mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-07-10 15:56:47 +00:00
packaging: make builder base-image registry substitutable for CI
The static-build builder Dockerfiles (agent, kernel, qemu, shim-v2, ovmf,
tools, virtiofsd, busybox, codegen, coco-guest-components, pause-image) and
the agent codegen image hardcoded their base images from Docker Hub
(ubuntu/alpine/busybox/golang). On a builder-image cache miss in CI these
pulls are subject to Docker Hub rate limiting.
Parameterize every FROM with `ARG IMAGE_REGISTRY=docker.io` +
`FROM ${IMAGE_REGISTRY}/...` (default unchanged, so local builds keep using
Docker Hub) and have each component build script forward the value via a new
get_image_registry_build_arg() helper in scripts/lib.sh (only emitted when
IMAGE_REGISTRY is set). kata-deploy-binaries-in-docker.sh forwards
IMAGE_REGISTRY into the build container.
The build-kata-static workflows set IMAGE_REGISTRY=ghcr.io/kata-containers
per-component on the Docker-Hub-only jobs (build-asset, shim-v2, tools) and,
for rootfs, on every asset except cbl-mariner. To keep the fedora
image-builder on its own registry, it now uses a dedicated
IMAGE_BUILDER_REGISTRY (default registry.fedoraproject.org) instead of
sharing IMAGE_REGISTRY, so the rootfs ubuntu/alpine base can be mirrored
without breaking the fedora- and mcr-based image builds.
Authored-by: Cursor <cursor@cursor.com>
Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
This commit is contained in:
@@ -101,6 +101,10 @@ jobs:
|
||||
KATA_ASSET: ${{ matrix.asset }}
|
||||
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
|
||||
PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }}
|
||||
# Pull builder-image base layers (ubuntu/alpine) from the ghcr.io
|
||||
# mirror instead of Docker Hub. rootfs (fedora/cbl-mariner) keeps its
|
||||
# own defaults, so it is deliberately left untouched.
|
||||
IMAGE_REGISTRY: ghcr.io/kata-containers
|
||||
ARTEFACT_REGISTRY: ghcr.io
|
||||
ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }}
|
||||
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -261,6 +265,10 @@ jobs:
|
||||
TARGET_BRANCH: ${{ inputs.target-branch }}
|
||||
RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
|
||||
KBUILD_SIGN_PIN: ${{ contains(matrix.asset, 'nvidia') && secrets.KBUILD_SIGN_PIN || '' }}
|
||||
# Mirror the ubuntu/alpine/debian rootfs base via ghcr.io. cbl-mariner
|
||||
# (mcr.microsoft.com) is excluded; the fedora image-builder uses its
|
||||
# own IMAGE_BUILDER_REGISTRY and is unaffected.
|
||||
IMAGE_REGISTRY: ${{ contains(matrix.asset, 'mariner') && '' || 'ghcr.io/kata-containers' }}
|
||||
|
||||
- name: store-artifact ${{ matrix.asset }}
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
@@ -369,6 +377,7 @@ jobs:
|
||||
TARGET_BRANCH: ${{ inputs.target-branch }}
|
||||
RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
|
||||
MEASURED_ROOTFS: yes
|
||||
IMAGE_REGISTRY: ghcr.io/kata-containers
|
||||
|
||||
- name: store-artifact ${{ matrix.asset }}
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
@@ -478,6 +487,7 @@ jobs:
|
||||
KATA_ASSET: ${{ matrix.asset }}
|
||||
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
|
||||
PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }}
|
||||
IMAGE_REGISTRY: ghcr.io/kata-containers
|
||||
ARTEFACT_REGISTRY: ghcr.io
|
||||
ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }}
|
||||
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
@@ -95,6 +95,10 @@ jobs:
|
||||
KATA_ASSET: ${{ matrix.asset }}
|
||||
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
|
||||
PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }}
|
||||
# Pull builder-image base layers (ubuntu/alpine) from the ghcr.io
|
||||
# mirror instead of Docker Hub. rootfs (fedora/cbl-mariner) keeps its
|
||||
# own defaults, so it is deliberately left untouched.
|
||||
IMAGE_REGISTRY: ghcr.io/kata-containers
|
||||
ARTEFACT_REGISTRY: ghcr.io
|
||||
ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }}
|
||||
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -251,6 +255,10 @@ jobs:
|
||||
TARGET_BRANCH: ${{ inputs.target-branch }}
|
||||
RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
|
||||
KBUILD_SIGN_PIN: ${{ contains(matrix.asset, 'nvidia') && secrets.KBUILD_SIGN_PIN || '' }}
|
||||
# Mirror the ubuntu/alpine/debian rootfs base via ghcr.io. cbl-mariner
|
||||
# (mcr.microsoft.com) is excluded; the fedora image-builder uses its
|
||||
# own IMAGE_BUILDER_REGISTRY and is unaffected.
|
||||
IMAGE_REGISTRY: ${{ contains(matrix.asset, 'mariner') && '' || 'ghcr.io/kata-containers' }}
|
||||
|
||||
- name: store-artifact ${{ matrix.asset }}
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
@@ -355,6 +363,7 @@ jobs:
|
||||
TARGET_BRANCH: ${{ inputs.target-branch }}
|
||||
RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
|
||||
MEASURED_ROOTFS: yes
|
||||
IMAGE_REGISTRY: ghcr.io/kata-containers
|
||||
|
||||
- name: store-artifact ${{ matrix.asset }}
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
@@ -408,6 +417,7 @@ jobs:
|
||||
KATA_ASSET: ${{ matrix.asset }}
|
||||
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
|
||||
PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }}
|
||||
IMAGE_REGISTRY: ghcr.io/kata-containers
|
||||
ARTEFACT_REGISTRY: ghcr.io
|
||||
ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }}
|
||||
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
@@ -80,6 +80,9 @@ jobs:
|
||||
KATA_ASSET: ${{ matrix.asset }}
|
||||
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
|
||||
PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }}
|
||||
# Pull builder-image base layers (ubuntu/alpine) from the ghcr.io
|
||||
# mirror instead of Docker Hub.
|
||||
IMAGE_REGISTRY: ghcr.io/kata-containers
|
||||
ARTEFACT_REGISTRY: ghcr.io
|
||||
ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }}
|
||||
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -189,6 +192,7 @@ jobs:
|
||||
KATA_ASSET: ${{ matrix.asset }}
|
||||
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
|
||||
PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }}
|
||||
IMAGE_REGISTRY: ghcr.io/kata-containers
|
||||
ARTEFACT_REGISTRY: ghcr.io
|
||||
ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }}
|
||||
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -275,6 +279,7 @@ jobs:
|
||||
KATA_ASSET: ${{ matrix.asset }}
|
||||
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
|
||||
PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }}
|
||||
IMAGE_REGISTRY: ghcr.io/kata-containers
|
||||
ARTEFACT_REGISTRY: ghcr.io
|
||||
ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }}
|
||||
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
@@ -67,6 +67,9 @@ jobs:
|
||||
KATA_ASSET: ${{ matrix.asset }}
|
||||
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
|
||||
PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }}
|
||||
# Pull builder-image base layers (ubuntu/alpine) from the ghcr.io
|
||||
# mirror instead of Docker Hub.
|
||||
IMAGE_REGISTRY: ghcr.io/kata-containers
|
||||
ARTEFACT_REGISTRY: ghcr.io
|
||||
ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }}
|
||||
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
@@ -93,6 +93,10 @@ jobs:
|
||||
KATA_ASSET: ${{ matrix.asset }}
|
||||
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
|
||||
PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }}
|
||||
# Pull builder-image base layers (ubuntu/alpine) from the ghcr.io
|
||||
# mirror instead of Docker Hub. rootfs (fedora/cbl-mariner) keeps its
|
||||
# own defaults, so it is deliberately left untouched.
|
||||
IMAGE_REGISTRY: ghcr.io/kata-containers
|
||||
ARTEFACT_REGISTRY: ghcr.io
|
||||
ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }}
|
||||
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -234,6 +238,9 @@ jobs:
|
||||
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
||||
TARGET_BRANCH: ${{ inputs.target-branch }}
|
||||
RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
|
||||
# Mirror the ubuntu/alpine rootfs base via ghcr.io; the fedora
|
||||
# image-builder uses its own IMAGE_BUILDER_REGISTRY and is unaffected.
|
||||
IMAGE_REGISTRY: ghcr.io/kata-containers
|
||||
|
||||
- name: store-artifact ${{ matrix.asset }}
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
@@ -324,6 +331,7 @@ jobs:
|
||||
TARGET_BRANCH: ${{ inputs.target-branch }}
|
||||
RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
|
||||
MEASURED_ROOTFS: no
|
||||
IMAGE_REGISTRY: ghcr.io/kata-containers
|
||||
|
||||
- name: store-artifact ${{ matrix.asset }}
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
|
||||
@@ -213,6 +213,7 @@ codecov-html: check_tarpaulin
|
||||
##TARGET generate-protocols: generate/update grpc agent protocols
|
||||
generate-protocols:
|
||||
image=$$(docker build -q \
|
||||
$${IMAGE_REGISTRY:+--build-arg IMAGE_REGISTRY=$$IMAGE_REGISTRY} \
|
||||
--build-arg GO_VERSION=$$(yq '.languages.golang.version' $(CURDIR)/../../versions.yaml) \
|
||||
--build-arg PROTOC_VERSION=$$(yq '.externals.protoc.version' $(CURDIR)/../../versions.yaml | grep -oE "[0-9.]+") \
|
||||
--build-arg PROTOC_GEN_GO_VERSION=$$(yq '.externals.protoc-gen-go.version' $(CURDIR)/../../versions.yaml) \
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
# Copyright (c) 2018 Intel Corporation
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
ARG IMAGE_REGISTRY=registry.fedoraproject.org
|
||||
FROM ${IMAGE_REGISTRY}/fedora:44
|
||||
ARG IMAGE_BUILDER_REGISTRY=registry.fedoraproject.org
|
||||
FROM ${IMAGE_BUILDER_REGISTRY}/fedora:44
|
||||
|
||||
RUN ([ -n "$http_proxy" ] && \
|
||||
sed -i '$ a proxy='$http_proxy /etc/dnf/dnf.conf ; true) && \
|
||||
|
||||
@@ -77,7 +77,7 @@ Extra environment variables:
|
||||
AGENT_BIN: Use it to change the expected agent binary name
|
||||
AGENT_INIT: Use kata agent as init process
|
||||
BLOCK_SIZE: Use to specify the size of blocks in bytes. DEFAULT: 4096
|
||||
IMAGE_REGISTRY: Hostname for the image registry used to pull down the rootfs build image.
|
||||
IMAGE_BUILDER_REGISTRY: Hostname for the image registry used to pull down the image-builder base image (fedora).
|
||||
NSDAX_BIN: Use to specify path to pre-compiled 'nsdax' tool.
|
||||
SKIP_DAX_HEADER: If set to "yes", skip the DAX/NVDIMM header. Use for
|
||||
virtio-blk-pci images that never use NVDIMM.
|
||||
@@ -136,8 +136,11 @@ build_with_container() {
|
||||
image_name=$(basename "${image}")
|
||||
|
||||
engine_build_args=""
|
||||
if [[ -n "${IMAGE_REGISTRY}" ]]; then
|
||||
engine_build_args+=" --build-arg IMAGE_REGISTRY=${IMAGE_REGISTRY}"
|
||||
# The image-builder uses its own registry knob (IMAGE_BUILDER_REGISTRY,
|
||||
# default registry.fedoraproject.org) so it is not affected by the
|
||||
# IMAGE_REGISTRY used to mirror the rootfs base images (ubuntu/alpine/...).
|
||||
if [[ -n "${IMAGE_BUILDER_REGISTRY:-}" ]]; then
|
||||
engine_build_args+=" --build-arg IMAGE_BUILDER_REGISTRY=${IMAGE_BUILDER_REGISTRY}"
|
||||
fi
|
||||
if [[ -n "${USE_PODMAN}" ]]; then
|
||||
engine_build_args+=" --runtime ${DOCKER_RUNTIME}"
|
||||
|
||||
@@ -91,6 +91,10 @@ ARTEFACT_REGISTRY_USERNAME="${ARTEFACT_REGISTRY_USERNAME:-}"
|
||||
ARTEFACT_REGISTRY_PASSWORD="${ARTEFACT_REGISTRY_PASSWORD:-}"
|
||||
TARGET_BRANCH="${TARGET_BRANCH:-}"
|
||||
BUILDER_REGISTRY="${BUILDER_REGISTRY:-}"
|
||||
# Optional mirror registry for third-party base images (e.g. ubuntu, alpine).
|
||||
# When set, it is forwarded to the component build scripts, which pass it down
|
||||
# as the IMAGE_REGISTRY build-arg used in the builder Dockerfiles' FROM lines.
|
||||
IMAGE_REGISTRY="${IMAGE_REGISTRY:-}"
|
||||
PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY:-"no"}"
|
||||
RELEASE="${RELEASE:-"no"}"
|
||||
AGENT_CONTAINER_BUILDER="${AGENT_CONTAINER_BUILDER:-}"
|
||||
@@ -134,6 +138,7 @@ docker run \
|
||||
--env TARGET_BRANCH="${TARGET_BRANCH}" \
|
||||
--env RELEASE="${RELEASE}" \
|
||||
--env BUILDER_REGISTRY="${BUILDER_REGISTRY}" \
|
||||
--env IMAGE_REGISTRY="${IMAGE_REGISTRY}" \
|
||||
--env PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY}" \
|
||||
--env AGENT_CONTAINER_BUILDER="${AGENT_CONTAINER_BUILDER}" \
|
||||
--env COCO_GUEST_COMPONENTS_CONTAINER_BUILDER="${COCO_GUEST_COMPONENTS_CONTAINER_BUILDER}" \
|
||||
|
||||
@@ -126,6 +126,16 @@ get_last_modification() {
|
||||
popd &> /dev/null || return
|
||||
}
|
||||
|
||||
# Echo the "--build-arg IMAGE_REGISTRY=..." fragment used to redirect a
|
||||
# Dockerfile's base image to a mirror, but only when IMAGE_REGISTRY is set.
|
||||
# When unset, nothing is emitted and the Dockerfile's own ARG default (e.g.
|
||||
# docker.io) is used. The mirror value contains no spaces, so callers can use
|
||||
# the unquoted expansion to word-split it into two arguments.
|
||||
get_image_registry_build_arg() {
|
||||
[[ -n "${IMAGE_REGISTRY:-}" ]] || return 0
|
||||
echo "--build-arg IMAGE_REGISTRY=${IMAGE_REGISTRY}"
|
||||
}
|
||||
|
||||
# $1 - The tag to be pushed to the registry
|
||||
# $2 - "yes" to use sudo, "no" otherwise
|
||||
push_to_registry() {
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
FROM ubuntu:22.04
|
||||
ARG IMAGE_REGISTRY=docker.io
|
||||
FROM ${IMAGE_REGISTRY}/ubuntu:22.04
|
||||
ARG RUST_TOOLCHAIN
|
||||
|
||||
COPY install_libseccomp.sh /usr/bin/install_libseccomp.sh
|
||||
|
||||
@@ -18,9 +18,10 @@ container_image="${AGENT_CONTAINER_BUILDER:-$(get_agent_image_name)}"
|
||||
# shellcheck disable=SC2154
|
||||
[[ "${CROSS_BUILD}" == "true" ]] && container_image="${container_image}-cross-build"
|
||||
|
||||
# shellcheck disable=SC2154,SC2086
|
||||
# shellcheck disable=SC2046,SC2154,SC2086
|
||||
docker pull "${container_image}" || \
|
||||
(docker ${BUILDX} build ${PLATFORM} \
|
||||
$(get_image_registry_build_arg) \
|
||||
--build-arg RUST_TOOLCHAIN="$(get_from_kata_deps ".languages.rust.meta.newest-version")" \
|
||||
-t "${container_image}" "${script_dir}" && \
|
||||
# No-op unless PUSH_TO_REGISTRY is exported as "yes"
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
FROM alpine:3.20.0
|
||||
ARG IMAGE_REGISTRY=docker.io
|
||||
FROM ${IMAGE_REGISTRY}/alpine:3.20.0
|
||||
|
||||
# Install build dependencies and ORAS for cache support
|
||||
RUN apk update && apk --no-cache add gpg gpg-agent coreutils bash curl make \
|
||||
|
||||
@@ -30,9 +30,10 @@ container_image="${BUSYBOX_CONTAINER_BUILDER:-$(get_busybox_image_name)}"
|
||||
# shellcheck disable=SC2154
|
||||
[[ "${CROSS_BUILD}" == "true" ]] && container_image="${container_image}-cross-build"
|
||||
|
||||
# shellcheck disable=SC2154,SC2086
|
||||
# shellcheck disable=SC2046,SC2154,SC2086
|
||||
docker pull "${container_image}" || \
|
||||
(docker ${BUILDX} build ${PLATFORM} \
|
||||
$(get_image_registry_build_arg) \
|
||||
-t "${container_image}" "${script_dir}" \
|
||||
# No-op unless PUSH_TO_REGISTRY is exported as "yes"
|
||||
push_to_registry "${container_image}")
|
||||
|
||||
@@ -3,7 +3,8 @@
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
FROM ubuntu:24.04
|
||||
ARG IMAGE_REGISTRY=docker.io
|
||||
FROM ${IMAGE_REGISTRY}/ubuntu:24.04
|
||||
ARG RUST_TOOLCHAIN
|
||||
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
@@ -36,9 +36,10 @@ container_image="${COCO_GUEST_COMPONENTS_CONTAINER_BUILDER:-$(get_coco_guest_com
|
||||
# shellcheck disable=SC2154
|
||||
[[ "${CROSS_BUILD}" == "true" ]] && container_image="${container_image}-cross-build"
|
||||
|
||||
# shellcheck disable=SC2154,SC2086
|
||||
# shellcheck disable=SC2046,SC2154,SC2086
|
||||
docker pull "${container_image}" || \
|
||||
(docker ${BUILDX} build ${PLATFORM} \
|
||||
$(get_image_registry_build_arg) \
|
||||
--build-arg RUST_TOOLCHAIN="${coco_guest_components_toolchain}" \
|
||||
--build-arg NVAT_VERSION="${nvat_version}" \
|
||||
-t "${container_image}" "${script_dir}" && \
|
||||
|
||||
@@ -3,8 +3,9 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
ARG GO_VERSION=
|
||||
ARG IMAGE_REGISTRY=docker.io
|
||||
|
||||
FROM busybox:1.37.0 AS resources
|
||||
FROM ${IMAGE_REGISTRY}/busybox:1.37.0 AS resources
|
||||
|
||||
WORKDIR /usr/local
|
||||
|
||||
@@ -12,7 +13,7 @@ ARG PROTOC_VERSION=
|
||||
RUN wget -O /tmp/protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-x86_64.zip && \
|
||||
unzip /tmp/protoc.zip
|
||||
|
||||
FROM golang:${GO_VERSION}
|
||||
FROM ${IMAGE_REGISTRY}/golang:${GO_VERSION}
|
||||
|
||||
COPY --from=resources /usr/local /usr
|
||||
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
FROM ubuntu:22.04
|
||||
ARG IMAGE_REGISTRY=docker.io
|
||||
FROM ${IMAGE_REGISTRY}/ubuntu:22.04
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
ENV INSTALL_IN_GOPATH=false
|
||||
|
||||
|
||||
@@ -60,6 +60,10 @@ fi
|
||||
|
||||
container_build+=" --build-arg ARCH=${ARCH:-}"
|
||||
|
||||
if [[ -n "${IMAGE_REGISTRY:-}" ]]; then
|
||||
container_build+=" --build-arg IMAGE_REGISTRY=${IMAGE_REGISTRY}"
|
||||
fi
|
||||
|
||||
"${container_engine}" pull "${container_image}" || \
|
||||
{
|
||||
${container_build} -t "${container_image}" "${script_dir}" && \
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
FROM ubuntu:22.04
|
||||
ARG IMAGE_REGISTRY=docker.io
|
||||
FROM ${IMAGE_REGISTRY}/ubuntu:22.04
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
RUN apt-get update && \
|
||||
|
||||
@@ -58,8 +58,9 @@ fi
|
||||
[[ -n "${ovmf_package}" ]] || die "failed to get ovmf package or commit"
|
||||
[[ -n "${package_output_dir}" ]] || die "failed to get ovmf package or commit"
|
||||
|
||||
# shellcheck disable=SC2046
|
||||
docker pull "${container_image}" || \
|
||||
(docker build -t "${container_image}" "${script_dir}" && \
|
||||
(docker build $(get_image_registry_build_arg) -t "${container_image}" "${script_dir}" && \
|
||||
# No-op unless PUSH_TO_REGISTRY is exported as "yes"
|
||||
push_to_registry "${container_image}")
|
||||
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
# Copyright (c) 2024 Intel
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
FROM ubuntu:22.04
|
||||
ARG IMAGE_REGISTRY=docker.io
|
||||
FROM ${IMAGE_REGISTRY}/ubuntu:22.04
|
||||
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
|
||||
@@ -30,9 +30,10 @@ container_image="${PAUSE_IMAGE_CONTAINER_BUILDER:-$(get_pause_image_name)}"
|
||||
# shellcheck disable=SC2154
|
||||
[[ "${CROSS_BUILD}" == "true" ]] && container_image="${container_image}-cross-build"
|
||||
|
||||
# shellcheck disable=SC2154,SC2086
|
||||
# shellcheck disable=SC2046,SC2154,SC2086
|
||||
docker pull "${container_image}" || \
|
||||
(docker ${BUILDX} build ${PLATFORM} \
|
||||
$(get_image_registry_build_arg) \
|
||||
-t "${container_image}" "${script_dir}" && \
|
||||
# No-op unless PUSH_TO_REGISTRY is exported as "yes"
|
||||
push_to_registry "${container_image}")
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
# Copyright (c) 2020 Ant Group
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
FROM ubuntu:22.04
|
||||
ARG IMAGE_REGISTRY=docker.io
|
||||
FROM ${IMAGE_REGISTRY}/ubuntu:22.04
|
||||
|
||||
# CACHE_TIMEOUT: date to invalid cache, if the date changes the image will be rebuild
|
||||
# This is required to keep build dependencies with security fixes.
|
||||
|
||||
@@ -54,7 +54,9 @@ CACHE_TIMEOUT=$(date +"%Y-%m-%d")
|
||||
container_image="${QEMU_CONTAINER_BUILDER:-$(get_qemu_image_name)}"
|
||||
[[ "${CROSS_BUILD}" == "true" ]] && container_image="${container_image}-cross-build"
|
||||
|
||||
# shellcheck disable=SC2046
|
||||
"${container_engine}" pull "${container_image}" || ("${container_engine}" build \
|
||||
$(get_image_registry_build_arg) \
|
||||
--build-arg CACHE_TIMEOUT="${CACHE_TIMEOUT}" \
|
||||
--build-arg http_proxy="${http_proxy}" \
|
||||
--build-arg https_proxy="${https_proxy}" \
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
FROM ubuntu:22.04
|
||||
ARG IMAGE_REGISTRY=docker.io
|
||||
FROM ${IMAGE_REGISTRY}/ubuntu:22.04
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
ENV GO_HOME="/opt"
|
||||
|
||||
@@ -67,9 +67,10 @@ for entry in "${verity_variants[@]}"; do
|
||||
EXTRA_OPTS+=" ${param_var}=${root_measure_config}"
|
||||
done
|
||||
|
||||
# shellcheck disable=SC2154,SC2086
|
||||
# shellcheck disable=SC2046,SC2154,SC2086
|
||||
docker pull "${container_image}" || \
|
||||
(docker ${BUILDX} build ${PLATFORM} \
|
||||
$(get_image_registry_build_arg) \
|
||||
--build-arg GO_VERSION="${GO_VERSION}" \
|
||||
--build-arg RUST_VERSION="${RUST_VERSION}" \
|
||||
-t "${container_image}" \
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
FROM ubuntu:22.04
|
||||
ARG IMAGE_REGISTRY=docker.io
|
||||
FROM ${IMAGE_REGISTRY}/ubuntu:22.04
|
||||
ARG GO_TOOLCHAIN
|
||||
ARG RUST_TOOLCHAIN
|
||||
|
||||
|
||||
@@ -20,9 +20,10 @@ container_image="${TOOLS_CONTAINER_BUILDER:-$(get_tools_image_name)}"
|
||||
# shellcheck disable=SC2154
|
||||
[[ "${CROSS_BUILD}" == "true" ]] && container_image="${container_image}-cross-build"
|
||||
|
||||
# shellcheck disable=SC2154,SC2086
|
||||
# shellcheck disable=SC2046,SC2154,SC2086
|
||||
docker pull "${container_image}" || \
|
||||
(docker ${BUILDX} build ${PLATFORM} \
|
||||
$(get_image_registry_build_arg) \
|
||||
--build-arg GO_TOOLCHAIN="$(get_from_kata_deps ".languages.golang.meta.newest-version")" \
|
||||
--build-arg RUST_TOOLCHAIN="$(get_from_kata_deps ".languages.rust.meta.newest-version")" \
|
||||
-t "${container_image}" "${script_dir}" && \
|
||||
|
||||
@@ -55,9 +55,10 @@ container_image="${VIRTIOFSD_CONTAINER_BUILDER:-$(get_virtiofsd_image_name)}"
|
||||
# shellcheck disable=SC2154
|
||||
[[ "${CROSS_BUILD}" == "true" ]] && container_image="${container_image}-cross-build"
|
||||
|
||||
# shellcheck disable=SC2154,SC2086
|
||||
# shellcheck disable=SC2046,SC2154,SC2086
|
||||
docker pull "${container_image}" || \
|
||||
(docker ${BUILDX} build ${PLATFORM} \
|
||||
$(get_image_registry_build_arg) \
|
||||
--build-arg RUST_TOOLCHAIN="${virtiofsd_toolchain}" \
|
||||
-t "${container_image}" "${script_dir}/${libc}" && \
|
||||
# No-op unless PUSH_TO_REGISTRY is exported as "yes"
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
FROM ubuntu:22.04
|
||||
ARG IMAGE_REGISTRY=docker.io
|
||||
FROM ${IMAGE_REGISTRY}/ubuntu:22.04
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
ARG RUST_TOOLCHAIN
|
||||
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
FROM alpine:3.23.0
|
||||
ARG IMAGE_REGISTRY=docker.io
|
||||
FROM ${IMAGE_REGISTRY}/alpine:3.23.0
|
||||
ARG RUST_TOOLCHAIN
|
||||
|
||||
ENV RUSTUP_HOME="/opt/rustup"
|
||||
|
||||
Reference in New Issue
Block a user