particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(build): Finish build feature

Browse source
This commit is contained in:
Gerald Pinder 2023-12-17 18:18:46 -05:00
parent 71d93977b9
commit 4ea6f772e0
3 changed files with 204 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Cargo.toml
View file

@ -21,7 +21,7 @@ serde_yaml = "0.9.25"
tera = "1.19.1" tera = "1.19.1"
[features] [features]
default = [] default = ["build"]
nightly = ["init", "build"] nightly = ["init", "build"]
init = [] init = []
build = [] build = []

34
src/bin/ublue.rs
View file

@ -1,4 +1,4 @@
use std::path::{Path, PathBuf}; use std::path::PathBuf;
use anyhow::Result; use anyhow::Result;
use clap::{Parser, Subcommand}; use clap::{Parser, Subcommand};
@ -36,32 +36,42 @@ enum CommandArgs {
dir: Option<PathBuf>, dir: Option<PathBuf>,
}, },
/// Build an image from a Containerfile /// Build an image from a recipe
#[cfg(feature = "build")] #[cfg(feature = "build")]
Build { Build {
/// The recipe file to create a template from /// The recipe file to build an image
#[arg()] #[arg()]
recipe: PathBuf, recipe: PathBuf,
/// Optional Containerfile to use as a template
#[arg(short, long)] #[arg(short, long)]
containerfile: Option<PathBuf>, containerfile: Option<PathBuf>,
#[arg(short, long, default_value = "Containerfile")] /// Push the image with all the tags.
output: PathBuf, ///
/// Requires `--registry`, `--registry-path`,
/// `--username`, and `--password` if not
/// building in CI.
#[arg(short, long)] #[arg(short, long)]
push: bool, push: bool,
/// The registry's domain name.
#[arg(long)] #[arg(long)]
registry: Option<String>, registry: Option<String>,
/// The url path to your base
/// project images.
#[arg(long)] #[arg(long)]
registry_path: Option<String>, registry_path: Option<String>,
#[arg(long)] /// The username to login to the
/// container registry.
#[arg(short, long)]
username: Option<String>, username: Option<String>,
#[arg(long)] /// The password to login to the
/// container registry.
#[arg(short, long)]
password: Option<String>, password: Option<String>,
}, },
} }
@ -90,14 +100,17 @@ fn main() -> Result<()> {
CommandArgs::Build { CommandArgs::Build {
recipe, recipe,
containerfile, containerfile,
output,
push, push,
registry, registry,
registry_path, registry_path,
username, username,
password, password,
} => { } => {
ublue_rs::template_file(&recipe, containerfile.as_ref(), Some(&output))?; ublue_rs::template_file(
&recipe,
containerfile.as_ref(),
Some(&PathBuf::from("Containerfile")),
)?;
ublue_rs::build::build_image( ublue_rs::build::build_image(
&recipe, &recipe,
registry.as_ref(), registry.as_ref(),
@ -106,7 +119,6 @@ fn main() -> Result<()> {
password.as_ref(), password.as_ref(),
push, push,
)?; )?;
todo!();
} }
} }
Ok(()) Ok(())

195
src/build.rs
View file

@ -1,18 +1,22 @@
use std::{env, fs, path::Path, process::Command}; use std::{env, fs, path::Path, process::Command};
use anyhow::{anyhow, Result}; use anyhow::{anyhow, bail, Result};
use chrono::{Datelike, Local}; use chrono::Local;
use crate::module_recipe::Recipe; use crate::module_recipe::Recipe;
fn check_command_exists(command: &str) -> Result<()> { fn check_command_exists(command: &str) -> Result<()> {
eprintln!("Checking if {command} exists...");
match Command::new("command") match Command::new("command")
.arg("-v") .arg("-v")
.arg(command) .arg(command)
.status()? .status()?
.success() .success()
{ {
true => Ok(()), true => {
eprintln!("Command {command} does exist");
Ok(())
}
false => Err(anyhow!( false => Err(anyhow!(
"Command {command} doesn't exist and is required to build the image" "Command {command} doesn't exist and is required to build the image"
)), )),
@ -20,16 +24,21 @@ fn check_command_exists(command: &str) -> Result<()> {
} }
fn generate_tags(recipe: &Recipe) -> Vec<String> { fn generate_tags(recipe: &Recipe) -> Vec<String> {
eprintln!("Generating image tags for {}", &recipe.name);
let mut tags: Vec<String> = Vec::new(); let mut tags: Vec<String> = Vec::new();
let image_version = recipe.image_version; let image_version = recipe.image_version;
let timestamp = Local::now().format("%Y%m%d").to_string(); let timestamp = Local::now().format("%Y%m%d").to_string();
if let Ok(_) = env::var("CI") { if let Ok(_) = env::var("CI") {
eprintln!("Detected running in Gitlab, pulling information from CI variables...");
if let (Ok(mr_iid), Ok(pipeline_source)) = ( if let (Ok(mr_iid), Ok(pipeline_source)) = (
env::var("CI_MERGE_REQUEST_IID"), env::var("CI_MERGE_REQUEST_IID"),
env::var("CI_PIPELINE_SOURCE"), env::var("CI_PIPELINE_SOURCE"),
) { ) {
if pipeline_source == "merge_request_event" { if pipeline_source == "merge_request_event" {
eprintln!("Running in a MR...");
tags.push(format!("{mr_iid}-{image_version}")); tags.push(format!("{mr_iid}-{image_version}"));
} }
} }
@ -42,16 +51,21 @@ fn generate_tags(recipe: &Recipe) -> Vec<String> {
(env::var("CI_COMMIT_BRANCH"), env::var("CI_DEFAULT_BRANCH")) (env::var("CI_COMMIT_BRANCH"), env::var("CI_DEFAULT_BRANCH"))
{ {
if default_branch != commit_branch { if default_branch != commit_branch {
eprintln!("Running on branch {commit_branch}...");
tags.push(format!("br-{commit_branch}-{image_version}")); tags.push(format!("br-{commit_branch}-{image_version}"));
} else { } else {
eprintln!("Running on the default branch...");
tags.push(format!("{image_version}")); tags.push(format!("{image_version}"));
tags.push(format!("{image_version}-{timestamp}")); tags.push(format!("{image_version}-{timestamp}"));
tags.push(format!("{timestamp}")); tags.push(format!("{timestamp}"));
} }
} }
} else { } else {
eprintln!("Running locally...");
tags.push(format!("{image_version}-local")); tags.push(format!("{image_version}-local"));
} }
eprintln!("Finished generating tags!");
eprintln!("Tags: {tags:?}");
tags tags
} }
@ -60,6 +74,7 @@ fn login(
username: Option<&String>, username: Option<&String>,
password: Option<&String>, password: Option<&String>,
) -> Result<()> { ) -> Result<()> {
eprintln!("Attempting to login to the registry");
let registry = match registry { let registry = match registry {
Some(registry) => registry.to_owned(), Some(registry) => registry.to_owned(),
None => env::var("CI_REGISTRY")?, None => env::var("CI_REGISTRY")?,
@ -85,7 +100,7 @@ fn login(
.status()? .status()?
.success() .success()
{ {
true => eprintln!("Buildah login success!"), true => eprintln!("Buildah login success at {registry} for user {username}!"),
false => return Err(anyhow!("Failed to login for buildah!")), false => return Err(anyhow!("Failed to login for buildah!")),
} }
@ -99,7 +114,7 @@ fn login(
.status()? .status()?
.success() .success()
{ {
true => eprintln!("Cosign login success!"), true => eprintln!("Cosign login success at {registry} for user {username}!"),
false => return Err(anyhow!("Failed to login for cosign!")), false => return Err(anyhow!("Failed to login for cosign!")),
} }
@ -110,19 +125,164 @@ fn generate_full_image_name(
recipe: &Recipe, recipe: &Recipe,
registry: Option<&String>, registry: Option<&String>,
registry_path: Option<&String>, registry_path: Option<&String>,
push: bool,
) -> Result<String> { ) -> Result<String> {
eprintln!("Generating full image name");
let image_name = recipe.name.as_str(); let image_name = recipe.name.as_str();
if let Ok(_) = env::var("CI") { let image_name = if let Ok(_) = env::var("CI") {
// if let (Ok()) eprintln!("Detected running in Gitlab CI...");
todo!() if let (Ok(registry), Ok(project_namespace), Ok(project_name)) = (
env::var("CI_REGISTRY"),
env::var("CI_PROJECT_NAMESPACE"),
env::var("CI_PROJECT_NAME"),
) {
format!("{registry}/{project_namespace}/{project_name}/{image_name}")
} else {
bail!("Unable to generate image name for Gitlab CI env!")
}
} else { } else {
Ok(image_name.to_string()) eprintln!("Detected running locally...");
} if let (Some(registry), Some(registry_path)) = (registry, registry_path) {
format!(
"{}/{}/{image_name}",
registry.trim_matches('/'),
registry_path.trim_matches('/')
)
} else {
if push {
bail!("Need '--registry' and '--registry-path' in order to push image");
}
image_name.to_string()
}
};
eprintln!("Using image name {image_name}");
Ok(image_name)
} }
fn build(recipe: &Recipe, image_name: &str, tags: &[String]) -> Result<()> { fn build(image_name: &str, tags: &[String], push: bool) -> Result<()> {
todo!() let mut tags_iter = tags.iter();
let first_tag = tags_iter
.next()
.ok_or(anyhow!("We got here with no tags!?"))?;
let mut build = Command::new("buildah")
.arg("build")
.arg("-t")
.arg(format!("{image_name}:{first_tag}"))
.spawn()?;
let status = build.wait()?;
if status.success() {
eprintln!("Successfully built {image_name}");
} else {
bail!("Failed to build {image_name}");
}
if tags.len() > 1 {
eprintln!("Tagging all images...");
for tag in tags_iter {
eprintln!("Tagging {image_name} with {tag}");
let mut child = Command::new("buildah")
.arg("tag")
.arg(format!("{image_name}:{first_tag}"))
.arg(format!("{image_name}:{tag}"))
.spawn()?;
if child.wait()?.success() {
eprintln!("Successfully tagged {image_name}:{tag}!");
} else {
bail!("Failed to tag image {image_name}:{tag}");
}
}
}
if push {
eprintln!("Pushing all images...");
for tag in tags.iter() {
eprintln!("Pushing image {image_name}:{tag}...");
let mut child = Command::new("buildah")
.arg("push")
.arg(format!("{image_name}:{tag}"))
.spawn()?;
if child.wait()?.success() {
eprintln!("Successfully pushed {image_name}:{tag}!")
} else {
bail!("Failed to push image {image_name}:{tag}");
}
}
sign_images(image_name, first_tag)?;
}
Ok(())
}
fn sign_images(image_name: &str, tag: &str) -> Result<()> {
if env::var("SIGSTORE_ID_TOKEN").is_ok() && env::var("CI").is_ok() {
if let (
Ok(project_url),
Ok(default_branch),
Ok(commit_branch),
Ok(server_protocol),
Ok(server_host),
) = (
env::var("CI_PROJECT_URL"),
env::var("CI_DEFAULT_BRANCH"),
env::var("CI_COMMIT_REF_NAME"),
env::var("CI_SERVER_PROTOCOL"),
env::var("CI_SERVER_HOST"),
) {
if default_branch == commit_branch {
eprintln!("Retrieving image digest...");
let image_digest = String::from_utf8(
Command::new("skopeo")
.arg("inspect")
.arg("--format='{{.Digest}}'")
.arg(format!("docker://{image_name}:{tag}"))
.output()?
.stdout,
)?;
eprintln!("Signing image: {image_name}@{image_digest}");
let mut child = Command::new("cosign")
.arg("sign")
.arg(format!("{image_name}@{image_digest}"))
.spawn()?;
if child.wait()?.success() {
eprintln!("Successfully signed image!");
} else {
bail!("Failed to sign image: {image_name}@{image_digest}");
}
let mut child = Command::new("cosign")
.arg("verify")
.arg("--certificate-identity")
.arg(format!(
"{project_url}//.gitlab-ci.yml@refs/heads/{default_branch}"
))
.arg("--certificate-oidc-issuer")
.arg(format!("{server_protocol}://{server_host}"))
.arg(format!("{image_name}:{tag}"))
.spawn()?;
if !child.wait()?.success() {
eprintln!("Failed to verify image!");
}
}
}
} else {
eprintln!("No SIGSTORE_ID_TOKEN detected, not signing image");
}
Ok(())
} }
pub fn build_image( pub fn build_image(
@ -137,16 +297,21 @@ pub fn build_image(
if push { if push {
check_command_exists("cosign")?; check_command_exists("cosign")?;
check_command_exists("skopeo")?; check_command_exists("skopeo")?;
login(registry.clone(), username.clone(), password.clone())?;
} }
let recipe: Recipe = serde_yaml::from_str(fs::read_to_string(recipe)?.as_str())?; let recipe: Recipe = serde_yaml::from_str(fs::read_to_string(recipe)?.as_str())?;
let tags = generate_tags(&recipe); let tags = generate_tags(&recipe);
let image_name = generate_full_image_name(&recipe, registry.clone(), registry_path.clone())?; let image_name =
generate_full_image_name(&recipe, registry.clone(), registry_path.clone(), push)?;
build(&recipe, &image_name, &tags)?; if push {
login(registry.clone(), username.clone(), password.clone())?;
}
build(&image_name, &tags, push)?;
eprintln!("Build complete!");
Ok(()) Ok(())
} }