forked from shipwright-io/build
-
Notifications
You must be signed in to change notification settings - Fork 1
/
buildstrategy_buildah_shipwright_managed_push_cr.yaml
209 lines (199 loc) · 7 KB
/
buildstrategy_buildah_shipwright_managed_push_cr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
---
apiVersion: shipwright.io/v1beta1
kind: ClusterBuildStrategy
metadata:
name: buildah-shipwright-managed-push
spec:
steps:
- name: build
image: quay.io/containers/buildah:v1.37.1
imagePullPolicy: Always
workingDir: $(params.shp-source-root)
securityContext:
privileged: true
command:
- /bin/bash
args:
- -c
- |
set -euo pipefail
# Parse parameters
context=
dockerfile=
image=
target=
buildArgs=()
inBuildArgs=false
registriesBlock=""
inRegistriesBlock=false
registriesInsecure=""
inRegistriesInsecure=false
registriesSearch=""
inRegistriesSearch=false
while [[ $# -gt 0 ]]; do
arg="$1"
shift
if [ "${arg}" == "--context" ]; then
inBuildArgs=false
inRegistriesBlock=false
inRegistriesInsecure=false
inRegistriesSearch=false
context="$1"
shift
elif [ "${arg}" == "--dockerfile" ]; then
inBuildArgs=false
inRegistriesBlock=false
inRegistriesInsecure=false
inRegistriesSearch=false
dockerfile="$1"
shift
elif [ "${arg}" == "--image" ]; then
inBuildArgs=false
inRegistriesBlock=false
inRegistriesInsecure=false
inRegistriesSearch=false
image="$1"
shift
elif [ "${arg}" == "--target" ]; then
inBuildArgs=false
inRegistriesBlock=false
inRegistriesInsecure=false
inRegistriesSearch=false
target="$1"
shift
elif [ "${arg}" == "--build-args" ]; then
inBuildArgs=true
inRegistriesBlock=false
inRegistriesInsecure=false
inRegistriesSearch=false
elif [ "${arg}" == "--registries-block" ]; then
inRegistriesBlock=true
inBuildArgs=false
inRegistriesInsecure=false
inRegistriesSearch=false
elif [ "${arg}" == "--registries-insecure" ]; then
inRegistriesInsecure=true
inBuildArgs=false
inRegistriesBlock=false
inRegistriesSearch=false
elif [ "${arg}" == "--registries-search" ]; then
inRegistriesSearch=true
inBuildArgs=false
inRegistriesBlock=false
inRegistriesInsecure=false
elif [ "${inBuildArgs}" == "true" ]; then
buildArgs+=("--build-arg" "${arg}")
elif [ "${inRegistriesBlock}" == "true" ]; then
registriesBlock="${registriesBlock}'${arg}', "
elif [ "${inRegistriesInsecure}" == "true" ]; then
registriesInsecure="${registriesInsecure}'${arg}', "
elif [ "${inRegistriesSearch}" == "true" ]; then
registriesSearch="${registriesSearch}'${arg}', "
else
echo "Invalid usage"
exit 1
fi
done
# Verify the existence of the context directory
if [ ! -d "${context}" ]; then
echo -e "The context directory '${context}' does not exist."
echo -n "ContextDirNotFound" > '$(results.shp-error-reason.path)'
echo -n "The context directory '${context}' does not exist." > '$(results.shp-error-message.path)'
exit 1
fi
cd "${context}"
# Verify the existence of the Dockerfile
if [ ! -f "${dockerfile}" ]; then
echo -e "The Dockerfile '${dockerfile}' does not exist."
echo -n "DockerfileNotFound" > '$(results.shp-error-reason.path)'
echo -n "The Dockerfile '${dockerfile}' does not exist." > '$(results.shp-error-message.path)'
exit 1
fi
echo "[INFO] Creating registries config file..."
if [ "${registriesSearch}" != "" ]; then
cat <<EOF >>/tmp/registries.conf
[registries.search]
registries = [${registriesSearch::-2}]
EOF
fi
if [ "${registriesInsecure}" != "" ]; then
cat <<EOF >>/tmp/registries.conf
[registries.insecure]
registries = [${registriesInsecure::-2}]
EOF
fi
if [ "${registriesBlock}" != "" ]; then
cat <<EOF >>/tmp/registries.conf
[registries.block]
registries = [${registriesBlock::-2}]
EOF
fi
# Building the image
echo "[INFO] Building image ${image}"
buildah --storage-driver=$(params.storage-driver) \
bud "${buildArgs[@]}" \
--registries-conf=/tmp/registries.conf \
--tag="${image}" \
--file="${dockerfile}" \
.
# Write the image
echo "[INFO] Writing image ${image}"
buildah --storage-driver=$(params.storage-driver) push \
"${image}" \
"oci:${target}"
# That's the separator between the shell script and its args
- --
- --context
- $(params.shp-source-context)
- --dockerfile
- $(params.dockerfile)
- --image
- $(params.shp-output-image)
- --build-args
- $(params.build-args[*])
- --registries-block
- $(params.registries-block[*])
- --registries-insecure
- $(params.registries-insecure[*])
- --registries-search
- $(params.registries-search[*])
- --target
- $(params.shp-output-directory)
resources:
limits:
cpu: "1"
memory: 2Gi
requests:
cpu: 250m
memory: 65Mi
parameters:
- name: build-args
description: "The values for the args in the Dockerfile. Values must be in the format KEY=VALUE."
type: array
defaults: []
- name: registries-block
description: The registries that need to block pull access.
type: array
defaults: []
- name: registries-insecure
description: The fully-qualified name of insecure registries. An insecure registry is one that does not have a valid SSL certificate or only supports HTTP.
type: array
defaults: []
- name: registries-search
description: The registries for searching short name images such as `golang:latest`.
type: array
defaults:
- docker.io
- quay.io
- name: dockerfile
description: The path to the Dockerfile to be used for building the image.
type: string
default: "Dockerfile"
- name: storage-driver
description: "The storage driver to use, such as 'overlay' or 'vfs'."
type: string
default: "vfs"
# For details see the "--storage-driver" section of https://github.com/containers/buildah/blob/main/docs/buildah.1.md#options
securityContext:
runAsUser: 0
runAsGroup: 0