From 73ca8f3e91d4b8ce1ba49f48bf1a166d13a32190 Mon Sep 17 00:00:00 2001 From: Ian Tewksbury Date: Tue, 7 Jun 2022 15:08:21 -0400 Subject: [PATCH] ploigos-tool-cpp - init add --- .github/workflows/publish.yaml | 104 ++++++++++++++++++++++++++++ README.md | 6 ++ ploigos-tool-cpp/Containerfile | 1 + ploigos-tool-cpp/Containerfile.ubi8 | 32 +++++++++ ploigos-tool-cpp/README.md | 7 ++ 5 files changed, 150 insertions(+) create mode 120000 ploigos-tool-cpp/Containerfile create mode 100644 ploigos-tool-cpp/Containerfile.ubi8 create mode 100644 ploigos-tool-cpp/README.md diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index eb9014f..dedf116 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -1895,6 +1895,110 @@ jobs: - name: Image Digest ๐Ÿ”– run: echo ${{ steps.image_build.outputs.digest }} + ############################ + # ploigos-tool-cpp_ubi8 # + ############################ + ploigos-tool-cpp_ubi8: + needs: + - ploigos-base_ubi8 + + runs-on: ubuntu-latest + + env: + IMAGE_CONTEXT: ./ploigos-tool-cpp + IMAGE_FILE: Containerfile.ubi8 + IMAGE_NAME: ploigos-tool-cpp + IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-cpp:latest.ubi8 + IMAGE_TAG_FLAVOR: .ubi8 + IMAGE_IS_DEFAULT_FLAVOR: true + BASE_IMAGE_NAME: ploigos-base + BASE_IMAGE_VERSION: ${{ needs.ploigos-base_ubi8.outputs.version }} + + services: + registry: + image: registry:2 + ports: + - 5000:5000 + + outputs: + version: ${{ steps.prep.outputs.version }} + + steps: + - name: Checkout ๐Ÿ›Ž๏ธ + uses: actions/checkout@v2 + + - name: Determine Image Version and Tags โš™๏ธ + id: prep + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh + + - name: Version ๐Ÿ“Œ + run: echo ${{ steps.prep.outputs.version }} + + - name: Image Tags ๐Ÿท + run: echo ${{ steps.prep.outputs.tags }} + + - name: Set up QEMU ๐Ÿงฐ + uses: docker/setup-qemu-action@v1.0.1 + + - name: Set up Docker Buildx ๐Ÿงฐ + uses: docker/setup-buildx-action@v1.0.4 + with: + driver-opts: network=host + + - name: Cache Docker layers ๐Ÿ—ƒ + uses: actions/cache@v2.1.3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Build Image ๐Ÿ›  + id: image_build + uses: docker/build-push-action@v2.2.1 + env: + IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ env.BASE_IMAGE_VERSION }} + with: + context: ${{ env.IMAGE_CONTEXT }} + file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} + build-args: ${{ env.IMAGE_BUILD_ARGS }} + push: true + tags: ${{ env.IMAGE_TAG_LOCAL }} + labels: | + org.opencontainers.image.created=${{ steps.prep.outputs.created }} + org.opencontainers.image.source=${{ github.repositoryUrl }} + org.opencontainers.image.version=${{ steps.prep.outputs.version }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.licenses=${{ github.event.repository.license.name }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + + - name: Test Image ๐Ÿงช + run: | + echo "Verify GCC installed" + docker run ${{ env.IMAGE_TAG_LOCAL }} gcc --help + + - name: Login to External Registry ๐Ÿ”‘ + uses: docker/login-action@v1 + with: + registry: ${{ secrets.REGISTRY_URI }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + + - name: Push to External Registry ๐Ÿ”บ + id: push + run: | + docker pull ${{ env.IMAGE_TAG_LOCAL }} + + TAGS=${{ steps.prep.outputs.tags }} + for TAG in ${TAGS//,/ }; do + docker tag ${{ env.IMAGE_TAG_LOCAL }} ${TAG} + docker push ${TAG} + done + + - name: Image Digest ๐Ÿ”– + run: echo ${{ steps.image_build.outputs.digest }} + ############################## # ploigos-tool-openscap_ubi8 # ############################## diff --git a/README.md b/README.md index e552590..9a1595f 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,11 @@ Required Capabilities for rootless container building: * SETUID * SETGID +## ploigos-tool-cpp +[![ploigos-tool-cpp](https://img.shields.io/badge/quay.io-ploigos--tool--cpp-lightgrey?logo=open-containers-initiative)](https://quay.io/repository/ploigos/ploigos-tool-cpp) + +Defines a tools container that has tools for working with C++. + ## ploigos-tool-helm [![ploigos-tool-helm](https://img.shields.io/badge/quay.io-ploigos--tool--helm-lightgrey?logo=open-containers-initiative)](https://quay.io/repository/ploigos/ploigos-tool-helm) @@ -167,6 +172,7 @@ podman build --tag ploigos-jenkins-init podman build --tag ploigos-tool-argocd --build-arg BASE_IMAGE=ploigos-base ploigos-tool-argocd podman build --tag ploigos-tool-config-lint --build-arg BASE_IMAGE=ploigos-base ploigos-tool-config-lint podman build --tag ploigos-tool-containers --build-arg BASE_IMAGE=ploigos-base ploigos-tool-containers +podman build --tag ploigos-tool-gcc --build-arg BASE_IMAGE=ploigos-base ploigos-tool-gcc podman build --tag ploigos-tool-helm --build-arg BASE_IMAGE=ploigos-base ploigos-tool-helm podman build --tag ploigos-tool-java --build-arg BASE_IMAGE=ploigos-base ploigos-tool-java podman build --tag ploigos-tool-maven --build-arg BASE_IMAGE=ploigos-tool-java ploigos-tool-maven diff --git a/ploigos-tool-cpp/Containerfile b/ploigos-tool-cpp/Containerfile new file mode 120000 index 0000000..b499254 --- /dev/null +++ b/ploigos-tool-cpp/Containerfile @@ -0,0 +1 @@ +Containerfile.ubi8 \ No newline at end of file diff --git a/ploigos-tool-cpp/Containerfile.ubi8 b/ploigos-tool-cpp/Containerfile.ubi8 new file mode 100644 index 0000000..b41335e --- /dev/null +++ b/ploigos-tool-cpp/Containerfile.ubi8 @@ -0,0 +1,32 @@ +ARG BASE_IMAGE=quay.io/ploigos/ploigos-base:latest.ubi8 + +FROM $BASE_IMAGE +ARG PLOIGOS_USER_UID + +# labels +ENV DESCRIPTION="Ploigos tool container with C++." +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-tool-cpp" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Tool - C++" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,cpp,c++" \ + com.redhat.component="ploigos-tool-cpp-container" + +USER root + +RUN INSTALL_PKGS="gcc" && \ + dnf update -y --allowerasing --nobest && \ + dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ + dnf clean all && \ + rm -rf /var/cache /var/log/dnf* /var/log/yum.* + +# may not actually be able to run as this user at runtime +# but platforms like OpenShift will still respect users home directory +# so still worth setting +USER ${PLOIGOS_USER_UID} diff --git a/ploigos-tool-cpp/README.md b/ploigos-tool-cpp/README.md new file mode 100644 index 0000000..93b0abc --- /dev/null +++ b/ploigos-tool-cpp/README.md @@ -0,0 +1,7 @@ +# ploigos-tool-cpp + +This repository contains the container definition for creating the Ploigos workflow +C++ CLI tools container image. + +This container image is intended to be used as the container image to run Ploigos workflow steps +in that require access to C++ dev tools