From b275a504b4f27fd262d887f5c9eb678a38f7a900 Mon Sep 17 00:00:00 2001 From: sbaeDev Date: Fri, 29 Mar 2024 11:12:44 +0900 Subject: [PATCH] Before uploading to nas --- .../workflows/harbor-multi-arch-images.yaml | 311 ++++++++ .gitignore | 2 + Makefile | 18 + scripts/convert.sh | 33 + template/harbor/v2.7.4/Makefile | 668 ++++++++++++++++++ template/harbor/v2.7.4/make/photon/Makefile | 308 ++++++++ .../v2.7.4/make/photon/chartserver/Dockerfile | 24 + .../v2.7.4/make/photon/chartserver/builder | 34 + .../v2.7.4/make/photon/chartserver/compile.sh | 38 + .../harbor/v2.7.4/make/photon/core/Dockerfile | 23 + .../v2.7.4/make/photon/exporter/Dockerfile | 32 + .../v2.7.4/make/photon/jobservice/Dockerfile | 25 + .../harbor/v2.7.4/make/photon/log/Dockerfile | 24 + .../make/photon/notary-server/Dockerfile | 14 + .../make/photon/notary-signer/Dockerfile | 14 + .../make/photon/notary/binary.Dockerfile | 37 + .../harbor/v2.7.4/make/photon/notary/builder | 42 ++ .../v2.7.4/make/photon/portal/Dockerfile | 49 ++ .../v2.7.4/make/photon/registry/Dockerfile | 21 + .../make/photon/registry/Dockerfile.binary | 11 + .../v2.7.4/make/photon/registry/builder | 55 ++ .../v2.7.4/make/photon/registryctl/Dockerfile | 25 + .../photon/standalone-db-migrator/Dockerfile | 19 + .../make/photon/trivy-adapter/Dockerfile | 44 ++ .../photon/trivy-adapter/Dockerfile.binary | 10 + .../make/photon/trivy-adapter/builder.sh | 44 ++ version | 1 + 27 files changed, 1926 insertions(+) create mode 100644 .github/workflows/harbor-multi-arch-images.yaml create mode 100644 .gitignore create mode 100644 Makefile create mode 100644 scripts/convert.sh create mode 100644 template/harbor/v2.7.4/Makefile create mode 100644 template/harbor/v2.7.4/make/photon/Makefile create mode 100644 template/harbor/v2.7.4/make/photon/chartserver/Dockerfile create mode 100644 template/harbor/v2.7.4/make/photon/chartserver/builder create mode 100644 template/harbor/v2.7.4/make/photon/chartserver/compile.sh create mode 100644 template/harbor/v2.7.4/make/photon/core/Dockerfile create mode 100644 template/harbor/v2.7.4/make/photon/exporter/Dockerfile create mode 100644 template/harbor/v2.7.4/make/photon/jobservice/Dockerfile create mode 100644 template/harbor/v2.7.4/make/photon/log/Dockerfile create mode 100644 template/harbor/v2.7.4/make/photon/notary-server/Dockerfile create mode 100644 template/harbor/v2.7.4/make/photon/notary-signer/Dockerfile create mode 100644 template/harbor/v2.7.4/make/photon/notary/binary.Dockerfile create mode 100755 template/harbor/v2.7.4/make/photon/notary/builder create mode 100644 template/harbor/v2.7.4/make/photon/portal/Dockerfile create mode 100644 template/harbor/v2.7.4/make/photon/registry/Dockerfile create mode 100644 template/harbor/v2.7.4/make/photon/registry/Dockerfile.binary create mode 100755 template/harbor/v2.7.4/make/photon/registry/builder create mode 100644 template/harbor/v2.7.4/make/photon/registryctl/Dockerfile create mode 100644 template/harbor/v2.7.4/make/photon/standalone-db-migrator/Dockerfile create mode 100644 template/harbor/v2.7.4/make/photon/trivy-adapter/Dockerfile create mode 100644 template/harbor/v2.7.4/make/photon/trivy-adapter/Dockerfile.binary create mode 100755 template/harbor/v2.7.4/make/photon/trivy-adapter/builder.sh create mode 100644 version diff --git a/.github/workflows/harbor-multi-arch-images.yaml b/.github/workflows/harbor-multi-arch-images.yaml new file mode 100644 index 0000000..dad9962 --- /dev/null +++ b/.github/workflows/harbor-multi-arch-images.yaml @@ -0,0 +1,311 @@ +name: Docker publish + +on: + workflow_dispatch: + inputs: + version: + description: 'Version (optional)' + required: false + push: + branches: + - 'main' + +jobs: + docker-base-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + strategy: + fail-fast: false + matrix: + component: + - trivy-adapter + - core + - db + - exporter + - jobservice + - log + - nginx + - portal + - prepare + - redis + - registry + - registryctl + + defaults: + run: + working-directory: ./ + + steps: + - uses: actions/checkout@v4 + with: + submodules: true + + - uses: docker/setup-qemu-action@v3 + + - uses: docker/setup-buildx-action@v3 + with: + driver: docker-container + driver-opts: network=host + + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - run: make patch + + - id: prepare + run: echo "tag=$(cat ./version)" >> $GITHUB_ENV + + - name: Compare Versions + id: compare + run: | + version1="${{ env.tag }}" + version2="v2.9.0" + + compareVersions() { + local v1="$(awk '{ gsub(/^v/, ""); print }' <<< "$1")" + local v2="$(awk '{ gsub(/^v/, ""); print }' <<< "$2")" + awk -v n1="$v1" -v n2="$v2" 'BEGIN { if (n1 < n2) print "ver_check=true"; else print "ver_check=false" }' + } + + echo $(compareVersions "$version1" "$version2") >> $GITHUB_ENV + echo $(compareVersions "$version1" "$version2") + + - name: Check if component is db + if: ${{ (matrix.component == 'db') && (env.ver_check == 'true') }} + run: | + bash ./scripts/convert.sh ./harbor/make/photon/${{ matrix.component }}/Dockerfile.base + cat ./harbor/make/photon/${{ matrix.component }}/Dockerfile.base + + - name: Build base image + uses: docker/build-push-action@v5 + with: + context: ./harbor + file: ./harbor/make/photon/${{ matrix.component }}/Dockerfile.base + platforms: linux/amd64,linux/arm64 + labels: | + org.opencontainers.image.source=https://github.com/${{ github.repository }} + org.opencontainers.image.revision=${{ env.tag }} + push: ${{ github.event_name != 'pull_request' }} + tags: ghcr.io/${{ github.repository }}/harbor-${{ matrix.component }}-base:${{ env.tag }} + + docker-image: + needs: + - docker-base-image + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + strategy: + fail-fast: false + matrix: + component: + - prepare + - db + - portal + - core + - jobservice + - log + - nginx + - registryctl + - trivy_adapter + - redis + - standalone_db_migrator + - exporter + + defaults: + run: + working-directory: ./ + + steps: + - uses: actions/checkout@v4 + with: + submodules: true + + - uses: actions/setup-go@v5 + with: + go-version: '^1.20.x' + + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + with: + driver: docker-container + driver-opts: network=host + + - run: make patch + + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - id: prepare + run: echo "tag=$(cat ./version)" >> $GITHUB_ENV + + - name: Compare Versions + id: compare + run: | + version1="${{ env.tag }}" + version2="v2.9.0" + + compareVersions() { + local v1="$(awk '{ gsub(/^v/, ""); print }' <<< "$1")" + local v2="$(awk '{ gsub(/^v/, ""); print }' <<< "$2")" + awk -v n1="$v1" -v n2="$v2" 'BEGIN { if (n1 < n2) print "ver_check=true"; else print "ver_check=false" }' + } + + echo $(compareVersions "$version1" "$version2") >> $GITHUB_ENV + echo $(compareVersions "$version1" "$version2") + + - name: Check if component is db + if: ${{ (matrix.component == 'db') && (env.ver_check == 'true') }} + run: | + bash ./scripts/convert.sh ./harbor/make/photon/${{ matrix.component }}/Dockerfile.base + cat ./harbor/make/photon/${{ matrix.component }}/Dockerfile.base + + - name: Build & Publish images + env: + IMAGENAMESPACE: ghcr.io/${{ github.repository }} + BASEIMAGENAMESPACE: ghcr.io/${{ github.repository }} + IMAGELABELS: org.opencontainers.image.source=https://github.com/${{ github.repository }} + MULTIARCH: true + TRIVYFLAG: true + CHARTFLAG: true + NOTARYFLAG: true + run: | + cd ./harbor; + set -eux; + + CTX="BUILDBIN=true VERSIONTAG=${{ env.tag }} BASEIMAGETAG=${{ env.tag }} MULTIARCH=${MULTIARCH} " + CTX+="IMAGENAMESPACE=${IMAGENAMESPACE} BASEIMAGENAMESPACE=${BASEIMAGENAMESPACE} TRIVYFLAG=${TRIVYFLAG} " + CTX+="CHARTFLAG=${CHARTFLAG} NOTARYFLAG=${CHARTFLAG} IMAGELABELS=${IMAGELABELS}" + + make versions_prepare ${CTX}; + + case ${{ matrix.component }} in + core) make compile_core ${CTX} ;; + jobservice) make compile_jobservice ${CTX};; + registryctl) make compile_registryctl ${CTX};; + standalone_db_migrator) make compile_standalone_db_migrator ${CTX} ;; + esac; + + case ${{ matrix.component }} in + exporter) make build BUILDTARGET="_compile_and_build_exporter" ${CTX} ;; + registryctl) make build BUILDTARGET="_build_registry _build_registryctl" ${CTX} ;; + *) make build BUILDTARGET="_build_${{ matrix.component }}" ${CTX} ;; + esac; + + harbor-building: + needs: + - 'docker-image' + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + strategy: + fail-fast: false + + defaults: + run: + working-directory: ./ + + steps: + - uses: actions/checkout@v4 + with: + submodules: true + + - uses: actions/setup-go@v5 + with: + go-version: '^1.20.x' + + - uses: docker/setup-qemu-action@v3 + + - uses: docker/setup-buildx-action@v3 + with: + driver: docker-container + driver-opts: network=host + + - run: make patch + + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - id: prepare + run: echo "tag=$(cat ./version)" >> $GITHUB_ENV + + - name: Load remote Docker images + run: | + load_remote_image() { + image_name="$1" + docker pull --platform=linux/arm64 "ghcr.io/${{ github.repository }}/$image_name:${{ env.tag }}" + } + + images=( + "harbor-log" + "harbor-exporter" + "harbor-db" + "harbor-jobservice" + "harbor-registryctl" + "harbor-portal" + "harbor-core" + "nginx-photon" + "redis-photon" + "trivy-adapter-photon" + "registry-photon" + "prepare" + ) + + for image in "${images[@]}"; do + load_remote_image "$image" + done + + - name: Retag Docker images + run: | + retag_image() { + image_name="$1" + docker tag "ghcr.io/${{ github.repository }}/$image_name:${{ env.tag }} goharbor/$image_name:${{ env.tag }}" + } + + images=( + "harbor-log" + "harbor-exporter" + "harbor-db" + "harbor-jobservice" + "harbor-registryctl" + "harbor-portal" + "harbor-core" + "nginx-photon" + "redis-photon" + "trivy-adapter-photon" + "registry-photon" + "prepare" + ) + + for image in "${images[@]}"; do + retag_image "$image" + done + + - name: Docker packaging Offline installer + run: | + # Run the 'package_offline' command in ./harbor/Makefile + cd ./harbor + sed -i 's/package_offline: update_prepare_version compile build/package_offline: update_prepare_version/' Makefile + sed -i 's/TRIVYFLAG=false/TRIVYFLAG=true/' Makefile + sed -i 's/NOTARYFLAG=false/NOTARYFLAG=true/' Makefile + sed -i 's/CHARTFLAG=false/CHARTFLAG=true/' Makefile + sed -i '0,/VERSIONTAG=dev/s//VERSIONTAG=v2.7.4/' Makefile + + make package_offline + + - run: ls -al | grep harbor-offline-installer + - run: ls -al ./harbor | grep harbor-offline-installer diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e50ac48 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.history/ +.vscode/ \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..24a20dc --- /dev/null +++ b/Makefile @@ -0,0 +1,18 @@ +export VERSION = $(shell cat version) +# V1 := $(shell echo "$(VERSION)" | awk '{ gsub(/^v/, ""); print }') +# V2 := "2.7.0" +# V3 := "2.8.0" +# CHK_VERSION := $(shell awk -v n1="$(V1)" -v n2="$(V2)" -v n3="$(V3)" 'BEGIN { if (n1 >= n2 && n1 < n3) print "v"$(V2); else print "$(VERSION)" }') + +all: dep patch + +dep: + git submodule update --init --recursive + git submodule update --force --remote + git submodule foreach -q --recursive 'git reset --hard && git checkout ${VERSION}' + +patch: + bash -c "git clone --branch $(VERSION) https://github.com/goharbor/harbor.git" + bash -c "cp -r template/harbor/v2.7.4/Makefile harbor/Makefile" + bash -c "cp -r template/harbor/v2.7.4/make/photon/* harbor/make/photon/" +# cd harbor && sh -c "curl https://github.com/goharbor/harbor/compare/$(VERSION)...morlay:patch-$(CHK_VERSION).patch | git apply -v" diff --git a/scripts/convert.sh b/scripts/convert.sh new file mode 100644 index 0000000..d5ad09b --- /dev/null +++ b/scripts/convert.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +## ===== [ Sub Functions] ===== +function convert() { + local con_path="$1" + local temp_1="$(awk '/RUN tdnf/{exit} 1' "${con_path}")" + local temp_2="$(awk '/RUN tdnf/,0' "${con_path}")" + local result="" + + result+="${temp_1}"$'\n\n' + result+="RUN tdnf install -y shadow >> /dev/null \\"$'\n' + result+=" && groupadd -r postgres --gid=999 \\"$'\n' + result+=" && useradd -m -r -g postgres --uid=999 postgres"$'\n\n' + result+="$(sed -e "s/shadow //g" -e '/groupadd/d' -e '/useradd/d' -e '/ln -s/d' -e 's/share\/postgresql\.conf\.sample/share\/postgresql\/postgresql\.conf\.sample/g' <<< "${temp_2}")" + + + + echo "${result}" > "${con_path}" +} + +## Main +main() { + ## ===== [ includes ] ===== + + ## ===== [ Constants and Variables ] ===== + local path="$1" + + ## ===== [ run functions ] ===== + + convert "${path}" +} + +main "${@}" \ No newline at end of file diff --git a/template/harbor/v2.7.4/Makefile b/template/harbor/v2.7.4/Makefile new file mode 100644 index 0000000..3b77c75 --- /dev/null +++ b/template/harbor/v2.7.4/Makefile @@ -0,0 +1,668 @@ +# Makefile for Harbor project +# +# Targets: +# +# all: prepare env, compile binaries, build images and install images +# prepare: prepare env +# compile: compile core and jobservice code +# +# compile_golangimage: +# compile from golang image +# for example: make compile_golangimage -e GOBUILDIMAGE= \ +# golang:1.18.5 +# compile_core, compile_jobservice: compile specific binary +# +# build: build Harbor docker images from photon baseimage +# +# install: include compile binaries, build images, prepare specific \ +# version composefile and startup Harbor instance +# +# start: startup Harbor instance +# +# down: shutdown Harbor instance +# +# package_online: +# prepare online install package +# for example: make package_online -e DEVFLAG=false\ +# REGISTRYSERVER=reg-bj.goharbor.io \ +# REGISTRYPROJECTNAME=harborrelease +# +# package_offline: +# prepare offline install package +# +# pushimage: push Harbor images to specific registry server +# for example: make pushimage -e DEVFLAG=false REGISTRYUSER=admin \ +# REGISTRYPASSWORD=***** \ +# REGISTRYSERVER=reg-bj.goharbor.io/ \ +# REGISTRYPROJECTNAME=harborrelease +# note**: need add "/" on end of REGISTRYSERVER. If not setting \ +# this value will push images directly to dockerhub. +# make pushimage -e DEVFLAG=false REGISTRYUSER=goharbor \ +# REGISTRYPASSWORD=***** \ +# REGISTRYPROJECTNAME=goharbor +# +# clean: remove binary, Harbor images, specific version docker-compose \ +# file, specific version tag and online/offline install package +# cleanbinary: remove core and jobservice binary +# cleanbaseimage: +# remove the base images of Harbor images +# cleanimage: remove Harbor images +# cleandockercomposefile: +# remove specific version docker-compose +# cleanversiontag: +# cleanpackageremove specific version tag +# cleanpackage: remove online/offline install package +# +# other example: +# clean specific version binaries and images: +# make clean -e VERSIONTAG=[TAG] +# note**: If commit new code to github, the git commit TAG will \ +# change. Better use this command clean previous images and \ +# files with specific TAG. +# By default DEVFLAG=true, if you want to release new version of Harbor, \ +# should setting the flag to false. +# make XXXX -e DEVFLAG=false + +SHELL := /bin/bash +BUILDPATH=$(CURDIR) +MAKEPATH=$(BUILDPATH)/make +MAKE_PREPARE_PATH=$(MAKEPATH)/photon/prepare +SRCPATH=./src +TOOLSPATH=$(BUILDPATH)/tools +CORE_PATH=$(BUILDPATH)/src/core +PORTAL_PATH=$(BUILDPATH)/src/portal +CHECKENVCMD=checkenv.sh + +# parameters +REGISTRYSERVER= +REGISTRYPROJECTNAME=goharbor +DEVFLAG=true +NOTARYFLAG=false +TRIVYFLAG=false +HTTPPROXY= +BUILDBIN=true +NPM_REGISTRY=https://registry.npmjs.org +# enable/disable chart repo supporting +CHARTFLAG=false +BUILDTARGET=build +GEN_TLS= + +# version prepare +# for docker image tag +VERSIONTAG=dev +# for base docker image tag +BUILD_BASE=true +PUSHBASEIMAGE=false +BASEIMAGETAG=dev +BUILDBASETARGET=chartserver trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl exporter +IMAGENAMESPACE=goharbor +BASEIMAGENAMESPACE=goharbor +# #input true/false only +PULL_BASE_FROM_DOCKERHUB=true + +# for harbor package name +PKGVERSIONTAG=dev + +PREPARE_VERSION_NAME=versions + +#versions +REGISTRYVERSION=v2.8.0-patch-redis +NOTARYVERSION=v0.6.1 +NOTARYMIGRATEVERSION=v4.11.0 +TRIVYVERSION=v0.35.0 +TRIVYADAPTERVERSION=v0.30.5 + +# version of chartmuseum for pulling the source code +CHARTMUSEUM_SRC_TAG=v0.14.0 + +# version of chartmuseum +CHARTMUSEUMVERSION=$(CHARTMUSEUM_SRC_TAG)-redis + +# version of registry for pulling the source code +REGISTRY_SRC_TAG=v2.8.0 + +# dependency binaries +CHARTURL=https://storage.googleapis.com/harbor-builds/bin/chartmuseum/release-${CHARTMUSEUMVERSION}/chartm +NOTARYURL=https://storage.googleapis.com/harbor-builds/bin/notary/release-${NOTARYVERSION}/binary-bundle.tgz +REGISTRYURL=https://storage.googleapis.com/harbor-builds/bin/registry/release-${REGISTRYVERSION}/registry +TRIVY_DOWNLOAD_URL=https://github.com/aquasecurity/trivy/releases/download/$(TRIVYVERSION)/trivy_$(TRIVYVERSION:v%=%)_Linux-64bit.tar.gz +TRIVY_ADAPTER_DOWNLOAD_URL=https://github.com/aquasecurity/harbor-scanner-trivy/releases/download/$(TRIVYADAPTERVERSION)/harbor-scanner-trivy_$(TRIVYADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz + +define VERSIONS_FOR_PREPARE +VERSION_TAG: $(VERSIONTAG) +REGISTRY_VERSION: $(REGISTRYVERSION) +NOTARY_VERSION: $(NOTARYVERSION) +TRIVY_VERSION: $(TRIVYVERSION) +TRIVY_ADAPTER_VERSION: $(TRIVYADAPTERVERSION) +CHARTMUSEUM_VERSION: $(CHARTMUSEUMVERSION) +endef + +# docker parameters +DOCKERCMD=$(shell which docker) +DOCKERBUILD=$(DOCKERCMD) build +DOCKERRMIMAGE=$(DOCKERCMD) rmi +DOCKERPULL=$(DOCKERCMD) pull +DOCKERIMAGES=$(DOCKERCMD) images +DOCKERSAVE=$(DOCKERCMD) save +DOCKERCOMPOSECMD=$(shell which docker-compose) +DOCKERTAG=$(DOCKERCMD) tag + +# go parameters +GOCMD=$(shell which go) +GOBUILD=$(GOCMD) build +GOCLEAN=$(GOCMD) clean +GOINSTALL=$(GOCMD) install +GOTEST=$(GOCMD) test +GODEP=$(GOTEST) -i +GOFMT=gofmt -w +GOBUILDIMAGE=golang:1.19.4 +GOBUILDPATHINCONTAINER=/harbor +TARGETARCHS=amd64 arm64 + +MULTIARCH=false +# image labels could set by env var IMAGELABELS +IMAGELABELS?= + +ifeq ($(MULTIARCH),true) + # when MULTIARCH enabled, must BUILDBIN=true for build multi-arch binaries of deps + BUILDBIN=true + TARGETARCHS=amd64 arm64 + DOCKERBUILD=$(DOCKERCMD) buildx build --no-cache --pull --push $(foreach arch,${TARGETARCHS},--platform=linux/${arch}) $(foreach label,${IMAGELABELS},--label=${label}) +endif + +# go build +PKG_PATH=github.com/goharbor/harbor/src/pkg +GITCOMMIT := $(shell git rev-parse --short=8 HEAD) +RELEASEVERSION := $(shell cat VERSION) +GOFLAGS= +GOTAGS=$(if $(GOBUILDTAGS),-tags "$(GOBUILDTAGS)",) +GOLDFLAGS=$(if $(GOBUILDLDFLAGS),--ldflags "-w -s $(GOBUILDLDFLAGS)",) +CORE_LDFLAGS=-X $(PKG_PATH)/version.GitCommit=$(GITCOMMIT) -X $(PKG_PATH)/version.ReleaseVersion=$(RELEASEVERSION) +ifneq ($(GOBUILDLDFLAGS),) + CORE_LDFLAGS += $(GOBUILDLDFLAGS) +endif + +# go build command +GOIMAGEBUILDCMD=/usr/local/go/bin/go build -mod vendor -buildvcs=false +GOIMAGEBUILD_COMMON=$(GOIMAGEBUILDCMD) $(GOFLAGS) ${GOTAGS} ${GOLDFLAGS} +GOIMAGEBUILD_CORE=$(GOIMAGEBUILDCMD) $(GOFLAGS) ${GOTAGS} --ldflags "-w -s $(CORE_LDFLAGS)" + +GOBUILDPATH_CORE=$(GOBUILDPATHINCONTAINER)/src/core +GOBUILDPATH_JOBSERVICE=$(GOBUILDPATHINCONTAINER)/src/jobservice +GOBUILDPATH_REGISTRYCTL=$(GOBUILDPATHINCONTAINER)/src/registryctl +GOBUILDPATH_MIGRATEPATCH=$(GOBUILDPATHINCONTAINER)/src/cmd/migrate-patch +GOBUILDPATH_STANDALONE_DB_MIGRATOR=$(GOBUILDPATHINCONTAINER)/src/cmd/standalone-db-migrator +GOBUILDPATH_EXPORTER=$(GOBUILDPATHINCONTAINER)/src/cmd/exporter +GOBUILDMAKEPATH=make +GOBUILDMAKEPATH_CORE=$(GOBUILDMAKEPATH)/photon/core +GOBUILDMAKEPATH_JOBSERVICE=$(GOBUILDMAKEPATH)/photon/jobservice +GOBUILDMAKEPATH_REGISTRYCTL=$(GOBUILDMAKEPATH)/photon/registryctl +GOBUILDMAKEPATH_NOTARY=$(GOBUILDMAKEPATH)/photon/notary +GOBUILDMAKEPATH_STANDALONE_DB_MIGRATOR=$(GOBUILDMAKEPATH)/photon/standalone-db-migrator +GOBUILDMAKEPATH_EXPORTER=$(GOBUILDMAKEPATH)/photon/exporter + +# binary +CORE_BINARYPATH=$(BUILDPATH)/$(GOBUILDMAKEPATH_CORE) +CORE_BINARYNAME=harbor_core +JOBSERVICEBINARYPATH=$(BUILDPATH)/$(GOBUILDMAKEPATH_JOBSERVICE) +JOBSERVICEBINARYNAME=harbor_jobservice +REGISTRYCTLBINARYPATH=$(BUILDPATH)/$(GOBUILDMAKEPATH_REGISTRYCTL) +REGISTRYCTLBINARYNAME=harbor_registryctl +MIGRATEPATCHBINARYPATH=$(BUILDPATH)/$(GOBUILDMAKEPATH_NOTARY) +MIGRATEPATCHBINARYNAME=migrate-patch +STANDALONE_DB_MIGRATOR_BINARYPATH=$(BUILDPATH)/$(GOBUILDMAKEPATH_STANDALONE_DB_MIGRATOR) +STANDALONE_DB_MIGRATOR_BINARYNAME=migrate + +# configfile +CONFIGPATH=$(MAKEPATH) +INSIDE_CONFIGPATH=/compose_location +CONFIGFILE=harbor.yml + +# prepare parameters +PREPAREPATH=$(TOOLSPATH) +PREPARECMD=prepare +PREPARECMD_PARA=--conf $(INSIDE_CONFIGPATH)/$(CONFIGFILE) +ifeq ($(NOTARYFLAG), true) + PREPARECMD_PARA+= --with-notary +endif +ifeq ($(TRIVYFLAG), true) + PREPARECMD_PARA+= --with-trivy +endif +# append chartmuseum parameters if set +ifeq ($(CHARTFLAG), true) + PREPARECMD_PARA+= --with-chartmuseum +endif + +# makefile +MAKEFILEPATH_PHOTON=$(MAKEPATH)/photon + +# common dockerfile +DOCKERFILEPATH_COMMON=$(MAKEPATH)/common + +# docker image name +DOCKER_IMAGE_NAME_PREPARE=$(IMAGENAMESPACE)/prepare +DOCKERIMAGENAME_PORTAL=$(IMAGENAMESPACE)/harbor-portal +DOCKERIMAGENAME_CORE=$(IMAGENAMESPACE)/harbor-core +DOCKERIMAGENAME_JOBSERVICE=$(IMAGENAMESPACE)/harbor-jobservice +DOCKERIMAGENAME_LOG=$(IMAGENAMESPACE)/harbor-log +DOCKERIMAGENAME_DB=$(IMAGENAMESPACE)/harbor-db +DOCKERIMAGENAME_CHART_SERVER=$(IMAGENAMESPACE)/chartmuseum-photon +DOCKERIMAGENAME_REGCTL=$(IMAGENAMESPACE)/harbor-registryctl +DOCKERIMAGENAME_EXPORTER=$(IMAGENAMESPACE)/harbor-exporter + +# docker-compose files +DOCKERCOMPOSEFILEPATH=$(MAKEPATH) +DOCKERCOMPOSEFILENAME=docker-compose.yml + +SEDCMD=$(shell which sed) +SEDCMDI=$(SEDCMD) -i +ifeq ($(shell uname),Darwin) + SEDCMDI=$(SEDCMD) -i '' +endif + +# package +TARCMD=$(shell which tar) +ZIPCMD=$(shell which gzip) +DOCKERIMGFILE=harbor +HARBORPKG=harbor + +# pull/push image +PUSHSCRIPTPATH=$(MAKEPATH) +PUSHSCRIPTNAME=pushimage.sh +REGISTRYUSER= +REGISTRYPASSWORD= + +# cmds +DOCKERSAVE_PARA=$(DOCKER_IMAGE_NAME_PREPARE):$(VERSIONTAG) \ + $(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) \ + $(DOCKERIMAGENAME_CORE):$(VERSIONTAG) \ + $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \ + $(DOCKERIMAGENAME_DB):$(VERSIONTAG) \ + $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \ + $(DOCKERIMAGENAME_REGCTL):$(VERSIONTAG) \ + $(DOCKERIMAGENAME_EXPORTER):$(VERSIONTAG) \ + $(IMAGENAMESPACE)/redis-photon:$(VERSIONTAG) \ + $(IMAGENAMESPACE)/nginx-photon:$(VERSIONTAG) \ + $(IMAGENAMESPACE)/registry-photon:$(VERSIONTAG) + +PACKAGE_OFFLINE_PARA=-zcvf harbor-offline-installer-$(PKGVERSIONTAG).tgz \ + $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \ + $(HARBORPKG)/prepare \ + $(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \ + $(HARBORPKG)/common.sh \ + $(HARBORPKG)/harbor.yml.tmpl + +PACKAGE_ONLINE_PARA=-zcvf harbor-online-installer-$(PKGVERSIONTAG).tgz \ + $(HARBORPKG)/prepare \ + $(HARBORPKG)/LICENSE \ + $(HARBORPKG)/install.sh \ + $(HARBORPKG)/common.sh \ + $(HARBORPKG)/harbor.yml.tmpl + +DOCKERCOMPOSE_FILE_OPT=-f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) + +ifeq ($(NOTARYFLAG), true) + DOCKERSAVE_PARA+= $(IMAGENAMESPACE)/notary-server-photon:$(VERSIONTAG) $(IMAGENAMESPACE)/notary-signer-photon:$(VERSIONTAG) +endif +ifeq ($(TRIVYFLAG), true) + DOCKERSAVE_PARA+= $(IMAGENAMESPACE)/trivy-adapter-photon:$(VERSIONTAG) +endif +# append chartmuseum parameters if set +ifeq ($(CHARTFLAG), true) + DOCKERSAVE_PARA+= $(DOCKERIMAGENAME_CHART_SERVER):$(VERSIONTAG) +endif + + +RUNCONTAINER=$(DOCKERCMD) run --rm -u $(shell id -u):$(shell id -g) -v $(BUILDPATH):$(BUILDPATH) -w $(BUILDPATH) + +# $1 the name of the docker image +# $2 the tag of the docker image +# $3 the command to build the docker image +define prepare_docker_image + @if [ "$(shell ${DOCKERIMAGES} -q $(1):$(2) 2> /dev/null)" == "" ]; then \ + $(3) && echo "build $(1):$(2) successfully" || (echo "build $(1):$(2) failed" && exit 1) ; \ + fi +endef + +# lint swagger doc +SPECTRAL_IMAGENAME=$(IMAGENAMESPACE)/spectral +SPECTRAL_VERSION=v6.1.0 +SPECTRAL_IMAGE_BUILD_CMD=${DOCKERBUILD} -f ${TOOLSPATH}/spectral/Dockerfile --build-arg GOLANG=${GOBUILDIMAGE} --build-arg SPECTRAL_VERSION=${SPECTRAL_VERSION} -t ${SPECTRAL_IMAGENAME}:$(SPECTRAL_VERSION) . +SPECTRAL=$(RUNCONTAINER) $(SPECTRAL_IMAGENAME):$(SPECTRAL_VERSION) + +lint_apis: + $(call prepare_docker_image,${SPECTRAL_IMAGENAME},${SPECTRAL_VERSION},${SPECTRAL_IMAGE_BUILD_CMD}) + $(SPECTRAL) lint ./api/v2.0/swagger.yaml + +SWAGGER_IMAGENAME=$(IMAGENAMESPACE)/swagger +SWAGGER_VERSION=v0.25.0 +SWAGGER=$(RUNCONTAINER) ${SWAGGER_IMAGENAME}:${SWAGGER_VERSION} +SWAGGER_GENERATE_SERVER=${SWAGGER} generate server --template-dir=$(TOOLSPATH)/swagger/templates --exclude-main --additional-initialism=CVE --additional-initialism=GC --additional-initialism=OIDC +SWAGGER_IMAGE_BUILD_CMD=${DOCKERBUILD} -f ${TOOLSPATH}/swagger/Dockerfile --build-arg GOLANG=${GOBUILDIMAGE} --build-arg SWAGGER_VERSION=${SWAGGER_VERSION} -t ${SWAGGER_IMAGENAME}:$(SWAGGER_VERSION) . + +# $1 the path of swagger spec +# $2 the path of base directory for generating the files +# $3 the name of the application +define swagger_generate_server + @echo "generate all the files for API from $(1)" + @rm -rf $(2)/{models,restapi} + @mkdir -p $(2) + @$(SWAGGER_GENERATE_SERVER) -f $(1) -A $(3) --target $(2) +endef + +gen_apis: lint_apis + $(call prepare_docker_image,${SWAGGER_IMAGENAME},${SWAGGER_VERSION},${SWAGGER_IMAGE_BUILD_CMD}) + $(call swagger_generate_server,api/v2.0/swagger.yaml,src/server/v2.0,harbor) + + +MOCKERY_IMAGENAME=$(IMAGENAMESPACE)/mockery +MOCKERY_VERSION=v2.14.0 +MOCKERY=$(RUNCONTAINER) ${MOCKERY_IMAGENAME}:${MOCKERY_VERSION} +MOCKERY_IMAGE_BUILD_CMD=${DOCKERBUILD} -f ${TOOLSPATH}/mockery/Dockerfile --build-arg GOLANG=${GOBUILDIMAGE} --build-arg MOCKERY_VERSION=${MOCKERY_VERSION} -t ${MOCKERY_IMAGENAME}:$(MOCKERY_VERSION) . + +gen_mocks: + $(call prepare_docker_image,${MOCKERY_IMAGENAME},${MOCKERY_VERSION},${MOCKERY_IMAGE_BUILD_CMD}) + ${MOCKERY} go generate ./... + +mocks_check: gen_mocks + @echo checking mocks... + @res=$$(git status -s src/ | awk '{ printf("%s\n", $$2) }' | egrep .*.go); \ + if [ -n "$${res}" ]; then \ + echo mocks of the interface are out of date... ; \ + echo "$${res}"; \ + exit 1; \ + fi + +export VERSIONS_FOR_PREPARE +versions_prepare: + @echo "$$VERSIONS_FOR_PREPARE" > $(MAKE_PREPARE_PATH)/$(PREPARE_VERSION_NAME) + +check_environment: + @$(MAKEPATH)/$(CHECKENVCMD) + +compile_core: gen_apis + @echo "compiling binary for core (golang image)..." + @echo $(GOBUILDPATHINCONTAINER) + @$(DOCKERCMD) run --rm -v $(BUILDPATH):$(GOBUILDPATHINCONTAINER) -w $(GOBUILDPATH_CORE) $(GOBUILDIMAGE) sh -c 'set -eux; $(foreach targetarch,$(TARGETARCHS), GOARCH=$(targetarch) $(GOIMAGEBUILD_CORE) -o $(GOBUILDPATHINCONTAINER)/$(GOBUILDMAKEPATH_CORE)/binary/$(CORE_BINARYNAME)-linux-$(targetarch);)' + @echo "Done." + +compile_jobservice: + @echo "compiling binary for jobservice (golang image)..." + @$(DOCKERCMD) run --rm -v $(BUILDPATH):$(GOBUILDPATHINCONTAINER) -w $(GOBUILDPATH_JOBSERVICE) $(GOBUILDIMAGE) sh -c 'set -eux; $(foreach targetarch,$(TARGETARCHS), GOARCH=$(targetarch) $(GOIMAGEBUILD_COMMON) -o $(GOBUILDPATHINCONTAINER)/$(GOBUILDMAKEPATH_JOBSERVICE)/binary/$(JOBSERVICEBINARYNAME)-linux-$(targetarch);)' + @echo "Done." + +compile_registryctl: + @echo "compiling binary for harbor registry controller (golang image)..." + @$(DOCKERCMD) run --rm -v $(BUILDPATH):$(GOBUILDPATHINCONTAINER) -w $(GOBUILDPATH_REGISTRYCTL) $(GOBUILDIMAGE) sh -c 'set -eux; $(foreach targetarch,$(TARGETARCHS), GOARCH=$(targetarch) $(GOIMAGEBUILD_COMMON) -o $(GOBUILDPATHINCONTAINER)/$(GOBUILDMAKEPATH_REGISTRYCTL)/binary/$(REGISTRYCTLBINARYNAME)-linux-$(targetarch);)' + @echo "Done." + +compile_notary_migrate_patch: + @echo "compiling binary for migrate patch (golang image)..." + @$(DOCKERCMD) run --rm -v $(BUILDPATH):$(GOBUILDPATHINCONTAINER) -w $(GOBUILDPATH_MIGRATEPATCH) $(GOBUILDIMAGE) sh -c 'set -eux; $(foreach targetarch,$(TARGETARCHS), GOARCH=$(targetarch) $(GOIMAGEBUILD_COMMON) -o $(GOBUILDPATHINCONTAINER)/$(GOBUILDMAKEPATH_NOTARY)/binary/$(MIGRATEPATCHBINARYNAME)-linux-$(targetarch);)' + @echo "Done." + +compile_standalone_db_migrator: + @echo "compiling binary for standalone db migrator (golang image)..." + @$(DOCKERCMD) run --rm -v $(BUILDPATH):$(GOBUILDPATHINCONTAINER) -w $(GOBUILDPATH_STANDALONE_DB_MIGRATOR) $(GOBUILDIMAGE) sh -c 'set -eux; $(foreach targetarch,$(TARGETARCHS),GOARCH=$(targetarch) $(GOIMAGEBUILD_COMMON) -o $(GOBUILDPATHINCONTAINER)/$(GOBUILDMAKEPATH_STANDALONE_DB_MIGRATOR)/binary/$(STANDALONE_DB_MIGRATOR_BINARYNAME)-linux-$(targetarch);)' + @echo "Done." + +compile: check_environment versions_prepare compile_core compile_jobservice compile_registryctl compile_notary_migrate_patch + +update_prepare_version: + @echo "substitute the prepare version tag in prepare file..." + @$(SEDCMDI) -e 's/$(IMAGENAMESPACE)\/prepare:.*[[:space:]]\+/$(REGISTRYPROJECTNAME)\/prepare:$(VERSIONTAG) prepare /' $(MAKEPATH)/prepare ; + +gen_tls: + @$(DOCKERCMD) run --rm -v /:/hostfs:z $(IMAGENAMESPACE)/prepare:$(VERSIONTAG) gencert -p /etc/harbor/tls/internal + +prepare: update_prepare_version + @echo "preparing..." + @if [ -n "$(GEN_TLS)" ] ; then \ + $(DOCKERCMD) run --rm -v /:/hostfs:z $(IMAGENAMESPACE)/prepare:$(VERSIONTAG) gencert -p /etc/harbor/tls/internal; \ + fi + @$(MAKEPATH)/$(PREPARECMD) $(PREPARECMD_PARA) + +build: +# PUSHBASEIMAGE should not be true if BUILD_BASE is not true + @if [ "$(PULL_BASE_FROM_DOCKERHUB)" != "true" ] && [ "$(PULL_BASE_FROM_DOCKERHUB)" != "false" ] ; then \ + echo set PULL_BASE_FROM_DOCKERHUB to true or false.; exit 1; \ + fi + @if [ "$(BUILD_BASE)" != "true" ] && [ "$(PUSHBASEIMAGE)" = "true" ] ; then \ + echo Do not push base images since no base images built. ; \ + exit 1; \ + fi +# PULL_BASE_FROM_DOCKERHUB should be true if BUILD_BASE is not true + @if [ "$(BUILD_BASE)" != "true" ] && [ "$(PULL_BASE_FROM_DOCKERHUB)" = "false" ] ; then \ + echo Should pull base images from registry in docker configuration since no base images built. ; \ + exit 1; \ + fi + make -f $(MAKEFILEPATH_PHOTON)/Makefile $(BUILDTARGET) -e DEVFLAG=$(DEVFLAG) -e GOBUILDIMAGE=$(GOBUILDIMAGE) \ + -e TARGETARCHS="$(TARGETARCHS)" -e DOCKERBUILD="$(DOCKERBUILD)" \ + -e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG) \ + -e NOTARYVERSION=$(NOTARYVERSION) -e NOTARYMIGRATEVERSION=$(NOTARYMIGRATEVERSION) \ + -e TRIVYVERSION=$(TRIVYVERSION) -e TRIVYADAPTERVERSION=$(TRIVYADAPTERVERSION) \ + -e VERSIONTAG=$(VERSIONTAG) \ + -e BUILDBIN=$(BUILDBIN) \ + -e CHARTMUSEUMVERSION=$(CHARTMUSEUMVERSION) -e CHARTMUSEUM_SRC_TAG=$(CHARTMUSEUM_SRC_TAG) -e DOCKERIMAGENAME_CHART_SERVER=$(DOCKERIMAGENAME_CHART_SERVER) \ + -e NPM_REGISTRY=$(NPM_REGISTRY) -e BASEIMAGETAG=$(BASEIMAGETAG) -e IMAGENAMESPACE=$(IMAGENAMESPACE) -e BASEIMAGENAMESPACE=$(BASEIMAGENAMESPACE) \ + -e CHARTURL=$(CHARTURL) -e NOTARYURL=$(NOTARYURL) -e REGISTRYURL=$(REGISTRYURL) \ + -e TRIVY_DOWNLOAD_URL=$(TRIVY_DOWNLOAD_URL) -e TRIVY_ADAPTER_DOWNLOAD_URL=$(TRIVY_ADAPTER_DOWNLOAD_URL) \ + -e PULL_BASE_FROM_DOCKERHUB=$(PULL_BASE_FROM_DOCKERHUB) -e BUILD_BASE=$(BUILD_BASE) \ + -e REGISTRYUSER=$(REGISTRYUSER) -e REGISTRYPASSWORD=$(REGISTRYPASSWORD) \ + -e PUSHBASEIMAGE=$(PUSHBASEIMAGE) + +build_standalone_db_migrator: compile_standalone_db_migrator + make -f $(MAKEFILEPATH_PHOTON)/Makefile _build_standalone_db_migrator -e BASEIMAGETAG=$(BASEIMAGETAG) -e VERSIONTAG=$(VERSIONTAG) + +build_base_docker: + if [ -n "$(REGISTRYUSER)" ] && [ -n "$(REGISTRYPASSWORD)" ] ; then \ + docker login -u $(REGISTRYUSER) -p $(REGISTRYPASSWORD) ; \ + else \ + echo "No docker credentials provided, please make sure enough privileges to access docker hub!" ; \ + fi + @for name in $(BUILDBASETARGET); do \ + echo $$name ; \ + sleep 30 ; \ + $(DOCKERBUILD) --pull --no-cache -f $(MAKEFILEPATH_PHOTON)/$$name/Dockerfile.base -t $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) --label base-build-date=$(date +"%Y%m%d") . ; \ + if [ "$(PUSHBASEIMAGE)" != "false" ] ; then \ + $(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) $(REGISTRYUSER) $(REGISTRYPASSWORD) || exit 1; \ + fi ; \ + done + +pull_base_docker: + @for name in $(BUILDBASETARGET); do \ + echo $$name ; \ + $(DOCKERPULL) $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) ; \ + done + +install: compile build prepare start + +package_online: update_prepare_version + @echo "packing online package ..." + @cp -r make $(HARBORPKG) + @if [ -n "$(REGISTRYSERVER)" ] ; then \ + $(SEDCMDI) -e 's/image\: $(IMAGENAMESPACE)/image\: $(REGISTRYSERVER)\/$(REGISTRYPROJECTNAME)/' \ + $(HARBORPKG)/docker-compose.yml ; \ + fi + @cp LICENSE $(HARBORPKG)/LICENSE + + @$(TARCMD) $(PACKAGE_ONLINE_PARA) + @rm -rf $(HARBORPKG) + @echo "Done." + +package_offline: update_prepare_version compile build + + @echo "packing offline package ..." + @cp -r make $(HARBORPKG) + @cp LICENSE $(HARBORPKG)/LICENSE + + @echo "saving harbor docker image" + @$(DOCKERSAVE) $(DOCKERSAVE_PARA) > $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar + @gzip $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar + + @$(TARCMD) $(PACKAGE_OFFLINE_PARA) + @rm -rf $(HARBORPKG) + @echo "Done." + +gosec: + #go get github.com/securego/gosec/cmd/gosec + #go get github.com/dghubble/sling + @echo "run secure go scan ..." + @if [ "$(GOSECRESULTS)" != "" ] ; then \ + $(GOPATH)/bin/gosec -fmt=json -out=$(GOSECRESULTS) -quiet ./... | true ; \ + else \ + $(GOPATH)/bin/gosec -fmt=json -out=harbor_gas_output.json -quiet ./... | true ; \ + fi + +go_check: gen_apis mocks_check misspell commentfmt lint + +commentfmt: + @echo checking comment format... + @res=$$(find . -type d \( -path ./src/vendor -o -path ./tests \) -prune -o -name '*.go' -print | xargs egrep '(^|\s)\/\/(\S)'|grep -v '//go:generate'); \ + if [ -n "$${res}" ]; then \ + echo checking comment format fail.. ; \ + echo missing whitespace between // and comment body;\ + echo "$${res}"; \ + exit 1; \ + fi + +misspell: + @echo checking misspell... + @find . -type d \( -path ./src/vendor -o -path ./tests \) -prune -o -name '*.go' -print | xargs misspell -error + +# golangci-lint binary installation or refer to https://golangci-lint.run/usage/install/#local-installation +# curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.45.2 +GOLANGCI_LINT := $(shell go env GOPATH)/bin/golangci-lint +lint: + @echo checking lint + @echo $(GOLANGCI_LINT) + @cd ./src/; $(GOLANGCI_LINT) -v run ./... --timeout=10m; + +# go install golang.org/x/vuln/cmd/govulncheck@latest +GOVULNCHECK := $(shell go env GOPATH)/bin/govulncheck +govulncheck: + @echo golang vulnerability check + @cd ./src/; $(GOVULNCHECK) ./...; + + +pushimage: + @echo "pushing harbor images ..." + @$(DOCKERTAG) $(DOCKER_IMAGE_NAME_PREPARE):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKER_IMAGE_NAME_PREPARE):$(VERSIONTAG) + @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKER_IMAGE_NAME_PREPARE):$(VERSIONTAG) \ + $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER) + @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKER_IMAGE_NAME_PREPARE):$(VERSIONTAG) + + @$(DOCKERTAG) $(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) + @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) \ + $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER) + @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) + + @$(DOCKERTAG) $(DOCKERIMAGENAME_CORE):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_CORE):$(VERSIONTAG) + @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKERIMAGENAME_CORE):$(VERSIONTAG) \ + $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER) + @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKERIMAGENAME_CORE):$(VERSIONTAG) + + @$(DOCKERTAG) $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) + @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \ + $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER) + @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) + + @$(DOCKERTAG) $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_LOG):$(VERSIONTAG) + @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \ + $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER) + @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKERIMAGENAME_LOG):$(VERSIONTAG) + + @$(DOCKERTAG) $(DOCKERIMAGENAME_DB):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_DB):$(VERSIONTAG) + @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKERIMAGENAME_DB):$(VERSIONTAG) \ + $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER) + @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKERIMAGENAME_DB):$(VERSIONTAG) + +start: + @echo "loading harbor images..." + @$(DOCKERCOMPOSECMD) $(DOCKERCOMPOSE_FILE_OPT) up -d + @echo "Start complete. You can visit harbor now." + +down: + @while [ -z "$$CONTINUE" ]; do \ + read -r -p "Type anything but Y or y to exit. [Y/N]: " CONTINUE; \ + done ; \ + [ $$CONTINUE = "y" ] || [ $$CONTINUE = "Y" ] || (echo "Exiting."; exit 1;) + @echo "stoping harbor instance..." + @$(DOCKERCOMPOSECMD) $(DOCKERCOMPOSE_FILE_OPT) down -v + @echo "Done." + +restart: down prepare start + +swagger_client: + @echo "Generate swagger client" + wget https://repo1.maven.org/maven2/org/openapitools/openapi-generator-cli/4.3.1/openapi-generator-cli-4.3.1.jar -O openapi-generator-cli.jar + rm -rf harborclient + mkdir -p harborclient/harbor_client + mkdir -p harborclient/harbor_swagger_client + mkdir -p harborclient/harbor_v2_swagger_client + java -jar openapi-generator-cli.jar generate -i api/swagger.yaml -g python -o harborclient/harbor_client --package-name client + java -jar openapi-generator-cli.jar generate -i api/v2.0/legacy_swagger.yaml -g python -o harborclient/harbor_swagger_client --package-name swagger_client + java -jar openapi-generator-cli.jar generate -i api/v2.0/swagger.yaml -g python -o harborclient/harbor_v2_swagger_client --package-name v2_swagger_client + cd harborclient/harbor_client; python ./setup.py install + cd harborclient/harbor_swagger_client; python ./setup.py install + cd harborclient/harbor_v2_swagger_client; python ./setup.py install + pip install docker -q + pip freeze + +cleanbinary: + @echo "cleaning binary..." + if [ -f $(CORE_BINARYPATH)/$(CORE_BINARYNAME) ] ; then rm $(CORE_BINARYPATH)/$(CORE_BINARYNAME) ; fi + if [ -f $(JOBSERVICEBINARYPATH)/$(JOBSERVICEBINARYNAME) ] ; then rm $(JOBSERVICEBINARYPATH)/$(JOBSERVICEBINARYNAME) ; fi + if [ -f $(REGISTRYCTLBINARYPATH)/$(REGISTRYCTLBINARYNAME) ] ; then rm $(REGISTRYCTLBINARYPATH)/$(REGISTRYCTLBINARYNAME) ; fi + if [ -f $(MIGRATEPATCHBINARYPATH)/$(MIGRATEPATCHBINARYNAME) ] ; then rm $(MIGRATEPATCHBINARYPATH)/$(MIGRATEPATCHBINARYNAME) ; fi + rm -rf make/photon/*/binary/ + +cleanbaseimage: + @echo "cleaning base image for photon..." + @for name in $(BUILDBASETARGET); do \ + $(DOCKERRMIMAGE) -f $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) ; \ + done + +cleanimage: + @echo "cleaning image for photon..." + - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_CORE):$(VERSIONTAG) + - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_DB):$(VERSIONTAG) + - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) + - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) + +cleandockercomposefile: + @echo "cleaning docker-compose files in $(DOCKERCOMPOSEFILEPATH)" + @find $(DOCKERCOMPOSEFILEPATH) -maxdepth 1 -name "docker-compose*.yml" -exec rm -f {} \; + @find $(DOCKERCOMPOSEFILEPATH) -maxdepth 1 -name "docker-compose*.yml-e" -exec rm -f {} \; + +cleanpackage: + @echo "cleaning harbor install package" + @if [ -d $(BUILDPATH)/harbor ] ; then rm -rf $(BUILDPATH)/harbor ; fi + @if [ -f $(BUILDPATH)/harbor-online-installer-$(VERSIONTAG).tgz ] ; \ + then rm $(BUILDPATH)/harbor-online-installer-$(VERSIONTAG).tgz ; fi + @if [ -f $(BUILDPATH)/harbor-offline-installer-$(VERSIONTAG).tgz ] ; \ + then rm $(BUILDPATH)/harbor-offline-installer-$(VERSIONTAG).tgz ; fi + +cleanconfig: + @echo "clean generated config files" + rm -f $(BUILDPATH)/make/photon/prepare/versions + rm -f $(BUILDPATH)/UIVERSION + rm -rf $(BUILDPATH)/make/common + rm -rf $(BUILDPATH)/harborclient + rm -rf $(BUILDPATH)/src/portal/dist + rm -rf $(BUILDPATH)/src/portal/lib/dist + rm -f $(BUILDPATH)/src/portal/proxy.config.json + +.PHONY: cleanall +cleanall: cleanbinary cleanimage cleanbaseimage cleandockercomposefile cleanconfig cleanpackage + +clean: + @echo " make cleanall: remove binary, Harbor images, specific version docker-compose" + @echo " file, specific version tag, online and offline install package" + @echo " make cleanbinary: remove core and jobservice binary" + @echo " make cleanbaseimage: remove base image of Harbor images" + @echo " make cleanimage: remove Harbor images" + @echo " make cleandockercomposefile: remove specific version docker-compose" + @echo " make cleanpackage: remove online and offline install package" + +all: install \ No newline at end of file diff --git a/template/harbor/v2.7.4/make/photon/Makefile b/template/harbor/v2.7.4/make/photon/Makefile new file mode 100644 index 0000000..2c711fa --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/Makefile @@ -0,0 +1,308 @@ +# Makefile for a harbor project +# +# Targets: +# +# build: build harbor photon images +# clean: clean core and jobservice harbor images + +# common +SHELL := /bin/bash +BUILDPATH=$(CURDIR) +MAKEPATH=$(BUILDPATH)/make +SRCPATH=./src +TOOLSPATH=$(CURDIR)/tools +SEDCMD=$(shell which sed) +WGET=$(shell which wget) +CURL=$(shell which curl) +TIMESTAMP=$(shell date +"%Y%m%d") + +TARGETARCHS=amd64 arm64 + +# docker parameters +DOCKERCMD=$(shell which docker) +DOCKERBUILD=$(DOCKERCMD) build --no-cache $(foreach arch,${TARGETARCHS},--platform=linux/${arch}) +DOCKERBUILD_WITH_PULL_PARA=$(DOCKERCMD) buildx build --push $(foreach arch,${TARGETARCHS},--platform=linux/${arch}) +DOCKERRMIMAGE=$(DOCKERCMD) rmi +DOCKERIMAGES=$(DOCKERCMD) images + +IMAGENAMESPACE=goharbor +BASEIMAGENAMESPACE=goharbor + +# pushimage +PUSHSCRIPTPATH=$(MAKEPATH) +PUSHSCRIPTNAME=pushimage.sh + +# binary +CORE_SOURCECODE=$(SRCPATH)/core +CORE_BINARYNAME=harbor_core +JOBSERVICESOURCECODE=$(SRCPATH)/jobservice +JOBSERVICEBINARYNAME=harbor_jobservice + +# photon dockerfile +DOCKERFILEPATH=$(MAKEPATH)/photon + +PREPARE=prepare +DOCKERFILEPATH_PREPARE=$(DOCKERFILEPATH)/$(PREPARE) +DOCKERFILENAME_PREPARE=Dockerfile +DOCKERIMAGENAME_PREPARE=$(IMAGENAMESPACE)/$(PREPARE) + +PORTAL=portal +DOCKERFILEPATH_PORTAL=$(DOCKERFILEPATH)/$(PORTAL) +DOCKERFILENAME_PORTAL=Dockerfile +DOCKERIMAGENAME_PORTAL=$(IMAGENAMESPACE)/harbor-$(PORTAL) + +CORE=core +DOCKERFILEPATH_CORE=$(DOCKERFILEPATH)/$(CORE) +DOCKERFILENAME_CORE=Dockerfile +DOCKERIMAGENAME_CORE=$(IMAGENAMESPACE)/harbor-$(CORE) + +JOBSERVICE=jobservice +DOCKERFILEPATH_JOBSERVICE=$(DOCKERFILEPATH)/$(JOBSERVICE) +DOCKERFILENAME_JOBSERVICE=Dockerfile +DOCKERIMAGENAME_JOBSERVICE=$(IMAGENAMESPACE)/harbor-$(JOBSERVICE) + +LOG=log +DOCKERFILEPATH_LOG=$(DOCKERFILEPATH)/$(LOG) +DOCKERFILENAME_LOG=Dockerfile +DOCKERIMAGENAME_LOG=$(IMAGENAMESPACE)/harbor-$(LOG) + +DB=db +DOCKERFILEPATH_DB=$(DOCKERFILEPATH)/$(DB) +DOCKERFILENAME_DB=Dockerfile +DOCKERIMAGENAME_DB=$(IMAGENAMESPACE)/harbor-$(DB) + +POSTGRESQL=postgresql +DOCKERFILEPATH_POSTGRESQL=$(DOCKERFILEPATH)/$(POSTGRESQL) +DOCKERFILENAME_POSTGRESQL=Dockerfile +DOCKERIMAGENAME_POSTGRESQL=$(IMAGENAMESPACE)/$(POSTGRESQL)-photon + +TRIVY_ADAPTER=trivy-adapter +DOCKERFILEPATH_TRIVY_ADAPTER=$(DOCKERFILEPATH)/$(TRIVY_ADAPTER) +DOCKERFILENAME_TRIVY_ADAPTER=Dockerfile +DOCKERIMAGENAME_TRIVY_ADAPTER=$(IMAGENAMESPACE)/$(TRIVY_ADAPTER)-photon + +NGINX=nginx +DOCKERFILEPATH_NGINX=$(DOCKERFILEPATH)/$(NGINX) +DOCKERFILENAME_NGINX=Dockerfile +DOCKERIMAGENAME_NGINX=$(IMAGENAMESPACE)/$(NGINX)-photon + +REGISTRY=registry +DOCKERFILEPATH_REG=$(DOCKERFILEPATH)/$(REGISTRY) +DOCKERFILENAME_REG=Dockerfile +DOCKERIMAGENAME_REG=$(IMAGENAMESPACE)/$(REGISTRY)-photon + +REGISTRYCTL=registryctl +DOCKERFILEPATH_REGISTRYCTL=$(DOCKERFILEPATH)/$(REGISTRYCTL) +DOCKERFILENAME_REGISTRYCTL=Dockerfile +DOCKERIMAGENAME_REGISTRYCTL=$(IMAGENAMESPACE)/harbor-$(REGISTRYCTL) + +NOTARYSERVER=notary-server +NOTARYSIGNER=notary-signer +DOCKERFILEPATH_NOTARY=$(DOCKERFILEPATH)/notary +DOCKERFILEPATH_NOTARYSERVER=$(DOCKERFILEPATH)/$(NOTARYSERVER) +DOCKERFILENAME_NOTARYSERVER=Dockerfile +DOCKERIMAGENAME_NOTARYSERVER=$(IMAGENAMESPACE)/$(NOTARYSERVER)-photon +DOCKERFILEPATH_NOTARYSIGNER=$(DOCKERFILEPATH)/$(NOTARYSIGNER) +DOCKERFILENAME_NOTARYSIGNER=Dockerfile +DOCKERIMAGENAME_NOTARYSIGNER=$(IMAGENAMESPACE)/$(NOTARYSIGNER)-photon + +REDIS=redis +DOCKERFILEPATH_REDIS=$(DOCKERFILEPATH)/$(REDIS) +DOCKERFILENAME_REDIS=Dockerfile +DOCKERIMAGENAME_REDIS=$(IMAGENAMESPACE)/$(REDIS)-photon + +DOCKERFILEPATH_STANDALONE_DB_MIGRATOR=$(DOCKERFILEPATH)/standalone-db-migrator +DOCKERFILENAME_STANDALONE_DB_MIGRATOR=Dockerfile +DOCKERIMAGENAME_STANDALONE_DB_MIGRATOR=$(IMAGENAMESPACE)/standalone-db-migrator + +EXPORTER=exporter +DOCKERFILEPATH_EXPORTER=$(DOCKERFILEPATH)/$(EXPORTER) +DOCKERFILENAME_EXPORTER=Dockerfile +DOCKERIMAGENAME_EXPORTER=$(IMAGENAMESPACE)/harbor-$(EXPORTER) + +# for chart server (chartmuseum) +CHARTSERVER=chartserver +DOCKERFILEPATH_CHART_SERVER=$(DOCKERFILEPATH)/$(CHARTSERVER) +DOCKERFILENAME_CHART_SERVER=Dockerfile +CHART_SERVER_CODE_BASE=https://github.com/helm/chartmuseum.git +CHART_SERVER_MAIN_PATH=cmd/chartmuseum +CHART_SERVER_BIN_NAME=chartm + +_build_prepare: + @$(call _build_base,$(PREPARE),$(DOCKERFILEPATH_PREPARE)) + @echo "building prepare container for photon..." + @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_PREPARE)/$(DOCKERFILENAME_PREPARE) -t $(DOCKERIMAGENAME_PREPARE):$(VERSIONTAG) . + @echo "Done." + +_build_db: + @$(call _build_base,$(DB),$(DOCKERFILEPATH_DB)) + @echo "building db container for photon..." + @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_DB)/$(DOCKERFILENAME_DB) -t $(DOCKERIMAGENAME_DB):$(VERSIONTAG) . + @echo "Done." + +_build_portal: + @$(call _build_base,$(PORTAL),$(DOCKERFILEPATH_PORTAL)) + @echo "building portal container for photon..." + $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg npm_registry=$(NPM_REGISTRY) -f $(DOCKERFILEPATH_PORTAL)/$(DOCKERFILENAME_PORTAL) -t $(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) . + @echo "Done." + +_build_core: + @$(call _build_base,$(CORE),$(DOCKERFILEPATH_CORE)) + @echo "building core container for photon..." + @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_CORE)/$(DOCKERFILENAME_CORE) -t $(DOCKERIMAGENAME_CORE):$(VERSIONTAG) . + @echo "Done." + +_build_jobservice: + @$(call _build_base,$(JOBSERVICE),$(DOCKERFILEPATH_JOBSERVICE)) + @echo "building jobservice container for photon..." + @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_JOBSERVICE)/$(DOCKERFILENAME_JOBSERVICE) -t $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) . + @echo "Done." + +_build_log: + @$(call _build_base,$(LOG),$(DOCKERFILEPATH_LOG)) + @echo "building log container for photon..." + $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_LOG)/$(DOCKERFILENAME_LOG) -t $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) . + @echo "Done." + +_build_trivy_adapter: + @if [ "$(TRIVYFLAG)" = "true" ] ; then \ + $(call _build_base,$(TRIVY_ADAPTER),$(DOCKERFILEPATH_TRIVY_ADAPTER)) ; \ + rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary ; \ + echo "Downloading Trivy scanner $(TRIVYVERSION)..." ; \ + $(call _extract_archive, $(TRIVY_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \ + if [ "$(BUILDBIN)" != "true" ] ; then \ + echo "Downloading Trivy adapter $(TRIVYADAPTERVERSION)..." ; \ + $(call _extract_archive, $(TRIVY_ADAPTER_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \ + else \ + echo "Building Trivy adapter $(TRIVYADAPTERVERSION) from sources..." ; \ + cd $(DOCKERFILEPATH_TRIVY_ADAPTER) && TARGETARCHS="$(TARGETARCHS)" $(DOCKERFILEPATH_TRIVY_ADAPTER)/builder.sh $(TRIVYADAPTERVERSION) && cd - ; \ + fi ; \ + echo "Building Trivy adapter container for photon..." ; \ + $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) \ + --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) \ + --build-arg trivy_version=$(TRIVYVERSION) \ + -f $(DOCKERFILEPATH_TRIVY_ADAPTER)/$(DOCKERFILENAME_TRIVY_ADAPTER) \ + -t $(DOCKERIMAGENAME_TRIVY_ADAPTER):$(VERSIONTAG) . ; \ + rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary; \ + echo "Done." ; \ + fi + +_build_chart_server: + @if [ "$(CHARTFLAG)" = "true" ] ; then \ + $(call _build_base,$(CHARTSERVER),$(DOCKERFILEPATH_CHART_SERVER)); \ + if [ "$(BUILDBIN)" != "true" ] ; then \ + rm -rf $(DOCKERFILEPATH_CHART_SERVER)/binary && mkdir -p $(DOCKERFILEPATH_CHART_SERVER)/binary && \ + $(call _get_binary, $(CHARTURL), $(DOCKERFILEPATH_CHART_SERVER)/binary/chartm); \ + else \ + cd $(DOCKERFILEPATH_CHART_SERVER) && TARGETARCHS="$(TARGETARCHS)" $(DOCKERFILEPATH_CHART_SERVER)/builder $(GOBUILDIMAGE) $(CHART_SERVER_CODE_BASE) $(CHARTMUSEUM_SRC_TAG) $(CHART_SERVER_MAIN_PATH) $(CHART_SERVER_BIN_NAME) && cd - ; \ + fi ; \ + echo "building chartmuseum container for photon..." ; \ + $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_CHART_SERVER)/$(DOCKERFILENAME_CHART_SERVER) -t $(DOCKERIMAGENAME_CHART_SERVER):$(VERSIONTAG) . ; \ + rm -rf $(DOCKERFILEPATH_CHART_SERVER)/binary; \ + echo "Done." ; \ + fi + +_build_nginx: + @$(call _build_base,$(NGINX),$(DOCKERFILEPATH_NGINX)) + @echo "building nginx container for photon..." + @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_NGINX)/$(DOCKERFILENAME_NGINX) -t $(DOCKERIMAGENAME_NGINX):$(VERSIONTAG) . + @echo "Done." + +_build_notary: + @if [ "$(NOTARYFLAG)" = "true" ] ; then \ + $(call _build_base,$(NOTARYSERVER),$(DOCKERFILEPATH_NOTARYSERVER)) ; \ + $(call _build_base,$(NOTARYSIGNER),$(DOCKERFILEPATH_NOTARYSIGNER)) ; \ + if [ "$(BUILDBIN)" != "true" ] ; then \ + rm -rf $(DOCKERFILEPATH_NOTARY)/binary && mkdir -p $(DOCKERFILEPATH_NOTARY)/binary && \ + $(call _get_binary, $(NOTARYURL), $(DOCKERFILEPATH_NOTARY)/binary-bundle.tgz); \ + cd $(DOCKERFILEPATH_NOTARY) && tar -zvxf binary-bundle.tgz && cd - ; \ + else \ + cd $(DOCKERFILEPATH_NOTARY) && TARGETARCHS="$(TARGETARCHS)" $(DOCKERFILEPATH_NOTARY)/builder $(NOTARYVERSION) $(NOTARYMIGRATEVERSION) && cd - ; \ + fi ; \ + echo "building notary container for photon..."; \ + chmod 655 $(DOCKERFILEPATH_NOTARY)/binary/notary-signer* && $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_NOTARYSIGNER)/$(DOCKERFILENAME_NOTARYSIGNER) -t $(DOCKERIMAGENAME_NOTARYSIGNER):$(VERSIONTAG) . ; \ + chmod 655 $(DOCKERFILEPATH_NOTARY)/binary/notary-server* && $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_NOTARYSERVER)/$(DOCKERFILENAME_NOTARYSERVER) -t $(DOCKERIMAGENAME_NOTARYSERVER):$(VERSIONTAG) . ; \ + rm -rf $(DOCKERFILEPATH_NOTARY)/binary; \ + echo "Done."; \ + fi + +_build_registry: + @$(call _build_base,$(REGISTRY),$(DOCKERFILEPATH_REG)) + @if [ "$(BUILDBIN)" != "true" ] ; then \ + rm -rf $(DOCKERFILEPATH_REG)/binary && mkdir -p $(DOCKERFILEPATH_REG)/binary && \ + $(call _get_binary, $(REGISTRYURL), $(DOCKERFILEPATH_REG)/binary/registry); \ + else \ + cd $(DOCKERFILEPATH_REG) && TARGETARCHS="$(TARGETARCHS)" $(DOCKERFILEPATH_REG)/builder $(REGISTRY_SRC_TAG) && cd - ; \ + fi + @echo "building registry container for photon..." + @chmod 655 $(DOCKERFILEPATH_REG)/binary/registry* && $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REG)/$(DOCKERFILENAME_REG) -t $(DOCKERIMAGENAME_REG):$(VERSIONTAG) . + @echo "Done." + +_build_registryctl: + @$(call _build_base,$(REGISTRYCTL),$(DOCKERFILEPATH_REGISTRYCTL)) + @echo "building registry controller for photon..." + @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REGISTRYCTL)/$(DOCKERFILENAME_REGISTRYCTL) -t $(DOCKERIMAGENAME_REGISTRYCTL):$(VERSIONTAG) . + @rm -rf $(DOCKERFILEPATH_REG)/binary + @echo "Done." + +_build_redis: + @$(call _build_base,$(REDIS),$(DOCKERFILEPATH_REDIS)) + @echo "building redis container for photon..." + @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REDIS)/$(DOCKERFILENAME_REDIS) -t $(DOCKERIMAGENAME_REDIS):$(VERSIONTAG) . + @echo "Done." + +_build_standalone_db_migrator: + @echo "building standalone db migrator image for photon..." + @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_STANDALONE_DB_MIGRATOR)/$(DOCKERFILENAME_STANDALONE_DB_MIGRATOR) -t $(DOCKERIMAGENAME_STANDALONE_DB_MIGRATOR):$(VERSIONTAG) . + @echo "Done." + +_compile_and_build_exporter: + @$(call _build_base,$(EXPORTER),$(DOCKERFILEPATH_EXPORTER)) + @echo "compiling and building image for exporter..." + @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg build_image=$(GOBUILDIMAGE) -f ${DOCKERFILEPATH_EXPORTER}/${DOCKERFILENAME_EXPORTER} -t $(DOCKERIMAGENAME_EXPORTER):$(VERSIONTAG) . + @echo "Done." + +define _extract_archive + echo "download $1";\ + $(CURL) --connect-timeout 30 -f -k -L $1 | tar xvz -C $2 || exit 1 +endef + +define _get_binary + echo "download $1";\ + $(CURL) --connect-timeout 30 -f -k -L $1 -o $2 || exit 1 +endef + +define _build_base + if [ "$(BUILD_BASE)" = "true" ] ; then \ + echo "building base image for $(1)...";\ + if [ -n "$(REGISTRYUSER)" ] && [ -n "$(REGISTRYPASSWORD)" ] ; then \ + docker login -u $(REGISTRYUSER) -p $(REGISTRYPASSWORD) ; \ + else \ + echo "No docker credentials provided, please be aware of priviledges to access docker hub!" ; \ + fi ;\ + if [ "$(1)" = "db" ] && [ "$(BUILD_PG96)" = "true" ]; then \ + echo "build pg96 rpm package." ; \ + cd $(DOCKERFILEPATH)/db && $(DOCKERFILEPATH)/db/rpm_builder.sh && cd - ; \ + $(DOCKERBUILD) --pull --no-cache -f $(DOCKERFILEPATH)/db/Dockerfile.pg96 -t $(BASEIMAGENAMESPACE)/harbor-db-base:$(BASEIMAGETAG) --label base-build-date=$(TIMESTAMP) . ; \ + else \ + $(DOCKERBUILD) -f $(2)/Dockerfile.base -t $(BASEIMAGENAMESPACE)/harbor-$(1)-base:$(BASEIMAGETAG) --label base-build-date=$(TIMESTAMP) . ;\ + fi ;\ + if [ "$(PUSHBASEIMAGE)" = "true" ] ; then \ + $(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(BASEIMAGENAMESPACE)/harbor-$(1)-base:$(BASEIMAGETAG) $(REGISTRYUSER) $(REGISTRYPASSWORD) docker.io $(PULL_BASE_FROM_DOCKERHUB) || exit 1; \ + fi ; \ + fi +endef + +build: _build_prepare _build_db _build_portal _build_core _build_jobservice _build_log _build_nginx _build_registry _build_registryctl _build_notary _build_trivy_adapter _build_redis _build_chart_server _compile_and_build_exporter + @if [ -n "$(REGISTRYUSER)" ] && [ -n "$(REGISTRYPASSWORD)" ] ; then \ + docker logout ; \ + fi +cleanimage: + @echo "cleaning image for photon..." + - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) + - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_CORE):$(VERSIONTAG) + - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) + - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) + +.PHONY: clean +clean: cleanimage diff --git a/template/harbor/v2.7.4/make/photon/chartserver/Dockerfile b/template/harbor/v2.7.4/make/photon/chartserver/Dockerfile new file mode 100644 index 0000000..a5d636b --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/chartserver/Dockerfile @@ -0,0 +1,24 @@ +ARG harbor_base_image_version +ARG harbor_base_namespace +FROM ${harbor_base_namespace}/harbor-chartserver-base:${harbor_base_image_version} + +ARG TARGETARCH +COPY ./make/photon/chartserver/binary/chartm-linux-${TARGETARCH:-amd64} /home/chart/chartm +COPY ./make/photon/chartserver/docker-entrypoint.sh /home/chart/ +COPY ./make/photon/common/install_cert.sh /home/chart/ + +RUN chown -R chart:chart /etc/pki/tls/certs \ + && chown -R chart:chart /home/chart \ + && chmod u+x /home/chart/chartm \ + && chmod u+x /home/chart/docker-entrypoint.sh \ + && chmod u+x /home/chart/install_cert.sh + +USER chart + +WORKDIR /home/chart + +ENTRYPOINT ["./docker-entrypoint.sh"] + +VOLUME ["/chart_storage"] + +HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS http://localhost:9999/health || curl -k -sS https://localhost:9443/health || exit 1 \ No newline at end of file diff --git a/template/harbor/v2.7.4/make/photon/chartserver/builder b/template/harbor/v2.7.4/make/photon/chartserver/builder new file mode 100644 index 0000000..017ed51 --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/chartserver/builder @@ -0,0 +1,34 @@ +#!/bin/bash + +set +e + +usage(){ + echo "Usage: builder " + echo "e.g: builder golang:1.19.4 github.com/helm/chartmuseum v0.14.0 cmd/chartmuseum chartm" + exit 1 +} + +if [ $# != 5 ]; then + usage +fi + +GOLANG_IMAGE="$1" +GIT_PATH="$2" +CODE_VERSION="$3" +MAIN_GO_PATH="$4" +BIN_NAME="$5" + +set -eux + +cd `dirname $0` +cur=$PWD + +mkdir -p binary +rm -rf binary/$BIN_NAME || true +cp compile.sh binary/ +cp *.patch binary/ + +docker run --rm -e TARGETARCHS="${TARGETARCHS}" -v $cur/binary:/go/bin --name golang_code_builder $GOLANG_IMAGE /bin/bash /go/bin/compile.sh $GIT_PATH $CODE_VERSION $MAIN_GO_PATH $BIN_NAME + +#Clear +#docker rm -f golang_code_builder \ No newline at end of file diff --git a/template/harbor/v2.7.4/make/photon/chartserver/compile.sh b/template/harbor/v2.7.4/make/photon/chartserver/compile.sh new file mode 100644 index 0000000..eedf351 --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/chartserver/compile.sh @@ -0,0 +1,38 @@ +#!/bin/bash +set +e + +usage(){ + echo "Usage: compile.sh " + echo "e.g: compile.sh github.com/helm/chartmuseum v0.14.0 cmd/chartmuseum chartm" + exit 1 +} + +if [ $# != 4 ]; then + usage +fi + +GIT_PATH="$1" +VERSION="$2" +MAIN_GO_PATH="$3" +BIN_NAME="$4" + +#Get the source code +git clone $GIT_PATH src_code +ls +SRC_PATH=$(pwd)/src_code +set -e + +#Checkout the released tag branch +cd $SRC_PATH +git checkout tags/$VERSION -b $VERSION + +#Patch +for p in $(ls /go/bin/*.patch); do + git apply $p || exit /b 1 +done + +cd $SRC_PATH/$MAIN_GO_PATH + +for targetarch in ${TARGETARCHS}; do + GOARCH=$targetarch go build -a -o /go/bin/${BIN_NAME}-$(go env GOOS)-${targetarch}; +done \ No newline at end of file diff --git a/template/harbor/v2.7.4/make/photon/core/Dockerfile b/template/harbor/v2.7.4/make/photon/core/Dockerfile new file mode 100644 index 0000000..230172e --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/core/Dockerfile @@ -0,0 +1,23 @@ +ARG harbor_base_image_version +ARG harbor_base_namespace +FROM ${harbor_base_namespace}/harbor-core-base:${harbor_base_image_version} + +HEALTHCHECK CMD curl --fail -s http://localhost:8080/api/v2.0/ping || curl -k --fail -s https://localhost:8443/api/v2.0/ping || exit 1 +COPY ./make/photon/common/install_cert.sh /harbor/ +COPY ./make/photon/core/entrypoint.sh /harbor/ +ARG TARGETARCH +COPY ./make/photon/core/binary/harbor_core-linux-${TARGETARCH:-amd64} /harbor/harbor_core +COPY ./src/core/views /harbor/views +COPY ./make/migrations /harbor/migrations +COPY ./icons /harbor/icons + +RUN chown -R harbor:harbor /etc/pki/tls/certs \ + && chown -R harbor:harbor /harbor/ \ + && chmod u+x /harbor/entrypoint.sh \ + && chmod u+x /harbor/install_cert.sh \ + && chmod u+x /harbor/harbor_core + +WORKDIR /harbor/ +USER harbor +ENTRYPOINT ["/harbor/entrypoint.sh"] +COPY make/photon/prepare/versions /harbor/ \ No newline at end of file diff --git a/template/harbor/v2.7.4/make/photon/exporter/Dockerfile b/template/harbor/v2.7.4/make/photon/exporter/Dockerfile new file mode 100644 index 0000000..7aa2ea6 --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/exporter/Dockerfile @@ -0,0 +1,32 @@ +ARG build_image +ARG harbor_base_image_version +ARG harbor_base_namespace + +FROM --platform=${BUILDPLATFORM:-linux/amd64} ${build_image} AS build + +ENV CGO_ENABLED=0 +ENV GOOS=linux +ENV GOARCH=amd64 + +COPY src /harbor/src +WORKDIR /harbor/src/cmd/exporter + +ARG TARGETARCH +RUN GOARCH=${TARGETARCH:-amd64} go build -o /out/harbor_exporter-linux-${TARGETARCH:-amd64} + +FROM ${harbor_base_namespace}/harbor-exporter-base:${harbor_base_image_version} + +ARG TARGETARCH +COPY --from=build /out/harbor_exporter-linux-${TARGETARCH:-amd64} /harbor/harbor_exporter +COPY ./make/photon/exporter/entrypoint.sh ./make/photon/common/install_cert.sh /harbor/ + +RUN chown -R harbor:harbor /etc/pki/tls/certs \ + && chown -R harbor:harbor /harbor/ \ + && chmod u+x /harbor/entrypoint.sh \ + && chmod u+x /harbor/install_cert.sh \ + && chmod u+x /harbor/harbor_exporter + +WORKDIR /harbor +USER harbor + +ENTRYPOINT ["/harbor/entrypoint.sh"] \ No newline at end of file diff --git a/template/harbor/v2.7.4/make/photon/jobservice/Dockerfile b/template/harbor/v2.7.4/make/photon/jobservice/Dockerfile new file mode 100644 index 0000000..10751c2 --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/jobservice/Dockerfile @@ -0,0 +1,25 @@ +ARG harbor_base_image_version +ARG harbor_base_namespace +FROM ${harbor_base_namespace}/harbor-jobservice-base:${harbor_base_image_version} + +COPY ./make/photon/common/install_cert.sh /harbor/ +COPY ./make/photon/jobservice/entrypoint.sh /harbor/ + +ARG TARGETARCH +COPY ./make/photon/jobservice/binary/harbor_jobservice-linux-${TARGETARCH:-amd64} /harbor/harbor_jobservice + +RUN chown -R harbor:harbor /etc/pki/tls/certs \ + && chown -R harbor:harbor /harbor/ \ + && chmod u+x /harbor/entrypoint.sh \ + && chmod u+x /harbor/install_cert.sh \ + && chmod u+x /harbor/harbor_jobservice + +WORKDIR /harbor/ + +USER harbor + +VOLUME ["/var/log/jobs/", "/var/scandata_exports"] + +HEALTHCHECK CMD curl --fail -s http://localhost:8080/api/v1/stats || curl -sk --fail --key /etc/harbor/ssl/job_service.key --cert /etc/harbor/ssl/job_service.crt https://localhost:8443/api/v1/stats || exit 1 + +ENTRYPOINT ["/harbor/entrypoint.sh"] \ No newline at end of file diff --git a/template/harbor/v2.7.4/make/photon/log/Dockerfile b/template/harbor/v2.7.4/make/photon/log/Dockerfile new file mode 100644 index 0000000..4f1938d --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/log/Dockerfile @@ -0,0 +1,24 @@ +ARG harbor_base_image_version +ARG harbor_base_namespace +FROM ${harbor_base_namespace}/harbor-log-base:${harbor_base_image_version} + +COPY ./make/photon/log/rsyslog.conf /etc/rsyslog.conf + +# rsyslog configuration file for docker +COPY ./make/photon/log/rsyslog_docker.conf /etc/rsyslog.d/ + +# remove the original "logrotate" in directory "/etc/cron.daily/" +# and copy the customized one to directory "/etc/cron.hourly/" +# to run logrotate hourly +RUN rm /etc/cron.daily/logrotate +COPY ./make/photon/log/logrotate /etc/cron.hourly/logrotate + +COPY ./make/photon/log/start.sh /usr/local/bin/ +RUN chmod +x /usr/local/bin/start.sh /etc/rsyslog.d/ && \ + chown -R 10000:10000 /etc/rsyslog.conf /etc/rsyslog.d/ /run /var/lib/logrotate/ + +HEALTHCHECK CMD netstat -ltun|grep 10514 + +VOLUME /var/log/docker/ /run/ /etc/logrotate.d/ + +CMD /usr/local/bin/start.sh \ No newline at end of file diff --git a/template/harbor/v2.7.4/make/photon/notary-server/Dockerfile b/template/harbor/v2.7.4/make/photon/notary-server/Dockerfile new file mode 100644 index 0000000..7808fb1 --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/notary-server/Dockerfile @@ -0,0 +1,14 @@ +ARG harbor_base_image_version +ARG harbor_base_namespace +FROM ${harbor_base_namespace}/harbor-notary-server-base:${harbor_base_image_version} + +ARG TARGETARCH +COPY ./make/photon/notary/binary/migrate-patch-linux-${TARGETARCH:-amd64} /bin/migrate-patch +COPY ./make/photon/notary/binary/notary-server-linux-${TARGETARCH:-amd64} /bin/notary-server +COPY ./make/photon/notary/binary/migrate-linux-${TARGETARCH:-amd64} /bin/migrate +COPY ./make/photon/notary/binary/migrations/ /migrations/ + +RUN chmod +x /bin/notary-server /migrations/migrate.sh /bin/migrate /bin/migrate-patch +ENV SERVICE_NAME=notary_server +USER notary +CMD migrate-patch -database=${DB_URL} && /migrations/migrate.sh && /bin/notary-server -config=/etc/notary/server-config.postgres.json -logf=logfmt \ No newline at end of file diff --git a/template/harbor/v2.7.4/make/photon/notary-signer/Dockerfile b/template/harbor/v2.7.4/make/photon/notary-signer/Dockerfile new file mode 100644 index 0000000..142675b --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/notary-signer/Dockerfile @@ -0,0 +1,14 @@ +ARG harbor_base_image_version +ARG harbor_base_namespace +FROM ${harbor_base_namespace}/harbor-notary-signer-base:${harbor_base_image_version} + +ARG TARGETARCH +COPY ./make/photon/notary/binary/migrate-patch-linux-${TARGETARCH:-amd64} /bin/migrate-patch +COPY ./make/photon/notary/binary/notary-signer-linux-${TARGETARCH:-amd64} /bin/notary-signer +COPY ./make/photon/notary/binary/migrate-linux-${TARGETARCH:-amd64} /bin/migrate +COPY ./make/photon/notary/binary/migrations/ /migrations/ + +RUN chmod +x /bin/notary-signer /migrations/migrate.sh /bin/migrate /bin/migrate-patch +ENV SERVICE_NAME=notary_signer +USER notary +CMD migrate-patch -database=${DB_URL} && /migrations/migrate.sh && /bin/notary-signer -config=/etc/notary/signer-config.postgres.json -logf=logfmt \ No newline at end of file diff --git a/template/harbor/v2.7.4/make/photon/notary/binary.Dockerfile b/template/harbor/v2.7.4/make/photon/notary/binary.Dockerfile new file mode 100644 index 0000000..817165d --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/notary/binary.Dockerfile @@ -0,0 +1,37 @@ +FROM golang:1.14.15 + +ARG NOTARY_VERSION +ARG MIGRATE_VERSION +RUN test -n "$NOTARY_VERSION" +RUN test -n "$MIGRATE_VERSION" +ENV NOTARYPKG github.com/theupdateframework/notary +ENV MIGRATEPKG github.com/golang-migrate/migrate + +RUN git clone -b $NOTARY_VERSION https://github.com/theupdateframework/notary.git /go/src/${NOTARYPKG} +WORKDIR /go/src/${NOTARYPKG} + +ARG TARGETARCHS=amd64 + +RUN set -eux; \ + \ + for arch in ${TARGETARCHS}; do \ + GOARCH=${arch} go build -i -o /go/bin/notary-server-linux-${arch} -tags pkcs11 \ + -ldflags "-w -X ${NOTARYPKG}/version.GitCommit=`git rev-parse --short HEAD` -X ${NOTARYPKG}/version.NotaryVersion=`cat NOTARY_VERSION`" ${NOTARYPKG}/cmd/notary-server; \ + GOARCH=${arch} go build -i -o /go/bin/notary-signer-linux-${arch} -tags pkcs11 \ + -ldflags "-w -X ${NOTARYPKG}/version.GitCommit=`git rev-parse --short HEAD` -X ${NOTARYPKG}/version.NotaryVersion=`cat NOTARY_VERSION`" ${NOTARYPKG}/cmd/notary-signer; \ + done + +RUN cp -r /go/src/${NOTARYPKG}/migrations/ / + +RUN set -eux; git clone -b $MIGRATE_VERSION https://github.com/golang-migrate/migrate /go/src/${MIGRATEPKG} + +WORKDIR /go/src/${MIGRATEPKG} + +ENV DATABASES="postgres mysql redshift cassandra spanner cockroachdb" +ENV SOURCES="file go_bindata github aws_s3 google_cloud_storage" + +RUN set -eux; \ + \ + for arch in ${TARGETARCHS}; do \ + GOARCH=${arch} go build -i -o /go/bin/migrate-linux-${arch} -tags "$DATABASES $SOURCES" -ldflags="-X main.Version=${MIGRATE_VERSION}" ${MIGRATEPKG}/cli; \ + done diff --git a/template/harbor/v2.7.4/make/photon/notary/builder b/template/harbor/v2.7.4/make/photon/notary/builder new file mode 100755 index 0000000..6fd74d2 --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/notary/builder @@ -0,0 +1,42 @@ +#!/bin/bash + +set +e + +if [ -z $2 ]; then + error "Please set the notary and migrate version" + exit 1 +fi + +echo "Building notary and golang-migrate from source, notary version: $1, golang-migrate version: $2" +set -e + +# the temp folder to store binary file... +mkdir -p binary +# don't remove all like migrate-patch-* which generated by `make compile_notary_migrate_patch` +rm -rf binary/notary-* || true; +rm -rf binary/migrate-linux-* || true; +rm -rf binary/migrations || true; + +cd `dirname $0` + +NOTARY_VERSION=$1 +MIGRATE_VERSION=$2 + + +echo "build binary notary binaries..." +docker build --build-arg TARGETARCHS="${TARGETARCHS}" --build-arg NOTARY_VERSION=${NOTARY_VERSION} --build-arg MIGRATE_VERSION=${MIGRATE_VERSION} -f ./binary.Dockerfile -t notary-binary . + +echo 'copy the binary files to local...' +ID=$(docker create notary-binary) + +for targetarch in ${TARGETARCHS}; do + docker cp $ID:/go/bin/notary-server-linux-${targetarch} binary/notary-server-linux-${targetarch} + docker cp $ID:/go/bin/notary-signer-linux-${targetarch} binary/notary-signer-linux-${targetarch} + docker cp $ID:/go/bin/migrate-linux-${targetarch} binary/migrate-linux-${targetarch} +done + +docker cp $ID:/migrations binary/migrations +sed -i 's/waiting for $DB_URL/waiting for database/g' binary/migrations/migrate.sh; + +docker rm -f $ID +docker rmi -f notary-binary \ No newline at end of file diff --git a/template/harbor/v2.7.4/make/photon/portal/Dockerfile b/template/harbor/v2.7.4/make/photon/portal/Dockerfile new file mode 100644 index 0000000..31850d3 --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/portal/Dockerfile @@ -0,0 +1,49 @@ +ARG harbor_base_image_version +ARG harbor_base_namespace +# only need to build once on amd64 host +FROM --platform=${BUILDPLATFORM:-linux/amd64} node:16.10.0 as nodeportal + +WORKDIR /build_dir + +ARG npm_registry=https://registry.npmjs.org + +RUN apt-get update \ + && apt-get install -y --no-install-recommends python-yaml + +COPY src/portal/package.json /build_dir +COPY src/portal/package-lock.json /build_dir +COPY src/portal/scripts /build_dir +COPY ./api/v2.0/legacy_swagger.yaml /build_dir/swagger.yaml +COPY ./api/v2.0/swagger.yaml /build_dir/swagger2.yaml +COPY ./api/swagger.yaml /build_dir/swagger3.yaml + +COPY src/portal /build_dir + +ENV NPM_CONFIG_REGISTRY=${npm_registry} +RUN npm install --unsafe-perm +RUN npm run generate-build-timestamp +RUN node --max_old_space_size=2048 'node_modules/@angular/cli/bin/ng' build --configuration production +RUN python -c 'import sys, yaml, json; y=yaml.load(sys.stdin.read()); print json.dumps(y)' < swagger.yaml > dist/swagger.json +RUN python -c 'import sys, yaml, json; y=yaml.load(sys.stdin.read()); print json.dumps(y)' < swagger2.yaml > dist/swagger2.json +RUN python -c 'import sys, yaml, json; y=yaml.load(sys.stdin.read()); print json.dumps(y)' < swagger3.yaml > dist/swagger3.json + +RUN cp swagger.yaml dist +COPY ./LICENSE /build_dir/dist + +RUN cd app-swagger-ui && npm install --unsafe-perm +RUN cd app-swagger-ui && npm run build + +FROM ${harbor_base_namespace}/harbor-portal-base:${harbor_base_image_version} + +COPY --from=nodeportal /build_dir/dist /usr/share/nginx/html +COPY --from=nodeportal /build_dir/app-swagger-ui/dist /usr/share/nginx/html +COPY --from=nodeportal /build_dir/package*.json /usr/share/nginx/ + +VOLUME /var/cache/nginx /var/log/nginx /run + +STOPSIGNAL SIGQUIT + +HEALTHCHECK CMD curl --fail -s http://localhost:8080 || curl -k --fail -s https://localhost:8443 || exit 1 +USER nginx +CMD ["nginx", "-g", "daemon off;"] + diff --git a/template/harbor/v2.7.4/make/photon/registry/Dockerfile b/template/harbor/v2.7.4/make/photon/registry/Dockerfile new file mode 100644 index 0000000..d48e98d --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/registry/Dockerfile @@ -0,0 +1,21 @@ +ARG harbor_base_image_version +ARG harbor_base_namespace +FROM ${harbor_base_namespace}/harbor-registry-base:${harbor_base_image_version} + +COPY ./make/photon/common/install_cert.sh /home/harbor +COPY ./make/photon/registry/entrypoint.sh /home/harbor +ARG TARGETARCH +COPY ./make/photon/registry/binary/registry-linux-${TARGETARCH:-amd64} /usr/bin/registry_DO_NOT_USE_GC + +RUN chown -R harbor:harbor /etc/pki/tls/certs \ + && chown harbor:harbor /home/harbor/entrypoint.sh && chmod u+x /home/harbor/entrypoint.sh \ + && chown harbor:harbor /home/harbor/install_cert.sh && chmod u+x /home/harbor/install_cert.sh \ + && chown harbor:harbor /usr/bin/registry_DO_NOT_USE_GC && chmod u+x /usr/bin/registry_DO_NOT_USE_GC + +HEALTHCHECK CMD curl --fail -s http://localhost:5000 || curl -k --fail -s https://localhost:5443 || exit 1 + +USER harbor + +ENTRYPOINT ["/home/harbor/entrypoint.sh"] + +VOLUME ["/storage"] diff --git a/template/harbor/v2.7.4/make/photon/registry/Dockerfile.binary b/template/harbor/v2.7.4/make/photon/registry/Dockerfile.binary new file mode 100644 index 0000000..9695594 --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/registry/Dockerfile.binary @@ -0,0 +1,11 @@ +FROM golang:1.19.4 + +ENV DISTRIBUTION_DIR /go/src/github.com/docker/distribution +ENV BUILDTAGS include_oss include_gcs +ENV GO111MODULE auto + +WORKDIR $DISTRIBUTION_DIR +COPY . $DISTRIBUTION_DIR + +ARG TARGETARCH +RUN CGO_ENABLED=0 GOARCH=${TARGETARCH:-amd64} make PREFIX=/go clean binaries diff --git a/template/harbor/v2.7.4/make/photon/registry/builder b/template/harbor/v2.7.4/make/photon/registry/builder new file mode 100755 index 0000000..c09fe4a --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/registry/builder @@ -0,0 +1,55 @@ +#!/bin/bash + +set +e + +if [ -z $1 ]; then + error "Please set the 'version' variable" + exit 1 +fi + +VERSION="$1" + +set -e + +# the temp folder to store binary file... +mkdir -p binary +rm -rf binary/registry || true + +cd `dirname $0` +cur=$PWD + +# the temp folder to store distribution source code... +TEMP=`mktemp -d ${TMPDIR-/tmp}/distribution.XXXXXX` +git clone -b $VERSION https://github.com/distribution/distribution.git $TEMP + +# add patch 2815 +echo 'add patch https://github.com/distribution/distribution/pull/2815 ...' +cd $TEMP +wget https://github.com/distribution/distribution/pull/2815.patch +git apply 2815.patch + +# add patch redis +cd $TEMP +git apply $cur/redis.patch +cd $cur + +echo 'build the registry binary ...' +cp Dockerfile.binary $TEMP + +for targetarch in ${TARGETARCHS}; do + echo "build the registry $targetarch binary..." + docker build --build-arg=TARGETARCH=$targetarch -f $TEMP/Dockerfile.binary -t registry-golang-$targetarch $TEMP + + echo "copy the registry $targetarch binary to local..." + ID=$(docker create registry-golang-$targetarch) + docker cp $ID:/go/src/github.com/docker/distribution/bin/registry binary/registry-linux-$targetarch + + + docker rm -f $ID + docker rmi -f registry-golang-$targetarch +done + +echo "Build registry binary success, then to build photon image..." +cd $cur +cp $TEMP/cmd/registry/config-example.yml config.yml +rm -rf $TEMP diff --git a/template/harbor/v2.7.4/make/photon/registryctl/Dockerfile b/template/harbor/v2.7.4/make/photon/registryctl/Dockerfile new file mode 100644 index 0000000..0f8d892 --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/registryctl/Dockerfile @@ -0,0 +1,25 @@ +ARG harbor_base_image_version +ARG harbor_base_namespace +FROM ${harbor_base_namespace}/harbor-registryctl-base:${harbor_base_image_version} + +COPY ./make/photon/common/install_cert.sh /home/harbor +COPY ./make/photon/registryctl/start.sh /home/harbor + +ARG TARGETARCH +COPY ./make/photon/registry/binary/registry-linux-${TARGETARCH:-amd64} /usr/bin/registry_DO_NOT_USE_GC +COPY ./make/photon/registryctl/binary/harbor_registryctl-linux-${TARGETARCH:-amd64} /home/harbor/harbor_registryctl + +RUN chown -R harbor:harbor /etc/pki/tls/certs \ + && chown harbor:harbor /home/harbor/harbor_registryctl && chmod u+x /home/harbor/harbor_registryctl \ + && chown harbor:harbor /usr/bin/registry_DO_NOT_USE_GC && chmod u+x /usr/bin/registry_DO_NOT_USE_GC \ + && chown harbor:harbor /home/harbor/start.sh && chmod u+x /home/harbor/start.sh \ + && chown harbor:harbor /home/harbor/install_cert.sh && chmod u+x /home/harbor/install_cert.sh + + +HEALTHCHECK CMD curl --fail -s http://localhost:8080/api/health || curl -sk --fail --key /etc/harbor/ssl/registryctl.key --cert /etc/harbor/ssl/registryctl.crt https://localhost:8443/api/health || exit 1 + +VOLUME ["/var/lib/registry"] + +ENTRYPOINT ["/home/harbor/start.sh"] + +USER harbor diff --git a/template/harbor/v2.7.4/make/photon/standalone-db-migrator/Dockerfile b/template/harbor/v2.7.4/make/photon/standalone-db-migrator/Dockerfile new file mode 100644 index 0000000..bd2223f --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/standalone-db-migrator/Dockerfile @@ -0,0 +1,19 @@ +ARG harbor_base_image_version +ARG harbor_base_namespace +FROM ${harbor_base_namespace}/harbor-db-base:${harbor_base_image_version} + +ENV EXTERNAL_DB 0 + +RUN mkdir /harbor/ +COPY ./make/migrations /migrations + +ARG TARGETARCH +COPY ./make/photon/standalone-db-migrator/binary/migrate-linux-${TARGETARCH:-amd64} /harbor/migrate +COPY ./make/photon/standalone-db-migrator/entrypoint.sh /harbor/ + +RUN chown -R postgres:postgres /harbor/ \ + && chown -R postgres:postgres /migrations/ \ + && chmod u+x /harbor/migrate /harbor/entrypoint.sh +USER postgres + +ENTRYPOINT ["/harbor/entrypoint.sh"] diff --git a/template/harbor/v2.7.4/make/photon/trivy-adapter/Dockerfile b/template/harbor/v2.7.4/make/photon/trivy-adapter/Dockerfile new file mode 100644 index 0000000..a14b787 --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/trivy-adapter/Dockerfile @@ -0,0 +1,44 @@ +ARG harbor_base_image_version +ARG harbor_base_namespace + +FROM alpine:3.12 as trivy-bin +ARG trivy_version + +WORKDIR /trivy-bin + +RUN set -eux; \ + \ + apk add --no-cache curl; \ + \ + case $(uname -m) in \ + x86_64) export TRIVY_DOWNLOAD_URL=https://github.com/aquasecurity/trivy/releases/download/${trivy_version}/trivy_${trivy_version//v/}_Linux-64bit.tar.gz;; \ + aarch64) export TRIVY_DOWNLOAD_URL=https://github.com/aquasecurity/trivy/releases/download/${trivy_version}/trivy_${trivy_version//v/}_Linux-ARM64.tar.gz;; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac; \ + curl --connect-timeout 30 -f -k -L ${TRIVY_DOWNLOAD_URL} | tar xvz -C /trivy-bin + +FROM ${harbor_base_namespace}/harbor-trivy-adapter-base:${harbor_base_image_version} + +ARG trivy_version + +COPY ./make/photon/common/install_cert.sh /home/scanner +COPY ./make/photon/trivy-adapter/entrypoint.sh /home/scanner + +COPY --from=trivy-bin /trivy-bin/trivy /usr/local/bin/trivy + +ARG TARGETARCH +COPY ./make/photon/trivy-adapter/binary/scanner-trivy-linux-${TARGETARCH:-amd64} /home/scanner/bin/scanner-trivy + +RUN chown -R scanner:scanner /etc/pki/tls/certs \ + && chown scanner:scanner /home/scanner/entrypoint.sh && chmod u+x /home/scanner/entrypoint.sh \ + && chown scanner:scanner /usr/local/bin/trivy && chmod u+x /usr/local/bin/trivy \ + && chown scanner:scanner /home/scanner/bin/scanner-trivy && chmod u+x /home/scanner/bin/scanner-trivy \ + && chown scanner:scanner /home/scanner/install_cert.sh && chmod u+x /home/scanner/install_cert.sh + +HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl --fail -s http://localhost:8080/probe/healthy || curl -k --fail -s https://localhost:8443/probe/healthy || exit 1 + +ENV TRIVY_VERSION=${trivy_version} + +USER scanner + +ENTRYPOINT ["/home/scanner/entrypoint.sh"] diff --git a/template/harbor/v2.7.4/make/photon/trivy-adapter/Dockerfile.binary b/template/harbor/v2.7.4/make/photon/trivy-adapter/Dockerfile.binary new file mode 100644 index 0000000..334648c --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/trivy-adapter/Dockerfile.binary @@ -0,0 +1,10 @@ +FROM golang:1.19.4 + +ADD . /go/src/github.com/aquasecurity/harbor-scanner-trivy/ +WORKDIR /go/src/github.com/aquasecurity/harbor-scanner-trivy/ + +ARG TARGETARCHS +RUN set -eux; \ + for targetarch in ${TARGETARCHS}; do \ + GOOS=linux GOARCH=${targetarch} GO111MODULE=on CGO_ENABLED=0 go build -a -o scanner-trivy-linux-${targetarch} cmd/scanner-trivy/main.go; \ + done diff --git a/template/harbor/v2.7.4/make/photon/trivy-adapter/builder.sh b/template/harbor/v2.7.4/make/photon/trivy-adapter/builder.sh new file mode 100755 index 0000000..d460a2f --- /dev/null +++ b/template/harbor/v2.7.4/make/photon/trivy-adapter/builder.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +set +e + +if [ -z $1 ]; then + error "Please set the 'version' variable" + exit 1 +fi + +VERSION="$1" + +set -e + +cd $(dirname $0) +cur=$PWD + +# The temporary directory to clone Trivy adapter source code +TEMP=$(mktemp -d ${TMPDIR-/tmp}/trivy-adapter.XXXXXX) +git clone --depth=1 -b $VERSION https://github.com/aquasecurity/harbor-scanner-trivy.git $TEMP + +echo "Building Trivy adapter binary based on golang:1.19.4..." +cp Dockerfile.binary $TEMP + + +set -eux; + +mkdir -p ${cur}/binary; + +echo "build Trivy adapter binary..." +docker build --build-arg=TARGETARCHS="${TARGETARCHS}" -f $TEMP/Dockerfile.binary -t trivy-adapter-golang $TEMP + +echo "Copying Trivy adapter binary from the container to the local directory..." +ID=$(docker create trivy-adapter-golang) + +for targetarch in ${TARGETARCHS}; do + docker cp $ID:/go/src/github.com/aquasecurity/harbor-scanner-trivy/scanner-trivy-linux-${targetarch} ${cur}/binary/scanner-trivy-linux-${targetarch} +done + +docker rm -f $ID +docker rmi -f trivy-adapter-golang + +echo "Building Trivy adapter binary finished successfully" +cd $cur +rm -rf $TEMP diff --git a/version b/version new file mode 100644 index 0000000..184089f --- /dev/null +++ b/version @@ -0,0 +1 @@ +v2.7.4 \ No newline at end of file