mirror of
https://github.com/kubesphere/kubekey.git
synced 2025-12-25 17:12:50 +00:00
b98538fc53
* fix: build arm harbor v2.10.2 Signed-off-by: redscholar <blacktiledhouse@gmail.com> * fix: build arm harbor v2.10.2 Signed-off-by: xuesongzuo@yunify.com <xuesongzuo@yunify.com> fix: build arm harbor v2.10.2 Signed-off-by: xuesongzuo@yunify.com <xuesongzuo@yunify.com> fix: build arm harbor v2.10.2 Signed-off-by: xuesongzuo@yunify.com <xuesongzuo@yunify.com> fix: build arm harbor v2.10.2 Signed-off-by: xuesongzuo@yunify.com <xuesongzuo@yunify.com> --------- Signed-off-by: redscholar <blacktiledhouse@gmail.com> Signed-off-by: xuesongzuo@yunify.com <xuesongzuo@yunify.com> Co-authored-by: xuesongzuo@yunify.com <xuesongzuo@yunify.com>
358 lines
17 KiB
Diff
358 lines
17 KiB
Diff
diff --git a/Makefile b/Makefile
|
|
index 609c4004f..e53d79833 100644
|
|
--- a/Makefile
|
|
+++ b/Makefile
|
|
@@ -124,6 +124,8 @@ endef
|
|
|
|
# docker parameters
|
|
DOCKERCMD=$(shell which docker)
|
|
+DOCKER_PLATFORM=linux/amd64
|
|
+DOCKER_BUILD_IMAGES=true
|
|
DOCKERBUILD=$(DOCKERCMD) build
|
|
DOCKERRMIMAGE=$(DOCKERCMD) rmi
|
|
DOCKERPULL=$(DOCKERCMD) pull
|
|
@@ -248,7 +250,7 @@ DOCKERSAVE_PARA=$(DOCKER_IMAGE_NAME_PREPARE):$(VERSIONTAG) \
|
|
$(IMAGENAMESPACE)/nginx-photon:$(VERSIONTAG) \
|
|
$(IMAGENAMESPACE)/registry-photon:$(VERSIONTAG)
|
|
|
|
-PACKAGE_OFFLINE_PARA=-zcvf harbor-offline-installer-$(PKGVERSIONTAG).tgz \
|
|
+PACKAGE_OFFLINE_PARA=-zcvf harbor-offline-installer-$(PKGVERSIONTAG)-$(subst /,-,$(DOCKER_PLATFORM)).tgz \
|
|
$(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \
|
|
$(HARBORPKG)/prepare \
|
|
$(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
|
|
@@ -361,7 +363,7 @@ compile: check_environment versions_prepare compile_core compile_jobservice comp
|
|
|
|
update_prepare_version:
|
|
@echo "substitute the prepare version tag in prepare file..."
|
|
- @$(SEDCMDI) -e 's/goharbor\/prepare:.*[[:space:]]\+/goharbor\/prepare:$(VERSIONTAG) prepare /' $(MAKEPATH)/prepare ;
|
|
+ @$(SEDCMDI) -e 's/goharbor\/prepare:.*[[:space:]]\+/$(subst /,\/,$(IMAGENAMESPACE))\/prepare:$(VERSIONTAG) prepare /' $(MAKEPATH)/prepare ;
|
|
|
|
gen_tls:
|
|
@$(DOCKERCMD) run --rm -v /:/hostfs:z $(IMAGENAMESPACE)/prepare:$(VERSIONTAG) gencert -p /etc/harbor/tls/internal
|
|
@@ -374,30 +376,15 @@ prepare: update_prepare_version
|
|
@$(MAKEPATH)/$(PREPARECMD) $(PREPARECMD_PARA)
|
|
|
|
build:
|
|
-# PUSHBASEIMAGE should not be true if BUILD_BASE is not true
|
|
- @if [ "$(PULL_BASE_FROM_DOCKERHUB)" != "true" ] && [ "$(PULL_BASE_FROM_DOCKERHUB)" != "false" ] ; then \
|
|
- echo set PULL_BASE_FROM_DOCKERHUB to true or false.; exit 1; \
|
|
+ @if [ "$(DOCKER_BUILD_IMAGES)" == "true" ] ; then \
|
|
+ make -f $(MAKEFILEPATH_PHOTON)/Makefile $(BUILDTARGET) -e BUILD_BASE=$(BUILD_BASE) -e GOBUILDIMAGE=$(GOBUILDIMAGE) \
|
|
+ -e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG) \
|
|
+ -e TRIVYFLAG=$(TRIVYFLAG) -e TRIVYVERSION=$(TRIVYVERSION) -e TRIVYADAPTERVERSION=$(TRIVYADAPTERVERSION) \
|
|
+ -e VERSIONTAG=$(VERSIONTAG) \
|
|
+ -e BUILDBIN=$(BUILDBIN) \
|
|
+ -e NPM_REGISTRY=$(NPM_REGISTRY) -e BASEIMAGETAG=$(BASEIMAGETAG) -e IMAGENAMESPACE=$(IMAGENAMESPACE) -e BASEIMAGENAMESPACE=$(BASEIMAGENAMESPACE) \
|
|
+ -e BUILD_BASE=$(BUILD_BASE); \
|
|
fi
|
|
- @if [ "$(BUILD_BASE)" != "true" ] && [ "$(PUSHBASEIMAGE)" = "true" ] ; then \
|
|
- echo Do not push base images since no base images built. ; \
|
|
- exit 1; \
|
|
- fi
|
|
-# PULL_BASE_FROM_DOCKERHUB should be true if BUILD_BASE is not true
|
|
- @if [ "$(BUILD_BASE)" != "true" ] && [ "$(PULL_BASE_FROM_DOCKERHUB)" = "false" ] ; then \
|
|
- echo Should pull base images from registry in docker configuration since no base images built. ; \
|
|
- exit 1; \
|
|
- fi
|
|
- make -f $(MAKEFILEPATH_PHOTON)/Makefile $(BUILDTARGET) -e DEVFLAG=$(DEVFLAG) -e GOBUILDIMAGE=$(GOBUILDIMAGE) \
|
|
- -e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG) \
|
|
- -e TRIVYVERSION=$(TRIVYVERSION) -e TRIVYADAPTERVERSION=$(TRIVYADAPTERVERSION) \
|
|
- -e VERSIONTAG=$(VERSIONTAG) \
|
|
- -e BUILDBIN=$(BUILDBIN) \
|
|
- -e NPM_REGISTRY=$(NPM_REGISTRY) -e BASEIMAGETAG=$(BASEIMAGETAG) -e IMAGENAMESPACE=$(IMAGENAMESPACE) -e BASEIMAGENAMESPACE=$(BASEIMAGENAMESPACE) \
|
|
- -e REGISTRYURL=$(REGISTRYURL) \
|
|
- -e TRIVY_DOWNLOAD_URL=$(TRIVY_DOWNLOAD_URL) -e TRIVY_ADAPTER_DOWNLOAD_URL=$(TRIVY_ADAPTER_DOWNLOAD_URL) \
|
|
- -e PULL_BASE_FROM_DOCKERHUB=$(PULL_BASE_FROM_DOCKERHUB) -e BUILD_BASE=$(BUILD_BASE) \
|
|
- -e REGISTRYUSER=$(REGISTRYUSER) -e REGISTRYPASSWORD=$(REGISTRYPASSWORD) \
|
|
- -e PUSHBASEIMAGE=$(PUSHBASEIMAGE)
|
|
|
|
build_standalone_db_migrator: compile_standalone_db_migrator
|
|
make -f $(MAKEFILEPATH_PHOTON)/Makefile _build_standalone_db_migrator -e BASEIMAGETAG=$(BASEIMAGETAG) -e VERSIONTAG=$(VERSIONTAG)
|
|
@@ -438,12 +425,18 @@ package_online: update_prepare_version
|
|
@rm -rf $(HARBORPKG)
|
|
@echo "Done."
|
|
|
|
-package_offline: update_prepare_version compile build
|
|
+package_offline: update_prepare_version versions_prepare build
|
|
|
|
@echo "packing offline package ..."
|
|
@cp -r make $(HARBORPKG)
|
|
@cp LICENSE $(HARBORPKG)/LICENSE
|
|
|
|
+ @echo "pull images for: $(DOCKER_PLATFORM)"
|
|
+ @for image in $(DOCKERSAVE_PARA); \
|
|
+ do \
|
|
+ $(DOCKERPULL) --platform=$(DOCKER_PLATFORM) $$image; \
|
|
+ done
|
|
+
|
|
@echo "saving harbor docker image"
|
|
@$(DOCKERSAVE) $(DOCKERSAVE_PARA) > $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar
|
|
@gzip $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar
|
|
diff --git a/make/photon/Makefile b/make/photon/Makefile
|
|
index c6de67da3..0b6a4b014 100644
|
|
--- a/make/photon/Makefile
|
|
+++ b/make/photon/Makefile
|
|
@@ -18,8 +18,8 @@ TIMESTAMP=$(shell date +"%Y%m%d")
|
|
|
|
# docker parameters
|
|
DOCKERCMD=$(shell which docker)
|
|
-DOCKERBUILD=$(DOCKERCMD) build --no-cache
|
|
-DOCKERBUILD_WITH_PULL_PARA=$(DOCKERBUILD) --pull=$(PULL_BASE_FROM_DOCKERHUB)
|
|
+DOCKERBUILD=$(DOCKERCMD) buildx build --platform linux/amd64,linux/arm64 --push --no-cache
|
|
+DOCKERBUILD_WITH_PULL_PARA=$(DOCKERBUILD)
|
|
DOCKERRMIMAGE=$(DOCKERCMD) rmi
|
|
DOCKERIMAGES=$(DOCKERCMD) images
|
|
IMAGENAMESPACE=goharbor
|
|
@@ -128,13 +128,13 @@ _build_portal:
|
|
_build_core:
|
|
@$(call _build_base,$(CORE),$(DOCKERFILEPATH_CORE))
|
|
@echo "building core container for photon..."
|
|
- @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_CORE)/$(DOCKERFILENAME_CORE) -t $(DOCKERIMAGENAME_CORE):$(VERSIONTAG) .
|
|
+ @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg build_image=$(GOBUILDIMAGE) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_CORE)/$(DOCKERFILENAME_CORE) -t $(DOCKERIMAGENAME_CORE):$(VERSIONTAG) .
|
|
@echo "Done."
|
|
|
|
_build_jobservice:
|
|
@$(call _build_base,$(JOBSERVICE),$(DOCKERFILEPATH_JOBSERVICE))
|
|
@echo "building jobservice container for photon..."
|
|
- @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_JOBSERVICE)/$(DOCKERFILENAME_JOBSERVICE) -t $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) .
|
|
+ @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg build_image=$(GOBUILDIMAGE) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_JOBSERVICE)/$(DOCKERFILENAME_JOBSERVICE) -t $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) .
|
|
@echo "Done."
|
|
|
|
_build_log:
|
|
@@ -146,19 +146,11 @@ _build_log:
|
|
_build_trivy_adapter:
|
|
@if [ "$(TRIVYFLAG)" = "true" ] ; then \
|
|
$(call _build_base,$(TRIVY_ADAPTER),$(DOCKERFILEPATH_TRIVY_ADAPTER)) ; \
|
|
- rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary ; \
|
|
- echo "Downloading Trivy scanner $(TRIVYVERSION)..." ; \
|
|
- $(call _extract_archive, $(TRIVY_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \
|
|
- if [ "$(BUILDBIN)" != "true" ] ; then \
|
|
- echo "Downloading Trivy adapter $(TRIVYADAPTERVERSION)..." ; \
|
|
- $(call _extract_archive, $(TRIVY_ADAPTER_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \
|
|
- else \
|
|
- echo "Building Trivy adapter $(TRIVYADAPTERVERSION) from sources..." ; \
|
|
- cd $(DOCKERFILEPATH_TRIVY_ADAPTER) && $(DOCKERFILEPATH_TRIVY_ADAPTER)/builder.sh $(TRIVYADAPTERVERSION) && cd - ; \
|
|
- fi ; \
|
|
echo "Building Trivy adapter container for photon..." ; \
|
|
$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) \
|
|
--build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) \
|
|
+ --build-arg trivy_source_version=$(TRIVYVERSION) \
|
|
+ --build-arg trivy_adapter_source_version=$(TRIVYADAPTERVERSION) \
|
|
--build-arg trivy_version=$(TRIVYVERSION) \
|
|
-f $(DOCKERFILEPATH_TRIVY_ADAPTER)/$(DOCKERFILENAME_TRIVY_ADAPTER) \
|
|
-t $(DOCKERIMAGENAME_TRIVY_ADAPTER):$(VERSIONTAG) . ; \
|
|
@@ -177,17 +169,15 @@ _build_registry:
|
|
@if [ "$(BUILDBIN)" != "true" ] ; then \
|
|
rm -rf $(DOCKERFILEPATH_REG)/binary && mkdir -p $(DOCKERFILEPATH_REG)/binary && \
|
|
$(call _get_binary, $(REGISTRYURL), $(DOCKERFILEPATH_REG)/binary/registry); \
|
|
- else \
|
|
- cd $(DOCKERFILEPATH_REG) && $(DOCKERFILEPATH_REG)/builder $(REGISTRY_SRC_TAG) && cd - ; \
|
|
fi
|
|
@echo "building registry container for photon..."
|
|
- @chmod 655 $(DOCKERFILEPATH_REG)/binary/registry && $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REG)/$(DOCKERFILENAME_REG) -t $(DOCKERIMAGENAME_REG):$(VERSIONTAG) .
|
|
+ @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg registry_version=$(REGISTRY_SRC_TAG) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REG)/$(DOCKERFILENAME_REG) -t $(DOCKERIMAGENAME_REG):$(VERSIONTAG) .
|
|
@echo "Done."
|
|
|
|
_build_registryctl:
|
|
@$(call _build_base,$(REGISTRYCTL),$(DOCKERFILEPATH_REGISTRYCTL))
|
|
@echo "building registry controller for photon..."
|
|
- @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REGISTRYCTL)/$(DOCKERFILENAME_REGISTRYCTL) -t $(DOCKERIMAGENAME_REGISTRYCTL):$(VERSIONTAG) .
|
|
+ @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg build_image=$(GOBUILDIMAGE) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REGISTRYCTL)/$(DOCKERFILENAME_REGISTRYCTL) -t $(DOCKERIMAGENAME_REGISTRYCTL):$(VERSIONTAG) .
|
|
@rm -rf $(DOCKERFILEPATH_REG)/binary
|
|
@echo "Done."
|
|
|
|
@@ -205,7 +195,7 @@ _build_standalone_db_migrator:
|
|
_compile_and_build_exporter:
|
|
@$(call _build_base,$(EXPORTER),$(DOCKERFILEPATH_EXPORTER))
|
|
@echo "compiling and building image for exporter..."
|
|
- @$(DOCKERCMD) build --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg build_image=$(GOBUILDIMAGE) -f ${DOCKERFILEPATH_EXPORTER}/${DOCKERFILENAME_EXPORTER} -t $(DOCKERIMAGENAME_EXPORTER):$(VERSIONTAG) .
|
|
+ @$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg build_image=$(GOBUILDIMAGE) -f ${DOCKERFILEPATH_EXPORTER}/${DOCKERFILENAME_EXPORTER} -t $(DOCKERIMAGENAME_EXPORTER):$(VERSIONTAG) .
|
|
@echo "Done."
|
|
|
|
define _extract_archive
|
|
diff --git a/make/photon/core/Dockerfile b/make/photon/core/Dockerfile
|
|
index da561a875..63d1b051d 100644
|
|
--- a/make/photon/core/Dockerfile
|
|
+++ b/make/photon/core/Dockerfile
|
|
@@ -1,11 +1,23 @@
|
|
ARG harbor_base_image_version
|
|
ARG harbor_base_namespace
|
|
+ARG build_image
|
|
+
|
|
+FROM ${build_image} as base
|
|
+
|
|
+WORKDIR /build
|
|
+
|
|
+RUN apt update && apt install git
|
|
+
|
|
+COPY . .
|
|
+
|
|
+RUN go build -C src/core -buildvcs=false -tags "include_oss include_gcs" --ldflags "-w -s -X github.com/goharbor/harbor/src/pkg/version.GitCommit=$(git rev-parse --short=8 HEAD) -X github.com/goharbor/harbor/src/pkg/version.ReleaseVersion=$(cat VERSION)"
|
|
+
|
|
FROM ${harbor_base_namespace}/harbor-core-base:${harbor_base_image_version}
|
|
|
|
HEALTHCHECK CMD curl --fail -s http://localhost:8080/api/v2.0/ping || curl -k --fail -s https://localhost:8443/api/v2.0/ping || exit 1
|
|
COPY ./make/photon/common/install_cert.sh /harbor/
|
|
COPY ./make/photon/core/entrypoint.sh /harbor/
|
|
-COPY ./make/photon/core/harbor_core /harbor/
|
|
+COPY --from=base /build/src/core/core /harbor/harbor_core
|
|
COPY ./src/core/views /harbor/views
|
|
COPY ./make/migrations /harbor/migrations
|
|
COPY ./icons /harbor/icons
|
|
diff --git a/make/photon/jobservice/Dockerfile b/make/photon/jobservice/Dockerfile
|
|
index accd7519d..b33bd6231 100644
|
|
--- a/make/photon/jobservice/Dockerfile
|
|
+++ b/make/photon/jobservice/Dockerfile
|
|
@@ -1,10 +1,20 @@
|
|
ARG harbor_base_image_version
|
|
ARG harbor_base_namespace
|
|
+ARG build_image
|
|
+
|
|
+FROM ${build_image} as base
|
|
+
|
|
+WORKDIR /build
|
|
+
|
|
+COPY . .
|
|
+
|
|
+RUN go build -C src/jobservice -buildvcs=false -tags "include_oss include_gcs"
|
|
+
|
|
FROM ${harbor_base_namespace}/harbor-jobservice-base:${harbor_base_image_version}
|
|
|
|
COPY ./make/photon/common/install_cert.sh /harbor/
|
|
COPY ./make/photon/jobservice/entrypoint.sh /harbor/
|
|
-COPY ./make/photon/jobservice/harbor_jobservice /harbor/
|
|
+COPY --from=base /build/src/jobservice/jobservice /harbor/harbor_jobservice
|
|
|
|
|
|
RUN chown -R harbor:harbor /etc/pki/tls/certs \
|
|
diff --git a/make/photon/redis/Dockerfile.base b/make/photon/redis/Dockerfile.base
|
|
index 331306bd8..24f4949e1 100644
|
|
--- a/make/photon/redis/Dockerfile.base
|
|
+++ b/make/photon/redis/Dockerfile.base
|
|
@@ -3,4 +3,7 @@ FROM photon:5.0
|
|
RUN tdnf install -y shadow >> /dev/null \
|
|
&& groupadd -g 999 redis \
|
|
&& useradd -u 999 -g 999 -c "Redis Database Server" -d /var/lib/redis -s /sbin/nologin -m redis
|
|
-RUN tdnf install -y redis && tdnf clean all
|
|
+COPY --from=library/redis:7.2.4 /usr/local/bin/redis-server /usr/bin/redis-server
|
|
+COPY --from=library/redis:7.2.4 /usr/local/bin/redis-cli /usr/bin/redis-cli
|
|
+# RUN tdnf install -y redis && tdnf clean all
|
|
+
|
|
diff --git a/make/photon/registry/Dockerfile b/make/photon/registry/Dockerfile
|
|
index f6565ff38..163c36818 100644
|
|
--- a/make/photon/registry/Dockerfile
|
|
+++ b/make/photon/registry/Dockerfile
|
|
@@ -1,10 +1,30 @@
|
|
ARG harbor_base_image_version
|
|
ARG harbor_base_namespace
|
|
+ARG registry_version
|
|
+
|
|
+FROM golang:1.21.8 as base
|
|
+
|
|
+WORKDIR /go/src/github.com/docker/
|
|
+
|
|
+ENV REGISTRY_VERSION=${registry_version}
|
|
+
|
|
+RUN git clone -b $REGISTRY_VERSION https://github.com/distribution/distribution.git
|
|
+
|
|
+copy ./make/photon/registry/redis.patch /go/src/github.com/docker/distribution/redis.patch
|
|
+
|
|
+RUN cd distribution && git apply redis.patch
|
|
+
|
|
+
|
|
+ENV BUILDTAGS include_oss include_gcs
|
|
+ENV GO111MODULE auto
|
|
+
|
|
+RUN cd distribution && CGO_ENABLED=0 make PREFIX=/go clean binaries
|
|
+
|
|
FROM ${harbor_base_namespace}/harbor-registry-base:${harbor_base_image_version}
|
|
|
|
COPY ./make/photon/common/install_cert.sh /home/harbor
|
|
COPY ./make/photon/registry/entrypoint.sh /home/harbor
|
|
-COPY ./make/photon/registry/binary/registry /usr/bin/registry_DO_NOT_USE_GC
|
|
+COPY --from=base /go/src/github.com/docker/distribution/bin/registry /usr/bin/registry_DO_NOT_USE_GC
|
|
|
|
RUN chown -R harbor:harbor /etc/pki/tls/certs \
|
|
&& chown harbor:harbor /home/harbor/entrypoint.sh && chmod u+x /home/harbor/entrypoint.sh \
|
|
diff --git a/make/photon/registryctl/Dockerfile b/make/photon/registryctl/Dockerfile
|
|
index b4733df90..526c0ecc6 100644
|
|
--- a/make/photon/registryctl/Dockerfile
|
|
+++ b/make/photon/registryctl/Dockerfile
|
|
@@ -1,11 +1,38 @@
|
|
ARG harbor_base_image_version
|
|
ARG harbor_base_namespace
|
|
+ARG build_image
|
|
+ARG registry_version
|
|
+
|
|
+FROM golang:1.21.8 as registry_base
|
|
+
|
|
+WORKDIR /go/src/github.com/docker/
|
|
+
|
|
+RUN git clone -b v2.8.3 https://github.com/distribution/distribution.git
|
|
+
|
|
+copy ./make/photon/registry/redis.patch /go/src/github.com/docker/distribution/redis.patch
|
|
+
|
|
+RUN cd distribution && git apply redis.patch
|
|
+
|
|
+
|
|
+ENV BUILDTAGS include_oss include_gcs
|
|
+ENV GO111MODULE auto
|
|
+
|
|
+RUN cd distribution && CGO_ENABLED=0 make PREFIX=/go clean binaries
|
|
+
|
|
+FROM ${build_image} as base
|
|
+
|
|
+WORKDIR /build
|
|
+
|
|
+COPY . .
|
|
+
|
|
+RUN go build -C src/registryctl -buildvcs=false -tags "include_oss include_gcs"
|
|
+
|
|
FROM ${harbor_base_namespace}/harbor-registryctl-base:${harbor_base_image_version}
|
|
|
|
COPY ./make/photon/common/install_cert.sh /home/harbor
|
|
-COPY ./make/photon/registry/binary/registry /usr/bin/registry_DO_NOT_USE_GC
|
|
+COPY --from=registry_base /go/src/github.com/docker/distribution/bin/registry /usr/bin/registry_DO_NOT_USE_GC
|
|
COPY ./make/photon/registryctl/start.sh /home/harbor
|
|
-COPY ./make/photon/registryctl/harbor_registryctl /home/harbor
|
|
+COPY --from=base /build/src/registryctl/registryctl /home/harbor/harbor_registryctl
|
|
|
|
RUN chown -R harbor:harbor /etc/pki/tls/certs \
|
|
&& chown harbor:harbor /home/harbor/harbor_registryctl && chmod u+x /home/harbor/harbor_registryctl \
|
|
diff --git a/make/photon/trivy-adapter/Dockerfile b/make/photon/trivy-adapter/Dockerfile
|
|
index 5379c96aa..8c8c5e93c 100644
|
|
--- a/make/photon/trivy-adapter/Dockerfile
|
|
+++ b/make/photon/trivy-adapter/Dockerfile
|
|
@@ -1,13 +1,29 @@
|
|
ARG harbor_base_image_version
|
|
ARG harbor_base_namespace
|
|
+ARG trivy_source_version
|
|
+
|
|
+FROM ghcr.io/aquasecurity/trivy:${trivy_source_version} as trivy
|
|
+
|
|
+FROM golang:1.21.8 as trivy_adapter
|
|
+
|
|
+ARG trivy_adapter_source_version
|
|
+
|
|
+WORKDIR /go/src/github.com/aquasecurity/
|
|
+
|
|
+ENV TRIVY_ADAPTER_VERSION=${trivy_adapter_source_version}
|
|
+
|
|
+RUN git clone -b $TRIVY_ADAPTER_VERSION https://github.com/aquasecurity/harbor-scanner-trivy.git
|
|
+
|
|
+RUN cd harbor-scanner-trivy && GOOS=linux GO111MODULE=on CGO_ENABLED=0 go build -o scanner-trivy cmd/scanner-trivy/main.go
|
|
+
|
|
FROM ${harbor_base_namespace}/harbor-trivy-adapter-base:${harbor_base_image_version}
|
|
|
|
ARG trivy_version
|
|
|
|
COPY ./make/photon/common/install_cert.sh /home/scanner
|
|
COPY ./make/photon/trivy-adapter/entrypoint.sh /home/scanner
|
|
-COPY ./make/photon/trivy-adapter/binary/trivy /usr/local/bin/trivy
|
|
-COPY ./make/photon/trivy-adapter/binary/scanner-trivy /home/scanner/bin/scanner-trivy
|
|
+COPY --from=trivy /usr/local/bin/trivy /usr/local/bin/trivy
|
|
+COPY --from=trivy_adapter /go/src/github.com/aquasecurity/harbor-scanner-trivy/scanner-trivy /home/scanner/bin/scanner-trivy
|
|
|
|
|
|
RUN chown -R scanner:scanner /etc/pki/tls/certs \
|