From db1843f4573f313f102249214e348dc9f0d45dc7 Mon Sep 17 00:00:00 2001 From: Tosone Date: Mon, 9 Oct 2023 04:58:38 +0800 Subject: [PATCH] :sparkles: Add sigma builder to image (#201) --- .github/workflows/e2e.yml | 3 +- Makefile | 82 +++++++++++++-------------------------- build/Dockerfile | 7 ++-- build/Dockerfile.builder | 2 - build/Dockerfile.debian | 9 ++--- build/Dockerfile.local | 12 ++---- 6 files changed, 40 insertions(+), 75 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index e5d1a9b6..f8ae6410 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -26,7 +26,8 @@ jobs: sudo service docker restart echo $DOCKER_HOST - make docker-build + docker buildx create --use + docker buildx build -f build/Dockerfile --platform linux/amd64 --progress plain --output type=docker,dest=- -t sigma:latest . | docker load - name: Run sigma run: | docker run --name sigma -v /var/run/docker.sock:/var/run/docker.sock -d -p 3000:3000 sigma:latest diff --git a/Makefile b/Makefile index 228d8b27..077874c8 100644 --- a/Makefile +++ b/Makefile @@ -1,26 +1,26 @@ -GOCMD = go -GOTEST = $(GOCMD) test -GOVET = $(GOCMD) vet -BINARY_NAME = sigma -VERSION ?= 0.0.0 -SERVICE_PORT ?= 3000 -DOCKER_REGISTRY ?= #if set it should finished by / -EXPORT_RESULT ?= false # for CI please set EXPORT_RESULT to true - -MIGRATION_NAME ?= - -SHELL := /bin/bash - -GREEN := $(shell tput -Txterm setaf 2) -YELLOW := $(shell tput -Txterm setaf 3) -WHITE := $(shell tput -Txterm setaf 7) -CYAN := $(shell tput -Txterm setaf 6) -RESET := $(shell tput -Txterm sgr0) - -GOLDFLAGS += -X github.com/go-sigma/sigma/cmd.version=$(shell git describe --tags --dirty --always) -GOLDFLAGS += -X github.com/go-sigma/sigma/cmd.buildDate=$(shell date -u '+%Y-%m-%dT%H:%M:%SZ') -GOLDFLAGS += -X github.com/go-sigma/sigma/cmd.gitHash=$(shell git rev-parse --short HEAD) -GOFLAGS = -ldflags '-s -w $(GOLDFLAGS)' +GOCMD = go +GOTEST = $(GOCMD) test +GOVET = $(GOCMD) vet +BINARY_NAME = sigma +VERSION ?= 0.0.0 +SERVICE_PORT ?= 3000 +DOCKER_REGISTRY ?= docker.io/tosone +DOCKER_PLATFORMS ?= linux/amd64,linux/arm64 + +MIGRATION_NAME ?= + +SHELL := /bin/bash + +GREEN := $(shell tput -Txterm setaf 2) +YELLOW := $(shell tput -Txterm setaf 3) +WHITE := $(shell tput -Txterm setaf 7) +CYAN := $(shell tput -Txterm setaf 6) +RESET := $(shell tput -Txterm sgr0) + +GOLDFLAGS += -X github.com/go-sigma/sigma/cmd.version=$(shell git describe --tags --dirty --always) +GOLDFLAGS += -X github.com/go-sigma/sigma/cmd.buildDate=$(shell date -u '+%Y-%m-%dT%H:%M:%SZ') +GOLDFLAGS += -X github.com/go-sigma/sigma/cmd.gitHash=$(shell git rev-parse --short HEAD) +GOFLAGS = -ldflags '-s -w $(GOLDFLAGS)' .PHONY: all test build vendor @@ -48,27 +48,6 @@ clean: ## Remove build related file vendor: ## Copy of all packages needed to support builds and tests in the vendor directory @$(GOCMD) mod tidy && $(GOCMD) mod vendor -watch: ## Run the code with cosmtrek/air to have automatic reload on changes - $(eval PACKAGE_NAME=$(shell head -n 1 go.mod | cut -d ' ' -f2)) - docker run -it --rm -w /go/src/$(PACKAGE_NAME) -v $(shell pwd):/go/src/$(PACKAGE_NAME) -p $(SERVICE_PORT):$(SERVICE_PORT) cosmtrek/air - -## Test: -test: ## Run the tests of the project -ifeq ($(EXPORT_RESULT), true) - GO111MODULE=off go get -u github.com/jstemmer/go-junit-report - $(eval OUTPUT_OPTIONS = | tee /dev/tty | go-junit-report -set-exit-code > junit-report.xml) -endif - $(GOTEST) -v -race ./... $(OUTPUT_OPTIONS) - -coverage: ## Run the tests of the project and export the coverage - $(GOTEST) -cover -covermode=count -coverprofile=profile.cov ./... - $(GOCMD) tool cover -func profile.cov -ifeq ($(EXPORT_RESULT), true) - GO111MODULE=off go get -u github.com/AlekSi/gocov-xml - GO111MODULE=off go get -u github.com/axw/gocov/gocov - gocov convert profile.cov | gocov-xml > coverage.xml -endif - ## Lint: lint: lint-go lint-dockerfile lint-yaml ## Run all available linters @@ -94,23 +73,16 @@ endif ## Docker: docker-build: ## Use the dockerfile to build the container - docker build -f build/Dockerfile --rm --tag $(BINARY_NAME) . + docker buildx build -f build/Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=image,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=true . docker-build-local: build-linux ## Build the container with the local binary - docker build -f build/Dockerfile.local --rm --tag $(BINARY_NAME) . + docker buildx build -f build/Dockerfile.local --platform $(DOCKER_PLATFORMS) --progress plain --output type=image,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=true . docker-build-builder: ## Build the dev container - docker build -f build/Dockerfile.builder --rm --tag $(BINARY_NAME)-builder . + docker buildx build -f build/Dockerfile.builder --platform $(DOCKER_PLATFORMS) --progress plain --output type=image,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=true . docker-build-builder-local: build-builder-linux # Build sigma builder image - docker build -f build/Dockerfile.builder.local --rm --tag $(BINARY_NAME)-builder . - -docker-release: ## Release the container with tag latest and version - docker tag $(BINARY_NAME) $(DOCKER_REGISTRY)$(BINARY_NAME):latest - docker tag $(BINARY_NAME) $(DOCKER_REGISTRY)$(BINARY_NAME):$(VERSION) - # Push the docker images - docker push $(DOCKER_REGISTRY)$(BINARY_NAME):latest - docker push $(DOCKER_REGISTRY)$(BINARY_NAME):$(VERSION) + docker buildx build -f build/Dockerfile.builder.local --platform $(DOCKER_PLATFORMS) --progress plain --output type=image,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=true . ## Format: format: sql-format diff --git a/build/Dockerfile b/build/Dockerfile index 3b012bed..e8befae8 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -15,7 +15,7 @@ RUN set -eux && yarn install --frozen-lockfile && yarn build FROM alpine:${ALPINE_VERSION} as syft ARG SYFT_VERSION=0.88.0 -ARG TARGETARCH=amd64 +ARG TARGETARCH RUN set -eux && \ apk add --no-cache wget && \ @@ -28,7 +28,7 @@ FROM alpine:${ALPINE_VERSION} as trivy ARG TRIVY_VERSION=0.44.1 ARG ORAS_VERSION=1.0.0 -ARG TARGETARCH=amd64 +ARG TARGETARCH RUN set -eux && \ apk add --no-cache wget && \ @@ -61,7 +61,7 @@ COPY --from=web-builder /web/dist /go/src/github.com/go-sigma/sigma/web/dist WORKDIR /go/src/github.com/go-sigma/sigma -RUN make build +RUN --mount=type=cache,target=/root/.cache/go-build make all FROM alpine:${ALPINE_VERSION} @@ -70,5 +70,6 @@ COPY --from=trivy /usr/local/bin/trivy /usr/local/bin/trivy COPY --from=trivy /opt/trivy/trivy.db /opt/trivy/db/trivy.db COPY ./conf/config.yaml /etc/sigma/config.yaml COPY --from=builder /go/src/github.com/go-sigma/sigma/bin/sigma /usr/local/bin/sigma +COPY --from=builder /go/src/github.com/go-sigma/sigma/bin/sigma-builder /usr/local/bin/sigma-builder CMD ["sigma", "server"] diff --git a/build/Dockerfile.builder b/build/Dockerfile.builder index 0ade8f7b..268c59b1 100644 --- a/build/Dockerfile.builder +++ b/build/Dockerfile.builder @@ -7,7 +7,6 @@ COPY . /go/src/github.com/go-sigma/sigma WORKDIR /go/src/github.com/go-sigma/sigma RUN set -eux && \ - sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories && \ apk add --no-cache make bash ncurses build-base git git-lfs RUN make build-builder @@ -16,7 +15,6 @@ FROM moby/buildkit:v0.12.2-rootless USER root RUN set -eux && \ - sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories && \ apk add --no-cache git-lfs && \ mkdir -p /code/ && \ chown -R 1000:1000 /opt/ && \ diff --git a/build/Dockerfile.debian b/build/Dockerfile.debian index 1b2aeb7a..49e828a1 100644 --- a/build/Dockerfile.debian +++ b/build/Dockerfile.debian @@ -16,7 +16,7 @@ RUN set -eux && yarn install --frozen-lockfile && yarn build FROM alpine:${ALPINE_VERSION} as syft ARG SYFT_VERSION=0.88.0 -ARG TARGETARCH=amd64 +ARG TARGETARCH RUN set -eux && \ apk add --no-cache wget && \ @@ -29,7 +29,7 @@ FROM alpine:${ALPINE_VERSION} as trivy ARG TRIVY_VERSION=0.44.1 ARG ORAS_VERSION=1.0.0 -ARG TARGETARCH=amd64 +ARG TARGETARCH RUN set -eux && \ apk add --no-cache wget && \ @@ -67,12 +67,10 @@ COPY --from=web-builder /web/dist /go/src/github.com/go-sigma/sigma/web/dist WORKDIR /go/src/github.com/go-sigma/sigma -RUN make build +RUN --mount=type=cache,target=/root/.cache/go-build make all FROM debian:${DEBIAN_VERSION} -ARG TARGETARCH=amd64 - RUN set -eux && \ apt-get update && \ apt-get install -y --no-install-recommends \ @@ -89,5 +87,6 @@ COPY --from=trivy /usr/local/bin/trivy /usr/local/bin/trivy COPY --from=trivy /opt/trivy/trivy.db /opt/trivy/db/trivy.db COPY ./conf/config.yaml /etc/sigma/config.yaml COPY --from=builder /go/src/github.com/go-sigma/sigma/bin/sigma /usr/local/bin/sigma +COPY --from=builder /go/src/github.com/go-sigma/sigma/bin/sigma-builder /usr/local/bin/sigma-builder CMD ["sigma", "server"] diff --git a/build/Dockerfile.local b/build/Dockerfile.local index d5cbec11..b49901f2 100644 --- a/build/Dockerfile.local +++ b/build/Dockerfile.local @@ -3,7 +3,7 @@ ARG ALPINE_VERSION=3.18 FROM alpine:${ALPINE_VERSION} as syft ARG SYFT_VERSION=0.88.0 -ARG TARGETARCH=amd64 +ARG TARGETARCH RUN set -eux && \ apk add --no-cache wget && \ @@ -16,7 +16,7 @@ FROM alpine:${ALPINE_VERSION} as trivy ARG TRIVY_VERSION=0.44.1 ARG ORAS_VERSION=1.0.0 -ARG TARGETARCH=amd64 +ARG TARGETARCH RUN set -eux && \ apk add --no-cache wget && \ @@ -41,18 +41,12 @@ RUN set -eux && \ FROM alpine:${ALPINE_VERSION} -RUN set -eux && \ - apk add --no-cache redis yq - COPY --from=syft /usr/local/bin/syft /usr/local/bin/syft COPY --from=trivy /usr/local/bin/trivy /usr/local/bin/trivy COPY --from=trivy /opt/trivy/trivy.db /opt/trivy/db/trivy.db COPY --from=trivy /opt/trivy/metadata.json /opt/trivy/db/metadata.json -COPY ./conf/redis.conf /etc/sigma/redis.conf COPY ./conf/config.yaml /etc/sigma/config.yaml -COPY ./build/entrypoint.sh /entrypoint.sh COPY ./bin/sigma /usr/local/bin/sigma - -ENTRYPOINT ["/entrypoint.sh"] +COPY ./bin/sigma-builder /usr/local/bin/sigma-builder CMD ["sigma", "server"]