Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 12207173bb6a04aaee24e6a7130473a9247cafc6 / . / Earthfile
blob: 71ba7bb44dea84a150489ccd240e271e7a445488 [file] [log] [blame]
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame^]1VERSION --use-copy-link --try 0.8
2
3ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
4
5lint:
6 BUILD +lint.ansible-lint
7 BUILD +lint.markdownlint
8 BUILD +lint.image-manifest
9
10lint.helm:
11 FROM alpine:3
12 RUN mkdir -p /output
13 COPY --dir charts/ /src
14 FOR CHART IN $(ls /src)
15 FOR VERSION IN $(seq 22 28)
16 COPY (+lint.helm.chart/junit.xml --CHART ${CHART} --VERSION "1.${VERSION}.0") /output/junit-helm-${CHART}-1-${VERSION}-0.xml
17 END
18 END
19 SAVE ARTIFACT /output AS LOCAL output
20
21lint.helm.chart:
22 FROM alpine:3
23 RUN apk add --no-cache git helm python3
24 RUN helm plugin install https://github.com/melmorabity/helm-kubeconform
25 RUN mkdir -p /cache /output
26 ARG --required CHART
27 COPY --dir charts/${CHART} /src
28 ARG --required VERSION
29 RUN \
30 --mount=type=cache,target=/cache \
31 helm kubeconform /src \
32 --cache /cache \
33 --schema-location default \
34 --schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' \
35 --ignore-missing-schemas \
36 --kube-version ${VERSION} \
37 --output junit 2> /output/junit.xml
38 SAVE ARTIFACT /output/junit.xml
39
40lint.markdownlint:
41 FROM davidanson/markdownlint-cli2
42 COPY --dir docs/ .markdownlint.yaml .markdownlint-cli2.jsonc /src
43 WORKDIR /src
44 TRY
45 RUN markdownlint-cli2 **
46 FINALLY
47 SAVE ARTIFACT /src/junit.xml AS LOCAL junit.xml
48 END
49
50lint.ansible-lint:
51 FROM registry.gitlab.com/pipeline-components/ansible-lint:latest
52 COPY --dir meta/ molecule/ playbooks/ plugins/ roles/ tests/ .ansible-lint CHANGELOG.md galaxy.yml /code
53 TRY
54 RUN ansible-lint -v --show-relpath -f pep8 --nocolor | ansible-lint-junit -o ansible-lint.xml
55 FINALLY
56 SAVE ARTIFACT ansible-lint.xml AS LOCAL ansible-lint.xml
57 END
58
59lint.image-manifest:
60 FROM quay.io/skopeo/stable:latest
61 COPY roles/defaults/vars/main.yml /defaults.yml
62 FOR IMAGE IN $(cat /defaults.yml | grep sha256 | cut -d' ' -f4 | sort | uniq | sed 's/:[^@]*//')
63 BUILD +lint.image-manifest.image --IMAGE ${IMAGE}
64 END
65
66lint.image-manifest.image:
67 FROM quay.io/skopeo/stable:latest
68 ARG --required IMAGE
69 RUN skopeo inspect --no-tags docker://${IMAGE} >/dev/null && echo "Manifest is valid for ${IMAGE}" || echo "Manifest is not valid for ${IMAGE}"
70
71unit.go:
72 FROM golang:1.21
73 RUN go install github.com/jstemmer/go-junit-report/v2@latest
74 COPY --dir go.mod go.sum /src
75 WORKDIR /src
76 RUN go mod download
77 COPY --dir charts/ cmd/ internal/ roles/ tools/ /src
78 TRY
79 RUN go test -v 2>&1 ./... | go-junit-report -set-exit-code > junit-go.xml
80 FINALLY
81 SAVE ARTIFACT /src/junit-go.xml AS LOCAL junit-go.xml
82 END
83
84build.collection:
85 FROM registry.gitlab.com/pipeline-components/ansible-lint:latest
86 COPY . /src
87 RUN ansible-galaxy collection build /src
88 SAVE ARTIFACT /code/*.tar.gz AS LOCAL dist/
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]89
Mohammed Naser168acc32024-01-09 17:15:26 -0500[diff] [blame]90go.build:
91 FROM golang:1.21
92 WORKDIR /src
93 ARG GOOS=linux
94 ARG GOARCH=amd64
95 ARG VARIANT
96 COPY --dir go.mod go.sum ./
97 RUN go mod download
98
99libvirt-tls-sidecar.build:
100 FROM +go.build
101 ARG GOOS=linux
102 ARG GOARCH=amd64
103 ARG VARIANT
104 COPY --dir cmd internal ./
105 RUN GOARM=${VARIANT#"v"} go build -o main cmd/libvirt-tls-sidecar/main.go
106 SAVE ARTIFACT ./main
107
108libvirt-tls-sidecar.platform-image:
109 ARG TARGETPLATFORM
110 ARG TARGETARCH
111 ARG TARGETVARIANT
112 FROM --platform=$TARGETPLATFORM ./images/base+image
113 COPY \
114 --platform=linux/amd64 \
115 (+libvirt-tls-sidecar.build/main --GOARCH=$TARGETARCH --VARIANT=$TARGETVARIANT) /usr/bin/libvirt-tls-sidecar
116 ENTRYPOINT ["/usr/bin/libvirt-tls-sidecar"]
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame^]117 SAVE IMAGE --push ${REGISTRY}/libvirt-tls-sidecar:latest
Mohammed Naser168acc32024-01-09 17:15:26 -0500[diff] [blame]118
119libvirt-tls-sidecar.image:
120 BUILD --platform=linux/amd64 --platform=linux/arm64 +libvirt-tls-sidecar.platform-image
121
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]122build.wheels:
Mohammed Naser7060df82023-12-29 15:12:17 -0500[diff] [blame]123 FROM ./images/builder+image
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]124 COPY pyproject.toml poetry.lock ./
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]125 ARG --required only
126 RUN poetry export --only=${only} -f requirements.txt --without-hashes > requirements.txt
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]127 RUN pip wheel -r requirements.txt --wheel-dir=/wheels
128 SAVE ARTIFACT requirements.txt
129 SAVE ARTIFACT /wheels
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]130 SAVE IMAGE --cache-hint
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]131
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]132build.venv:
133 ARG --required only
134 FROM +build.wheels --only ${only}
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]135 RUN python3 -m venv /venv
136 ENV PATH=/venv/bin:$PATH
137 RUN pip install -r requirements.txt
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]138 SAVE IMAGE --cache-hint
139
140build.venv.dev:
141 FROM +build.venv --only main,dev
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]142 SAVE ARTIFACT /venv
143
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]144build.venv.runtime:
145 FROM +build.venv --only main
146 SAVE ARTIFACT /venv
147
148build.collections:
149 FROM +build.venv.runtime
150 COPY charts /src/charts
151 COPY meta /src/meta
152 COPY playbooks /src/playbooks
153 COPY plugins /src/plugins
154 COPY roles /src/roles
155 COPY galaxy.yml /src/galaxy.yml
156 RUN ansible-galaxy collection install --collections-path /usr/share/ansible/collections /src
157 SAVE ARTIFACT /usr/share/ansible/collections
158 SAVE IMAGE --cache-hint
159
160image:
Michiel Piscaerb19c1cf2024-01-08 22:09:04 +0100[diff] [blame]161 ARG RELEASE=2023.1
162 FROM ./images/cloud-archive-base+image --RELEASE ${RELEASE}
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]163 ENV ANSIBLE_PIPELINING=True
Mohammed Naseraa48ddb2023-12-30 00:11:22 -0500[diff] [blame]164 DO ./images+APT_INSTALL --PACKAGES "rsync openssh-client"
Mohammed Nasere720d782023-07-10 15:57:21 -0400[diff] [blame]165 COPY +build.venv.runtime/venv /venv
166 ENV PATH=/venv/bin:$PATH
167 COPY +build.collections/ /usr/share/ansible
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]168 ARG tag=latest
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame^]169 SAVE IMAGE --push ${REGISTRY}:${tag}
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]170
Mohammed Naser7060df82023-12-29 15:12:17 -0500[diff] [blame]171images:
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame^]172 BUILD +libvirt-tls-sidecar.image --REGISTRY=${REGISTRY}
173 BUILD ./images/barbican+image --REGISTRY=${REGISTRY}
174 BUILD ./images/cinder+image --REGISTRY=${REGISTRY}
175 BUILD ./images/cluster-api-provider-openstack+image --REGISTRY=${REGISTRY}
176 BUILD ./images/designate+image --REGISTRY=${REGISTRY}
177 BUILD ./images/glance+image --REGISTRY=${REGISTRY}
178 BUILD ./images/heat+image --REGISTRY=${REGISTRY}
179 BUILD ./images/horizon+image --REGISTRY=${REGISTRY}
180 BUILD ./images/ironic+image --REGISTRY=${REGISTRY}
181 BUILD ./images/keystone+image --REGISTRY=${REGISTRY}
182 BUILD ./images/kubernetes-entrypoint+image --REGISTRY=${REGISTRY}
183 BUILD ./images/libvirtd+image --REGISTRY=${REGISTRY}
184 BUILD ./images/magnum+image --REGISTRY=${REGISTRY}
185 BUILD ./images/manila+image --REGISTRY=${REGISTRY}
186 BUILD ./images/netoffload+image --REGISTRY=${REGISTRY}
187 BUILD ./images/neutron+image --REGISTRY=${REGISTRY}
188 BUILD ./images/nova-ssh+image --REGISTRY=${REGISTRY}
189 BUILD ./images/nova+image --REGISTRY=${REGISTRY}
190 BUILD ./images/octavia+image --REGISTRY=${REGISTRY}
191 BUILD ./images/openvswitch+image --REGISTRY=${REGISTRY}
192 BUILD ./images/ovn+images --REGISTRY=${REGISTRY}
193 BUILD ./images/placement+image --REGISTRY=${REGISTRY}
194 BUILD ./images/senlin+image --REGISTRY=${REGISTRY}
195 BUILD ./images/staffeln+image --REGISTRY=${REGISTRY}
196 BUILD ./images/tempest+image --REGISTRY=${REGISTRY}
Mohammed Naser7060df82023-12-29 15:12:17 -0500[diff] [blame]197
Mohammed Naser7a848bc2024-01-22 21:58:11 -0500[diff] [blame]198SCAN_IMAGE:
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame^]199 FUNCTION
Mohammed Naser7a848bc2024-01-22 21:58:11 -0500[diff] [blame]200 ARG --required IMAGE
201 # TODO(mnaser): Include secret scanning when it's more reliable.
202 RUN \
203 trivy image \
204 --skip-db-update \
205 --skip-java-db-update \
206 --scanners vuln \
207 --exit-code 1 \
208 --ignore-unfixed \
209 ${IMAGE}
210
211scan-image:
212 FROM ./images/trivy+image
213 ARG --required IMAGE
214 DO +SCAN_IMAGE --IMAGE ${IMAGE}
215
216scan-images:
217 FROM ./images/trivy+image
218 COPY roles/defaults/vars/main.yml /defaults.yml
219 # TODO(mnaser): Scan all images eventually
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame^]220 FOR IMAGE IN $(cat /defaults.yml | egrep -E 'ghcr.io/vexxhost|registry.atmosphere.dev' | cut -d' ' -f4 | sort | uniq)
Mohammed Naser7a848bc2024-01-22 21:58:11 -0500[diff] [blame]221 BUILD +scan-image --IMAGE ${IMAGE}
Mohammed Naser7a848bc2024-01-22 21:58:11 -0500[diff] [blame]222 END
223
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]224pin-images:
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]225 FROM +build.venv.dev
ricolinb8ab0172023-06-01 15:41:02 +0800[diff] [blame]226 COPY roles/defaults/vars/main.yml /defaults.yml
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]227 COPY build/pin-images.py /usr/local/bin/pin-images
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame^]228 RUN --no-cache /usr/local/bin/pin-images --registry ${REGISTRY} /defaults.yml /pinned.yml
ricolinb8ab0172023-06-01 15:41:02 +0800[diff] [blame]229 SAVE ARTIFACT /pinned.yml AS LOCAL roles/defaults/vars/main.yml
Mohammed Naserd03bba32023-04-25 12:54:58 +0000[diff] [blame]230
231gh:
232 FROM alpine:3
233 RUN apk add --no-cache github-cli
234
235trigger-image-sync:
236 FROM +gh
237 ARG --required project
238 RUN --secret GITHUB_TOKEN gh workflow run --repo vexxhost/docker-openstack-${project} sync.yml
Mohammed Naser0c428872023-09-21 12:59:20 +0000[diff] [blame]239
240image-sync:
241 FROM golang:1.19
242 ARG --required project
243 WORKDIR /src
244 COPY . /src
245 RUN --secret GITHUB_TOKEN go run ./cmd/atmosphere-ci image repo sync ${project}
Mohammed Naser7f3eb562024-01-23 16:49:57 -0500[diff] [blame]246
247mkdocs-image:
248 FROM ghcr.io/squidfunk/mkdocs-material:9.5.4
249 RUN pip install \
250 mkdocs-literate-nav
251 SAVE IMAGE mkdocs
252
253mkdocs-serve:
254 LOCALLY
255 WITH DOCKER --load=+mkdocs-image
256 RUN docker run --rm -p 8000:8000 -v ${PWD}:/docs mkdocs
257 END
258
259mkdocs-build:
260 FROM +mkdocs-image
261 COPY . /docs
262 RUN mkdocs build
Mohammed Naser39953522024-01-23 16:53:31 -0500[diff] [blame]263 RUN --push --secret GITHUB_TOKEN git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/vexxhost/atmosphere.git
Mohammed Naser7f3eb562024-01-23 16:49:57 -0500[diff] [blame]264 RUN --push mkdocs gh-deploy --force