From f06a3e6ca1b11fa94adbc4ff3daadbe5fe5fbf13 Mon Sep 17 00:00:00 2001 From: Dylan Murray Date: Mon, 29 Jun 2020 13:49:38 -0400 Subject: [PATCH] Dockerfile.ubi/travis local files add UBI dockerfiles Use numeric user for velero-restic-restore-helper Enable multiarch builds (#135) Use arm64-graviton2 for arm builds (#137) Add required keys for arm builds (#139) Update Travis build job to work w/o changes on new branches Use a full VM for arm Use numeric non-root user for nonroot SCC compatibility --- .travis.yml | 78 ++++++++++++++++++++++++++++ Dockerfile-velero-restore-helper.ubi | 14 +++++ Dockerfile.ubi | 23 ++++++++ 3 files changed, 115 insertions(+) create mode 100644 .travis.yml create mode 100644 Dockerfile-velero-restore-helper.ubi create mode 100644 Dockerfile.ubi diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000000..13365b48a5 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,78 @@ +os: linux +services: docker +dist: focal +language: go +go: stable + +env: + global: + - IMAGE1: quay.io/konveyor/velero + - IMAGE2: quay.io/konveyor/velero-restore-helper + - DEFAULT_BRANCH: konveyor-dev + - DOCKERFILE1: Dockerfile.ubi + - DOCKERFILE2: Dockerfile-velero-restore-helper.ubi + - DOCKER_CLI_EXPERIMENTAL: enabled + - GOPROXY: https://goproxy.io,direct + +before_install: +- | + if [ "${TRAVIS_BRANCH}" == "${DEFAULT_BRANCH}" ]; then + export TAG=latest + else + export TAG="${TRAVIS_BRANCH}" + fi + +# Builds routinely fail due to download failures inside alternate arch docker containers +# Here we are downloading outside the docker container and copying the deps in +# Also use -v for downloads/builds to stop no output failures from lxd env buffering. +before_script: +- go mod vendor -v +- git clone https://github.com/konveyor/restic -b ${TRAVIS_BRANCH} +- pushd restic; go mod vendor -v; popd +- sed -i 's|-mod=mod|-mod=vendor|g' ${DOCKERFILE1} +- sed -i 's|-mod=mod|-mod=vendor|g' ${DOCKERFILE2} +- sed -i 's|go build|go build -v|g' ${DOCKERFILE1} +- sed -i 's|go build|go build -v|g' ${DOCKERFILE2} +- sed -i 's|^RUN mkdir -p \$APP_ROOT/src/github.com/restic \\$|COPY --chown=1001 restic/ $APP_ROOT/src/github.com/restic/restic|g' ${DOCKERFILE1} +- sed -i 's|&& cd \$APP_ROOT/src/github.com/restic \\$||g' ${DOCKERFILE1} +- sed -i 's|&& git clone https://github.com/konveyor/restic -b .*$||g' ${DOCKERFILE1} + +script: +- docker build -t ${IMAGE1}:${TAG}-${TRAVIS_ARCH} -f ${DOCKERFILE1} . +- docker build -t ${IMAGE2}:${TAG}-${TRAVIS_ARCH} -f ${DOCKERFILE2} . +- if [ -n "${QUAY_ROBOT}" ]; then docker login quay.io -u "${QUAY_ROBOT}" -p ${QUAY_TOKEN}; fi +- if [ -n "${QUAY_ROBOT}" ]; then docker push ${IMAGE1}:${TAG}-${TRAVIS_ARCH}; fi +- if [ -n "${QUAY_ROBOT}" ]; then docker push ${IMAGE2}:${TAG}-${TRAVIS_ARCH}; fi + +jobs: + include: + - stage: build images + arch: ppc64le + - arch: s390x + - arch: arm64-graviton2 + virt: vm + group: edge + - arch: amd64 + - stage: push manifest + language: shell + arch: amd64 + before_script: [] + script: + - | + if [ -n "${QUAY_ROBOT}" ]; then + docker login quay.io -u "${QUAY_ROBOT}" -p ${QUAY_TOKEN} + docker manifest create \ + ${IMAGE1}:${TAG} \ + ${IMAGE1}:${TAG}-amd64 \ + ${IMAGE1}:${TAG}-ppc64le \ + ${IMAGE1}:${TAG}-s390x \ + ${IMAGE1}:${TAG}-aarch64 + docker manifest create \ + ${IMAGE2}:${TAG} \ + ${IMAGE2}:${TAG}-amd64 \ + ${IMAGE2}:${TAG}-ppc64le \ + ${IMAGE2}:${TAG}-s390x \ + ${IMAGE2}:${TAG}-aarch64 + docker manifest push ${IMAGE1}:${TAG} + docker manifest push ${IMAGE2}:${TAG} + fi diff --git a/Dockerfile-velero-restore-helper.ubi b/Dockerfile-velero-restore-helper.ubi new file mode 100644 index 0000000000..6ba5c1c33d --- /dev/null +++ b/Dockerfile-velero-restore-helper.ubi @@ -0,0 +1,14 @@ +FROM quay.io/konveyor/builder:latest AS builder +ENV GOPATH=$APP_ROOT +COPY . $APP_ROOT/src/github.com/vmware-tanzu/velero +WORKDIR $APP_ROOT/src/github.com/vmware-tanzu/velero +RUN CGO_ENABLED=0 GOOS=linux go build -a -mod=mod -ldflags '-extldflags "-static"' -o $APP_ROOT/src/velero-restore-helper github.com/vmware-tanzu/velero/cmd/velero-restore-helper + +FROM registry.access.redhat.com/ubi8-minimal +RUN microdnf -y update && microdnf clean all + +COPY --from=builder /opt/app-root/src/velero-restore-helper velero-restore-helper + +USER 65534:65534 + +ENTRYPOINT [ "/velero-restore-helper" ] diff --git a/Dockerfile.ubi b/Dockerfile.ubi new file mode 100644 index 0000000000..3f4999b7e6 --- /dev/null +++ b/Dockerfile.ubi @@ -0,0 +1,23 @@ +# TODO! Find a real ubi8 image for golang 1.16 +FROM quay.io/konveyor/builder:latest AS builder +ENV GOPATH=$APP_ROOT +COPY . /go/src/github.com/vmware-tanzu/velero +WORKDIR /go/src/github.com/vmware-tanzu/velero +RUN CGO_ENABLED=0 GOOS=linux go build -a -mod=mod -ldflags '-extldflags "-static" -X github.com/vmware-tanzu/velero/pkg/buildinfo.Version=konveyor-dev' -o /go/src/velero github.com/vmware-tanzu/velero/cmd/velero + +FROM quay.io/konveyor/builder:latest AS restic-builder +ENV GOPATH=$APP_ROOT +RUN mkdir -p $APP_ROOT/src/github.com/restic \ +&& cd $APP_ROOT/src/github.com/restic \ +&& git clone https://github.com/konveyor/restic -b konveyor-dev +WORKDIR $APP_ROOT/src/github.com/restic/restic +RUN CGO_ENABLED=0 GOOS=linux go build -a -mod=mod -ldflags '-extldflags "-static"' -o $APP_ROOT/src/restic github.com/restic/restic/cmd/restic + +FROM registry.access.redhat.com/ubi8-minimal +RUN microdnf -y update && microdnf -y install nmap-ncat && microdnf clean all +COPY --from=builder /go/src/velero velero +COPY --from=restic-builder /opt/app-root/src/restic /usr/bin/restic + +USER 65534:65534 + +ENTRYPOINT ["/velero"]