From c3c80e100ef336e12fdc6ec0ca6d9d98fb027555 Mon Sep 17 00:00:00 2001 From: James Hochadel Date: Wed, 11 Dec 2024 10:35:55 -0500 Subject: [PATCH] Build csb-docproxy image with new builder image feature Full motivation for the builder image here: https://github.com/cloud-gov/product/issues/3216#issuecomment-2536272676 --- ci/container/internal/base_vars.yml | 3 +++ ci/container/internal/csb-docproxy/vars.yml | 5 +++++ ci/container/pipeline.yml | 1 + container/oci-build.yml | 15 +++++++++------ container/pipeline-internal.yml | 9 +++++++++ 5 files changed, 27 insertions(+), 6 deletions(-) create mode 100644 ci/container/internal/csb-docproxy/vars.yml diff --git a/ci/container/internal/base_vars.yml b/ci/container/internal/base_vars.yml index bde63d8..1b09adc 100644 --- a/ci/container/internal/base_vars.yml +++ b/ci/container/internal/base_vars.yml @@ -1,5 +1,8 @@ base-image: ubuntu-hardened base-image-tag: latest +# Some Dockerfiles may wish to specify a separate builder image for a multi-stage build. Set these vars to do so. By default, it is the same as base-image to avoid pulling additional layers. +builder-image: ubuntu-hardened +builder-image-tag: latest oci-build-params: {} common-pipelines-trigger: false dockerfile-path: [] diff --git a/ci/container/internal/csb-docproxy/vars.yml b/ci/container/internal/csb-docproxy/vars.yml new file mode 100644 index 0000000..2257fad --- /dev/null +++ b/ci/container/internal/csb-docproxy/vars.yml @@ -0,0 +1,5 @@ +builder-image: general-task +builder-image-tag: latest +image-repository: csb-docproxy +src-repo: cloud-gov/csb +src-branch: brokerpak-topic diff --git a/ci/container/pipeline.yml b/ci/container/pipeline.yml index 12c2822..079ced8 100644 --- a/ci/container/pipeline.yml +++ b/ci/container/pipeline.yml @@ -36,6 +36,7 @@ jobs: - legacy-domain-certificate-renewer-testing - opensearch-testing - opensearch-dashboards-testing + - csb-docproxy do: - set_pipeline: ((.:name)) diff --git a/container/oci-build.yml b/container/oci-build.yml index 8a02a70..eb6862c 100644 --- a/container/oci-build.yml +++ b/container/oci-build.yml @@ -11,16 +11,17 @@ image_resource: tag: latest caches: -- path: cache + - path: cache inputs: -- name: src -- name: base-image -- name: common-pipelines -- name: common-dockerfiles + - name: src + - name: base-image + - name: builder-image + - name: common-pipelines + - name: common-dockerfiles outputs: -- name: image + - name: image run: path: build @@ -38,3 +39,5 @@ params: CONTEXT: src # Load the base image tarball from the base-image input into an OCI image reference. IMAGE_ARG_base_image: base-image/image.tar + # Load the builder image in the same manner. + IMAGE_ARG_builder_image: builder-image/image.tar diff --git a/container/pipeline-internal.yml b/container/pipeline-internal.yml index 26f3461..c139803 100644 --- a/container/pipeline-internal.yml +++ b/container/pipeline-internal.yml @@ -247,6 +247,15 @@ resources: tag: ((base-image-tag)) aws_region: us-gov-west-1 + - name: builder-image + type: registry-image + source: + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: ((builder-image)) + tag: ((builder-image-tag)) + aws_region: us-gov-west-1 + - name: common-pipelines type: git source: