diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index d4ac3e8bf..000000000 --- a/.dockerignore +++ /dev/null @@ -1 +0,0 @@ -*Makefile.swagger \ No newline at end of file diff --git a/.tekton/backfill-redis-1-0-gamma-pull-request.yaml b/.tekton/backfill-redis-1-0-gamma-pull-request.yaml index 63d4875f7..a3fe50e06 100644 --- a/.tekton/backfill-redis-1-0-gamma-pull-request.yaml +++ b/.tekton/backfill-redis-1-0-gamma-pull-request.yaml @@ -32,6 +32,10 @@ spec: value: '{{revision}}' - name: build-source-image value: "true" + - name: hermetic + value: "true" + - name: prefetch-input + value: [{"path": ".", "type": "gomod"}, {"path": "./hack/tools", "type": "gomod"}] pipelineSpec: finally: - name: show-sbom diff --git a/.tekton/backfill-redis-1-0-gamma-push.yaml b/.tekton/backfill-redis-1-0-gamma-push.yaml index 00b80d4df..bc1dfa894 100644 --- a/.tekton/backfill-redis-1-0-gamma-push.yaml +++ b/.tekton/backfill-redis-1-0-gamma-push.yaml @@ -29,6 +29,10 @@ spec: value: '{{revision}}' - name: build-source-image value: "true" + - name: hermetic + value: "true" + - name: prefetch-input + value: [{"path": ".", "type": "gomod"}, {"path": "./hack/tools", "type": "gomod"}] pipelineSpec: finally: - name: show-sbom diff --git a/.tekton/rekor-server-1-0-gamma-pull-request.yaml b/.tekton/rekor-server-1-0-gamma-pull-request.yaml index 3b1245665..b597590a3 100644 --- a/.tekton/rekor-server-1-0-gamma-pull-request.yaml +++ b/.tekton/rekor-server-1-0-gamma-pull-request.yaml @@ -32,6 +32,10 @@ spec: value: '{{revision}}' - name: build-source-image value: "true" + - name: hermetic + value: "true" + - name: prefetch-input + value: [{"path": ".", "type": "gomod"}, {"path": "./hack/tools", "type": "gomod"}] pipelineSpec: finally: - name: show-sbom diff --git a/.tekton/rekor-server-1-0-gamma-push.yaml b/.tekton/rekor-server-1-0-gamma-push.yaml index 0698fb821..0a16c9a45 100644 --- a/.tekton/rekor-server-1-0-gamma-push.yaml +++ b/.tekton/rekor-server-1-0-gamma-push.yaml @@ -29,6 +29,10 @@ spec: value: '{{revision}}' - name: build-source-image value: "true" + - name: hermetic + value: "true" + - name: prefetch-input + value: [{"path": ".", "type": "gomod"}, {"path": "./hack/tools", "type": "gomod"}] pipelineSpec: finally: - name: show-sbom diff --git a/Dockerfile b/Dockerfile index 4a27fc0e6..09b01fd11 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,22 +14,24 @@ # limitations under the License. FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder@sha256:98a0ff138c536eee98704d6909699ad5d0725a20573e2c510a60ef462b45cce0 AS build-env + +RUN mkdir /opt/app-root && mkdir /opt/app-root/src && mkdir /opt/app-root/src/cmd && mkdir /opt/app-root/src/pkg && git config --global --add safe.directory /opt/app-root/src + ENV APP_ROOT=/opt/app-root ENV GOPATH=$APP_ROOT WORKDIR $APP_ROOT/src/ ADD go.mod go.sum $APP_ROOT/src/ +RUN go mod download # Add source code ADD ./cmd/ $APP_ROOT/src/cmd/ ADD ./pkg/ $APP_ROOT/src/pkg/ -RUN go mod tidy && go mod vendor - ARG SERVER_LDFLAGS -RUN go build -ldflags "${SERVER_LDFLAGS}" ./cmd/rekor-server -RUN CGO_ENABLED=0 go build -gcflags "all=-N -l" -ldflags "${SERVER_LDFLAGS}" -o rekor-server_debug ./cmd/rekor-server -RUN go test -c -ldflags "${SERVER_LDFLAGS}" -cover -covermode=count -coverpkg=./... -o rekor-server_test ./cmd/rekor-server +RUN go build -ldflags "${SERVER_LDFLAGS}" -mod=readonly ./cmd/rekor-server +RUN CGO_ENABLED=0 go build -gcflags "all=-N -l" -ldflags "${SERVER_LDFLAGS}" -o rekor-server_debug -mod=readonly ./cmd/rekor-server +RUN go test -c -ldflags "${SERVER_LDFLAGS}" -cover -covermode=count -coverpkg=./... -o rekor-server_test -mod=readonly ./cmd/rekor-server # debug compile options & debugger FROM registry.access.redhat.com/ubi9/go-toolset@sha256:c3a9c5c7fb226f6efcec2424dd30c38f652156040b490c9eca5ac5b61d8dc3ca as debug diff --git a/Dockerfile.backfill-redis b/Dockerfile.backfill-redis index 7a075596c..49902794c 100644 --- a/Dockerfile.backfill-redis +++ b/Dockerfile.backfill-redis @@ -1,15 +1,18 @@ -#Build stage +# Build stage + FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder@sha256:98a0ff138c536eee98704d6909699ad5d0725a20573e2c510a60ef462b45cce0 AS build-env USER root -ENV APP_ROOT=/opt/app-root +RUN mkdir /opt/app-root && mkdir /opt/app-root/src && git config --global --add safe.directory /opt/app-root/src + +WORKDIR /opt/app-root/src/ +COPY . . -WORKDIR $APP_ROOT/src/ +RUN go mod download -RUN git config --global --add safe.directory /opt/app-root/src -ADD . . -RUN go mod tidy && go mod vendor && make backfill-redis +ARG SERVER_LDFLAGS +RUN CGO_ENABLED=0 go build -mod=readonly -trimpath -ldflags "$(SERVER_LDFLAGS)" -o backfill-redis ./cmd/backfill-redis -#Install stage +# Install stage FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:7d1ea7ac0c6f464dac7bae6994f1658172bf6068229f40778a513bc90f47e624 COPY --from=build-env /opt/app-root/src/backfill-redis /usr/local/bin/backfill-redis WORKDIR /opt/app-root/src/home diff --git a/Dockerfile.cli b/Dockerfile.cli index 1d1aeffa0..40da5c27b 100644 --- a/Dockerfile.cli +++ b/Dockerfile.cli @@ -2,11 +2,10 @@ FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder@sha256:98a0ff138c536eee98704d6909699ad5d0725a20573e2c510a60ef462b45cce0 AS build-env USER root -RUN mkdir /opt/app-root && mkdir /opt/app-root/src +RUN mkdir /opt/app-root && mkdir /opt/app-root/src && git config --global --add safe.directory /opt/app-root/src WORKDIR /opt/app-root/src -RUN git config --global --add safe.directory /opt/app-root/src COPY . . WORKDIR /opt/app-root/src/hack/tools