Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2025-01-03 14:37:44 +01:00
Code Issues Projects Releases Wiki Activity

chore: Build Trivy adapter from sources

Browse Source 
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
This commit is contained in:
Daniel Pacak 2020-02-13 15:32:57 +01:00
parent 5f110c800a
commit 4755439b75
4 changed files with 55 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
make/photon/Makefile
View File

@ -155,7 +155,7 @@ _build_clair_adapter:
$(call _extract_archive, https://github.com/goharbor/harbor-scanner-clair/releases/download/$(CLAIRADAPTERVERSION)/harbor-scanner-clair_$(CLAIRADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz, $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/) && \ $(call _extract_archive, https://github.com/goharbor/harbor-scanner-clair/releases/download/$(CLAIRADAPTERVERSION)/harbor-scanner-clair_$(CLAIRADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz, $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/) && \
mv $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/scanner-clair $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/harbor-scanner-clair; \ mv $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/scanner-clair $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/harbor-scanner-clair; \
else \ else \
cd $(DOCKERFILEPATH_CLAIR_ADAPTER) && $(DOCKERFILEPATH_CLAIR_ADAPTER)/builder $(CLAIRADAPTERVERSION) && cd - ; \ cd $(DOCKERFILEPATH_CLAIR_ADAPTER) && $(DOCKERFILEPATH_CLAIR_ADAPTER)/builder.sh $(CLAIRADAPTERVERSION) && cd - ; \
fi ; \ fi ; \
echo "building clair adapter container for photon..." ; \ echo "building clair adapter container for photon..." ; \
$(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) -f $(DOCKERFILEPATH_CLAIR_ADAPTER)/$(DOCKERFILENAME_CLAIR_ADAPTER) -t $(DOCKERIMAGENAME_CLAIR_ADAPTER):$(CLAIRADAPTERVERSION)-$(VERSIONTAG) . ; \ $(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) -f $(DOCKERFILEPATH_CLAIR_ADAPTER)/$(DOCKERFILENAME_CLAIR_ADAPTER) -t $(DOCKERIMAGENAME_CLAIR_ADAPTER):$(CLAIRADAPTERVERSION)-$(VERSIONTAG) . ; \
@ -165,13 +165,21 @@ _build_clair_adapter:
_build_trivy_adapter: _build_trivy_adapter:
@if [ "$(TRIVYFLAG)" = "true" ] ; then \ @if [ "$(TRIVYFLAG)" = "true" ] ; then \
rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary ; \
echo "Downloading Trivy scanner $(TRIVYVERSION)..." ; \
$(call _extract_archive, https://github.com/aquasecurity/trivy/releases/download/$(TRIVYVERSION)/trivy_$(TRIVYVERSION:v%=%)_Linux-64bit.tar.gz, $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \
if [ "$(BUILDBIN)" != "true" ] ; then \ if [ "$(BUILDBIN)" != "true" ] ; then \
rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && \ echo "Downloading Trivy adapter $(TRIVYADAPTERVERSION)..." ; \
$(call _extract_archive, https://github.com/aquasecurity/trivy/releases/download/$(TRIVYVERSION)/trivy_$(TRIVYVERSION:v%=%)_Linux-64bit.tar.gz, $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) && \
$(call _extract_archive, https://github.com/aquasecurity/harbor-scanner-trivy/releases/download/$(TRIVYADAPTERVERSION)/harbor-scanner-trivy_$(TRIVYADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz, $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \ $(call _extract_archive, https://github.com/aquasecurity/harbor-scanner-trivy/releases/download/$(TRIVYADAPTERVERSION)/harbor-scanner-trivy_$(TRIVYADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz, $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \
else \
echo "Building Trivy adapter $(TRIVYADAPTERVERSION) from sources..." ; \
cd $(DOCKERFILEPATH_TRIVY_ADAPTER) && $(DOCKERFILEPATH_TRIVY_ADAPTER)/builder.sh $(TRIVYADAPTERVERSION) && cd - ; \
fi ; \ fi ; \
echo "building trivy adapter container for photon..." ; \ echo "Building Trivy adapter container for photon..." ; \
$(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg trivy_version=$(TRIVYVERSION) -f $(DOCKERFILEPATH_TRIVY_ADAPTER)/$(DOCKERFILENAME_TRIVY_ADAPTER) -t $(DOCKERIMAGENAME_TRIVY_ADAPTER):$(TRIVYADAPTERVERSION)-$(VERSIONTAG) . ; \ $(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) \
--build-arg trivy_version=$(TRIVYVERSION) \
-f $(DOCKERFILEPATH_TRIVY_ADAPTER)/$(DOCKERFILENAME_TRIVY_ADAPTER) \
-t $(DOCKERIMAGENAME_TRIVY_ADAPTER):$(TRIVYADAPTERVERSION)-$(VERSIONTAG) . ; \
rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary; \ rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary; \
echo "Done." ; \ echo "Done." ; \
fi fi

0
make/photon/clair-adapter/builder → make/photon/clair-adapter/builder.sh
View File

7
make/photon/trivy-adapter/Dockerfile.binary Normal file
View File

@ -0,0 +1,7 @@
FROM golang:1.13.4
ADD . /go/src/github.com/aquasecurity/harbor-scanner-trivy/
WORKDIR /go/src/github.com/aquasecurity/harbor-scanner-trivy/
RUN export GOOS=linux GO111MODULE=on CGO_ENABLED=0 && \
go build -o scanner-trivy cmd/scanner-trivy/main.go

35
make/photon/trivy-adapter/builder.sh Executable file
View File

@ -0,0 +1,35 @@
#!/bin/bash
set +e
if [ -z $1 ]; then
error "Please set the 'version' variable"
exit 1
fi
VERSION="$1"
set -e
cd `dirname $0`
cur=$PWD
# the temp folder to store distribution source code...
TEMP=`mktemp -d ${TMPDIR-/tmp}/trivy-adapter.XXXXXX`
git clone https://github.com/aquasecurity/harbor-scanner-trivy.git $TEMP
cd $TEMP; git checkout $VERSION; cd -
echo 'build the trivy adapter binary bases on the golang:1.13.4'
cp Dockerfile.binary $TEMP
docker build -f $TEMP/Dockerfile.binary -t trivy-adapter-golang $TEMP
echo 'copy the trivy adapter binary to local...'
ID=$(docker create trivy-adapter-golang)
docker cp $ID:/go/src/github.com/aquasecurity/harbor-scanner-trivy/scanner-trivy binary
docker rm -f $ID
docker rmi -f trivy-adapter-golang
echo "Build trivy adapter binary success, then to build photon image..."
cd $cur
rm -rf $TEMP