Base Image Change (#190)

* base image updated

Signed-off-by: Aayush Subramaniam <[email protected]>

* base image updated

Signed-off-by: Aayush Subramaniam <[email protected]>

* makefile updated

Signed-off-by: Aayush Subramaniam <[email protected]>

* dockerfile and makefile updated

Signed-off-by: Aayush Subramaniam <[email protected]>

* old make builds added back

Signed-off-by: Aayush Subramaniam <[email protected]>

---------

Signed-off-by: Aayush Subramaniam <[email protected]>

Author: aayushsss1

block-storage-attacher/Dockerfile

@@ -34,4 +34,4 @@ ADD block-storage-attacher /home/armada-storage
 RUN chmod +x /home/armada-storage/block-storage-attacher
 
 CMD ./home/armada-storage/run.sh
-#ENTRYPOINT ["/home/armada-storage/block-storage-attacher"]
+#ENTRYPOINT ["/home/armada-storage/block-storage-attacher"]

block-storage-attacher/Dockerfile.fips

@@ -0,0 +1,68 @@
+ARG BUILDER
+
+FROM $BUILDER as builder
+
+WORKDIR /go/src/github.ibm.com/alchemy-containers/block-storage-attacher
+ADD . .
+
+ARG GOPROXY=off
+ARG GOOS=linux
+ARG GOARCH=amd64
+
+# GOPRIVATE is set by the base image, but needs to be unset for `bt build image` to work with the `-goproxy` flag
+ENV GOPRIVATE=
+RUN make buildgo
+RUN make buildbsa
+RUN make buildsu
+RUN validate-go-binary armada-block-storage-attacher
+
+RUN install-packages nfs-utils \
+     libgcrypt \
+     curl nc jq
+
+RUN extend-image /usr/bin/mount* \
+     /usr/sbin/mount* \
+     /usr/lib64/libgcrypt* \
+     /usr/bin/bash /usr/bin/ls /usr/bin/curl /usr/bin/jq /usr/bin/nc /usr/bin/mkdir
+
+RUN mkdir -p /image/home/armada-storage/
+RUN mkdir -p /image/host && \
+     cp /go/bin/systemutil /image/home/armada-storage && \
+     cp block-storage-attacher /image/home/armada-storage
+ADD images/iscsi-attach.sh /image/home/armada-storage
+ADD images/iscsi-block-volume.conf /image/home/armada-storage
+ADD images/ibmc-block-attacher.service /image/home/armada-storage
+ADD images/run.sh /image/home/armada-storage
+RUN chmod 775 /image/home/armada-storage/systemutil
+RUN chmod 775 /image/home/armada-storage/run.sh
+RUN chmod 775 /image/home/armada-storage/iscsi-attach.sh
+RUN chmod +x /image/home/armada-storage/block-storage-attacher
+
+FROM scratch
+# Default values
+ARG git_commit_id=unknown
+ARG git_remote_url=unknown
+ARG build_date=unknown
+#ARG jenkins_build_number=unknown
+ARG travis_build_number=unknown
+ARG REPO_SOURCE_URL=blank
+LABEL razee.io/source-url="${REPO_SOURCE_URL}"
+ARG BUILD_URL=blank
+LABEL razee.io/build-url="${BUILD_URL}"
+LABEL compliance.owner="ibm-armada-storage"
+
+# Add Labels to image to show build details
+LABEL git-commit-id=${git_commit_id}
+LABEL git-remote-url=${git_remote_url}
+LABEL build-date=${build_date}
+#LABEL jenkins-build-number=${jenkins_build_number}
+LABEL travis_build_number=${travis_build_number}
+
+COPY --from=builder --chown=2000 /image /
+
+WORKDIR /home/armada-storage/
+
+USER 2000:2000
+
+CMD ./home/armada-storage/run.sh
+#ENTRYPOINT ["/home/armada-storage/block-storage-attacher"]

block-storage-attacher/Makefile

@@ -25,13 +25,13 @@ PROXY_IMAGE_URL_DOCKERHUB="docker-na.artifactory.swg-devops.com/wcp-alchemy-cont
 endif
 
 .PHONY: all
-all: deps gosec fmt vet buildgo test buildimage
+all: deps gosec fmt vet buildgo test buildimage-fips
 
 install-bt: ## Install 'bt' via git clone + installer script. Set BT_VERSION to install a custom version.
 @V=$${BT_VERSION:-master} C=~/.cache/bt/repo && if ! git -C "$$C" status >/dev/null; then mkdir -p "$$C" && rm -rf "$$C" && git clone https://github.ibm.com/alchemy-containers/go-build-tools.git "$$C"; fi && pushd "$$C" && git fetch && { git reset --hard "$$V" || git reset --hard origin/"$$V"; } && popd && "$$C"/scripts/install.sh "$$V"
 
 .PHONY: driver
-driver: deps gosec buildimage
+driver: deps gosec buildimage-fips
 
 .PHONY: deps
 deps: install-bt
@@ -56,7 +56,16 @@ gosec:
 
 .PHONY: buildgo
 buildgo:
-	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build
+	GOOS=linux GOARCH=amd64 go build ${GOTAGS}
+
+.PHONY: buildbsa
+buildbsa:
+	set -ex; go build ${GOTAGS} -v github.com/IBM/ibmcloud-storage-utilities/block-storage-attacher
+
+.PHONY: buildsu
+buildsu:
+	set -ex; go build ${GOTAGS} -o /go/bin/systemutil utils/systemutil.go
+	chmod 755 /go/bin/systemutil
 
 .PHONY: test
 test:
@@ -66,6 +75,28 @@ test:
 coverage:
 	go tool cover -html=cover.out -o=cover.html
 
+.PHONY: buildimage-fips
+buildimage-fips: login-registry deps
+	@ set -x; \
+	ASSETURL="$$(curl -X GET -H "Authorization: token ${GHE_TOKEN}" "https://github.ibm.com/api/v3/repos/alchemy-registry/base/releases/latest" | jq -r '.assets[0].url')"; \
+	curl -H "Authorization: token ${GHE_TOKEN}" -H "Accept: application/octet-stream" -L $$ASSETURL > base.image
+	set -a
+	source base.image && \
+	IMAGE_TAG="$$(echo $$COMMON_ARMADA_golang_builder | cut -d':' -f2)" && \
+	BUILDER="${PROXY_IMAGE_URL}/armada-master/ibm-storage-golang:$$IMAGE_TAG" && \
+	bt build image -goproxy -- docker build --rm \
+			--build-arg git_commit_id=${GIT_COMMIT_SHA} \
+        	--build-arg git_remote_url=${GIT_REMOTE_URL} \
+			--build-arg build_date=${BUILD_DATE} \
+        	--build-arg travis_build_number=${TRAVIS_BUILD_NUMBER} \
+			--build-arg REPO_SOURCE_URL=${REPO_SOURCE_URL} \
+			--build-arg BUILD_URL="${BUILD_URL}" \
+			--build-arg IMAGE_TAG=$$IMAGE_TAG \
+			--build-arg BUILDER=$$BUILDER \
+			--build-arg GOOS="linux" \
+			--build-arg GOARCH="amd64" \
+			-t $(IMAGE):$(TRAVIS_COMMIT) -f Dockerfile.fips .
+	set +a
 
 .PHONY: buildimage
 buildimage: build-systemutil
@@ -79,7 +110,6 @@ buildimage: build-systemutil
 			--build-arg BUILD_URL=${BUILD_URL} \
 			-t $(IMAGE):$(VERSION) -f Dockerfile .
 
-
 .PHONY: build-systemutil
 build-systemutil:
 	#Build executables like block-attacher and system util GO binaries
@@ -118,3 +148,7 @@ oss:
 	bt lint golangci --version="v${LINT_VERSION}" -- --fix
 	bt lint opensource -generate ${OSS_FILES}
 	bt lint copyright -generate
+
+.PHONY: login-registry
+login-registry: install-bt
+	bt build login-registry -artifactory-username "${ARTIFACTORY_USER}" -all-artifactory -iam-key "${registry_iam_api_key}" -all-icr

block-storage-attacher/OPENSOURCE

@@ -1,9 +1,9 @@
-docker://docker-na.artifactory.swg-devops.com/wcp-alchemy-containers-team-access-redhat-docker-remote/ubi8/ubi-minimal,8.9-1108
+docker://hub.docker.com/r/scratch,latest
 github.com/BurntSushi/toml,v0.3.1,direct
 github.com/coreos/go-systemd/v22,v22.2.0,direct
 github.com/gofrs/uuid,v4.2.0+incompatible,direct
-github.com/stretchr/testify,v1.7.0,direct
-go.uber.org/zap,v1.16.0,direct
+github.com/stretchr/testify,v1.8.4,direct
+go.uber.org/zap,v1.26.0,direct
 golang.org/x/time,v0.0.0-20210220033141-f8bda1e9f3ba,direct
 k8s.io/api,v0.19.2,direct
 k8s.io/apimachinery,v0.19.2,direct
@@ -28,7 +28,7 @@ github.com/pkg/errors,v0.9.1,indirect
 github.com/pmezard/go-difflib,v1.0.0,indirect
 github.com/spf13/pflag,v1.0.5,indirect
 go.uber.org/atomic,v1.7.0,indirect
-go.uber.org/multierr,v1.6.0,indirect
+go.uber.org/multierr,v1.10.0,indirect
 golang.org/x/crypto,v0.0.0-20211202192323-5770296d904e,indirect
 golang.org/x/lint,v0.0.0-20201208152925-83fdc39ff7b5,indirect
 golang.org/x/net,v0.0.0-20220722155237-a158d28d115b,indirect
@@ -46,4 +46,4 @@ k8s.io/klog/v2,v2.8.0,indirect
 k8s.io/kube-openapi,v0.0.0-20200805222855-6aeccd4b50c6,indirect
 k8s.io/utils,v0.0.0-20210305010621-2afb4311ab10,indirect
 sigs.k8s.io/structured-merge-diff/v4,v4.1.0,indirect
-sigs.k8s.io/yaml,v1.2.0,indirect
+sigs.k8s.io/yaml,v1.2.0,indirect