openclarity · fine-ai · Jun 25, 2024 · galbash · Jun 25, 2024 · galbash
@@ -55,7 +55,13 @@ $(DIST_DIR):
 
 .PHONY: help
 help: ## Display this help
-	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-30s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+	@awk 'BEGIN {FS = ":.*##"; printf "
+Usage:
+  make [36m<target>[0m
+"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  [36m%-30s[0m %s
+", $$1, $$2 } /^##@/ { printf "
+[1m%s[0m
+", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
 ##@ Development
 
@@ -279,12 +285,12 @@ docker: docker-apiserver docker-cli docker-orchestrator docker-ui docker-ui-back
 .PHONY: docker-apiserver
 docker-apiserver: ## Build API Server container image
 	$(info Building apiserver docker image ...)
-	$(BAKE_ENV) docker buildx bake $(BAKE_OPTS) vmclarity-apiserver
+	$(BAKE_ENV) docker buildx bake $(BAKE_OPTS) -f dockerfiles/Dockerfile.apiserver vmclarity-apiserver
 
 .PHONY: docker-cli
 docker-cli: ## Build CLI container image
 	$(info Building cli docker image ...)
-	$(BAKE_ENV) docker buildx bake $(BAKE_OPTS) vmclarity-cli
+	$(BAKE_ENV) docker buildx bake $(BAKE_OPTS) -f dockerfiles/Dockerfile.cli vmclarity-cli
 
 # TODO(paralta) Temporary workaround to remove race flag from orchestrator build
 # since build fails in arm64 after #1587
@@ -293,27 +299,27 @@ BAKE_ENV_ORCHESTRATOR = $(subst -race,, $(BAKE_ENV))
 .PHONY: docker-orchestrator
 docker-orchestrator: ## Build Orchestrator container image
 	$(info Building orchestrator docker image ...)
-	$(BAKE_ENV_ORCHESTRATOR) docker buildx bake $(BAKE_OPTS) vmclarity-orchestrator
+	$(BAKE_ENV_ORCHESTRATOR) docker buildx bake $(BAKE_OPTS) -f dockerfiles/Dockerfile.orchestrator vmclarity-orchestrator
 
 .PHONY: docker-ui
 docker-ui: ## Build UI container image
 	$(info Building ui docker image ...)
-	$(BAKE_ENV) docker buildx bake $(BAKE_OPTS) vmclarity-ui
+	$(BAKE_ENV) docker buildx bake $(BAKE_OPTS) -f dockerfiles/Dockerfile.ui vmclarity-ui
 
 .PHONY: docker-ui-backend
 docker-ui-backend: ## Build UI Backend container image
 	$(info Building ui-backend docker image ...)
-	$(BAKE_ENV) docker buildx bake $(BAKE_OPTS) vmclarity-ui-backend
+	$(BAKE_ENV) docker buildx bake $(BAKE_OPTS) -f dockerfiles/Dockerfile.uibackend vmclarity-ui-backend
 
 .PHONY: docker-cr-discovery-server
 docker-cr-discovery-server: ## Build K8S Image Resolver Docker image
 	$(info Building cr-discovery-server docker image ...)
-	$(BAKE_ENV) docker buildx bake $(BAKE_OPTS) vmclarity-cr-discovery-server
+	$(BAKE_ENV) docker buildx bake $(BAKE_OPTS) -f dockerfiles/Dockerfile.cr-discovery-server vmclarity-cr-discovery-server
 
 .PHONY: docker-scanner-plugins
 docker-scanner-plugins: ## Build scanner plugin container images
 	$(info Building scanner plugin docker images ...)
-	$(BAKE_ENV) docker buildx bake $(BAKE_OPTS) vmclarity-scanner-plugins
+	$(BAKE_ENV) docker buildx bake $(BAKE_OPTS) -f dockerfiles/Dockerfile.scanner-plugins vmclarity-scanner-plugins
 
 ##@ Code generation
 
@@ -410,7 +416,7 @@ $(DIST_DIR)/aws-cloudformation-$(VERSION).tar.gz: $(DIST_DIR)/aws-cloudformation
 $(DIST_DIR)/aws-cloudformation-$(VERSION).bundle: $(CFN_FILES) | $(CFN_DIST_DIR)
 	$(info --- Generate Cloudformation bundle)
 	cp -vR $(CFN_DIR)/* $(CFN_DIST_DIR)/
-	sed -i -E 's@(ghcr\.io\/openclarity\/vmclarity\-(apiserver|cli|orchestrator|ui-backend|ui)):latest@\1:$(VERSION)@' $(CFN_DIST_DIR)/VmClarity.cfn
+	sed -i -E 's@(ghcr\.io\/openclarity\/vmclarity\-(apiserver|cli|orchestrator|ui-backend|ui)):latest@:$(VERSION)@' $(CFN_DIST_DIR)/VmClarity.cfn
 	@touch $@
 
 $(CFN_DIST_DIR)/LICENSE: $(ROOT_DIR)/LICENSE | $(CFN_DIST_DIR)
@@ -433,7 +439,7 @@ $(DIST_DIR)/azure-bicep-$(VERSION).tar.gz: $(DIST_DIR)/azure-bicep-$(VERSION).bu
 $(DIST_DIR)/azure-bicep-$(VERSION).bundle: $(BICEP_FILES) bin/bicep | $(BICEP_DIST_DIR)
 	$(info --- Generate Bicep bundle)
 	cp -vR $(BICEP_DIR)/* $(BICEP_DIST_DIR)/
-	sed -i -E 's@(ghcr\.io\/openclarity\/vmclarity\-(apiserver|cli|orchestrator|ui-backend|ui)):latest@\1:$(VERSION)@' \
+	sed -i -E 's@(ghcr\.io\/openclarity\/vmclarity\-(apiserver|cli|orchestrator|ui-backend|ui)):latest@:$(VERSION)@' \
 		$(BICEP_DIST_DIR)/*.bicep $(BICEP_DIST_DIR)/vmclarity-UI.json
 	$(BICEP_BIN) build $(BICEP_DIST_DIR)/vmclarity.bicep
 	@touch $@
@@ -457,7 +463,7 @@ $(DIST_DIR)/docker-compose-$(VERSION).tar.gz: $(DIST_DIR)/docker-compose-$(VERSI
 $(DIST_DIR)/docker-compose-$(VERSION).bundle: $(DOCKER_COMPOSE_FILES) | $(DOCKER_COMPOSE_DIST_DIR)
 	$(info --- Generate Docker Compose bundle)
 	cp -vR $(DOCKER_COMPOSE_DIR)/* $(DOCKER_COMPOSE_DIST_DIR)/
-	sed -i -E 's@(ghcr\.io\/openclarity\/vmclarity\-(apiserver|cli|orchestrator|ui-backend|ui)):latest@\1:$(VERSION)@' \
+	sed -i -E 's@(ghcr\.io\/openclarity\/vmclarity\-(apiserver|cli|orchestrator|ui-backend|ui)):latest@:$(VERSION)@' \
 		$(DOCKER_COMPOSE_DIST_DIR)/*.yml $(DOCKER_COMPOSE_DIST_DIR)/*.yaml $(DOCKER_COMPOSE_DIST_DIR)/*.env
 	@touch $@
 
@@ -481,7 +487,7 @@ $(DIST_DIR)/gcp-deployment-$(VERSION).tar.gz: $(DIST_DIR)/gcp-deployment-$(VERSI
 $(DIST_DIR)/gcp-deployment-$(VERSION).bundle: $(GCP_DM_FILES) | $(GCP_DM_DIST_DIR)
 	$(info --- Generate Google Cloud Deployment bundle)
 	cp -vR $(GCP_DM_DIR)/* $(GCP_DM_DIST_DIR)/
-	sed -i -E 's@(ghcr\.io\/openclarity\/vmclarity\-(apiserver|cli|orchestrator|ui-backend|ui)):latest@\1:$(VERSION)@' \
+	sed -i -E 's@(ghcr\.io\/openclarity\/vmclarity\-(apiserver|cli|orchestrator|ui-backend|ui)):latest@:$(VERSION)@' \
 		$(GCP_DM_DIST_DIR)/vmclarity.py.schema $(GCP_DM_DIST_DIR)/components/vmclarity-server.py.schema
 	@touch $@
 
@@ -565,3 +571,4 @@ renovate-fix-bicep: gen-bicep ## Fix Azure Bicep files after version update
 	$(info --- Fix Azure Bicep files after version update)
 	git add ':$(subst $(ROOT_DIR),,$(BICEP_DIR))' \
 	&& git commit -m "fix: generate bicep template"
+
@@ -0,0 +1,52 @@
+# syntax=docker/dockerfile:1@sha256:e87caa74dcb7d46cd820352bfea12591f3dba3ddc4285e19c7dcd13359f7cefd
+
+# xx is a helper for cross-compilation
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.4.0@sha256:0cd3f05c72d6c9b038eb135f91376ee1169ef3a330d34e418e65e2a5c2e9c0d4 AS xx
+
+FROM --platform=$BUILDPLATFORM golang:1.22.4-bullseye@sha256:067c5c7fe6d79f900c5ebe8351166356d6e3bbfcc6f807030e89b9a929252273 AS builder
+
+COPY --link --from=xx / /
+
+ARG TARGETPLATFORM
+
+RUN --mount=type=cache,id=${TARGETPLATFORM}-apt,target=/var/cache/apt,sharing=locked \
+    apt-get update \
+    && xx-apt-get install -y --no-install-recommends \
+      gcc \
+      libc6-dev
+
+WORKDIR /build/api/server
+
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=bind,source=.,target=/build,ro \
+    xx-go mod download -x
+
+ARG VERSION
+ARG BUILD_TIMESTAMP
+ARG COMMIT_HASH
+ARG BUILD_OPTS
+
+ENV CGO_ENABLED=1
+
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=bind,source=.,target=/build,ro \
+    xx-go build ${BUILD_OPTS} -ldflags="-s -w -extldflags -static \
+     -X 'github.com/openclarity/vmclarity/core/version.Version=${VERSION}' \
+     -X 'github.com/openclarity/vmclarity/core/version.CommitHash=${COMMIT_HASH}' \
+     -X 'github.com/openclarity/vmclarity/core/version.BuildTimestamp=${BUILD_TIMESTAMP}'" \
+    -o /bin/vmclarity-apiserver ./cmd/main.go
+
+RUN xx-verify /bin/vmclarity-apiserver
+
+FROM alpine:3.20@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0
+
+RUN apk add --update --no-cache \
+    ca-certificates \
+    libc6-compat
+
+COPY --from=builder ["/bin/vmclarity-apiserver", "/bin/vmclarity-apiserver"]
+
+ENTRYPOINT ["/bin/vmclarity-apiserver"]
+
@@ -0,0 +1,56 @@
+# syntax=docker/dockerfile:1@sha256:e87caa74dcb7d46cd820352bfea12591f3dba3ddc4285e19c7dcd13359f7cefd
+
+ARG VMCLARITY_TOOLS_BASE=ghcr.io/openclarity/vmclarity-tools-base:v0.6.0@sha256:dc9779be25bdbd3a8725e768764a223b8ba5fd906fc5afc67b417886086806d8
+# xx is a helper for cross-compilation
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.4.0@sha256:0cd3f05c72d6c9b038eb135f91376ee1169ef3a330d34e418e65e2a5c2e9c0d4 AS xx
+
+FROM --platform=$BUILDPLATFORM golang:1.22.4-bullseye@sha256:067c5c7fe6d79f900c5ebe8351166356d6e3bbfcc6f807030e89b9a929252273 AS builder
+
+COPY --link --from=xx / /
+
+ARG TARGETPLATFORM
+
+RUN --mount=type=cache,id=${TARGETPLATFORM}-apt,target=/var/cache/apt,sharing=locked \
+    apt-get update \
+    && xx-apt-get install -y --no-install-recommends \
+      gcc \
+      libc6-dev
+
+WORKDIR /build/cli
+
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=bind,source=.,target=/build,ro \
+    xx-go mod download -x
+
+ARG VERSION
+ARG BUILD_TIMESTAMP
+ARG COMMIT_HASH
+ARG BUILD_OPTS
+
+ENV CGO_ENABLED=1
+
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=bind,source=.,target=/build,ro \
+    xx-go build ${BUILD_OPTS} -ldflags="-s -w -extldflags -static \
+     -X 'github.com/openclarity/vmclarity/core/version.Version=${VERSION}' \
+     -X 'github.com/openclarity/vmclarity/core/version.CommitHash=${COMMIT_HASH}' \
+     -X 'github.com/openclarity/vmclarity/core/version.BuildTimestamp=${BUILD_TIMESTAMP}'" \
+    -o /bin/vmclarity-cli cmd/main.go
+
+FROM ${VMCLARITY_TOOLS_BASE}
+
+RUN apk upgrade --quiet --no-cache
+
+RUN apk add --update --no-cache \
+    util-linux \
+    ca-certificates \
+    libc6-compat
+
+COPY --from=builder /bin/vmclarity-cli /bin/vmclarity-cli
+
+ENTRYPOINT ["/bin/vmclarity-cli"]
+
+CMD ["--help"]
+
@@ -0,0 +1,52 @@
+# syntax=docker/dockerfile:1@sha256:e87caa74dcb7d46cd820352bfea12591f3dba3ddc4285e19c7dcd13359f7cefd
+
+# xx is a helper for cross-compilation
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.4.0@sha256:0cd3f05c72d6c9b038eb135f91376ee1169ef3a330d34e418e65e2a5c2e9c0d4 AS xx
+
+FROM --platform=$BUILDPLATFORM golang:1.22.4-bullseye@sha256:067c5c7fe6d79f900c5ebe8351166356d6e3bbfcc6f807030e89b9a929252273 AS builder
+
+COPY --link --from=xx / /
+
+ARG TARGETPLATFORM
+
+RUN --mount=type=cache,id=${TARGETPLATFORM}-apt,target=/var/cache/apt,sharing=locked \
+    apt-get update \
+    && xx-apt-get install -y --no-install-recommends \
+      gcc \
+      libc6-dev
+
+WORKDIR /build/orchestrator
+
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=bind,source=.,target=/build,ro \
+    xx-go mod download -x
+
+ARG VERSION
+ARG BUILD_TIMESTAMP
+ARG COMMIT_HASH
+ARG BUILD_OPTS
+
+ENV CGO_ENABLED=1
+
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=bind,source=.,target=/build,ro \
+    xx-go build ${BUILD_OPTS} -ldflags="-s -w -extldflags -static \
+     -X 'github.com/openclarity/vmclarity/core/version.Version=${VERSION}' \
+     -X 'github.com/openclarity/vmclarity/core/version.CommitHash=${COMMIT_HASH}' \
+     -X 'github.com/openclarity/vmclarity/core/version.BuildTimestamp=${BUILD_TIMESTAMP}'" \
+    -o /bin/vmclarity-orchestrator ./cmd/main.go
+
+RUN xx-verify /bin/vmclarity-orchestrator
+
+FROM alpine:3.20@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0
+
+COPY --from=builder ["/bin/vmclarity-orchestrator", "/bin/vmclarity-orchestrator"]
+
+RUN apk add --update --no-cache \
+    ca-certificates \
+    libc6-compat
+
+ENTRYPOINT ["/bin/vmclarity-orchestrator"]
+
@@ -0,0 +1,25 @@
+FROM --platform=$BUILDPLATFORM golang:1.22.4-alpine3.19@sha256:c46c4609d3cc74a149347161fc277e11516f523fd8aa6347c9631527da0b7a56 AS builder
+
+ARG TARGETOS TARGETARCH
+
+WORKDIR /build/plugins/sdk-go/example
+
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=bind,source=.,target=/build,ro \
+    go mod download -x
+
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=bind,source=.,target=/build,ro \
+    GOOS=$TARGETOS GOARCH=$TARGETARCH CGO_ENABLED=0 \
+    go build -ldflags="-s -w -extldflags -static" \
+    -o /bin/scanner ./main.go
+
+FROM alpine:3.20@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0
+
+COPY --from=builder /bin/scanner /bin/scanner
+
+USER 65534
+
+ENTRYPOINT ["/bin/scanner"]
+
@@ -0,0 +1,22 @@
+FROM python:3.12-slim
+
+RUN apt-get update && \
+    apt-get install --no-install-recommends -y git
+
+# Set the working directory in the container
+WORKDIR /app
+
+# Copy the current directory contents into the container at /app
+COPY . /app
+
+# Install any needed dependencies specified in requirements.txt
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Make sure all messages always reach console
+ENV PYTHONUNBUFFERED=1
+
+USER 65534
+
+# Run scanner when the container launches
+CMD ["python3", "/app/scanner.py"]
+
@@ -0,0 +1,44 @@
+FROM ubuntu:24.04 AS builder-image
+
+# Avoid stuck build due to user prompt
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update &&  \
+    apt-get install --no-install-recommends -y python3.12 python3.12-dev python3.12-venv python3-pip python3-wheel build-essential && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# Create and activate virtual environment
+# Using final folder name to avoid path issues with packages
+RUN python3.12 -m venv /venv
+ENV PATH="/venv/bin:$PATH"
+
+# Install SDK from folder
+COPY ./plugins/sdk-python /pluginsdk
+RUN pip3 install --no-cache-dir wheel
+RUN pip3 install --no-cache-dir /pluginsdk
+
+
+FROM ubuntu:24.04 AS runner-image
+
+RUN apt-get update &&  \
+    apt-get install --no-install-recommends -y python3.12 python3-venv && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# Copy installed venv packages
+COPY --from=builder-image /venv /venv
+
+# Make sure all messages always reach console
+ENV PYTHONUNBUFFERED=1
+
+# Activate virtual environment
+ENV VIRTUAL_ENV=/venv
+ENV PATH="/venv/bin:$PATH"
+
+# Copy example
+COPY ./plugins/sdk-python/example ./src
+
+USER 65534
+
+# Run example scanner
+CMD ["python3", "/src/scanner.py"]
+
@@ -0,0 +1,20 @@
+# syntax=docker/dockerfile:1@sha256:e87caa74dcb7d46cd820352bfea12591f3dba3ddc4285e19c7dcd13359f7cefd
+
+FROM --platform=$BUILDPLATFORM node:20-slim AS site-build
+
+WORKDIR /src
+
+COPY --link ./ui /src
+
+RUN --mount=type=cache,target=/src/node_modules \
+    npm install
+
+RUN --mount=type=cache,target=/src/node_modules \
+    npm run build
+
+FROM nginx:1.27.0@sha256:9c367186df9a6b18c6735357b8eb7f407347e84aea09beb184961cb83543d46e
+
+COPY --from=site-build ["/src/build", "/usr/share/nginx/html"]
+
+COPY --link ["ui/nginx.conf", "/etc/nginx/conf.d/default.conf"]
+