github/kairos
7
0
Fork 0
mirror of https://github.com/kairos-io/kairos.git synced 2025-02-09 05:18:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Introduce new naming convention for artifacts (#1625)

Browse Source 
* Introduce new naming convention

Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>

* arm target

Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>

* tests

Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>

* arch for arm

Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>

* arch for arm

Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>

* tests

Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>

* tests

Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>

* tests

Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>

* fix naming of image

Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>

* sed in two steps

Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>

* pass arch to arm-image

Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>

* 🤦

Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>

* use targetarch

Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>

---------

Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>
This commit is contained in:
Mauro Morales 2023-07-26 09:06:03 +02:00 committed by GitHub
parent 5dcf93d764
commit 94696aa6f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 128 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/image-arm-pr.yaml vendored
View File

@ -13,7 +13,7 @@ env:
jobs:
docker:
uses: kairos-io/kairos/.github/workflows/reusable-docker-arm-build.yaml@master
uses: ./.github/workflows/reusable-docker-arm-build.yaml
with:
flavor: opensuse-leap-arm-rpi
model: rpi64

4
.github/workflows/image-arm.yaml vendored
View File

@ -31,7 +31,7 @@ jobs:
echo "::set-output name=matrix::{\"include\": $content }"
docker:
uses: kairos-io/kairos/.github/workflows/reusable-docker-arm-build.yaml@master
uses: ./.github/workflows/reusable-docker-arm-build.yaml
secrets: inherit
with:
flavor: ${{ matrix.flavor }}
@ -44,7 +44,7 @@ jobs:
matrix: ${{fromJson(needs.get-matrix.outputs.matrix)}}
image_and_iso_arm64_generic:
uses: kairos-io/kairos/.github/workflows/reusable-image-and-iso-arm-generic.yaml@master
uses: ./.github/workflows/reusable-image-and-iso-arm-generic.yaml
secrets: inherit
with:
flavor: ${{ matrix.flavor }}

20
.github/workflows/image-pr.yaml vendored
View File

@ -11,68 +11,68 @@ env:
FORCE_COLOR: 1
jobs:
core:
uses: kairos-io/kairos/.github/workflows/reusable-build-flavor.yaml@master
uses: ./.github/workflows/reusable-build-flavor.yaml
with:
flavor: ubuntu
install:
uses: kairos-io/kairos/.github/workflows/reusable-install-test.yaml@master
uses: ./.github/workflows/reusable-install-test.yaml
with:
flavor: ubuntu
needs:
- core
zfs:
uses: kairos-io/kairos/.github/workflows/reusable-zfs-test.yaml@master
uses: ./.github/workflows/reusable-zfs-test.yaml
with:
flavor: ubuntu
needs:
- core
acceptance:
uses: kairos-io/kairos/.github/workflows/reusable-qemu-acceptance-test.yaml@master
uses: ./.github/workflows/reusable-qemu-acceptance-test.yaml
with:
flavor: ubuntu
needs:
- core
bundles:
uses: kairos-io/kairos/.github/workflows/reusable-qemu-bundles-test.yaml@master
uses: ./.github/workflows/reusable-qemu-bundles-test.yaml
with:
flavor: ubuntu
needs:
- core
reset:
uses: kairos-io/kairos/.github/workflows/reusable-qemu-reset-test.yaml@master
uses: ./.github/workflows/reusable-qemu-reset-test.yaml
with:
flavor: ubuntu
needs:
- core
netboot:
uses: kairos-io/kairos/.github/workflows/reusable-qemu-netboot-test.yaml@master
uses: ./.github/workflows/reusable-qemu-netboot-test.yaml
with:
flavor: ubuntu
needs:
- core
upgrade:
uses: kairos-io/kairos/.github/workflows/reusable-upgrade-with-cli-test.yaml@master
uses: ./.github/workflows/reusable-upgrade-with-cli-test.yaml
with:
flavor: ubuntu
needs:
- core
upgrade-latest:
uses: kairos-io/kairos/.github/workflows/reusable-upgrade-latest-test.yaml@master
uses: ./.github/workflows/reusable-upgrade-latest-test.yaml
with:
flavor: ubuntu
needs:
- core
encryption:
uses: kairos-io/kairos/.github/workflows/reusable-encryption-test.yaml@master
uses: ./.github/workflows/reusable-encryption-test.yaml
with:
flavor: ubuntu
label: ${{ matrix.label }}

28
.github/workflows/image.yaml vendored
View File

@ -54,7 +54,7 @@ jobs:
echo "::set-output name=matrix::{\"include\": $content }"
core:
uses: kairos-io/kairos/.github/workflows/reusable-build-flavor.yaml@master
uses: ./.github/workflows/reusable-build-flavor.yaml
secrets: inherit
with:
flavor: ${{ matrix.flavor }}
@ -64,7 +64,7 @@ jobs:
fail-fast: false
matrix: ${{fromJson(needs.get-matrix.outputs.matrix)}}
framework:
uses: kairos-io/kairos/.github/workflows/reusable-build-framework-flavor.yaml@master
uses: ./.github/workflows/reusable-build-framework-flavor.yaml
secrets: inherit
with:
flavor: ${{ matrix.flavor }}
@ -74,7 +74,7 @@ jobs:
fail-fast: false
matrix: ${{fromJson(needs.get-framework-matrix.outputs.matrix)}}
install:
uses: kairos-io/kairos/.github/workflows/reusable-install-test.yaml@master
uses: ./.github/workflows/reusable-install-test.yaml
with:
flavor: ${{ matrix.flavor }}
needs:
@ -85,7 +85,7 @@ jobs:
include:
- flavor: opensuse-leap
zfs:
uses: kairos-io/kairos/.github/workflows/reusable-zfs-test.yaml@master
uses: ./.github/workflows/reusable-zfs-test.yaml
with:
flavor: ${{ matrix.flavor }}
needs:
@ -96,7 +96,7 @@ jobs:
include:
- flavor: "ubuntu"
acceptance:
uses: kairos-io/kairos/.github/workflows/reusable-qemu-acceptance-test.yaml@master
uses: ./.github/workflows/reusable-qemu-acceptance-test.yaml
with:
flavor: ${{ matrix.flavor }}
needs:
@ -113,7 +113,7 @@ jobs:
- flavor: "ubuntu-20-lts"
- flavor: "ubuntu-22-lts"
bundles:
uses: kairos-io/kairos/.github/workflows/reusable-qemu-bundles-test.yaml@master
uses: ./.github/workflows/reusable-qemu-bundles-test.yaml
with:
flavor: ${{ matrix.flavor }}
needs:
@ -124,7 +124,7 @@ jobs:
include:
- flavor: opensuse-tumbleweed # Kubo test needs systemd version 252+ which atm is not available in Leap
reset:
uses: kairos-io/kairos/.github/workflows/reusable-qemu-reset-test.yaml@master
uses: ./.github/workflows/reusable-qemu-reset-test.yaml
with:
flavor: ${{ matrix.flavor }}
needs:
@ -136,7 +136,7 @@ jobs:
- flavor: alpine-opensuse-leap
- flavor: opensuse-leap
netboot:
uses: kairos-io/kairos/.github/workflows/reusable-qemu-netboot-test.yaml@master
uses: ./.github/workflows/reusable-qemu-netboot-test.yaml
with:
flavor: ${{ matrix.flavor }}
needs:
@ -149,7 +149,7 @@ jobs:
- flavor: opensuse-leap
- flavor: ubuntu
upgrade:
uses: kairos-io/kairos/.github/workflows/reusable-upgrade-with-cli-test.yaml@master
uses: ./.github/workflows/reusable-upgrade-with-cli-test.yaml
with:
flavor: ${{ matrix.flavor }}
needs:
@ -161,7 +161,7 @@ jobs:
- flavor: alpine-opensuse-leap
- flavor: opensuse-leap
upgrade-latest:
uses: kairos-io/kairos/.github/workflows/reusable-upgrade-latest-test.yaml@master
uses: ./.github/workflows/reusable-upgrade-latest-test.yaml
with:
flavor: ${{ matrix.flavor }}
needs:
@ -176,7 +176,7 @@ jobs:
# - flavor: "ubuntu"
# - flavor: "ubuntu"
encryption:
uses: kairos-io/kairos/.github/workflows/reusable-encryption-test.yaml@master
uses: ./.github/workflows/reusable-encryption-test.yaml
with:
flavor: ${{ matrix.flavor }}
label: ${{ matrix.label }}
@ -194,7 +194,7 @@ jobs:
flavor:
- "opensuse-leap"
standard:
uses: kairos-io/kairos/.github/workflows/reusable-build-provider.yaml@master
uses: ./.github/workflows/reusable-build-provider.yaml
with:
flavor: ${{ matrix.flavor }}
strategy:
@ -204,7 +204,7 @@ jobs:
- "opensuse-leap"
- "alpine-opensuse-leap"
various:
uses: kairos-io/kairos/.github/workflows/reusable-provider-tests.yaml@master
uses: ./.github/workflows/reusable-provider-tests.yaml
with:
flavor: ${{ matrix.flavor }}
label: ${{ matrix.label }}
@ -228,7 +228,7 @@ jobs:
- label: "provider-upgrade"
flavor: "alpine-opensuse-leap"
standard-upgrade-latest:
uses: kairos-io/kairos/.github/workflows/reusable-provider-upgrade-latest-test.yaml@master
uses: ./.github/workflows/reusable-provider-upgrade-latest-test.yaml
with:
flavor: ${{ matrix.flavor }}
needs:

2
.github/workflows/reusable-encryption-test.yaml vendored
View File

@ -80,5 +80,5 @@ jobs:
EMULATE_TPM: true
USE_QEMU: true
run: |
export ISO=$PWD/kairos-core-${{ inputs.flavor }}.iso
export ISO=$(ls $PWD/kairos-core-*${{ inputs.flavor }}*.iso)
.github/encryption-tests.sh

2
.github/workflows/reusable-install-test.yaml vendored
View File

@ -31,7 +31,7 @@ jobs:
cache-dependency-path: tests/go.sum
- name: Ginkgo
run: |
export ISO=$PWD/kairos-core-${{ inputs.flavor }}.iso
export ISO=$(ls $PWD/kairos-core-*${{ inputs.flavor }}*.iso)
export GOPATH="/Users/runner/go"
export PATH=$PATH:$GOPATH/bin
export CREATE_VM=true

2
.github/workflows/reusable-qemu-acceptance-test.yaml vendored
View File

@ -63,4 +63,4 @@ jobs:
packages: utils/earthly
- run: |
earthly +datasource-iso --CLOUD_CONFIG=tests/assets/autoinstall.yaml
earthly +run-qemu-datasource-tests --PREBUILT_ISO=kairos-core-${{ inputs.flavor }}.iso --FLAVOR=${{ inputs.flavor }} --SSH_PORT=${{ inputs.port }}
earthly +run-qemu-datasource-tests --PREBUILT_ISO=$(ls kairos-core-*${{ inputs.flavor }}*.iso) --FLAVOR=${{ inputs.flavor }} --SSH_PORT=${{ inputs.port }}

2
.github/workflows/reusable-qemu-bundles-test.yaml vendored
View File

@ -43,4 +43,4 @@ jobs:
EOF
earthly -P +prepare-bundles-tests
earthly -P +run-qemu-bundles-tests --PREBUILT_ISO=kairos-core-${{ inputs.flavor }}.iso --FLAVOR=${{ inputs.flavor }}
earthly -P +run-qemu-bundles-tests --PREBUILT_ISO=$(ls kairos-core-*${{ inputs.flavor }}*.iso) --FLAVOR=${{ inputs.flavor }}

2
.github/workflows/reusable-qemu-reset-test.yaml vendored
View File

@ -42,4 +42,4 @@ jobs:
http = true
EOF
earthly -P +datasource-iso --CLOUD_CONFIG=tests/assets/autoinstall.yaml
earthly -P +run-qemu-datasource-tests --PREBUILT_ISO=kairos-core-${{ inputs.flavor }}.iso --TEST_SUITE=reset-test --FLAVOR=${{ inputs.flavor }}
earthly -P +run-qemu-datasource-tests --PREBUILT_ISO=$(ls kairos-core-*${{ inputs.flavor }}*.iso) --TEST_SUITE=reset-test --FLAVOR=${{ inputs.flavor }}

2
.github/workflows/reusable-upgrade-with-cli-test.yaml vendored
View File

@ -59,7 +59,7 @@ jobs:
- name: Display structure of downloaded files
run: ls -las .
- run: |
earthly +run-qemu-test --PREBUILT_ISO=kairos-core-${{ inputs.flavor }}.iso \
earthly +run-qemu-test --PREBUILT_ISO=$(ls kairos-core-*${{ inputs.flavor }}*.iso) \
--FLAVOR=${{ inputs.flavor }} \
--CONTAINER_IMAGE=ttl.sh/kairos-${{ inputs.flavor }}-${{ github.sha }}:24h \
--TEST_SUITE=upgrade-with-cli

2
.github/workflows/reusable-zfs-test.yaml vendored
View File

@ -26,5 +26,5 @@ jobs:
repository: quay.io/kairos/packages
packages: utils/earthly
- run: |
export ISO=$PWD/kairos-${{ inputs.flavor }}.iso
export ISO=$(ls $PWD/kairos-*${{ inputs.flavor }}*).iso
earthly +run-qemu-test --TEST_SUITE=zfs --FLAVOR=${{ inputs.flavor }}

133
Earthfile
View File

@ -4,7 +4,8 @@ ARG VARIANT=core # core, lite, framework
ARG FLAVOR=opensuse-leap
ARG BASE_URL=quay.io/kairos
ARG IMAGE=${BASE_URL}/${VARIANT}-${FLAVOR}:latest
ARG ISO_NAME=kairos-${VARIANT}-${FLAVOR}
ARG MODEL=generic
ARG SUPPORT=official # not using until this is defined in https://github.com/kairos-io/kairos/issues/1527
ARG GITHUB_REPO=kairos-io/kairos
ARG OS_ID=kairos
ARG OS_REPO=quay.io/kairos/${VARIANT}-${FLAVOR}
@ -15,6 +16,7 @@ ARG LUET_VERSION=0.34.0
# renovate: datasource=docker depName=aquasec/trivy
ARG TRIVY_VERSION=0.42.0
ARG COSIGN_SKIP=".*quay.io/kairos/.*"
# TODO: rename ISO_NAME to something like ARTIFACT_NAME because there are place where we use ISO_NAME to refer to the artifact name
IF [ "$FLAVOR" = "ubuntu" ]
ARG COSIGN_REPOSITORY=raccos/releases-orange
@ -73,7 +75,6 @@ all-arm:
IF [[ "$FLAVOR" = "ubuntu-20-lts-arm-nvidia-jetson-agx-orin" ]]
BUILD +prepare-arm-image --MODEL=rpi64 --FLAVOR=${FLAVOR}
ELSE
BUILD +arm-image --MODEL=rpi64
END
@ -174,17 +175,26 @@ syft:
SAVE ARTIFACT /syft syft
image-sbom:
ARG TARGETARCH
# Use base-image so it can read original os-release file
FROM +base-image
WORKDIR /build
COPY +version/VERSION ./
ARG VERSION=$(cat VERSION)
ARG FLAVOR
ARG VARIANT
COPY +version/VERSION ./
ARG VERSION=$(cat VERSION)
IF [ "$TARGETARCH" = "arm64" ]
ARG DISTRO=$(echo $FLAVOR | sed 's/-arm-rpi*//')
ARG ISO_NAME=${OS_ID}-${VARIANT}-${DISTRO}-${TARGETARCH}-${MODEL}-${VERSION}
ELSE
ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION}
END
COPY +syft/syft /usr/bin/syft
RUN syft / -o json=sbom.syft.json -o spdx-json=sbom.spdx.json
SAVE ARTIFACT /build/sbom.syft.json sbom.syft.json AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-sbom.syft.json
SAVE ARTIFACT /build/sbom.spdx.json sbom.spdx.json AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-sbom.spdx.json
SAVE ARTIFACT /build/sbom.syft.json sbom.syft.json AS LOCAL build/${ISO_NAME}-sbom.syft.json
SAVE ARTIFACT /build/sbom.spdx.json sbom.spdx.json AS LOCAL build/${ISO_NAME}-sbom.spdx.json
luet:
FROM quay.io/luet/base:$LUET_VERSION
@ -439,6 +449,11 @@ uki-tools-image:
RUN dnf install -y binutils systemd-boot mtools efitools sbsigntools shim openssl
uki:
ARG TARGETARCH
COPY +version/VERSION ./
RUN echo "version ${VERSION}"
ARG VERSION=$(cat VERSION)
ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION}
FROM +uki-tools-image
WORKDIR build
COPY +uki-artifacts/Kernel Kernel
@ -480,10 +495,14 @@ uki-signed:
COPY +uki/uki.efi uki.efi
COPY +uki/Uname Uname
ARG KVERSION=$(cat Uname)
COPY +version/VERSION ./
RUN echo "version ${VERSION}"
ARG VERSION=$(cat VERSION)
ARG TARGETARCH
ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION}
RUN sbsign --key DB.key --cert DB.crt --output uki.signed.efi uki.efi
SAVE ARTIFACT /boot/efi/EFI/fedora/mmx64.efi MokManager.efi
SAVE ARTIFACT PK.key PK.key AS LOCAL build/PK.key
SAVE ARTIFACT PK.crt PK.crt AS LOCAL build/PK.crt
@ -543,8 +562,11 @@ prepare-uki-disk-image:
###
iso:
COPY +version/VERSION ./
ARG VERSION=$(cat VERSION)
ARG TARGETARCH
ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION}
ARG OSBUILDER_IMAGE
ARG ISO_NAME=${OS_ID}
ARG IMG=docker:$IMAGE
ARG overlay=overlay/files-iso
FROM $OSBUILDER_IMAGE
@ -561,8 +583,11 @@ iso:
# you can override either the full thing by setting --IMG=docker:REPO/IMAGE:TAG
# or by --IMAGE=REPO/IMAGE:TAG
iso-remote:
ARG TARGETARCH
COPY +version/VERSION ./
ARG VERSION=$(cat VERSION)
ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION}
ARG OSBUILDER_IMAGE
ARG ISO_NAME=${OS_ID}
ARG IMG=docker:$IMAGE
ARG overlay=overlay/files-iso
FROM $OSBUILDER_IMAGE
@ -573,28 +598,29 @@ iso-remote:
SAVE ARTIFACT /build/$ISO_NAME.iso.sha256 kairos.iso.sha256 AS LOCAL build/$ISO_NAME.iso.sha256
netboot:
ARG OSBUILDER_IMAGE
FROM $OSBUILDER_IMAGE
COPY +version/VERSION ./
ARG VERSION=$(cat VERSION)
RUN echo "version ${VERSION}"
ARG ISO_NAME=${OS_ID}
ARG FROM_ARTIFACT
WORKDIR /build
ARG RELEASE_URL
ARG TARGETARCH
COPY +version/VERSION ./
RUN echo "version ${VERSION}"
ARG VERSION=$(cat VERSION)
ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION}
ARG OSBUILDER_IMAGE
FROM $OSBUILDER_IMAGE
ARG FROM_ARTIFACT
WORKDIR /build
ARG RELEASE_URL
COPY . .
IF [ "$FROM_ARTIFACT" = "" ]
COPY +iso/kairos.iso kairos.iso
RUN /build/scripts/netboot.sh kairos.iso $ISO_NAME $VERSION
ELSE
RUN /build/scripts/netboot.sh $FROM_ARTIFACT $ISO_NAME $VERSION
END
COPY . .
IF [ "$FROM_ARTIFACT" = "" ]
COPY +iso/kairos.iso kairos.iso
RUN /build/scripts/netboot.sh kairos.iso $ISO_NAME $VERSION
ELSE
RUN /build/scripts/netboot.sh $FROM_ARTIFACT $ISO_NAME $VERSION
END
SAVE ARTIFACT /build/$ISO_NAME.squashfs squashfs AS LOCAL build/$ISO_NAME.squashfs
SAVE ARTIFACT /build/$ISO_NAME-kernel kernel AS LOCAL build/$ISO_NAME-kernel
SAVE ARTIFACT /build/$ISO_NAME-initrd initrd AS LOCAL build/$ISO_NAME-initrd
SAVE ARTIFACT /build/$ISO_NAME.ipxe ipxe AS LOCAL build/$ISO_NAME.ipxe
SAVE ARTIFACT /build/$ISO_NAME.squashfs squashfs AS LOCAL build/$ISO_NAME.squashfs
SAVE ARTIFACT /build/$ISO_NAME-kernel kernel AS LOCAL build/$ISO_NAME-kernel
SAVE ARTIFACT /build/$ISO_NAME-initrd initrd AS LOCAL build/$ISO_NAME-initrd
SAVE ARTIFACT /build/$ISO_NAME.ipxe ipxe AS LOCAL build/$ISO_NAME.ipxe
arm-image:
ARG OSBUILDER_IMAGE
@ -602,7 +628,14 @@ arm-image:
ARG IMG_COMPRESSION=xz
FROM $OSBUILDER_IMAGE
ARG MODEL=rpi64
ARG IMAGE_NAME=${FLAVOR}.img
COPY +version/VERSION ./
RUN echo "version ${VERSION}"
ARG VERSION=$(cat VERSION)
ARG DISTRO=$(echo $FLAVOR | sed 's/-arm-rpi*//')
# TARGETARCH is not used here because OSBUILDER_IMAGE is not available in arm64. When this changes, then the caller
# of this target can simply pass the desired TARGETARCH.
ARG IMAGE_NAME=${OS_ID}-${VARIANT}-${DISTRO}-arm64-${MODEL}-${VERSION}.img
RUN echo $IMAGE_NAME
WORKDIR /build
# These sizes are in MB
ENV SIZE="15200"
@ -673,6 +706,7 @@ prepare-arm-image:
SAVE ARTIFACT /build/bootloader/state_partition.img state_partition.img AS LOCAL build/state_partition.img
ipxe-iso:
ARG TARGETARCH
FROM ubuntu
ARG ipxe_script
RUN apt update
@ -680,7 +714,10 @@ ipxe-iso:
mtools syslinux isolinux gcc-arm-none-eabi git make gcc liblzma-dev mkisofs xorriso
# jq docker
WORKDIR /build
ARG ISO_NAME=${OS_ID}
COPY +version/VERSION ./
RUN echo "version ${VERSION}"
ARG VERSION=$(cat VERSION)
ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION}
COPY +version/VERSION ./
ARG VERSION=$(cat VERSION)
ARG RELEASE_URL
@ -695,8 +732,8 @@ ipxe-iso:
RUN cd ipxe/src && \
sed -i 's/#undef\tDOWNLOAD_PROTO_HTTPS/#define\tDOWNLOAD_PROTO_HTTPS/' config/general.h && \
make EMBED=/build/ipxe/script.ipxe
SAVE ARTIFACT /build/ipxe/src/bin/ipxe.iso iso AS LOCAL build/${ISO_NAME}-ipxe.iso.ipxe
SAVE ARTIFACT /build/ipxe/src/bin/ipxe.usb usb AS LOCAL build/${ISO_NAME}-ipxe-usb.img.ipxe
SAVE ARTIFACT /build/ipxe/src/bin/ipxe.iso iso AS LOCAL build/${ISO_NAME}-ipxe.iso
SAVE ARTIFACT /build/ipxe/src/bin/ipxe.usb usb AS LOCAL build/${ISO_NAME}-ipxe-usb.img
# Generic targets
# usage e.g. ./earthly.sh +datasource-iso --CLOUD_CONFIG=tests/assets/qrcode.yaml
@ -721,6 +758,7 @@ trivy:
SAVE ARTIFACT /usr/local/bin/trivy /trivy
trivy-scan:
ARG TARGETARCH
# Use base-image so it can read original os-release file
FROM +base-image
COPY +trivy/trivy /trivy
@ -729,19 +767,26 @@ trivy-scan:
ARG VERSION=$(cat VERSION)
ARG FLAVOR
ARG VARIANT
IF [ "$TARGETARCH" = "arm64" ]
ARG DISTRO=$(echo $FLAVOR | sed 's/-arm-rpi*//')
ARG ISO_NAME=${OS_ID}-${VARIANT}-${DISTRO}-${TARGETARCH}-${MODEL}-${VERSION}
ELSE
ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION}
END
WORKDIR /build
RUN /trivy filesystem --skip-dirs /tmp --timeout 30m --format sarif -o report.sarif --no-progress /
RUN /trivy filesystem --skip-dirs /tmp --timeout 30m --format template --template "@/contrib/html.tpl" -o report.html --no-progress /
RUN /trivy filesystem --skip-dirs /tmp --timeout 30m -f json -o results.json --no-progress /
SAVE ARTIFACT /build/report.sarif report.sarif AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-trivy.sarif
SAVE ARTIFACT /build/report.html report.html AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-trivy.html
SAVE ARTIFACT /build/results.json results.json AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-trivy.json
SAVE ARTIFACT /build/report.sarif report.sarif AS LOCAL build/${ISO_NAME}-trivy.sarif
SAVE ARTIFACT /build/report.html report.html AS LOCAL build/${ISO_NAME}-trivy.html
SAVE ARTIFACT /build/results.json results.json AS LOCAL build/${ISO_NAME}-trivy.json
grype:
FROM anchore/grype
SAVE ARTIFACT /grype /grype
grype-scan:
ARG TARGETARCH
# Use base-image so it can read original os-release file
FROM +base-image
COPY +grype/grype /grype
@ -749,11 +794,17 @@ grype-scan:
ARG VERSION=$(cat VERSION)
ARG FLAVOR
ARG VARIANT
IF [ "$TARGETARCH" = "arm64" ]
ARG DISTRO=$(echo $FLAVOR | sed 's/-arm-rpi*//')
ARG ISO_NAME=${OS_ID}-${VARIANT}-${DISTRO}-${TARGETARCH}-${MODEL}-${VERSION}
ELSE
ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION}
END
WORKDIR /build
RUN /grype dir:/ --output sarif --add-cpes-if-none --file report.sarif
RUN /grype dir:/ --output json --add-cpes-if-none --file report.json
SAVE ARTIFACT /build/report.sarif report.sarif AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-grype.sarif
SAVE ARTIFACT /build/report.json report.json AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-grype.json
SAVE ARTIFACT /build/report.sarif report.sarif AS LOCAL build/${ISO_NAME}-grype.sarif
SAVE ARTIFACT /build/report.json report.json AS LOCAL build/${ISO_NAME}-grype.json
###
@ -798,11 +849,15 @@ run-qemu-datasource-tests:
run-qemu-netboot-test:
ARG TARGETARCH
FROM +go-deps-test
COPY . /test
WORKDIR /test
ARG ISO_NAME=${OS_ID}
COPY +version/VERSION ./
RUN echo "version ${VERSION}"
ARG VERSION=$(cat VERSION)
ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION}
COPY +version/VERSION ./
ARG VERSION=$(cat VERSION)