Revert "Break scanner binary build into separate task"

This reverts commit 5eba918.

.tekton/scanner-pull-request.yaml

@@ -223,8 +223,7 @@ spec:
                 memory: 6Gi
               limits:
                 memory: 6Gi
-            # image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.3.61
-            image: brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_1.20
+            image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.3.61
             script: |
               #!/usr/bin/env bash
               ROOT="$(workspaces.source.path)/source"
@@ -238,54 +237,24 @@ spec:
               make build-updater
 
               info "Generating genesis dump"
+              mkdir -p $ROOT
               "$ROOT/bin/updater" generate-dump --out-file $ROOT/genesis-dump.zip
+              ls -lrt $ROOT
 
               info "Printing some stats"
               "$ROOT/bin/updater" print-stats $ROOT/genesis-dump.zip
 
               info "Extracting dumps"
-              unzip -j $ROOT/genesis-dump.zip 'nvd/*' -d $ROOT/nvd_definitions
-              unzip -j $ROOT/genesis-dump.zip 'k8s/*' -d $ROOT/k8s_definitions
-              unzip -j $ROOT/genesis-dump.zip 'istio/*' -d $ROOT/istio_definitions
-              unzip -j $ROOT/genesis-dump.zip 'rhelv2/repository-to-cpe.json' -d $ROOT/repo2cpe
-              unzip -j $ROOT/genesis-dump.zip 'manifest.json'
+              mkdir -p /tmp/vuln-dump
+              zip $ROOT/genesis-dump.zip 'nvd/*' --copy --out $ROOT/nvd-definitions.zip
+              zip $ROOT/genesis-dump.zip 'k8s/*' --copy --out $ROOT/k8s-definitions.zip
+              zip $ROOT/genesis-dump.zip 'istio/*' --copy --out $ROOT/istio-definitions.zip
+              zip $ROOT/genesis-dump.zip 'rhelv2/repository-to-cpe.json' --copy --out $ROOT/repo2cpe.zip
+              unzip $ROOT/genesis-dump.zip 'manifest.json'
               mv manifest.json genesis_manifests.json
       workspaces:
       - name: source
         workspace: workspace
-    - name: build-scanner-binary
-      runAfter:
-      - init
-      - clone-repository
-      taskSpec:
-        steps:
-          - name: build-scanner-binary
-            computeResources:
-              requests:
-                memory: 6Gi
-              limits:
-                memory: 6Gi
-            image: brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_1.20
-            script: |
-              #!/usr/bin/env bash
-              ROOT="$(workspaces.source.path)/source"
-
-              set -euo pipefail
-              info "Building scanner"
-              cd $ROOT
-
-              export CGO_ENABLED=1 GOFLAGS="" CI=1
-              export VERSION=$(git describe --tags --abbrev=10 --dirty --long)
-
-              if [ "$VERSION" == "" ]; then
-                  echo "Failed to build verison string"
-                  exit 1
-              fi
-
-              go build -trimpath -ldflags="-X github.com/stackrox/scanner/pkg/version.Version=$VERSION" -o scanner ./cmd/clair
-      workspaces:
-      - name: source
-        workspace: workspace
     - name: build-container
       params:
       - name: IMAGE
@@ -305,13 +274,12 @@ spec:
       runAfter:
       - prefetch-dependencies
       - gen-vuln-feed-data
-      - build-scanner-binary
       taskRef:
         params:
         - name: name
-          value: buildah
+          value: buildah-6gb
         - name: bundle
-          value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1
+          value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-6gb:0.1
         - name: kind
           value: task
         resolver: bundles

image/scanner/rhtap/Dockerfile

@@ -2,6 +2,26 @@ ARG BASE_REGISTRY=registry.access.redhat.com
 ARG BASE_IMAGE=ubi8-minimal
 ARG BASE_TAG=latest
 
+FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_1.20 as builder
+
+ENV CGO_ENABLED=1
+ENV GOFLAGS=""
+ENV CI=1
+
+COPY . /src
+WORKDIR /src
+
+RUN ls -la; git log --oneline | wc -l; unzip -j repo2cpe.zip -d image/scanner/dump/repo2cpe && \
+    unzip -j k8s-definitions.zip -d image/scanner/dump/k8s_definitions && \
+    unzip -j nvd-definitions.zip -d image/scanner/dump/nvd_definitions
+
+RUN echo "version: $(git describe --tags --abbrev=10 --dirty --long)"; git status; go build -trimpath -ldflags="-X github.com/stackrox/scanner/pkg/version.Version=$(git describe --tags --abbrev=10 --dirty --long)" -o image/scanner/bin/scanner ./cmd/clair
+
+# Replace genesis manifests file in the source code with the one generated at
+# the point when the dump was taken.  This is to avoid discrepancy between other
+# files of the dump and the manifest.
+COPY ./genesis_manifests.json image/scanner/dump/genesis_manifests.json
+
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
 LABEL name="scanner" \
@@ -14,14 +34,12 @@ ENV NVD_DEFINITIONS_DIR="/nvd_definitions"
 ENV K8S_DEFINITIONS_DIR="/k8s_definitions"
 ENV REPO_TO_CPE_DIR="/repo2cpe"
 
-WORKDIR /src
-
-COPY image/scanner/scripts /
-COPY scanner ./
-COPY --chown=65534:65534 "${NVD_DEFINITIONS_DIR}/" ".${NVD_DEFINITIONS_DIR}/"
-COPY --chown=65534:65534 "${K8S_DEFINITIONS_DIR}/" ".${K8S_DEFINITIONS_DIR}/"
-COPY --chown=65534:65534 "${REPO_TO_CPE_DIR}/" ".${REPO_TO_CPE_DIR}/"
-COPY --chown=65534:65534 genesis_manifests.json ./
+COPY --from=builder /src/image/scanner/scripts /
+COPY --from=builder /src/image/scanner/bin/scanner ./
+COPY --chown=65534:65534 --from=builder "/src/image/scanner/dump${NVD_DEFINITIONS_DIR}/" ".${NVD_DEFINITIONS_DIR}/"
+COPY --chown=65534:65534 --from=builder "/src/image/scanner/dump${K8S_DEFINITIONS_DIR}/" ".${K8S_DEFINITIONS_DIR}/"
+COPY --chown=65534:65534 --from=builder "/src/image/scanner/dump${REPO_TO_CPE_DIR}/" ".${REPO_TO_CPE_DIR}/"
+COPY --chown=65534:65534 --from=builder /src/image/scanner/dump/genesis_manifests.json ./
 
 RUN microdnf upgrade --nobest && \
     microdnf install xz && \