Skip to content

Commit

Permalink
✨ Remove skaffold (#396)
Browse files Browse the repository at this point in the history
* ✨ Remove skaffold

* ✨ Remove ingress nginx controller

* ✨ Add hadolint for dockerfile

* ✨ Add local build
  • Loading branch information
tosone authored Sep 17, 2024
1 parent 7b340bc commit c61178f
Show file tree
Hide file tree
Showing 10 changed files with 166 additions and 142 deletions.
8 changes: 8 additions & 0 deletions .hadolint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
ignored:
- DL3018
- DL4006
- DL3003
- SC2046
- DL3047
- DL3008
- SC2155
38 changes: 14 additions & 24 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ GOLDFLAGS += -X github.com/go-sigma/sigma/pkg/version.GitHash=$(shell git
GOFLAGS = -ldflags '-s -w $(GOLDFLAGS)' -trimpath

GOOS ?= linux
GOARCH ?= amd64
GOARCH ?= arm64
CC ?=
CXX ?=

Expand All @@ -42,53 +42,39 @@ all: build build-builder

## Build:
build: ## Build sigma and put the output binary in ./bin
@CGO_ENABLED=0 GO111MODULE=on CC="$(CC)" CXX="$(CXX)" $(GOCMD) build $(GOFLAGS) -tags "timetzdata,exclude_graphdriver_devicemapper,exclude_graphdriver_btrfs,containers_image_openpgp" -o bin/$(BINARY_NAME) -v .
@GOOS=$(GOOS) GOARCH=$(GOARCH) CGO_ENABLED=0 GO111MODULE=on CC="$(CC)" CXX="$(CXX)" $(GOCMD) build $(GOFLAGS) -tags "timetzdata,exclude_graphdriver_devicemapper,exclude_graphdriver_btrfs,containers_image_openpgp" -o bin/$(BINARY_NAME) -v .

build-builder: ## Build sigma-builder and put the output binary in ./bin
@CGO_ENABLED=0 GO111MODULE=on CC="$(CC)" CXX="$(CXX)" $(GOCMD) build $(GOFLAGS) -tags "timetzdata,exclude_graphdriver_devicemapper,exclude_graphdriver_btrfs,containers_image_openpgp" -o bin/$(BINARY_NAME)-builder -v ./cmd/builder
@GOOS=$(GOOS) GOARCH=$(GOARCH) CGO_ENABLED=0 GO111MODULE=on CC="$(CC)" CXX="$(CXX)" $(GOCMD) build $(GOFLAGS) -tags "timetzdata,exclude_graphdriver_devicemapper,exclude_graphdriver_btrfs,containers_image_openpgp" -o bin/$(BINARY_NAME)-builder -v ./cmd/builder

clean: ## Remove build related file
rm -fr ./bin
rm -f ./junit-report.xml checkstyle-report.xml ./coverage.xml ./profile.cov yamllint-checkstyle.xml
rm -fr ./bin/sigma ./bin/sigma-builder ./bin/*.tar.gz ./bin/*.tar

vendor: ## Copy of all packages needed to support builds and tests in the vendor directory
@$(GOCMD) mod tidy && $(GOCMD) mod vendor

## Lint:
lint: lint-go lint-dockerfile lint-yaml ## Run all available linters
lint: lint-go lint-dockerfile ## Run all available linters

.PHONY: lint-dockerfile
lint-dockerfile: ## Lint your Dockerfile
# If dockerfile is present we lint it.
ifeq ($(shell test -e ./Dockerfile && echo -n yes),yes)
$(eval CONFIG_OPTION = $(shell [ -e $(shell pwd)/.hadolint.yaml ] && echo "-v $(shell pwd)/.hadolint.yaml:/root/.config/hadolint.yaml" || echo "" ))
$(eval OUTPUT_OPTIONS = $(shell [ "${EXPORT_RESULT}" == "true" ] && echo "--format checkstyle" || echo "" ))
$(eval OUTPUT_FILE = $(shell [ "${EXPORT_RESULT}" == "true" ] && echo "| tee /dev/tty > checkstyle-report.xml" || echo "" ))
docker run --rm -i $(CONFIG_OPTION) hadolint/hadolint hadolint $(OUTPUT_OPTIONS) - < ./Dockerfile $(OUTPUT_FILE)
endif
@hadolint $(shell find build -name "*Dockerfile")

lint-go: ## Use golintci-lint on your project
@golangci-lint run --timeout=10m --build-tags "timetzdata,exclude_graphdriver_devicemapper,exclude_graphdriver_btrfs,containers_image_openpgp"

lint-yaml: ## Use yamllint on the yaml file of your projects
ifeq ($(EXPORT_RESULT), true)
GO111MODULE=off go get -u github.com/thomaspoignant/yamllint-checkstyle
$(eval OUTPUT_OPTIONS = | tee /dev/tty | yamllint-checkstyle > yamllint-checkstyle.xml)
endif
docker run --rm -it -v $(shell pwd):/data cytopia/yamllint -f parsable $(shell git ls-files '*.yml' '*.yaml') $(OUTPUT_OPTIONS)

## Docker:
docker-build: docker-build-builder-local dockerfile-local ## Use the dockerfile to build the sigma image
docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) --build-arg WITH_TRIVY_DB=$(WITH_TRIVY_DB) -f build/all.alpine.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=false,oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true .
@docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) --build-arg WITH_TRIVY_DB=$(WITH_TRIVY_DB) -f build/all.alpine.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=false,oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true .

docker-build-builder: ## Use the dockerfile to build the sigma-builder image
docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/builder.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=false,oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true .
@docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/builder.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=false,oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true .

docker-build-builder-local: ## Use the dockerfile to build the sigma-builder image and save to local tarball file
docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/builder.Dockerfile --platform linux/amd64,linux/arm64 --progress plain --output type=oci,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=false,oci-mediatypes=true,dest=./bin/builder.$(VERSION).tar .
@docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/builder.Dockerfile --platform linux/amd64,linux/arm64 --progress plain --output type=oci,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=false,oci-mediatypes=true,dest=./bin/builder.$(VERSION).tar .

dockerfile-local: ## Use skopeo to copy dockerfile to local tarball file
skopeo copy -a docker://docker/dockerfile:1.8.1 oci-archive:bin/dockerfile.1.8.1.tar
@skopeo copy -a docker://docker/dockerfile:1.8.1 oci-archive:bin/dockerfile.1.8.1.tar

.PHONY: docker-build-web
docker-build-web: ## Build the web image
Expand All @@ -98,6 +84,10 @@ docker-build-web: ## Build the web image
docker-build-trivy: ## Build the trivy image
@docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/trivy.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-trivy:latest,push=false,oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true .

.PHONY: docker-build-local
docker-build-local: build ## Build the local sigma image
@docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) --build-arg WITH_TRIVY_DB=$(WITH_TRIVY_DB) -f build/local.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=false,oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true .

## Misc:
migration-create: ## Create a new migration file
@migrate create -dir ./pkg/dal/migrations/mysql -seq -digits 4 -ext sql $(MIGRATION_NAME)
Expand Down
56 changes: 56 additions & 0 deletions build/local.Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
ARG ALPINE_VERSION=3.19
ARG GOLANG_VERSION=1.23.1-alpine3.19

FROM --platform=$BUILDPLATFORM golang:${GOLANG_VERSION} AS skopeo

ARG USE_MIRROR=false
ARG SKOPEO_VERSION=1.16.0
ARG TARGETOS TARGETARCH

RUN set -eux && \
if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \
apk add --no-cache make git && \
git clone --branch v"${SKOPEO_VERSION}" https://github.com/containers/skopeo /go/src/github.com/containers/skopeo && \
cd /go/src/github.com/containers/skopeo && \
DISABLE_CGO=1 make bin/skopeo."${TARGETOS}"."${TARGETARCH}" && \
cp bin/skopeo."${TARGETOS}"."${TARGETARCH}" /tmp/skopeo

FROM alpine:${ALPINE_VERSION}

ARG USE_MIRROR=false
ARG TRIVY_VERSION=0.55.1
ARG SYFT_VERSION=1.8.0
ARG TARGETOS TARGETARCH

RUN set -eux && \
if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \
apk add --no-cache wget curl file && \
case "${TARGETARCH}" in \
amd64) export TRIVYARCH='64bit' ;; \
arm64) export TRIVYARCH='ARM64' ;; \
esac; \
export TRIVYOS=$(echo "${TARGETOS}" | awk '{print toupper(substr($0, 1, 1)) substr($0, 2)}') && \
wget -q -O trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz https://github.com/aquasecurity/trivy/releases/download/v"${TRIVY_VERSION}"/trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \
tar -xzf trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \
mv trivy /usr/local/bin/trivy && \
rm trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \
wget -q -O syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz https://github.com/anchore/syft/releases/download/v"${SYFT_VERSION}"/syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \
tar -xzf syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \
mv syft /usr/local/bin/syft && \
rm syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz

RUN useradd -rm -d /home/sigma -s /bin/sh -u 1001 sigma

USER sigma

WORKDIR /home/sigma

COPY --from=skopeo /tmp/skopeo /usr/local/bin/skopeo
COPY ./bin/*.tar /baseimages/
COPY ./conf/config.yaml /etc/sigma/config.yaml
COPY ./bin/sigma /usr/local/bin/sigma

VOLUME /var/lib/sigma
VOLUME /etc/sigma

CMD ["sigma", "server"]
7 changes: 2 additions & 5 deletions deploy/sigma/Chart.lock
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,5 @@ dependencies:
- name: mysql
repository: https://charts.bitnami.com/bitnami
version: 11.1.16
- name: nginx-ingress-controller
repository: https://charts.bitnami.com/bitnami
version: 11.4.1
digest: sha256:3005974d69259acb9d9bf3b0a02e441839a75a3b2e7ef959aa821b8dccce4b41
generated: "2024-09-15T23:21:07.628195+08:00"
digest: sha256:c9150c78d68a1fe55f7f0ba70b03e6e949cdccb6b71dd0ea8fa835537fdab32f
generated: "2024-09-17T03:30:37.546585+08:00"
4 changes: 0 additions & 4 deletions deploy/sigma/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,3 @@ dependencies:
version: 11.1.16
repository: https://charts.bitnami.com/bitnami
condition: mysql.enabled
- name: nginx-ingress-controller
version: 11.4.1
repository: https://charts.bitnami.com/bitnami
condition: nginx-ingress-controller.enabled
42 changes: 21 additions & 21 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -9,21 +9,21 @@ require (
github.com/Masterminds/sprig/v3 v3.3.0
github.com/alicebob/miniredis/v2 v2.33.0
github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible
github.com/anchore/syft v1.11.0
github.com/aquasecurity/trivy v0.54.1
github.com/aws/aws-sdk-go-v2 v1.30.4
github.com/anchore/syft v1.12.2
github.com/aquasecurity/trivy v0.55.1
github.com/aws/aws-sdk-go-v2 v1.30.5
github.com/aws/aws-sdk-go-v2/config v1.27.28
github.com/aws/aws-sdk-go-v2/service/s3 v1.59.0
github.com/caarlos0/env/v9 v9.0.0
github.com/casbin/casbin/v2 v2.98.0
github.com/casbin/gorm-adapter/v3 v3.27.0
github.com/containers/podman/v5 v5.2.1
github.com/deckarep/golang-set/v2 v2.6.0
github.com/dgraph-io/badger/v4 v4.2.0
github.com/dgraph-io/badger/v4 v4.3.0
github.com/distribution/distribution/v3 v3.0.0-beta.1
github.com/distribution/reference v0.6.0
github.com/docker/cli v27.1.2+incompatible
github.com/docker/docker v27.2.0+incompatible
github.com/docker/docker v27.2.1+incompatible
github.com/dustin/go-humanize v1.0.1
github.com/fatih/color v1.17.0
github.com/glebarez/sqlite v1.11.0
Expand Down Expand Up @@ -67,7 +67,7 @@ require (
github.com/xanzy/go-gitlab v0.109.0
go.uber.org/mock v0.4.0
golang.org/x/crypto v0.27.0
golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa
golang.org/x/exp v0.0.0-20240909161429-701f63a606c0
golang.org/x/net v0.29.0
golang.org/x/oauth2 v0.23.0
gopkg.in/yaml.v3 v3.0.1
Expand Down Expand Up @@ -112,13 +112,13 @@ require (
github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302 // indirect
github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a // indirect
github.com/anchore/packageurl-go v0.1.1-0.20240507183024-848e011fc24f // indirect
github.com/anchore/stereoscope v0.0.3-0.20240725180315-50ce3be7aa1f // indirect
github.com/anchore/stereoscope v0.0.3 // indirect
github.com/andybalholm/brotli v1.0.6 // indirect
github.com/apparentlymart/go-cidr v1.1.0 // indirect
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
github.com/aquasecurity/go-version v0.0.0-20240603093900-cf8a8d29271d // indirect
github.com/aquasecurity/trivy-checks v0.13.0 // indirect
github.com/aquasecurity/trivy-db v0.0.0-20240718084044-d23a6ca8ba04 // indirect
github.com/aquasecurity/trivy-checks v0.13.1-0.20240830230553-53ddbbade784 // indirect
github.com/aquasecurity/trivy-db v0.0.0-20240910133327-7e0f4d2ed4c1 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/aws/aws-sdk-go v1.55.5 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.4 // indirect
Expand Down Expand Up @@ -150,7 +150,7 @@ require (
github.com/clbanning/mxj v1.8.4 // indirect
github.com/cloudflare/circl v1.3.8 // indirect
github.com/containerd/cgroups/v3 v3.0.3 // indirect
github.com/containerd/containerd v1.7.20 // indirect
github.com/containerd/containerd v1.7.21 // indirect
github.com/containerd/errdefs v0.1.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/platforms v0.2.1 // indirect
Expand All @@ -168,7 +168,7 @@ require (
github.com/cyphar/filepath-securejoin v0.3.1 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/davidmz/go-pageant v1.0.2 // indirect
github.com/dgraph-io/ristretto v0.1.1 // indirect
github.com/dgraph-io/ristretto v0.1.2-0.20240116140435-c67e07994f91 // indirect
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
Expand Down Expand Up @@ -223,7 +223,6 @@ require (
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect
github.com/golang-sql/sqlexp v0.1.0 // indirect
github.com/golang/glog v1.2.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/golang/snappy v0.0.4 // indirect
Expand Down Expand Up @@ -300,9 +299,9 @@ require (
github.com/magiconair/properties v1.8.7 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/manifoldco/promptui v0.9.0 // indirect
github.com/masahiro331/go-disk v0.0.0-20220919035250-c8da316f91ac // indirect
github.com/masahiro331/go-ext4-filesystem v0.0.0-20231208112839-4339555a0cd4 // indirect
github.com/masahiro331/go-xfs-filesystem v0.0.0-20230608043311-a335f4599b70 // indirect
github.com/masahiro331/go-disk v0.0.0-20240625071113-56c933208fee // indirect
github.com/masahiro331/go-ext4-filesystem v0.0.0-20240620024024-ca14e6327bbd // indirect
github.com/masahiro331/go-xfs-filesystem v0.0.0-20231205045356-1b22259a6c44 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.16 // indirect
Expand All @@ -322,7 +321,6 @@ require (
github.com/moby/spdystream v0.4.0 // indirect
github.com/moby/sys/mountinfo v0.7.2 // indirect
github.com/moby/sys/user v0.3.0 // indirect
github.com/moby/sys/userns v0.1.0 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
Expand All @@ -336,8 +334,8 @@ require (
github.com/nwaples/rardecode v1.1.3 // indirect
github.com/nxadm/tail v1.4.11 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/open-policy-agent/opa v0.67.0 // indirect
github.com/opencontainers/runc v1.1.13 // indirect
github.com/open-policy-agent/opa v0.67.1 // indirect
github.com/opencontainers/runc v1.1.14 // indirect
github.com/opencontainers/runtime-spec v1.2.0 // indirect
github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc // indirect
github.com/opencontainers/selinux v1.11.0 // indirect
Expand All @@ -354,7 +352,7 @@ require (
github.com/pkg/sftp v1.13.6 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/proglottis/gpgme v0.1.3 // indirect
github.com/prometheus/client_golang v1.19.1 // indirect
github.com/prometheus/client_golang v1.20.1 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
github.com/prometheus/common v0.55.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect
Expand All @@ -365,7 +363,7 @@ require (
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/samber/lo v1.46.0 // indirect
github.com/samber/lo v1.47.0 // indirect
github.com/sassoftware/relic v7.2.1+incompatible // indirect
github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e // indirect
github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
Expand Down Expand Up @@ -404,6 +402,8 @@ require (
github.com/valyala/fasttemplate v1.2.2 // indirect
github.com/vbatts/tar-split v0.11.5 // indirect
github.com/vbauerster/mpb/v8 v8.7.5 // indirect
github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 // indirect
github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 // indirect
github.com/x448/float16 v0.8.4 // indirect
Expand Down Expand Up @@ -436,7 +436,7 @@ require (
golang.org/x/term v0.24.0 // indirect
golang.org/x/text v0.18.0 // indirect
golang.org/x/time v0.6.0 // indirect
golang.org/x/tools v0.24.0 // indirect
golang.org/x/tools v0.25.0 // indirect
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
google.golang.org/api v0.190.0 // indirect
google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf // indirect
Expand Down
Loading

0 comments on commit c61178f

Please sign in to comment.