mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-06 16:08:29 +01:00
chore: Build Trivy adapter from sources
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
This commit is contained in:
parent
5f110c800a
commit
4755439b75
make/photon
@ -155,7 +155,7 @@ _build_clair_adapter:
|
||||
$(call _extract_archive, https://github.com/goharbor/harbor-scanner-clair/releases/download/$(CLAIRADAPTERVERSION)/harbor-scanner-clair_$(CLAIRADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz, $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/) && \
|
||||
mv $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/scanner-clair $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/harbor-scanner-clair; \
|
||||
else \
|
||||
cd $(DOCKERFILEPATH_CLAIR_ADAPTER) && $(DOCKERFILEPATH_CLAIR_ADAPTER)/builder $(CLAIRADAPTERVERSION) && cd - ; \
|
||||
cd $(DOCKERFILEPATH_CLAIR_ADAPTER) && $(DOCKERFILEPATH_CLAIR_ADAPTER)/builder.sh $(CLAIRADAPTERVERSION) && cd - ; \
|
||||
fi ; \
|
||||
echo "building clair adapter container for photon..." ; \
|
||||
$(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) -f $(DOCKERFILEPATH_CLAIR_ADAPTER)/$(DOCKERFILENAME_CLAIR_ADAPTER) -t $(DOCKERIMAGENAME_CLAIR_ADAPTER):$(CLAIRADAPTERVERSION)-$(VERSIONTAG) . ; \
|
||||
@ -165,13 +165,21 @@ _build_clair_adapter:
|
||||
|
||||
_build_trivy_adapter:
|
||||
@if [ "$(TRIVYFLAG)" = "true" ] ; then \
|
||||
rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary ; \
|
||||
echo "Downloading Trivy scanner $(TRIVYVERSION)..." ; \
|
||||
$(call _extract_archive, https://github.com/aquasecurity/trivy/releases/download/$(TRIVYVERSION)/trivy_$(TRIVYVERSION:v%=%)_Linux-64bit.tar.gz, $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \
|
||||
if [ "$(BUILDBIN)" != "true" ] ; then \
|
||||
rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && \
|
||||
$(call _extract_archive, https://github.com/aquasecurity/trivy/releases/download/$(TRIVYVERSION)/trivy_$(TRIVYVERSION:v%=%)_Linux-64bit.tar.gz, $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) && \
|
||||
echo "Downloading Trivy adapter $(TRIVYADAPTERVERSION)..." ; \
|
||||
$(call _extract_archive, https://github.com/aquasecurity/harbor-scanner-trivy/releases/download/$(TRIVYADAPTERVERSION)/harbor-scanner-trivy_$(TRIVYADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz, $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \
|
||||
else \
|
||||
echo "Building Trivy adapter $(TRIVYADAPTERVERSION) from sources..." ; \
|
||||
cd $(DOCKERFILEPATH_TRIVY_ADAPTER) && $(DOCKERFILEPATH_TRIVY_ADAPTER)/builder.sh $(TRIVYADAPTERVERSION) && cd - ; \
|
||||
fi ; \
|
||||
echo "building trivy adapter container for photon..." ; \
|
||||
$(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg trivy_version=$(TRIVYVERSION) -f $(DOCKERFILEPATH_TRIVY_ADAPTER)/$(DOCKERFILENAME_TRIVY_ADAPTER) -t $(DOCKERIMAGENAME_TRIVY_ADAPTER):$(TRIVYADAPTERVERSION)-$(VERSIONTAG) . ; \
|
||||
echo "Building Trivy adapter container for photon..." ; \
|
||||
$(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) \
|
||||
--build-arg trivy_version=$(TRIVYVERSION) \
|
||||
-f $(DOCKERFILEPATH_TRIVY_ADAPTER)/$(DOCKERFILENAME_TRIVY_ADAPTER) \
|
||||
-t $(DOCKERIMAGENAME_TRIVY_ADAPTER):$(TRIVYADAPTERVERSION)-$(VERSIONTAG) . ; \
|
||||
rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary; \
|
||||
echo "Done." ; \
|
||||
fi
|
||||
|
7
make/photon/trivy-adapter/Dockerfile.binary
Normal file
7
make/photon/trivy-adapter/Dockerfile.binary
Normal file
@ -0,0 +1,7 @@
|
||||
FROM golang:1.13.4
|
||||
|
||||
ADD . /go/src/github.com/aquasecurity/harbor-scanner-trivy/
|
||||
WORKDIR /go/src/github.com/aquasecurity/harbor-scanner-trivy/
|
||||
|
||||
RUN export GOOS=linux GO111MODULE=on CGO_ENABLED=0 && \
|
||||
go build -o scanner-trivy cmd/scanner-trivy/main.go
|
35
make/photon/trivy-adapter/builder.sh
Executable file
35
make/photon/trivy-adapter/builder.sh
Executable file
@ -0,0 +1,35 @@
|
||||
#!/bin/bash
|
||||
|
||||
set +e
|
||||
|
||||
if [ -z $1 ]; then
|
||||
error "Please set the 'version' variable"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
VERSION="$1"
|
||||
|
||||
set -e
|
||||
|
||||
cd `dirname $0`
|
||||
cur=$PWD
|
||||
|
||||
# the temp folder to store distribution source code...
|
||||
TEMP=`mktemp -d ${TMPDIR-/tmp}/trivy-adapter.XXXXXX`
|
||||
git clone https://github.com/aquasecurity/harbor-scanner-trivy.git $TEMP
|
||||
cd $TEMP; git checkout $VERSION; cd -
|
||||
|
||||
echo 'build the trivy adapter binary bases on the golang:1.13.4'
|
||||
cp Dockerfile.binary $TEMP
|
||||
docker build -f $TEMP/Dockerfile.binary -t trivy-adapter-golang $TEMP
|
||||
|
||||
echo 'copy the trivy adapter binary to local...'
|
||||
ID=$(docker create trivy-adapter-golang)
|
||||
docker cp $ID:/go/src/github.com/aquasecurity/harbor-scanner-trivy/scanner-trivy binary
|
||||
|
||||
docker rm -f $ID
|
||||
docker rmi -f trivy-adapter-golang
|
||||
|
||||
echo "Build trivy adapter binary success, then to build photon image..."
|
||||
cd $cur
|
||||
rm -rf $TEMP
|
Loading…
Reference in New Issue
Block a user