contrib: update build_and_deploy.sh script

Signed-off-by: Hank Donnay <hdonnay@redhat.com>

contrib/openshift/build_and_deploy.sh

@@ -1,6 +1,8 @@
 #!/usr/bin/bash
 set -euo pipefail
 
+splice() { local IFS="$1"; shift; echo "$*"; }
+
 while getopts nx name; do
 	case "$name" in
 	x) set -x ;;
@@ -13,23 +15,98 @@ while getopts nx name; do
 done
 
 : "${REGISTRY:=quay.io}"
-: "${REPOSITORY:=${REGISTRY}/app-sre}"
-: "${IMAGE:=${REPOSITORY}/clair}"
+: "${NAMESPACE:=app-sre}"
+: "${REPOSITORY:=clair}"
+: "${IMAGE:=$(splice / "$REGISTRY" "$NAMESPACE" "$REPOSITORY")}"
+: "${BUILDKIT_IMAGE:=$(splice / "$REGISTRY" "$NAMESPACE" buildkit:latest)}"
+: "${CONTAINER_ENGINE:=$(command -v podman 2>/dev/null || command -v docker 2>/dev/null)}"
+: "${cidfile:=buildkit.cid}"
 GIT_HASH="$(git rev-parse --short=7 HEAD)"
-CONTAINER_ENGINE=$(command -v podman 2>/dev/null || command -v docker 2>/dev/null)
 tags=("${IMAGE}:latest" "${IMAGE}:${GIT_HASH}")
+trap 'rm -rf clair-v*.{tar*,oci}' ERR
 
-git archive HEAD |
-	${CONTAINER_ENGINE} build -t clair-service:latest -
-for t in "${tags[@]}"; do
-	${CONTAINER_ENGINE} tag clair-service:latest "$t"
-done
+patch_source() {
+	in=$1
+	if [[ $(tar tf "$in" '*/Dockerfile' | wc -l) -ne 1 ]]; then
+		echo already patched >&2
+		return
+	fi
+
+	( # Subshell to set a cleanup trap.
+	tmp=$(mktemp -d)
+	trap 'rm -r "$tmp"' EXIT
+	gunzip "$in"
+	in=${in%.gz}
+
+	filename=$(tar tf "$in" '*/Dockerfile')
+	tar -xOf "$in" "$filename" |
+		sed "s,docker.io/[[:alpha:]]\+,$(splice / "$REGISTRY" "$NAMESPACE")," >"${tmp}/Dockerfile"
+	tar -rf "$in" --transform "s,.*,${filename}," "${tmp}/Dockerfile"
+	gzip -n -q -f "$in"
+	)
+}
+
+if [[ -d bin ]]; then
+	PATH=$(realpath bin):${PATH}
+fi
+if ! command -v buildctl >/dev/null 2>&1; then
+	echo Fetching buildctl:
+	: "${BUILDCTL_VERSION:=0.15.0}"
+	mkdir -p bin
+	PATH=$(realpath bin):${PATH}
+	curl -sSfL "https://github.com/moby/buildkit/releases/download/v${BUILDCTL_VERSION}/buildkit-v${BUILDCTL_VERSION}.linux-amd64.tar.gz" |
+		tar -xzC bin --strip-components=1 bin/buildctl
+	command -V buildctl
+	buildctl --version
+fi
+
+echo Starting buildkitd container:
+cleanup() {
+	echo Stopping buildkitd container:
+	${CONTAINER_ENGINE} stop --cidfile "${cidfile}" || echo Failed to stop buildkit container >&2
+	if [[ -f "${cidfile}" ]]; then
+		rm "${cidfile}" || echo Unable to remove cidfile: "${cidfile}" >&2
+	fi
+}
+if ! skopeo login --get-login "${REGISTRY}" >/dev/null; then
+	[[ -n "${QUAY_USER-}" && -n "${QUAY_TOKEN-}" ]] &&
+		skopeo login -u="${QUAY_USER}" -p="${QUAY_TOKEN}" "${REGISTRY}"
+fi
+${CONTAINER_ENGINE} run \
+	--cidfile "${cidfile}" \
+	--detach \
+	--privileged \
+	--rm \
+	"${BUILDKIT_IMAGE}"
+trap 'cleanup' EXIT
+BUILDKIT_HOST="$(basename "${CONTAINER_ENGINE}")-container://$(cat "$cidfile")"
+export BUILDKIT_HOST
+
+echo Exporting source:
+make dist
+
+echo Applying self-inflicted wound:
+if [[ $(find . -maxdepth 1 -type f -name 'clair-v*.tar*' | wc -l) -ne 1 ]]; then
+	echo found multiple dist tarballs, exiting: "$(ls clair-v*.tar*)" >&2
+	exit 99
+fi
+patch_source clair-v*.tar.gz
+
+echo Building container:
+make "IMAGE_NAME=$(splice , "${tags[@]}")" dist-container
+
+# Make repeated runs work more-or-less correctly.
+touch -m -t 197001010000 clair-v*.{tar.gz,oci}
 
-[[ -n "$dryrun" ]] && exit 0
+[[ -n "${dryrun-}" ]] && exit 0
 
-: "${QUAY_USER:?Missing QUAY_USER variable.}"
-: "${QUAY_TOKEN:?Missing QUAY_TOKEN variable.}"
-${CONTAINER_ENGINE} login -u="${QUAY_USER}" -p="${QUAY_TOKEN}" "${REGISTRY}"
+if ! skopeo login --get-login "${REGISTRY}" >/dev/null; then
+	: "${QUAY_USER:?Missing QUAY_USER variable.}"
+	: "${QUAY_TOKEN:?Missing QUAY_TOKEN variable.}"
+	skopeo login -u="${QUAY_USER}" -p="${QUAY_TOKEN}" "${REGISTRY}"
+fi
+ar=$(echo clair-v4.*.oci)
 for t in "${tags[@]}"; do
-	${CONTAINER_ENGINE} push "$t"
+	echo Copy to "${t@Q}:"
+	skopeo copy --all --preserve-digests "oci-archive:${ar}:${tags[0]##*:}" "docker://${t}"
 done