fix: build arm harbor v2.10.2 (#2893)

* fix: build arm harbor v2.10.2

Signed-off-by: redscholar <blacktiledhouse@gmail.com>

* fix: build arm harbor v2.10.2

Signed-off-by: xuesongzuo@yunify.com <xuesongzuo@yunify.com>

fix: build arm harbor v2.10.2

Signed-off-by: xuesongzuo@yunify.com <xuesongzuo@yunify.com>

fix: build arm harbor v2.10.2

Signed-off-by: xuesongzuo@yunify.com <xuesongzuo@yunify.com>

fix: build arm harbor v2.10.2

Signed-off-by: xuesongzuo@yunify.com <xuesongzuo@yunify.com>

---------

Signed-off-by: redscholar <blacktiledhouse@gmail.com>
Signed-off-by: xuesongzuo@yunify.com <xuesongzuo@yunify.com>
Co-authored-by: xuesongzuo@yunify.com <xuesongzuo@yunify.com>

.github/workflows/gen-repository-iso.yaml

@@ -3,13 +3,13 @@ name: GenRepositoryISO
 on:
   push:
     tags:
-      - 'ISO-*'
+      - 'iso-*'
   workflow_dispatch:
 
 jobs:
-  build:
+  build-iso:
-    if: startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
-    runs-on: ubuntu-20.04
+    if: github.repository == 'kubesphere/kubekey'
     strategy:
       fail-fast: false
       matrix:
@@ -72,4 +72,37 @@ jobs:
           files: |
             ${{ matrix.name }}.iso.sha256sum.txt
             ${{ matrix.name }}-amd64.iso
-            ${{ matrix.name }}-arm64.iso
+            ${{ matrix.name }}-arm64.iso
+
+  build-harbor:
+    runs-on: ubuntu-latest
+    if: github.repository == 'kubesphere/kubekey'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - shell: bash
+        name: build arm harbor
+        run: |
+          rm -rf qsctl_v2.4.3_linux_amd64.tar.gz
+          wget https://attack-on-titan.gd2.qingstor.com/qsctl/v2.4.3/qsctl_v2.4.3_linux_amd64.tar.gz
+          tar -zxvf qsctl_v2.4.3_linux_amd64.tar.gz
+          rm -rf qsctl_v2.4.3_linux_amd64.tar.gz
+          mv qsctl_v2.4.3_linux_amd64 /usr/local/bin/qsctl
+          echo "access_key_id: ${{secrets.KS_QSCTL_ACCESS_KEY_ID}}" > /usr/local/bin/qsctl-config.yaml
+          echo "secret_access_key: ${{ secrets.KS_QSCTL_SECRET_ACCESS_KEY }}" >> /usr/local/bin/qsctl-config.yaml
+          
+          for d in $(ls config/harbor); do
+            if [ -d "config/harbor/$d" ]; then
+              cd "config/harbor/$d" && make build
+              qsctl -c /usr/local/bin/qsctl-config.yaml cp harbor-offline-installer-"$d"-linux-arm64.tgz qs://kubekey/github.com/goharbor/harbor/releases/download/"$d"/harbor-offline-installer-"$d"-linux-arm64.tgz
+            fi
+          done
+
+      - name: Create GitHub Release & Upload Assets
+        uses: ncipollo/release-action@v1
+        with:
+          tag_name: ${{ github.ref_name }}
+          name: ${{ github.ref_name }}
+          artifacts: config/harbor/*/*harbor-offline-installer*-linux-arm64.tgz
+          allowUpdates: true
+          replaceArtifacts: true

config/harbor/v2.10.2/Makefile

@@ -0,0 +1,18 @@
+DOCKER_PLATFORM?=linux/arm64
+DOCKER_BUILD_IMAGES?=false
+IMAGENAMESPACE?=hub.kubesphere.com.cn/harbor
+VERSION?=v2.10.2
+BASEIMAGENAMESPACE?=hub.kubesphere.com.cn/harbor
+BASEIMAGETAG?=v2.10.2
+NPM_REGISTRY?=https://registry.npmmirror.com
+
+
+.PHONY: build
+build:
+	if [ ! -d '_source' ];then \
+  	  mkdir _source; \
+   	  git clone -b $(VERSION) https://github.com/goharbor/harbor.git _source/; \
+   	  cd _source/ && git apply --ignore-space-change ../build_$(VERSION).patch; \
+  	fi
+	cd _source && make package_offline IMAGENAMESPACE=$(IMAGENAMESPACE) VERSIONTAG=$(VERSION) PKGVERSIONTAG=$(VERSION)  BASEIMAGENAMESPACE=$(BASEIMAGENAMESPACE) BASEIMAGETAG=$(BASEIMAGETAG) DOCKER_PLATFORM=$(DOCKER_PLATFORM) DOCKER_BUILD_IMAGES=$(DOCKER_BUILD_IMAGES) TRIVYFLAG=true NPM_REGISTRY=$(NPM_REGISTRY)
+	mv _source/harbor-offline-installer*.tgz . && rm -rf _source/

config/harbor/v2.10.2/build_v2.10.2.patch

@@ -0,0 +1,357 @@
+diff --git a/Makefile b/Makefile
+index 609c4004f..e53d79833 100644
+--- a/Makefile
++++ b/Makefile
+@@ -124,6 +124,8 @@ endef
+ 
+ # docker parameters
+ DOCKERCMD=$(shell which docker)
++DOCKER_PLATFORM=linux/amd64
++DOCKER_BUILD_IMAGES=true
+ DOCKERBUILD=$(DOCKERCMD) build
+ DOCKERRMIMAGE=$(DOCKERCMD) rmi
+ DOCKERPULL=$(DOCKERCMD) pull
+@@ -248,7 +250,7 @@ DOCKERSAVE_PARA=$(DOCKER_IMAGE_NAME_PREPARE):$(VERSIONTAG) \
+ 		$(IMAGENAMESPACE)/nginx-photon:$(VERSIONTAG) \
+ 		$(IMAGENAMESPACE)/registry-photon:$(VERSIONTAG)
+ 
+-PACKAGE_OFFLINE_PARA=-zcvf harbor-offline-installer-$(PKGVERSIONTAG).tgz \
++PACKAGE_OFFLINE_PARA=-zcvf harbor-offline-installer-$(PKGVERSIONTAG)-$(subst /,-,$(DOCKER_PLATFORM)).tgz \
+ 					$(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \
+ 					$(HARBORPKG)/prepare \
+ 					$(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
+@@ -361,7 +363,7 @@ compile: check_environment versions_prepare compile_core compile_jobservice comp
+ 
+ update_prepare_version:
+ 	@echo "substitute the prepare version tag in prepare file..."
+-	@$(SEDCMDI) -e 's/goharbor\/prepare:.*[[:space:]]\+/goharbor\/prepare:$(VERSIONTAG) prepare /' $(MAKEPATH)/prepare ;
++	@$(SEDCMDI) -e 's/goharbor\/prepare:.*[[:space:]]\+/$(subst /,\/,$(IMAGENAMESPACE))\/prepare:$(VERSIONTAG) prepare /' $(MAKEPATH)/prepare ;
+ 
+ gen_tls:
+ 	@$(DOCKERCMD) run --rm -v /:/hostfs:z $(IMAGENAMESPACE)/prepare:$(VERSIONTAG) gencert -p /etc/harbor/tls/internal
+@@ -374,30 +376,15 @@ prepare: update_prepare_version
+ 	@$(MAKEPATH)/$(PREPARECMD) $(PREPARECMD_PARA)
+ 
+ build:
+-# PUSHBASEIMAGE should not be true if BUILD_BASE is not true
+-	@if [ "$(PULL_BASE_FROM_DOCKERHUB)" != "true" ] && [ "$(PULL_BASE_FROM_DOCKERHUB)" != "false" ] ; then \
+-		echo set PULL_BASE_FROM_DOCKERHUB to true or false.; exit 1; \
++	@if [ "$(DOCKER_BUILD_IMAGES)" == "true" ] ; then \
++	        make -f $(MAKEFILEPATH_PHOTON)/Makefile $(BUILDTARGET) -e BUILD_BASE=$(BUILD_BASE) -e GOBUILDIMAGE=$(GOBUILDIMAGE) \
++	         -e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG) \
++	         -e TRIVYFLAG=$(TRIVYFLAG) -e TRIVYVERSION=$(TRIVYVERSION) -e TRIVYADAPTERVERSION=$(TRIVYADAPTERVERSION) \
++	         -e VERSIONTAG=$(VERSIONTAG) \
++	         -e BUILDBIN=$(BUILDBIN) \
++	         -e NPM_REGISTRY=$(NPM_REGISTRY) -e BASEIMAGETAG=$(BASEIMAGETAG) -e IMAGENAMESPACE=$(IMAGENAMESPACE) -e BASEIMAGENAMESPACE=$(BASEIMAGENAMESPACE) \
++	         -e BUILD_BASE=$(BUILD_BASE); \
+ 	fi
+-	@if [ "$(BUILD_BASE)" != "true" ]  && [ "$(PUSHBASEIMAGE)" = "true" ] ; then \
+-		echo Do not push base images since no base images built. ; \
+-		exit 1; \
+-	fi
+-# PULL_BASE_FROM_DOCKERHUB should be true if BUILD_BASE is not true
+-	@if [ "$(BUILD_BASE)" != "true" ]  && [ "$(PULL_BASE_FROM_DOCKERHUB)" = "false" ] ; then \
+-		echo Should pull base images from registry in docker configuration since no base images built. ; \
+-		exit 1; \
+-	fi
+-	make -f $(MAKEFILEPATH_PHOTON)/Makefile $(BUILDTARGET) -e DEVFLAG=$(DEVFLAG) -e GOBUILDIMAGE=$(GOBUILDIMAGE) \
+-	 -e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG) \
+-	 -e TRIVYVERSION=$(TRIVYVERSION) -e TRIVYADAPTERVERSION=$(TRIVYADAPTERVERSION) \
+-	 -e VERSIONTAG=$(VERSIONTAG) \
+-	 -e BUILDBIN=$(BUILDBIN) \
+-	 -e NPM_REGISTRY=$(NPM_REGISTRY) -e BASEIMAGETAG=$(BASEIMAGETAG) -e IMAGENAMESPACE=$(IMAGENAMESPACE) -e BASEIMAGENAMESPACE=$(BASEIMAGENAMESPACE) \
+-	 -e REGISTRYURL=$(REGISTRYURL) \
+-	 -e TRIVY_DOWNLOAD_URL=$(TRIVY_DOWNLOAD_URL) -e TRIVY_ADAPTER_DOWNLOAD_URL=$(TRIVY_ADAPTER_DOWNLOAD_URL) \
+-	 -e PULL_BASE_FROM_DOCKERHUB=$(PULL_BASE_FROM_DOCKERHUB) -e BUILD_BASE=$(BUILD_BASE) \
+-	 -e REGISTRYUSER=$(REGISTRYUSER) -e REGISTRYPASSWORD=$(REGISTRYPASSWORD) \
+-	 -e PUSHBASEIMAGE=$(PUSHBASEIMAGE)
+ 
+ build_standalone_db_migrator: compile_standalone_db_migrator
+ 	make -f $(MAKEFILEPATH_PHOTON)/Makefile _build_standalone_db_migrator -e BASEIMAGETAG=$(BASEIMAGETAG) -e VERSIONTAG=$(VERSIONTAG)
+@@ -438,12 +425,18 @@ package_online: update_prepare_version
+ 	@rm -rf $(HARBORPKG)
+ 	@echo "Done."
+ 
+-package_offline: update_prepare_version compile build
++package_offline: update_prepare_version versions_prepare build
+ 
+ 	@echo "packing offline package ..."
+ 	@cp -r make $(HARBORPKG)
+ 	@cp LICENSE $(HARBORPKG)/LICENSE
+ 
++	@echo "pull images for: $(DOCKER_PLATFORM)"
++	@for image in $(DOCKERSAVE_PARA); \
++	do \
++	  $(DOCKERPULL) --platform=$(DOCKER_PLATFORM) $$image; \
++	done
++
+ 	@echo "saving harbor docker image"
+ 	@$(DOCKERSAVE) $(DOCKERSAVE_PARA) > $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar
+ 	@gzip $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar
+diff --git a/make/photon/Makefile b/make/photon/Makefile
+index c6de67da3..0b6a4b014 100644
+--- a/make/photon/Makefile
++++ b/make/photon/Makefile
+@@ -18,8 +18,8 @@ TIMESTAMP=$(shell date +"%Y%m%d")
+ 
+ # docker parameters
+ DOCKERCMD=$(shell which docker)
+-DOCKERBUILD=$(DOCKERCMD) build --no-cache
+-DOCKERBUILD_WITH_PULL_PARA=$(DOCKERBUILD) --pull=$(PULL_BASE_FROM_DOCKERHUB)
++DOCKERBUILD=$(DOCKERCMD) buildx build --platform linux/amd64,linux/arm64 --push --no-cache
++DOCKERBUILD_WITH_PULL_PARA=$(DOCKERBUILD)
+ DOCKERRMIMAGE=$(DOCKERCMD) rmi
+ DOCKERIMAGES=$(DOCKERCMD) images
+ IMAGENAMESPACE=goharbor
+@@ -128,13 +128,13 @@ _build_portal:
+ _build_core:
+ 	@$(call _build_base,$(CORE),$(DOCKERFILEPATH_CORE))
+ 	@echo "building core container for photon..."
+-	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_CORE)/$(DOCKERFILENAME_CORE) -t $(DOCKERIMAGENAME_CORE):$(VERSIONTAG) .
++	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg build_image=$(GOBUILDIMAGE) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_CORE)/$(DOCKERFILENAME_CORE) -t $(DOCKERIMAGENAME_CORE):$(VERSIONTAG) .
+ 	@echo "Done."
+ 
+ _build_jobservice:
+ 	@$(call _build_base,$(JOBSERVICE),$(DOCKERFILEPATH_JOBSERVICE))
+ 	@echo "building jobservice container for photon..."
+-	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_JOBSERVICE)/$(DOCKERFILENAME_JOBSERVICE) -t $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) .
++	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg build_image=$(GOBUILDIMAGE) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_JOBSERVICE)/$(DOCKERFILENAME_JOBSERVICE) -t $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) .
+ 	@echo "Done."
+ 
+ _build_log:
+@@ -146,19 +146,11 @@ _build_log:
+ _build_trivy_adapter:
+ 	@if [ "$(TRIVYFLAG)" = "true" ] ; then \
+ 		$(call _build_base,$(TRIVY_ADAPTER),$(DOCKERFILEPATH_TRIVY_ADAPTER)) ; \
+-		rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary ; \
+-		echo "Downloading Trivy scanner $(TRIVYVERSION)..." ; \
+-		$(call _extract_archive, $(TRIVY_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \
+-		if [ "$(BUILDBIN)" != "true" ] ; then \
+-			echo "Downloading Trivy adapter $(TRIVYADAPTERVERSION)..." ; \
+-			$(call _extract_archive, $(TRIVY_ADAPTER_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \
+-		else \
+-			echo "Building Trivy adapter $(TRIVYADAPTERVERSION) from sources..." ; \
+-			cd $(DOCKERFILEPATH_TRIVY_ADAPTER) && $(DOCKERFILEPATH_TRIVY_ADAPTER)/builder.sh $(TRIVYADAPTERVERSION) && cd - ; \
+-		fi ; \
+ 		echo "Building Trivy adapter container for photon..." ; \
+ 		$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) \
+ 			--build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) \
++			--build-arg trivy_source_version=$(TRIVYVERSION) \
++			--build-arg trivy_adapter_source_version=$(TRIVYADAPTERVERSION) \
+ 			--build-arg trivy_version=$(TRIVYVERSION) \
+ 			-f $(DOCKERFILEPATH_TRIVY_ADAPTER)/$(DOCKERFILENAME_TRIVY_ADAPTER) \
+ 			-t $(DOCKERIMAGENAME_TRIVY_ADAPTER):$(VERSIONTAG) . ; \
+@@ -177,17 +169,15 @@ _build_registry:
+ 	@if [ "$(BUILDBIN)" != "true" ] ; then \
+ 		rm -rf $(DOCKERFILEPATH_REG)/binary && mkdir -p $(DOCKERFILEPATH_REG)/binary && \
+ 		$(call _get_binary, $(REGISTRYURL), $(DOCKERFILEPATH_REG)/binary/registry); \
+-	else \
+-		cd $(DOCKERFILEPATH_REG) && $(DOCKERFILEPATH_REG)/builder $(REGISTRY_SRC_TAG) && cd - ; \
+ 	fi
+ 	@echo "building registry container for photon..."
+-	@chmod 655 $(DOCKERFILEPATH_REG)/binary/registry && $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REG)/$(DOCKERFILENAME_REG) -t $(DOCKERIMAGENAME_REG):$(VERSIONTAG) .
++	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg registry_version=$(REGISTRY_SRC_TAG) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REG)/$(DOCKERFILENAME_REG) -t $(DOCKERIMAGENAME_REG):$(VERSIONTAG) .
+ 	@echo "Done."
+ 
+ _build_registryctl:
+ 	@$(call _build_base,$(REGISTRYCTL),$(DOCKERFILEPATH_REGISTRYCTL))
+ 	@echo "building registry controller for photon..."
+-	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REGISTRYCTL)/$(DOCKERFILENAME_REGISTRYCTL) -t $(DOCKERIMAGENAME_REGISTRYCTL):$(VERSIONTAG) .
++	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg build_image=$(GOBUILDIMAGE) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REGISTRYCTL)/$(DOCKERFILENAME_REGISTRYCTL) -t $(DOCKERIMAGENAME_REGISTRYCTL):$(VERSIONTAG) .
+ 	@rm -rf $(DOCKERFILEPATH_REG)/binary
+ 	@echo "Done."
+ 
+@@ -205,7 +195,7 @@ _build_standalone_db_migrator:
+ _compile_and_build_exporter:
+ 	@$(call _build_base,$(EXPORTER),$(DOCKERFILEPATH_EXPORTER))
+ 	@echo "compiling and building image for exporter..."
+-	@$(DOCKERCMD) build --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg build_image=$(GOBUILDIMAGE) -f ${DOCKERFILEPATH_EXPORTER}/${DOCKERFILENAME_EXPORTER} -t $(DOCKERIMAGENAME_EXPORTER):$(VERSIONTAG) .
++	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg build_image=$(GOBUILDIMAGE) -f ${DOCKERFILEPATH_EXPORTER}/${DOCKERFILENAME_EXPORTER} -t $(DOCKERIMAGENAME_EXPORTER):$(VERSIONTAG) .
+ 	@echo "Done."
+ 
+ define _extract_archive
+diff --git a/make/photon/core/Dockerfile b/make/photon/core/Dockerfile
+index da561a875..63d1b051d 100644
+--- a/make/photon/core/Dockerfile
++++ b/make/photon/core/Dockerfile
+@@ -1,11 +1,23 @@
+ ARG harbor_base_image_version
+ ARG harbor_base_namespace
++ARG build_image
++
++FROM ${build_image} as base
++
++WORKDIR /build
++
++RUN apt update && apt install git
++
++COPY . .
++
++RUN go build -C src/core -buildvcs=false -tags "include_oss include_gcs" --ldflags "-w -s -X github.com/goharbor/harbor/src/pkg/version.GitCommit=$(git rev-parse --short=8 HEAD) -X github.com/goharbor/harbor/src/pkg/version.ReleaseVersion=$(cat VERSION)"
++
+ FROM ${harbor_base_namespace}/harbor-core-base:${harbor_base_image_version}
+ 
+ HEALTHCHECK CMD curl --fail -s http://localhost:8080/api/v2.0/ping || curl -k --fail -s https://localhost:8443/api/v2.0/ping || exit 1
+ COPY ./make/photon/common/install_cert.sh /harbor/
+ COPY ./make/photon/core/entrypoint.sh /harbor/
+-COPY ./make/photon/core/harbor_core /harbor/
++COPY --from=base /build/src/core/core /harbor/harbor_core
+ COPY ./src/core/views /harbor/views
+ COPY ./make/migrations /harbor/migrations
+ COPY ./icons /harbor/icons
+diff --git a/make/photon/jobservice/Dockerfile b/make/photon/jobservice/Dockerfile
+index accd7519d..b33bd6231 100644
+--- a/make/photon/jobservice/Dockerfile
++++ b/make/photon/jobservice/Dockerfile
+@@ -1,10 +1,20 @@
+ ARG harbor_base_image_version
+ ARG harbor_base_namespace
++ARG build_image
++
++FROM ${build_image} as base
++
++WORKDIR /build
++
++COPY . .
++
++RUN go build -C src/jobservice -buildvcs=false -tags "include_oss include_gcs"
++
+ FROM ${harbor_base_namespace}/harbor-jobservice-base:${harbor_base_image_version}
+ 
+ COPY ./make/photon/common/install_cert.sh /harbor/
+ COPY ./make/photon/jobservice/entrypoint.sh /harbor/
+-COPY ./make/photon/jobservice/harbor_jobservice /harbor/
++COPY --from=base /build/src/jobservice/jobservice /harbor/harbor_jobservice
+ 
+ 
+ RUN chown -R harbor:harbor /etc/pki/tls/certs \
+diff --git a/make/photon/redis/Dockerfile.base b/make/photon/redis/Dockerfile.base
+index 331306bd8..24f4949e1 100644
+--- a/make/photon/redis/Dockerfile.base
++++ b/make/photon/redis/Dockerfile.base
+@@ -3,4 +3,7 @@ FROM photon:5.0
+ RUN tdnf install -y shadow >> /dev/null \
+     && groupadd -g 999 redis \
+     && useradd -u 999 -g 999 -c "Redis Database Server" -d /var/lib/redis -s /sbin/nologin -m redis
+-RUN tdnf install -y redis && tdnf clean all
++COPY --from=library/redis:7.2.4 /usr/local/bin/redis-server /usr/bin/redis-server
++COPY --from=library/redis:7.2.4 /usr/local/bin/redis-cli /usr/bin/redis-cli
++# RUN tdnf install -y redis && tdnf clean all
++
+diff --git a/make/photon/registry/Dockerfile b/make/photon/registry/Dockerfile
+index f6565ff38..163c36818 100644
+--- a/make/photon/registry/Dockerfile
++++ b/make/photon/registry/Dockerfile
+@@ -1,10 +1,30 @@
+ ARG harbor_base_image_version
+ ARG harbor_base_namespace
++ARG registry_version
++
++FROM golang:1.21.8 as base
++
++WORKDIR /go/src/github.com/docker/
++
++ENV REGISTRY_VERSION=${registry_version}
++
++RUN git clone -b $REGISTRY_VERSION https://github.com/distribution/distribution.git
++
++copy ./make/photon/registry/redis.patch /go/src/github.com/docker/distribution/redis.patch
++
++RUN cd distribution && git apply redis.patch
++
++
++ENV BUILDTAGS include_oss include_gcs
++ENV GO111MODULE auto
++
++RUN cd distribution && CGO_ENABLED=0 make PREFIX=/go clean binaries
++
+ FROM ${harbor_base_namespace}/harbor-registry-base:${harbor_base_image_version}
+ 
+ COPY ./make/photon/common/install_cert.sh /home/harbor
+ COPY ./make/photon/registry/entrypoint.sh /home/harbor
+-COPY ./make/photon/registry/binary/registry /usr/bin/registry_DO_NOT_USE_GC
++COPY --from=base /go/src/github.com/docker/distribution/bin/registry /usr/bin/registry_DO_NOT_USE_GC
+ 
+ RUN chown -R harbor:harbor /etc/pki/tls/certs \
+     && chown harbor:harbor /home/harbor/entrypoint.sh && chmod u+x /home/harbor/entrypoint.sh \
+diff --git a/make/photon/registryctl/Dockerfile b/make/photon/registryctl/Dockerfile
+index b4733df90..526c0ecc6 100644
+--- a/make/photon/registryctl/Dockerfile
++++ b/make/photon/registryctl/Dockerfile
+@@ -1,11 +1,38 @@
+ ARG harbor_base_image_version
+ ARG harbor_base_namespace
++ARG build_image
++ARG registry_version
++
++FROM golang:1.21.8 as registry_base
++
++WORKDIR /go/src/github.com/docker/
++
++RUN git clone -b v2.8.3 https://github.com/distribution/distribution.git
++
++copy ./make/photon/registry/redis.patch /go/src/github.com/docker/distribution/redis.patch
++
++RUN cd distribution && git apply redis.patch
++
++
++ENV BUILDTAGS include_oss include_gcs
++ENV GO111MODULE auto
++
++RUN cd distribution && CGO_ENABLED=0 make PREFIX=/go clean binaries
++
++FROM ${build_image} as base
++
++WORKDIR /build
++
++COPY . .
++
++RUN go build -C src/registryctl -buildvcs=false -tags "include_oss include_gcs"
++
+ FROM ${harbor_base_namespace}/harbor-registryctl-base:${harbor_base_image_version}
+ 
+ COPY ./make/photon/common/install_cert.sh /home/harbor
+-COPY ./make/photon/registry/binary/registry /usr/bin/registry_DO_NOT_USE_GC
++COPY --from=registry_base /go/src/github.com/docker/distribution/bin/registry /usr/bin/registry_DO_NOT_USE_GC
+ COPY ./make/photon/registryctl/start.sh /home/harbor
+-COPY ./make/photon/registryctl/harbor_registryctl /home/harbor
++COPY --from=base /build/src/registryctl/registryctl /home/harbor/harbor_registryctl
+ 
+ RUN chown -R harbor:harbor /etc/pki/tls/certs \
+     && chown harbor:harbor /home/harbor/harbor_registryctl && chmod u+x /home/harbor/harbor_registryctl \
+diff --git a/make/photon/trivy-adapter/Dockerfile b/make/photon/trivy-adapter/Dockerfile
+index 5379c96aa..8c8c5e93c 100644
+--- a/make/photon/trivy-adapter/Dockerfile
++++ b/make/photon/trivy-adapter/Dockerfile
+@@ -1,13 +1,29 @@
+ ARG harbor_base_image_version
+ ARG harbor_base_namespace
++ARG trivy_source_version
++
++FROM ghcr.io/aquasecurity/trivy:${trivy_source_version} as trivy
++
++FROM golang:1.21.8 as trivy_adapter
++
++ARG trivy_adapter_source_version
++
++WORKDIR /go/src/github.com/aquasecurity/
++
++ENV TRIVY_ADAPTER_VERSION=${trivy_adapter_source_version}
++
++RUN git clone -b $TRIVY_ADAPTER_VERSION https://github.com/aquasecurity/harbor-scanner-trivy.git
++
++RUN cd harbor-scanner-trivy && GOOS=linux GO111MODULE=on CGO_ENABLED=0 go build -o scanner-trivy cmd/scanner-trivy/main.go
++
+ FROM ${harbor_base_namespace}/harbor-trivy-adapter-base:${harbor_base_image_version}
+ 
+ ARG trivy_version
+ 
+ COPY ./make/photon/common/install_cert.sh /home/scanner
+ COPY ./make/photon/trivy-adapter/entrypoint.sh /home/scanner
+-COPY ./make/photon/trivy-adapter/binary/trivy /usr/local/bin/trivy
+-COPY ./make/photon/trivy-adapter/binary/scanner-trivy /home/scanner/bin/scanner-trivy
++COPY --from=trivy /usr/local/bin/trivy /usr/local/bin/trivy
++COPY --from=trivy_adapter /go/src/github.com/aquasecurity/harbor-scanner-trivy/scanner-trivy /home/scanner/bin/scanner-trivy
+ 
+ 
+ RUN chown -R scanner:scanner /etc/pki/tls/certs \