forked from redhat-best-practices-for-k8s/certsuite
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
149 lines (129 loc) · 4.9 KB
/
Dockerfile
File metadata and controls
149 lines (129 loc) · 4.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
FROM --platform=$BUILDPLATFORM registry.access.redhat.com/ubi9/ubi:9.6@sha256:8f1496d50a66e41433031bf5bdedd4635520e692ccd76ffcb649cf9d30d669af AS build
ENV CERTSUITE_DIR=/usr/certsuite
ENV \
CERTSUITE_SRC_DIR=${CERTSUITE_DIR}/src \
TEMP_DIR=/tmp
# Install dependencies
# hadolint ignore=DL3041
RUN \
mkdir ${CERTSUITE_DIR} \
&& dnf update --assumeyes --disableplugin=subscription-manager --nobest \
&& dnf install --assumeyes --disableplugin=subscription-manager \
gcc \
git \
jq \
cmake \
wget \
&& dnf clean all --assumeyes --disableplugin=subscription-manager \
&& rm -rf /var/cache/yum
# Install Go binary and set the PATH
ENV \
GO_DL_URL=https://golang.org/dl \
GOPATH=/root/go
ENV GO_BIN_URL_x86_64=${GO_DL_URL}/go1.25.1.linux-amd64.tar.gz
ENV GO_BIN_URL_aarch64=${GO_DL_URL}/go1.25.1.linux-arm64.tar.gz
# Determine the CPU architecture and download the appropriate Go binary
# We only build our binaries on x86_64 and aarch64 platforms, so it is not necessary
# to support other architectures.
RUN \
if [ "$(uname -m)" = x86_64 ]; then \
wget --directory-prefix=${TEMP_DIR} ${GO_BIN_URL_x86_64} --quiet \
&& rm -rf /usr/local/go \
&& tar -C /usr/local -xzf ${TEMP_DIR}/go1.25.1.linux-amd64.tar.gz; \
elif [ "$(uname -m)" = aarch64 ]; then \
wget --directory-prefix=${TEMP_DIR} ${GO_BIN_URL_aarch64} --quiet \
&& rm -rf /usr/local/go \
&& tar -C /usr/local -xzf ${TEMP_DIR}/go1.25.1.linux-arm64.tar.gz; \
else \
echo "CPU architecture is not supported." && exit 1; \
fi
ENV PATH=${PATH}:"/usr/local/go/bin":${GOPATH}/"bin"
# Set environment specific variables
ENV \
OPERATOR_SDK_X86_FILENAME=operator-sdk_linux_amd64 \
OPERATOR_SDK_ARM_FILENAME=operator-sdk_linux_arm64 \
OPERATOR_SDK_PPC64LE_FILENAME=operator-sdk_linux_ppc64le \
OPERATOR_SDK_S390X_FILENAME=operator-sdk_linux_s390x
# Download operator-sdk binary
ENV \
OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v1.41.1 \
OSDK_BIN=/usr/local/osdk/bin
RUN \
mkdir -p ${OSDK_BIN}
ARG TARGETARCH
ARG TARGETOS
ARG TARGETPLATFORM
RUN \
# echo the architecture for debugging
echo "TARGETARCH: $TARGETARCH" \
&& echo "TARGETOS: $TARGETOS" \
&& echo "TARGETPLATFORM: $TARGETPLATFORM"
# hadolint ignore=DL4001
RUN \
if [ "$TARGETARCH" = x86_64 ] || [ "$TARGETARCH" = amd64 ]; then \
curl \
--location \
--remote-name \
${OPERATOR_SDK_DL_URL}/${OPERATOR_SDK_X86_FILENAME} \
&& mv ${OPERATOR_SDK_X86_FILENAME} ${OSDK_BIN}/operator-sdk \
&& chmod +x ${OSDK_BIN}/operator-sdk; \
elif [ "$TARGETARCH" = aarch64 ] || [ "$TARGETARCH" = arm64 ]; then \
curl \
--location \
--remote-name \
${OPERATOR_SDK_DL_URL}/${OPERATOR_SDK_ARM_FILENAME} \
&& mv ${OPERATOR_SDK_ARM_FILENAME} ${OSDK_BIN}/operator-sdk \
&& chmod +x ${OSDK_BIN}/operator-sdk; \
elif [ "$TARGETARCH" = ppc64le ]; then \
curl \
--location \
--remote-name \
${OPERATOR_SDK_DL_URL}/${OPERATOR_SDK_PPC64LE_FILENAME} \
&& mv ${OPERATOR_SDK_PPC64LE_FILENAME} ${OSDK_BIN}/operator-sdk \
&& chmod +x ${OSDK_BIN}/operator-sdk; \
elif [ "$TARGETARCH" = s390x ]; then \
curl \
--location \
--remote-name \
${OPERATOR_SDK_DL_URL}/${OPERATOR_SDK_S390X_FILENAME} \
&& mv ${OPERATOR_SDK_S390X_FILENAME} ${OSDK_BIN}/operator-sdk \
&& chmod +x ${OSDK_BIN}/operator-sdk; \
else \
echo "CPU architecture is not supported." && exit 1; \
fi
# Copy all of the files into the source directory and then switch contexts
COPY . ${CERTSUITE_SRC_DIR}
WORKDIR ${CERTSUITE_SRC_DIR}
# Build the certsuite binary and clean up unnecessary files in a single step
RUN \
export GOARCH=$TARGETARCH \
&& export GOOS=$TARGETOS \
&& make build-certsuite-tool \
&& cp certsuite ${CERTSUITE_DIR} \
&& dnf remove --assumeyes --disableplugin=subscription-manager gcc git wget \
&& dnf clean all --assumeyes --disableplugin=subscription-manager \
&& rm -rf ${CERTSUITE_SRC_DIR} ${TEMP_DIR} /root/.cache /root/go/pkg /root/go/src \
/usr/lib/golang/pkg /usr/lib/golang/src /var/cache/yum /usr/local/go /usr/local/osdk/bin/*
# Switch contexts back to the root CERTSUITE directory
WORKDIR ${CERTSUITE_DIR}
# Using latest is prone to errors.
# hadolint ignore=DL3007
FROM quay.io/redhat-best-practices-for-k8s/oct:latest AS db
# Copy the state into a new flattened image to reduce size.
# TODO run as non-root
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.6@sha256:2f06ae0e6d3d9c4f610d32c480338eef474867f435d8d28625f2985e8acde6e8
ENV \
CERTSUITE_DIR=/usr/certsuite \
OSDK_BIN=/usr/local/osdk/bin
# Install the certsuite binary
COPY --from=build ${CERTSUITE_DIR}/certsuite /usr/local/bin/certsuite
# Add operatorsdk binary to image
COPY --from=build ${OSDK_BIN} /usr/local/bin/operator-sdk
# Update the CNF containers, helm charts and operators DB
ENV \
CERTSUITE_OFFLINE_DB=/usr/offline-db \
OCT_DB_PATH=/usr/oct/cmd/tnf/fetch
COPY --from=db ${OCT_DB_PATH} ${CERTSUITE_OFFLINE_DB}
WORKDIR ${CERTSUITE_DIR}
ENV SHELL=/bin/bash
CMD ["certsuite", "-h"]