particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor Command Structs and create Earthly build

Browse source
This commit is contained in:
Gerald Pinder 2023-12-19 02:23:31 +00:00
parent c20b917728
commit ebd861cd7e
13 changed files with 789 additions and 612 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.helix/languages.toml
View file

@ -1,2 +1,2 @@
[language-server.rust-analyzer.config] [language-server.rust-analyzer.config]
cargo.features = ["build"] cargo.features = ["init"]

96
Cargo.lock generated
View file

@ -224,7 +224,7 @@ dependencies = [
"heck", "heck",
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.37",
] ]
[[package]] [[package]]
@ -264,6 +264,72 @@ dependencies = [
"typenum", "typenum",
] ]
[[package]]
name = "darling"
version = "0.14.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7b750cb3417fd1b327431a470f388520309479ab0bf5e323505daf0290cd3850"
dependencies = [
"darling_core",
"darling_macro",
]
[[package]]
name = "darling_core"
version = "0.14.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "109c1ca6e6b7f82cc233a97004ea8ed7ca123a9af07a8230878fcfda9b158bf0"
dependencies = [
"fnv",
"ident_case",
"proc-macro2",
"quote",
"strsim",
"syn 1.0.109",
]
[[package]]
name = "darling_macro"
version = "0.14.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a4aab4dbc9f7611d8b55048a3a16d2d010c2c8334e46304b40ac1cc14bf3b48e"
dependencies = [
"darling_core",
"quote",
"syn 1.0.109",
]
[[package]]
name = "derive_builder"
version = "0.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8d67778784b508018359cbc8696edb3db78160bab2c2a28ba7f56ef6932997f8"
dependencies = [
"derive_builder_macro",
]
[[package]]
name = "derive_builder_core"
version = "0.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c11bdc11a0c47bc7d37d582b5285da6849c96681023680b906673c5707af7b0f"
dependencies = [
"darling",
"proc-macro2",
"quote",
"syn 1.0.109",
]
[[package]]
name = "derive_builder_macro"
version = "0.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ebcda35c7a396850a55ffeac740804b40ffec779b98fffbb1738f4033f0ee79e"
dependencies = [
"derive_builder_core",
"syn 1.0.109",
]
[[package]] [[package]]
name = "deunicode" name = "deunicode"
version = "0.4.4" version = "0.4.4"
@ -447,6 +513,12 @@ dependencies = [
"cc", "cc",
] ]
[[package]]
name = "ident_case"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39"
[[package]] [[package]]
name = "ignore" name = "ignore"
version = "0.4.20" version = "0.4.20"
@ -613,7 +685,7 @@ dependencies = [
"pest_meta", "pest_meta",
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.37",
] ]
[[package]] [[package]]
@ -805,7 +877,7 @@ checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.37",
] ]
[[package]] [[package]]
@ -864,6 +936,17 @@ version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
[[package]]
name = "syn"
version = "1.0.109"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
dependencies = [
"proc-macro2",
"quote",
"unicode-ident",
]
[[package]] [[package]]
name = "syn" name = "syn"
version = "2.0.37" version = "2.0.37"
@ -923,7 +1006,7 @@ checksum = "49922ecae66cc8a249b77e68d1d0623c1b2c514f0060c27cdc68bd62a1219d35"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.37",
] ]
[[package]] [[package]]
@ -960,6 +1043,7 @@ dependencies = [
"chrono", "chrono",
"clap", "clap",
"clap-verbosity-flag", "clap-verbosity-flag",
"derive_builder",
"env_logger", "env_logger",
"log", "log",
"rusty-hook", "rusty-hook",
@ -1092,7 +1176,7 @@ dependencies = [
"once_cell", "once_cell",
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.37",
"wasm-bindgen-shared", "wasm-bindgen-shared",
] ]
@ -1114,7 +1198,7 @@ checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.37",
"wasm-bindgen-backend", "wasm-bindgen-backend",
"wasm-bindgen-shared", "wasm-bindgen-shared",
] ]

1
Cargo.toml
View file

@ -16,6 +16,7 @@ cfg-if = "1.0.0"
chrono = "0.4.31" chrono = "0.4.31"
clap = { version = "4.4.4", features = ["derive"] } clap = { version = "4.4.4", features = ["derive"] }
clap-verbosity-flag = "2.1.1" clap-verbosity-flag = "2.1.1"
derive_builder = "0.12.0"
env_logger = "0.10.1" env_logger = "0.10.1"
log = "0.4.20" log = "0.4.20"
serde = { version = "1.0.188", features = ["derive"] } serde = { version = "1.0.188", features = ["derive"] }

41
Earthfile Normal file
View file

@ -0,0 +1,41 @@
VERSION 0.7
FROM registry.fedoraproject.org/fedora-toolbox
ARG --global IMAGE
cosign:
FROM gcr.io/projectsigstore/cosign
SAVE ARTIFACT /ko-app/cosign cosign
install:
FROM rust
COPY . /app
WORKDIR /app
RUN cargo build --release
SAVE ARTIFACT target/release/ublue
build:
BUILD +install
RUN dnf install --refresh -y podman buildah skopeo
COPY +cosign/cosign /usr/bin/cosign
COPY +install/ublue /usr/bin/ublue
ARG TAG
IF [ "$TAG" != "" ]
SAVE IMAGE --push $CI_REGISTRY_IMAGE:$TAG
ARG LATEST=false
IF [ "$LATEST" = "true" ]
SAVE IMAGE --push $CI_REGISTRY_IMAGE:latest
END
END
all:
BUILD --platform=linux/amd64 +build

123
src/bin/ublue.rs
View file

@ -1,12 +1,12 @@
use std::path::PathBuf;
use std::process;
use anyhow::Result; use anyhow::Result;
use clap::{Parser, Subcommand}; use clap::{Parser, Subcommand};
use clap_verbosity_flag::{InfoLevel, Verbosity}; use clap_verbosity_flag::{InfoLevel, Verbosity};
use env_logger::WriteStyle; use env_logger::WriteStyle;
use log::{error, info, trace}; use log::trace;
use ublue_rs::{self}; use ublue_rs::{self, build, template};
#[cfg(feature = "init")]
use ublue_rs::init;
#[derive(Parser, Debug)] #[derive(Parser, Debug)]
#[command(name = "Ublue Builder", author, version, about, long_about = None)] #[command(name = "Ublue Builder", author, version, about, long_about = None)]
@ -21,66 +21,15 @@ struct UblueArgs {
#[derive(Debug, Subcommand)] #[derive(Debug, Subcommand)]
enum CommandArgs { enum CommandArgs {
/// Generate a Containerfile from a recipe /// Generate a Containerfile from a recipe
Template { Template(template::TemplateCommand),
/// The recipe file to create a template from
#[arg()]
recipe: PathBuf,
/// Optional Containerfile to use as a template
#[arg(short, long)]
containerfile: Option<PathBuf>,
/// File to output to instead of STDOUT
#[arg(short, long)]
output: Option<PathBuf>,
},
/// Initialize a new Ublue Starting Point repo /// Initialize a new Ublue Starting Point repo
#[cfg(feature = "init")] #[cfg(feature = "init")]
Init { Init(init::InitCommand),
/// The directory to extract the files into. Defaults to the current directory
#[arg()]
dir: Option<PathBuf>,
},
/// Build an image from a recipe /// Build an image from a recipe
#[cfg(feature = "build")] #[cfg(feature = "build")]
Build { Build(build::BuildCommand),
/// The recipe file to build an image
#[arg()]
recipe: PathBuf,
/// Optional Containerfile to use as a template
#[arg(short, long)]
containerfile: Option<PathBuf>,
/// Push the image with all the tags.
///
/// Requires `--registry`, `--registry-path`,
/// `--username`, and `--password` if not
/// building in CI.
#[arg(short, long)]
push: bool,
/// The registry's domain name.
#[arg(long)]
registry: Option<String>,
/// The url path to your base
/// project images.
#[arg(long)]
registry_path: Option<String>,
/// The username to login to the
/// container registry.
#[arg(short, long)]
username: Option<String>,
/// The password to login to the
/// container registry.
#[arg(short, long)]
password: Option<String>,
},
} }
fn main() -> Result<()> { fn main() -> Result<()> {
@ -94,63 +43,13 @@ fn main() -> Result<()> {
trace!("{args:#?}"); trace!("{args:#?}");
match args.command { match args.command {
CommandArgs::Template { CommandArgs::Template(command) => command.run()?,
recipe,
containerfile,
output,
} => {
info!("Templating for recipe at {}", recipe.display());
if let Err(e) =
ublue_rs::template_file(&recipe, containerfile.as_ref(), output.as_ref())
{
error!("Failed to template file: {e}");
process::exit(1);
}
}
#[cfg(feature = "init")] #[cfg(feature = "init")]
CommandArgs::Init { dir } => { CommandArgs::Init(command) => command.run()?,
let base_dir = match dir {
Some(dir) => dir,
None => std::path::PathBuf::from("./"),
};
ublue_rs::init::initialize_directory(base_dir);
}
#[cfg(feature = "build")] #[cfg(feature = "build")]
CommandArgs::Build { CommandArgs::Build(command) => command.run()?,
recipe,
containerfile,
push,
registry,
registry_path,
username,
password,
} => {
info!("Templating for recipe at {}", recipe.display());
if let Err(e) = ublue_rs::template_file(
&recipe,
containerfile.as_ref(),
Some(&PathBuf::from("Containerfile")),
) {
error!("Failed to template file: {e}");
process::exit(1);
}
info!("Building image for recipe at {}", recipe.display());
if let Err(e) = ublue_rs::build::build_image(
&recipe,
registry.as_ref(),
registry_path.as_ref(),
username.as_ref(),
password.as_ref(),
push,
) {
error!("Failed to build image: {e}");
process::exit(1);
}
}
} }
Ok(()) Ok(())
} }

701
src/build.rs
View file

@ -1,367 +1,412 @@
use std::{env, fs, path::Path, process::Command}; use std::{
env, fs,
path::PathBuf,
process::{self, Command},
};
use anyhow::{anyhow, bail, Result}; use anyhow::{anyhow, bail, Result};
use chrono::Local; use chrono::Local;
use log::{debug, info, trace, warn}; use clap::Args;
use derive_builder::Builder;
use log::{debug, error, info, trace, warn};
use crate::module_recipe::Recipe; use crate::{module_recipe::Recipe, ops, template::TemplateCommand};
fn check_command_exists(command: &str) -> Result<()> { #[derive(Debug, Clone, Args, Builder)]
debug!("Checking if {command} exists"); pub struct BuildCommand {
trace!("check_command_exists({command})"); /// The recipe file to build an image
#[arg()]
recipe: PathBuf,
trace!("command -v {command}"); /// Optional Containerfile to use as a template
match Command::new("command") #[arg(short, long)]
.arg("-v") #[builder(default, setter(into))]
.arg(command) containerfile: Option<PathBuf>,
.status()?
.success()
{
true => {
debug!("Command {command} does exist");
Ok(())
}
false => Err(anyhow!(
"Command {command} doesn't exist and is required to build the image"
)),
}
}
fn generate_tags(recipe: &Recipe) -> Vec<String> { /// Push the image with all the tags.
debug!("Generating image tags for {}", &recipe.name); ///
trace!("generate_tags({recipe:?})"); /// Requires `--registry`, `--registry-path`,
/// `--username`, and `--password` if not
let mut tags: Vec<String> = Vec::new(); /// building in CI.
let image_version = recipe.image_version; #[arg(short, long)]
let timestamp = Local::now().format("%Y%m%d").to_string(); #[builder(default)]
if env::var("CI").is_ok() {
warn!("Detected running in Gitlab, pulling information from CI variables");
if let (Ok(mr_iid), Ok(pipeline_source)) = (
env::var("CI_MERGE_REQUEST_IID"),
env::var("CI_PIPELINE_SOURCE"),
) {
trace!("CI_MERGE_REQUEST_IID={mr_iid}, CI_PIPELINE_SOURCE={pipeline_source}");
if pipeline_source == "merge_request_event" {
debug!("Running in a MR");
tags.push(format!("{mr_iid}-{image_version}"));
}
}
if let Ok(commit_sha) = env::var("CI_COMMIT_SHORT_SHA") {
trace!("CI_COMMIT_SHORT_SHA={commit_sha}");
tags.push(format!("{commit_sha}-{image_version}"));
}
if let (Ok(commit_branch), Ok(default_branch)) = (
env::var("CI_COMMIT_REF_NAME"),
env::var("CI_DEFAULT_BRANCH"),
) {
trace!("CI_COMMIT_REF_NAME={commit_branch}, CI_DEFAULT_BRANCH={default_branch}");
if default_branch != commit_branch {
debug!("Running on branch {commit_branch}");
tags.push(format!("br-{commit_branch}-{image_version}"));
} else {
debug!("Running on the default branch");
tags.push(image_version.to_string());
tags.push(format!("{image_version}-{timestamp}"));
tags.push(timestamp.to_string());
}
}
} else {
warn!("Running locally");
tags.push(format!("{image_version}-local"));
}
info!("Finished generating tags!");
trace!("Tags: {tags:#?}");
tags
}
fn login(
registry: Option<&String>,
username: Option<&String>,
password: Option<&String>,
) -> Result<()> {
info!("Attempting to login to the registry");
trace!("login({registry:?}, {username:?}, [MASKED])");
let registry = match registry {
Some(registry) => registry.to_owned(),
None => env::var("CI_REGISTRY")?,
};
let username = match username {
Some(username) => username.to_owned(),
None => env::var("CI_REGISTRY_USER")?,
};
let password = match password {
Some(password) => password.to_owned(),
None => env::var("CI_REGISTRY_PASSWORD")?,
};
trace!("buildah login -u {username} -p [MASKED] {registry}");
match Command::new("buildah")
.arg("login")
.arg("-u")
.arg(&username)
.arg("-p")
.arg(&password)
.arg(&registry)
.status()?
.success()
{
true => info!("Buildah login success at {registry} for user {username}!"),
false => return Err(anyhow!("Failed to login for buildah!")),
}
trace!("cosign login -u {username} -p [MASKED] {registry}");
match Command::new("cosign")
.arg("login")
.arg("-u")
.arg(&username)
.arg("-p")
.arg(&password)
.arg(&registry)
.status()?
.success()
{
true => info!("Cosign login success at {registry} for user {username}!"),
false => return Err(anyhow!("Failed to login for cosign!")),
}
Ok(())
}
fn generate_full_image_name(
recipe: &Recipe,
registry: Option<&String>,
registry_path: Option<&String>,
push: bool, push: bool,
) -> Result<String> {
info!("Generating full image name");
trace!("generate_full_image_name({recipe:#?}, {registry:?}, {registry_path:?})");
let image_name = recipe.name.as_str(); /// The registry's domain name.
#[arg(long)]
#[builder(default, setter(into))]
registry: Option<String>,
let image_name = if env::var("CI").is_ok() { /// The url path to your base
warn!("Detected running in Gitlab CI"); /// project images.
if let (Ok(registry), Ok(project_namespace), Ok(project_name)) = ( #[arg(long)]
env::var("CI_REGISTRY"), #[builder(default, setter(into))]
env::var("CI_PROJECT_NAMESPACE"), registry_path: Option<String>,
env::var("CI_PROJECT_NAME"),
) {
trace!("CI_REGISTRY={registry}, CI_PROJECT_NAMESPACE={project_namespace}, CI_PROJECT_NAME={project_name}");
format!("{registry}/{project_namespace}/{project_name}/{image_name}")
} else {
bail!("Unable to generate image name for Gitlab CI env!")
}
} else {
warn!("Detected running locally");
if let (Some(registry), Some(registry_path)) = (registry, registry_path) {
format!(
"{}/{}/{image_name}",
registry.trim_matches('/'),
registry_path.trim_matches('/')
)
} else {
if push {
bail!("Need '--registry' and '--registry-path' in order to push image");
}
image_name.to_string()
}
};
info!("Using image name {image_name}"); /// The username to login to the
/// container registry.
#[arg(short, long)]
#[builder(default, setter(into))]
username: Option<String>,
Ok(image_name) /// The password to login to the
/// container registry.
#[arg(short, long)]
#[builder(default, setter(into))]
password: Option<String>,
} }
fn run_build(image_name: &str, tags: &[String], push: bool) -> Result<()> { impl BuildCommand {
trace!("run_build({image_name}, {tags:#?}, {push})"); pub fn run(&self) -> Result<()> {
info!("Templating for recipe at {}", self.recipe.display());
let mut tags_iter = tags.iter(); if let Err(e) = TemplateCommand::builder()
.recipe(self.recipe.clone())
let first_tag = tags_iter .containerfile(self.containerfile.clone())
.next() .output(Some(PathBuf::from("Containerfile")))
.ok_or(anyhow!("We got here with no tags!?"))?; .build()?
.run()
let full_image = format!("{image_name}:{first_tag}"); {
error!("Failed to template file: {e}");
trace!("buildah build -t {full_image}"); process::exit(1);
let status = Command::new("buildah")
.arg("build")
.arg("-t")
.arg(&full_image)
.status()?;
if status.success() {
info!("Successfully built {image_name}");
} else {
bail!("Failed to build {image_name}");
}
if tags.len() > 1 {
debug!("Tagging all images");
for tag in tags_iter {
debug!("Tagging {image_name} with {tag}");
let tag_image = format!("{image_name}:{tag}");
trace!("buildah tag {full_image} {tag_image}");
let status = Command::new("buildah")
.arg("tag")
.arg(&full_image)
.arg(&tag_image)
.status()?;
if status.success() {
info!("Successfully tagged {image_name}:{tag}!");
} else {
bail!("Failed to tag image {image_name}:{tag}");
}
}
}
if push {
debug!("Pushing all images");
for tag in tags.iter() {
debug!("Pushing image {image_name}:{tag}");
let tag_image = format!("{image_name}:{tag}");
trace!("buildah push {tag_image}");
let status = Command::new("buildah")
.arg("push")
.arg(&tag_image)
.status()?;
if status.success() {
info!("Successfully pushed {image_name}:{tag}!")
} else {
bail!("Failed to push image {image_name}:{tag}");
}
} }
sign_images(image_name, first_tag)?; info!("Building image for recipe at {}", self.recipe.display());
if let Err(e) = self.build_image() {
error!("Failed to build image: {e}");
process::exit(1);
}
Ok(())
} }
Ok(()) fn build_image(&self) -> Result<()> {
} trace!("BuildCommand::build_image()");
ops::check_command_exists("buildah")?;
fn sign_images(image_name: &str, tag: &str) -> Result<()> { if self.push {
trace!("sign_images({image_name}, {tag})"); ops::check_command_exists("cosign")?;
ops::check_command_exists("skopeo")?;
}
if env::var("SIGSTORE_ID_TOKEN").is_ok() && env::var("CI").is_ok() { let recipe: Recipe = serde_yaml::from_str(fs::read_to_string(&self.recipe)?.as_str())?;
debug!("SIGSTORE_ID_TOKEN detected, signing image");
if let ( let tags = self.generate_tags(&recipe);
Ok(project_url),
Ok(default_branch),
Ok(commit_branch),
Ok(server_protocol),
Ok(server_host),
) = (
env::var("CI_PROJECT_URL"),
env::var("CI_DEFAULT_BRANCH"),
env::var("CI_COMMIT_REF_NAME"),
env::var("CI_SERVER_PROTOCOL"),
env::var("CI_SERVER_HOST"),
) {
trace!("CI_PROJECT_URL={project_url}, CI_DEFAULT_BRANCH={default_branch}, CI_COMMIT_REF_NAME={commit_branch}, CI_SERVER_PROTOCOL={server_protocol}, CI_SERVER_HOST={server_host}");
if default_branch == commit_branch { let image_name = self.generate_full_image_name(&recipe)?;
debug!("On default branch, retrieving image digest");
let image_name_tag = format!("{image_name}:{tag}"); if self.push {
let image_url = format!("docker://{image_name_tag}"); self.login()?;
}
self.run_build(&image_name, &tags)?;
trace!("skopeo inspect --format='{{.Digest}}' {image_url}"); info!("Build complete!");
let image_digest = String::from_utf8(
Command::new("skopeo")
.arg("inspect")
.arg("--format='{{.Digest}}'")
.arg(&image_url)
.output()?
.stdout,
)?;
let image_digest = Ok(())
format!("{image_name}@{}", image_digest.trim().trim_matches('\'')); }
info!("Signing image: {image_digest}"); pub fn builder() -> BuildCommandBuilder {
BuildCommandBuilder::default()
}
env::set_var("COSIGN_PASSWORD", ""); fn generate_tags(&self, recipe: &Recipe) -> Vec<String> {
env::set_var("COSIGN_YES", "true"); debug!("Generating image tags for {}", &recipe.name);
trace!("BuildCommand::generate_tags({recipe:#?})");
trace!("cosign sign {image_digest}"); let mut tags: Vec<String> = Vec::new();
let status = Command::new("cosign") let image_version = recipe.image_version;
.arg("sign") let timestamp = Local::now().format("%Y%m%d").to_string();
.arg(&image_digest)
if env::var("CI").is_ok() {
warn!("Detected running in Gitlab, pulling information from CI variables");
if let (Ok(mr_iid), Ok(pipeline_source)) = (
env::var("CI_MERGE_REQUEST_IID"),
env::var("CI_PIPELINE_SOURCE"),
) {
trace!("CI_MERGE_REQUEST_IID={mr_iid}, CI_PIPELINE_SOURCE={pipeline_source}");
if pipeline_source == "merge_request_event" {
debug!("Running in a MR");
tags.push(format!("{mr_iid}-{image_version}"));
}
}
if let Ok(commit_sha) = env::var("CI_COMMIT_SHORT_SHA") {
trace!("CI_COMMIT_SHORT_SHA={commit_sha}");
tags.push(format!("{commit_sha}-{image_version}"));
}
if let (Ok(commit_branch), Ok(default_branch)) = (
env::var("CI_COMMIT_REF_NAME"),
env::var("CI_DEFAULT_BRANCH"),
) {
trace!("CI_COMMIT_REF_NAME={commit_branch}, CI_DEFAULT_BRANCH={default_branch}");
if default_branch != commit_branch {
debug!("Running on branch {commit_branch}");
tags.push(format!("br-{commit_branch}-{image_version}"));
} else {
debug!("Running on the default branch");
tags.push(image_version.to_string());
tags.push(format!("{image_version}-{timestamp}"));
tags.push(timestamp.to_string());
}
}
} else {
warn!("Running locally");
tags.push(format!("{image_version}-local"));
}
info!("Finished generating tags!");
trace!("Tags: {tags:#?}");
tags
}
fn login(&self) -> Result<()> {
info!("Attempting to login to the registry");
trace!("BuildCommand::login()");
let registry = match &self.registry {
Some(registry) => registry.to_owned(),
None => env::var("CI_REGISTRY")?,
};
let username = match &self.username {
Some(username) => username.to_owned(),
None => env::var("CI_REGISTRY_USER")?,
};
let password = match &self.password {
Some(password) => password.to_owned(),
None => env::var("CI_REGISTRY_PASSWORD")?,
};
trace!("buildah login -u {username} -p [MASKED] {registry}");
match Command::new("buildah")
.arg("login")
.arg("-u")
.arg(&username)
.arg("-p")
.arg(&password)
.arg(&registry)
.status()?
.success()
{
true => info!("Buildah login success at {registry} for user {username}!"),
false => return Err(anyhow!("Failed to login for buildah!")),
}
trace!("cosign login -u {username} -p [MASKED] {registry}");
match Command::new("cosign")
.arg("login")
.arg("-u")
.arg(&username)
.arg("-p")
.arg(&password)
.arg(&registry)
.status()?
.success()
{
true => info!("Cosign login success at {registry} for user {username}!"),
false => return Err(anyhow!("Failed to login for cosign!")),
}
Ok(())
}
fn generate_full_image_name(&self, recipe: &Recipe) -> Result<String> {
info!("Generating full image name");
trace!("BuildCommand::generate_full_image_name({recipe:#?})");
let image_name = recipe.name.as_str();
let image_name = if env::var("CI").is_ok() {
warn!("Detected running in Gitlab CI");
if let (Ok(registry), Ok(project_namespace), Ok(project_name)) = (
env::var("CI_REGISTRY"),
env::var("CI_PROJECT_NAMESPACE"),
env::var("CI_PROJECT_NAME"),
) {
trace!("CI_REGISTRY={registry}, CI_PROJECT_NAMESPACE={project_namespace}, CI_PROJECT_NAME={project_name}");
format!("{registry}/{project_namespace}/{project_name}/{image_name}")
} else {
bail!("Unable to generate image name for Gitlab CI env!")
}
} else {
warn!("Detected running locally");
if let (Some(registry), Some(registry_path)) =
(self.registry.as_ref(), self.registry_path.as_ref())
{
format!(
"{}/{}/{image_name}",
registry.trim_matches('/'),
registry_path.trim_matches('/')
)
} else {
if self.push {
bail!("Need '--registry' and '--registry-path' in order to push image");
}
image_name.to_string()
}
};
info!("Using image name {image_name}");
Ok(image_name)
}
fn run_build(&self, image_name: &str, tags: &[String]) -> Result<()> {
trace!("BuildCommand::run_build({image_name}, {tags:#?})");
let mut tags_iter = tags.iter();
let first_tag = tags_iter
.next()
.ok_or(anyhow!("We got here with no tags!?"))?;
let full_image = format!("{image_name}:{first_tag}");
trace!("buildah build -t {full_image}");
let status = Command::new("buildah")
.arg("build")
.arg("-t")
.arg(&full_image)
.status()?;
if status.success() {
info!("Successfully built {image_name}");
} else {
bail!("Failed to build {image_name}");
}
if tags.len() > 1 {
debug!("Tagging all images");
for tag in tags_iter {
debug!("Tagging {image_name} with {tag}");
let tag_image = format!("{image_name}:{tag}");
trace!("buildah tag {full_image} {tag_image}");
let status = Command::new("buildah")
.arg("tag")
.arg(&full_image)
.arg(&tag_image)
.status()?; .status()?;
if status.success() { if status.success() {
info!("Successfully signed image!"); info!("Successfully tagged {image_name}:{tag}!");
} else { } else {
bail!("Failed to sign image: {image_digest}"); bail!("Failed to tag image {image_name}:{tag}");
}
let cert_ident =
format!("{project_url}//.gitlab-ci.yml@refs/heads/{default_branch}");
let cert_oidc = format!("{server_protocol}://{server_host}");
trace!("cosign verify --certificate-identity {cert_ident}");
let status = Command::new("cosign")
.arg("verify")
.arg("--certificate-identity")
.arg(&cert_ident)
.arg("--certificate-oidc-issuer")
.arg(&cert_oidc)
.arg(&image_name_tag)
.status()?;
if !status.success() {
bail!("Failed to verify image!");
} }
} }
} }
} else {
debug!("No SIGSTORE_ID_TOKEN detected, not signing image"); if self.push {
debug!("Pushing all images");
for tag in tags.iter() {
debug!("Pushing image {image_name}:{tag}");
let tag_image = format!("{image_name}:{tag}");
trace!("buildah push {tag_image}");
let status = Command::new("buildah")
.arg("push")
.arg(&tag_image)
.status()?;
if status.success() {
info!("Successfully pushed {image_name}:{tag}!")
} else {
bail!("Failed to push image {image_name}:{tag}");
}
}
self.sign_images(image_name, first_tag)?;
}
Ok(())
} }
Ok(()) fn sign_images(&self, image_name: &str, tag: &str) -> Result<()> {
} trace!("BuildCommand::sign_images({image_name}, {tag})");
pub fn build_image( if env::var("SIGSTORE_ID_TOKEN").is_ok() && env::var("CI").is_ok() {
recipe: &Path, debug!("SIGSTORE_ID_TOKEN detected, signing image");
registry: Option<&String>,
registry_path: Option<&String>, if let (
username: Option<&String>, Ok(project_url),
password: Option<&String>, Ok(default_branch),
push: bool, Ok(commit_branch),
) -> Result<()> { Ok(server_protocol),
trace!("ublue_rs::build_image({recipe:?}, {registry:?}, {registry_path:?}, {username:?}, [MASKED], {push})"); Ok(server_host),
check_command_exists("buildah")?; ) = (
if push { env::var("CI_PROJECT_URL"),
check_command_exists("cosign")?; env::var("CI_DEFAULT_BRANCH"),
check_command_exists("skopeo")?; env::var("CI_COMMIT_REF_NAME"),
} env::var("CI_SERVER_PROTOCOL"),
env::var("CI_SERVER_HOST"),
let recipe: Recipe = serde_yaml::from_str(fs::read_to_string(recipe)?.as_str())?; ) {
trace!("CI_PROJECT_URL={project_url}, CI_DEFAULT_BRANCH={default_branch}, CI_COMMIT_REF_NAME={commit_branch}, CI_SERVER_PROTOCOL={server_protocol}, CI_SERVER_HOST={server_host}");
let tags = generate_tags(&recipe);
if default_branch == commit_branch {
let image_name = generate_full_image_name(&recipe, registry, registry_path, push)?; debug!("On default branch, retrieving image digest");
if push { let image_name_tag = format!("{image_name}:{tag}");
login(registry, username, password)?; let image_url = format!("docker://{image_name_tag}");
}
run_build(&image_name, &tags, push)?; trace!("skopeo inspect --format='{{.Digest}}' {image_url}");
let image_digest = String::from_utf8(
info!("Build complete!"); Command::new("skopeo")
.arg("inspect")
Ok(()) .arg("--format='{{.Digest}}'")
.arg(&image_url)
.output()?
.stdout,
)?;
let image_digest =
format!("{image_name}@{}", image_digest.trim().trim_matches('\''));
info!("Signing image: {image_digest}");
env::set_var("COSIGN_PASSWORD", "");
env::set_var("COSIGN_YES", "true");
trace!("cosign sign {image_digest}");
let status = Command::new("cosign")
.arg("sign")
.arg(&image_digest)
.status()?;
if status.success() {
info!("Successfully signed image!");
} else {
bail!("Failed to sign image: {image_digest}");
}
let cert_ident =
format!("{project_url}//.gitlab-ci.yml@refs/heads/{default_branch}");
let cert_oidc = format!("{server_protocol}://{server_host}");
trace!("cosign verify --certificate-identity {cert_ident}");
let status = Command::new("cosign")
.arg("verify")
.arg("--certificate-identity")
.arg(&cert_ident)
.arg("--certificate-oidc-issuer")
.arg(&cert_oidc)
.arg(&image_name_tag)
.status()?;
if !status.success() {
bail!("Failed to verify image!");
}
}
}
} else {
debug!("No SIGSTORE_ID_TOKEN detected, not signing image");
}
Ok(())
}
} }

57
src/init.rs
View file

@ -1,19 +1,44 @@
const GITLAB_CI_FILE: &'static str = include_str!("../templates/init/gitlab-ci.yml"); use std::path::{Path, PathBuf};
const RECIPE_FILE: &'static str = include_str!("../templates/init/recipe.yml");
use anyhow::Result;
use clap::Args;
use derive_builder::Builder;
const GITLAB_CI_FILE: &'static str = include_str!("../templates/init/gitlab-ci.yml.tera");
const RECIPE_FILE: &'static str = include_str!("../templates/init/recipe.yml.tera");
const LICENSE_FILE: &'static str = include_str!("../LICENSE"); const LICENSE_FILE: &'static str = include_str!("../LICENSE");
pub fn initialize_directory(base_dir: PathBuf) { #[derive(Debug, Clone, Args, Builder)]
let recipe_path = base_dir.join("recipe.yml"); pub struct InitCommand {
/// The directory to extract the files into. Defaults to the current directory
let gitlab_ci_path = base_dir.join(".gitlab-ci.yml"); #[arg()]
dir: Option<PathBuf>,
let readme_path = base_dir.join("README.md"); }
let license_path = base_dir.join("LICENSE"); impl InitCommand {
pub fn run(&self) -> Result<()> {
let scripts_dir = base_dir.join("scripts/"); let base_dir = match self.dir.as_ref() {
Some(dir) => dir,
let pre_scripts_dir = scripts_dir.join("pre/"); None => std::path::Path::new("./"),
};
let post_scripts_dir = scripts_dir.join("post/");
self.initialize_directory(base_dir);
Ok(())
}
fn initialize_directory(&self, base_dir: &Path) {
let recipe_path = base_dir.join("recipe.yml");
let gitlab_ci_path = base_dir.join(".gitlab-ci.yml");
let readme_path = base_dir.join("README.md");
let license_path = base_dir.join("LICENSE");
let scripts_dir = base_dir.join("scripts/");
let pre_scripts_dir = scripts_dir.join("pre/");
let post_scripts_dir = scripts_dir.join("post/");
}
} }

139
src/lib.rs
View file

@ -15,140 +15,5 @@ pub mod init;
pub mod build; pub mod build;
pub mod module_recipe; pub mod module_recipe;
mod ops;
use std::{ pub mod template;
collections::HashMap,
fs,
path::{Path, PathBuf},
};
use anyhow::Result;
use log::{debug, info, trace};
use module_recipe::Recipe;
use tera::{Context, Tera};
pub const DEFAULT_CONTAINERFILE: &str = include_str!("../templates/Containerfile.tera");
fn setup_tera(recipe: &Path, containerfile: Option<&PathBuf>) -> Result<(Tera, Context)> {
trace!("setup_tera({recipe:?}, {containerfile:?})");
debug!("Deserializing recipe");
let recipe_de = serde_yaml::from_str::<Recipe>(fs::read_to_string(recipe)?.as_str())?;
trace!("recipe_de: {recipe_de:#?}");
debug!("Building context");
let mut context = Context::from_serialize(recipe_de)?;
trace!("add to context 'recipe': {recipe:?}");
context.insert("recipe", &recipe);
let mut tera = Tera::default();
match containerfile {
Some(containerfile) => {
debug!("Using {} as the template", containerfile.display());
tera.add_raw_template("Containerfile", &fs::read_to_string(containerfile)?)?
}
None => tera.add_raw_template("Containerfile", DEFAULT_CONTAINERFILE)?,
}
debug!("Registering function `print_containerfile`");
tera.register_function(
"print_containerfile",
|args: &HashMap<String, tera::Value>| -> tera::Result<tera::Value> {
trace!("tera fn print_containerfile({args:#?})");
match args.get("containerfile") {
Some(v) => match v.as_str() {
Some(containerfile) => {
debug!("Loading containerfile contents for {containerfile}");
let path = format!("config/containerfiles/{containerfile}/Containerfile");
let path = Path::new(path.as_str());
let file = fs::read_to_string(path)?;
trace!("Containerfile contents {}:\n{file}", path.display());
Ok(file.into())
}
None => Err("Arg containerfile wasn't a string".into()),
},
None => Err("Needs the argument 'containerfile'".into()),
}
},
);
debug!("Registering function `print_module_context`");
tera.register_function(
"print_module_context",
|args: &HashMap<String, tera::Value>| -> tera::Result<tera::Value> {
trace!("tera fn print_module_context({args:#?})");
match args.get("module") {
Some(v) => match serde_json::to_string(v) {
Ok(s) => Ok(s.into()),
Err(e) => Err(format!("Unable to serialize: {e}").into()),
},
None => Err("Needs the argument 'module'".into()),
}
},
);
debug!("Registering function `get_module_from_file`");
tera.register_function(
"get_module_from_file",
|args: &HashMap<String, tera::Value>| -> tera::Result<tera::Value> {
trace!("tera fn get_module_from_file({args:#?})");
match args.get("file") {
Some(v) => {
let file = match v.as_str() {
Some(s) => s,
None => return Err("Property 'from-file' must be a string".into()),
};
trace!("from-file: {file}");
match serde_yaml::from_str::<tera::Value>(
fs::read_to_string(format!("config/{file}"))?.as_str(),
) {
Ok(context) => {
trace!("context: {context}");
Ok(context)
}
Err(_) => Err(format!("Unable to deserialize file {file}").into()),
}
}
None => Err("Needs the argument 'file'".into()),
}
},
);
Ok((tera, context))
}
pub fn template_file(
recipe: &Path,
containerfile: Option<&PathBuf>,
output: Option<&PathBuf>,
) -> Result<()> {
trace!("template_file({recipe:?}, {containerfile:?}, {output:?})");
debug!("Setting up tera");
let (tera, context) = setup_tera(recipe, containerfile)?;
trace!("tera: {tera:#?}");
trace!("context: {context:#?}");
debug!("Rendering Containerfile");
let output_str = tera.render("Containerfile", &context)?;
if let Some(output) = output {
debug!("Templating to file {}", output.display());
trace!("Containerfile:\n{output_str}");
std::fs::write(output, output_str)?;
} else {
debug!("Templating to stdout");
println!("{output_str}");
}
info!("Finished templating Containerfile");
Ok(())
}

25
src/ops.rs Normal file
View file

@ -0,0 +1,25 @@
use std::process::Command;
use anyhow::{anyhow, Result};
use log::{debug, trace};
pub fn check_command_exists(command: &str) -> Result<()> {
debug!("Checking if {command} exists");
trace!("check_command_exists({command})");
trace!("command -v {command}");
match Command::new("command")
.arg("-v")
.arg(command)
.status()?
.success()
{
true => {
debug!("Command {command} does exist");
Ok(())
}
false => Err(anyhow!(
"Command {command} doesn't exist and is required to build the image"
)),
}
}

173
src/template.rs Normal file
View file

@ -0,0 +1,173 @@
use std::{
collections::HashMap,
fs,
path::{Path, PathBuf},
process,
};
use anyhow::Result;
use clap::Args;
use derive_builder::Builder;
use log::{debug, error, info, trace};
use tera::{Context, Tera};
use crate::module_recipe::Recipe;
pub const DEFAULT_CONTAINERFILE: &str = include_str!("../templates/Containerfile.tera");
#[derive(Debug, Clone, Args, Builder)]
pub struct TemplateCommand {
/// The recipe file to create a template from
#[arg()]
recipe: PathBuf,
/// Optional Containerfile to use as a template
#[arg(short, long)]
#[builder(default)]
containerfile: Option<PathBuf>,
/// File to output to instead of STDOUT
#[arg(short, long)]
#[builder(default)]
output: Option<PathBuf>,
}
impl TemplateCommand {
pub fn run(&self) -> Result<()> {
info!("Templating for recipe at {}", self.recipe.display());
if let Err(e) = self.template_file() {
error!("Failed to template file: {e}");
process::exit(1);
}
Ok(())
}
fn template_file(&self) -> Result<()> {
trace!("TemplateCommand::template_file()");
debug!("Setting up tera");
let (tera, context) = self.setup_tera()?;
trace!("tera: {tera:#?}");
trace!("context: {context:#?}");
debug!("Rendering Containerfile");
let output_str = tera.render("Containerfile", &context)?;
match self.output.as_ref() {
Some(output) => {
debug!("Templating to file {}", output.display());
trace!("Containerfile:\n{output_str}");
std::fs::write(output, output_str)?;
}
None => {
debug!("Templating to stdout");
println!("{output_str}");
}
}
info!("Finished templating Containerfile");
Ok(())
}
pub fn builder() -> TemplateCommandBuilder {
TemplateCommandBuilder::default()
}
fn setup_tera(&self) -> Result<(Tera, Context)> {
trace!("TemplateCommand::setup_tera()");
debug!("Deserializing recipe");
let recipe_de = serde_yaml::from_str::<Recipe>(fs::read_to_string(&self.recipe)?.as_str())?;
trace!("recipe_de: {recipe_de:#?}");
debug!("Building context");
let mut context = Context::from_serialize(recipe_de)?;
trace!("add to context 'recipe': {}", self.recipe.display());
context.insert("recipe", &self.recipe);
let mut tera = Tera::default();
match self.containerfile.as_ref() {
Some(containerfile) => {
debug!("Using {} as the template", containerfile.display());
tera.add_raw_template("Containerfile", &fs::read_to_string(containerfile)?)?
}
None => tera.add_raw_template("Containerfile", DEFAULT_CONTAINERFILE)?,
}
debug!("Registering function `print_containerfile`");
tera.register_function(
"print_containerfile",
|args: &HashMap<String, tera::Value>| -> tera::Result<tera::Value> {
trace!("tera fn print_containerfile({args:#?})");
match args.get("containerfile") {
Some(v) => match v.as_str() {
Some(containerfile) => {
debug!("Loading containerfile contents for {containerfile}");
let path =
format!("config/containerfiles/{containerfile}/Containerfile");
let path = Path::new(path.as_str());
let file = fs::read_to_string(path)?;
trace!("Containerfile contents {}:\n{file}", path.display());
Ok(file.into())
}
None => Err("Arg containerfile wasn't a string".into()),
},
None => Err("Needs the argument 'containerfile'".into()),
}
},
);
debug!("Registering function `print_module_context`");
tera.register_function(
"print_module_context",
|args: &HashMap<String, tera::Value>| -> tera::Result<tera::Value> {
trace!("tera fn print_module_context({args:#?})");
match args.get("module") {
Some(v) => match serde_json::to_string(v) {
Ok(s) => Ok(s.into()),
Err(e) => Err(format!("Unable to serialize: {e}").into()),
},
None => Err("Needs the argument 'module'".into()),
}
},
);
debug!("Registering function `get_module_from_file`");
tera.register_function(
"get_module_from_file",
|args: &HashMap<String, tera::Value>| -> tera::Result<tera::Value> {
trace!("tera fn get_module_from_file({args:#?})");
match args.get("file") {
Some(v) => {
let file = match v.as_str() {
Some(s) => s,
None => return Err("Property 'from-file' must be a string".into()),
};
trace!("from-file: {file}");
match serde_yaml::from_str::<tera::Value>(
fs::read_to_string(format!("config/{file}"))?.as_str(),
) {
Ok(context) => {
trace!("context: {context}");
Ok(context)
}
Err(_) => Err(format!("Unable to deserialize file {file}").into()),
}
}
None => Err("Needs the argument 'file'".into()),
}
},
);
Ok((tera, context))
}
}

10
templates/init/gitlab-ci.yml
View file

@ -1,10 +0,0 @@
include:
- project: "wunker-bunker/ci-pipelines"
file: "/ublue-build.yml"
.recipe-matrix:
parallel:
matrix:
# As you create more recipes to build, add them below
- RECIPE:
- recipe.yml

29
templates/init/gitlab-ci.yml.tera Normal file
View file

@ -0,0 +1,29 @@
workflow:
rules:
stages:
- build
variables:
ACTION:
description: "Action to perform for the pipeline."
value: "build-image"
options:
- "build-image"
build-image:
stage: build
image: registry.gitlab.com/wunker-bunker/ublue-cli
retry: 2
rules:
- if: $ACTION == "build-image"
parallel:
matrix:
# As you create more recipes to build, add them below
- RECIPE:
- recipe.yml
id_tokens:
SIGSTORE_ID_TOKEN:
aud: sigstore
script:
- ublue build --push ./config/$RECIPE

4
templates/init/recipe.yml → templates/init/recipe.yml.tera
View file

@ -1,5 +1,5 @@
# image will be published to ghcr.io/<user>/<name> # image will be published to registry.gitlab.com/<user>/<name>
name: startingpoint name: {{ name }}
# description will be included in the image's metadata # description will be included in the image's metadata
description: A starting point for further customization of uBlue images. Make your own! https://ublue.it/making-your-own/ description: A starting point for further customization of uBlue images. Make your own! https://ublue.it/making-your-own/