From e70b3e7173c89dcfc68e0cc4008882ec104eaa0c Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Mon, 16 Oct 2023 23:28:14 -0700 Subject: [PATCH] PE-2796 fix build opensuse image in proxy env (#72) * add proxy cert in opensuse base image * disable analytics * add cert in base-alpine * update * update (cherry picked from commit 44ec6429aae4b07dd79c722850640ae82daed6f2) --- .gitignore | 2 ++ Earthfile | 20 +++++++++++++++++--- earthly.sh | 11 ++++++----- 3 files changed, 25 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 43eb6cf..8291286 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,5 @@ config.yaml content-*/* *.arg .idea + +.DS_Store \ No newline at end of file diff --git a/Earthfile b/Earthfile index 8c29d34..0d23740 100644 --- a/Earthfile +++ b/Earthfile @@ -90,11 +90,18 @@ build-provider-images-fips: BUILD +provider-image --K8S_VERSION=1.27.2 END -download-etcdctl: +base-alpine: FROM alpine ARG TARGETOS ARG TARGETARCH + IF [ ! -z $PROXY_CERT_PATH ] + COPY sc.crt /etc/ssl/certs + RUN update-ca-certificates + END RUN apk add curl + +download-etcdctl: + FROM +base-alpine RUN curl --retry 5 -Ls https://github.com/etcd-io/etcd/releases/download/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-${TARGETARCH}.tar.gz | tar -xvzf - --strip-components=1 etcd-${ETCD_VERSION}-linux-${TARGETARCH}/etcdctl && \ chmod +x etcdctl SAVE ARTIFACT etcdctl @@ -225,13 +232,14 @@ base-image: END IF [ "$OS_DISTRIBUTION" = "ubuntu" ] && [ "$ARCH" = "amd64" ] - RUN apt update && \ - apt install --no-install-recommends zstd vim -y # Add proxy certificate if present IF [ ! -z $PROXY_CERT_PATH ] COPY sc.crt /etc/ssl/certs RUN update-ca-certificates END + + RUN apt update && \ + apt install --no-install-recommends zstd vim -y IF [ "$UPDATE_KERNEL" = "false" ] RUN if dpkg -l linux-image-generic-hwe-20.04 > /dev/null; then apt-mark hold linux-image-generic-hwe-20.04; fi && \ if dpkg -l linux-image-generic-hwe-22.04 > /dev/null; then apt-mark hold linux-image-generic-hwe-22.04; fi && \ @@ -252,6 +260,12 @@ base-image: # IF OS Type is Opensuse ELSE IF [ "$OS_DISTRIBUTION" = "opensuse-leap" ] && [ "$ARCH" = "amd64" ] + # Add proxy certificate if present + IF [ ! -z $PROXY_CERT_PATH ] + COPY sc.crt /usr/share/pki/trust/anchors + RUN update-ca-certificates + END + IF [ "$UPDATE_KERNEL" = "false" ] RUN zypper al kernel-de* END diff --git a/earthly.sh b/earthly.sh index 84650b7..f0c9471 100755 --- a/earthly.sh +++ b/earthly.sh @@ -4,23 +4,24 @@ function build_with_proxy() { export HTTPS_PROXY=$HTTPS_PROXY gitconfig=$(envsubst <.gitconfig.template | base64 | tr -d '\n') # cleanup any previous earthly-buildkitd - if [ "$( docker container inspect -f '{{.State.Running}}' earthly-buildkitd )" = "true" ]; then + if [ "$(docker container inspect -f '{{.State.Running}}' earthly-buildkitd)" = "true" ]; then docker stop earthly-buildkitd fi # start earthly buildkitd - docker run -d --privileged --name earthly-buildkitd -v /var/run/docker.sock:/var/run/docker.sock --rm -t -e BUILDKIT_TCP_TRANSPORT_ENABLED=true -e http_proxy=$HTTP_PROXY -e https_proxy=$HTTPS_PROXY -e HTTPS_PROXY=$HTTPS_PROXY -e HTTP_PROXY=$HTTP_PROXY -e NO_PROXY=$NO_PROXY -e no_proxy=$no_proxy -e EARTHLY_GIT_CONFIG=$gitconfig -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" -v earthly-tmp:/tmp/earthly:rw -p 8372:8372 gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION + docker run -d --privileged --name earthly-buildkitd -v /var/run/docker.sock:/var/run/docker.sock --rm -t -e GLOBAL_CONFIG="$global_config" -e BUILDKIT_TCP_TRANSPORT_ENABLED=true -e http_proxy=$HTTP_PROXY -e https_proxy=$HTTPS_PROXY -e HTTPS_PROXY=$HTTPS_PROXY -e HTTP_PROXY=$HTTP_PROXY -e NO_PROXY=$NO_PROXY -e no_proxy=$no_proxy -e EARTHLY_GIT_CONFIG=$gitconfig -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" -v earthly-tmp:/tmp/earthly:rw -p 8372:8372 gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION # Update the CA certificates in the container docker exec -it earthly-buildkitd update-ca-certificates # Run Earthly in Docker to create artifacts Variables are passed from the .arg file - docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" + docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" } function build_without_proxy() { # Run Earthly in Docker to create artifacts Variables are passed from the .arg file - docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -v "$(pwd)":/workspace gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" + docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config "-v "$(pwd)":/workspace gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" } +global_config="{disable_analytics: true}" PE_VERSION=$(git describe --abbrev=0 --tags) EARTHLY_VERSION=v0.7.4 source .arg @@ -50,7 +51,7 @@ if [ $? -ne 0 ]; then fi # Cleanup builder helper images. docker rmi gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION -if [ "$( docker container inspect -f '{{.State.Running}}' earthly-buildkitd )" = "true" ]; then +if [ "$(docker container inspect -f '{{.State.Running}}' earthly-buildkitd)" = "true" ]; then docker stop earthly-buildkitd fi docker rmi gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION