if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] && grep -q '^\s*RUN \(./\)\?mvn' "$dockerfile_path"; then
sed -i -e "s|^\s*RUN \(\(./\)\?mvn\)\(.*\)|RUN echo \"<settings><mirrors><mirror><id>mirror.default</id><url>http://$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR/v1/cache/default/0/</url><mirrorOf>*</mirrorOf></mirror></mirrors></settings>\" > /tmp/settings.yaml; \1 -s /tmp/settings.yaml \3|g" "$dockerfile_path"
touch /var/lib/containers/java
Expand Down Expand Up @@ -619,6 +623,27 @@ spec:
image: quay.io/redhat-appstudio/cosign:v2.1.1@sha256:c883d6f8d39148f2cea71bff4622d196d89df3e510f36c140c097b932f0dd5d5
name: upload-sbom
workingDir: /var/workdir
- computeResources: {}
env:
- name: IMAGE_DIGEST_FILE
value: $(results.IMAGE_DIGEST.path)
- name: DOCKERFILE_PATH
value: /shared/Dockerfile
image: quay.io/konflux-ci/oras@sha256:5d0a8a5535fcc4ba467264cacbdeab2fb8662a538a61cb7fc8b3155e3f20fa39
name: push-dockerfile
script: |
suffix=".dockerfile"
image_without_tag=${IMAGE%:*}
# remove the potential existing newline
manifest_digest=$(cat "${IMAGE_DIGEST_FILE}" | tr -d '\r\n')
df_image=${image_without_tag}:${manifest_digest/:/-}${suffix}
artype=application/vnd.konflux.dockerfile
echo "Selecting auth for $IMAGE"
select-oci-auth $IMAGE >auth.json
cd "$(dirname $DOCKERFILE_PATH)"
retry oras push --no-tty --registry-config auth.json --artifact-type "$artype" "$df_image" "$(basename $DOCKERFILE_PATH)"
volumes:
- name: additional-secret
secret:
Expand Down
25 changes: 25 additions & 0 deletions task/buildah-remote/0.1/buildah-remote.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,10 @@ spec:
echo "Cannot find Dockerfile $DOCKERFILE"
exit 1
fi
# Record the original Dockerfile for pushing later.
cp "$dockerfile_path" /shared/Dockerfile
if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] && grep -q '^\s*RUN \(./\)\?mvn' "$dockerfile_path"; then
sed -i -e "s|^\s*RUN \(\(./\)\?mvn\)\(.*\)|RUN echo \"<settings><mirrors><mirror><id>mirror.default</id><url>http://$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR/v1/cache/default/0/</url><mirrorOf>*</mirrorOf></mirror></mirrors></settings>\" > /tmp/settings.yaml; \1 -s /tmp/settings.yaml \3|g" "$dockerfile_path"
touch /var/lib/containers/java
Expand Down Expand Up @@ -616,6 +620,27 @@ spec:
image: quay.io/redhat-appstudio/cosign:v2.1.1@sha256:c883d6f8d39148f2cea71bff4622d196d89df3e510f36c140c097b932f0dd5d5
name: upload-sbom
workingDir: $(workspaces.source.path)
- computeResources: {}
env:
- name: IMAGE_DIGEST_FILE
value: $(results.IMAGE_DIGEST.path)
- name: DOCKERFILE_PATH
value: /shared/Dockerfile
image: quay.io/konflux-ci/oras@sha256:5d0a8a5535fcc4ba467264cacbdeab2fb8662a538a61cb7fc8b3155e3f20fa39
name: push-dockerfile
script: |
suffix=".dockerfile"
image_without_tag=${IMAGE%:*}
# remove the potential existing newline
manifest_digest=$(cat "${IMAGE_DIGEST_FILE}" | tr -d '\r\n')
df_image=${image_without_tag}:${manifest_digest/:/-}${suffix}
artype=application/vnd.konflux.dockerfile
echo "Selecting auth for $IMAGE"
select-oci-auth $IMAGE >auth.json
cd "$(dirname $DOCKERFILE_PATH)"
retry oras push --no-tty --registry-config auth.json --artifact-type "$artype" "$df_image" "$(basename $DOCKERFILE_PATH)"
volumes:
- emptyDir: {}
name: varlibcontainers
Expand Down
23 changes: 23 additions & 0 deletions task/buildah-rhtap/0.1/buildah-rhtap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,8 @@ spec:
exit 1
fi
cp "$dockerfile_path" /tmp/files/Dockerfile
BUILDAH_ARGS=()
if [ -n "${BUILD_ARGS_FILE}" ]; then
BUILDAH_ARGS+=("--build-arg-file=${SOURCE_CODE_DIR}/${BUILD_ARGS_FILE}")
Expand Down Expand Up @@ -216,6 +218,27 @@ spec:
name: tmpfiles
workingDir: /tmp/files

- name: push-dockerfile
image: quay.io/konflux-ci/oras@sha256:5d0a8a5535fcc4ba467264cacbdeab2fb8662a538a61cb7fc8b3155e3f20fa39
env:
- name: IMAGE_DIGEST_FILE
value: $(results.IMAGE_DIGEST.path)
- name: DOCKERFILE_PATH
value: /tmp/files/Dockerfile
script: |
suffix=".dockerfile"
image_without_tag=${IMAGE%:*}
# remove the potential existing newline
manifest_digest=$(cat "${IMAGE_DIGEST_FILE}" | tr -d '\r\n')
df_image=${image_without_tag}:${manifest_digest/:/-}${suffix}
artype=application/vnd.konflux.dockerfile
echo "Selecting auth for $IMAGE"
select-oci-auth $IMAGE >auth.json
cd $(dirname "$DOCKERFILE_PATH")
retry oras push --no-tty --registry-config auth.json --artifact-type "$artype" "$df_image" "$(basename $DOCKERFILE_PATH)"
volumes:
- emptyDir: {}
name: varlibcontainers
Expand Down
26 changes: 26 additions & 0 deletions task/buildah/0.1/buildah.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,7 @@ spec:
type: string
- name: JAVA_COMMUNITY_DEPENDENCIES
description: The Java dependencies that came from community sources such as Maven central.

stepTemplate:
volumeMounts:
- mountPath: /shared
Expand Down Expand Up @@ -202,6 +203,10 @@ spec:
echo "Cannot find Dockerfile $DOCKERFILE"
exit 1
fi
# Record the original Dockerfile for pushing later.
cp "$dockerfile_path" /shared/Dockerfile
if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] && grep -q '^\s*RUN \(./\)\?mvn' "$dockerfile_path"; then
sed -i -e "s|^\s*RUN \(\(./\)\?mvn\)\(.*\)|RUN echo \"<settings><mirrors><mirror><id>mirror.default</id><url>http://$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR/v1/cache/default/0/</url><mirrorOf>*</mirrorOf></mirror></mirrors></settings>\" > /tmp/settings.yaml; \1 -s /tmp/settings.yaml \3|g" "$dockerfile_path"
touch /var/lib/containers/java
Expand Down Expand Up @@ -520,6 +525,27 @@ spec:
- $(params.IMAGE)
workingDir: $(workspaces.source.path)

- name: push-dockerfile
image: quay.io/konflux-ci/oras@sha256:5d0a8a5535fcc4ba467264cacbdeab2fb8662a538a61cb7fc8b3155e3f20fa39
env:
- name: IMAGE_DIGEST_FILE
value: $(results.IMAGE_DIGEST.path)
- name: DOCKERFILE_PATH
value: /shared/Dockerfile
script: |
suffix=".dockerfile"
image_without_tag=${IMAGE%:*}
# remove the potential existing newline
manifest_digest=$(cat "${IMAGE_DIGEST_FILE}" | tr -d '\r\n')
df_image=${image_without_tag}:${manifest_digest/:/-}${suffix}
artype=application/vnd.konflux.dockerfile
echo "Selecting auth for $IMAGE"
select-oci-auth $IMAGE >auth.json
cd "$(dirname $DOCKERFILE_PATH)"
retry oras push --no-tty --registry-config auth.json --artifact-type "$artype" "$df_image" "$(basename $DOCKERFILE_PATH)"
volumes:
- name: varlibcontainers
emptyDir: {}
Expand Down

0 comments on commit 1859ba7

Please sign in to comment.