-
Notifications
You must be signed in to change notification settings - Fork 0
/
process.go
144 lines (120 loc) · 3.89 KB
/
process.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
/*
Copyright 2023 EscherCloud.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package build
import (
"io"
"log"
"os"
"path/filepath"
"strings"
gitRepo "github.com/eschercloudai/baski/pkg/git"
systemUtils "github.com/eschercloudai/baski/pkg/system"
"github.com/eschercloudai/baski/pkg/util/flags"
"github.com/go-git/go-git/v5/plumbing"
"github.com/google/uuid"
)
// createRepoDirectory create the random directory where the Image repo will be cloned into.
func createRepoDirectory() string {
var tmpDir string
uuidDir, err := uuid.NewRandom()
if err != nil {
tmpDir = "aaaaaaaa-1111-2222-3333-bbbbbbbbbbbb"
} else {
tmpDir = uuidDir.String()
}
dir := filepath.Join("/tmp", tmpDir)
err = os.MkdirAll(dir, 0750)
if err != nil {
panic(err)
}
return dir
}
// fetchBuildRepo simply pulls the contents of the imageRepo to the specified path
func fetchBuildRepo(path string, o *flags.BuildOptions) {
branch := plumbing.ReferenceName("refs/heads/" + o.ImageRepoBranch)
imageRepo := o.ImageRepo
//FIXME: This check is in place until the security branch in this repo go upstream.
// Until it has been added, we must force users over to this repo as it's the only one that has these new additions.
if o.AddTrivy || o.AddFalco {
log.Println("the kubernetes sigs project doesn't currently support falco or trivy. Using https://github.com/eschercloudai/image-builder.git until it's pushed upstream")
imageRepo = "https://github.com/eschercloudai/image-builder.git"
branch = plumbing.ReferenceName("refs/heads/security-updates")
}
_, err := gitRepo.GitClone(imageRepo, path, branch)
if err != nil {
log.Fatalf("Error cloning repo: %s", err)
}
}
// installDependencies will run make dep-openstack so that any requirements such as packer, ansible
// and goss will be installed.
func installDependencies(repoPath string, verbose bool) {
log.Printf("fetching dependencies\n")
w, err := os.Create("/tmp/out-deps.txt")
if err != nil {
log.Fatalln(err)
}
defer w.Close()
var wr io.Writer
if verbose {
wr = io.MultiWriter(w, os.Stdout)
} else {
wr = w
}
err = systemUtils.RunMake("deps-openstack", repoPath, nil, wr)
if err != nil {
log.Fatalln(err)
}
newPath := filepath.Join(repoPath, ".local/bin")
path := strings.Join([]string{os.Getenv("PATH"), newPath}, ":")
err = os.Setenv("PATH", path)
if err != nil {
log.Fatalln(err)
}
}
// buildImage will run make build-openstack-buildOS which will launch an instance in Openstack,
// add any requirements as defined in the image-builder imageRepo and then create an image from that build.
func buildImage(capiPath string, buildOS string, verbose bool) error {
log.Printf("building image\n")
w, err := os.Create("/tmp/out-build.txt")
if err != nil {
return err
}
defer w.Close()
var wr io.Writer
if verbose {
wr = io.MultiWriter(w, os.Stdout)
} else {
wr = w
}
args := strings.Join([]string{"build-openstack", buildOS}, "-")
env := []string{"PACKER_VAR_FILES=tmp.json"}
env = append(env, os.Environ()...)
err = systemUtils.RunMake(args, capiPath, env, wr)
if err != nil {
log.Fatalln(err)
}
return nil
}
// saveImageIDToFile exports the image ID to a file so that it can be read later by the scan system - this will generally be used by the gitHub action.
func saveImageIDToFile(imgID string) error {
f, err := os.Create("/tmp/imgid.out")
if err != nil {
return err
}
defer f.Close()
_, err = f.Write([]byte(imgID))
if err != nil {
return err
}
return nil
}