This repository has been archived by the owner on Nov 1, 2023. It is now read-only.
forked from gardenlinux/builder_example
-
Notifications
You must be signed in to change notification settings - Fork 0
/
build
executable file
·114 lines (97 loc) · 2.6 KB
/
build
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/usr/bin/env bash
set -euo pipefail
shopt -s nullglob
container_image=ghcr.io/gardenlinux/builder:301ce9f70045c001c5d724c2f9d1a9503e1d5ccc
container_engine=podman
target_dir=.build
container_run_opts=(
--security-opt seccomp=unconfined
--security-opt apparmor=unconfined
--security-opt label=disable
--read-only
)
container_cmd=()
use_kms=0
resolve_cname=0
while [ $# -gt 0 ]; do
case "$1" in
--container-image)
container_image="$2"
shift 2
;;
--container-engine)
container_engine="$2"
shift 2
;;
--container-run-opts)
declare -a "container_run_opts=($2)"
shift 2
;;
--privileged)
container_run_opts+=(--privileged)
container_cmd=(--second-stage)
shift
;;
--kms)
use_kms=1
shift
;;
--print-container-image)
printf '%s\n' "$container_image"
exit 0
;;
--resolve-cname)
resolve_cname=1
shift
;;
--target)
target_dir="$2"
shift 2
;;
*)
break
;;
esac
done
[ -d "$target_dir" ] || mkdir "$target_dir"
container_mount_opts=(
-v "$PWD/keyring.gpg:/builder/keyring.gpg:ro"
-v "$(realpath "$target_dir"):/builder/.build"
)
for feature in features/*; do
if [ -d "$feature" ]; then
container_mount_opts+=(-v "$(realpath -- "$feature"):/builder/$feature:ro")
fi
done
if [ "$container_image" = localhost/builder ]; then
dir="$(dirname -- "$(realpath -- "${BASH_SOURCE[0]}")")"
"$container_engine" build -t "$container_image" "$dir"
fi
repo="$(./get_repo)"
commit="$(./get_commit)"
timestamp="$(./get_timestamp)"
default_version="$(./get_version)"
if [ "$resolve_cname" = 1 ]; then
arch="$("$container_engine" run --rm "${container_run_opts[@]}" "${container_mount_opts[@]}" "$container_image" dpkg --print-architecture)"
cname="$("$container_engine" run --rm "${container_run_opts[@]}" "${container_mount_opts[@]}" "$container_image" /builder/parse_features --feature-dir /builder/features --default-arch "$arch" --default-version "$default_version" --cname "$1")"
short_commit="$(head -c 8 <<< "$commit")"
echo "$cname-$short_commit"
exit 0
fi
make_opts=(
REPO="$repo"
COMMIT="$commit"
TIMESTAMP="$timestamp"
DEFAULT_VERSION="$default_version"
)
if [ "$use_kms" = 1 ]; then
for e in AWS_DEFAULT_REGION AWS_REGION AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN; do
if [ -n "${!e-}" ]; then
make_opts+=("$e=${!e}")
fi
done
fi
if [ -d cert ]; then
container_mount_opts+=(-v "$PWD/cert:/builder/cert:ro")
fi
"$container_engine" run --rm "${container_run_opts[@]}" "${container_mount_opts[@]}" "$container_image" ${container_cmd[@]+"${container_cmd[@]}"} make --no-print-directory -C /builder "${make_opts[@]}" "$@"