Mohammed Naser | 1de5519 | 2023-04-28 17:13:35 -0400 | [diff] [blame] | 1 | VERSION --use-copy-link 0.7 |
Mohammed Naser | 8613c86 | 2023-04-24 17:26:51 -0400 | [diff] [blame] | 2 | |
Mohammed Naser | 168acc3 | 2024-01-09 17:15:26 -0500 | [diff] [blame] | 3 | go.build: |
| 4 | FROM golang:1.21 |
| 5 | WORKDIR /src |
| 6 | ARG GOOS=linux |
| 7 | ARG GOARCH=amd64 |
| 8 | ARG VARIANT |
| 9 | COPY --dir go.mod go.sum ./ |
| 10 | RUN go mod download |
| 11 | |
| 12 | libvirt-tls-sidecar.build: |
| 13 | FROM +go.build |
| 14 | ARG GOOS=linux |
| 15 | ARG GOARCH=amd64 |
| 16 | ARG VARIANT |
| 17 | COPY --dir cmd internal ./ |
| 18 | RUN GOARM=${VARIANT#"v"} go build -o main cmd/libvirt-tls-sidecar/main.go |
| 19 | SAVE ARTIFACT ./main |
| 20 | |
| 21 | libvirt-tls-sidecar.platform-image: |
| 22 | ARG TARGETPLATFORM |
| 23 | ARG TARGETARCH |
| 24 | ARG TARGETVARIANT |
| 25 | FROM --platform=$TARGETPLATFORM ./images/base+image |
| 26 | COPY \ |
| 27 | --platform=linux/amd64 \ |
| 28 | (+libvirt-tls-sidecar.build/main --GOARCH=$TARGETARCH --VARIANT=$TARGETVARIANT) /usr/bin/libvirt-tls-sidecar |
| 29 | ENTRYPOINT ["/usr/bin/libvirt-tls-sidecar"] |
Mohammed Naser | 168acc3 | 2024-01-09 17:15:26 -0500 | [diff] [blame] | 30 | SAVE IMAGE --push ghcr.io/vexxhost/atmosphere/libvirt-tls-sidecar:latest |
| 31 | |
| 32 | libvirt-tls-sidecar.image: |
| 33 | BUILD --platform=linux/amd64 --platform=linux/arm64 +libvirt-tls-sidecar.platform-image |
| 34 | |
Mohammed Naser | 1de5519 | 2023-04-28 17:13:35 -0400 | [diff] [blame] | 35 | build.wheels: |
Mohammed Naser | 7060df8 | 2023-12-29 15:12:17 -0500 | [diff] [blame] | 36 | FROM ./images/builder+image |
Mohammed Naser | 8613c86 | 2023-04-24 17:26:51 -0400 | [diff] [blame] | 37 | COPY pyproject.toml poetry.lock ./ |
Mohammed Naser | 1de5519 | 2023-04-28 17:13:35 -0400 | [diff] [blame] | 38 | ARG --required only |
| 39 | RUN poetry export --only=${only} -f requirements.txt --without-hashes > requirements.txt |
Mohammed Naser | 8613c86 | 2023-04-24 17:26:51 -0400 | [diff] [blame] | 40 | RUN pip wheel -r requirements.txt --wheel-dir=/wheels |
| 41 | SAVE ARTIFACT requirements.txt |
| 42 | SAVE ARTIFACT /wheels |
Mohammed Naser | 1de5519 | 2023-04-28 17:13:35 -0400 | [diff] [blame] | 43 | SAVE IMAGE --cache-hint |
Mohammed Naser | 8613c86 | 2023-04-24 17:26:51 -0400 | [diff] [blame] | 44 | |
Mohammed Naser | 1de5519 | 2023-04-28 17:13:35 -0400 | [diff] [blame] | 45 | build.venv: |
| 46 | ARG --required only |
| 47 | FROM +build.wheels --only ${only} |
Mohammed Naser | 8613c86 | 2023-04-24 17:26:51 -0400 | [diff] [blame] | 48 | RUN python3 -m venv /venv |
| 49 | ENV PATH=/venv/bin:$PATH |
| 50 | RUN pip install -r requirements.txt |
Mohammed Naser | 1de5519 | 2023-04-28 17:13:35 -0400 | [diff] [blame] | 51 | SAVE IMAGE --cache-hint |
| 52 | |
| 53 | build.venv.dev: |
| 54 | FROM +build.venv --only main,dev |
Mohammed Naser | 8613c86 | 2023-04-24 17:26:51 -0400 | [diff] [blame] | 55 | SAVE ARTIFACT /venv |
| 56 | |
Mohammed Naser | 1de5519 | 2023-04-28 17:13:35 -0400 | [diff] [blame] | 57 | build.venv.runtime: |
| 58 | FROM +build.venv --only main |
| 59 | SAVE ARTIFACT /venv |
| 60 | |
| 61 | build.collections: |
| 62 | FROM +build.venv.runtime |
| 63 | COPY charts /src/charts |
| 64 | COPY meta /src/meta |
| 65 | COPY playbooks /src/playbooks |
| 66 | COPY plugins /src/plugins |
| 67 | COPY roles /src/roles |
| 68 | COPY galaxy.yml /src/galaxy.yml |
| 69 | RUN ansible-galaxy collection install --collections-path /usr/share/ansible/collections /src |
| 70 | SAVE ARTIFACT /usr/share/ansible/collections |
| 71 | SAVE IMAGE --cache-hint |
| 72 | |
| 73 | image: |
Michiel Piscaer | b19c1cf | 2024-01-08 22:09:04 +0100 | [diff] [blame] | 74 | ARG RELEASE=2023.1 |
| 75 | FROM ./images/cloud-archive-base+image --RELEASE ${RELEASE} |
Mohammed Naser | 1de5519 | 2023-04-28 17:13:35 -0400 | [diff] [blame] | 76 | ENV ANSIBLE_PIPELINING=True |
Mohammed Naser | aa48ddb | 2023-12-30 00:11:22 -0500 | [diff] [blame] | 77 | DO ./images+APT_INSTALL --PACKAGES "rsync openssh-client" |
Mohammed Naser | e720d78 | 2023-07-10 15:57:21 -0400 | [diff] [blame] | 78 | COPY +build.venv.runtime/venv /venv |
| 79 | ENV PATH=/venv/bin:$PATH |
| 80 | COPY +build.collections/ /usr/share/ansible |
Mohammed Naser | 1de5519 | 2023-04-28 17:13:35 -0400 | [diff] [blame] | 81 | ARG tag=latest |
Mohammed Naser | ccc70cc | 2023-04-28 22:20:34 +0000 | [diff] [blame] | 82 | SAVE IMAGE --push ghcr.io/vexxhost/atmosphere:${tag} |
Mohammed Naser | 8613c86 | 2023-04-24 17:26:51 -0400 | [diff] [blame] | 83 | |
Mohammed Naser | 7060df8 | 2023-12-29 15:12:17 -0500 | [diff] [blame] | 84 | images: |
Mohammed Naser | 7a848bc | 2024-01-22 21:58:11 -0500 | [diff] [blame^] | 85 | BUILD +libvirt-tls-sidecar.image |
Mohammed Naser | 05726e7 | 2024-01-02 14:55:33 -0500 | [diff] [blame] | 86 | BUILD ./images/barbican+image |
Mohammed Naser | 9b9b3e2 | 2024-01-02 15:17:43 -0500 | [diff] [blame] | 87 | BUILD ./images/cinder+image |
Mohammed Naser | 7060df8 | 2023-12-29 15:12:17 -0500 | [diff] [blame] | 88 | BUILD ./images/cluster-api-provider-openstack+image |
Mohammed Naser | 6a31b34 | 2024-01-02 15:26:44 -0500 | [diff] [blame] | 89 | BUILD ./images/designate+image |
Mohammed Naser | 05726e7 | 2024-01-02 14:55:33 -0500 | [diff] [blame] | 90 | BUILD ./images/glance+image |
| 91 | BUILD ./images/heat+image |
Mohammed Naser | c639230 | 2024-01-04 00:43:02 -0500 | [diff] [blame] | 92 | BUILD ./images/horizon+image |
| 93 | BUILD ./images/ironic+image |
| 94 | BUILD ./images/keystone+image |
Mohammed Naser | a386867 | 2024-01-20 13:54:40 -0500 | [diff] [blame] | 95 | BUILD ./images/kubernetes-entrypoint+image |
Mohammed Naser | 19d6312 | 2024-01-08 17:10:05 -0500 | [diff] [blame] | 96 | BUILD ./images/libvirtd+image |
Mohammed Naser | c639230 | 2024-01-04 00:43:02 -0500 | [diff] [blame] | 97 | BUILD ./images/magnum+image |
| 98 | BUILD ./images/manila+image |
Mohammed Naser | 7a848bc | 2024-01-22 21:58:11 -0500 | [diff] [blame^] | 99 | BUILD ./images/netoffload+image |
Mohammed Naser | c639230 | 2024-01-04 00:43:02 -0500 | [diff] [blame] | 100 | BUILD ./images/neutron+image |
Mohammed Naser | a386867 | 2024-01-20 13:54:40 -0500 | [diff] [blame] | 101 | BUILD ./images/nova-ssh+image |
Mohammed Naser | 7a848bc | 2024-01-22 21:58:11 -0500 | [diff] [blame^] | 102 | BUILD ./images/nova+image |
Mohammed Naser | 05726e7 | 2024-01-02 14:55:33 -0500 | [diff] [blame] | 103 | BUILD ./images/octavia+image |
Mohammed Naser | 19d6312 | 2024-01-08 17:10:05 -0500 | [diff] [blame] | 104 | BUILD ./images/openvswitch+image |
| 105 | BUILD ./images/ovn+images |
Mohammed Naser | 05726e7 | 2024-01-02 14:55:33 -0500 | [diff] [blame] | 106 | BUILD ./images/placement+image |
Mohammed Naser | a730177 | 2024-01-02 15:02:39 -0500 | [diff] [blame] | 107 | BUILD ./images/senlin+image |
Mohammed Naser | 7a848bc | 2024-01-22 21:58:11 -0500 | [diff] [blame^] | 108 | BUILD ./images/staffln+image |
Mohammed Naser | 19d6312 | 2024-01-08 17:10:05 -0500 | [diff] [blame] | 109 | BUILD ./images/tempest+image |
Mohammed Naser | 7060df8 | 2023-12-29 15:12:17 -0500 | [diff] [blame] | 110 | |
Mohammed Naser | 7a848bc | 2024-01-22 21:58:11 -0500 | [diff] [blame^] | 111 | SCAN_IMAGE: |
| 112 | COMMAND |
| 113 | ARG --required IMAGE |
| 114 | # TODO(mnaser): Include secret scanning when it's more reliable. |
| 115 | RUN \ |
| 116 | trivy image \ |
| 117 | --skip-db-update \ |
| 118 | --skip-java-db-update \ |
| 119 | --scanners vuln \ |
| 120 | --exit-code 1 \ |
| 121 | --ignore-unfixed \ |
| 122 | ${IMAGE} |
| 123 | |
| 124 | scan-image: |
| 125 | FROM ./images/trivy+image |
| 126 | ARG --required IMAGE |
| 127 | DO +SCAN_IMAGE --IMAGE ${IMAGE} |
| 128 | |
| 129 | scan-images: |
| 130 | FROM ./images/trivy+image |
| 131 | COPY roles/defaults/vars/main.yml /defaults.yml |
| 132 | # TODO(mnaser): Scan all images eventually |
| 133 | FOR IMAGE IN $(cat /defaults.yml | grep 'ghcr.io/vexxhost' | cut -d' ' -f4 | sort | uniq) |
| 134 | BUILD +scan-image --IMAGE ${IMAGE} |
| 135 | # DO +SCAN_IMAGE --IMAGE ${IMAGE} |
| 136 | END |
| 137 | |
Mohammed Naser | 8613c86 | 2023-04-24 17:26:51 -0400 | [diff] [blame] | 138 | pin-images: |
Mohammed Naser | 1de5519 | 2023-04-28 17:13:35 -0400 | [diff] [blame] | 139 | FROM +build.venv.dev |
ricolin | b8ab017 | 2023-06-01 15:41:02 +0800 | [diff] [blame] | 140 | COPY roles/defaults/vars/main.yml /defaults.yml |
Mohammed Naser | 8613c86 | 2023-04-24 17:26:51 -0400 | [diff] [blame] | 141 | COPY build/pin-images.py /usr/local/bin/pin-images |
Mohammed Naser | c639230 | 2024-01-04 00:43:02 -0500 | [diff] [blame] | 142 | RUN --no-cache /usr/local/bin/pin-images /defaults.yml /pinned.yml |
ricolin | b8ab017 | 2023-06-01 15:41:02 +0800 | [diff] [blame] | 143 | SAVE ARTIFACT /pinned.yml AS LOCAL roles/defaults/vars/main.yml |
Mohammed Naser | d03bba3 | 2023-04-25 12:54:58 +0000 | [diff] [blame] | 144 | |
| 145 | gh: |
| 146 | FROM alpine:3 |
| 147 | RUN apk add --no-cache github-cli |
| 148 | |
| 149 | trigger-image-sync: |
| 150 | FROM +gh |
| 151 | ARG --required project |
| 152 | RUN --secret GITHUB_TOKEN gh workflow run --repo vexxhost/docker-openstack-${project} sync.yml |
Mohammed Naser | 0c42887 | 2023-09-21 12:59:20 +0000 | [diff] [blame] | 153 | |
| 154 | image-sync: |
| 155 | FROM golang:1.19 |
| 156 | ARG --required project |
| 157 | WORKDIR /src |
| 158 | COPY . /src |
| 159 | RUN --secret GITHUB_TOKEN go run ./cmd/atmosphere-ci image repo sync ${project} |