From 202deb965db6b7ef5b6fd19c358a78d8f2002243 Mon Sep 17 00:00:00 2001 From: Pawel Proskurnicki Date: Mon, 8 Jul 2024 15:12:32 +0200 Subject: [PATCH] docker: refactor docker folder structure - Refactored AS/KBS/rvps docker placement This change improves Dockerfile readability as current approach (format: Dockerfile.[name]) is not compatible with code inspection in IDEs which can lead to errors. Signed-off-by: Pawel Proskurnicki --- .github/workflows/as-docker-build.yml | 6 +++--- .github/workflows/kbs-docker-build.yml | 6 +++--- .github/workflows/push-as-image-to-ghcr.yml | 6 +++--- .github/workflows/push-kbs-image-to-ghcr.yml | 4 ++-- attestation-service/.dockerignore | 3 +-- .../{Dockerfile.as-grpc => docker/as-grpc/Dockerfile} | 0 .../{Dockerfile.as-restful => docker/as-restful/Dockerfile} | 0 attestation-service/docs/grpc-as.md | 2 +- attestation-service/docs/restful-as.md | 2 +- docker-compose.yml | 6 +++--- .../{Dockerfile.coco-as-grpc => coco-as-grpc/Dockerfile} | 0 .../Dockerfile} | 0 kbs/docker/{Dockerfile.rhel-ubi => rhel-ubi/Dockerfile} | 0 rvps/README.md | 4 ++-- rvps/{ => docker}/Dockerfile | 0 15 files changed, 19 insertions(+), 20 deletions(-) rename attestation-service/{Dockerfile.as-grpc => docker/as-grpc/Dockerfile} (100%) rename attestation-service/{Dockerfile.as-restful => docker/as-restful/Dockerfile} (100%) rename kbs/docker/{Dockerfile.coco-as-grpc => coco-as-grpc/Dockerfile} (100%) rename kbs/docker/{Dockerfile.intel-trust-authority => intel-trust-authority/Dockerfile} (100%) rename kbs/docker/{Dockerfile.rhel-ubi => rhel-ubi/Dockerfile} (100%) rename rvps/{ => docker}/Dockerfile (100%) diff --git a/.github/workflows/as-docker-build.yml b/.github/workflows/as-docker-build.yml index 129076d56..0bd1c3720 100644 --- a/.github/workflows/as-docker-build.yml +++ b/.github/workflows/as-docker-build.yml @@ -28,12 +28,12 @@ jobs: - name: Build gRPC AS Container Image run: | - DOCKER_BUILDKIT=1 docker build -t attestation-service:latest . -f attestation-service/Dockerfile.as-grpc + DOCKER_BUILDKIT=1 docker build -t attestation-service:latest . -f attestation-service/docker/as-grpc/Dockerfile - name: Build RESTful AS Container Image run: | - DOCKER_BUILDKIT=1 docker build -t attestation-service:latest . -f attestation-service/Dockerfile.as-restful + DOCKER_BUILDKIT=1 docker build -t attestation-service:latest . -f attestation-service/docker/as-restful/Dockerfile - name: Build RVPS Container Image run: | - Docker_BUILDKIT=1 docker build -t rvps:latest . -f rvps/Dockerfile \ No newline at end of file + Docker_BUILDKIT=1 docker build -t rvps:latest . -f rvps/docker/Dockerfile \ No newline at end of file diff --git a/.github/workflows/kbs-docker-build.yml b/.github/workflows/kbs-docker-build.yml index 7d9a29d53..96faee36b 100644 --- a/.github/workflows/kbs-docker-build.yml +++ b/.github/workflows/kbs-docker-build.yml @@ -17,6 +17,6 @@ jobs: run: | DOCKER_BUILDKIT=1 docker build -t kbs:coco-as . -f kbs/docker/Dockerfile; \ DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-openssl --build-arg KBS_FEATURES=coco-as-builtin,openssl,resource,opa . -f kbs/docker/Dockerfile; \ - DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-grpc . -f kbs/docker/Dockerfile.coco-as-grpc; \ - DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-rhel-ubi . -f kbs/docker/Dockerfile.rhel-ubi; \ - DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-ita . -f kbs/docker/Dockerfile.intel-trust-authority + DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-grpc . -f kbs/docker/coco-as-grpc/Dockerfile; \ + DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-rhel-ubi . -f kbs/docker/rhel-ubi/Dockerfile; \ + DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-ita . -f kbs/docker/intel-trust-authority/Dockerfile diff --git a/.github/workflows/push-as-image-to-ghcr.yml b/.github/workflows/push-as-image-to-ghcr.yml index 7f5caa929..667081ba8 100644 --- a/.github/workflows/push-as-image-to-ghcr.yml +++ b/.github/workflows/push-as-image-to-ghcr.yml @@ -20,13 +20,13 @@ jobs: - coco-as-restful - rvps include: - - docker_file: attestation-service/Dockerfile.as-grpc + - docker_file: attestation-service/docker/as-grpc/Dockerfile tag: coco-as-grpc name: gRPC CoCo-AS - - docker_file: attestation-service/Dockerfile.as-restful + - docker_file: attestation-service/docker/as-restful/Dockerfile tag: coco-as-restful name: RESTful CoCo-AS - - docker_file: rvps/Dockerfile + - docker_file: rvps/docker/Dockerfile tag: rvps name: RVPS runs-on: ${{ matrix.instance }} diff --git a/.github/workflows/push-kbs-image-to-ghcr.yml b/.github/workflows/push-kbs-image-to-ghcr.yml index 36f6e6439..7fa252321 100644 --- a/.github/workflows/push-kbs-image-to-ghcr.yml +++ b/.github/workflows/push-kbs-image-to-ghcr.yml @@ -28,11 +28,11 @@ jobs: https_crypto: openssl name: build-in AS - tag: kbs-grpc-as - docker_file: kbs/docker/Dockerfile.coco-as-grpc + docker_file: kbs/docker/coco-as-grpc/Dockerfile https_crypto: rustls name: gRPC AS - tag: kbs-ita-as - docker_file: kbs/docker/Dockerfile.intel-trust-authority + docker_file: kbs/docker/intel-trust-authority/Dockerfile https_crypto: rustls name: Intel Trust Authority AS diff --git a/attestation-service/.dockerignore b/attestation-service/.dockerignore index c81564d65..98d036a1d 100644 --- a/attestation-service/.dockerignore +++ b/attestation-service/.dockerignore @@ -1,4 +1,3 @@ target -Dockerfile.as* -Dockerfile.rvps \ No newline at end of file +docker \ No newline at end of file diff --git a/attestation-service/Dockerfile.as-grpc b/attestation-service/docker/as-grpc/Dockerfile similarity index 100% rename from attestation-service/Dockerfile.as-grpc rename to attestation-service/docker/as-grpc/Dockerfile diff --git a/attestation-service/Dockerfile.as-restful b/attestation-service/docker/as-restful/Dockerfile similarity index 100% rename from attestation-service/Dockerfile.as-restful rename to attestation-service/docker/as-restful/Dockerfile diff --git a/attestation-service/docs/grpc-as.md b/attestation-service/docs/grpc-as.md index 71fe12d33..5fb024a3e 100644 --- a/attestation-service/docs/grpc-as.md +++ b/attestation-service/docs/grpc-as.md @@ -106,7 +106,7 @@ Build and run container image ```shell git clone https://github.com/confidential-containers/trustee cd trustee -docker build -t coco-as:grpc -f attestation-service/Dockerfile.as-grpc . +docker build -t coco-as:grpc -f attestation-service/docker/as-grpc/Dockerfile . ``` ### API diff --git a/attestation-service/docs/restful-as.md b/attestation-service/docs/restful-as.md index ac42eeb84..9af809707 100644 --- a/attestation-service/docs/restful-as.md +++ b/attestation-service/docs/restful-as.md @@ -96,7 +96,7 @@ Build and run container image ```shell git clone https://github.com/confidential-containers/trustee cd trustee -docker build -t coco-as:restful -f attestation-service/Dockerfile.as-restful . +docker build -t coco-as:restful -f attestation-service/docker/as-restful/Dockerfile . ``` ### HTTPS support diff --git a/docker-compose.yml b/docker-compose.yml index 2250258a7..75b493ca7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ services: kbs: build: context: . - dockerfile: ./kbs/docker/Dockerfile.coco-as-grpc + dockerfile: kbs/docker/coco-as-grpc/Dockerfile #image: ghcr.io/confidential-containers/key-broker-service:latest command: [ "/usr/local/bin/kbs", @@ -23,7 +23,7 @@ services: as: build: context: . - dockerfile: ./attestation-service/Dockerfile.as-grpc + dockerfile: attestation-service/docker/as-grpc/Dockerfile #image: ghcr.io/confidential-containers/attestation-service:latest ports: - "50004:50004" @@ -46,7 +46,7 @@ services: #image: ghcr.io/confidential-containers/reference-value-provider-service:latest build: context: . - dockerfile: ./rvps/Dockerfile + dockerfile: rvps/docker/Dockerfile restart: always # keep the server running ports: - "50003:50003" diff --git a/kbs/docker/Dockerfile.coco-as-grpc b/kbs/docker/coco-as-grpc/Dockerfile similarity index 100% rename from kbs/docker/Dockerfile.coco-as-grpc rename to kbs/docker/coco-as-grpc/Dockerfile diff --git a/kbs/docker/Dockerfile.intel-trust-authority b/kbs/docker/intel-trust-authority/Dockerfile similarity index 100% rename from kbs/docker/Dockerfile.intel-trust-authority rename to kbs/docker/intel-trust-authority/Dockerfile diff --git a/kbs/docker/Dockerfile.rhel-ubi b/kbs/docker/rhel-ubi/Dockerfile similarity index 100% rename from kbs/docker/Dockerfile.rhel-ubi rename to kbs/docker/rhel-ubi/Dockerfile diff --git a/rvps/README.md b/rvps/README.md index 165f1220a..3500d3f09 100644 --- a/rvps/README.md +++ b/rvps/README.md @@ -5,7 +5,7 @@ All the reference values will be stored inside RVPS. When AS queries specific so ## Architecture -RVPS contains the following componants: +RVPS contains the following components: - Pre-Processor : Pre-Processor contains a set of Wares (like Middleware). The Wares can process the input Message and then deliver it to the Extractors. @@ -72,7 +72,7 @@ By default listen to `localhost:50003` to wait for requests We can build RVPS docker image ```bash -cd .. && docker build -t rvps -f rvps/Dockerfile . +cd .. && docker build -t rvps -f rvps/docker/Dockerfile . ``` Run diff --git a/rvps/Dockerfile b/rvps/docker/Dockerfile similarity index 100% rename from rvps/Dockerfile rename to rvps/docker/Dockerfile