BITBUCKET_REPO_SLUG := oci-images BITBUCKET_WORKSPACE := byteb4rb1e DOCKER_REGISTRY := docker.io DOCKER_REPO_SLUG := byteb4rb1e GPG_SIGNER_FINGERPRINT := "91CD826E74B0174D181903DEF97C70941CD8C4EF" TAG_NAME_PREFIX := $(DOCKER_REGISTRY)/$(DOCKER_REPO_SLUG)/ ARCHIVE_PATH_PREFIX := dist/$(TAG_NAME_PREFIX) VERBOSE := 0 # macro for uploading a docker image dump # # this is the fallback Docker registry infrastructure. In addition to being # published to a Docker registry, OCI images are publicly stored as Bitbucket # Cloud Download Artifact HTTP documents. define bitbucket-upload curl \ --request POST \ --header "Authorization: Bearer $$BITBUCKET_ACCESS_TOKEN" \ --form "files=@$(1);filename=$$(basename "$(1)")" \ --fail \ https://api.bitbucket.org/2.0/repositories/$(BITBUCKET_WORKSPACE)/$(BITBUCKET_REPO_SLUG)/downloads endef # macro for uploading a docker image dump # # this is the fallback Docker registry infrastructure. In addition to being # published to a Docker registry, OCI images are publicly stored as Bitbucket # Cloud Download Artifact HTTP documents. define bitbucket-upload-image-dump $(call bitbucket-upload,$(ARCHIVE_PATH_PREFIX)$@.$$(git rev-parse --short HEAD).tar.gz) endef # macro for building an image by targeting a Docker image stage # # I expect variant Docker images to use staged image specifications, that share # a base image. In the case of the ``build`` docker image, which provides build # environments, there are versioned runtime environment variants, e.g. # ``python39``, ``node19``, that all share a ``build`` base, resulting in full # image tag names such as ``build-python39`` and ``build-node19``. define build-image-stage export rev_id=$$(git rev-parse --short HEAD); \ docker build \ -f src/$$(echo "$1" | cut -d '-' -f 1)/Dockerfile \ -t $(TAG_NAME_PREFIX)$@ \ -t $(TAG_NAME_PREFIX)$@:$$rev_id \ --target "$$(echo "$@" | sed 's|^$(1)||')" \ --build-arg VERBOSE=$(VERBOSE) \ src/$$(echo "$1" | cut -d '-' -f 1) endef BUILD_NODE_TARGETS := $(addprefix build-node, 19 20 21 22 23) BUILD_PYTHON_TARGETS := $(addprefix build-python3, 9 10 11 12 13) BUILD_OPENJDK_TARGETS := $(addprefix build-openjdk, 21) BUILD_TRIVY_TARGETS := $(addprefix build-trivy, 063) PROXY_SQUIDCACHE_TARGETS := $(addprefix proxy-squidcache, 613) ATLASSIAN_BITBUCKETRUNNER_TARGETS := $(addprefix atlassian-bitbucketrunner, 323) _clean: rm -rvf configure~ autom4te.cache/ config.log config.status _all-ubuntu: _all-build-ubuntu _all-windowsserver: _all-build-windowsserver _all-atlassian-windowsserver _all-build-ubuntu: build-ubuntu2504 build-ubuntu _all-build-python-ubuntu _all-build-node-ubuntu _all-build-trivy-ubuntu _all-build-windowsserver: _all-build-openjdk-windowsserver _all-atlassian-windowsserver: _all-atlassian-bitbucketrunner-windowsserver _all-proxy-ubuntu: _all-atlassian-bitbucketrunner-windowsserver _all-build-python-ubuntu: $(addsuffix -ubuntu, $(BUILD_PYTHON_TARGETS)) _all-build-node-ubuntu: $(addsuffix -ubuntu, $(BUILD_NODE_TARGETS)) _all-build-openjdk-windowsserver: $(addsuffix -windowsserver, $(BUILD_OPENJDK_TARGETS)) _all-build-trivy-ubuntu: $(addsuffix -ubuntu, $(BUILD_TRIVY_TARGETS)) _all-atlassian-bitbucketrunner-windowsserver: $(addsuffix -windowsserver, $(ATLASSIAN_BITBUCKETRUNNER_TARGETS)) build-ubuntu: build-ubuntu2504 $(addsuffix -ubuntu, $(BUILD_NODE_TARGETS)) \ $(addsuffix -ubuntu, $(BUILD_PYTHON_TARGETS)) \ $(addsuffix -ubuntu, $(BUILD_TRIVY_TARGETS)) \ $(addsuffix -ubuntu, $(PROXY_SQUIDCACHE_TARGETS)): build-ubuntu $(addsuffix -windowsserver, $(ATLASSIAN_BITBUCKETRUNNER_TARGETS)): build-openjdk21-windowsserver build-ubuntu build-ubuntu2504 \ build-windowsserver build-windowsserver2022 \ $(addsuffix -windowsserver, $(BUILD_OPENJDK_TARGETS)) \ $(addsuffix -ubuntu, $(BUILD_NODE_TARGETS)) \ $(addsuffix -ubuntu, $(BUILD_PYTHON_TARGETS)) \ $(addsuffix -ubuntu, $(BUILD_TRIVY_TARGETS)) \ $(addsuffix -ubuntu, $(PROXY_SQUIDCACHE_TARGETS)) \ $(addsuffix -windowsserver, $(ATLASSIAN_BITBUCKETRUNNER_TARGETS)): $(call build-image-stage,$(word 1,$(subst -, ,build-ubuntu))-) ifdef SCAN mkdir -p "test-reports/$(TAG_NAME_PREFIX)" trivy image \ --format json \ --output test-reports/$(TAG_NAME_PREFIX)$$(git rev-parse --short HEAD)-$@.trivy.json \ $(TAG_NAME_PREFIX)$@ ifdef SIGN_SCAN gpg --detach-sign --local-user $(GPG_SIGNER_FINGERPRINT) -v -a --yes test-reports/$(TAG_NAME_PREFIX)$$(git rev-parse --short HEAD)-$@.trivy.json endif endif ifdef ARCHIVE export archive_path="$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.tar"; \ export manifest_path="$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.manifest.json"; \ mkdir -p "$$(dirname $$archive_path)" && \ docker save -o "$$archive_path" "$(DOCKER_REGISTRY)/$(DOCKER_REPO_SLUG)/$@" && \ tar -xf "$$archive_path" manifest.json --to-stdout > $$manifest_path; \ gzip -vf "$$archive_path" ifdef SIGN_ARCHIVE export archive_path="$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.tar.gz"; \ export manifest_path="$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.manifest.json"; \ gpg --detach-sign --local-user $(GPG_SIGNER_FINGERPRINT) -v -a --yes "$$manifest_path"; \ gpg --detach-sign --local-user $(GPG_SIGNER_FINGERPRINT) -v -a --yes "$$archive_path"; endif ifdef PUBLISH_ARCHIVE ifndef BITBUCKET_ACCESS_TOKEN $(error BITBUCKET_ACCESS_TOKEN not set) endif $(call bitbucket-upload,$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.tar.gz) $(call bitbucket-upload,$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.manifest.json) ifdef SIGN_ARCHIVE $(call bitbucket-upload,$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.tar.gz.asc) $(call bitbucket-upload,$(ARCHIVE_PATH_PREFIX)$$(git rev-parse --short HEAD)-$@.manifest.json.asc) endif ifdef SCAN $(call bitbucket-upload,test-reports/$(TAG_NAME_PREFIX)$$(git rev-parse --short HEAD)-$@.trivy.json) ifdef SIGN_SCAN $(call bitbucket-upload,test-reports/$(TAG_NAME_PREFIX)$$(git rev-parse --short HEAD)-$@.trivy.json.asc) endif # SIGN_SCAN endif # SCAN endif # PUBLISH_ARCHIVE endif # ARCHIVE ifdef PUBLISH docker push $(DOCKER_REGISTRY)/$(DOCKER_REPO_SLUG)/$@ docker push $(DOCKER_REGISTRY)/$(DOCKER_REPO_SLUG)/$@:$$(git rev-parse --short HEAD) endif