Skip to content

Commit

Permalink
update pipelines
Browse files Browse the repository at this point in the history
  • Loading branch information
JasonPowr committed Feb 13, 2024
1 parent 52c6e63 commit 508b2e8
Show file tree
Hide file tree
Showing 10 changed files with 118 additions and 73 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -8,24 +8,24 @@ metadata:
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
== "redhat-v1.3"
== "main"
creationTimestamp: null
labels:
appstudio.openshift.io/application: rekor-1-0-gamma
appstudio.openshift.io/component: backfill-redis-1-0-gamma
appstudio.openshift.io/application: rekor
appstudio.openshift.io/component: backfill-redis
pipelines.appstudio.openshift.io/type: build
name: backfill-redis-1-0-gamma-on-pull-request
name: backfill-redis-on-pull-request
namespace: rhtas-tenant
spec:
params:
- name: dockerfile
value: Dockerfile.backfill-redis
value: Dockerfile.backfill-redis.rh
- name: git-url
value: '{{repo_url}}'
- name: image-expires-after
value: 5d
- name: output-image
value: quay.io/redhat-user-workloads/rhtas-tenant/rekor-1-0-gamma/backfill-redis-1-0-gamma:on-pr-{{revision}}
value: quay.io/redhat-user-workloads/rhtas-tenant/rekor/backfill-redis:on-pr-{{revision}}
- name: path-context
value: .
- name: revision
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,22 +7,22 @@ metadata:
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
== "redhat-v1.3"
== "main"
creationTimestamp: null
labels:
appstudio.openshift.io/application: rekor-1-0-gamma
appstudio.openshift.io/component: rekor-server-1-0-gamma
appstudio.openshift.io/application: rekor
appstudio.openshift.io/component: backfill-redis
pipelines.appstudio.openshift.io/type: build
name: rekor-server-1-0-gamma-on-push
name: backfill-redis-on-push
namespace: rhtas-tenant
spec:
params:
- name: dockerfile
value: Dockerfile
value: Dockerfile.backfill-redis.rh
- name: git-url
value: '{{repo_url}}'
- name: output-image
value: quay.io/redhat-user-workloads/rhtas-tenant/rekor-1-0-gamma/rekor-server-1-0-gamma:{{revision}}
value: quay.io/redhat-user-workloads/rhtas-tenant/rekor/backfill-redis:{{revision}}
- name: path-context
value: .
- name: revision
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,24 +8,24 @@ metadata:
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
== "redhat-v1.3"
== "main"
creationTimestamp: null
labels:
appstudio.openshift.io/application: cli-1-0-gamma
appstudio.openshift.io/component: rekor-cli-1-3
appstudio.openshift.io/application: rekor
appstudio.openshift.io/component: rekor-cli
pipelines.appstudio.openshift.io/type: build
name: rekor-cli-1-3-on-pull-request
name: rekor-cli-on-pull-request
namespace: rhtas-tenant
spec:
params:
- name: dockerfile
value: Dockerfile.cli
value: Dockerfile.rekor-cli.rh
- name: git-url
value: '{{repo_url}}'
- name: image-expires-after
value: 5d
- name: output-image
value: quay.io/redhat-user-workloads/rhtas-tenant/cli-1-0-gamma/rekor-cli-1-3:on-pr-{{revision}}
value: quay.io/redhat-user-workloads/rhtas-tenant/rekor/rekor-cli:on-pr-{{revision}}
- name: path-context
value: .
- name: revision
Expand Down
12 changes: 6 additions & 6 deletions .tekton/rekor-cli-1-3-push.yaml → .tekton/rekor-cli-push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,22 +7,22 @@ metadata:
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
== "redhat-v1.3"
== "main"
creationTimestamp: null
labels:
appstudio.openshift.io/application: cli-1-0-gamma
appstudio.openshift.io/component: rekor-cli-1-3
appstudio.openshift.io/application: rekor
appstudio.openshift.io/component: rekor-cli
pipelines.appstudio.openshift.io/type: build
name: rekor-cli-1-3-on-push
name: rekor-cli-on-push
namespace: rhtas-tenant
spec:
params:
- name: dockerfile
value: Dockerfile.cli
value: Dockerfile.rekor-cli.rh
- name: git-url
value: '{{repo_url}}'
- name: output-image
value: quay.io/redhat-user-workloads/rhtas-tenant/cli-1-0-gamma/rekor-cli-1-3:{{revision}}
value: quay.io/redhat-user-workloads/rhtas-tenant/rekor/rekor-cli:{{revision}}
- name: path-context
value: .
- name: revision
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,24 +8,24 @@ metadata:
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
== "redhat-v1.3"
== "main"
creationTimestamp: null
labels:
appstudio.openshift.io/application: rekor-1-0-gamma
appstudio.openshift.io/component: rekor-server-1-0-gamma
appstudio.openshift.io/application: rekor
appstudio.openshift.io/component: rekor-server
pipelines.appstudio.openshift.io/type: build
name: rekor-server-1-0-gamma-on-pull-request
name: rekor-server-on-pull-request
namespace: rhtas-tenant
spec:
params:
- name: dockerfile
value: Dockerfile
value: Dockerfile.rekor-server.rh
- name: git-url
value: '{{repo_url}}'
- name: image-expires-after
value: 5d
- name: output-image
value: quay.io/redhat-user-workloads/rhtas-tenant/rekor-1-0-gamma/rekor-server-1-0-gamma:on-pr-{{revision}}
value: quay.io/redhat-user-workloads/rhtas-tenant/rekor/rekor-server:on-pr-{{revision}}
- name: path-context
value: .
- name: revision
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,22 +7,22 @@ metadata:
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
== "redhat-v1.3"
== "main"
creationTimestamp: null
labels:
appstudio.openshift.io/application: rekor-1-0-gamma
appstudio.openshift.io/component: backfill-redis-1-0-gamma
appstudio.openshift.io/application: rekor
appstudio.openshift.io/component: rekor-server
pipelines.appstudio.openshift.io/type: build
name: backfill-redis-1-0-gamma-on-push
name: rekor-server-on-push
namespace: rhtas-tenant
spec:
params:
- name: dockerfile
value: Dockerfile.backfill-redis
value: Dockerfile.rekor-server.rh
- name: git-url
value: '{{repo_url}}'
- name: output-image
value: quay.io/redhat-user-workloads/rhtas-tenant/rekor-1-0-gamma/backfill-redis-1-0-gamma:{{revision}}
value: quay.io/redhat-user-workloads/rhtas-tenant/rekor/rekor-server:{{revision}}
- name: path-context
value: .
- name: revision
Expand Down
43 changes: 6 additions & 37 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,9 @@ FROM golang:1.21.6@sha256:7b575fe0d9c2e01553b04d9de8ffea6d35ca3ab3380d2a8db2acc8
ENV APP_ROOT=/opt/app-root
ENV GOPATH=$APP_ROOT


WORKDIR $APP_ROOT/src/
ADD go.mod go.sum $APP_ROOT/src/
RUN CGO_ENABLED=0 go mod download
RUN go mod download

# Add source code
ADD ./cmd/ $APP_ROOT/src/cmd/
Expand All @@ -41,42 +40,12 @@ COPY --from=builder /opt/app-root/src/rekor-server /usr/local/bin/rekor-server
CMD ["rekor-server", "serve"]

# debug compile options & debugger
FROM registry.access.redhat.com/ubi9/go-toolset@sha256:330c52d81d5bde432fb59c4943fcb5143940ceb460f99c1ac8e0a9ea1f8f77e8 as debug
RUN go install github.com/go-delve/delve/cmd/dlv@v1.8.0
FROM deploy as debug
RUN go install github.com/go-delve/delve/cmd/dlv@v1.21.0

# overwrite server and include debugger
COPY --from=build-env /opt/app-root/src/rekor-server_debug /usr/local/bin/rekor-server

FROM registry.access.redhat.com/ubi9/go-toolset@sha256:330c52d81d5bde432fb59c4943fcb5143940ceb460f99c1ac8e0a9ea1f8f77e8 as test

USER root

# Extract the x86_64 minisign binary to /usr/local/bin/
RUN curl -LO https://github.com/jedisct1/minisign/releases/download/0.11/minisign-0.11-linux.tar.gz && \
tar -xzf minisign-0.11-linux.tar.gz minisign-linux/x86_64/minisign -O > /usr/local/bin/minisign && \
chmod +x /usr/local/bin/minisign && \
rm minisign-0.11-linux.tar.gz

# Create test directory
RUN mkdir -p /var/run/attestations && \
touch /var/run/attestations/attestation.json && \
chmod 777 /var/run/attestations/attestation.json
COPY --from=builder /opt/app-root/src/rekor-server_debug /usr/local/bin/rekor-server

FROM deploy as test
# overwrite server with test build with code coverage
COPY --from=build-env /opt/app-root/src/rekor-server_test /usr/local/bin/rekor-server

# Multi-Stage production build
FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:06d06f15f7b641a78f2512c8817cbecaa1bf549488e273f5ac27ff1654ed33f0 as deploy

LABEL description="Rekor aims to provide an immutable, tamper-resistant ledger of metadata generated within a software project’s supply chain."
LABEL io.k8s.description="Rekor-Server provides a tamper resistant ledger."
LABEL io.k8s.display-name="Rekor-Server container image for Red Hat Trusted Signer"
LABEL io.openshift.tags="rekor-server trusted-signer"
LABEL summary="Provides the rekor Server binary for running Rekor-Server"
LABEL com.redhat.component="rekor-server"

# Retrieve the binary from the previous stage
COPY --from=build-env /opt/app-root/src/rekor-server /usr/local/bin/rekor-server

# Set the binary as the entrypoint of the container
ENTRYPOINT ["rekor-server"]
COPY --from=builder /opt/app-root/src/rekor-server_test /usr/local/bin/rekor-server
File renamed without changes.
File renamed without changes.
76 changes: 76 additions & 0 deletions Dockerfile.rekor-server.rh
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
#
# Copyright 2021 The Sigstore Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_1.21@sha256:98a0ff138c536eee98704d6909699ad5d0725a20573e2c510a60ef462b45cce0 AS build-env

RUN mkdir /opt/app-root && mkdir /opt/app-root/src && mkdir /opt/app-root/src/cmd && mkdir /opt/app-root/src/pkg && git config --global --add safe.directory /opt/app-root/src

ENV APP_ROOT=/opt/app-root
ENV GOPATH=$APP_ROOT


WORKDIR $APP_ROOT/src/
ADD go.mod go.sum $APP_ROOT/src/
RUN CGO_ENABLED=0 go mod download

# Add source code
ADD ./cmd/ $APP_ROOT/src/cmd/
ADD ./pkg/ $APP_ROOT/src/pkg/

ARG SERVER_LDFLAGS
RUN go build -ldflags "${SERVER_LDFLAGS}" -mod=readonly ./cmd/rekor-server
RUN CGO_ENABLED=0 go build -gcflags "all=-N -l" -ldflags "${SERVER_LDFLAGS}" -o rekor-server_debug -mod=readonly ./cmd/rekor-server
RUN go test -c -ldflags "${SERVER_LDFLAGS}" -cover -covermode=count -coverpkg=./... -o rekor-server_test -mod=readonly ./cmd/rekor-server

# debug compile options & debugger
FROM registry.access.redhat.com/ubi9/go-toolset@sha256:330c52d81d5bde432fb59c4943fcb5143940ceb460f99c1ac8e0a9ea1f8f77e8 as debug
RUN go install github.com/go-delve/delve/cmd/[email protected]

# overwrite server and include debugger
COPY --from=build-env /opt/app-root/src/rekor-server_debug /usr/local/bin/rekor-server

FROM registry.access.redhat.com/ubi9/go-toolset@sha256:330c52d81d5bde432fb59c4943fcb5143940ceb460f99c1ac8e0a9ea1f8f77e8 as test

USER root

# Extract the x86_64 minisign binary to /usr/local/bin/
RUN curl -LO https://github.com/jedisct1/minisign/releases/download/0.11/minisign-0.11-linux.tar.gz && \
tar -xzf minisign-0.11-linux.tar.gz minisign-linux/x86_64/minisign -O > /usr/local/bin/minisign && \
chmod +x /usr/local/bin/minisign && \
rm minisign-0.11-linux.tar.gz

# Create test directory
RUN mkdir -p /var/run/attestations && \
touch /var/run/attestations/attestation.json && \
chmod 777 /var/run/attestations/attestation.json

# overwrite server with test build with code coverage
COPY --from=build-env /opt/app-root/src/rekor-server_test /usr/local/bin/rekor-server

# Multi-Stage production build
FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:06d06f15f7b641a78f2512c8817cbecaa1bf549488e273f5ac27ff1654ed33f0 as deploy

LABEL description="Rekor aims to provide an immutable, tamper-resistant ledger of metadata generated within a software project’s supply chain."
LABEL io.k8s.description="Rekor-Server provides a tamper resistant ledger."
LABEL io.k8s.display-name="Rekor-Server container image for Red Hat Trusted Signer"
LABEL io.openshift.tags="rekor-server trusted-signer"
LABEL summary="Provides the rekor Server binary for running Rekor-Server"
LABEL com.redhat.component="rekor-server"

# Retrieve the binary from the previous stage
COPY --from=build-env /opt/app-root/src/rekor-server /usr/local/bin/rekor-server

# Set the binary as the entrypoint of the container
ENTRYPOINT ["rekor-server"]

0 comments on commit 508b2e8

Please sign in to comment.