CR-16573 -- fix (#790)

* add rootless * Revert "CR-16573 -- rootless (#789)" This reverts commit 059fc5b. * boost pipelines * fix bootsted pipelines * reorganize boosted pipelines * fix arm tagging
codefresh-io · Feb 10, 2023 · 3c6636a · 3c6636a
1 parent 059fc5b
commit 3c6636a
Show file tree

Hide file tree

Showing 9 changed files with 487 additions and 51 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -35,15 +35,4 @@ RUN yarn generate-completion
 RUN ln -s $(pwd)/lib/interface/cli/codefresh /usr/local/bin/codefresh
 
 RUN codefresh components update --location components
-
-# we keep /root as home directory because cli by default looks for $HOME/.cfconfig
-# and we do not want to break user automation if he used to bind his .cfconfig
-# to the /root/.cfconfig
-RUN adduser -D -h /root -s /bin/sh cfu \
-   && chown -R $(id -g cfu) /root /cf-cli \
-   && chgrp -R $(id -g cfu) /root /cf-cli \
-   && chmod -R g+rwX /root
-
-USER cfu
-
 ENTRYPOINT ["codefresh"]
diff --git a/Dockerfile-debian b/Dockerfile-debian
@@ -37,14 +37,4 @@ RUN ln -s $(pwd)/lib/interface/cli/codefresh /usr/local/bin/codefresh
 
 RUN codefresh components update --location components
 
-# we keep /root as home directory because cli by default looks for $HOME/.cfconfig
-# and we do not want to break user automation if he used to bind his .cfconfig
-# to the /root/.cfconfig
-RUN useradd -m -d /root -s /bin/sh cfu \
-   && chown -R $(id -g cfu) /root /cf-cli \
-   && chgrp -R $(id -g cfu) /root /cf-cli \
-   && chmod -R g+rwX /root
-
-USER cfu
-
 ENTRYPOINT ["codefresh"]
diff --git a/Dockerfile-debian-rootless b/Dockerfile-debian-rootless
@@ -0,0 +1,50 @@
+# go hub binary
+FROM golang:alpine as go
+RUN apk --update add ca-certificates git
+RUN go install github.com/github/hub@latest
+
+# python yq binary
+FROM six8/pyinstaller-alpine:alpine-3.6-pyinstaller-v3.4 as yq
+ARG YQ_VERSION=2.10.0
+ENV PATH="/pyinstaller:$PATH"
+RUN pip install yq==${YQ_VERSION}
+RUN pyinstaller --noconfirm --onefile --log-level DEBUG --clean --distpath /tmp/ $(which yq)
+
+# Main
+FROM node:18.12.1-bullseye-slim
+
+RUN apt update
+RUN apt -y install ca-certificates git curl bash jq busybox && ln -s /bin/busybox /usr/bin/[[
+
+COPY --from=go /go/bin/hub /usr/local/bin/hub
+COPY --from=yq /tmp/yq /usr/local/bin/yq
+
+WORKDIR /cf-cli
+
+COPY package.json /cf-cli
+COPY yarn.lock /cf-cli
+COPY check-version.js /cf-cli
+COPY run-check-version.js /cf-cli
+
+RUN yarn install --prod --frozen-lockfile && \
+    yarn cache clean
+
+COPY . /cf-cli
+
+RUN yarn generate-completion
+
+RUN ln -s $(pwd)/lib/interface/cli/codefresh /usr/local/bin/codefresh
+
+RUN codefresh components update --location components
+
+# we keep /root as home directory because cli by default looks for $HOME/.cfconfig
+# and we do not want to break user automation if he used to bind his .cfconfig
+# to the /root/.cfconfig
+RUN useradd -m -d /root -s /bin/sh cfu \
+   && chown -R $(id -g cfu) /root /cf-cli \
+   && chgrp -R $(id -g cfu) /root /cf-cli \
+   && chmod -R g+rwX /root
+
+USER cfu
+
+ENTRYPOINT ["codefresh"]
diff --git a/Dockerfile-rootless b/Dockerfile-rootless
@@ -0,0 +1,49 @@
+# go hub binary
+FROM golang:alpine as go
+RUN apk --update add ca-certificates git
+RUN go install github.com/github/hub@latest
+
+# python yq binary
+FROM six8/pyinstaller-alpine:alpine-3.6-pyinstaller-v3.4 as yq
+ARG YQ_VERSION=2.10.0
+ENV PATH="/pyinstaller:$PATH"
+RUN pip install yq==${YQ_VERSION}
+RUN pyinstaller --noconfirm --onefile --log-level DEBUG --clean --distpath /tmp/ $(which yq)
+
+# Main
+FROM node:18.12.1-alpine3.15
+
+RUN apk --update add --no-cache ca-certificates git curl bash jq
+
+COPY --from=go /go/bin/hub /usr/local/bin/hub
+COPY --from=yq /tmp/yq /usr/local/bin/yq
+
+WORKDIR /cf-cli
+
+COPY package.json /cf-cli
+COPY yarn.lock /cf-cli
+COPY check-version.js /cf-cli
+COPY run-check-version.js /cf-cli
+
+RUN yarn install --prod --frozen-lockfile && \
+    yarn cache clean
+
+COPY . /cf-cli
+
+RUN yarn generate-completion
+
+RUN ln -s $(pwd)/lib/interface/cli/codefresh /usr/local/bin/codefresh
+
+RUN codefresh components update --location components
+
+# we keep /root as home directory because cli by default looks for $HOME/.cfconfig
+# and we do not want to break user automation if he used to bind his .cfconfig
+# to the /root/.cfconfig
+RUN adduser -D -h /root -s /bin/sh cfu \
+   && chown -R $(id -g cfu) /root /cf-cli \
+   && chgrp -R $(id -g cfu) /root /cf-cli \
+   && chmod -R g+rwX /root
+
+USER cfu
+
+ENTRYPOINT ["codefresh"]
diff --git a/codefresh-arm.yml b/codefresh-arm.yml
@@ -1,13 +1,21 @@
 version: "1.0"
+mode: parallel
+stages:
+  - prepare
+  - build
+  - push-dev
+  - push-master
 steps:
   main_clone:
+    stage: prepare
     title: 'Cloning main repository...'
     type: git-clone
     repo: ${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}
     revision: ${{CF_REVISION}}
     git: ${{GIT_CONTEXT}}
 
   build_image:
+    stage: build
     type: parallel
     steps:
 
@@ -29,7 +37,31 @@ steps:
         image_name: ${{IMAGE_NAME}}
         tag: ${{CF_SHORT_REVISION}}${{DEBIAN_TAG_POSTFIX}}
 
+      build_image_alpine_rootless:
+        title: "Building the alpine image..."
+        type: build
+        working_directory: ${{WORKDIR}}
+        disable_push: true
+        dockerfile: ./Dockerfile-rootless
+        image_name: ${{IMAGE_NAME}}
+        tag: ${{CF_SHORT_REVISION}}${{ROOTLESS_TAG_POSTFIX}}
+
+      build_image_debian_rootless:
+        title: "Building the debian image..."
+        type: build
+        working_directory: ${{WORKDIR}}
+        disable_push: true
+        dockerfile: ./Dockerfile-debian-rootless
+        image_name: ${{IMAGE_NAME}}
+        tag: ${{CF_SHORT_REVISION}}${{DEBIAN_TAG_POSTFIX}}${{ROOTLESS_TAG_POSTFIX}}
+    when:
+      steps:
+        - name: main_clone
+          on:
+            - success
+
   push_dev_alpine:
+    stage: push-dev
     type: push
     candidate: ${{build_image_alpine}}
     title: "Pushing alpine image to registry with revision tag"
@@ -44,8 +76,14 @@ steps:
       push_gcr_enterprise_dev:
         registry: "${{REGISTRY_INTEGRATION_ENTERPRISE}}"
         title: "Pushing image to gcr.io registry with revision tag"
+    when:
+      steps:
+        - name: build_image
+          on:
+            - success
 
   push_dev_debian:
+    stage: push-dev
     type: push
     candidate: ${{build_image_debian}}
     title: "Pushing debian image to registry with revision tag"
@@ -60,14 +98,68 @@ steps:
       push_gcr_enterprise_dev_debian:
         registry: "${{REGISTRY_INTEGRATION_ENTERPRISE}}"
         title: "Pushing image to gcr.io registry with revision tag"
+    when:
+      steps:
+        - name: build_image
+          on:
+            - success
+
+  push_dev_alpine_rootless:
+    stage: push-dev
+    type: push
+    candidate: ${{build_image_alpine_rootless}}
+    title: "Pushing rootless alpine image to registry with revision tag"
+    tag: ${{CF_SHORT_REVISION}}${{ROOTLESS_TAG_POSTFIX}}${{ARM_TAG_POSTFIX}}
+    scale:
+      push_quay_dev_rootless:
+        registry: "${{REGISTRY_INTEGRATION_QUAY}}"
+        title: "Pushing image to quay.io registry with revision tag"
+      push_dockerhub_dev_rootless:
+        registry: "${{REGISTRY_INTEGRATION_DOCKERHUB}}"
+        title: "Pushing image to dockerhub registry with revision tag"
+      push_gcr_enterprise_dev_rootless:
+        registry: "${{REGISTRY_INTEGRATION_ENTERPRISE}}"
+        title: "Pushing image to gcr.io registry with revision tag"
+    when:
+      steps:
+        - name: build_image
+          on:
+            - success
+
+  push_dev_debian_rootless:
+    stage: push-dev
+    type: push
+    candidate: ${{build_image_debian_rootless}}
+    title: "Pushing rootless debian image to registry with revision tag"
+    tag: ${{CF_SHORT_REVISION}}${{DEBIAN_TAG_POSTFIX}}${{ROOTLESS_TAG_POSTFIX}}${{ARM_TAG_POSTFIX}}
+    scale:
+      push_quay_dev_debian_rootless:
+        registry: "${{REGISTRY_INTEGRATION_QUAY}}"
+        title: "Pushing image to quay.io registry with revision tag"
+      push_dockerhub_dev_debian_rootless:
+        registry: "${{REGISTRY_INTEGRATION_DOCKERHUB}}"
+        title: "Pushing image to dockerhub registry with revision tag"
+      push_gcr_enterprise_dev_debian_rootless:
+        registry: "${{REGISTRY_INTEGRATION_ENTERPRISE}}"
+        title: "Pushing image to gcr.io registry with revision tag"
+    when:
+      steps:
+        - name: build_image
+          on:
+            - success
 
   push_master_alpine:
+    stage: push-master
     type: push
     candidate: ${{build_image_alpine}}
     title: "Pushing alpine image with release tag"
     when:
       branch:
         only: [ master ]
+      steps:
+        - name: build_image
+          on:
+            - success
     tags:
       - "${{PACKAGE_VERSION}}${{ARM_TAG_POSTFIX}}"
       - "latest${{ARM_TAG_POSTFIX}}"
@@ -83,12 +175,17 @@ steps:
         title: "Pushing image to gcr.io registry with release tag"
 
   push_master_debian:
+    stage: push-master
     type: push
     candidate: ${{build_image_debian}}
     title: "Pushing debian image with release tag"
     when:
       branch:
         only: [ master ]
+      steps:
+        - name: build_image
+          on:
+            - success
     tags:
       - "${{PACKAGE_VERSION}}${{DEBIAN_TAG_POSTFIX}}${{ARM_TAG_POSTFIX}}"
       - "latest${{DEBIAN_TAG_POSTFIX}}${{ARM_TAG_POSTFIX}}"
@@ -102,3 +199,55 @@ steps:
       push_gcr_enterprise_prod_debian:
         registry: "${{REGISTRY_INTEGRATION_ENTERPRISE}}"
         title: "Pushing image to gcr.io registry with release tag"
+
+  push_master_alpine_rootless:
+    stage: push-master
+    type: push
+    candidate: ${{build_image_alpine_rootless}}
+    title: "Pushing rootless alpine image with release tag"
+    when:
+      branch:
+        only: [ master ]
+      steps:
+        - name: build_image
+          on:
+            - success
+    tags:
+      - "${{PACKAGE_VERSION}}${{ROOTLESS_TAG_POSTFIX}}${{ARM_TAG_POSTFIX}}"
+      - "latest${{ROOTLESS_TAG_POSTFIX}}${{ARM_TAG_POSTFIX}}"
+    scale:
+      push_quay_prod_rootless:
+        registry: "${{REGISTRY_INTEGRATION_QUAY}}"
+        title: "Pushing alpine image to quay.io registry with release tag"
+      push_dockerhub_prod_rootless:
+        registry: "${{REGISTRY_INTEGRATION_DOCKERHUB}}"
+        title: "Pushing image to dockerhub registry with release tag"
+      push_gcr_enterprise_prod_rootless:
+        registry: "${{REGISTRY_INTEGRATION_ENTERPRISE}}"
+        title: "Pushing image to gcr.io registry with release tag"
+
+  push_master_debian_rootless:
+    stage: push-master
+    type: push
+    candidate: ${{build_image_debian_rootless}}
+    title: "Pushing rootless debian image with release tag"
+    when:
+      branch:
+        only: [ master ]
+      steps:
+        - name: build_image
+          on:
+            - success
+    tags:
+      - "${{PACKAGE_VERSION}}${{DEBIAN_TAG_POSTFIX}}${{ROOTLESS_TAG_POSTFIX}}${{ARM_TAG_POSTFIX}}"
+      - "latest${{DEBIAN_TAG_POSTFIX}}${{ROOTLESS_TAG_POSTFIX}}${{ARM_TAG_POSTFIX}}"
+    scale:
+      push_quay_prod_debian_rootless:
+        registry: "${{REGISTRY_INTEGRATION_QUAY}}"
+        title: "Pushing image to quay.io registry with release tag"
+      push_dockerhub_prod_debian_rootless:
+        registry: "${{REGISTRY_INTEGRATION_DOCKERHUB}}"
+        title: "Pushing image to dockerhub registry with release tag"
+      push_gcr_enterprise_prod_debian_rootless:
+        registry: "${{REGISTRY_INTEGRATION_ENTERPRISE}}"
+        title: "Pushing image to gcr.io registry with release tag"