PE-2796 fix build opensuse image in proxy env (#72)

* add proxy cert in opensuse base image * disable analytics * add cert in base-alpine * update * update (cherry picked from commit 44ec642)
spectrocloud · Oct 17, 2023 · e70b3e7 · e70b3e7
1 parent 04cff6a
commit e70b3e7
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 8 deletions.
diff --git a/.gitignore b/.gitignore
@@ -8,3 +8,5 @@ config.yaml
 content-*/*
 *.arg
 .idea
+
+.DS_Store
diff --git a/Earthfile b/Earthfile
@@ -90,11 +90,18 @@ build-provider-images-fips:
  BUILD  +provider-image --K8S_VERSION=1.27.2
  END
 
-download-etcdctl:
+base-alpine:
  FROM alpine
  ARG TARGETOS
  ARG TARGETARCH
+ IF [ ! -z $PROXY_CERT_PATH ]
+ COPY sc.crt /etc/ssl/certs
+ RUN  update-ca-certificates
+ END
  RUN apk add curl
+
+download-etcdctl:
+ FROM +base-alpine
  RUN curl --retry 5 -Ls https://github.com/etcd-io/etcd/releases/download/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-${TARGETARCH}.tar.gz | tar -xvzf - --strip-components=1 etcd-${ETCD_VERSION}-linux-${TARGETARCH}/etcdctl && \
  chmod +x etcdctl
  SAVE ARTIFACT etcdctl
@@ -225,13 +232,14 @@ base-image:
  END
 
  IF [ "$OS_DISTRIBUTION" = "ubuntu" ] && [ "$ARCH" = "amd64" ]
- RUN apt update && \
- apt install --no-install-recommends zstd vim -y
  # Add proxy certificate if present
  IF [ ! -z $PROXY_CERT_PATH ]
  COPY sc.crt /etc/ssl/certs
  RUN  update-ca-certificates
  END
+
+ RUN apt update && \
+ apt install --no-install-recommends zstd vim -y
  IF [ "$UPDATE_KERNEL" = "false" ]
  RUN if dpkg -l linux-image-generic-hwe-20.04 > /dev/null; then apt-mark hold linux-image-generic-hwe-20.04; fi && \
  if dpkg -l linux-image-generic-hwe-22.04 > /dev/null; then apt-mark hold linux-image-generic-hwe-22.04; fi && \
@@ -252,6 +260,12 @@ base-image:
 
  # IF OS Type is Opensuse
  ELSE IF [ "$OS_DISTRIBUTION" = "opensuse-leap" ] && [ "$ARCH" = "amd64" ]
+ # Add proxy certificate if present
+ IF [ ! -z $PROXY_CERT_PATH ]
+ COPY sc.crt /usr/share/pki/trust/anchors
+ RUN  update-ca-certificates
+ END
+
  IF [ "$UPDATE_KERNEL" = "false" ]
  RUN zypper al kernel-de*
  END

diff --git a/earthly.sh b/earthly.sh
@@ -4,23 +4,24 @@ function build_with_proxy() {
  export HTTPS_PROXY=$HTTPS_PROXY
  gitconfig=$(envsubst <.gitconfig.template | base64 | tr -d '\n')
  # cleanup any previous earthly-buildkitd
- if [ "$( docker container inspect -f '{{.State.Running}}' earthly-buildkitd )" = "true" ]; then 
+ if [ "$(docker container inspect -f '{{.State.Running}}' earthly-buildkitd)" = "true" ]; then
  docker stop earthly-buildkitd
  fi
  # start earthly buildkitd
- docker run -d --privileged --name earthly-buildkitd -v /var/run/docker.sock:/var/run/docker.sock --rm -t -e BUILDKIT_TCP_TRANSPORT_ENABLED=true -e http_proxy=$HTTP_PROXY -e https_proxy=$HTTPS_PROXY -e HTTPS_PROXY=$HTTPS_PROXY -e HTTP_PROXY=$HTTP_PROXY -e NO_PROXY=$NO_PROXY -e no_proxy=$no_proxy -e EARTHLY_GIT_CONFIG=$gitconfig -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" -v earthly-tmp:/tmp/earthly:rw -p 8372:8372 gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION
+ docker run -d --privileged --name earthly-buildkitd -v /var/run/docker.sock:/var/run/docker.sock --rm -t -e GLOBAL_CONFIG="$global_config" -e BUILDKIT_TCP_TRANSPORT_ENABLED=true -e http_proxy=$HTTP_PROXY -e https_proxy=$HTTPS_PROXY -e HTTPS_PROXY=$HTTPS_PROXY -e HTTP_PROXY=$HTTP_PROXY -e NO_PROXY=$NO_PROXY -e no_proxy=$no_proxy -e EARTHLY_GIT_CONFIG=$gitconfig -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" -v earthly-tmp:/tmp/earthly:rw -p 8372:8372 gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION
  # Update the CA certificates in the container
  docker exec -it earthly-buildkitd update-ca-certificates
 
  # Run Earthly in Docker to create artifacts Variables are passed from the .arg file
- docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro"  gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@"
+ docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@"
 }
 
 function build_without_proxy() {
  # Run Earthly in Docker to create artifacts Variables are passed from the .arg file
- docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -v "$(pwd)":/workspace gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@"
+ docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config "-v "$(pwd)":/workspace gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@"
 }
 
+global_config="{disable_analytics: true}"
 PE_VERSION=$(git describe --abbrev=0 --tags)
 EARTHLY_VERSION=v0.7.4
 source .arg
@@ -50,7 +51,7 @@ if [ $? -ne 0 ]; then
 fi
 # Cleanup builder helper images.
 docker rmi gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION
-if [ "$( docker container inspect -f '{{.State.Running}}' earthly-buildkitd )" = "true" ]; then 
+if [ "$(docker container inspect -f '{{.State.Running}}' earthly-buildkitd)" = "true" ]; then
  docker stop earthly-buildkitd
 fi
 docker rmi gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION