github/intel-device-plugins-for-kubernetes
7
0
Fork 0
mirror of https://github.com/intel/intel-device-plugins-for-kubernetes.git synced 2025-06-03 03:59:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: test image base layer before push (#902)

Browse Source 
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
This commit is contained in:
Mikko Ylinen 2022-02-25 13:08:49 +02:00 committed by GitHub
parent 904d779433
commit b7d0e7e168
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 40 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Makefile
View File

@ -158,6 +158,11 @@ endif
images = $(shell basename -s .Dockerfile -a build/docker/*.Dockerfile) images = $(shell basename -s .Dockerfile -a build/docker/*.Dockerfile)
skipbaselayercheck = intel-vpu-plugin intel-qat-plugin-kerneldrv intel-idxd-config-initcontainer
distroless_images = $(patsubst %,$(REG)%\:$(TAG),$(filter-out $(skipbaselayercheck),$(images)))
test-image-base-layer:
@for img in $(distroless_images); do scripts/test-image-base-layer.sh $$img $(BUILDER) || exit 1; done
$(images): $(images):
@build/docker/build-image.sh $(REG)$@ $(BUILDER) $(EXTRA_BUILD_ARGS) @build/docker/build-image.sh $(REG)$@ $(BUILDER) $(EXTRA_BUILD_ARGS)
@ -174,7 +179,7 @@ image_tags = $(patsubst %,$(REG)%\:$(TAG),$(images) $(demos))
$(image_tags): $(image_tags):
@docker push $@ @docker push $@
push: $(image_tags) push: test-image-base-layer $(image_tags)
lock-images: lock-images:
@scripts/update-clear-linux-base.sh clearlinux:latest $(shell find demo -name Dockerfile) @scripts/update-clear-linux-base.sh clearlinux:latest $(shell find demo -name Dockerfile)
@ -192,7 +197,7 @@ check-github-actions:
jq -e '$(images_json) - .jobs.image.strategy.matrix.image == []' > /dev/null || \ jq -e '$(images_json) - .jobs.image.strategy.matrix.image == []' > /dev/null || \
(echo "Make sure all images are listed in .github/workflows/ci.yaml"; exit 1) (echo "Make sure all images are listed in .github/workflows/ci.yaml"; exit 1)
.PHONY: all format test lint build images $(cmds) $(images) lock-images vendor pre-pull set-version check-github-actions envtest fixture update-fixture install-tools .PHONY: all format test lint build images $(cmds) $(images) lock-images vendor pre-pull set-version check-github-actions envtest fixture update-fixture install-tools test-image-base-layer
SPHINXOPTS = SPHINXOPTS =
SPHINXBUILD = sphinx-build SPHINXBUILD = sphinx-build

33
scripts/test-image-base-layer.sh Executable file
View File

@ -0,0 +1,33 @@
#!/bin/sh -e
#
# Copyright 2022 Intel Corporation.
#
# SPDX-License-Identifier: Apache-2.0
#
die () {
echo "ERROR: $*"
exit 1
}
IMG=$1
shift
if [ "$1" = 'docker' ] || [ "$1" = 'buildah' ]; then
BUILDER=$1
fi
echo "Testing $IMG base layer"
if [ -z "${BUILDER}" ] || [ "${BUILDER}" = 'docker' ] ; then
distroless_base=$(docker inspect --format='{{index .RootFS.Layers 0}}' "gcr.io/distroless/static") || die "failed to inspect gcr.io/distroless/static"
img_base=$(docker inspect --format='{{index .RootFS.Layers 0}}' "$IMG") || die "failed to inspect $IMG"
elif [ "${BUILDER}" = 'buildah' ] ; then
distroless_base=$(buildah inspect --type image --format='{{index .OCIv1.RootFS.DiffIDs 0}}' "gcr.io/distroless/static") || die "failed to inspect gcr.io/distroless/static"
img_base=$(buildah inspect --type image --format='{{index .OCIv1.RootFS.DiffIDs 0}}' "$IMG") || die "failed to inspect $IMG"
else
(>&2 echo "Unknown builder ${BUILDER}")
exit 1
fi
test "${distroless_base}" = "${img_base}" || die "$IMG base layer differs from gcr.io/distroless/static"