Merge pull request #8 from quay/add-podman-client

Add podman client support
quay · Nov 30, 2020 · 42d8d5e · 42d8d5e
2 parents c3ea8ed + bc91f40
commit 42d8d5e
Show file tree

Hide file tree

Showing 25 changed files with 1,124 additions and 419 deletions.
diff --git a/Dockerfile.alpine b/Dockerfile.alpine
@@ -1,20 +1,21 @@
-FROM golang:1.12-alpine3.9 as build
+FROM golang:1.15-alpine3.12 as build
+
+ARG BUILDER_SRC
 
-ARG BUILDER_SRC=github.com/quay/quay-builder
 RUN apk --no-cache add build-base git
 COPY . /go/src/${BUILDER_SRC}
-RUN cd /go/src/${BUILDER_SRC} && make && make install
+RUN cd /go/src/${BUILDER_SRC} && make build
 
-################################################################################
 
-FROM alpine:3.9
+FROM alpine:3.12
 
-RUN apk --no-cache upgrade # 2019-03-19
+ARG BUILDER_SRC
 
+RUN apk --no-cache upgrade
 RUN apk --no-cache add --virtual .runtime-deps \
   ca-certificates git openssh-client perl
 
-COPY --from=build /go/bin/quay-builder /usr/local/bin
+COPY --from=build /go/src/${BUILDER_SRC}/bin/quay-builder /usr/local/bin
 
 COPY buildpack/ssh-git.sh /
 ADD load_extra_ca.alpine.sh /load_extra_ca.sh

diff --git a/Dockerfile.centos7 → Dockerfile.centos b/Dockerfile.centos7 → Dockerfile.centos
@@ -1,35 +1,35 @@
-FROM centos:7 AS build
-LABEL maintainer "Sida Chen <sidchen@redhat.com>"
+FROM centos:8 AS build
+LABEL maintainer "Quay devel<quay-devel@redhat.com>"
 
-# Install Golang by retrieving the binary
-ENV GO_VERSION=1.12.1
+ARG BUILDER_SRC
+
+ENV GO_VERSION=1.15.2
 ENV GO_OS=linux
 ENV GO_ARCH=amd64
-ENV GO_HASH=2a3fdabf665496a0db5f41ec6af7a9b15a49fbe71a85a50ca38b1f13a103aeec
+ENV GOPATH=/go
+
 RUN curl https://dl.google.com/go/go${GO_VERSION}.${GO_OS}-${GO_ARCH}.tar.gz --output go.tar.gz
-RUN echo ${GO_HASH} go.tar.gz > GOCHECKSUM
-RUN sha256sum -c GOCHECKSUM
 RUN tar -C /usr/local -xzf go.tar.gz > /dev/null
-ENV GOPATH=/go
 ENV PATH=$PATH:/usr/local/go/bin:${GOPATH}/bin
 
-# Verify go verion
 RUN go version
 
-ARG BUILDER_SRC=github.com/quay/quay-builder
-
-# Install dependencies
 RUN yum install -y --setopt=tsflags=nodocs --setopt=skip_missing_names_on_install=False git perl wget make gcc
+RUN dnf --enablerepo=PowerTools install -y gpgme-devel
 
 COPY . /go/src/${BUILDER_SRC}
-RUN cd /go/src/${BUILDER_SRC} && make && make install
+RUN cd /go/src/${BUILDER_SRC} && make build
+
 
-FROM centos:7
-LABEL maintainer "[email protected]"
+FROM centos:8
+LABEL maintainer "Quay devel<[email protected]>"
+
+ARG BUILDER_SRC
 
 RUN yum install -y --setopt=tsflags=nodocs --setopt=skip_missing_names_on_install=False git perl
+RUN dnf --enablerepo=PowerTools install -y gpgme-devel
 
-COPY --from=build /go/bin/quay-builder /usr/local/bin
+COPY --from=build /go/src/${BUILDER_SRC}/bin/quay-builder /usr/local/bin
 
 COPY buildpack/ssh-git.sh /
 ADD load_extra_ca.rhel.sh /load_extra_ca.sh
@@ -39,4 +39,3 @@ VOLUME ["/tmp"]
 VOLUME [ "/certs" ]
 
 ENTRYPOINT ["sh", "/entrypoint.sh"]
-
diff --git a/Dockerfile.rhel7 b/Dockerfile.rhel7
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-.PHONY: dep test bin/quay-builder
+.PHONY: vendor test bin/quay-builder
 
 PROJECT   ?= quay-builder
 ORG_PATH  ?= github.com/quay
@@ -8,31 +8,28 @@ VERSION   ?= $(shell ./scripts/git-version)
 LD_FLAGS  ?= "-w -X $(REPO_PATH)/version.Version=$(VERSION)"
 IMAGE_TAG ?= latest
 SUBSCRIPTION_KEY ?= subscription.pem
+BUILD_TAGS ?= 'btrfs_noversion exclude_graphdriver_btrfs exclude_graphdriver_devicemapper containers_image_openpgp'
+BUILDER_SRC ?= 'github.com/quay/quay-builder'
 
-all: dep test build
+all: vendor test build
 
-dep:
-	@GO111MODULE=on go mod vendor
+vendor:
+	@go mod vendor
 
-test: dep
+test: vendor
 	@go vet ./...
 	@go test -v ./...
 
-build: dep bin/quay-builder
+build: bin/quay-builder
 
 bin/quay-builder:
-	@go build -ldflags $(LD_FLAGS) -o bin/quay-builder \
-	  $(REPO_PATH)/cmd/quay-builder
+	CGO_ENABLED=0 go build -ldflags $(LD_FLAGS) -o bin/quay-builder -tags $(BUILD_TAGS) $(REPO_PATH)/cmd/quay-builder
 
 install:
-	@go install -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/quay-builder
+	go install -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/quay-builder
 
-build-centos7:
-	docker build -f Dockerfile.centos7 -t $(IMAGE):$(IMAGE_TAG)-centos7 .
-
-build-rhel7:
-	docker build -f Dockerfile.rhel7 -t $(IMAGE):$(IMAGE_TAG)-rhel7 . \
-		--build-arg SUBSCRIPTION_KEY=$(SUBSCRIPTION_KEY)
+build-centos:
+	docker build --build-arg=BUILDER_SRC=$(BUILDER_SRC) -f Dockerfile.centos -t $(IMAGE):$(IMAGE_TAG)-centos .
 
 build-alpine:
-	docker build -f Dockerfile.alpine -t $(IMAGE):$(IMAGE_TAG)-alpine .
+	docker build --build-arg=BUILDER_SRC=$(BUILDER_SRC) -f Dockerfile.alpine -t $(IMAGE):$(IMAGE_TAG)-alpine .
diff --git a/README.md b/README.md
@@ -5,11 +5,9 @@ This repository is for an automated build worker for a Quay.
 ## Architecture
 
 There is a client/server relationship between builder and the management server.
-Clients connect using a standard websocket RPC/pubsub subprotocol called [WAMP](http://wamp.ws).
-There are two modes in which builders can operate: enterprise and hosted.
-Enterprise builders are designed to be long-running processes on the given machine that will be trusted forever.
-In this mode a builder connect to a Build Manager and indefinitely loop completing available work.
-Hosted builders are designed to be dynamically created and connect to the management server for a single build and then disappear.
+Builders are created and connect to the build manager using the GRPC protocol.
+Builders are designed to be dynamically created and connect to the management server for a single build and then disappear,
+generally on some control plane such as K8s or AWS.
 
 ## Building the builder
 
@@ -20,21 +18,23 @@ make build
 
 ## Running the builder
 
-### Enterprise
+### Environment variables
 
-Only an endpoint is required as all other parameters for building are acquired from a Build Manager on a per build basis.
+The builders are bootstrapped and configured using environment variables. These are set when created by the build manager.
+The parameters necessary for the actual build are obtained in a subsequent call to the build manager's API
 
-```sh
-ENDPOINT="ws://localhost:8787" ./quay-builder
-```
+`CONTAINER_RUNTIME`: "podman" or "docker"
+`DOCKER_HOST`: The container runtime socket. Defaults to "unix:///var/run/docker.sock"
+`TOKEN`: The registration token needed to get the build args from the build manager
+`SERVER`: The build manager's GRPC endpoint. Format: <host>:<port>
+`TLS_CERT_PATH`: TLS cert file path (optional)
+`INSECURE`: "true" or "false". Of "true" attempt to connect to the build manager without tls.
 
-### Hosted
+### Container runtimes
 
-A token and realm must be provided at launch in order to identify a particular build or else it will be rejected by a Build Manager.
-
-```sh
-TOKEN="sometoken" ENDPOINT="ws://localhost:8787" REALM="builder-realm" ./quay-builder
-```
+The builder supports Docker and Podman/Buildah to run the builds. The runtime is specified using the `CONTAINER_RUNTIME` and `DOCKER_HOST`.
+If these ENV variables are not set, `CONTAINER_RUNTIME` and `DOCKER_HOST` will be set to "docker" and "unix:///var/run/docker.sock", respectively.
+If `CONTAINER_RUNTIME` is set to "podman", it is expected that `DOCKER_HOST` is set to podman's equivalent to the docker's docker. e.g unix:///var/run/podman.sock
 
 ## Building the builder image
 
@@ -48,33 +48,16 @@ and the built image will be tagged with
 ```
 <IMAGE>:<IMAGE_TAG>-<base image name>
 ```
-where the `<base image name>` can be either `alpine` or `rhel7`.
+where the `<base image name>` can be either `alpine` or `centos`.
 
 ### Building Alpine based image:
 ```sh
-make build-alpine-image
+make build-alpine
 ```
-This generates image with tag `quay.io/quay/quay-builder:latest-alpine`.
+This generates image with tag `quay.io/projectquay/quay-builder:latest-alpine`.
 
-### Building RHEL based image 
-It requires certificate key and requires enabling `--squash` experimental feature
+### Building CentOS based image:
 ```sh
-make build-rhel7-image SUBSCRIPTION_KEY=<path to your key file (PEM)>
-```
-This generates image with tag `quay.io/quay/quay-builder:latest-rhel7`.
-
-## Running the builder image
-
-Running alpine based image or rhel based image requires the same parameters but different image.
-
-**Please Notice** that quay builder uses the host machine's docker.sock to pull/push/build images and therefore, the docker machine must be able to reach the Quay host. You can debug by pushing a image to quay instance.
-
-### Pointing to Quay without TLS
-```
-docker run --restart on-failure -e SERVER=ws://myquayserver:8787 -v /var/run/docker.sock:/var/run/docker.sock quay.io/quay/quay-builder:latest-alpine
-```
-
-### Pointing to Quay with TLS
-```
-docker run --restart on-failure -e SERVER=wss://myquayserver:8787 -v /var/run/docker.sock:/var/run/docker.sock -v /path/to/customCA/rootCA.pem:/certs/rootCA.pem quay.io/quay/quay-builder:latest-alpine
+make build-centos
 ```
+This generates image with tag `quay.io/projectquay/quay-builder:latest-centos`.