Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 1dfea6b749c1b53ab87e95eeefe7475dd191837d / . / Earthfile
blob: ac36d8bdf206916c566459b06ab439aa5c22bda1 [file] [log] [blame]
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame]1VERSION --use-copy-link --try 0.8
2
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame]3lint:
4 BUILD +lint.ansible-lint
5 BUILD +lint.markdownlint
6 BUILD +lint.image-manifest
7
8lint.helm:
9 FROM alpine:3
10 RUN mkdir -p /output
11 COPY --dir charts/ /src
12 FOR CHART IN $(ls /src)
13 FOR VERSION IN $(seq 22 28)
14 COPY (+lint.helm.chart/junit.xml --CHART ${CHART} --VERSION "1.${VERSION}.0") /output/junit-helm-${CHART}-1-${VERSION}-0.xml
15 END
16 END
17 SAVE ARTIFACT /output AS LOCAL output
18
19lint.helm.chart:
20 FROM alpine:3
21 RUN apk add --no-cache git helm python3
22 RUN helm plugin install https://github.com/melmorabity/helm-kubeconform
23 RUN mkdir -p /cache /output
24 ARG --required CHART
25 COPY --dir charts/${CHART} /src
26 ARG --required VERSION
27 RUN \
28 --mount=type=cache,target=/cache \
29 helm kubeconform /src \
30 --cache /cache \
31 --schema-location default \
32 --schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' \
33 --ignore-missing-schemas \
34 --kube-version ${VERSION} \
35 --output junit 2> /output/junit.xml
36 SAVE ARTIFACT /output/junit.xml
37
38lint.markdownlint:
39 FROM davidanson/markdownlint-cli2
40 COPY --dir docs/ .markdownlint.yaml .markdownlint-cli2.jsonc /src
41 WORKDIR /src
42 TRY
43 RUN markdownlint-cli2 **
44 FINALLY
45 SAVE ARTIFACT /src/junit.xml AS LOCAL junit.xml
46 END
47
48lint.ansible-lint:
49 FROM registry.gitlab.com/pipeline-components/ansible-lint:latest
50 COPY --dir meta/ molecule/ playbooks/ plugins/ roles/ tests/ .ansible-lint CHANGELOG.md galaxy.yml /code
51 TRY
52 RUN ansible-lint -v --show-relpath -f pep8 --nocolor | ansible-lint-junit -o ansible-lint.xml
53 FINALLY
54 SAVE ARTIFACT ansible-lint.xml AS LOCAL ansible-lint.xml
55 END
56
57lint.image-manifest:
58 FROM quay.io/skopeo/stable:latest
59 COPY roles/defaults/vars/main.yml /defaults.yml
60 FOR IMAGE IN $(cat /defaults.yml | grep sha256 | cut -d' ' -f4 | sort | uniq | sed 's/:[^@]*//')
61 BUILD +lint.image-manifest.image --IMAGE ${IMAGE}
62 END
63
64lint.image-manifest.image:
65 FROM quay.io/skopeo/stable:latest
66 ARG --required IMAGE
67 RUN skopeo inspect --no-tags docker://${IMAGE} >/dev/null && echo "Manifest is valid for ${IMAGE}" || echo "Manifest is not valid for ${IMAGE}"
68
69unit.go:
70 FROM golang:1.21
71 RUN go install github.com/jstemmer/go-junit-report/v2@latest
72 COPY --dir go.mod go.sum /src
73 WORKDIR /src
74 RUN go mod download
75 COPY --dir charts/ cmd/ internal/ roles/ tools/ /src
76 TRY
77 RUN go test -v 2>&1 ./... | go-junit-report -set-exit-code > junit-go.xml
78 FINALLY
79 SAVE ARTIFACT /src/junit-go.xml AS LOCAL junit-go.xml
80 END
81
82build.collection:
83 FROM registry.gitlab.com/pipeline-components/ansible-lint:latest
84 COPY . /src
85 RUN ansible-galaxy collection build /src
86 SAVE ARTIFACT /code/*.tar.gz AS LOCAL dist/
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]87
Mohammed Naser168acc32024-01-09 17:15:26 -0500[diff] [blame]88go.build:
89 FROM golang:1.21
90 WORKDIR /src
91 ARG GOOS=linux
92 ARG GOARCH=amd64
93 ARG VARIANT
94 COPY --dir go.mod go.sum ./
95 RUN go mod download
96
97libvirt-tls-sidecar.build:
98 FROM +go.build
99 ARG GOOS=linux
100 ARG GOARCH=amd64
101 ARG VARIANT
102 COPY --dir cmd internal ./
103 RUN GOARM=${VARIANT#"v"} go build -o main cmd/libvirt-tls-sidecar/main.go
104 SAVE ARTIFACT ./main
105
106libvirt-tls-sidecar.platform-image:
107 ARG TARGETPLATFORM
108 ARG TARGETARCH
109 ARG TARGETVARIANT
110 FROM --platform=$TARGETPLATFORM ./images/base+image
111 COPY \
112 --platform=linux/amd64 \
113 (+libvirt-tls-sidecar.build/main --GOARCH=$TARGETARCH --VARIANT=$TARGETVARIANT) /usr/bin/libvirt-tls-sidecar
114 ENTRYPOINT ["/usr/bin/libvirt-tls-sidecar"]
Mohammed Naser1dfea6b2024-02-09 01:04:26 -0500[diff] [blame^]115 ARG REGISTRY=ghcr.io/vexxhost/atmosphere
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame]116 SAVE IMAGE --push ${REGISTRY}/libvirt-tls-sidecar:latest
Mohammed Naser168acc32024-01-09 17:15:26 -0500[diff] [blame]117
118libvirt-tls-sidecar.image:
119 BUILD --platform=linux/amd64 --platform=linux/arm64 +libvirt-tls-sidecar.platform-image
120
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]121build.wheels:
Mohammed Naser7060df82023-12-29 15:12:17 -0500[diff] [blame]122 FROM ./images/builder+image
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]123 COPY pyproject.toml poetry.lock ./
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]124 ARG --required only
125 RUN poetry export --only=${only} -f requirements.txt --without-hashes > requirements.txt
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]126 RUN pip wheel -r requirements.txt --wheel-dir=/wheels
127 SAVE ARTIFACT requirements.txt
128 SAVE ARTIFACT /wheels
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]129 SAVE IMAGE --cache-hint
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]130
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]131build.venv:
132 ARG --required only
133 FROM +build.wheels --only ${only}
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]134 RUN python3 -m venv /venv
135 ENV PATH=/venv/bin:$PATH
136 RUN pip install -r requirements.txt
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]137 SAVE IMAGE --cache-hint
138
139build.venv.dev:
140 FROM +build.venv --only main,dev
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]141 SAVE ARTIFACT /venv
142
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]143build.venv.runtime:
144 FROM +build.venv --only main
145 SAVE ARTIFACT /venv
146
147build.collections:
148 FROM +build.venv.runtime
149 COPY charts /src/charts
150 COPY meta /src/meta
151 COPY playbooks /src/playbooks
152 COPY plugins /src/plugins
153 COPY roles /src/roles
154 COPY galaxy.yml /src/galaxy.yml
155 RUN ansible-galaxy collection install --collections-path /usr/share/ansible/collections /src
156 SAVE ARTIFACT /usr/share/ansible/collections
157 SAVE IMAGE --cache-hint
158
159image:
Michiel Piscaerb19c1cf2024-01-08 22:09:04 +0100[diff] [blame]160 ARG RELEASE=2023.1
161 FROM ./images/cloud-archive-base+image --RELEASE ${RELEASE}
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]162 ENV ANSIBLE_PIPELINING=True
Mohammed Naseraa48ddb2023-12-30 00:11:22 -0500[diff] [blame]163 DO ./images+APT_INSTALL --PACKAGES "rsync openssh-client"
Mohammed Nasere720d782023-07-10 15:57:21 -0400[diff] [blame]164 COPY +build.venv.runtime/venv /venv
165 ENV PATH=/venv/bin:$PATH
166 COPY +build.collections/ /usr/share/ansible
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]167 ARG tag=latest
Mohammed Naser1dfea6b2024-02-09 01:04:26 -0500[diff] [blame^]168 ARG REGISTRY=ghcr.io/vexxhost/atmosphere
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame]169 SAVE IMAGE --push ${REGISTRY}:${tag}
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]170
Mohammed Naser7060df82023-12-29 15:12:17 -0500[diff] [blame]171images:
Mohammed Naser1dfea6b2024-02-09 01:04:26 -0500[diff] [blame^]172 ARG REGISTRY=ghcr.io/vexxhost/atmosphere
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame]173 BUILD +libvirt-tls-sidecar.image --REGISTRY=${REGISTRY}
174 BUILD ./images/barbican+image --REGISTRY=${REGISTRY}
175 BUILD ./images/cinder+image --REGISTRY=${REGISTRY}
176 BUILD ./images/cluster-api-provider-openstack+image --REGISTRY=${REGISTRY}
177 BUILD ./images/designate+image --REGISTRY=${REGISTRY}
178 BUILD ./images/glance+image --REGISTRY=${REGISTRY}
179 BUILD ./images/heat+image --REGISTRY=${REGISTRY}
180 BUILD ./images/horizon+image --REGISTRY=${REGISTRY}
181 BUILD ./images/ironic+image --REGISTRY=${REGISTRY}
182 BUILD ./images/keystone+image --REGISTRY=${REGISTRY}
183 BUILD ./images/kubernetes-entrypoint+image --REGISTRY=${REGISTRY}
184 BUILD ./images/libvirtd+image --REGISTRY=${REGISTRY}
185 BUILD ./images/magnum+image --REGISTRY=${REGISTRY}
186 BUILD ./images/manila+image --REGISTRY=${REGISTRY}
187 BUILD ./images/netoffload+image --REGISTRY=${REGISTRY}
188 BUILD ./images/neutron+image --REGISTRY=${REGISTRY}
189 BUILD ./images/nova-ssh+image --REGISTRY=${REGISTRY}
190 BUILD ./images/nova+image --REGISTRY=${REGISTRY}
191 BUILD ./images/octavia+image --REGISTRY=${REGISTRY}
192 BUILD ./images/openvswitch+image --REGISTRY=${REGISTRY}
193 BUILD ./images/ovn+images --REGISTRY=${REGISTRY}
194 BUILD ./images/placement+image --REGISTRY=${REGISTRY}
195 BUILD ./images/senlin+image --REGISTRY=${REGISTRY}
196 BUILD ./images/staffeln+image --REGISTRY=${REGISTRY}
197 BUILD ./images/tempest+image --REGISTRY=${REGISTRY}
Mohammed Naser7060df82023-12-29 15:12:17 -0500[diff] [blame]198
Mohammed Naser7a848bc2024-01-22 21:58:11 -0500[diff] [blame]199SCAN_IMAGE:
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame]200 FUNCTION
Mohammed Naser7a848bc2024-01-22 21:58:11 -0500[diff] [blame]201 ARG --required IMAGE
202 # TODO(mnaser): Include secret scanning when it's more reliable.
203 RUN \
204 trivy image \
205 --skip-db-update \
206 --skip-java-db-update \
207 --scanners vuln \
208 --exit-code 1 \
209 --ignore-unfixed \
210 ${IMAGE}
211
212scan-image:
213 FROM ./images/trivy+image
214 ARG --required IMAGE
215 DO +SCAN_IMAGE --IMAGE ${IMAGE}
216
217scan-images:
218 FROM ./images/trivy+image
219 COPY roles/defaults/vars/main.yml /defaults.yml
220 # TODO(mnaser): Scan all images eventually
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame]221 FOR IMAGE IN $(cat /defaults.yml | egrep -E 'ghcr.io/vexxhost|registry.atmosphere.dev' | cut -d' ' -f4 | sort | uniq)
Mohammed Naser7a848bc2024-01-22 21:58:11 -0500[diff] [blame]222 BUILD +scan-image --IMAGE ${IMAGE}
Mohammed Naser7a848bc2024-01-22 21:58:11 -0500[diff] [blame]223 END
224
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]225pin-images:
Mohammed Naser1de55192023-04-28 17:13:35 -0400[diff] [blame]226 FROM +build.venv.dev
ricolinb8ab0172023-06-01 15:41:02 +0800[diff] [blame]227 COPY roles/defaults/vars/main.yml /defaults.yml
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]228 COPY build/pin-images.py /usr/local/bin/pin-images
Mohammed Naser1dfea6b2024-02-09 01:04:26 -0500[diff] [blame^]229 ARG REGISTRY=ghcr.io/vexxhost/atmosphere
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame]230 RUN --no-cache /usr/local/bin/pin-images --registry ${REGISTRY} /defaults.yml /pinned.yml
ricolinb8ab0172023-06-01 15:41:02 +0800[diff] [blame]231 SAVE ARTIFACT /pinned.yml AS LOCAL roles/defaults/vars/main.yml
Mohammed Naserd03bba32023-04-25 12:54:58 +0000[diff] [blame]232
233gh:
234 FROM alpine:3
235 RUN apk add --no-cache github-cli
236
237trigger-image-sync:
238 FROM +gh
239 ARG --required project
240 RUN --secret GITHUB_TOKEN gh workflow run --repo vexxhost/docker-openstack-${project} sync.yml
Mohammed Naser0c428872023-09-21 12:59:20 +0000[diff] [blame]241
242image-sync:
243 FROM golang:1.19
244 ARG --required project
245 WORKDIR /src
246 COPY . /src
247 RUN --secret GITHUB_TOKEN go run ./cmd/atmosphere-ci image repo sync ${project}
Mohammed Naser7f3eb562024-01-23 16:49:57 -0500[diff] [blame]248
249mkdocs-image:
250 FROM ghcr.io/squidfunk/mkdocs-material:9.5.4
251 RUN pip install \
252 mkdocs-literate-nav
253 SAVE IMAGE mkdocs
254
255mkdocs-serve:
256 LOCALLY
257 WITH DOCKER --load=+mkdocs-image
258 RUN docker run --rm -p 8000:8000 -v ${PWD}:/docs mkdocs
259 END
260
261mkdocs-build:
262 FROM +mkdocs-image
263 COPY . /docs
264 RUN mkdocs build
Mohammed Naser39953522024-01-23 16:53:31 -0500[diff] [blame]265 RUN --push --secret GITHUB_TOKEN git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/vexxhost/atmosphere.git
Mohammed Naser7f3eb562024-01-23 16:49:57 -0500[diff] [blame]266 RUN --push mkdocs gh-deploy --force