2022-08-12 15:55:47 +02:00
|
|
|
VERSION 0.6
|
|
|
|
|
|
2022-09-16 15:42:45 +00:00
|
|
|
IMPORT github.com/kairos-io/kairos
|
2022-08-12 15:55:47 +02:00
|
|
|
|
|
|
|
|
FROM alpine
|
2022-09-16 15:42:45 +00:00
|
|
|
ARG VARIANT=kairos # core, lite, framework
|
2023-01-26 21:21:15 +01:00
|
|
|
ARG FLAVOR=opensuse-leap
|
2022-08-12 15:55:47 +02:00
|
|
|
|
2022-08-18 10:37:07 +00:00
|
|
|
## Versioning
|
|
|
|
|
ARG K3S_VERSION
|
|
|
|
|
RUN apk add git
|
|
|
|
|
COPY . ./
|
2023-01-17 10:19:43 +01:00
|
|
|
RUN echo $(git describe --always --tags --dirty) > VERSION
|
2022-08-18 10:37:07 +00:00
|
|
|
ARG CORE_VERSION=$(cat CORE_VERSION || echo "latest")
|
|
|
|
|
ARG VERSION=$(cat VERSION)
|
|
|
|
|
RUN echo "version ${VERSION}"
|
2022-08-18 13:55:23 +00:00
|
|
|
ARG K3S_VERSION_TAG=$(echo $K3S_VERSION | sed s/+/-/)
|
|
|
|
|
ARG TAG=${VERSION}-k3s${K3S_VERSION_TAG}
|
2023-04-11 18:47:44 +02:00
|
|
|
ARG BASE_REPO=quay.io/kairos
|
|
|
|
|
ARG IMAGE=${BASE_REPO}/${VARIANT}-${FLAVOR}:$TAG
|
2022-09-16 15:42:45 +00:00
|
|
|
ARG BASE_IMAGE=quay.io/kairos/core-${FLAVOR}:${CORE_VERSION}
|
2022-08-18 10:37:07 +00:00
|
|
|
ARG ISO_NAME=${VARIANT}-${FLAVOR}-${VERSION}-k3s${K3S_VERSION}
|
2023-05-24 22:05:23 +02:00
|
|
|
# renovate: datasource=docker depName=quay.io/kairos/osbuilder-tools versioning=semver-coerced
|
2023-07-13 10:28:33 +02:00
|
|
|
ARG OSBUILDER_VERSION=v0.7.8
|
2023-06-08 13:40:47 +02:00
|
|
|
ARG OSBUILDER_IMAGE=quay.io/kairos/osbuilder-tools:$OSBUILDER_VERSION
|
2022-08-18 10:37:07 +00:00
|
|
|
|
|
|
|
|
## External deps pinned versions
|
2023-01-17 17:35:37 +01:00
|
|
|
ARG LUET_VERSION=0.33.0
|
2023-06-15 10:17:06 +02:00
|
|
|
# renovate: datasource=docker depName=golang
|
2023-03-31 14:31:54 +02:00
|
|
|
ARG GO_VERSION=1.20
|
2022-08-12 15:55:47 +02:00
|
|
|
|
2022-09-16 15:42:45 +00:00
|
|
|
ARG OS_ID=kairos
|
2022-08-18 10:37:07 +00:00
|
|
|
ARG CGO_ENABLED=0
|
|
|
|
|
|
2022-08-18 13:55:23 +00:00
|
|
|
RELEASEVERSION:
|
|
|
|
|
COMMAND
|
|
|
|
|
RUN echo "$IMAGE" > IMAGE
|
|
|
|
|
RUN echo "$VERSION" > VERSION
|
|
|
|
|
SAVE ARTIFACT VERSION AS LOCAL build/VERSION
|
|
|
|
|
SAVE ARTIFACT IMAGE AS LOCAL build/IMAGE
|
|
|
|
|
|
2023-04-18 11:53:36 +02:00
|
|
|
all-arm-generic:
|
|
|
|
|
BUILD --platform=linux/arm64 +docker
|
|
|
|
|
BUILD --platform=linux/arm64 +image-sbom
|
|
|
|
|
BUILD --platform=linux/arm64 +iso
|
|
|
|
|
DO +RELEASEVERSION
|
|
|
|
|
|
2022-08-12 15:55:47 +02:00
|
|
|
all:
|
2023-07-10 18:10:33 +02:00
|
|
|
ARG SECURITY_SCANS=true
|
2022-08-12 15:55:47 +02:00
|
|
|
BUILD +docker
|
2023-07-10 18:10:33 +02:00
|
|
|
IF [ "$SECURITY_SCANS" = "true" ]
|
|
|
|
|
BUILD +image-sbom
|
|
|
|
|
END
|
2022-08-12 15:55:47 +02:00
|
|
|
BUILD +iso
|
|
|
|
|
BUILD +netboot
|
|
|
|
|
BUILD +ipxe-iso
|
2022-08-18 13:55:23 +00:00
|
|
|
DO +RELEASEVERSION
|
2022-08-12 15:55:47 +02:00
|
|
|
|
2023-06-14 16:53:12 +02:00
|
|
|
ci:
|
|
|
|
|
BUILD +docker
|
|
|
|
|
BUILD +iso
|
|
|
|
|
|
2022-08-12 15:55:47 +02:00
|
|
|
all-arm:
|
2023-05-24 22:05:23 +02:00
|
|
|
ARG SECURITY_SCANS=true
|
2022-08-12 15:55:47 +02:00
|
|
|
BUILD --platform=linux/arm64 +docker
|
2023-05-24 22:05:23 +02:00
|
|
|
IF [ "$SECURITY_SCANS" = "true" ]
|
|
|
|
|
BUILD --platform=linux/arm64 +image-sbom
|
|
|
|
|
END
|
|
|
|
|
BUILD +arm-image --MODEL=rpi64
|
2022-08-18 13:55:23 +00:00
|
|
|
DO +RELEASEVERSION
|
2022-08-12 15:55:47 +02:00
|
|
|
|
|
|
|
|
go-deps:
|
|
|
|
|
ARG GO_VERSION
|
|
|
|
|
FROM golang:$GO_VERSION
|
|
|
|
|
WORKDIR /build
|
|
|
|
|
COPY go.mod go.sum ./
|
|
|
|
|
RUN go mod download
|
|
|
|
|
SAVE ARTIFACT go.mod AS LOCAL go.mod
|
|
|
|
|
SAVE ARTIFACT go.sum AS LOCAL go.sum
|
|
|
|
|
|
|
|
|
|
test:
|
|
|
|
|
FROM +go-deps
|
|
|
|
|
WORKDIR /build
|
2022-10-12 08:03:56 +00:00
|
|
|
COPY (kairos+luet/luet) /usr/bin/luet
|
2022-08-12 15:55:47 +02:00
|
|
|
COPY . .
|
2023-07-14 12:46:18 +02:00
|
|
|
RUN go run github.com/onsi/ginkgo/v2/ginkgo --fail-fast --covermode=atomic --coverprofile=coverage.out -p -r ./internal
|
2022-08-12 15:55:47 +02:00
|
|
|
SAVE ARTIFACT coverage.out AS LOCAL coverage.out
|
|
|
|
|
|
|
|
|
|
BUILD_GOLANG:
|
|
|
|
|
COMMAND
|
|
|
|
|
WORKDIR /build
|
|
|
|
|
COPY . ./
|
|
|
|
|
ARG CGO_ENABLED
|
2023-01-17 10:19:43 +01:00
|
|
|
ARG VERSION
|
2023-07-03 21:07:41 +02:00
|
|
|
ARG LDFLAGS="-s -w -X 'github.com/kairos-io/provider-kairos/v2/internal/cli.VERSION=$VERSION'"
|
2022-08-12 15:55:47 +02:00
|
|
|
ARG BIN
|
|
|
|
|
ARG SRC
|
|
|
|
|
ENV CGO_ENABLED=${CGO_ENABLED}
|
2023-01-17 10:19:43 +01:00
|
|
|
RUN echo $LDFLAGS
|
2023-06-15 10:17:06 +02:00
|
|
|
RUN go build -ldflags "${LDFLAGS}" -o ${BIN} ${SRC}
|
2022-08-12 15:55:47 +02:00
|
|
|
SAVE ARTIFACT ${BIN} ${BIN} AS LOCAL build/${BIN}
|
|
|
|
|
|
2022-09-16 15:42:45 +00:00
|
|
|
build-kairos-agent-provider:
|
2022-08-12 15:55:47 +02:00
|
|
|
FROM +go-deps
|
2022-09-16 15:42:45 +00:00
|
|
|
DO +BUILD_GOLANG --BIN=agent-provider-kairos --SRC=./ --CGO_ENABLED=$CGO_ENABLED
|
2022-08-12 15:55:47 +02:00
|
|
|
|
2023-04-21 11:04:15 +02:00
|
|
|
build-kairosctl:
|
|
|
|
|
FROM +go-deps
|
|
|
|
|
DO +BUILD_GOLANG --BIN=kairosctl --SRC=./cli/kairosctl --CGO_ENABLED=$CGO_ENABLED
|
|
|
|
|
|
2022-08-12 15:55:47 +02:00
|
|
|
build:
|
2022-09-16 15:42:45 +00:00
|
|
|
BUILD +build-kairos-agent-provider
|
2023-04-21 11:04:15 +02:00
|
|
|
BUILD +build-kairosctl
|
2022-08-12 15:55:47 +02:00
|
|
|
|
2023-04-05 13:43:13 +02:00
|
|
|
version:
|
|
|
|
|
FROM alpine
|
|
|
|
|
RUN apk add git
|
|
|
|
|
|
|
|
|
|
COPY . ./
|
|
|
|
|
|
|
|
|
|
RUN --no-cache echo $(git describe --always --tags --dirty) > VERSION
|
|
|
|
|
|
|
|
|
|
ARG VERSION=$(cat VERSION)
|
|
|
|
|
SAVE ARTIFACT VERSION VERSION
|
|
|
|
|
|
2022-08-12 15:55:47 +02:00
|
|
|
docker:
|
|
|
|
|
ARG FLAVOR
|
|
|
|
|
ARG VARIANT
|
|
|
|
|
FROM $BASE_IMAGE
|
|
|
|
|
|
2023-07-11 13:19:42 +02:00
|
|
|
DO +PROVIDER_INSTALL
|
|
|
|
|
|
|
|
|
|
ARG KAIROS_VERSION
|
|
|
|
|
IF [ "$KAIROS_VERSION" = "" ]
|
|
|
|
|
ARG OS_VERSION=${VERSION}
|
|
|
|
|
ELSE
|
|
|
|
|
ARG OS_VERSION=${KAIROS_VERSION}
|
|
|
|
|
END
|
|
|
|
|
|
|
|
|
|
ARG OS_ID
|
|
|
|
|
ARG OS_NAME=${OS_ID}-${FLAVOR}
|
|
|
|
|
ARG OS_REPO=quay.io/kairos/${VARIANT}-${FLAVOR}
|
|
|
|
|
ARG OS_LABEL=latest
|
|
|
|
|
|
2023-07-21 13:29:39 +02:00
|
|
|
DO kairos+OSRELEASE --BUG_REPORT_URL="https://github.com/kairos-io/kairos/issues/new/choose" --HOME_URL="https://github.com/kairos-io/provider-kairos" --OS_ID=${OS_ID} --OS_LABEL=${OS_LABEL} --OS_NAME=${OS_NAME} --OS_REPO=${OS_REPO} --OS_VERSION=${OS_VERSION}-k3s${K3S_VERSION} --GITHUB_REPO="kairos-io/provider-kairos" --VARIANT=${VARIANT} --FLAVOR=${FLAVOR}
|
2023-07-11 13:19:42 +02:00
|
|
|
|
|
|
|
|
SAVE IMAGE $IMAGE
|
|
|
|
|
|
|
|
|
|
# This install the requirements for the provider to be included.
|
|
|
|
|
# Made as a command so it can be reused from other targets without depending on this repo BASE_IMAGE
|
|
|
|
|
PROVIDER_INSTALL:
|
|
|
|
|
COMMAND
|
2022-08-12 15:55:47 +02:00
|
|
|
IF [ "$K3S_VERSION" = "latest" ]
|
|
|
|
|
ELSE
|
|
|
|
|
ENV INSTALL_K3S_VERSION=${K3S_VERSION}
|
|
|
|
|
END
|
2023-05-19 18:28:41 +03:00
|
|
|
|
2023-02-27 11:31:58 +01:00
|
|
|
IF [ "$FLAVOR" = "opensuse-leap" ] || [ "$FLAVOR" = "opensuse-leap-arm-rpi" ]
|
2023-03-31 14:31:54 +02:00
|
|
|
RUN zypper ref && zypper in -y nohang
|
2023-04-07 14:44:01 +02:00
|
|
|
ELSE IF [ "$FLAVOR" = "alpine-ubuntu" ] || [ "$FLAVOR" = "alpine-opensuse-leap" ] || [ "$FLAVOR" = "alpine-arm-rpi" ]
|
|
|
|
|
RUN apk add grep
|
2023-01-26 17:55:45 +01:00
|
|
|
ELSE IF [ "$FLAVOR" = "opensuse-tumbleweed" ] || [ "$FLAVOR" = "opensuse-tumbleweed-arm-rpi" ]
|
2023-03-31 14:31:54 +02:00
|
|
|
RUN zypper ref && zypper in -y nohang
|
2023-02-27 11:31:58 +01:00
|
|
|
ELSE IF [ "$FLAVOR" = "ubuntu" ] || [ "$FLAVOR" = "ubuntu-20-lts" ] || [ "$FLAVOR" = "ubuntu-22-lts" ] || [ "$FLAVOR" = "debian" ]
|
2023-01-26 17:55:45 +01:00
|
|
|
RUN apt-get update && apt-get install -y nohang
|
|
|
|
|
END
|
|
|
|
|
|
2022-08-12 15:55:47 +02:00
|
|
|
ENV INSTALL_K3S_BIN_DIR="/usr/bin"
|
|
|
|
|
RUN curl -sfL https://get.k3s.io > installer.sh \
|
2022-12-14 11:43:57 +01:00
|
|
|
&& INSTALL_K3S_SELINUX_WARN=true INSTALL_K3S_SKIP_START="true" INSTALL_K3S_SKIP_ENABLE="true" INSTALL_K3S_SKIP_SELINUX_RPM="true" bash installer.sh \
|
|
|
|
|
&& INSTALL_K3S_SELINUX_WARN=true INSTALL_K3S_SKIP_START="true" INSTALL_K3S_SKIP_ENABLE="true" INSTALL_K3S_SKIP_SELINUX_RPM="true" bash installer.sh agent \
|
2022-08-12 15:55:47 +02:00
|
|
|
&& rm -rf installer.sh
|
2023-07-11 13:19:42 +02:00
|
|
|
|
|
|
|
|
# If base image does not bundle a luet config use one
|
|
|
|
|
# TODO: Remove this, use luet config from base images so they are in sync
|
|
|
|
|
IF [ ! -e "/etc/luet/luet.yaml" ]
|
|
|
|
|
COPY repository.yaml /etc/luet/luet.yaml
|
|
|
|
|
END
|
|
|
|
|
|
2022-12-01 18:14:05 +01:00
|
|
|
RUN luet install -y utils/edgevpn utils/k9s utils/nerdctl container/kubectl utils/kube-vip && luet cleanup
|
2022-08-14 09:48:39 +00:00
|
|
|
# Drop env files from k3s as we will generate them
|
|
|
|
|
IF [ -e "/etc/rancher/k3s/k3s.env" ]
|
|
|
|
|
RUN rm -rf /etc/rancher/k3s/k3s.env /etc/rancher/k3s/k3s-agent.env && touch /etc/rancher/k3s/.keep
|
|
|
|
|
END
|
|
|
|
|
|
2022-09-16 15:42:45 +00:00
|
|
|
COPY +build-kairos-agent-provider/agent-provider-kairos /system/providers/agent-provider-kairos
|
|
|
|
|
RUN ln -s /system/providers/agent-provider-kairos /usr/bin/kairos
|
2022-08-12 15:55:47 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
docker-rootfs:
|
|
|
|
|
FROM +docker
|
|
|
|
|
SAVE ARTIFACT /. rootfs
|
|
|
|
|
|
2022-09-16 15:42:45 +00:00
|
|
|
kairos:
|
2022-09-19 09:59:28 +00:00
|
|
|
ARG KAIROS_VERSION=master
|
2022-08-13 08:59:01 +00:00
|
|
|
FROM alpine
|
|
|
|
|
RUN apk add git
|
2022-09-16 15:42:45 +00:00
|
|
|
WORKDIR /kairos
|
2022-09-19 09:59:28 +00:00
|
|
|
RUN git clone https://github.com/kairos-io/kairos /kairos && cd /kairos && git checkout "$KAIROS_VERSION"
|
2022-09-16 15:42:45 +00:00
|
|
|
SAVE ARTIFACT /kairos/
|
2022-08-13 08:59:01 +00:00
|
|
|
|
2022-08-12 15:55:47 +02:00
|
|
|
iso:
|
2022-09-23 08:46:07 +00:00
|
|
|
ARG OSBUILDER_IMAGE
|
|
|
|
|
ARG ISO_NAME=${OS_ID}
|
2022-08-12 15:55:47 +02:00
|
|
|
ARG IMG=docker:$IMAGE
|
|
|
|
|
ARG overlay=overlay/files-iso
|
2022-09-23 08:46:07 +00:00
|
|
|
FROM $OSBUILDER_IMAGE
|
2022-08-12 15:55:47 +02:00
|
|
|
RUN zypper in -y jq docker
|
|
|
|
|
WORKDIR /build
|
|
|
|
|
COPY . ./
|
2022-08-13 08:59:01 +00:00
|
|
|
RUN mkdir -p overlay/files-iso
|
2022-12-27 23:22:54 +01:00
|
|
|
COPY +kairos/kairos/overlay/files-iso/ ./$overlay/
|
|
|
|
|
COPY +docker-rootfs/rootfs /build/image
|
|
|
|
|
RUN /entrypoint.sh --name $ISO_NAME --debug build-iso --date=false dir:/build/image --overlay-iso /build/${overlay} --output /build
|
2022-08-12 15:55:47 +02:00
|
|
|
# See: https://github.com/rancher/elemental-cli/issues/228
|
|
|
|
|
RUN sha256sum $ISO_NAME.iso > $ISO_NAME.iso.sha256
|
2022-09-16 15:42:45 +00:00
|
|
|
SAVE ARTIFACT /build/$ISO_NAME.iso kairos.iso AS LOCAL build/$ISO_NAME.iso
|
|
|
|
|
SAVE ARTIFACT /build/$ISO_NAME.iso.sha256 kairos.iso.sha256 AS LOCAL build/$ISO_NAME.iso.sha256
|
2022-08-12 15:55:47 +02:00
|
|
|
|
|
|
|
|
netboot:
|
|
|
|
|
FROM opensuse/leap
|
|
|
|
|
ARG VERSION
|
2022-08-18 10:37:07 +00:00
|
|
|
ARG ISO_NAME
|
2022-08-12 15:55:47 +02:00
|
|
|
WORKDIR /build
|
2022-09-16 15:42:45 +00:00
|
|
|
COPY +iso/kairos.iso kairos.iso
|
2022-08-12 15:55:47 +02:00
|
|
|
COPY . .
|
|
|
|
|
RUN zypper in -y cdrtools
|
2022-08-13 08:59:01 +00:00
|
|
|
|
2022-09-16 15:42:45 +00:00
|
|
|
COPY +kairos/kairos/scripts/netboot.sh ./
|
|
|
|
|
RUN sh netboot.sh kairos.iso $ISO_NAME $VERSION
|
2022-08-13 08:59:01 +00:00
|
|
|
|
2022-08-12 15:55:47 +02:00
|
|
|
SAVE ARTIFACT /build/$ISO_NAME.squashfs squashfs AS LOCAL build/$ISO_NAME.squashfs
|
|
|
|
|
SAVE ARTIFACT /build/$ISO_NAME-kernel kernel AS LOCAL build/$ISO_NAME-kernel
|
|
|
|
|
SAVE ARTIFACT /build/$ISO_NAME-initrd initrd AS LOCAL build/$ISO_NAME-initrd
|
|
|
|
|
SAVE ARTIFACT /build/$ISO_NAME.ipxe ipxe AS LOCAL build/$ISO_NAME.ipxe
|
|
|
|
|
|
|
|
|
|
arm-image:
|
2022-10-22 19:09:41 +00:00
|
|
|
ARG OSBUILDER_IMAGE
|
2023-05-19 17:24:38 +02:00
|
|
|
ARG COMPRESS_IMG=true
|
2022-10-22 19:09:41 +00:00
|
|
|
FROM $OSBUILDER_IMAGE
|
2022-08-12 15:55:47 +02:00
|
|
|
ARG MODEL=rpi64
|
2022-08-18 13:55:23 +00:00
|
|
|
ARG IMAGE_NAME=${VARIANT}-${FLAVOR}-${VERSION}-k3s${K3S_VERSION}.img
|
2022-08-12 15:55:47 +02:00
|
|
|
WORKDIR /build
|
2023-05-19 11:23:47 +03:00
|
|
|
|
2022-08-12 15:55:47 +02:00
|
|
|
ENV SIZE="15200"
|
2023-07-10 18:10:33 +02:00
|
|
|
|
|
|
|
|
IF [[ "$FLAVOR" = "ubuntu-20-lts-arm-nvidia-jetson-agx-orin" ]]
|
|
|
|
|
ENV STATE_SIZE="14000"
|
|
|
|
|
ENV RECOVERY_SIZE="10000"
|
|
|
|
|
ENV DEFAULT_ACTIVE_SIZE="4500"
|
|
|
|
|
ELSE IF [[ "$FLAVOR" =~ ^ubuntu* ]]
|
2023-05-19 11:23:47 +03:00
|
|
|
ENV STATE_SIZE="6900"
|
|
|
|
|
ENV RECOVERY_SIZE="4600"
|
2023-05-19 17:24:38 +02:00
|
|
|
ENV DEFAULT_ACTIVE_SIZE="2700"
|
2023-05-19 11:23:47 +03:00
|
|
|
ELSE
|
|
|
|
|
ENV STATE_SIZE="6200"
|
|
|
|
|
ENV RECOVERY_SIZE="4200"
|
|
|
|
|
ENV DEFAULT_ACTIVE_SIZE="2000"
|
|
|
|
|
END
|
|
|
|
|
|
|
|
|
|
|
2022-08-12 15:55:47 +02:00
|
|
|
COPY --platform=linux/arm64 +docker-rootfs/rootfs /build/image
|
|
|
|
|
# With docker is required for loop devices
|
|
|
|
|
WITH DOCKER --allow-privileged
|
2023-05-24 22:05:23 +02:00
|
|
|
RUN /build-arm-image.sh --use-lvm --model $MODEL --directory "/build/image" /build/$IMAGE_NAME
|
2022-08-12 15:55:47 +02:00
|
|
|
END
|
2023-05-19 17:24:38 +02:00
|
|
|
IF [ "$COMPRESS_IMG" = "true" ]
|
|
|
|
|
RUN xz -v /build/$IMAGE_NAME
|
|
|
|
|
SAVE ARTIFACT /build/$IMAGE_NAME.xz img AS LOCAL build/$IMAGE_NAME.xz
|
|
|
|
|
ELSE
|
|
|
|
|
SAVE ARTIFACT /build/$IMAGE_NAME img AS LOCAL build/$IMAGE_NAME
|
|
|
|
|
END
|
2022-10-22 19:09:41 +00:00
|
|
|
SAVE ARTIFACT /build/$IMAGE_NAME.sha256 img-sha256 AS LOCAL build/$IMAGE_NAME.sha256
|
2022-08-12 15:55:47 +02:00
|
|
|
|
2023-03-02 13:50:32 +01:00
|
|
|
syft:
|
|
|
|
|
FROM anchore/syft:latest
|
|
|
|
|
SAVE ARTIFACT /syft syft
|
|
|
|
|
|
|
|
|
|
image-sbom:
|
|
|
|
|
FROM +docker
|
|
|
|
|
WORKDIR /build
|
2023-04-04 10:47:42 +02:00
|
|
|
ARG TAG
|
2023-03-02 13:50:32 +01:00
|
|
|
ARG FLAVOR
|
2023-03-02 17:16:36 +01:00
|
|
|
ARG VARIANT
|
2023-03-02 13:50:32 +01:00
|
|
|
COPY +syft/syft /usr/bin/syft
|
|
|
|
|
RUN syft / -o json=sbom.syft.json -o spdx-json=sbom.spdx.json
|
2023-04-04 10:47:42 +02:00
|
|
|
SAVE ARTIFACT /build/sbom.syft.json sbom.syft.json AS LOCAL build/${VARIANT}-${FLAVOR}-${TAG}-sbom.syft.json
|
|
|
|
|
SAVE ARTIFACT /build/sbom.spdx.json sbom.spdx.json AS LOCAL build/${VARIANT}-${FLAVOR}-${TAG}-sbom.spdx.json
|
2023-03-02 13:50:32 +01:00
|
|
|
|
2022-08-12 15:55:47 +02:00
|
|
|
ipxe-iso:
|
|
|
|
|
FROM ubuntu
|
|
|
|
|
ARG ipxe_script
|
|
|
|
|
RUN apt update
|
|
|
|
|
RUN apt install -y -o Acquire::Retries=50 \
|
|
|
|
|
mtools syslinux isolinux gcc-arm-none-eabi git make gcc liblzma-dev mkisofs xorriso
|
|
|
|
|
# jq docker
|
|
|
|
|
WORKDIR /build
|
|
|
|
|
ARG ISO_NAME=${OS_ID}
|
|
|
|
|
RUN git clone https://github.com/ipxe/ipxe
|
|
|
|
|
IF [ "$ipxe_script" = "" ]
|
|
|
|
|
COPY +netboot/ipxe /build/ipxe/script.ipxe
|
|
|
|
|
ELSE
|
|
|
|
|
COPY $ipxe_script /build/ipxe/script.ipxe
|
|
|
|
|
END
|
|
|
|
|
RUN cd ipxe/src && make EMBED=/build/ipxe/script.ipxe
|
|
|
|
|
SAVE ARTIFACT /build/ipxe/src/bin/ipxe.iso iso AS LOCAL build/${ISO_NAME}-ipxe.iso.ipxe
|
|
|
|
|
SAVE ARTIFACT /build/ipxe/src/bin/ipxe.usb usb AS LOCAL build/${ISO_NAME}-ipxe-usb.img.ipxe
|
|
|
|
|
|
|
|
|
|
## Security targets
|
|
|
|
|
trivy:
|
|
|
|
|
FROM aquasec/trivy
|
|
|
|
|
SAVE ARTIFACT /usr/local/bin/trivy /trivy
|
|
|
|
|
|
|
|
|
|
trivy-scan:
|
|
|
|
|
ARG SEVERITY=CRITICAL
|
|
|
|
|
FROM +docker
|
|
|
|
|
COPY +trivy/trivy /trivy
|
|
|
|
|
RUN /trivy filesystem --severity $SEVERITY --exit-code 1 --no-progress /
|
