mirror of https://github.com/goharbor/harbor.git
Clean up clair and clair-adapter in build scripts
1. Makefles 2. Dockerfiles 3. Installation script 4. harbor.yml template Signed-off-by: DQ <dengq@vmware.com>
This commit is contained in:
DQ
parent
dae17a890d
commit
8a584aff89
28
Makefile
28
Makefile
|
|
@ -76,7 +76,6 @@ REGISTRYSERVER=
|
|||
REGISTRYPROJECTNAME=goharbor
|
||||
DEVFLAG=true
|
||||
NOTARYFLAG=false
|
||||
CLAIRFLAG=false
|
||||
TRIVYFLAG=false
|
||||
HTTPPROXY=
|
||||
BUILDBIN=false
|
||||
|
|
@ -101,9 +100,7 @@ PREPARE_VERSION_NAME=versions
|
|||
#versions
|
||||
REGISTRYVERSION=v2.7.1-patch-2819-2553-redis
|
||||
NOTARYVERSION=v0.6.1
|
||||
CLAIRVERSION=v2.1.6
|
||||
NOTARYMIGRATEVERSION=v3.5.4
|
||||
CLAIRADAPTERVERSION=v1.1.1
|
||||
TRIVYVERSION=v0.9.2
|
||||
TRIVYADAPTERVERSION=v0.14.1
|
||||
|
||||
|
|
@ -117,11 +114,9 @@ CHARTMUSEUM_SRC_TAG=v0.12.0
|
|||
REGISTRY_SRC_TAG=v2.7.1
|
||||
|
||||
# dependency binaries
|
||||
CLAIRURL=https://storage.googleapis.com/harbor-builds/bin/clair/release2.0-${CLAIRVERSION}/clair
|
||||
CHARTURL=https://storage.googleapis.com/harbor-builds/bin/chartmuseum/release-${CHARTMUSEUMVERSION}/chartm
|
||||
NORARYURL=https://storage.googleapis.com/harbor-builds/bin/notary/release-${NOTARYVERSION}/binary-bundle.tgz
|
||||
REGISTRYURL=https://storage.googleapis.com/harbor-builds/bin/registry/release-${REGISTRYVERSION}/registry
|
||||
CLAIR_ADAPTER_DOWNLOAD_URL=https://github.com/goharbor/harbor-scanner-clair/releases/download/$(CLAIRADAPTERVERSION)/harbor-scanner-clair_$(CLAIRADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz
|
||||
TRIVY_DOWNLOAD_URL=https://github.com/aquasecurity/trivy/releases/download/$(TRIVYVERSION)/trivy_$(TRIVYVERSION:v%=%)_Linux-64bit.tar.gz
|
||||
TRIVY_ADAPTER_DOWNLOAD_URL=https://github.com/aquasecurity/harbor-scanner-trivy/releases/download/$(TRIVYADAPTERVERSION)/harbor-scanner-trivy_$(TRIVYADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz
|
||||
|
||||
|
|
@ -129,8 +124,6 @@ define VERSIONS_FOR_PREPARE
|
|||
VERSION_TAG: $(VERSIONTAG)
|
||||
REGISTRY_VERSION: $(REGISTRYVERSION)
|
||||
NOTARY_VERSION: $(NOTARYVERSION)
|
||||
CLAIR_VERSION: $(CLAIRVERSION)
|
||||
CLAIR_ADAPTER_VERSION: $(CLAIRADAPTERVERSION)
|
||||
TRIVY_VERSION: $(TRIVYVERSION)
|
||||
TRIVY_ADAPTER_VERSION: $(TRIVYADAPTERVERSION)
|
||||
CHARTMUSEUM_VERSION: $(CHARTMUSEUMVERSION)
|
||||
|
|
@ -210,9 +203,6 @@ PREPARECMD_PARA=--conf $(INSIDE_CONFIGPATH)/$(CONFIGFILE)
|
|||
ifeq ($(NOTARYFLAG), true)
|
||||
PREPARECMD_PARA+= --with-notary
|
||||
endif
|
||||
ifeq ($(CLAIRFLAG), true)
|
||||
PREPARECMD_PARA+= --with-clair
|
||||
endif
|
||||
ifeq ($(TRIVYFLAG), true)
|
||||
PREPARECMD_PARA+= --with-trivy
|
||||
endif
|
||||
|
|
@ -239,14 +229,7 @@ DOCKERIMAGENAME_REGCTL=goharbor/harbor-registryctl
|
|||
|
||||
# docker-compose files
|
||||
DOCKERCOMPOSEFILEPATH=$(MAKEPATH)
|
||||
DOCKERCOMPOSETPLFILENAME=docker-compose.tpl
|
||||
DOCKERCOMPOSEFILENAME=docker-compose.yml
|
||||
DOCKERCOMPOSENOTARYTPLFILENAME=docker-compose.notary.tpl
|
||||
DOCKERCOMPOSENOTARYFILENAME=docker-compose.notary.yml
|
||||
DOCKERCOMPOSECLAIRTPLFILENAME=docker-compose.clair.tpl
|
||||
DOCKERCOMPOSECLAIRFILENAME=docker-compose.clair.yml
|
||||
DOCKERCOMPOSECHARTMUSEUMTPLFILENAME=docker-compose.chartmuseum.tpl
|
||||
DOCKERCOMPOSECHARTMUSEUMFILENAME=docker-compose.chartmuseum.yml
|
||||
|
||||
SEDCMD=$(shell which sed)
|
||||
SEDCMDI=$(SEDCMD) -i
|
||||
|
|
@ -297,9 +280,6 @@ DOCKERCOMPOSE_FILE_OPT=-f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME)
|
|||
ifeq ($(NOTARYFLAG), true)
|
||||
DOCKERSAVE_PARA+= goharbor/notary-server-photon:$(VERSIONTAG) goharbor/notary-signer-photon:$(VERSIONTAG)
|
||||
endif
|
||||
ifeq ($(CLAIRFLAG), true)
|
||||
DOCKERSAVE_PARA+= goharbor/clair-photon:$(VERSIONTAG) goharbor/clair-adapter-photon:$(VERSIONTAG)
|
||||
endif
|
||||
ifeq ($(TRIVYFLAG), true)
|
||||
DOCKERSAVE_PARA+= goharbor/trivy-adapter-photon:$(VERSIONTAG)
|
||||
endif
|
||||
|
|
@ -409,18 +389,18 @@ build:
|
|||
-e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG) \
|
||||
-e NOTARYVERSION=$(NOTARYVERSION) -e NOTARYMIGRATEVERSION=$(NOTARYMIGRATEVERSION) \
|
||||
-e TRIVYVERSION=$(TRIVYVERSION) -e TRIVYADAPTERVERSION=$(TRIVYADAPTERVERSION) \
|
||||
-e CLAIRVERSION=$(CLAIRVERSION) -e CLAIRADAPTERVERSION=$(CLAIRADAPTERVERSION) -e VERSIONTAG=$(VERSIONTAG) \
|
||||
-e VERSIONTAG=$(VERSIONTAG) \
|
||||
-e BUILDBIN=$(BUILDBIN) \
|
||||
-e CHARTMUSEUMVERSION=$(CHARTMUSEUMVERSION) -e CHARTMUSEUM_SRC_TAG=$(CHARTMUSEUM_SRC_TAG) -e DOCKERIMAGENAME_CHART_SERVER=$(DOCKERIMAGENAME_CHART_SERVER) \
|
||||
-e NPM_REGISTRY=$(NPM_REGISTRY) -e BASEIMAGETAG=$(BASEIMAGETAG) -e BASEIMAGENAMESPACE=$(BASEIMAGENAMESPACE) \
|
||||
-e CLAIRURL=$(CLAIRURL) -e CHARTURL=$(CHARTURL) -e NORARYURL=$(NORARYURL) -e REGISTRYURL=$(REGISTRYURL) -e CLAIR_ADAPTER_DOWNLOAD_URL=$(CLAIR_ADAPTER_DOWNLOAD_URL) \
|
||||
-e CHARTURL=$(CHARTURL) -e NORARYURL=$(NORARYURL) -e REGISTRYURL=$(REGISTRYURL) \
|
||||
-e TRIVY_DOWNLOAD_URL=$(TRIVY_DOWNLOAD_URL) -e TRIVY_ADAPTER_DOWNLOAD_URL=$(TRIVY_ADAPTER_DOWNLOAD_URL)
|
||||
|
||||
build_standalone_db_migrator: compile_standalone_db_migrator
|
||||
make -f $(MAKEFILEPATH_PHOTON)/Makefile _build_standalone_db_migrator -e BASEIMAGETAG=$(BASEIMAGETAG) -e VERSIONTAG=$(VERSIONTAG)
|
||||
|
||||
build_base_docker:
|
||||
@for name in chartserver clair clair-adapter trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \
|
||||
@for name in chartserver trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \
|
||||
echo $$name ; \
|
||||
$(DOCKERBUILD) --pull --no-cache -f $(MAKEFILEPATH_PHOTON)/$$name/Dockerfile.base -t $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) --label base-build-date=$(date +"%Y%m%d") . && \
|
||||
if [ -n "$(PUSHBASEIMAGE)" ] ; then \
|
||||
|
|
@ -429,7 +409,7 @@ build_base_docker:
|
|||
done
|
||||
|
||||
pull_base_docker:
|
||||
@for name in chartserver clair clair-adapter trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \
|
||||
@for name in chartserver trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \
|
||||
echo $$name ; \
|
||||
$(DOCKERPULL) $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) ; \
|
||||
done
|
||||
|
|
|
|||
|
|
@ -61,11 +61,6 @@ data_volume: /data
|
|||
# redirect:
|
||||
# disabled: false
|
||||
|
||||
# Clair configuration
|
||||
clair:
|
||||
# The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
|
||||
updaters_interval: 12
|
||||
|
||||
# Trivy configuration
|
||||
#
|
||||
# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
|
||||
|
|
@ -147,13 +142,6 @@ _version: 2.0.0
|
|||
# ssl_mode: disable
|
||||
# max_idle_conns: 2
|
||||
# max_open_conns: 0
|
||||
# clair:
|
||||
# host: clair_db_host
|
||||
# port: clair_db_port
|
||||
# db_name: clair_db_name
|
||||
# username: clair_db_username
|
||||
# password: clair_db_password
|
||||
# ssl_mode: disable
|
||||
# notary_signer:
|
||||
# host: notary_signer_db_host
|
||||
# port: notary_signer_db_port
|
||||
|
|
@ -206,7 +194,6 @@ proxy:
|
|||
components:
|
||||
- core
|
||||
- jobservice
|
||||
- clair
|
||||
- trivy
|
||||
|
||||
# metric:
|
||||
|
|
|
|||
|
|
@ -9,15 +9,12 @@ set +o noglob
|
|||
|
||||
usage=$'Please set hostname and other necessary attributes in harbor.yml first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
|
||||
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.yml bacause notary must run under https.
|
||||
Please set --with-clair if needs enable Clair in Harbor
|
||||
Please set --with-trivy if needs enable Trivy in Harbor
|
||||
Please set --with-chartmuseum if needs enable Chartmuseum in Harbor'
|
||||
item=0
|
||||
|
||||
# notary is not enabled by default
|
||||
with_notary=$false
|
||||
# clair is not enabled by default
|
||||
with_clair=$false
|
||||
# trivy is not enabled by default
|
||||
with_trivy=$false
|
||||
# chartmuseum is not enabled by default
|
||||
|
|
@ -30,8 +27,6 @@ while [ $# -gt 0 ]; do
|
|||
exit 0;;
|
||||
--with-notary)
|
||||
with_notary=true;;
|
||||
--with-clair)
|
||||
with_clair=true;;
|
||||
--with-trivy)
|
||||
with_trivy=true;;
|
||||
--with-chartmuseum)
|
||||
|
|
@ -71,10 +66,6 @@ if [ $with_notary ]
|
|||
then
|
||||
prepare_para="${prepare_para} --with-notary"
|
||||
fi
|
||||
if [ $with_clair ]
|
||||
then
|
||||
prepare_para="${prepare_para} --with-clair"
|
||||
fi
|
||||
if [ $with_trivy ]
|
||||
then
|
||||
prepare_para="${prepare_para} --with-trivy"
|
||||
|
|
|
|||
|
|
@ -59,14 +59,6 @@ DOCKERFILEPATH_POSTGRESQL=$(DOCKERFILEPATH)/postgresql
|
|||
DOCKERFILENAME_POSTGRESQL=Dockerfile
|
||||
DOCKERIMAGENAME_POSTGRESQL=goharbor/postgresql-photon
|
||||
|
||||
DOCKERFILEPATH_CLAIR=$(DOCKERFILEPATH)/clair
|
||||
DOCKERFILENAME_CLAIR=Dockerfile
|
||||
DOCKERIMAGENAME_CLAIR=goharbor/clair-photon
|
||||
|
||||
DOCKERFILEPATH_CLAIR_ADAPTER=$(DOCKERFILEPATH)/clair-adapter
|
||||
DOCKERFILENAME_CLAIR_ADAPTER=Dockerfile
|
||||
DOCKERIMAGENAME_CLAIR_ADAPTER=goharbor/clair-adapter-photon
|
||||
|
||||
DOCKERFILEPATH_TRIVY_ADAPTER=$(DOCKERFILEPATH)/trivy-adapter
|
||||
DOCKERFILENAME_TRIVY_ADAPTER=Dockerfile
|
||||
DOCKERIMAGENAME_TRIVY_ADAPTER=goharbor/trivy-adapter-photon
|
||||
|
|
@ -137,38 +129,6 @@ _build_log:
|
|||
$(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_LOG)/$(DOCKERFILENAME_LOG) -t $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) .
|
||||
@echo "Done."
|
||||
|
||||
_build_clair:
|
||||
@if [ "$(CLAIRFLAG)" = "true" ] ; then \
|
||||
if [ "$(BUILDBIN)" != "true" ] ; then \
|
||||
rm -rf $(DOCKERFILEPATH_CLAIR)/binary && mkdir -p $(DOCKERFILEPATH_CLAIR)/binary && \
|
||||
$(call _get_binary, $(CLAIRURL), $(DOCKERFILEPATH_CLAIR)/binary/clair); \
|
||||
else \
|
||||
cd $(DOCKERFILEPATH_CLAIR) && $(DOCKERFILEPATH_CLAIR)/builder $(CLAIRVERSION) && cd - ; \
|
||||
fi ; \
|
||||
echo "building clair container for photon..." ; \
|
||||
$(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_CLAIR)/$(DOCKERFILENAME_CLAIR) -t $(DOCKERIMAGENAME_CLAIR):$(VERSIONTAG) . ; \
|
||||
rm -rf $(DOCKERFILEPATH_CLAIR)/binary; \
|
||||
echo "Done." ; \
|
||||
fi
|
||||
|
||||
_build_clair_adapter:
|
||||
@if [ "$(CLAIRFLAG)" = "true" ] ; then \
|
||||
if [ "$(BUILDBIN)" != "true" ] ; then \
|
||||
rm -rf $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary && \
|
||||
$(call _extract_archive, $(CLAIR_ADAPTER_DOWNLOAD_URL), $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/) && \
|
||||
mv $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/scanner-clair $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/harbor-scanner-clair; \
|
||||
else \
|
||||
cd $(DOCKERFILEPATH_CLAIR_ADAPTER) && $(DOCKERFILEPATH_CLAIR_ADAPTER)/builder.sh $(CLAIRADAPTERVERSION) && cd - ; \
|
||||
fi ; \
|
||||
echo "Building Clair adapter container for photon..." ; \
|
||||
$(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) \
|
||||
--build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) \
|
||||
-f $(DOCKERFILEPATH_CLAIR_ADAPTER)/$(DOCKERFILENAME_CLAIR_ADAPTER) \
|
||||
-t $(DOCKERIMAGENAME_CLAIR_ADAPTER):$(VERSIONTAG) . ; \
|
||||
rm -rf $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary; \
|
||||
echo "Done." ; \
|
||||
fi
|
||||
|
||||
_build_trivy_adapter:
|
||||
@if [ "$(TRIVYFLAG)" = "true" ] ; then \
|
||||
rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary ; \
|
||||
|
|
@ -263,7 +223,7 @@ define _get_binary
|
|||
$(CURL) --connect-timeout 30 -f -k -L $1 -o $2 || exit 1
|
||||
endef
|
||||
|
||||
build: _build_prepare _build_db _build_portal _build_core _build_jobservice _build_log _build_nginx _build_registry _build_registryctl _build_notary _build_clair _build_clair_adapter _build_trivy_adapter _build_redis _build_chart_server
|
||||
build: _build_prepare _build_db _build_portal _build_core _build_jobservice _build_log _build_nginx _build_registry _build_registryctl _build_notary _build_trivy_adapter _build_redis _build_chart_server
|
||||
|
||||
cleanimage:
|
||||
@echo "cleaning image for photon..."
|
||||
|
|
|
|||
|
|
@ -1,18 +0,0 @@
|
|||
ARG harbor_base_image_version
|
||||
ARG harbor_base_namespace
|
||||
FROM ${harbor_base_namespace}/harbor-clair-adapter-base:${harbor_base_image_version}
|
||||
|
||||
COPY ./make/photon/common/install_cert.sh /home/clair-adapter
|
||||
COPY ./make/photon/clair-adapter/entrypoint.sh /home/clair-adapter
|
||||
COPY ./make/photon/clair-adapter/binary/harbor-scanner-clair /clair-adapter/clair-adapter
|
||||
|
||||
RUN chown -R clair-adapter:clair-adapter /etc/pki/tls/certs \
|
||||
&& chown -R clair-adapter:clair-adapter /clair-adapter && chmod u+x /clair-adapter/clair-adapter \
|
||||
&& chown clair-adapter:clair-adapter /home/clair-adapter/entrypoint.sh && chmod u+x /home/clair-adapter/entrypoint.sh \
|
||||
&& chown clair-adapter:clair-adapter /home/clair-adapter/install_cert.sh && chmod u+x /home/clair-adapter/install_cert.sh
|
||||
|
||||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS http://127.0.0.1:8080/probe/healthy || curl -k -sS https://127.0.0.1:8443/probe/healthy || exit 1
|
||||
|
||||
USER clair-adapter
|
||||
|
||||
ENTRYPOINT ["/home/clair-adapter/entrypoint.sh"]
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
FROM photon:2.0
|
||||
|
||||
RUN tdnf install -y shadow >> /dev/null \
|
||||
&& tdnf clean all \
|
||||
&& mkdir /clair-adapter/ \
|
||||
&& groupadd -r -g 10000 clair-adapter \
|
||||
&& useradd --no-log-init -m -r -g 10000 -u 10000 clair-adapter
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
FROM golang:1.14.7
|
||||
|
||||
ARG VERSION
|
||||
ARG COMMIT
|
||||
|
||||
ADD . /go/src/github.com/goharbor/harbor-scanner-clair/
|
||||
WORKDIR /go/src/github.com/goharbor/harbor-scanner-clair/
|
||||
|
||||
RUN export GOFLAGS=-mod=vendor GOOS=linux GO111MODULE=on CGO_ENABLED=0 && \
|
||||
go build -ldflags "-X main.version=$VERSION -X main.commit=$COMMIT -X main.date=`date -u --iso-8601=seconds`" \
|
||||
-o harbor-scanner-clair cmd/harbor-scanner-clair/main.go
|
||||
|
|
@ -1,39 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set +e
|
||||
|
||||
if [ -z $1 ]; then
|
||||
error "Please set the 'version' variable"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
VERSION="$1"
|
||||
|
||||
set -e
|
||||
|
||||
# the temp folder to store binary file...
|
||||
mkdir -p binary
|
||||
rm -rf binary/harbor-scanner-clair || true
|
||||
|
||||
cd $(dirname $0)
|
||||
cur=$PWD
|
||||
|
||||
# The temporary directory to clone Clair adapter source code
|
||||
TEMP=$(mktemp -d ${TMPDIR-/tmp}/clair-adapter.XXXXXX)
|
||||
git clone https://github.com/goharbor/harbor-scanner-clair.git $TEMP
|
||||
cd $TEMP; git checkout $VERSION; export COMMIT=$(git rev-list -1 HEAD); cd -
|
||||
|
||||
echo "Building Clair adapter binary based on golang:1.14.7..."
|
||||
cp Dockerfile.binary $TEMP
|
||||
docker build --build-arg VERSION=${VERSION} --build-arg COMMIT=${COMMIT} -f $TEMP/Dockerfile.binary -t clair-adapter-golang $TEMP
|
||||
|
||||
echo "Copying Clair adapter binary from the container to the local directory..."
|
||||
ID=$(docker create clair-adapter-golang)
|
||||
docker cp $ID:/go/src/github.com/goharbor/harbor-scanner-clair/harbor-scanner-clair binary
|
||||
|
||||
docker rm -f $ID
|
||||
docker rmi -f clair-adapter-golang
|
||||
|
||||
echo "Building Clair adapter binary finished successfully"
|
||||
cd $cur
|
||||
rm -rf $TEMP
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
/home/clair-adapter/install_cert.sh
|
||||
|
||||
/clair-adapter/clair-adapter
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
ARG harbor_base_image_version
|
||||
ARG harbor_base_namespace
|
||||
FROM ${harbor_base_namespace}/harbor-clair-base:${harbor_base_image_version}
|
||||
|
||||
COPY ./make/photon/clair/binary/clair /home/clair/
|
||||
COPY ./make/photon/clair/docker-entrypoint.sh /home/clair/
|
||||
COPY ./make/photon/clair/dumb-init /home/clair/
|
||||
COPY ./make/photon/common/install_cert.sh /home/clair/
|
||||
|
||||
VOLUME /config
|
||||
|
||||
RUN chown -R clair:clair /etc/pki/tls/certs && chown -R clair:clair /home/clair \
|
||||
&& chmod u+x /home/clair/clair \
|
||||
&& chmod u+x /home/clair/docker-entrypoint.sh \
|
||||
&& chmod u+x /home/clair/install_cert.sh \
|
||||
&& chmod +x /home/clair/dumb-init
|
||||
|
||||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:6061/health || exit 1
|
||||
|
||||
WORKDIR /home/clair
|
||||
USER clair
|
||||
ENTRYPOINT ["./docker-entrypoint.sh"]
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
FROM photon:2.0
|
||||
|
||||
RUN tdnf install -y git shadow rpm xz python-xml >>/dev/null\
|
||||
&& tdnf clean all \
|
||||
&& groupadd -r -g 10000 clair \
|
||||
&& useradd --no-log-init -m -g 10000 -u 10000 clair
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
FROM golang:1.14.7
|
||||
|
||||
ADD . /go/src/github.com/quay/clair/
|
||||
WORKDIR /go/src/github.com/quay/clair/
|
||||
|
||||
RUN export CLAIR_VERSION=$(git describe --tag --always --dirty) GO111MODULE=on && \
|
||||
go build -ldflags "-X github.com/quay/clair/pkg/version.Version=$CLAIR_VERSION" ./cmd/clair
|
||||
|
|
@ -1,38 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set +e
|
||||
|
||||
if [ -z $1 ]; then
|
||||
error "Please set the 'version' variable"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
VERSION="$1"
|
||||
|
||||
set -e
|
||||
|
||||
# the temp folder to store binary file...
|
||||
mkdir -p binary
|
||||
rm -rf binary/clair || true
|
||||
|
||||
cd `dirname $0`
|
||||
cur=$PWD
|
||||
|
||||
# the temp folder to store distribution source code...
|
||||
TEMP=`mktemp -d /$TMPDIR/clair.XXXXXX`
|
||||
git clone -b $VERSION --single-branch https://github.com/quay/clair.git $TEMP
|
||||
|
||||
echo 'build the clair binary bases on the golang:1.14.7'
|
||||
cp Dockerfile.binary $TEMP
|
||||
docker build -f $TEMP/Dockerfile.binary -t clair-golang $TEMP
|
||||
|
||||
echo 'copy the clair binary to local...'
|
||||
ID=$(docker create clair-golang)
|
||||
docker cp $ID:/go/src/github.com/quay/clair/clair binary
|
||||
|
||||
docker rm -f $ID
|
||||
docker rmi -f clair-golang
|
||||
|
||||
echo "Build clair binary success, then to build photon image..."
|
||||
cd $cur
|
||||
rm -rf $TEMP
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
/home/clair/install_cert.sh
|
||||
/home/clair/dumb-init -- /home/clair/clair -config /etc/clair/config.yaml $*
|
||||
|
||||
set +e
|
||||
Binary file not shown.
Loading…
Reference in New Issue