init add gcc tool image

ploigos · Jun 7, 2022 · 8f1f797 · 8f1f797
1 parent a6b715b
commit 8f1f797
Show file tree

Hide file tree

Showing 4 changed files with 187 additions and 0 deletions.
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -1895,6 +1895,110 @@ jobs:
       - name: Image Digest 🔖
         run: echo ${{ steps.image_build.outputs.digest }}
 
+  ############################
+  # ploigos-tool-gcc_ubi8 #
+  ############################
+  ploigos-tool-gcc_ubi8:
+    needs:
+    - ploigos-base_ubi8
+
+    runs-on: ubuntu-latest
+
+    env:
+      IMAGE_CONTEXT: ./ploigos-tool-gcc
+      IMAGE_FILE: Containerfile.ubi8
+      IMAGE_NAME: ploigos-tool-gcc
+      IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-gcc:latest.ubi8
+      IMAGE_TAG_FLAVOR: .ubi8
+      IMAGE_IS_DEFAULT_FLAVOR: true
+      BASE_IMAGE_NAME: ploigos-base
+      BASE_IMAGE_VERSION: ${{ needs.ploigos-base_ubi8.outputs.version }}
+
+    services:
+      registry:
+        image: registry:2
+        ports:
+        - 5000:5000
+
+    outputs:
+      version: ${{ steps.prep.outputs.version }}
+
+    steps:
+      - name: Checkout 🛎️
+        uses: actions/checkout@v2
+
+      - name: Determine Image Version and Tags ⚙️
+        id: prep
+        run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh
+
+      - name: Version 📌
+        run: echo ${{ steps.prep.outputs.version }}
+
+      - name: Image Tags 🏷
+        run: echo ${{ steps.prep.outputs.tags }}
+
+      - name: Set up QEMU 🧰
+        uses: docker/[email protected]
+
+      - name: Set up Docker Buildx 🧰
+        uses: docker/[email protected]
+        with:
+          driver-opts: network=host
+
+      - name: Cache Docker layers 🗃
+        uses: actions/[email protected]
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Build Image 🛠
+        id: image_build
+        uses: docker/[email protected]
+        env:
+          IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ env.BASE_IMAGE_VERSION }}
+        with:
+          context: ${{ env.IMAGE_CONTEXT }}
+          file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }}
+          build-args: ${{ env.IMAGE_BUILD_ARGS }}
+          push: true
+          tags: ${{ env.IMAGE_TAG_LOCAL }}
+          labels: |
+            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+            org.opencontainers.image.source=${{ github.repositoryUrl }}
+            org.opencontainers.image.version=${{ steps.prep.outputs.version }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.licenses=${{ github.event.repository.license.name }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+
+      - name: Test Image 🧪
+        run: |
+          echo "Verify GCC installed"
+          docker run ${{ env.IMAGE_TAG_LOCAL }} gcc --help
+
+      - name: Login to External Registry 🔑
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ secrets.REGISTRY_URI }}
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Push to External Registry 🔺
+        id: push
+        run: |
+          docker pull ${{ env.IMAGE_TAG_LOCAL }}
+
+          TAGS=${{ steps.prep.outputs.tags }}
+          for TAG in ${TAGS//,/ }; do
+            docker tag ${{ env.IMAGE_TAG_LOCAL }} ${TAG}
+            docker push ${TAG}
+          done
+
+      - name: Image Digest 🔖
+        run: echo ${{ steps.image_build.outputs.digest }}
+
   ##############################
   # ploigos-tool-openscap_ubi8 #
   ##############################

diff --git a/ploigos-tool-gcc/Containerfile b/ploigos-tool-gcc/Containerfile
@@ -0,0 +1,32 @@
+ARG BASE_IMAGE=quay.io/ploigos/ploigos-tool-containers:latest.ubi8
+
+FROM $BASE_IMAGE
+ARG PLOIGOS_USER_UID
+
+# labels
+ENV DESCRIPTION="Ploigos tool container with OpenSCAP."
+LABEL \
+    maintainer="Ploigos <[email protected]>" \
+    name="ploigos/ploigos-tool-openscap" \
+    summary="$DESCRIPTION" \
+    description="$DESCRIPTION" \
+    License="GPLv2+" \
+    architecture="x86_64" \
+    io.k8s.display-name="Ploigos - Tool - OpenSCAP" \
+    io.k8s.description="$DESCRIPTION" \
+    io.openshift.expose-services="" \
+    io.openshift.tags="ploigos,oscap,openscap" \
+    com.redhat.component="ploigos-tool-openscap-container"
+
+USER root
+
+RUN INSTALL_PKGS="openscap-scanner" && \
+    dnf update -y --allowerasing --nobest && \
+    dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
+    dnf clean all && \
+    rm -rf /var/cache /var/log/dnf* /var/log/yum.*
+
+# may not actually be able to run as this user at runtime
+# but platforms like OpenShift will still respect users home directory
+# so still worth setting
+USER ${PLOIGOS_USER_UID}
diff --git a/ploigos-tool-gcc/Containerfile.ubi8 b/ploigos-tool-gcc/Containerfile.ubi8
@@ -0,0 +1,32 @@
+ARG BASE_IMAGE=quay.io/ploigos/ploigos-base:latest.ubi8
+
+FROM $BASE_IMAGE
+ARG PLOIGOS_USER_UID
+
+# labels
+ENV DESCRIPTION="Ploigos tool container with OpenSCAP."
+LABEL \
+    maintainer="Ploigos <[email protected]>" \
+    name="ploigos/ploigos-tool-openscap" \
+    summary="$DESCRIPTION" \
+    description="$DESCRIPTION" \
+    License="GPLv2+" \
+    architecture="x86_64" \
+    io.k8s.display-name="Ploigos - Tool - OpenSCAP" \
+    io.k8s.description="$DESCRIPTION" \
+    io.openshift.expose-services="" \
+    io.openshift.tags="ploigos,oscap,openscap" \
+    com.redhat.component="ploigos-tool-openscap-container"
+
+USER root
+
+RUN INSTALL_PKGS="gcc" && \
+    dnf update -y --allowerasing --nobest && \
+    dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
+    dnf clean all && \
+    rm -rf /var/cache /var/log/dnf* /var/log/yum.*
+
+# may not actually be able to run as this user at runtime
+# but platforms like OpenShift will still respect users home directory
+# so still worth setting
+USER ${PLOIGOS_USER_UID}
diff --git a/ploigos-tool-gcc/README.md b/ploigos-tool-gcc/README.md
@@ -0,0 +1,19 @@
+# ploigos-tool-gcc
+
+This repository contains the container definition for creating the Ploigos workflow
+TODO
+
+## Local Build
+
+To build and push this image perform the following on a properly subscribed RHEL 8 host:
+```
+podman login quay.io
+podman build . -t quay.io/ploigos/ploigos-tool-gcc:latest
+podman push quay.io/ploigos/ploigos-tool-gcc:latest
+```
+
+## Local Test
+
+```
+TODO
+```