Skip to content

Commit

Permalink
Enable hermetic builds
Browse files Browse the repository at this point in the history
Signed-off-by: Dale Haiducek <[email protected]>
  • Loading branch information
dhaiducek committed Jan 16, 2025
1 parent 78b723f commit ea6714d
Show file tree
Hide file tree
Showing 5 changed files with 34 additions and 9 deletions.
8 changes: 7 additions & 1 deletion .tekton/config-policy-controller-acm-213-pull-request.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ metadata:
build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "release-2.13"
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main"
creationTimestamp: null
labels:
appstudio.openshift.io/application: release-acm-213
Expand All @@ -32,6 +32,12 @@ spec:
value: build/Dockerfile.rhtap
- name: path-context
value: .
- name: build-source-image
value: "true"
- name: hermetic
value: "true"
- name: prefetch-input
value: '[{"type": "gomod", "path": "."}]'
pipelineSpec:
description: |
This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.
Expand Down
6 changes: 6 additions & 0 deletions .tekton/config-policy-controller-acm-213-push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,12 @@ spec:
value: build/Dockerfile.rhtap
- name: path-context
value: .
- name: build-source-image
value: "true"
- name: hermetic
value: "true"
- name: prefetch-input
value: '[{"type": "gomod", "path": "."}]'
pipelineSpec:
description: |
This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ gosec-scan: GOSEC_ARGS = -exclude-generated

.PHONY: build
build:
CGO_ENABLED=1 go build -o build/_output/bin/$(IMG) ./
CGO_ENABLED=1 go build -mod=readonly -o build/_output/bin/$(IMG) ./

.PHONY: build-cmd
build-cmd: manifests
Expand Down
13 changes: 10 additions & 3 deletions build/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,14 @@ RUN /usr/local/bin/user_setup

ENTRYPOINT ["/usr/local/bin/entrypoint", "controller"]

RUN microdnf update -y && \
microdnf clean all

USER ${USER_UID}

LABEL name="rhacm2/config-policy-controller-rhel9"
LABEL summary="Audit and enforce cluster configuration"
LABEL description="The ConfigurationPolicy kind compares the desired object defined in the policy with the objects on the cluster. \
The OperatorPolicy kind determines whether operators deployed on the cluster match the configuration in the policy."
LABEL io.k8s.display-name="Configuration policy controller"
LABEL io.k8s.description="The ConfigurationPolicy kind compares the desired object defined in the policy with the objects on the cluster. \
The OperatorPolicy kind determines whether operators deployed on the cluster match the configuration in the policy."
LABEL com.redhat.component="acm-config-policy-controller-container"
LABEL io.openshift.tags="data,images"
14 changes: 10 additions & 4 deletions build/Dockerfile.rhtap
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ ENV COMPONENT=config-policy-controller
ENV REPO_PATH=/go/src/github.com/stolostron/${COMPONENT}
WORKDIR ${REPO_PATH}
COPY . .
RUN go mod vendor
RUN make build

# Stage 2: Copy the binaries from the image builder to the base image
Expand All @@ -27,7 +26,14 @@ RUN /usr/local/bin/user_setup

ENTRYPOINT ["/usr/local/bin/entrypoint", "controller"]

RUN microdnf update -y && \
microdnf clean all

USER ${USER_UID}

LABEL name="rhacm2/config-policy-controller-rhel9"
LABEL summary="Audit and enforce cluster configuration"
LABEL description="The ConfigurationPolicy kind compares the desired object defined in the policy with the objects on the cluster. \
The OperatorPolicy kind determines whether operators deployed on the cluster match the configuration in the policy."
LABEL io.k8s.display-name="Configuration policy controller"
LABEL io.k8s.description="The ConfigurationPolicy kind compares the desired object defined in the policy with the objects on the cluster. \
The OperatorPolicy kind determines whether operators deployed on the cluster match the configuration in the policy."
LABEL com.redhat.component="acm-config-policy-controller-container"
LABEL io.openshift.tags="data,images"

0 comments on commit ea6714d

Please sign in to comment.