Skip to content

Commit

Permalink
remove no longer needed centos base, containers, and openscap image n…
Browse files Browse the repository at this point in the history
…ow that openscap-scanner is in ubi app stream
  • Loading branch information
itewk committed Jun 10, 2021
1 parent 8218b80 commit b18dc92
Show file tree
Hide file tree
Showing 7 changed files with 2 additions and 508 deletions.
319 changes: 0 additions & 319 deletions .github/workflows/publish.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1355,322 +1355,3 @@ jobs:
- name: Image Digest 🔖
run: echo ${{ steps.image_build.outputs.digest }}

## CENTOS ##

#######################
# ploigos-base_centos #
#######################
ploigos-base_centos:
needs:
- cancel-previous

runs-on: ubuntu-latest

env:
IMAGE_CONTEXT: ./ploigos-base
IMAGE_FILE: Containerfile.centos
IMAGE_NAME: ploigos-base
IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-base:latest.centos
IMAGE_TAG_FLAVOR: .centos
IMAGE_IS_DEFAULT_FLAVOR: false

services:
registry:
image: registry:2
ports:
- 5000:5000

steps:
- name: Checkout 🛎️
uses: actions/checkout@v2

- name: Determine Image Version and Tags ⚙️
id: prep
run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh

- name: Version 📌
run: echo ${{ steps.prep.outputs.version }}

- name: Image Tags 🏷
run: echo ${{ steps.prep.outputs.tags }}

- name: Set up QEMU 🧰
uses: docker/[email protected]

- name: Set up Docker Buildx 🧰
uses: docker/[email protected]
with:
driver-opts: network=host

- name: Cache Docker layers 🗃
uses: actions/[email protected]
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build Image 🛠
id: image_build
uses: docker/[email protected]
env:
IMAGE_BUILD_ARGS:
with:
context: ${{ env.IMAGE_CONTEXT }}
file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }}
build-args: ${{ env.IMAGE_BUILD_ARGS }}
push: true
tags: ${{ env.IMAGE_TAG_LOCAL }}
labels: |
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.source=${{ github.repositoryUrl }}
org.opencontainers.image.version=${{ steps.prep.outputs.version }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.licenses=${{ github.event.repository.license.name }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache

- name: Test Image 🧪
run: |
echo "Test python3 installed"
docker run ${{ env.IMAGE_TAG_LOCAL }} python3 --version
echo "Test pip3 installed"
docker run ${{ env.IMAGE_TAG_LOCAL }} pip3 --version
echo "Test ploigos-step-runner is installed"
docker run ${{ env.IMAGE_TAG_LOCAL }} pip show ploigos-step-runner
echo "Test psr CLI works"
docker run ${{ env.IMAGE_TAG_LOCAL }} psr --help
echo "Test oc installed"
docker run ${{ env.IMAGE_TAG_LOCAL }} oc version
echo "Test git installed"
docker run ${{ env.IMAGE_TAG_LOCAL }} git version
echo "Test yq installed"
docker run ${{ env.IMAGE_TAG_LOCAL }} yq --version
- name: Login to External Registry 🔑
uses: docker/login-action@v1
with:
registry: ${{ secrets.REGISTRY_URI }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}

- name: Push to External Registry 🔺
id: push
run: |
docker pull ${{ env.IMAGE_TAG_LOCAL }}
TAGS=${{ steps.prep.outputs.tags }}
for TAG in ${TAGS//,/ }; do
docker tag ${{ env.IMAGE_TAG_LOCAL }} ${TAG}
docker push ${TAG}
done
- name: Image Digest 🔖
run: echo ${{ steps.image_build.outputs.digest }}

##################################
# ploigos-tool-containers_centos #
##################################
ploigos-tool-containers_centos:
needs:
- ploigos-base_centos

runs-on: ubuntu-latest

env:
IMAGE_CONTEXT: ./ploigos-tool-containers
IMAGE_FILE: Containerfile.centos
IMAGE_NAME: ploigos-tool-containers
IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-containers:latest.centos
IMAGE_TAG_FLAVOR: .centos
IMAGE_IS_DEFAULT_FLAVOR: false
BASE_IMAGE_NAME: ploigos-base

services:
registry:
image: registry:2
ports:
- 5000:5000

steps:
- name: Checkout 🛎️
uses: actions/checkout@v2

- name: Determine Image Version and Tags ⚙️
id: prep
run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh

- name: Version 📌
run: echo ${{ steps.prep.outputs.version }}

- name: Image Tags 🏷
run: echo ${{ steps.prep.outputs.tags }}

- name: Set up QEMU 🧰
uses: docker/[email protected]

- name: Set up Docker Buildx 🧰
uses: docker/[email protected]
with:
driver-opts: network=host

- name: Cache Docker layers 🗃
uses: actions/[email protected]
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build Image 🛠
id: image_build
uses: docker/[email protected]
env:
IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.prep.outputs.version }}
with:
context: ${{ env.IMAGE_CONTEXT }}
file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }}
build-args: ${{ env.IMAGE_BUILD_ARGS }}
push: true
tags: ${{ env.IMAGE_TAG_LOCAL }}
labels: |
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.source=${{ github.repositoryUrl }}
org.opencontainers.image.version=${{ steps.prep.outputs.version }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.licenses=${{ github.event.repository.license.name }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache

- name: Test Image 🧪
run: |
echo "test skopeo"
docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} skopeo --version
echo "test podman"
docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} podman --version
echo "test buildah"
docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} buildah --version
- name: Login to External Registry 🔑
uses: docker/login-action@v1
with:
registry: ${{ secrets.REGISTRY_URI }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}

- name: Push to External Registry 🔺
id: push
run: |
docker pull ${{ env.IMAGE_TAG_LOCAL }}
TAGS=${{ steps.prep.outputs.tags }}
for TAG in ${TAGS//,/ }; do
docker tag ${{ env.IMAGE_TAG_LOCAL }} ${TAG}
docker push ${TAG}
done
- name: Image Digest 🔖
run: echo ${{ steps.image_build.outputs.digest }}

################################
# ploigos-tool-openscap_centos #
################################
ploigos-tool-openscap_centos:
needs:
- ploigos-tool-containers_centos

runs-on: ubuntu-latest

env:
IMAGE_CONTEXT: ./ploigos-tool-openscap
IMAGE_FILE: Containerfile.centos
IMAGE_NAME: ploigos-tool-openscap
IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-openscap:latest.centos
IMAGE_TAG_FLAVOR: .centos
IMAGE_IS_DEFAULT_FLAVOR: false
BASE_IMAGE_NAME: ploigos-tool-containers

services:
registry:
image: registry:2
ports:
- 5000:5000

steps:
- name: Checkout 🛎️
uses: actions/checkout@v2

- name: Determine Image Version and Tags ⚙️
id: prep
run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh

- name: Version 📌
run: echo ${{ steps.prep.outputs.version }}

- name: Image Tags 🏷
run: echo ${{ steps.prep.outputs.tags }}

- name: Set up QEMU 🧰
uses: docker/[email protected]

- name: Set up Docker Buildx 🧰
uses: docker/[email protected]
with:
driver-opts: network=host

- name: Cache Docker layers 🗃
uses: actions/[email protected]
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build Image 🛠
id: image_build
uses: docker/[email protected]
env:
IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.prep.outputs.version }}
with:
context: ${{ env.IMAGE_CONTEXT }}
file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }}
build-args: ${{ env.IMAGE_BUILD_ARGS }}
push: true
tags: ${{ env.IMAGE_TAG_LOCAL }}
labels: |
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.source=${{ github.repositoryUrl }}
org.opencontainers.image.version=${{ steps.prep.outputs.version }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.licenses=${{ github.event.repository.license.name }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache

- name: Test Image 🧪
run: |
echo "test oscap"
docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} oscap --version
- name: Login to External Registry 🔑
uses: docker/login-action@v1
with:
registry: ${{ secrets.REGISTRY_URI }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}

- name: Push to External Registry 🔺
id: push
run: |
docker pull ${{ env.IMAGE_TAG_LOCAL }}
TAGS=${{ steps.prep.outputs.tags }}
for TAG in ${TAGS//,/ }; do
docker tag ${{ env.IMAGE_TAG_LOCAL }} ${TAG}
docker push ${TAG}
done
- name: Image Digest 🔖
run: echo ${{ steps.image_build.outputs.digest }}
34 changes: 2 additions & 32 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,6 @@ to kick off which will build, test, publish the images (that can) to [quay.io/pl

* ploigos-base
* ubi8
* centos
* ploigos-base-java-8
* ubi8
* ploigos-ci-agent-jenkins
Expand All @@ -92,13 +91,12 @@ to kick off which will build, test, publish the images (that can) to [quay.io/pl
* ubi8
* ploigos-tool-containers
* ubi8
* centos
* ploigos-tool-helm
* ubi8
* ploigos-tool-maven
* ubi8
* ploigos-tool-openscap
* centos
* ubi8
* ploigos-tool-reokor
* ubi8
* ploigos-tool-sonar
Expand All @@ -107,12 +105,7 @@ to kick off which will build, test, publish the images (that can) to [quay.io/pl

## Build

The following commands can be used for building these images locally

### With Red Hat Subscription
The `openscap-scanner` RPM for RHEL is currently only available to those with a Red Hat
subscription, so to build the `ploigos-tools-openscap` image on ubi8 these commands must be run
from a RHEL 8 system with valid Red Hat subscriptions.
The following commands can be used for building these images locally.

```
podman build --tag ploigos-base ploigos-base
Expand All @@ -130,29 +123,6 @@ podman build --tag ploigos-tool-rekor --build-arg BASE_IMAGE=ploigos-base
podman build --tag ploigos-tool-sonar --build-arg BASE_IMAGE=ploigos-base ploigos-tool-sonar
```

### No Red Hat Subscription
The `openscap-scanner` RPM for RHEL is currently only available to those with a Red Hat
subscription, so to build the `ploigos-tools-openscap` image without a Red Hat subscription
centos must be used rather then ubi8 for the base image.

```
podman build --tag ploigos-base ploigos-base
podman build --tag ploigos-base-java-8 --build-arg BASE_IMAGE=ploigos-base ploigos-base-java-8
podman build --tag ploigos-ci-agent-jenkins --build-arg BASE_IMAGE=ploigos-base-java-8 ploigos-ci-agent-jenkins
podman build --tag ploigos-jenkins ploigos-jenkins
podman build --tag ploigos-jenkins-init ploigos-jenkins-init
podman build --tag ploigos-tool-argocd --build-arg BASE_IMAGE=ploigos-base ploigos-tool-argocd
podman build --tag ploigos-tool-config-lint --build-arg BASE_IMAGE=ploigos-base ploigos-tool-config-lint
podman build --tag ploigos-tool-containers --build-arg BASE_IMAGE=ploigos-base ploigos-tool-containers
podman build --tag ploigos-tool-helm --build-arg BASE_IMAGE=ploigos-base ploigos-tool-helm
podman build --tag ploigos-tool-maven --build-arg BASE_IMAGE=ploigos-base-java-8 ploigos-tool-maven
podman build --tag ploigos-tool-rekor --build-arg BASE_IMAGE=ploigos-base ploigos-tool-rekor
podman build --tag ploigos-tool-sonar --build-arg BASE_IMAGE=ploigos-base ploigos-tool-sonar
podman build -f Containerfile.centos --tag ploigos-base:latest.centos ploigos-base
podman build -f Containerfile.centos --tag ploigos-tool-containers:latest.centos --build-arg BASE_IMAGE=ploigos-base:latest.centos ploigos-tool-containers
podman build -f Containerfile.centos --tag ploigos-tool-openscap --build-arg BASE_IMAGE=ploigos-tool-containers:latest.centos ploigos-tool-openscap
```
## Test

> **TODO**
Expand Down
Loading

0 comments on commit b18dc92

Please sign in to comment.