Merge pull request #49 from sarg3nt/fix/multi-build-differences

Fix/multi-build-differences
sarg3nt · Nov 8, 2024 · 4784f66 · 4784f66
2 parents b44dc55 + c6860e1
commit 4784f66
Show file tree

Hide file tree

Showing 10 changed files with 130 additions and 108 deletions.
diff --git a/.github/workflows/release-weekly.yml b/.github/workflows/release-weekly.yml
@@ -39,47 +39,31 @@ jobs:
           fetch-depth: 0
           fetch-tags: true
 
-      - name: Get the latest version
+      - name: Get the Latest Version
         id: get_version
         run: bash ${GITHUB_WORKSPACE}/workflow_scripts/get_latest_version.sh
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           REGISTRY: ${{ env.REGISTRY }}
           REPOSITORY: ${{ env.REPOSITORY }}
 
-      - name: Log into registry
+      - name: Log Into Registry
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build Docker image
+      - name: Build and Push Docker image
         id: build
         uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75
-        with:
-          push: false
-          tags: ${{ env.TAG_MAJOR }},${{ env.TAG_MINOR }},${{ env.TAG_PATCH }},${{ env.TAG_LATEST }}
-
-      - name: Compare the Old and New Docker Images
-        id: compare_versions
-        run: bash ${GITHUB_WORKSPACE}/workflow_scripts/compare_containers.sh
-        env:
-          GH_TOKEN: ${{ github.token }}
-          TAG_OLD: ${{ env.TAG_OLD }}
-          TAG_PATCH: ${{ env.TAG_PATCH }}
-
-      - name: Push Docker image
-        if: steps.compare_versions.outputs.continue == 'true'
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75
         with:
           push: true
           tags: ${{ env.TAG_MAJOR }},${{ env.TAG_MINOR }},${{ env.TAG_PATCH }},${{ env.TAG_LATEST }}
 
       # Docs: https://github.com/marketplace/actions/create-release
       - name: Create Release
         id: create_release
-        if: steps.compare_versions.outputs.continue == 'true'
         uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5
         with:
           body: "A Weekly release containing upgrades to system packages in the base Rocky Linux container."

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -32,15 +32,15 @@ jobs:
           fetch-depth: 0
           fetch-tags: true
 
-      - name: Log into registry
+      - name: Log Into Registry
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       # During a release workflow the new git tag is provided and is automatically used by this step to generate the new image tags.
-      - name: Extract Docker metadata
+      - name: Extract Docker Metadata
         id: meta
         uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81
         with:
@@ -50,7 +50,7 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}
             type=semver,pattern={{major}}
 
-      - name: Build and push Docker image
+      - name: Build and Push Docker Image
         uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75
         with:
           context: .

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -50,12 +50,12 @@ jobs:
             tuf-repo-cdn.sigstore.dev:443
             www.bestpractices.dev:443
 
-      - name: "Checkout code"
+      - name: "Checkout Code"
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
           persist-credentials: false
 
-      - name: "Run analysis"
+      - name: "Run Analysis"
         uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46
         with:
           results_file: results.sarif
@@ -77,7 +77,7 @@ jobs:
 
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
-      - name: "Upload artifact"
+      - name: "Upload Artifact"
         uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
         with:
           name: SARIF file
@@ -86,7 +86,7 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
-      - name: "Upload to code-scanning"
+      - name: "Upload to Code-Scanning"
         uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -36,23 +36,23 @@ jobs:
           disable-sudo: true
           egress-policy: audit
 
-      - name: Log into registry
+      - name: Log Into Registry
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Checkout code
+      - name: Checkout Code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
 
-      - name: Build Docker image
+      - name: Build Docker Image
         uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75
         with:
           push: false
           tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ github.sha }}
 
-      - name: Run Trivy vulnerability scanner
+      - name: Run Trivy Vulnerability Scanner
         uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
         with:
           image-ref: '${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ github.sha }}'
@@ -64,7 +64,7 @@ jobs:
           TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
           TRIVY_SKIP_JAVA_DB_UPDATE: true
 
-      - name: Upload Trivy scan results to GitHub Security tab
+      - name: Upload Trivy Results
         uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd
         with:
           sarif_file: 'trivy-results.sarif'

diff --git a/Dockerfile b/Dockerfile
@@ -15,6 +15,10 @@ LABEL org.opencontainers.image.source=https://github.com/sarg3nt/go-dev-containe
 
 ENV TZ='America/Los_Angeles'
 
+# Here for local builds, not used for main pipeline as the security tools gets snippy.
+# ARG GITHUB_API_TOKEN
+# ENV GITHUB_API_TOKEN=${GITHUB_API_TOKEN}
+
 # What user will be created in the dev container and will we run under.
 # Reccomend not changing this.
 ENV USERNAME="vscode"
@@ -38,7 +42,6 @@ COPY --chown=vscode:vscode home/vscode/.config/mise /home/vscode/.config/mise
 ARG MISE_VERBOSE=0
 ARG RUST_BACKTRACE=0
 RUN --mount=type=bind,source=scripts/20_install_mise_packages.sh,target=/20.sh,ro bash -c "/20.sh"
-
 RUN --mount=type=bind,source=scripts/30_install_other_apps.sh,target=/30.sh,ro bash -c "/30.sh"
 
 COPY --chown=vscode:vscode home /home/

diff --git a/Makefile b/Makefile
@@ -5,7 +5,11 @@ CURRENT_DIR := $(shell pwd)
 
 .PHONY: build
 build:
-	docker build -t "$(IMAGE_NAME):$(IMAGE_TAG)-$(GIT_BRANCH)" .
+	docker build --build-arg GITHUB_API_TOKEN=${GITHUB_TOKEN} -t "$(IMAGE_NAME):$(IMAGE_TAG)-$(GIT_BRANCH)" .
+
+.PHONY: build-no-cache
+build-no-cache:
+	docker build --build-arg GITHUB_API_TOKEN=${GITHUB_TOKEN} --progress=plain --no-cache -t "$(IMAGE_NAME):$(IMAGE_TAG)-$(GIT_BRANCH)" .
 
 .PHONY: run
 run:

diff --git a/scripts/10_install_system_packages.sh b/scripts/10_install_system_packages.sh
@@ -8,20 +8,24 @@ IFS=$'\n\t'
 # Install system packages
 main() {
   source "/usr/bin/lib/sh/log.sh"
+  install_system_packages
+  install_devcontainer_features
+  cleanup
+}
+
+install_system_packages() {
   log "10_install_system_packages.sh" "blue"
 
   log "Adding install_weak_deps=False to /etc/dnf/dnf.conf" "green"
   echo "install_weak_deps=False" >>/etc/dnf/dnf.conf
+  echo "keepcache=0" >>/etc/dnf/dnf.conf
 
   log "Installing epel release" "green"
   dnf install -y epel-release && dnf clean all
 
   log "Installing dnf plugins core" "green"
   dnf install -y dnf-plugins-core
 
-  log "Running /usr/bin/crb enable" "green"
-  /usr/bin/crb enable
-
   log "Adding docker ce repo" "green"
   dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
 
@@ -66,7 +70,9 @@ main() {
 
   log "Installing xz zip unzip" "green"
   dnf install -y xz zip unzip
+}
 
+install_devcontainer_features() {
   log "Installing dev container features" "blue"
   log "Exporting dev container features install.sh config variables." "green"
   export CONFIGUREZSHASDEFAULTSHELL=true
@@ -84,18 +90,34 @@ main() {
   cd /tmp/source/features/src/common-utils/
   ./install.sh
   cd -
+}
 
-  dnf -y remove epel-release
-  dnf -y remove dnf-plugins-core
+cleanup() {
+  log "Running cleanup" "blue"
+
+  log "Deleting files from /tmp" "green"
+  sudo rm -rfv /tmp/*
+  echo ""
+
+  log "Deleting all .git directories." "green"
+  find / -path /proc -prune -o -type d -name ".git" -not -path '/.git' -exec rm -rfv {} + 2>/dev/null || true
+  echo ""
 
   log "Running dnf autoremove" "green"
-  dnf autoremove -y
+  sudo dnf autoremove -y
+  echo ""
 
   log "Running dnf clean all" "green"
-  dnf clean all
+  sudo dnf clean all
+  echo ""
 
-  log "Deleting files from /tmp" "green"
-  rm -rf /tmp/*
+  log "Deleting all data in /var/log" "green"
+  sudo rm -rfv /var/log/*
+  echo ""
+
+  log "Delete Python cache files" "green"
+  sudo find / -name "__pycache__" -type d -exec rm -rfv {} + 2>/dev/null || true
+  sudo find / -name "*.pyc" -exec rm -fv {} + 2>/dev/null || true
 }
 
 # Run main

diff --git a/scripts/20_install_mise_packages.sh b/scripts/20_install_mise_packages.sh
@@ -5,32 +5,63 @@ IFS=$'\n\t'
 
 main() {
   source "/usr/bin/lib/sh/log.sh"
+  install_mise_packages
+  cleanup
+}
 
-  ############ Install mise
+install_mise_packages() {
   log "20_install_mise_packages.sh" "blue"
 
   # Mise is installed in the docker file from it's master docker branch.
   log "Configuring mise" "green"
   export PATH="$HOME/.local/share/mise/shims:$HOME/.local/bin/:$PATH"
 
-  if [[ -n "${GITHUB_API_TOKEN:-}" ]]; then
-    log "GITHUB_API_TOKEN found" "green"
-  else
-    log "GITHUB_API_TOKEN not found" "yellow"
-  fi
-
   log "Mise version" "green"
   mise version
 
   log "Trusting configuration files" "green"
   mise trust "$HOME/.config/mise/config.toml"
-  mise trust --all
 
   log "Installing tools with mise" "green"
   mise install --yes
+}
+
+cleanup() {
+  log "Running cleanup" "blue"
 
   log "Deleting files from /tmp" "green"
-  sudo rm -rf /tmp/*
+  sudo rm -rfv /tmp/*
+  echo ""
+
+  log "Cleaning go caches" "green"
+  go clean -cache
+  go clean -testcache
+  go clean -fuzzcache
+  go clean -modcache
+  echo ""
+
+  log "Deleting all .git directories." "green"
+  find / -path /proc -prune -o -type d -name ".git" -not -path '/.git' -exec rmv -rf {} + 2>/dev/null || true
+  echo ""
+
+  log "Clearing mise cache." "green"
+  mise cache clear
+  echo ""
+
+  log "Deleting go cache files" "green"
+  sudo rm -rfv /home/vscode/.cache/go-build/trim.txt
+  sudo rm -rfv /home/vscode/.cache/go-build/testexpire.txt
+  sudo rm -rfv /home/vscode/.config/go/telemetry/*
+  sudo rm -rfv /home/vscode/go/pkg/sumdb/sum.golang.org/latest
+  echo ""
+
+  log "Deleting all data in /var/log" "green"
+  sudo rm -rfv /var/log/*
+  echo ""
+
+  log "Delete Python cache files" "green"
+  sudo find / -name "__pycache__" -type d -exec rm -rfv {} + 2>/dev/null || true
+  sudo find / -name "*.pyc" -exec rm -fv {} + 2>/dev/null || true
 }
 
 # Run main

diff --git a/scripts/30_install_other_apps.sh b/scripts/30_install_other_apps.sh
@@ -17,7 +17,7 @@ main() {
   add_fzf_completions_files
   install_kubectx_kubens_completions
   install_omz_plugins
-  clean_up
+  cleanup
   date +"%B %d %Y" >/home/vscode/build_date.txt
 }
 
@@ -66,10 +66,41 @@ install_omz_plugins() {
   git clone --depth 1 -- https://github.com/zsh-users/zsh-completions.git "${ZSH_CUSTOM:-$HOME/.oh-my-zsh/custom}/plugins/zsh-completions"
 }
 
-clean_up() {
-  echo ""
+cleanup() {
+  log "Running cleanup" "blue"
   log "Deleting files from /tmp" "green"
-  sudo rm -rf /tmp/*
+  sudo rm -rfv /tmp/*
+  echo ""
+
+  log "Cleaning go caches" "green"
+  go clean -cache
+  go clean -testcache
+  go clean -fuzzcache
+  go clean -modcache
+  echo ""
+
+  log "Deleting all .git directories." "green"
+  find / -path /proc -prune -o -type d -name ".git" -not -path '/.git' -exec rm -rfv {} + 2>/dev/null || true
+  echo ""
+
+  log "Clearing mise cache." "green"
+  mise cache clear
+  echo ""
+
+  log "Deleting go cache files" "green"
+  sudo rm -rfv /home/vscode/.cache/go-build/trim.txt
+  sudo rm -rfv /home/vscode/.cache/go-build/testexpire.txt
+  sudo rm -rfv /home/vscode/.config/go/telemetry/*
+  sudo rm -rfv /home/vscode/go/pkg/sumdb/sum.golang.org/latest
+  echo ""
+
+  log "Deleting all data in /var/log" "green"
+  sudo rm -rfv /var/log/*
+  echo ""
+
+  log "Delete Python cache files" "green"
+  sudo find / -name "__pycache__" -type d -exec rm -rfv {} + 2>/dev/null || true
+  sudo find / -name "*.pyc" -exec rm -fv {} + 2>/dev/null || true
 }
 
 # Run main