From 1d410bc1f02047d502e76b08212a585b7f56a947 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Fri, 15 Jul 2022 12:35:27 +0000 Subject: [PATCH] ci: Makefile / Dockerfile cleanup --- Dockerfile | 21 ++++++++------------- Makefile | 42 ++++++++++++++++++++++-------------------- 2 files changed, 30 insertions(+), 33 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4055ab1..8ccf00f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG RUNTIME_VERSION="3.10" ARG DISTRO_VERSION="3.16" -ARG PULUMI_VERSION="3.35.3" +ARG PULUMI_VERSION="3.36.0" FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION} AS builder ARG PULUMI_VERSION @@ -36,7 +36,7 @@ RUN pip install -r requirements.txt RUN pip install . --no-deps # minimal pulumi -RUN cd /root/.pulumi/bin && rm -f *dotnet *nodejs *go *java && strip pulumi* || true +RUN cd /root/.pulumi/bin && rm -f *dotnet *yaml *go *java && strip pulumi* || true # Now build the final runtime, incl. running rootless containers @@ -68,19 +68,14 @@ RUN addgroup $USER && adduser $USER -G $USER -D && \ chown $USER:$USER -R /home/$USER # Rootless podman -# https://github.com/containers/podman/blob/main/contrib/podmanimage/stable/Containerfile -ADD conf/containers.conf conf/registries.conf conf/storage.conf /etc/containers/ -ADD --chown=$USER:$USER conf/podman-containers.conf /home/$USER/.config/containers/containers.conf +RUN mkdir -p /home/$USER/.config/containers -RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers \ - /var/lib/shared/vfs-images /var/lib/shared/vfs-layers && \ - touch /var/lib/shared/overlay-images/images.lock /var/lib/shared/overlay-layers/layers.lock \ - /var/lib/shared/vfs-images/images.lock /var/lib/shared/vfs-layers/layers.lock && \ - mkdir /tmp/podman-run-1000 && chown $USER:$USER /tmp/podman-run-1000 && chmod 700 /tmp/podman-run-1000 && \ - echo -e "$USER:1:999\n$USER:1001:64535" > /etc/subuid && \ +ADD --chown=$USER:$USER conf/containers.conf conf/registries.conf conf/storage.conf /home/$USER/.config/containers + +RUN echo -e "$USER:1:999\n$USER:1001:64535" > /etc/subuid && \ echo -e "$USER:1:999\n$USER:1001:64535" > /etc/subgid && \ - mkdir /workspace && \ - cd /usr/bin && ln -s podman docker + cd /usr/bin && ln -s podman docker && \ + chown $USER:$USER -R /home/$USER WORKDIR /workspace diff --git a/Makefile b/Makefile index a5354dd..1b7b791 100644 --- a/Makefile +++ b/Makefile @@ -1,29 +1,27 @@ REGISTRY := public.ecr.aws/zero-downtime -REPOSITORY := cloudbender +IMAGE := cloudbender REGION := us-east-1 # Parse version from latest git semver tag GTAG=$(shell git describe --tags --match v*.*.* 2>/dev/null || git rev-parse --short HEAD 2>/dev/null) TAG ?= $(shell echo $(GTAG) | awk -F '-' '{ print $$1 "-" $$2 }' | sed -e 's/-$$//') -ifeq ($(TRIVY_REMOTE),) - TRIVY_OPTS := image -else - TRIVY_OPTS := client --remote ${TRIVY_REMOTE} +ifneq ($(TRIVY_REMOTE),) + TRIVY_OPTS := --server ${TRIVY_REMOTE} endif -.PHONY: pytest build test_upload upload all dev_setup pybuild +.PHONY: test build test_upload upload all docker_build docker_test docker_push docker_scan -all: pytest pybuild +all: test build -pytest: +test: flake8 cloudbender tests TEST=True pytest --log-cli-level=DEBUG clean: rm -rf .cache build .coverage .eggs cloudbender.egg-info .pytest_cache dist -pybuild: +build: hatchling build test_upload: pybuild @@ -32,19 +30,23 @@ test_upload: pybuild upload: pybuild twine upload -r pypi --non-interactive dist/cloudbender-*.whl -build: - podman build --rm -t $(REPOSITORY):$(TAG) -t $(REPOSITORY):latest . +docker_build: + podman build --rm -t $(IMAGE):$(TAG) -t $(IMAGE):latest . -test: +docker_test: @echo "Not implemented (yet)" -push: +docker_push: aws ecr-public get-login-password --region $(REGION) | podman login --username AWS --password-stdin $(REGISTRY) - podman tag $(REPOSITORY):latest $(REGISTRY)/$(REPOSITORY):$(TAG) $(REGISTRY)/$(REPOSITORY):latest - podman push $(REGISTRY)/$(REPOSITORY):$(TAG) - podman push $(REGISTRY)/$(REPOSITORY):latest - # Delete all untagged images - # aws ecr-public batch-delete-image --repository-name $(REPOSITORY) --region $(REGION) --image-ids $$(for image in $$(aws ecr-public describe-images --repository-name $(REPOSITORY) --region $(REGION) --output json | jq -r '.imageDetails[] | select(.imageTags | not ).imageDigest'); do echo -n "imageDigest=$$image "; done) + podman tag $(IMAGE):latest $(REGISTRY)/$(IMAGE):$(TAG) $(REGISTRY)/$(IMAGE):latest + podman push $(REGISTRY)/$(IMAGE):$(TAG) + podman push $(REGISTRY)/$(IMAGE):latest -scan: - trivy $(TRIVY_OPTS) $(REPOSITORY):$(TAG) +docker_scan: + trivy image $(TRIVY_OPTS) $(IMAGE):$(TAG) + +# Delete all untagged images +.PHONY: rm-remote-untagged +rm-remote-untagged: + @echo "Removing all untagged images from $(IMAGE) in $(REGION)" + @aws ecr-public batch-delete-image --repository-name $(IMAGE) --region $(REGION) --image-ids $$(for image in $$(aws ecr-public describe-images --repository-name $(IMAGE) --region $(REGION) --output json | jq -r '.imageDetails[] | select(.imageTags | not ).imageDigest'); do echo -n "imageDigest=$$image "; done)