From 85361d27fb83d46f048e5d0b32b7f236a9d6cd45 Mon Sep 17 00:00:00 2001 From: Enver Bisevac Date: Tue, 6 Jun 2023 14:51:33 +0200 Subject: [PATCH] docker UBI images for pipelines --- .dockerignore | 12 ++++++ Makefile | 19 +++++++++ cmd/gitness/main.go | 4 +- cmd/gitness/pg.go | 18 +++++++++ docker/Dockerfile | 55 ++++++++++++++++++++------ docker/Dockerfile.gitrpc | 17 ++++---- internal/store/database/util.go | 17 -------- internal/store/database/util_pq.go | 22 +++++++++++ internal/store/database/util_sqlite.go | 22 +++++++++++ 9 files changed, 147 insertions(+), 39 deletions(-) create mode 100644 .dockerignore create mode 100644 cmd/gitness/pg.go create mode 100644 internal/store/database/util_pq.go create mode 100644 internal/store/database/util_sqlite.go diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 000000000..a4906b83e --- /dev/null +++ b/.dockerignore @@ -0,0 +1,12 @@ +*.sqlite +*.sqlite3 +web/node_modules +web/dist +release +.idea +coverage.out + +# ignore any executables we build +/gitness +/gitrpcserver +/githook \ No newline at end of file diff --git a/Makefile b/Makefile index c384f64a6..1738bab82 100644 --- a/Makefile +++ b/Makefile @@ -51,10 +51,18 @@ build: generate ## Build the all-in-one gitness binary @echo "Building Gitness Server" go build -ldflags=${LDFLAGS} -o ./gitness ./cmd/gitness +build-pq: generate ## Build the all-in-one gitness binary + @echo "Building Gitness Server" + go build -tags=pq -ldflags=${LDFLAGS} -o ./gitness ./cmd/gitness + harness-build: generate ## Build the all-in-one gitness binary for harness embedded mode @echo "Building Gitness Server for Harness" go build -tags=harness -ldflags=${LDFLAGS} -o ./gitness ./cmd/gitness +harness-build-pq: generate ## Build the all-in-one gitness binary for harness embedded mode using postgres + @echo "Building Gitness Server for Harness" + go build -tags=harness,pq -ldflags=${LDFLAGS} -o ./gitness ./cmd/gitness + build-gitrpc: generate ## Build the gitrpc binary @echo "Building GitRPC Server" go build -ldflags=${LDFLAGS} -o ./gitrpcserver ./cmd/gitrpcserver @@ -101,6 +109,7 @@ test-env: stop ## Run test environment - this runs all services and the gitness image: ## Build the gitness docker image @echo "Building Gitness Image" @docker build \ + --secret id=npmrc,src=${HOME}/.npmrc \ --build-arg GITNESS_VERSION=latest \ --build-arg GIT_COMMIT=${GIT_COMMIT} \ --build-arg GITHUB_ACCESS_TOKEN=${GITHUB_ACCESS_TOKEN} \ @@ -108,6 +117,16 @@ image: ## Build the gitness docker image -t gitness:latest \ -f ./docker/Dockerfile . +gitrpc-image: ## Build the gitness gitrpc docker image + @echo "Building Gitness GitRPC Image" + @docker build \ + --build-arg GITNESS_VERSION=latest \ + --build-arg GIT_COMMIT=${GIT_COMMIT} \ + --build-arg GITHUB_ACCESS_TOKEN=${GITHUB_ACCESS_TOKEN} \ + --platform linux/amd64 \ + -t gitness-gitrpc:latest \ + -f ./docker/Dockerfile.gitrpc . + e2e: generate test-env ## Run e2e tests chmod +x wait-for-gitness.sh && ./wait-for-gitness.sh go test -p 1 -v -coverprofile=e2e_cov.out ./tests/... -env=".env.local" diff --git a/cmd/gitness/main.go b/cmd/gitness/main.go index 036999a1a..e005cb7ea 100644 --- a/cmd/gitness/main.go +++ b/cmd/gitness/main.go @@ -2,12 +2,14 @@ // Use of this source code is governed by the Polyform Free Trial License // that can be found in the LICENSE.md file for this repository. +//go:build !pq +// +build !pq + package main import ( "github.com/harness/gitness/cli" - _ "github.com/lib/pq" _ "github.com/mattn/go-sqlite3" ) diff --git a/cmd/gitness/pg.go b/cmd/gitness/pg.go new file mode 100644 index 000000000..d9c63c264 --- /dev/null +++ b/cmd/gitness/pg.go @@ -0,0 +1,18 @@ +// Copyright 2022 Harness Inc. All rights reserved. +// Use of this source code is governed by the Polyform Free Trial License +// that can be found in the LICENSE.md file for this repository. + +//go:build pq +// +build pq + +package main + +import ( + "github.com/harness/gitness/cli" + + _ "github.com/lib/pq" +) + +func main() { + cli.Command() +} diff --git a/docker/Dockerfile b/docker/Dockerfile index 213cb0851..9a1f901b1 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,4 +1,23 @@ -### Build operator +### Build web +FROM node:16 as web + +# Create app directory +WORKDIR /usr/src/app + +COPY web/package.json ./ +COPY web/yarn.lock ./ + +RUN --mount=type=secret,id=npmrc,target=/root/.npmrc yarn + +# If you are building your code for production +# RUN npm ci --omit=dev + +COPY ./web . + +RUN yarn build && \ + yarn cache clean + +### Build gitness FROM golang:1.19-alpine as builder RUN apk update \ @@ -21,17 +40,28 @@ RUN make dep RUN make tools # COPY the source code as the last step COPY . . -# set required build flags -ENV CGO_ENABLED=1 \ - GOOS=linux \ - GOARCH=amd64 + +COPY --from=web /usr/src/app/dist /app/web/dist # build ARG GIT_COMMIT ARG GITNESS_VERSION_MAJOR ARG GITNESS_VERSION_MINOR ARG GITNESS_VERSION_PATCH -RUN make harness-build + +# set required build flags +ARG sqlite +RUN if [[ -z "$sqlite" ]] ; then \ + CGO_ENABLED=0 \ + GOOS=linux \ + GOARCH=amd64 \ + make harness-build-pq \ +; else \ + CGO_ENABLED=1 \ + GOOS=linux \ + GOARCH=amd64 \ + make harness-build \ +; fi ### Pull CA Certs FROM alpine:latest as cert-image @@ -39,21 +69,20 @@ FROM alpine:latest as cert-image RUN apk --update add ca-certificates ### Create final image -FROM alpine/git:2.36.3 as final +FROM us.gcr.io/platform-205701/ubi/ubi-go:8.7 as final -RUN adduser -u 1001 -D -h /app iamuser +USER root +RUN mkdir /app && chown nobody:nobody /app +USER nobody WORKDIR /app -COPY --from=cert-image /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=builder /app/gitness /app/gitness +COPY --chown=nobody:nobody --from=cert-image /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --chown=nobody:nobody --from=builder /app/gitness /app/gitness -RUN chown -R 1001:1001 /app RUN chmod -R 700 /app/gitness EXPOSE 3000 EXPOSE 3001 -USER 1001 - ENTRYPOINT [ "/app/gitness", "server" ] \ No newline at end of file diff --git a/docker/Dockerfile.gitrpc b/docker/Dockerfile.gitrpc index b4b9b164d..a009173ca 100644 --- a/docker/Dockerfile.gitrpc +++ b/docker/Dockerfile.gitrpc @@ -40,24 +40,25 @@ FROM alpine:latest as cert-image RUN apk --update add ca-certificates ### Create final image -FROM alpine/git:2.36.3 as final +FROM us.gcr.io/platform-205701/ubi/ubi-go:8.7 as final -RUN adduser -u 1001 -D -h /app iamuser +USER root +RUN microdnf update && \ + microdnf install git +RUN mkdir /app && chown nobody:nobody /app +USER nobody WORKDIR /app -COPY --from=cert-image /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=builder /app/gitrpcserver /app/gitrpcserver -COPY --from=builder /app/githook /app/githook +COPY --chown=nobody:nobody --from=cert-image /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --chown=nobody:nobody --from=builder /app/gitrpcserver /app/gitrpcserver +COPY --chown=nobody:nobody --from=builder /app/githook /app/githook -RUN chown -R 1001:1001 /app RUN chmod -R 700 /app/gitrpcserver RUN chmod -R 700 /app/githook EXPOSE 3001 -USER 1001 - # configure gitrpc to use githook (as they come bundled in the image) ENV GITRPC_SERVER_GIT_HOOK_PATH="/app/githook" diff --git a/internal/store/database/util.go b/internal/store/database/util.go index 0fb1cffd1..936e8d5d3 100644 --- a/internal/store/database/util.go +++ b/internal/store/database/util.go @@ -9,9 +9,6 @@ import ( "fmt" "github.com/harness/gitness/internal/store" - - "github.com/lib/pq" - "github.com/mattn/go-sqlite3" "github.com/pkg/errors" "github.com/rs/zerolog/log" ) @@ -58,17 +55,3 @@ func processSQLErrorf(err error, format string, args ...interface{}) error { return fallbackErr } } - -func isSQLUniqueConstraintError(original error) bool { - var sqliteErr sqlite3.Error - if errors.As(original, &sqliteErr) { - return errors.Is(sqliteErr.ExtendedCode, sqlite3.ErrConstraintUnique) - } - - var pqErr *pq.Error - if errors.As(original, &pqErr) { - return pqErr.Code == "23505" // unique_violation - } - - return false -} diff --git a/internal/store/database/util_pq.go b/internal/store/database/util_pq.go new file mode 100644 index 000000000..e851caafc --- /dev/null +++ b/internal/store/database/util_pq.go @@ -0,0 +1,22 @@ +// Copyright 2022 Harness Inc. All rights reserved. +// Use of this source code is governed by the Polyform Free Trial License +// that can be found in the LICENSE.md file for this repository. + +//go:build pq +// +build pq + +package database + +import ( + "github.com/lib/pq" + "github.com/pkg/errors" +) + +func isSQLUniqueConstraintError(original error) bool { + var pqErr *pq.Error + if errors.As(original, &pqErr) { + return pqErr.Code == "23505" // unique_violation + } + + return false +} diff --git a/internal/store/database/util_sqlite.go b/internal/store/database/util_sqlite.go new file mode 100644 index 000000000..9eb47aef9 --- /dev/null +++ b/internal/store/database/util_sqlite.go @@ -0,0 +1,22 @@ +// Copyright 2022 Harness Inc. All rights reserved. +// Use of this source code is governed by the Polyform Free Trial License +// that can be found in the LICENSE.md file for this repository. + +//go:build !pq +// +build !pq + +package database + +import ( + "github.com/mattn/go-sqlite3" + "github.com/pkg/errors" +) + +func isSQLUniqueConstraintError(original error) bool { + var sqliteErr sqlite3.Error + if errors.As(original, &sqliteErr) { + return errors.Is(sqliteErr.ExtendedCode, sqlite3.ErrConstraintUnique) + } + + return false +}