From 3ddb9ff43f3235f73dcd465f599d52110313701c Mon Sep 17 00:00:00 2001 From: Sascha Schwarze Date: Sat, 11 Nov 2023 21:43:43 +0100 Subject: [PATCH] Cleanup Buildpacks strategies --- docs/buildstrategies.md | 18 +- .../buildrun/resources/taskrun_test.go | 2 +- ...gy_buildah_shipwright_managed_push_cr.yaml | 204 ------------------ ...tegy_buildah_strategy_managed_push_cr.yaml | 204 ------------------ .../buildkit/buildstrategy_buildkit_cr.yaml | 170 --------------- ...buildstrategy_buildpacks-v3-heroku_cr.yaml | 100 --------- ...gy_buildpacks-v3-heroku_namespaced_cr.yaml | 100 --------- .../buildstrategy_buildpacks-v3_cr.yaml | 100 --------- ...dstrategy_buildpacks-v3_namespaced_cr.yaml | 100 --------- .../kaniko/buildstrategy_kaniko-trivy_cr.yaml | 82 ------- .../kaniko/buildstrategy_kaniko_cr.yaml | 56 ----- .../buildstrategy/ko/buildstrategy_ko_cr.yaml | 116 ---------- ...ildstrategy_source-to-image-redhat_cr.yaml | 151 ------------- .../buildstrategy_source-to-image_cr.yaml | 69 ------ test/v1alpha1_samples/build_samples.go | 6 +- test/v1beta1_samples/build_samples.go | 6 +- 16 files changed, 18 insertions(+), 1466 deletions(-) delete mode 100644 samples/v1alpha1/buildstrategy/buildstrategy/buildah/buildstrategy_buildah_shipwright_managed_push_cr.yaml delete mode 100644 samples/v1alpha1/buildstrategy/buildstrategy/buildah/buildstrategy_buildah_strategy_managed_push_cr.yaml delete mode 100644 samples/v1alpha1/buildstrategy/buildstrategy/buildkit/buildstrategy_buildkit_cr.yaml delete mode 100644 samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml delete mode 100644 samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml delete mode 100644 samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml delete mode 100644 samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml delete mode 100644 samples/v1alpha1/buildstrategy/buildstrategy/kaniko/buildstrategy_kaniko-trivy_cr.yaml delete mode 100644 samples/v1alpha1/buildstrategy/buildstrategy/kaniko/buildstrategy_kaniko_cr.yaml delete mode 100644 samples/v1alpha1/buildstrategy/buildstrategy/ko/buildstrategy_ko_cr.yaml delete mode 100644 samples/v1alpha1/buildstrategy/buildstrategy/source-to-image/buildstrategy_source-to-image-redhat_cr.yaml delete mode 100644 samples/v1alpha1/buildstrategy/buildstrategy/source-to-image/buildstrategy_source-to-image_cr.yaml diff --git a/docs/buildstrategies.md b/docs/buildstrategies.md index e22b17eb38..e099b30e83 100644 --- a/docs/buildstrategies.md +++ b/docs/buildstrategies.md @@ -99,25 +99,29 @@ kubectl apply -f samples/v1beta1/buildstrategy/buildah/buildstrategy_buildah_str ## Buildpacks v3 -The [buildpacks-v3][buildpacks] BuildStrategy/ClusterBuildStrategy uses a Cloud Native Builder ([CNB][cnb]) container image, and is able to implement [lifecycle commands][lifecycle]. The following CNB images are the most common options: - -- [`heroku/buildpacks:18`][hubheroku] -- [`cloudfoundry/cnb:bionic`][hubcloudfoundry] -- [`docker.io/paketobuildpacks/builder:full`](https://hub.docker.com/r/paketobuildpacks/builder/tags) +The [buildpacks-v3][buildpacks] BuildStrategy/ClusterBuildStrategy uses a Cloud Native Builder ([CNB][cnb]) container image, and is able to implement [lifecycle commands][lifecycle]. ### Installing Buildpacks v3 Strategy You can install the `BuildStrategy` in your namespace or install the `ClusterBuildStrategy` at cluster scope so that it can be shared across namespaces. -To install the cluster scope strategy, use (below is a heroku example, you can also use paketo sample): +To install the cluster scope strategy, you can chose between the Paketo and Heroku buildpacks family: ```sh +# Paketo +kubectl apply -f samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml + +# Heroku kubectl apply -f samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml ``` -To install the namespaced scope strategy, use: +To install the namespaced scope strategy, you can chose between the Paketo and Heroku buildpacks family: ```sh +# Paketo +kubectl apply -f samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml + +# Heroku kubectl apply -f samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml ``` diff --git a/pkg/reconciler/buildrun/resources/taskrun_test.go b/pkg/reconciler/buildrun/resources/taskrun_test.go index fd1bffe612..521d3f046c 100644 --- a/pkg/reconciler/buildrun/resources/taskrun_test.go +++ b/pkg/reconciler/buildrun/resources/taskrun_test.go @@ -421,7 +421,7 @@ var _ = Describe("GenerateTaskrun", func() { namespace = "build-test" contextDir = "docker-build" builderImage = &buildv1alpha1.Image{ - Image: "heroku/buildpacks:18", + Image: "heroku/builder:22", } outputPath = "image-registry.openshift-image-registry.svc:5000/example/buildpacks-app" outputPathBuildRun = "image-registry.openshift-image-registry.svc:5000/example/buildpacks-app-v2" diff --git a/samples/v1alpha1/buildstrategy/buildstrategy/buildah/buildstrategy_buildah_shipwright_managed_push_cr.yaml b/samples/v1alpha1/buildstrategy/buildstrategy/buildah/buildstrategy_buildah_shipwright_managed_push_cr.yaml deleted file mode 100644 index 4845cb5d81..0000000000 --- a/samples/v1alpha1/buildstrategy/buildstrategy/buildah/buildstrategy_buildah_shipwright_managed_push_cr.yaml +++ /dev/null @@ -1,204 +0,0 @@ ---- -apiVersion: shipwright.io/v1alpha1 -kind: ClusterBuildStrategy -metadata: - name: buildah-shipwright-managed-push -spec: - buildSteps: - - name: build - image: quay.io/containers/buildah:v1.32.2 - workingDir: $(params.shp-source-root) - securityContext: - privileged: true - command: - - /bin/bash - args: - - -c - - | - set -euo pipefail - - # Parse parameters - context= - dockerfile= - image= - target= - buildArgs=() - inBuildArgs=false - registriesBlock="" - inRegistriesBlock=false - registriesInsecure="" - inRegistriesInsecure=false - registriesSearch="" - inRegistriesSearch=false - while [[ $# -gt 0 ]]; do - arg="$1" - shift - - if [ "${arg}" == "--context" ]; then - inBuildArgs=false - inRegistriesBlock=false - inRegistriesInsecure=false - inRegistriesSearch=false - context="$1" - shift - elif [ "${arg}" == "--dockerfile" ]; then - inBuildArgs=false - inRegistriesBlock=false - inRegistriesInsecure=false - inRegistriesSearch=false - dockerfile="$1" - shift - elif [ "${arg}" == "--image" ]; then - inBuildArgs=false - inRegistriesBlock=false - inRegistriesInsecure=false - inRegistriesSearch=false - image="$1" - shift - elif [ "${arg}" == "--target" ]; then - inBuildArgs=false - inRegistriesBlock=false - inRegistriesInsecure=false - inRegistriesSearch=false - target="$1" - shift - elif [ "${arg}" == "--build-args" ]; then - inBuildArgs=true - inRegistriesBlock=false - inRegistriesInsecure=false - inRegistriesSearch=false - elif [ "${arg}" == "--registries-block" ]; then - inRegistriesBlock=true - inBuildArgs=false - inRegistriesInsecure=false - inRegistriesSearch=false - elif [ "${arg}" == "--registries-insecure" ]; then - inRegistriesInsecure=true - inBuildArgs=false - inRegistriesBlock=false - inRegistriesSearch=false - elif [ "${arg}" == "--registries-search" ]; then - inRegistriesSearch=true - inBuildArgs=false - inRegistriesBlock=false - inRegistriesInsecure=false - elif [ "${inBuildArgs}" == "true" ]; then - buildArgs+=("--build-arg" "${arg}") - elif [ "${inRegistriesBlock}" == "true" ]; then - registriesBlock="${registriesBlock}'${arg}', " - elif [ "${inRegistriesInsecure}" == "true" ]; then - registriesInsecure="${registriesInsecure}'${arg}', " - elif [ "${inRegistriesSearch}" == "true" ]; then - registriesSearch="${registriesSearch}'${arg}', " - else - echo "Invalid usage" - exit 1 - fi - done - - # Verify the existence of the context directory - if [ ! -d "${context}" ]; then - echo -e "The context directory '${context}' does not exist." - echo -n "ContextDirNotFound" > '$(results.shp-error-reason.path)' - echo -n "The context directory '${context}' does not exist." > '$(results.shp-error-message.path)' - exit 1 - fi - cd "${context}" - - # Verify the existence of the Dockerfile - if [ ! -f "${dockerfile}" ]; then - echo -e "The Dockerfile '${dockerfile}' does not exist." - echo -n "DockerfileNotFound" > '$(results.shp-error-reason.path)' - echo -n "The Dockerfile '${dockerfile}' does not exist." > '$(results.shp-error-message.path)' - exit 1 - fi - - echo "[INFO] Creating registries config file..." - if [ "${registriesSearch}" != "" ]; then - cat <>/tmp/registries.conf - [registries.search] - registries = [${registriesSearch::-2}] - - EOF - fi - if [ "${registriesInsecure}" != "" ]; then - cat <>/tmp/registries.conf - [registries.insecure] - registries = [${registriesInsecure::-2}] - - EOF - fi - if [ "${registriesBlock}" != "" ]; then - cat <>/tmp/registries.conf - [registries.block] - registries = [${registriesBlock::-2}] - - EOF - fi - - # Building the image - echo "[INFO] Building image ${image}" - buildah --storage-driver=$(params.storage-driver) \ - bud "${buildArgs[@]}" \ - --registries-conf=/tmp/registries.conf \ - --tag="${image}" \ - --file="${dockerfile}" \ - . - - # Write the image - echo "[INFO] Writing image ${image}" - buildah --storage-driver=$(params.storage-driver) push \ - "${image}" \ - "oci:${target}" - # That's the separator between the shell script and its args - - -- - - --context - - $(params.shp-source-context) - - --dockerfile - - $(build.dockerfile) - - --image - - $(params.shp-output-image) - - --build-args - - $(params.build-args[*]) - - --registries-block - - $(params.registries-block[*]) - - --registries-insecure - - $(params.registries-insecure[*]) - - --registries-search - - $(params.registries-search[*]) - - --target - - $(params.shp-output-directory) - resources: - limits: - cpu: "1" - memory: 2Gi - requests: - cpu: 250m - memory: 65Mi - parameters: - - name: build-args - description: "The values for the args in the Dockerfile. Values must be in the format KEY=VALUE." - type: array - defaults: [] - - name: registries-block - description: The registries that need to block pull access. - type: array - defaults: [] - - name: registries-insecure - description: The fully-qualified name of insecure registries. An insecure registry is one that does not have a valid SSL certificate or only supports HTTP. - type: array - defaults: [] - - name: registries-search - description: The registries for searching short name images such as `golang:latest`. - type: array - defaults: - - docker.io - - quay.io - - name: storage-driver - description: "The storage driver to use, such as 'overlay' or 'vfs'." - type: string - default: "vfs" - # For details see the "--storage-driver" section of https://github.com/containers/buildah/blob/main/docs/buildah.1.md#options - securityContext: - runAsUser: 0 - runAsGroup: 0 diff --git a/samples/v1alpha1/buildstrategy/buildstrategy/buildah/buildstrategy_buildah_strategy_managed_push_cr.yaml b/samples/v1alpha1/buildstrategy/buildstrategy/buildah/buildstrategy_buildah_strategy_managed_push_cr.yaml deleted file mode 100644 index 9af7fbbe72..0000000000 --- a/samples/v1alpha1/buildstrategy/buildstrategy/buildah/buildstrategy_buildah_strategy_managed_push_cr.yaml +++ /dev/null @@ -1,204 +0,0 @@ ---- -apiVersion: shipwright.io/v1alpha1 -kind: ClusterBuildStrategy -metadata: - name: buildah-strategy-managed-push -spec: - buildSteps: - - name: build-and-push - image: quay.io/containers/buildah:v1.32.2 - workingDir: $(params.shp-source-root) - securityContext: - capabilities: - add: - - "SETFCAP" - command: - - /bin/bash - args: - - -c - - | - set -euo pipefail - - # Parse parameters - context= - dockerfile= - image= - buildArgs=() - inBuildArgs=false - registriesBlock="" - inRegistriesBlock=false - registriesInsecure="" - inRegistriesInsecure=false - registriesSearch="" - inRegistriesSearch=false - tlsVerify=true - while [[ $# -gt 0 ]]; do - arg="$1" - shift - - if [ "${arg}" == "--context" ]; then - inBuildArgs=false - inRegistriesBlock=false - inRegistriesInsecure=false - inRegistriesSearch=false - context="$1" - shift - elif [ "${arg}" == "--dockerfile" ]; then - inBuildArgs=false - inRegistriesBlock=false - inRegistriesInsecure=false - inRegistriesSearch=false - dockerfile="$1" - shift - elif [ "${arg}" == "--image" ]; then - inBuildArgs=false - inRegistriesBlock=false - inRegistriesInsecure=false - inRegistriesSearch=false - image="$1" - shift - elif [ "${arg}" == "--build-args" ]; then - inBuildArgs=true - inRegistriesBlock=false - inRegistriesInsecure=false - inRegistriesSearch=false - elif [ "${arg}" == "--registries-block" ]; then - inRegistriesBlock=true - inBuildArgs=false - inRegistriesInsecure=false - inRegistriesSearch=false - elif [ "${arg}" == "--registries-insecure" ]; then - inRegistriesInsecure=true - inBuildArgs=false - inRegistriesBlock=false - inRegistriesSearch=false - elif [ "${arg}" == "--registries-search" ]; then - inRegistriesSearch=true - inBuildArgs=false - inRegistriesBlock=false - inRegistriesInsecure=false - elif [ "${inBuildArgs}" == "true" ]; then - buildArgs+=("--build-arg" "${arg}") - elif [ "${inRegistriesBlock}" == "true" ]; then - registriesBlock="${registriesBlock}'${arg}', " - elif [ "${inRegistriesInsecure}" == "true" ]; then - registriesInsecure="${registriesInsecure}'${arg}', " - - # This assumes that the image is passed before the insecure registries which is fair in this context - if [[ ${image} == ${arg}/* ]]; then - tlsVerify=false - fi - elif [ "${inRegistriesSearch}" == "true" ]; then - registriesSearch="${registriesSearch}'${arg}', " - else - echo "Invalid usage" - exit 1 - fi - done - - # Verify the existence of the context directory - if [ ! -d "${context}" ]; then - echo -e "The context directory '${context}' does not exist." - echo -n "ContextDirNotFound" > '$(results.shp-error-reason.path)' - echo -n "The context directory '${context}' does not exist." > '$(results.shp-error-message.path)' - exit 1 - fi - cd "${context}" - - # Verify the existence of the Dockerfile - if [ ! -f "${dockerfile}" ]; then - echo -e "The Dockerfile '${dockerfile}' does not exist." - echo -n "DockerfileNotFound" > '$(results.shp-error-reason.path)' - echo -n "The Dockerfile '${dockerfile}' does not exist." > '$(results.shp-error-message.path)' - exit 1 - fi - - echo "[INFO] Creating registries config file..." - if [ "${registriesSearch}" != "" ]; then - cat <>/tmp/registries.conf - [registries.search] - registries = [${registriesSearch::-2}] - - EOF - fi - if [ "${registriesInsecure}" != "" ]; then - cat <>/tmp/registries.conf - [registries.insecure] - registries = [${registriesInsecure::-2}] - - EOF - fi - if [ "${registriesBlock}" != "" ]; then - cat <>/tmp/registries.conf - [registries.block] - registries = [${registriesBlock::-2}] - - EOF - fi - - # Building the image - echo "[INFO] Building image ${image}" - buildah --storage-driver=$(params.storage-driver) \ - bud "${buildArgs[@]}" \ - --registries-conf=/tmp/registries.conf \ - --tag="${image}" \ - --file="${dockerfile}" \ - . - - # Push the image - echo "[INFO] Pushing image ${image}" - buildah --storage-driver=$(params.storage-driver) push \ - --digestfile='$(results.shp-image-digest.path)' \ - --tls-verify="${tlsVerify}" \ - "${image}" \ - "docker://${image}" - # That's the separator between the shell script and its args - - -- - - --context - - $(params.shp-source-context) - - --dockerfile - - $(build.dockerfile) - - --image - - $(params.shp-output-image) - - --build-args - - $(params.build-args[*]) - - --registries-block - - $(params.registries-block[*]) - - --registries-insecure - - $(params.registries-insecure[*]) - - --registries-search - - $(params.registries-search[*]) - resources: - limits: - cpu: "1" - memory: 2Gi - requests: - cpu: 250m - memory: 65Mi - parameters: - - name: build-args - description: "The values for the args in the Dockerfile. Values must be in the format KEY=VALUE." - type: array - defaults: [] - - name: registries-block - description: The registries that need to block pull access. - type: array - defaults: [] - - name: registries-insecure - description: The fully-qualified name of insecure registries. An insecure registry is one that does not have a valid SSL certificate or only supports HTTP. - type: array - defaults: [] - - name: registries-search - description: The registries for searching short name images such as `golang:latest`. - type: array - defaults: - - docker.io - - quay.io - - name: storage-driver - description: "The storage driver to use, such as 'overlay' or 'vfs'" - type: string - default: "vfs" - # For details see the "--storage-driver" section of https://github.com/containers/buildah/blob/main/docs/buildah.1.md#options - securityContext: - runAsUser: 0 - runAsGroup: 0 diff --git a/samples/v1alpha1/buildstrategy/buildstrategy/buildkit/buildstrategy_buildkit_cr.yaml b/samples/v1alpha1/buildstrategy/buildstrategy/buildkit/buildstrategy_buildkit_cr.yaml deleted file mode 100644 index ff329d5483..0000000000 --- a/samples/v1alpha1/buildstrategy/buildstrategy/buildkit/buildstrategy_buildkit_cr.yaml +++ /dev/null @@ -1,170 +0,0 @@ ---- -apiVersion: shipwright.io/v1alpha1 -kind: ClusterBuildStrategy -metadata: - name: buildkit - annotations: - # See https://github.com/moby/buildkit/blob/master/docs/rootless.md#about---oci-worker-no-process-sandbox for more information - container.apparmor.security.beta.kubernetes.io/step-build-and-push: unconfined - # The usage of seccomp annotation will be deprecate in k8s v1.22.0, see - # https://kubernetes.io/docs/tutorials/clusters/seccomp/#create-a-pod-with-a-seccomp-profile-for-syscall-auditing for more information - container.seccomp.security.alpha.kubernetes.io/step-build-and-push: unconfined -spec: - parameters: - - name: build-args - description: "The values for the ARGs in the Dockerfile. Values must be in the format KEY=VALUE." - type: array - defaults: [] - - name: cache - description: "Configure BuildKit's cache usage. Allowed values are 'disabled' and 'registry'. The default is 'registry'." - type: string - default: registry - - name: platforms - description: "Build the image for different platforms. By default, the image is built for the platform used by the FROM image. If that is present for multiple platforms, then it is built for the environment's platform." - type: array - defaults: [] - - name: secrets - description: "The secrets to pass to the build. Values must be in the format ID=FILE_CONTENT." - type: array - defaults: [] - buildSteps: - - name: build-and-push - image: moby/buildkit:nightly-rootless - imagePullPolicy: Always - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - SETGID - - SETUID - workingDir: $(params.shp-source-root) - env: - - name: DOCKER_CONFIG - value: /tekton/home/.docker - - name: HOME - value: /tekton/home - # See https://github.com/moby/buildkit/blob/master/docs/rootless.md#about---oci-worker-no-process-sandbox for more information - - name: BUILDKITD_FLAGS - value: --oci-worker-no-process-sandbox - - name: PARAM_SOURCE_CONTEXT - value: $(params.shp-source-context) - - name: PARAM_DOCKERFILE - value: $(params.DOCKERFILE) - - name: PARAM_OUTPUT_DIRECTORY - value: $(params.shp-output-directory) - - name: PARAM_OUTPUT_IMAGE - value: $(params.shp-output-image) - - name: PARAM_OUTPUT_INSECURE - value: $(params.shp-output-insecure) - - name: PARAM_CACHE - value: $(params.cache) - command: - - /bin/ash - args: - - -c - - | - set -euo pipefail - - # Verify the existence of the context directory - if [ ! -d "${PARAM_SOURCE_CONTEXT}" ]; then - echo -e "The context directory '${PARAM_SOURCE_CONTEXT}' does not exist." - echo -n "ContextDirNotFound" > '$(results.shp-error-reason.path)' - echo -n "The context directory '${PARAM_SOURCE_CONTEXT}' does not exist." > '$(results.shp-error-message.path)' - exit 1 - fi - - # Prepare the file arguments - DOCKERFILE_PATH="${PARAM_SOURCE_CONTEXT}/${PARAM_DOCKERFILE}" - DOCKERFILE_DIR="$(dirname "${DOCKERFILE_PATH}")" - DOCKERFILE_NAME="$(basename "${DOCKERFILE_PATH}")" - - # Verify the existence of the Dockerfile - if [ ! -f "${DOCKERFILE_PATH}" ]; then - echo -e "The Dockerfile '${DOCKERFILE_PATH}' does not exist." - echo -n "DockerfileNotFound" > '$(results.shp-error-reason.path)' - echo -n "The Dockerfile '${DOCKERFILE_PATH}' does not exist." > '$(results.shp-error-message.path)' - exit 1 - fi - - # We only have ash here and therefore no bash arrays to help add dynamic arguments (the build-args) to the build command. - - echo "#!/bin/ash" > /tmp/run.sh - echo "set -euo pipefail" >> /tmp/run.sh - echo "buildctl-daemonless.sh \\" >> /tmp/run.sh - echo "build \\" >> /tmp/run.sh - echo "--frontend=dockerfile.v0 \\" >> /tmp/run.sh - echo "--opt=filename=\"${DOCKERFILE_NAME}\" \\" >> /tmp/run.sh - echo "--local=context=\"${PARAM_SOURCE_CONTEXT}\" \\" >> /tmp/run.sh - echo "--local=dockerfile=\"${DOCKERFILE_DIR}\" \\" >> /tmp/run.sh - echo "--output=type=oci,tar=false,dest=\"${PARAM_OUTPUT_DIRECTORY}\" \\" >> /tmp/run.sh - if [ "${PARAM_CACHE}" == "registry" ]; then - echo "--export-cache=type=inline \\" >> /tmp/run.sh - echo "--import-cache=type=registry,ref=\"${PARAM_OUTPUT_IMAGE}\",registry.insecure=\"${PARAM_OUTPUT_INSECURE}\" \\" >> /tmp/run.sh - elif [ "${PARAM_CACHE}" == "disabled" ]; then - echo "--no-cache \\" >> /tmp/run.sh - else - echo -e "An invalid value for the parameter 'cache' has been provided: '${PARAM_CACHE}'. Allowed values are 'disabled' and 'registry'." - echo -n "InvalidParameterValue" > '$(results.shp-error-reason.path)' - echo -n "An invalid value for the parameter 'cache' has been provided: '${PARAM_CACHE}'. Allowed values are 'disabled' and 'registry'." > '$(results.shp-error-message.path)' - exit 1 - fi - - stage="" - platforms="" - for a in "$@" - do - if [ "${a}" == "--build-args" ]; then - stage=build-args - elif [ "${a}" == "--platforms" ]; then - stage=platforms - elif [ "${a}" == "--secrets" ]; then - stage=secrets - elif [ "${stage}" == "build-args" ]; then - echo "--opt=\"build-arg:${a}\" \\" >> /tmp/run.sh - elif [ "${stage}" == "platforms" ]; then - if [ "${platforms}" == "" ]; then - platforms="${a}" - else - platforms="${platforms},${a}" - fi - elif [ "${stage}" == "secrets" ]; then - # Split ID=FILE_CONTENT into variables id and data - - # using head because the data could be multiline - id="$(echo "${a}" | head -1 | sed 's/=.*//')" - - # This is hacky, we remove the suffix ${id}= from all lines of the data. - # If the data would be multiple lines and a line would start with ${id}= - # then we would remove it. We could force users to give us the secret - # base64 encoded. But ultimately, the best solution might be if the user - # mounts the secret and just gives us the path here. - data="$(echo "${a}" | sed "s/^${id}=//")" - - # Write the secret data into a temporary file, once we have volume support - # in the build strategy, we should use a memory based emptyDir for this. - echo -n "${data}" > "/tmp/secret_${id}" - - # Add the secret argument - echo "--secret id=${id},src="/tmp/secret_${id}" \\" >> /tmp/run.sh - fi - done - - if [ "${platforms}" != "" ]; then - echo "--opt=\"platform=${platforms}\" \\" >> /tmp/run.sh - fi - - echo "--progress=plain" >> /tmp/run.sh - - chmod +x /tmp/run.sh - /tmp/run.sh - # That's the separator between the shell script and its args - - -- - - --build-args - - $(params.build-args[*]) - - --platforms - - $(params.platforms[*]) - - --secrets - - $(params.secrets[*]) - securityContext: - runAsUser: 1000 - runAsGroup: 1000 diff --git a/samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml deleted file mode 100644 index 61eca36ee8..0000000000 --- a/samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ /dev/null @@ -1,100 +0,0 @@ ---- -apiVersion: shipwright.io/v1alpha1 -kind: ClusterBuildStrategy -metadata: - name: buildpacks-v3-heroku -spec: - volumes: - - name: platform-env - emptyDir: {} - parameters: - - name: platform-api-version - description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.7" - buildSteps: - - name: build-and-push - image: heroku/builder:22 - env: - - name: CNB_PLATFORM_API - value: $(params.platform-api-version) - - name: PARAM_SOURCE_CONTEXT - value: $(params.shp-source-context) - - name: PARAM_OUTPUT_IMAGE - value: $(params.shp-output-image) - command: - - /bin/bash - args: - - -c - - | - set -euo pipefail - - echo "> Processing environment variables..." - ENV_DIR="/platform/env" - - envs=($(env)) - - # Denying the creation of non required files from system environments. - # The creation of a file named PATH (corresponding to PATH system environment) - # caused failure for python source during pip install (https://github.com/Azure-Samples/python-docs-hello-world) - block_list=("PATH" "HOSTNAME" "PWD" "_" "SHLVL" "HOME" "") - - for env in "${envs[@]}"; do - blocked=false - - IFS='=' read -r key value string <<< "$env" - - for str in "${block_list[@]}"; do - if [[ "$key" == "$str" ]]; then - blocked=true - break - fi - done - - if [ "$blocked" == "false" ]; then - path="${ENV_DIR}/${key}" - echo -n "$value" > "$path" - fi - done - - LAYERS_DIR=/tmp/.shp/layers - CACHE_DIR=/tmp/.shp/cache - - mkdir -p "$CACHE_DIR" "$LAYERS_DIR" - - function announce_phase { - printf "===> %s\n" "$1" - } - - announce_phase "ANALYZING" - /cnb/lifecycle/analyzer -layers="$LAYERS_DIR" "${PARAM_OUTPUT_IMAGE}" - - announce_phase "DETECTING" - /cnb/lifecycle/detector -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" - - announce_phase "RESTORING" - /cnb/lifecycle/restorer -cache-dir="$CACHE_DIR" -layers="$LAYERS_DIR" - - announce_phase "BUILDING" - /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" - - exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) - - announce_phase "EXPORTING" - /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" - - # Store the image digest - grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" - volumeMounts: - - mountPath: /platform/env - name: platform-env - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 250m - memory: 65Mi - securityContext: - runAsUser: 1000 - runAsGroup: 1000 diff --git a/samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml deleted file mode 100644 index aa01340555..0000000000 --- a/samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ /dev/null @@ -1,100 +0,0 @@ ---- -apiVersion: shipwright.io/v1alpha1 -kind: BuildStrategy -metadata: - name: buildpacks-v3-heroku -spec: - volumes: - - name: platform-env - emptyDir: {} - parameters: - - name: platform-api-version - description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.7" - buildSteps: - - name: build-and-push - image: heroku/builder:22 - env: - - name: CNB_PLATFORM_API - value: $(params.platform-api-version) - - name: PARAM_SOURCE_CONTEXT - value: $(params.shp-source-context) - - name: PARAM_OUTPUT_IMAGE - value: $(params.shp-output-image) - command: - - /bin/bash - args: - - -c - - | - set -euo pipefail - - echo "> Processing environment variables..." - ENV_DIR="/platform/env" - - envs=($(env)) - - # Denying the creation of non required files from system environments. - # The creation of a file named PATH (corresponding to PATH system environment) - # caused failure for python source during pip install (https://github.com/Azure-Samples/python-docs-hello-world) - block_list=("PATH" "HOSTNAME" "PWD" "_" "SHLVL" "HOME" "") - - for env in "${envs[@]}"; do - blocked=false - - IFS='=' read -r key value string <<< "$env" - - for str in "${block_list[@]}"; do - if [[ "$key" == "$str" ]]; then - blocked=true - break - fi - done - - if [ "$blocked" == "false" ]; then - path="${ENV_DIR}/${key}" - echo -n "$value" > "$path" - fi - done - - LAYERS_DIR=/tmp/.shp/layers - CACHE_DIR=/tmp/.shp/cache - - mkdir -p "$CACHE_DIR" "$LAYERS_DIR" - - function announce_phase { - printf "===> %s\n" "$1" - } - - announce_phase "ANALYZING" - /cnb/lifecycle/analyzer -layers="$LAYERS_DIR" "${PARAM_OUTPUT_IMAGE}" - - announce_phase "DETECTING" - /cnb/lifecycle/detector -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" - - announce_phase "RESTORING" - /cnb/lifecycle/restorer -cache-dir="$CACHE_DIR" -layers="$LAYERS_DIR" - - announce_phase "BUILDING" - /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" - - exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) - - announce_phase "EXPORTING" - /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" - - # Store the image digest - grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" - volumeMounts: - - mountPath: /platform/env - name: platform-env - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 250m - memory: 65Mi - securityContext: - runAsUser: 1000 - runAsGroup: 1000 diff --git a/samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml deleted file mode 100644 index f4c11a65f1..0000000000 --- a/samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ /dev/null @@ -1,100 +0,0 @@ ---- -apiVersion: shipwright.io/v1alpha1 -kind: ClusterBuildStrategy -metadata: - name: buildpacks-v3 -spec: - volumes: - - name: platform-env - emptyDir: {} - parameters: - - name: platform-api-version - description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.7" - buildSteps: - - name: build-and-push - image: docker.io/paketobuildpacks/builder-jammy-full:latest - env: - - name: CNB_PLATFORM_API - value: $(params.platform-api-version) - - name: PARAM_SOURCE_CONTEXT - value: $(params.shp-source-context) - - name: PARAM_OUTPUT_IMAGE - value: $(params.shp-output-image) - command: - - /bin/bash - args: - - -c - - | - set -euo pipefail - - echo "> Processing environment variables..." - ENV_DIR="/platform/env" - - envs=($(env)) - - # Denying the creation of non required files from system environments. - # The creation of a file named PATH (corresponding to PATH system environment) - # caused failure for python source during pip install (https://github.com/Azure-Samples/python-docs-hello-world) - block_list=("PATH" "HOSTNAME" "PWD" "_" "SHLVL" "HOME" "") - - for env in "${envs[@]}"; do - blocked=false - - IFS='=' read -r key value string <<< "$env" - - for str in "${block_list[@]}"; do - if [[ "$key" == "$str" ]]; then - blocked=true - break - fi - done - - if [ "$blocked" == "false" ]; then - path="${ENV_DIR}/${key}" - echo -n "$value" > "$path" - fi - done - - LAYERS_DIR=/tmp/.shp/layers - CACHE_DIR=/tmp/.shp/cache - - mkdir -p "$CACHE_DIR" "$LAYERS_DIR" - - function announce_phase { - printf "===> %s\n" "$1" - } - - announce_phase "ANALYZING" - /cnb/lifecycle/analyzer -layers="$LAYERS_DIR" "${PARAM_OUTPUT_IMAGE}" - - announce_phase "DETECTING" - /cnb/lifecycle/detector -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" - - announce_phase "RESTORING" - /cnb/lifecycle/restorer -cache-dir="$CACHE_DIR" -layers="$LAYERS_DIR" - - announce_phase "BUILDING" - /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" - - exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) - - announce_phase "EXPORTING" - /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" - - # Store the image digest - grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" - volumeMounts: - - mountPath: /platform/env - name: platform-env - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 250m - memory: 65Mi - securityContext: - runAsUser: 1001 - runAsGroup: 1000 diff --git a/samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml deleted file mode 100644 index 32dcadc67c..0000000000 --- a/samples/v1alpha1/buildstrategy/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ /dev/null @@ -1,100 +0,0 @@ ---- -apiVersion: shipwright.io/v1alpha1 -kind: BuildStrategy -metadata: - name: buildpacks-v3 -spec: - volumes: - - name: platform-env - emptyDir: {} - parameters: - - name: platform-api-version - description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.7" - buildSteps: - - name: build-and-push - image: docker.io/paketobuildpacks/builder-jammy-full:latest - env: - - name: CNB_PLATFORM_API - value: $(params.platform-api-version) - - name: PARAM_SOURCE_CONTEXT - value: $(params.shp-source-context) - - name: PARAM_OUTPUT_IMAGE - value: $(params.shp-output-image) - command: - - /bin/bash - args: - - -c - - | - set -euo pipefail - - echo "> Processing environment variables..." - ENV_DIR="/platform/env" - - envs=($(env)) - - # Denying the creation of non required files from system environments. - # The creation of a file named PATH (corresponding to PATH system environment) - # caused failure for python source during pip install (https://github.com/Azure-Samples/python-docs-hello-world) - block_list=("PATH" "HOSTNAME" "PWD" "_" "SHLVL" "HOME" "") - - for env in "${envs[@]}"; do - blocked=false - - IFS='=' read -r key value string <<< "$env" - - for str in "${block_list[@]}"; do - if [[ "$key" == "$str" ]]; then - blocked=true - break - fi - done - - if [ "$blocked" == "false" ]; then - path="${ENV_DIR}/${key}" - echo -n "$value" > "$path" - fi - done - - LAYERS_DIR=/tmp/.shp/layers - CACHE_DIR=/tmp/.shp/cache - - mkdir -p "$CACHE_DIR" "$LAYERS_DIR" - - function announce_phase { - printf "===> %s\n" "$1" - } - - announce_phase "ANALYZING" - /cnb/lifecycle/analyzer -layers="$LAYERS_DIR" "${PARAM_OUTPUT_IMAGE}" - - announce_phase "DETECTING" - /cnb/lifecycle/detector -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" - - announce_phase "RESTORING" - /cnb/lifecycle/restorer -cache-dir="$CACHE_DIR" -layers="$LAYERS_DIR" - - announce_phase "BUILDING" - /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" - - exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) - - announce_phase "EXPORTING" - /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" - - # Store the image digest - grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" - volumeMounts: - - mountPath: /platform/env - name: platform-env - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 250m - memory: 65Mi - securityContext: - runAsUser: 1001 - runAsGroup: 1000 diff --git a/samples/v1alpha1/buildstrategy/buildstrategy/kaniko/buildstrategy_kaniko-trivy_cr.yaml b/samples/v1alpha1/buildstrategy/buildstrategy/kaniko/buildstrategy_kaniko-trivy_cr.yaml deleted file mode 100644 index 4d4904fb72..0000000000 --- a/samples/v1alpha1/buildstrategy/buildstrategy/kaniko/buildstrategy_kaniko-trivy_cr.yaml +++ /dev/null @@ -1,82 +0,0 @@ -# This Build Strategy will intentionally fail if the image has any -# critical CVEs. It will not be pushed into the destination registry -# if any critical vulnerabilities are found. ---- -apiVersion: shipwright.io/v1alpha1 -kind: ClusterBuildStrategy -metadata: - name: kaniko-trivy -spec: - volumes: - - name: layout - emptyDir: {} - - name: tar - emptyDir: {} - buildSteps: - - name: kaniko-build - image: gcr.io/kaniko-project/executor:v1.18.0 - workingDir: $(params.shp-source-root) - securityContext: - capabilities: - add: - - CHOWN - - DAC_OVERRIDE - - FOWNER - - SETGID - - SETUID - - SETFCAP - - KILL - env: - - name: HOME - value: /tekton/home - - name: AWS_ACCESS_KEY_ID - value: NOT_SET - - name: AWS_SECRET_KEY - value: NOT_SET - command: - - /kaniko/executor - args: - - --dockerfile - - $(build.dockerfile) - - --context - - $(params.shp-source-context) - - --destination - - $(params.shp-output-image) - - --snapshot-mode - - redo - - --no-push - - --tar-path - - $(params.shp-output-directory)/image.tar - # https://github.com/GoogleContainerTools/kaniko/issues/2164 - - --ignore-path - - /product_uuid - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 250m - memory: 65Mi - - name: trivy-scan - image: docker.io/aquasec/trivy:0.47.0 - command: - - trivy - args: - - image - - --exit-code=1 - - --severity=CRITICAL - - --input - - $(params.shp-output-directory)/image.tar - env: - - name: HOME - value: /tekton/home - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 250m - memory: 65Mi - securityContext: - runAsUser: 0 - runAsGroup: 0 diff --git a/samples/v1alpha1/buildstrategy/buildstrategy/kaniko/buildstrategy_kaniko_cr.yaml b/samples/v1alpha1/buildstrategy/buildstrategy/kaniko/buildstrategy_kaniko_cr.yaml deleted file mode 100644 index 50898a230e..0000000000 --- a/samples/v1alpha1/buildstrategy/buildstrategy/kaniko/buildstrategy_kaniko_cr.yaml +++ /dev/null @@ -1,56 +0,0 @@ ---- -apiVersion: shipwright.io/v1alpha1 -kind: ClusterBuildStrategy -metadata: - name: kaniko -spec: - buildSteps: - - name: build-and-push - image: gcr.io/kaniko-project/executor:v1.18.0 - workingDir: $(params.shp-source-root) - securityContext: - capabilities: - add: - - CHOWN - - DAC_OVERRIDE - - FOWNER - - SETGID - - SETUID - - SETFCAP - - KILL - env: - - name: HOME - value: /tekton/home - - name: DOCKER_CONFIG - value: /tekton/home/.docker - - name: AWS_ACCESS_KEY_ID - value: NOT_SET - - name: AWS_SECRET_KEY - value: NOT_SET - command: - - /kaniko/executor - args: - - --dockerfile - - $(build.dockerfile) - - --context - - $(params.shp-source-context) - - --destination - - $(params.shp-output-image) - - --snapshot-mode - - redo - - --no-push - - --tar-path - - $(params.shp-output-directory)/image.tar - # https://github.com/GoogleContainerTools/kaniko/issues/2164 - - --ignore-path - - /product_uuid - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 250m - memory: 65Mi - securityContext: - runAsUser: 0 - runAsGroup: 0 diff --git a/samples/v1alpha1/buildstrategy/buildstrategy/ko/buildstrategy_ko_cr.yaml b/samples/v1alpha1/buildstrategy/buildstrategy/ko/buildstrategy_ko_cr.yaml deleted file mode 100644 index e98b0aede1..0000000000 --- a/samples/v1alpha1/buildstrategy/buildstrategy/ko/buildstrategy_ko_cr.yaml +++ /dev/null @@ -1,116 +0,0 @@ ---- -apiVersion: shipwright.io/v1alpha1 -kind: ClusterBuildStrategy -metadata: - name: ko -spec: - parameters: - - name: go-flags - description: "Value for the GOFLAGS environment variable." - default: "" - - name: go-version - description: "Version of Go, must match a tag from https://hub.docker.com/_/golang?tab=tags" - default: "1.20" - - name: ko-version - description: "Version of ko, must be either 'latest', or a release name from https://github.com/ko-build/ko/releases" - default: latest - - name: package-directory - description: "The directory inside the context directory containing the main package." - default: "." - - name: target-platform - description: "Target platform to be built. For example: 'linux/arm64'. Multiple platforms can be provided separated by comma, for example: 'linux/arm64,linux/amd64'. The value 'all' will build all platforms supported by the base image. The value 'current' will build the platform on which the build runs." - default: current - volumes: - - name: gocache - description: "Volume to contain the GOCACHE. Can be set to a persistent volume to optimize compilation performance for rebuilds." - overridable: true - emptyDir: {} - buildSteps: - - name: build - image: golang:$(params.go-version) - imagePullPolicy: Always - workingDir: $(params.shp-source-root) - volumeMounts: - - mountPath: /gocache - name: gocache - readOnly: false - env: - - name: DOCKER_CONFIG - value: /tekton/home/.docker - - name: HOME - value: /tekton/home - - name: GOFLAGS - value: $(params.go-flags) - - name: GOCACHE - value: /gocache - - name: PARAM_OUTPUT_IMAGE - value: $(params.shp-output-image) - - name: PARAM_OUTPUT_DIRECTORY - value: $(params.shp-output-directory) - - name: PARAM_SOURCE_CONTEXT - value: $(params.shp-source-context) - - name: PARAM_SOURCE_ROOT - value: $(params.shp-source-root) - - name: PARAM_TARGET_PLATFORM - value: $(params.target-platform) - - name: PARAM_PACKAGE_DIRECTORY - value: $(params.package-directory) - - name: PARAM_KO_VERSION - value: $(params.ko-version) - command: - - /bin/bash - args: - - -c - - | - set -euo pipefail - - # Determine the ko version - KO_VERSION="${PARAM_KO_VERSION}" - if [ "${KO_VERSION}" == "latest" ]; then - KO_VERSION=$(curl --silent "https://api.github.com/repos/ko-build/ko/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') - fi - - # Create one variable with v-suffix and one without as we need both for the download URL - if [[ ${KO_VERSION} = v* ]]; then - KO_VERSION_WITH_V=${KO_VERSION} - KO_VERSION_WITHOUT_V=${KO_VERSION:1} - else - KO_VERSION_WITH_V=v${KO_VERSION} - KO_VERSION_WITHOUT_V=${KO_VERSION} - fi - - # Download ko to the temp directory - curl -f -s -L "https://github.com/ko-build/ko/releases/download/${KO_VERSION_WITH_V}/ko_${KO_VERSION_WITHOUT_V}_$(uname)_$(uname -m | sed 's/aarch64/arm64/').tar.gz" | tar xzf - -C /tmp ko - - # Determine the platform - PLATFORM="${PARAM_TARGET_PLATFORM}" - if [ "${PLATFORM}" == "current" ]; then - PLATFORM="$(uname | tr '[:upper:]' '[:lower:]')/$(uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/')" - fi - - # Print version information - go version - echo "ko version $(/tmp/ko version)" - - # Allow directory to be owned by other user which is normal for a volume-mounted directory. - # This allows Go to run git commands to access repository metadata. - # Documentation: https://git-scm.com/docs/git-config/2.39.0#Documentation/git-config.txt-safedirectory - git config --global --add safe.directory "${PARAM_SOURCE_ROOT}" - - # Run ko - - export GOROOT="$(go env GOROOT)" - - pushd "${PARAM_SOURCE_CONTEXT}" > /dev/null - /tmp/ko build "${PARAM_PACKAGE_DIRECTORY}" --oci-layout-path="${PARAM_OUTPUT_DIRECTORY}" --platform="${PLATFORM}" --push=false - popd > /dev/null - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 250m - memory: 65Mi - securityContext: - runAsUser: 1000 - runAsGroup: 1000 diff --git a/samples/v1alpha1/buildstrategy/buildstrategy/source-to-image/buildstrategy_source-to-image-redhat_cr.yaml b/samples/v1alpha1/buildstrategy/buildstrategy/source-to-image/buildstrategy_source-to-image-redhat_cr.yaml deleted file mode 100644 index 0aa7c2686b..0000000000 --- a/samples/v1alpha1/buildstrategy/buildstrategy/source-to-image/buildstrategy_source-to-image-redhat_cr.yaml +++ /dev/null @@ -1,151 +0,0 @@ ---- -apiVersion: shipwright.io/v1alpha1 -kind: ClusterBuildStrategy -metadata: - name: source-to-image-redhat -spec: - volumes: - - name: s2i - emptyDir: {} - buildSteps: - - name: s2i-generate - image: registry.redhat.io/ocp-tools-43-tech-preview/source-to-image-rhel8:latest - workingDir: $(params.shp-source-root) - args: - - build - - $(params.shp-source-context) - - $(build.builder.image) - - $(params.shp-output-image) - - --as-dockerfile=/s2i/Dockerfile - volumeMounts: - - name: s2i - mountPath: /s2i - - name: buildah - image: quay.io/containers/buildah:v1.32.2 - workingDir: /s2i - securityContext: - privileged: true - command: - - /bin/bash - args: - - -c - - | - set -euo pipefail - - # Parse parameters - image= - target= - registriesBlock="" - inRegistriesBlock=false - registriesInsecure="" - inRegistriesInsecure=false - registriesSearch="" - inRegistriesSearch=false - while [[ $# -gt 0 ]]; do - arg="$1" - shift - - if [ "${arg}" == "--image" ]; then - inRegistriesBlock=false - inRegistriesInsecure=false - inRegistriesSearch=false - image="$1" - shift - elif [ "${arg}" == "--target" ]; then - inBuildArgs=false - inRegistriesBlock=false - inRegistriesInsecure=false - inRegistriesSearch=false - target="$1" - shift - elif [ "${arg}" == "--registries-block" ]; then - inRegistriesBlock=true - inRegistriesInsecure=false - inRegistriesSearch=false - elif [ "${arg}" == "--registries-insecure" ]; then - inRegistriesInsecure=true - inRegistriesBlock=false - inRegistriesSearch=false - elif [ "${arg}" == "--registries-search" ]; then - inRegistriesSearch=true - inRegistriesBlock=false - inRegistriesInsecure=false - elif [ "${inRegistriesBlock}" == "true" ]; then - registriesBlock="${registriesBlock}'${arg}', " - elif [ "${inRegistriesInsecure}" == "true" ]; then - registriesInsecure="${registriesInsecure}'${arg}', " - elif [ "${inRegistriesSearch}" == "true" ]; then - registriesSearch="${registriesSearch}'${arg}', " - else - echo "Invalid usage" - exit 1 - fi - done - - echo "[INFO] Creating registries config file..." - if [ "${registriesSearch}" != "" ]; then - cat <>/tmp/registries.conf - [registries.search] - registries = [${registriesSearch::-2}] - - EOF - fi - if [ "${registriesInsecure}" != "" ]; then - cat <>/tmp/registries.conf - [registries.insecure] - registries = [${registriesInsecure::-2}] - - EOF - fi - if [ "${registriesBlock}" != "" ]; then - cat <>/tmp/registries.conf - [registries.block] - registries = [${registriesBlock::-2}] - - EOF - fi - - # Building the image - echo "[INFO] Building image ${image}" - buildah bud \ - --registries-conf=/tmp/registries.conf \ - --tag="${image}" - - # Write the image - echo "[INFO] Writing image ${image}" - buildah push \ - "${image}" \ - "oci:${target}" - # That's the separator between the shell script and its args - - -- - - --image - - $(params.shp-output-image) - - --registries-block - - $(params.registries-block[*]) - - --registries-insecure - - $(params.registries-insecure[*]) - - --registries-search - - $(params.registries-search[*]) - - --target - - $(params.shp-output-directory) - volumeMounts: - - name: s2i - mountPath: /s2i - parameters: - - name: registries-block - description: The registries that need to block pull access. - type: array - defaults: [] - - name: registries-insecure - description: The fully-qualified name of insecure registries. An insecure registry is one that does not have a valid SSL certificate or only supports HTTP. - type: array - defaults: [] - - name: registries-search - description: The registries for searching short name images such as `golang:latest`. - type: array - defaults: - - docker.io - - quay.io - securityContext: - runAsUser: 0 - runAsGroup: 0 diff --git a/samples/v1alpha1/buildstrategy/buildstrategy/source-to-image/buildstrategy_source-to-image_cr.yaml b/samples/v1alpha1/buildstrategy/buildstrategy/source-to-image/buildstrategy_source-to-image_cr.yaml deleted file mode 100644 index d8938062a0..0000000000 --- a/samples/v1alpha1/buildstrategy/buildstrategy/source-to-image/buildstrategy_source-to-image_cr.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: shipwright.io/v1alpha1 -kind: ClusterBuildStrategy -metadata: - name: source-to-image -spec: - volumes: - - name: gen-source - emptyDir: {} - buildSteps: - - command: - - /usr/local/bin/s2i - - build - - $(params.shp-source-context) - - $(build.builder.image) - - '--as-dockerfile' - - /gen-source/Dockerfile.gen - image: quay.io/openshift-pipeline/s2i:nightly - imagePullPolicy: Always - name: s2i-build-as-dockerfile - volumeMounts: - - mountPath: /gen-source - name: gen-source - workingDir: $(params.shp-source-root) - - name: build-and-push - image: gcr.io/kaniko-project/executor:v1.18.0 - command: - - /kaniko/executor - args: - - --dockerfile - - /gen-source/Dockerfile.gen - - --context - - /gen-source - - --destination - - $(params.shp-output-image) - - --snapshot-mode - - redo - - --no-push - - --tar-path - - $(params.shp-output-directory)/image.tar - # https://github.com/GoogleContainerTools/kaniko/issues/2164 - - --ignore-path - - /product_uuid - env: - - name: DOCKER_CONFIG - value: /tekton/home/.docker - - name: HOME - value: /tekton/home - - name: AWS_ACCESS_KEY_ID - value: NOT_SET - - name: AWS_SECRET_KEY - value: NOT_SET - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - CHOWN - - DAC_OVERRIDE - - FOWNER - - SETGID - - SETUID - - SETFCAP - - KILL - volumeMounts: - - mountPath: /gen-source - name: gen-source - workingDir: /gen-source - securityContext: - runAsUser: 0 - runAsGroup: 0 diff --git a/test/v1alpha1_samples/build_samples.go b/test/v1alpha1_samples/build_samples.go index 48e6b1fabc..43fc84767b 100644 --- a/test/v1alpha1_samples/build_samples.go +++ b/test/v1alpha1_samples/build_samples.go @@ -126,7 +126,7 @@ spec: kind: ClusterBuildStrategy dockerfile: Dockerfile builder: - image: heroku/buildpacks:18 + image: heroku/builder:22 output: image: image-registry.openshift-image-registry.svc:5000/example/buildpacks-app timeout: 30s @@ -250,7 +250,7 @@ spec: source: url: "https://github.com/shipwright-io/sample-go" builder: - image: heroku/buildpacks:18 + image: heroku/builder:22 credentials: name: builder-secret strategy: @@ -271,7 +271,7 @@ spec: credentials: name: source-secret builder: - image: heroku/buildpacks:18 + image: heroku/builder:22 credentials: name: builder-secret strategy: diff --git a/test/v1beta1_samples/build_samples.go b/test/v1beta1_samples/build_samples.go index 8ff92dd4ba..154ec55abd 100644 --- a/test/v1beta1_samples/build_samples.go +++ b/test/v1beta1_samples/build_samples.go @@ -148,7 +148,7 @@ spec: - name: dockerfile value: Dockerfile - name: builder-image - value: heroku/buildpacks:18 + value: heroku/builder:22 output: image: image-registry.openshift-image-registry.svc:5000/example/buildpacks-app timeout: 30s @@ -284,7 +284,7 @@ spec: url: "https://github.com/shipwright-io/sample-go" paramValues: - name: builder-image - value: heroku/buildpacks:18 + value: heroku/builder:22 strategy: kind: ClusterBuildStrategy output: @@ -305,7 +305,7 @@ spec: cloneSecret: source-secret paramValues: - name: builder-image - value: heroku/buildpacks:18 + value: heroku/builder:22 strategy: kind: ClusterBuildStrategy output: