From 72a6fe4761aa25b435d4d1a35ae0aa635948cc58 Mon Sep 17 00:00:00 2001 From: sg Date: Thu, 12 Sep 2024 20:24:00 +0100 Subject: [PATCH 1/7] make build component containers script build using a base dockerfile that has certificates --- containers/Dockerfile.base | 15 +++++++++++++++ containers/Dockerfile.base.image | 4 ++++ scripts/build_component_container.sh | 21 +++++++++++++++------ 3 files changed, 34 insertions(+), 6 deletions(-) create mode 100644 containers/Dockerfile.base create mode 100644 containers/Dockerfile.base.image diff --git a/containers/Dockerfile.base b/containers/Dockerfile.base new file mode 100644 index 000000000..122310858 --- /dev/null +++ b/containers/Dockerfile.base @@ -0,0 +1,15 @@ +FROM golang:alpine AS builder + +RUN apk update && \ + apk upgrade && \ + apk add --no-cache ca-certificates && \ + update-ca-certificates + +FROM scratch + +ARG executable_path + +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ + +COPY ${executable_path} /app/${executable_path} +ENTRYPOINT ["/app/${executable_path}"] diff --git a/containers/Dockerfile.base.image b/containers/Dockerfile.base.image new file mode 100644 index 000000000..aa83bcb1c --- /dev/null +++ b/containers/Dockerfile.base.image @@ -0,0 +1,4 @@ +FROM ${BASE_IMAGE:-scratch} +ARG executable_path +COPY ${executable_path} /app/${executable_path} +ENTRYPOINT ["/app/${executable_path}"] diff --git a/scripts/build_component_container.sh b/scripts/build_component_container.sh index 2ad5e8d9e..d7078aecf 100755 --- a/scripts/build_component_container.sh +++ b/scripts/build_component_container.sh @@ -3,6 +3,7 @@ set -e; source ./scripts/util.sh +containers_path=./containers if [ "$#" -eq 0 ] then @@ -23,14 +24,22 @@ if make -C "${executable_src_path}" --no-print-directory --dry-run container >/d then make -C "${executable_src_path}" --no-print-directory --quiet container CONTAINER_REPO="${CONTAINER_REPO}" DRACON_VERSION="${DRACON_VERSION}" else - dockerfile_template=" - FROM ${BASE_IMAGE:-scratch} \n - COPY ${executable_path} /app/${executable_path} \n - ENTRYPOINT ["/app/${executable_path}"] \n - " + dockerfile_template="" + if [[ -v "${BASE_IMAGE+x}" && -n "${BASE_IMAGE+x}" ]] + then + echo "Using base image: ${BASE_IMAGE}" + dockerfile_template=$(cat "${containers_path}/Dockerfile.base.image") + else + BASE_IMAGE='' + dockerfile_template=$(cat "${containers_path}/Dockerfile.base") + fi + dockerfile_path=$(mktemp) printf "${dockerfile_template}" > "${dockerfile_path}" - docker build -t "${CONTAINER_REPO}/${executable_src_path}:${DRACON_VERSION}" \ + docker build \ + --build-arg executable_path=${executable_path}\ + --build-arg BASE_IMAGE=${BASE_IMAGE}\ + -t "${CONTAINER_REPO}/${executable_src_path}:${DRACON_VERSION}" \ $([ "${SOURCE_CODE_REPO}" != "" ] && echo "--label=org.opencontainers.image.source=${SOURCE_CODE_REPO}" ) \ -f "${dockerfile_path}" ./bin fi From a43eb36958ca1527ee21f1e023ebf84798a4eed5 Mon Sep 17 00:00:00 2001 From: sg Date: Thu, 12 Sep 2024 20:26:14 +0100 Subject: [PATCH 2/7] change all docker and makefiles from components that needed certificates since now the base image has certs --- .../consumers/dependency-track/Dockerfile | 7 ------- components/consumers/dependency-track/Makefile | 17 ----------------- components/consumers/jira/Dockerfile | 7 ------- components/consumers/jira/Makefile | 17 ----------------- components/consumers/slack/Dockerfile | 7 ------- components/consumers/slack/Makefile | 17 ----------------- .../producers/github-code-scanning/Makefile | 4 ---- components/producers/ossf-scorecard/Dockerfile | 7 +------ components/producers/ossf-scorecard/Makefile | 2 +- .../typescript-eslint/eslint-wrapper/Dockerfile | 2 +- .../typescript-eslint/eslint-wrapper/Makefile | 1 - 11 files changed, 3 insertions(+), 85 deletions(-) delete mode 100644 components/consumers/dependency-track/Dockerfile delete mode 100644 components/consumers/dependency-track/Makefile delete mode 100644 components/consumers/jira/Dockerfile delete mode 100644 components/consumers/jira/Makefile delete mode 100644 components/consumers/slack/Dockerfile delete mode 100644 components/consumers/slack/Makefile diff --git a/components/consumers/dependency-track/Dockerfile b/components/consumers/dependency-track/Dockerfile deleted file mode 100644 index 17a6cd3ae..000000000 --- a/components/consumers/dependency-track/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM alpine:3.20 - -RUN apk add --no-cache ca-certificates - -COPY ./components/consumers/dependency-track/dependency-track /app/components/consumers/dependency-track/dependency-track - -ENTRYPOINT ["/app/components/consumers/dependency-track/dependency-track"] diff --git a/components/consumers/dependency-track/Makefile b/components/consumers/dependency-track/Makefile deleted file mode 100644 index b160f0073..000000000 --- a/components/consumers/dependency-track/Makefile +++ /dev/null @@ -1,17 +0,0 @@ -.PHONY: container publish - -CONTAINER_REPO= -DRACON_VERSION= -SOURCE_CODE_REPO= -PRODUCER_AGGREGATOR_BASE_IMAGE=$(shell test -e .custom_image && cat .custom_image || echo "scratch") - -DOCKER=docker - -container: - $(DOCKER) build --tag $(CONTAINER_REPO)/components/consumers/dependency-track:$(DRACON_VERSION) \ - --file Dockerfile \ - $$([ "${SOURCE_CODE_REPO}" != "" ] && echo "--label=org.opencontainers.image.source=${SOURCE_CODE_REPO}" ) \ - ../../../bin 1>&2 - -publish: - $(DOCKER) push $(CONTAINER_REPO)/components/consumers/dependency-track:$(DRACON_VERSION) 1>&2 diff --git a/components/consumers/jira/Dockerfile b/components/consumers/jira/Dockerfile deleted file mode 100644 index 003b59928..000000000 --- a/components/consumers/jira/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM alpine:3.20 - -RUN apk add --no-cache ca-certificates - -COPY ./components/consumers/jira/jira /app/components/consumers/jira/jira - -ENTRYPOINT ["/app/components/consumers/jira/jira"] diff --git a/components/consumers/jira/Makefile b/components/consumers/jira/Makefile deleted file mode 100644 index bb2408a88..000000000 --- a/components/consumers/jira/Makefile +++ /dev/null @@ -1,17 +0,0 @@ -.PHONY: container publish - -CONTAINER_REPO= -DRACON_VERSION= -SOURCE_CODE_REPO= -PRODUCER_AGGREGATOR_BASE_IMAGE=$(shell test -e .custom_image && cat .custom_image || echo "scratch") - -DOCKER=docker - -container: - $(DOCKER) build --tag $(CONTAINER_REPO)/components/consumers/jira:$(DRACON_VERSION) \ - --file Dockerfile \ - $$([ "${SOURCE_CODE_REPO}" != "" ] && echo "--label=org.opencontainers.image.source=${SOURCE_CODE_REPO}" ) \ - ../../../bin 1>&2 - -publish: - $(DOCKER) push $(CONTAINER_REPO)/components/consumers/jira:$(DRACON_VERSION) 1>&2 diff --git a/components/consumers/slack/Dockerfile b/components/consumers/slack/Dockerfile deleted file mode 100644 index 8d0a1774e..000000000 --- a/components/consumers/slack/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM alpine:3.20 - -RUN apk add --no-cache ca-certificates - -COPY ./components/consumers/slack/slack /app/components/consumers/slack/slack - -ENTRYPOINT ["/app/components/consumers/slack/slack"] \ No newline at end of file diff --git a/components/consumers/slack/Makefile b/components/consumers/slack/Makefile deleted file mode 100644 index abf3c1326..000000000 --- a/components/consumers/slack/Makefile +++ /dev/null @@ -1,17 +0,0 @@ -.PHONY: container publish - -CONTAINER_REPO= -DRACON_VERSION= -SOURCE_CODE_REPO= -PRODUCER_AGGREGATOR_BASE_IMAGE=$(shell test -e .custom_image && cat .custom_image || echo "scratch") - -DOCKER=docker - -container: - $(DOCKER) build --tag $(CONTAINER_REPO)/components/consumers/slack:$(DRACON_VERSION) \ - --file Dockerfile \ - $$([ "${SOURCE_CODE_REPO}" != "" ] && echo "--label=org.opencontainers.image.source=${SOURCE_CODE_REPO}" ) \ - ../../../bin 1>&2 - -publish: - $(DOCKER) push $(CONTAINER_REPO)/components/consumers/slack:$(DRACON_VERSION) 1>&2 diff --git a/components/producers/github-code-scanning/Makefile b/components/producers/github-code-scanning/Makefile index 949c455e1..38c48a62f 100644 --- a/components/producers/github-code-scanning/Makefile +++ b/components/producers/github-code-scanning/Makefile @@ -3,7 +3,6 @@ CONTAINER_REPO= DRACON_VERSION= SOURCE_CODE_REPO= -PRODUCER_AGGREGATOR_BASE_IMAGE=$(shell test -e .custom_image && cat .custom_image || echo "scratch") DOCKER=docker @@ -12,6 +11,3 @@ container: --file Dockerfile \ $$([ "${SOURCE_CODE_REPO}" != "" ] && echo "--label=org.opencontainers.image.source=${SOURCE_CODE_REPO}" ) \ ../../../bin 1>&2 - -publish: - $(DOCKER) push $(CONTAINER_REPO)/components/producers/github-code-scanning:$(DRACON_VERSION) 1>&2 diff --git a/components/producers/ossf-scorecard/Dockerfile b/components/producers/ossf-scorecard/Dockerfile index d81c6bc86..ef4096e77 100644 --- a/components/producers/ossf-scorecard/Dockerfile +++ b/components/producers/ossf-scorecard/Dockerfile @@ -1,8 +1,3 @@ -ARG OSSF_SCORECARD_SAFETY_BASE_IMAGE FROM gcr.io/openssf/scorecard:stable -FROM ${OSSF_SCORECARD_SAFETY_BASE_IMAGE} - -COPY --from=0 /scorecard /scorecard - -ENTRYPOINT ["/scorecard"] \ No newline at end of file +ENTRYPOINT ["/scorecard"] diff --git a/components/producers/ossf-scorecard/Makefile b/components/producers/ossf-scorecard/Makefile index e93faa1f5..ccc8e9de9 100644 --- a/components/producers/ossf-scorecard/Makefile +++ b/components/producers/ossf-scorecard/Makefile @@ -2,7 +2,7 @@ CONTAINER_REPO= DRACON_VERSION= -OSSF_SCORECARD_SAFETY_BASE_IMAGE=$(shell test -e .custom_image && cat .custom_image || echo "alpine:latest") +OSSF_SCORECARD_SAFETY_BASE_IMAGE="alpine:latest" DOCKER=docker diff --git a/components/producers/typescript-eslint/eslint-wrapper/Dockerfile b/components/producers/typescript-eslint/eslint-wrapper/Dockerfile index 134be31fd..35e358a2b 100644 --- a/components/producers/typescript-eslint/eslint-wrapper/Dockerfile +++ b/components/producers/typescript-eslint/eslint-wrapper/Dockerfile @@ -1,5 +1,5 @@ ARG ESLINT_WRAPPER_BASE_IMAGE -FROM ${ESLINT_WRAPPER_BASE_IMAGE} +FROM ${ESLINT_WRAPPER_BASE_IMAGE:-node:lts} WORKDIR /home/node/workspace COPY components/producers/typescript-eslint/eslint-wrapper/eslintrc.js /home/node/workspace diff --git a/components/producers/typescript-eslint/eslint-wrapper/Makefile b/components/producers/typescript-eslint/eslint-wrapper/Makefile index a4e344bfc..a4e3c8ce0 100644 --- a/components/producers/typescript-eslint/eslint-wrapper/Makefile +++ b/components/producers/typescript-eslint/eslint-wrapper/Makefile @@ -2,7 +2,6 @@ CONTAINER_REPO= DRACON_VERSION= -ESLINT_WRAPPER_BASE_IMAGE=$(shell test -e .custom_image && cat .custom_image || echo "node:lts") DOCKER=docker From a87a52f41b837a0585aaae9f5337408b1ba78fc6 Mon Sep 17 00:00:00 2001 From: sg Date: Thu, 12 Sep 2024 20:22:34 +0100 Subject: [PATCH 3/7] remove scratch as the explicit BASE_IMAGE in the makefile --- Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/Makefile b/Makefile index d177ec5d2..ad5e8cf75 100644 --- a/Makefile +++ b/Makefile @@ -34,7 +34,6 @@ PG_VERSION=11.9.8 DRACON_NS=dracon TEKTON_NS=tekton-pipelines ARANGODB_NS=arangodb -BASE_IMAGE=scratch DOCKER=docker PROTOC=protoc From ef50fe06a841d8e8f2cf3f132aa2bfb957501247 Mon Sep 17 00:00:00 2001 From: sg Date: Thu, 12 Sep 2024 20:26:52 +0100 Subject: [PATCH 4/7] make producer aggregator work with new base image --- components/producers/aggregator/Dockerfile | 4 ++-- components/producers/aggregator/Makefile | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/components/producers/aggregator/Dockerfile b/components/producers/aggregator/Dockerfile index 3f74d3b26..424d64e69 100644 --- a/components/producers/aggregator/Dockerfile +++ b/components/producers/aggregator/Dockerfile @@ -1,5 +1,5 @@ -ARG PRODUCER_AGGREGATOR_BASE_IMAGE -FROM ${PRODUCER_AGGREGATOR_BASE_IMAGE} +ARG BASE_IMAGE +FROM ${BASE_IMAGE:-scratch} COPY ./components/producers/aggregator/aggregator-parser /app/components/producers/aggregator/tagger diff --git a/components/producers/aggregator/Makefile b/components/producers/aggregator/Makefile index bc174363f..bd0fdaa48 100644 --- a/components/producers/aggregator/Makefile +++ b/components/producers/aggregator/Makefile @@ -3,7 +3,6 @@ CONTAINER_REPO= DRACON_VERSION= SOURCE_CODE_REPO= -PRODUCER_AGGREGATOR_BASE_IMAGE=$(shell test -e .custom_image && cat .custom_image || echo "scratch") DOCKER=docker @@ -11,7 +10,7 @@ container: $(DOCKER) build --tag $(CONTAINER_REPO)/components/producers/tagger:$(DRACON_VERSION) \ --file Dockerfile \ $$([ "${SOURCE_CODE_REPO}" != "" ] && echo "--label=org.opencontainers.image.source=${SOURCE_CODE_REPO}" ) \ - --build-arg PRODUCER_AGGREGATOR_BASE_IMAGE=$(PRODUCER_AGGREGATOR_BASE_IMAGE) ../../../bin 1>&2 + --build-arg BASE_IMAGE=$(BASE_IMAGE) ../../../bin 1>&2 publish: $(DOCKER) push $(CONTAINER_REPO)/components/producers/tagger:$(DRACON_VERSION) 1>&2 From 2513e01188726c84c97d1c6f24a73dbcd3b269b0 Mon Sep 17 00:00:00 2001 From: andream16 Date: Fri, 13 Sep 2024 11:38:15 +0100 Subject: [PATCH 5/7] . --- Makefile | 6 +++--- scripts/build_component_container.sh | 7 ++++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index ad5e8cf75..3df84c5d0 100644 --- a/Makefile +++ b/Makefile @@ -46,7 +46,7 @@ export .PHONY: components component-binaries cmd/draconctl/bin protos build publish-component-containers publish-containers draconctl-image draconctl-image-publish clean-protos clean $(component_binaries): - CGO_ENABLED=0 ./scripts/build_component_binary.sh $@ + GOOS=linux GOARCH=arm64 CGO_ENABLED=0 ./scripts/build_component_binary.sh $@ component-binaries: $(component_binaries) @@ -56,10 +56,10 @@ $(component_containers): %/docker: %/bin components: $(component_containers) cmd/draconctl/bin: - CGO_ENABLED=0 go build -o bin/cmd/draconctl cmd/draconctl/main.go + GOOS=darwin GOARCH=arm64 CGO_ENABLED=0 go build -o bin/cmd/draconctl cmd/draconctl/main.go draconctl-image: cmd/draconctl/bin - $(DOCKER) build -t "${CONTAINER_REPO}/draconctl:${DRACON_VERSION}" \ + $(DOCKER) build --platform linux/arm64 -t "${CONTAINER_REPO}/draconctl:${DRACON_VERSION}" \ $$([ "${SOURCE_CODE_REPO}" != "" ] && echo "--label=org.opencontainers.image.source=${SOURCE_CODE_REPO}" ) \ -f containers/Dockerfile.draconctl . diff --git a/scripts/build_component_container.sh b/scripts/build_component_container.sh index d7078aecf..e47e6140c 100755 --- a/scripts/build_component_container.sh +++ b/scripts/build_component_container.sh @@ -25,7 +25,7 @@ then make -C "${executable_src_path}" --no-print-directory --quiet container CONTAINER_REPO="${CONTAINER_REPO}" DRACON_VERSION="${DRACON_VERSION}" else dockerfile_template="" - if [[ -v "${BASE_IMAGE+x}" && -n "${BASE_IMAGE+x}" ]] + if [[ -n "${BASE_IMAGE+x}" ]] then echo "Using base image: ${BASE_IMAGE}" dockerfile_template=$(cat "${containers_path}/Dockerfile.base.image") @@ -37,8 +37,9 @@ else dockerfile_path=$(mktemp) printf "${dockerfile_template}" > "${dockerfile_path}" docker build \ - --build-arg executable_path=${executable_path}\ - --build-arg BASE_IMAGE=${BASE_IMAGE}\ + --platform linux/arm64 \ + --build-arg EXECUTABLE_PATH=${executable_path} \ + --build-arg BASE_IMAGE=${BASE_IMAGE} \ -t "${CONTAINER_REPO}/${executable_src_path}:${DRACON_VERSION}" \ $([ "${SOURCE_CODE_REPO}" != "" ] && echo "--label=org.opencontainers.image.source=${SOURCE_CODE_REPO}" ) \ -f "${dockerfile_path}" ./bin From f3b0969283aeade6601566f0b96f657ca81095af Mon Sep 17 00:00:00 2001 From: andream16 Date: Fri, 13 Sep 2024 12:23:25 +0100 Subject: [PATCH 6/7] miao --- Makefile | 11 ++++++++--- scripts/build_component_container.sh | 2 +- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 3df84c5d0..9d02775ab 100644 --- a/Makefile +++ b/Makefile @@ -38,6 +38,11 @@ ARANGODB_NS=arangodb DOCKER=docker PROTOC=protoc +# https://docs.docker.com/build/building/multi-platform/ +# Make sure to always build containers using AMD64 but allow to be overridden by users if need for cross-os compatibility. +GOOS=linux +GOARCH=amd64 + export ######################################## @@ -46,7 +51,7 @@ export .PHONY: components component-binaries cmd/draconctl/bin protos build publish-component-containers publish-containers draconctl-image draconctl-image-publish clean-protos clean $(component_binaries): - GOOS=linux GOARCH=arm64 CGO_ENABLED=0 ./scripts/build_component_binary.sh $@ + GOOS=$(GOOS) GOARCH=$(GOARCH) CGO_ENABLED=0 ./scripts/build_component_binary.sh $@ component-binaries: $(component_binaries) @@ -56,10 +61,10 @@ $(component_containers): %/docker: %/bin components: $(component_containers) cmd/draconctl/bin: - GOOS=darwin GOARCH=arm64 CGO_ENABLED=0 go build -o bin/cmd/draconctl cmd/draconctl/main.go + GOOS=darwin GOARCH=$(shell go env GOARCH) CGO_ENABLED=0 go build -o bin/cmd/draconctl cmd/draconctl/main.go draconctl-image: cmd/draconctl/bin - $(DOCKER) build --platform linux/arm64 -t "${CONTAINER_REPO}/draconctl:${DRACON_VERSION}" \ + $(DOCKER) build --platform $(GOOS)/$(GOARCH) -t "${CONTAINER_REPO}/draconctl:${DRACON_VERSION}" \ $$([ "${SOURCE_CODE_REPO}" != "" ] && echo "--label=org.opencontainers.image.source=${SOURCE_CODE_REPO}" ) \ -f containers/Dockerfile.draconctl . diff --git a/scripts/build_component_container.sh b/scripts/build_component_container.sh index e47e6140c..53cc69167 100755 --- a/scripts/build_component_container.sh +++ b/scripts/build_component_container.sh @@ -37,7 +37,7 @@ else dockerfile_path=$(mktemp) printf "${dockerfile_template}" > "${dockerfile_path}" docker build \ - --platform linux/arm64 \ + --platform "${GOOS}/${GOARCH}" \ --build-arg EXECUTABLE_PATH=${executable_path} \ --build-arg BASE_IMAGE=${BASE_IMAGE} \ -t "${CONTAINER_REPO}/${executable_src_path}:${DRACON_VERSION}" \ From ce04ecc71cc900e3e8b9b3cf60eeb116223b0160 Mon Sep 17 00:00:00 2001 From: andream16 Date: Fri, 13 Sep 2024 15:47:03 +0100 Subject: [PATCH 7/7] debugging --- components/producers/aggregator/Dockerfile | 5 +++- components/producers/aggregator/Makefile | 8 ++++++ .../producers/github-code-scanning/Dockerfile | 5 +++- .../producers/github-code-scanning/Makefile | 8 ++++++ .../eslint-wrapper/Dockerfile | 5 +++- .../typescript-eslint/eslint-wrapper/Makefile | 8 ++++++ containers/Dockerfile.base | 16 +++++++---- scripts/build_component_binary.sh | 7 +++-- scripts/build_component_container.sh | 28 ++++++------------- 9 files changed, 61 insertions(+), 29 deletions(-) diff --git a/components/producers/aggregator/Dockerfile b/components/producers/aggregator/Dockerfile index 424d64e69..618104b02 100644 --- a/components/producers/aggregator/Dockerfile +++ b/components/producers/aggregator/Dockerfile @@ -1,6 +1,9 @@ ARG BASE_IMAGE FROM ${BASE_IMAGE:-scratch} -COPY ./components/producers/aggregator/aggregator-parser /app/components/producers/aggregator/tagger +ARG GOOS +ARG GOARCH + +COPY ./components/producers/aggregator/${GOOS}/${GOARCH}/aggregator-parser /app/components/producers/aggregator/tagger ENTRYPOINT ["/app/components/producers/aggregator/tagger"] diff --git a/components/producers/aggregator/Makefile b/components/producers/aggregator/Makefile index bd0fdaa48..8f67eb3cc 100644 --- a/components/producers/aggregator/Makefile +++ b/components/producers/aggregator/Makefile @@ -4,10 +4,18 @@ CONTAINER_REPO= DRACON_VERSION= SOURCE_CODE_REPO= +# https://docs.docker.com/build/building/multi-platform/ +# Make sure to always build containers using AMD64 but allow to be overridden by users if need for cross-os compatibility. +GOOS=linux +GOARCH=amd64 + DOCKER=docker container: $(DOCKER) build --tag $(CONTAINER_REPO)/components/producers/tagger:$(DRACON_VERSION) \ + --platform $(GOOS)/$(GOARCH) \ + --build-arg GOOS=$(GOOS) \ + --build-arg GOARCH=$(GOARCH) \ --file Dockerfile \ $$([ "${SOURCE_CODE_REPO}" != "" ] && echo "--label=org.opencontainers.image.source=${SOURCE_CODE_REPO}" ) \ --build-arg BASE_IMAGE=$(BASE_IMAGE) ../../../bin 1>&2 diff --git a/components/producers/github-code-scanning/Dockerfile b/components/producers/github-code-scanning/Dockerfile index 8fe764be4..4895a0da2 100644 --- a/components/producers/github-code-scanning/Dockerfile +++ b/components/producers/github-code-scanning/Dockerfile @@ -1,7 +1,10 @@ FROM alpine:3.20 +ARG GOOS +ARG GOARCH + RUN apk add --no-cache ca-certificates -COPY ./components/producers/github-code-scanning/github-code-scanning-parser /app/components/producers/github-code-scanning/github-code-scanning-parser +COPY ./components/producers/github-code-scanning/${GOOS}/${GOARCH}/github-code-scanning-parser /app/components/producers/github-code-scanning/github-code-scanning-parser ENTRYPOINT ["/app/components/producers/github-code-scanning/github-code-scanning-parser"] diff --git a/components/producers/github-code-scanning/Makefile b/components/producers/github-code-scanning/Makefile index 38c48a62f..b35791c57 100644 --- a/components/producers/github-code-scanning/Makefile +++ b/components/producers/github-code-scanning/Makefile @@ -4,10 +4,18 @@ CONTAINER_REPO= DRACON_VERSION= SOURCE_CODE_REPO= +# https://docs.docker.com/build/building/multi-platform/ +# Make sure to always build containers using AMD64 but allow to be overridden by users if need for cross-os compatibility. +GOOS=linux +GOARCH=amd64 + DOCKER=docker container: $(DOCKER) build --tag $(CONTAINER_REPO)/components/producers/github-code-scanning:$(DRACON_VERSION) \ + --platform $(GOOS)/$(GOARCH) \ + --build-arg GOOS=$(GOOS) \ + --build-arg GOARCH=$(GOARCH) \ --file Dockerfile \ $$([ "${SOURCE_CODE_REPO}" != "" ] && echo "--label=org.opencontainers.image.source=${SOURCE_CODE_REPO}" ) \ ../../../bin 1>&2 diff --git a/components/producers/typescript-eslint/eslint-wrapper/Dockerfile b/components/producers/typescript-eslint/eslint-wrapper/Dockerfile index 35e358a2b..71260b1e8 100644 --- a/components/producers/typescript-eslint/eslint-wrapper/Dockerfile +++ b/components/producers/typescript-eslint/eslint-wrapper/Dockerfile @@ -1,10 +1,13 @@ ARG ESLINT_WRAPPER_BASE_IMAGE FROM ${ESLINT_WRAPPER_BASE_IMAGE:-node:lts} +ARG GOOS +ARG GOARCH + WORKDIR /home/node/workspace COPY components/producers/typescript-eslint/eslint-wrapper/eslintrc.js /home/node/workspace COPY components/producers/typescript-eslint/eslint-wrapper/package.json /home/node/workspace -COPY bin/components/producers/typescript-eslint/eslint-wrapper/eslint-wrapper-parser /home/node/workspace/ +COPY bin/components/producers/typescript-eslint/eslint-wrapper/${GOOS}/${GOARCH}/eslint-wrapper-parser /home/node/workspace/ RUN npm uninstall --save bcrypt &&\ npm install --save-dev \ diff --git a/components/producers/typescript-eslint/eslint-wrapper/Makefile b/components/producers/typescript-eslint/eslint-wrapper/Makefile index a4e3c8ce0..fe9c778a5 100644 --- a/components/producers/typescript-eslint/eslint-wrapper/Makefile +++ b/components/producers/typescript-eslint/eslint-wrapper/Makefile @@ -3,10 +3,18 @@ CONTAINER_REPO= DRACON_VERSION= +# https://docs.docker.com/build/building/multi-platform/ +# Make sure to always build containers using AMD64 but allow to be overridden by users if need for cross-os compatibility. +GOOS=linux +GOARCH=amd64 + DOCKER=docker container: $(DOCKER) build --tag $(CONTAINER_REPO)/components/producers/typescript-eslint/eslint-wrapper:$(DRACON_VERSION) \ + --platform $(GOOS)/$(GOARCH) \ + --build-arg GOOS=$(GOOS) \ + --build-arg GOARCH=$(GOARCH) \ --file Dockerfile \ $$([ "${SOURCE_CODE_REPO}" != "" ] && echo "--label=org.opencontainers.image.source=${SOURCE_CODE_REPO}" ) \ --build-arg ESLINT_WRAPPER_BASE_IMAGE=$(ESLINT_WRAPPER_BASE_IMAGE) ../../../.. 1>&2 diff --git a/containers/Dockerfile.base b/containers/Dockerfile.base index 122310858..5f3c57bae 100644 --- a/containers/Dockerfile.base +++ b/containers/Dockerfile.base @@ -1,15 +1,21 @@ FROM golang:alpine AS builder +ARG EXECUTABLE_SRC_PATH +ARG EXECUTABLE_TARGET_PATH +ENV EXECUTABLE_TARGET_PATH=${EXECUTABLE_TARGET_PATH} +COPY ${EXECUTABLE_SRC_PATH} /app/${EXECUTABLE_TARGET_PATH} + RUN apk update && \ apk upgrade && \ apk add --no-cache ca-certificates && \ - update-ca-certificates + update-ca-certificates && \ + ln -s /app/${EXECUTABLE_TARGET_PATH} /bin/component FROM scratch -ARG executable_path - +ARG EXECUTABLE_TARGET_PATH COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=builder /app/${EXECUTABLE_TARGET_PATH} /app/${EXECUTABLE_TARGET_PATH} +COPY --from=builder /bin/component /bin/component -COPY ${executable_path} /app/${executable_path} -ENTRYPOINT ["/app/${executable_path}"] +ENTRYPOINT ["/bin/component"] diff --git a/scripts/build_component_binary.sh b/scripts/build_component_binary.sh index 64d97e651..9e415d74d 100755 --- a/scripts/build_component_binary.sh +++ b/scripts/build_component_binary.sh @@ -19,6 +19,9 @@ echo "${1}" | grep -Eq ^components/consumers/.*$ && executable="${executable}" | executable_src_path=$(dirname "${1}") executable_path=$(dirname $(dirname "${1}"))/"${executable}" -echo "building bin/${executable_path}/${executable}" > /dev/stderr +# Customised bin per OS/ARCH. +out_bin_path="bin/${executable_src_path}/${GOOS}/${GOARCH}/${executable}" -go build -o "bin/${executable_src_path}/${executable}" "./${executable_src_path}/main.go" +echo "building $out_bin_path" > /dev/stderr + +go build -o $out_bin_path "./${executable_src_path}/main.go" diff --git a/scripts/build_component_container.sh b/scripts/build_component_container.sh index 53cc69167..5decfc650 100755 --- a/scripts/build_component_container.sh +++ b/scripts/build_component_container.sh @@ -3,7 +3,6 @@ set -e; source ./scripts/util.sh -containers_path=./containers if [ "$#" -eq 0 ] then @@ -17,32 +16,23 @@ echo "${1}" | grep -Eq ^components/producers/.*$ && executable="${executable}-pa echo "${1}" | grep -Eq ^components/enrichers/.*$ && executable="${executable}" || true echo "${1}" | grep -Eq ^components/consumers/.*$ && executable="${executable}" || true +container_platform=${GOOS}/${GOARCH} executable_src_path=$(dirname "${1}") -executable_path=$(dirname "${1}")/"${executable}" +executable_path=$(dirname "${1}")/"${container_platform}/${executable}" + +BASE_IMAGE_PATH=$(realpath ${BASE_IMAGE_PATH:-./containers/Dockerfile.base}) if make -C "${executable_src_path}" --no-print-directory --dry-run container >/dev/null 2>&1 then - make -C "${executable_src_path}" --no-print-directory --quiet container CONTAINER_REPO="${CONTAINER_REPO}" DRACON_VERSION="${DRACON_VERSION}" + make -C "${executable_src_path}" --no-print-directory --quiet container BASE_IMAGE_PATH="${BASE_IMAGE_PATH}" CONTAINER_REPO="${CONTAINER_REPO}" DRACON_VERSION="${DRACON_VERSION}" else - dockerfile_template="" - if [[ -n "${BASE_IMAGE+x}" ]] - then - echo "Using base image: ${BASE_IMAGE}" - dockerfile_template=$(cat "${containers_path}/Dockerfile.base.image") - else - BASE_IMAGE='' - dockerfile_template=$(cat "${containers_path}/Dockerfile.base") - fi - - dockerfile_path=$(mktemp) - printf "${dockerfile_template}" > "${dockerfile_path}" docker build \ - --platform "${GOOS}/${GOARCH}" \ - --build-arg EXECUTABLE_PATH=${executable_path} \ - --build-arg BASE_IMAGE=${BASE_IMAGE} \ + --platform "${container_platform}" \ + --build-arg EXECUTABLE_SRC_PATH=${executable_path} \ + --build-arg EXECUTABLE_TARGET_PATH=${executable_path} \ -t "${CONTAINER_REPO}/${executable_src_path}:${DRACON_VERSION}" \ $([ "${SOURCE_CODE_REPO}" != "" ] && echo "--label=org.opencontainers.image.source=${SOURCE_CODE_REPO}" ) \ - -f "${dockerfile_path}" ./bin + -f "${BASE_IMAGE_PATH}" ./bin fi if make -C "${executable_src_path}" --no-print-directory --dry-run extras >/dev/null 2>&1