init
This commit is contained in:
Tiara Rodney
commit
b5265baa02
11 changed files with 3505 additions and 0 deletions
140
Makefile
Normal file
140
Makefile
Normal file
|
|
@ -0,0 +1,140 @@
|
|||
BITBUCKET_REPO_SLUG := oci-images
|
||||
BITBUCKET_WORKSPACE := byteb4rb1e
|
||||
DOCKER_REGISTRY := docker.io
|
||||
DOCKER_REPO_SLUG := byteb4rb1e
|
||||
GPG_SIGNER_FINGERPRINT := "91CD826E74B0174D181903DEF97C70941CD8C4EF"
|
||||
TAG_NAME_PREFIX := $(DOCKER_REGISTRY)/$(DOCKER_REPO_SLUG)/
|
||||
ARCHIVE_PATH_PREFIX := dist/$(TAG_NAME_PREFIX)
|
||||
|
||||
VERBOSE := 0
|
||||
|
||||
|
||||
# macro for uploading a docker image dump
|
||||
#
|
||||
# this is the fallback Docker registry infrastructure. In addition to being
|
||||
# published to a Docker registry, OCI images are publicly stored as Bitbucket
|
||||
# Cloud Download Artifact HTTP documents.
|
||||
define bitbucket-upload
|
||||
curl \
|
||||
--request POST \
|
||||
--header "Authorization: Bearer $$BITBUCKET_ACCESS_TOKEN" \
|
||||
--form "files=@$(1);filename=$$(basename "$(1)")" \
|
||||
--fail \
|
||||
https://api.bitbucket.org/2.0/repositories/$(BITBUCKET_WORKSPACE)/$(BITBUCKET_REPO_SLUG)/downloads
|
||||
endef
|
||||
|
||||
|
||||
# macro for uploading a docker image dump
|
||||
#
|
||||
# this is the fallback Docker registry infrastructure. In addition to being
|
||||
# published to a Docker registry, OCI images are publicly stored as Bitbucket
|
||||
# Cloud Download Artifact HTTP documents.
|
||||
define bitbucket-upload-image-dump
|
||||
$(call bitbucket-upload,$(ARCHIVE_PATH_PREFIX)$@.$$(git rev-parse --short HEAD).tar.gz)
|
||||
endef
|
||||
|
||||
|
||||
# macro for building an image by targeting a Docker image stage
|
||||
#
|
||||
# I expect variant Docker images to use staged image specifications, that share
|
||||
# a base image. In the case of the ``build`` docker image, which provides build
|
||||
# environments, there are versioned runtime environment variants, e.g.
|
||||
# ``python39``, ``node19``, that all share a ``build`` base, resulting in full
|
||||
# image tag names such as ``build-python39`` and ``build-node19``.
|
||||
define build-image-stage
|
||||
export rev_id=$$(git rev-parse --short HEAD); \
|
||||
docker build \
|
||||
-f src/$$(echo "$1" | cut -d '-' -f 1)/Dockerfile \
|
||||
-t $(TAG_NAME_PREFIX)$@ \
|
||||
-t $(TAG_NAME_PREFIX)$@:$$rev_id \
|
||||
--target "$$(echo "$@" | sed 's|^$(1)||')" \
|
||||
--build-arg VERBOSE=$(VERBOSE) \
|
||||
src/$$(echo "$1" | cut -d '-' -f 1)
|
||||
endef
|
||||
|
||||
|
||||
BUILD_NODE_TARGETS := $(addprefix build-node, 19 20 21 22 23)
|
||||
BUILD_PYTHON_TARGETS := $(addprefix build-python3, 9 10 11 12 13)
|
||||
BUILD_OPENJDK_TARGETS := $(addprefix build-openjdk, 21)
|
||||
BUILD_TRIVY_TARGETS := $(addprefix build-trivy, 063)
|
||||
PROXY_SQUIDCACHE_TARGETS := $(addprefix proxy-squidcache, 613)
|
||||
ATLASSIAN_BITBUCKETRUNNER_TARGETS := $(addprefix atlassian-bitbucketrunner, 323)
|
||||
|
||||
_clean:
|
||||
rm -rvf configure~ autom4te.cache/ config.log config.status
|
||||
_all-ubuntu: _all-build-ubuntu
|
||||
_all-windowsserver: _all-build-windowsserver _all-atlassian-windowsserver
|
||||
_all-build-ubuntu: build-ubuntu2504 build-ubuntu _all-build-python-ubuntu _all-build-node-ubuntu _all-build-trivy-ubuntu
|
||||
_all-build-windowsserver: _all-build-openjdk-windowsserver
|
||||
_all-atlassian-windowsserver: _all-atlassian-bitbucketrunner-windowsserver
|
||||
_all-proxy-ubuntu: _all-atlassian-bitbucketrunner-windowsserver
|
||||
_all-build-python-ubuntu: $(addsuffix -ubuntu, $(BUILD_PYTHON_TARGETS))
|
||||
_all-build-node-ubuntu: $(addsuffix -ubuntu, $(BUILD_NODE_TARGETS))
|
||||
_all-build-openjdk-windowsserver: $(addsuffix -windowsserver, $(BUILD_OPENJDK_TARGETS))
|
||||
_all-build-trivy-ubuntu: $(addsuffix -ubuntu, $(BUILD_TRIVY_TARGETS))
|
||||
_all-atlassian-bitbucketrunner-windowsserver: $(addsuffix -windowsserver, $(ATLASSIAN_BITBUCKETRUNNER_TARGETS))
|
||||
|
||||
|
||||
build-ubuntu: build-ubuntu2504
|
||||
$(addsuffix -ubuntu, $(BUILD_NODE_TARGETS)) \
|
||||
$(addsuffix -ubuntu, $(BUILD_PYTHON_TARGETS)) \
|
||||
$(addsuffix -ubuntu, $(BUILD_TRIVY_TARGETS)) \
|
||||
$(addsuffix -ubuntu, $(PROXY_SQUIDCACHE_TARGETS)): build-ubuntu
|
||||
|
||||
$(addsuffix -windowsserver, $(ATLASSIAN_BITBUCKETRUNNER_TARGETS)): build-openjdk21-windowsserver
|
||||
|
||||
|
||||
build-ubuntu build-ubuntu2504 \
|
||||
build-windowsserver build-windowsserver2022 \
|
||||
$(addsuffix -windowsserver, $(BUILD_OPENJDK_TARGETS)) \
|
||||
$(addsuffix -ubuntu, $(BUILD_NODE_TARGETS)) \
|
||||
$(addsuffix -ubuntu, $(BUILD_PYTHON_TARGETS)) \
|
||||
$(addsuffix -ubuntu, $(BUILD_TRIVY_TARGETS)) \
|
||||
$(addsuffix -ubuntu, $(PROXY_SQUIDCACHE_TARGETS)) \
|
||||
$(addsuffix -windowsserver, $(ATLASSIAN_BITBUCKETRUNNER_TARGETS)):
|
||||
$(call build-image-stage,$(word 1,$(subst -, ,build-ubuntu))-)
|
||||
ifdef SCAN
|
||||
mkdir -p "test-reports/$(TAG_NAME_PREFIX)"
|
||||
trivy image \
|
||||
--format json \
|
||||
--output test-reports/$(TAG_NAME_PREFIX)$$(git rev-parse --short HEAD)-$@.trivy.json \
|
||||
$(TAG_NAME_PREFIX)$@
|
||||
ifdef SIGN_SCAN
|
||||
gpg --detach-sign --local-user $(GPG_SIGNER_FINGERPRINT) -v -a --yes test-reports/$(TAG_NAME_PREFIX)$$(git rev-parse --short HEAD)-$@.trivy.json
|
||||
endif
|
||||
endif
|
||||
ifdef ARCHIVE
|
||||
export archive_path="$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.tar"; \
|
||||
export manifest_path="$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.manifest.json"; \
|
||||
mkdir -p "$$(dirname $$archive_path)" && \
|
||||
docker save -o "$$archive_path" "$(DOCKER_REGISTRY)/$(DOCKER_REPO_SLUG)/$@" && \
|
||||
tar -xf "$$archive_path" manifest.json --to-stdout > $$manifest_path; \
|
||||
gzip -vf "$$archive_path"
|
||||
ifdef SIGN_ARCHIVE
|
||||
export archive_path="$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.tar.gz"; \
|
||||
export manifest_path="$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.manifest.json"; \
|
||||
gpg --detach-sign --local-user $(GPG_SIGNER_FINGERPRINT) -v -a --yes "$$manifest_path"; \
|
||||
gpg --detach-sign --local-user $(GPG_SIGNER_FINGERPRINT) -v -a --yes "$$archive_path";
|
||||
endif
|
||||
ifdef PUBLISH_ARCHIVE
|
||||
ifndef BITBUCKET_ACCESS_TOKEN
|
||||
$(error BITBUCKET_ACCESS_TOKEN not set)
|
||||
endif
|
||||
$(call bitbucket-upload,$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.tar.gz)
|
||||
$(call bitbucket-upload,$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.manifest.json)
|
||||
ifdef SIGN_ARCHIVE
|
||||
$(call bitbucket-upload,$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.tar.gz.asc)
|
||||
$(call bitbucket-upload,$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.manifest.json.asc)
|
||||
endif
|
||||
ifdef SCAN
|
||||
$(call bitbucket-upload,test-reports/$(TAG_NAME_PREFIX)$$(git rev-parse --short HEAD)-$@.trivy.json)
|
||||
ifdef SIGN_SCAN
|
||||
$(call bitbucket-upload,test-reports/$(TAG_NAME_PREFIX)$$(git rev-parse --short HEAD)-$@.trivy.json.asc)
|
||||
endif # SIGN_SCAN
|
||||
endif # SCAN
|
||||
endif # PUBLISH_ARCHIVE
|
||||
endif # ARCHIVE
|
||||
ifdef PUBLISH
|
||||
docker push $(DOCKER_REGISTRY)/$(DOCKER_REPO_SLUG)/$@
|
||||
docker push $(DOCKER_REGISTRY)/$(DOCKER_REPO_SLUG)/$@:$$(git rev-parse --short HEAD)
|
||||
endif
|
||||
Loading…
Add table
Add a link
Reference in a new issue