Make https proxy an optional doozer parameter

openshift-eng · Jun 21, 2022 · 22e1779 · 22e1779
1 parent 62722ba
commit 22e1779
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 6 deletions.
diff --git a/doozerlib/cli/__main__.py b/doozerlib/cli/__main__.py
@@ -350,9 +350,10 @@ def dgr_update(image_meta):
               help='Even if an existing analysis is present for a given hash, re-run')
 @click.option('--ignore-waived', default=False, is_flag=True,
               help='Ignore any previously detected waived results (all=diff)')
+@click.option('--https-proxy', default='', help='HTTPS proxy to be used during image builds')
 @pass_runtime
 def images_covscan(runtime, result_archive, local_repo_rhel_7, local_repo_rhel_8, repo_type,
-                   preserve_builder_images, force_analysis, ignore_waived):
+                   preserve_builder_images, force_analysis, ignore_waived, https_proxy):
     """
     Runs a coverity scan against the specified images.
 
@@ -476,7 +477,8 @@ def delete_images(key, value):
             dg_commit_hash, _ = exectools.cmd_assert('git rev-parse HEAD', strip=True)
             cc = coverity.CoverityContext(image, dg_commit_hash, result_archive, repo_type=repo_type,
                                           local_repo_rhel_7=local_repo_rhel_7, local_repo_rhel_8=local_repo_rhel_8,
-                                          force_analysis=force_analysis, ignore_waived=ignore_waived)
+                                          force_analysis=force_analysis, ignore_waived=ignore_waived,
+                                          https_proxy=https_proxy)
 
             if image.covscan(cc):
                 successes.append(image.distgit_key)

diff --git a/doozerlib/coverity.py b/doozerlib/coverity.py
@@ -21,7 +21,7 @@ class CoverityContext(object):
 
     def __init__(self, image, dg_commit_hash: str, result_archive: str, repo_type: str = 'unsigned',
                  local_repo_rhel_7: List[str] = [], local_repo_rhel_8: List[str] = [], force_analysis: bool = False,
-                 ignore_waived: bool = False):
+                 ignore_waived: bool = False, https_proxy: str = ''):
         self.image = image  # ImageMetadata
         self.dg_commit_hash = dg_commit_hash
         self.result_archive_path = pathlib.Path(result_archive)
@@ -37,6 +37,7 @@ def __init__(self, image, dg_commit_hash: str, result_archive: str, repo_type: s
         self.runtime = image.runtime
         self.force_analysis = force_analysis
         self.ignore_waived = ignore_waived
+        self.https_proxy = https_proxy
 
         # Podman is going to create a significant amount of container image data
         # Make sure there is plenty of space. Override TMPDIR, because podman
@@ -182,6 +183,12 @@ def parent_repo_injection_info(self) -> (str, str):
 
         return make_image_repo_files, vol_mount_arg
 
+    def build_args(self) -> str:
+        """
+        HTTPS proxy can be specified as build argument and passed to podman build command
+        """
+        return f"--build-arg HTTPS_PROXY='{self.https_proxy}'" if self.https_proxy else ''
+
 
 def _covscan_prepare_parent(cc: CoverityContext, parent_image_name, parent_tag) -> bool:
     """
@@ -274,7 +281,9 @@ def _covscan_prepare_parent(cc: CoverityContext, parent_image_name, parent_tag)
 USER 0
 
 # Set https proxy
-ENV https_proxy http://proxy.util.phx1.redhat.com:8080
+ARG HTTPS_PROXY
+RUN if [[ ! -z ${HTTPS_PROXY} ]]; then echo "Using proxy: $HTTPS_PROXY"; fi
+ENV https_proxy ${HTTPS_PROXY}
 
 # Add typical build repos to the image, but don't add to /etc/yum.repos.d
 # until we know whether we are on el7 or el8. As of 4.8, repos are only
@@ -301,7 +310,7 @@ def _covscan_prepare_parent(cc: CoverityContext, parent_image_name, parent_tag)
             df_parent_out.write('ENV PATH=/opt/coverity/bin:${PATH}\n')  # Ensure coverity is in the path
 
         # This will have prepared a parent image we can use during the actual covscan Dockerfile build
-        rc, stdout, stderr = exectools.cmd_gather(f'{cc.podman_cmd} build {mount_args} -t {parent_tag} -f {str(df_parent_path)} {str(dg_path)}', set_env=cc.podman_env)
+        rc, stdout, stderr = exectools.cmd_gather(f'{cc.podman_cmd} build {mount_args} {cc.build_args()} -t {parent_tag} -f {str(df_parent_path)} {str(dg_path)}', set_env=cc.podman_env)
         cc.logger.info(f'''Output from covscan build for {cc.image.distgit_key}
 stdout: {stdout}
 stderr: {stderr}
@@ -502,7 +511,7 @@ def append_analysis(stage_number):
         # Now, run the build (and execute those steps). The output will be to <cov_path>/<stage_number>
         run_tag = f'{cc.image.image_name_short}_{cc.runtime.group_config.name}'
         rc, stdout, stderr = exectools.cmd_gather(
-            f'{cc.podman_cmd} build -v {str(cc.cov_root_path)}:/cov:z -v {str(dg_path)}:/covscan-src:z -t {run_tag} -f {str(covscan_df)} {str(dg_path)}',
+            f'{cc.podman_cmd} build {cc.build_args()} -v {str(cc.cov_root_path)}:/cov:z -v {str(dg_path)}:/covscan-src:z -t {run_tag} -f {str(covscan_df)} {str(dg_path)}',
             set_env=cc.podman_env)
         cc.logger.info(f'''Output from covscan build for {cc.image.distgit_key}
 stdout: {stdout}