mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-21 23:58:06 +00:00
Multi-arch build (#690)
* multi-arch build and other makefile tidies * docker login in travis
This commit is contained in:
Liz Rice
GitHub
parent
456d9b62e2
commit
d6de4f7c3c
12
.travis.yml
12
.travis.yml
@ -13,16 +13,22 @@ before_install:
|
||||
- pip install --user yamllint==1.18.0
|
||||
- gem install --no-document fpm
|
||||
- go get -t -v ./...
|
||||
- echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
|
||||
|
||||
script:
|
||||
- yamllint -c ./.yamllint.yaml .
|
||||
- GO111MODULE=on go test ./...
|
||||
|
||||
# Run unit and integration tests
|
||||
- make tests
|
||||
- make integration-tests
|
||||
|
||||
# Build a local container image to test that the install sub-command works
|
||||
- IMAGE_NAME=kube-bench make build-docker
|
||||
- docker run -v `pwd`:/host kube-bench install
|
||||
- test -d cfg
|
||||
- test -f kube-bench
|
||||
- make tests
|
||||
- make integration-tests
|
||||
# Build and push the multi-arch Docker image
|
||||
- make docker
|
||||
|
||||
after_success:
|
||||
- bash <(curl -s https://codecov.io/bash)
|
||||
|
||||
@ -5,7 +5,9 @@ COPY main.go .
|
||||
COPY check/ check/
|
||||
COPY cmd/ cmd/
|
||||
ARG KUBEBENCH_VERSION
|
||||
RUN GO111MODULE=on CGO_ENABLED=0 go install -a -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=${KUBEBENCH_VERSION} -w"
|
||||
ARG GOOS=linux
|
||||
ARG GOARCH=amd64
|
||||
RUN GO111MODULE=on CGO_ENABLED=0 GOOS=$GOOS GOARCH=$GOARCH go build -a -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=${KUBEBENCH_VERSION} -w" -o /go/bin/kube-bench
|
||||
|
||||
FROM alpine:3.12 AS run
|
||||
WORKDIR /opt/kube-bench/
|
||||
|
||||
43
makefile
43
makefile
@ -1,12 +1,14 @@
|
||||
SOURCES := $(shell find . -name '*.go')
|
||||
BINARY := kube-bench
|
||||
DOCKER_REGISTRY ?= aquasec
|
||||
DOCKER_ORG ?= aquasec
|
||||
VERSION ?= $(shell git rev-parse --short=7 HEAD)
|
||||
KUBEBENCH_VERSION ?= $(shell git describe --tags --abbrev=0)
|
||||
IMAGE_NAME ?= $(DOCKER_REGISTRY)/$(BINARY):$(VERSION)
|
||||
TARGET_OS ?= linux
|
||||
IMAGE_NAME ?= $(DOCKER_ORG)/$(BINARY):$(VERSION)
|
||||
GOOS ?= linux
|
||||
BUILD_OS := linux
|
||||
uname := $(shell uname -s)
|
||||
ARCHS ?= amd64 arm64
|
||||
GOARCH ?= $@
|
||||
|
||||
ifneq ($(findstring Microsoft,$(shell uname -r)),)
|
||||
BUILD_OS := windows
|
||||
@ -20,21 +22,44 @@ endif
|
||||
KIND_PROFILE ?= kube-bench
|
||||
KIND_CONTAINER_NAME=$(KIND_PROFILE)-control-plane
|
||||
|
||||
build: kube-bench
|
||||
# build a multi-arch image and push to Docker hub
|
||||
.PHONY: docker
|
||||
docker: publish manifests
|
||||
|
||||
# build and push an arch-specific image
|
||||
.PHONY: $(ARCHS) manifests publish
|
||||
publish: $(ARCHS)
|
||||
$(ARCHS):
|
||||
@echo "Building Docker image for $@"
|
||||
docker build -t ${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION} \
|
||||
--build-arg GOOS=$(GOOS) --build-arg GOARCH=$(GOARCH) ./
|
||||
@echo "Push $@ Docker image to ${DOCKER_ORG}/${BINARY}"
|
||||
docker push ${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION}
|
||||
docker manifest create --amend "${DOCKER_ORG}/${BINARY}:${VERSION}" "${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION}"
|
||||
docker manifest annotate "${DOCKER_ORG}/${BINARY}:${VERSION}" "${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION}" --os=$(GOOS) --arch=$(GOARCH)
|
||||
|
||||
# push the multi-arch manifest
|
||||
manifests:
|
||||
@echo "Push manifest for ${DOCKER_ORG}/${BINARY}:${VERSION}"
|
||||
docker manifest push "${DOCKER_ORG}/${BINARY}:${VERSION}"
|
||||
|
||||
build: $(BINARY)
|
||||
|
||||
$(BINARY): $(SOURCES)
|
||||
GOOS=$(TARGET_OS) go build -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=$(KUBEBENCH_VERSION)" -o $(BINARY) .
|
||||
GOOS=$(GOOS) go build -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=$(KUBEBENCH_VERSION)" -o $(BINARY) .
|
||||
|
||||
# builds the current dev docker version
|
||||
build-docker:
|
||||
docker build --build-arg BUILD_DATE=$(shell date -u +"%Y-%m-%dT%H:%M:%SZ") \
|
||||
--build-arg VCS_REF=$(shell git rev-parse --short HEAD) \
|
||||
--build-arg VCS_REF=$(VERSION) \
|
||||
--build-arg KUBEBENCH_VERSION=$(KUBEBENCH_VERSION) \
|
||||
-t $(IMAGE_NAME) .
|
||||
|
||||
# unit tests
|
||||
tests:
|
||||
GO111MODULE=on go test -short -race -timeout 30s -coverprofile=coverage.txt -covermode=atomic ./...
|
||||
|
||||
# integration tests using kind
|
||||
integration-tests: build-docker
|
||||
GO111MODULE=on go test ./integration/... -v -tags integration -timeout 1200s -args -kubebenchImg=$(IMAGE_NAME)
|
||||
|
||||
@ -49,13 +74,13 @@ endif
|
||||
kind create cluster --name $(KIND_PROFILE) --image kindest/node:v1.15.3 --wait 5m;\
|
||||
fi
|
||||
|
||||
# pushses the current dev version to the kind cluster.
|
||||
kind-push:
|
||||
# pushes the current dev version to the kind cluster.
|
||||
kind-push: build-docker
|
||||
kind load docker-image $(IMAGE_NAME) --name $(KIND_PROFILE)
|
||||
|
||||
# runs the current version on kind using a job and follow logs
|
||||
kind-run: KUBECONFIG = "./kubeconfig.kube-bench"
|
||||
kind-run: ensure-stern
|
||||
kind-run: ensure-stern kind-push
|
||||
sed "s/\$${VERSION}/$(VERSION)/" ./hack/kind.yaml > ./hack/kind.test.yaml
|
||||
kind get kubeconfig --name="$(KIND_PROFILE)" > $(KUBECONFIG)
|
||||
-KUBECONFIG=$(KUBECONFIG) \
|
||||
|
||||
Loading…
Reference in New Issue
Block a user