mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2025-02-16 17:42:05 +00:00
Multi-arch build (#690)
* multi-arch build and other makefile tidies * docker login in travis
This commit is contained in:
Liz Rice
GitHub
parent
456d9b62e2
commit
d6de4f7c3c
12
.travis.yml
12
.travis.yml
@ -13,16 +13,22 @@ before_install:
|
|||||||
- pip install --user yamllint==1.18.0
|
- pip install --user yamllint==1.18.0
|
||||||
- gem install --no-document fpm
|
- gem install --no-document fpm
|
||||||
- go get -t -v ./...
|
- go get -t -v ./...
|
||||||
|
- echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
|
||||||
|
|
||||||
script:
|
script:
|
||||||
- yamllint -c ./.yamllint.yaml .
|
- yamllint -c ./.yamllint.yaml .
|
||||||
- GO111MODULE=on go test ./...
|
|
||||||
|
# Run unit and integration tests
|
||||||
|
- make tests
|
||||||
|
- make integration-tests
|
||||||
|
|
||||||
|
# Build a local container image to test that the install sub-command works
|
||||||
- IMAGE_NAME=kube-bench make build-docker
|
- IMAGE_NAME=kube-bench make build-docker
|
||||||
- docker run -v `pwd`:/host kube-bench install
|
- docker run -v `pwd`:/host kube-bench install
|
||||||
- test -d cfg
|
- test -d cfg
|
||||||
- test -f kube-bench
|
- test -f kube-bench
|
||||||
- make tests
|
# Build and push the multi-arch Docker image
|
||||||
- make integration-tests
|
- make docker
|
||||||
|
|
||||||
after_success:
|
after_success:
|
||||||
- bash <(curl -s https://codecov.io/bash)
|
- bash <(curl -s https://codecov.io/bash)
|
||||||
|
|||||||
@ -5,7 +5,9 @@ COPY main.go .
|
|||||||
COPY check/ check/
|
COPY check/ check/
|
||||||
COPY cmd/ cmd/
|
COPY cmd/ cmd/
|
||||||
ARG KUBEBENCH_VERSION
|
ARG KUBEBENCH_VERSION
|
||||||
RUN GO111MODULE=on CGO_ENABLED=0 go install -a -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=${KUBEBENCH_VERSION} -w"
|
ARG GOOS=linux
|
||||||
|
ARG GOARCH=amd64
|
||||||
|
RUN GO111MODULE=on CGO_ENABLED=0 GOOS=$GOOS GOARCH=$GOARCH go build -a -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=${KUBEBENCH_VERSION} -w" -o /go/bin/kube-bench
|
||||||
|
|
||||||
FROM alpine:3.12 AS run
|
FROM alpine:3.12 AS run
|
||||||
WORKDIR /opt/kube-bench/
|
WORKDIR /opt/kube-bench/
|
||||||
|
|||||||
43
makefile
43
makefile
@ -1,12 +1,14 @@
|
|||||||
SOURCES := $(shell find . -name '*.go')
|
SOURCES := $(shell find . -name '*.go')
|
||||||
BINARY := kube-bench
|
BINARY := kube-bench
|
||||||
DOCKER_REGISTRY ?= aquasec
|
DOCKER_ORG ?= aquasec
|
||||||
VERSION ?= $(shell git rev-parse --short=7 HEAD)
|
VERSION ?= $(shell git rev-parse --short=7 HEAD)
|
||||||
KUBEBENCH_VERSION ?= $(shell git describe --tags --abbrev=0)
|
KUBEBENCH_VERSION ?= $(shell git describe --tags --abbrev=0)
|
||||||
IMAGE_NAME ?= $(DOCKER_REGISTRY)/$(BINARY):$(VERSION)
|
IMAGE_NAME ?= $(DOCKER_ORG)/$(BINARY):$(VERSION)
|
||||||
TARGET_OS ?= linux
|
GOOS ?= linux
|
||||||
BUILD_OS := linux
|
BUILD_OS := linux
|
||||||
uname := $(shell uname -s)
|
uname := $(shell uname -s)
|
||||||
|
ARCHS ?= amd64 arm64
|
||||||
|
GOARCH ?= $@
|
||||||
|
|
||||||
ifneq ($(findstring Microsoft,$(shell uname -r)),)
|
ifneq ($(findstring Microsoft,$(shell uname -r)),)
|
||||||
BUILD_OS := windows
|
BUILD_OS := windows
|
||||||
@ -20,21 +22,44 @@ endif
|
|||||||
KIND_PROFILE ?= kube-bench
|
KIND_PROFILE ?= kube-bench
|
||||||
KIND_CONTAINER_NAME=$(KIND_PROFILE)-control-plane
|
KIND_CONTAINER_NAME=$(KIND_PROFILE)-control-plane
|
||||||
|
|
||||||
build: kube-bench
|
# build a multi-arch image and push to Docker hub
|
||||||
|
.PHONY: docker
|
||||||
|
docker: publish manifests
|
||||||
|
|
||||||
|
# build and push an arch-specific image
|
||||||
|
.PHONY: $(ARCHS) manifests publish
|
||||||
|
publish: $(ARCHS)
|
||||||
|
$(ARCHS):
|
||||||
|
@echo "Building Docker image for $@"
|
||||||
|
docker build -t ${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION} \
|
||||||
|
--build-arg GOOS=$(GOOS) --build-arg GOARCH=$(GOARCH) ./
|
||||||
|
@echo "Push $@ Docker image to ${DOCKER_ORG}/${BINARY}"
|
||||||
|
docker push ${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION}
|
||||||
|
docker manifest create --amend "${DOCKER_ORG}/${BINARY}:${VERSION}" "${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION}"
|
||||||
|
docker manifest annotate "${DOCKER_ORG}/${BINARY}:${VERSION}" "${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION}" --os=$(GOOS) --arch=$(GOARCH)
|
||||||
|
|
||||||
|
# push the multi-arch manifest
|
||||||
|
manifests:
|
||||||
|
@echo "Push manifest for ${DOCKER_ORG}/${BINARY}:${VERSION}"
|
||||||
|
docker manifest push "${DOCKER_ORG}/${BINARY}:${VERSION}"
|
||||||
|
|
||||||
|
build: $(BINARY)
|
||||||
|
|
||||||
$(BINARY): $(SOURCES)
|
$(BINARY): $(SOURCES)
|
||||||
GOOS=$(TARGET_OS) go build -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=$(KUBEBENCH_VERSION)" -o $(BINARY) .
|
GOOS=$(GOOS) go build -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=$(KUBEBENCH_VERSION)" -o $(BINARY) .
|
||||||
|
|
||||||
# builds the current dev docker version
|
# builds the current dev docker version
|
||||||
build-docker:
|
build-docker:
|
||||||
docker build --build-arg BUILD_DATE=$(shell date -u +"%Y-%m-%dT%H:%M:%SZ") \
|
docker build --build-arg BUILD_DATE=$(shell date -u +"%Y-%m-%dT%H:%M:%SZ") \
|
||||||
--build-arg VCS_REF=$(shell git rev-parse --short HEAD) \
|
--build-arg VCS_REF=$(VERSION) \
|
||||||
--build-arg KUBEBENCH_VERSION=$(KUBEBENCH_VERSION) \
|
--build-arg KUBEBENCH_VERSION=$(KUBEBENCH_VERSION) \
|
||||||
-t $(IMAGE_NAME) .
|
-t $(IMAGE_NAME) .
|
||||||
|
|
||||||
|
# unit tests
|
||||||
tests:
|
tests:
|
||||||
GO111MODULE=on go test -short -race -timeout 30s -coverprofile=coverage.txt -covermode=atomic ./...
|
GO111MODULE=on go test -short -race -timeout 30s -coverprofile=coverage.txt -covermode=atomic ./...
|
||||||
|
|
||||||
|
# integration tests using kind
|
||||||
integration-tests: build-docker
|
integration-tests: build-docker
|
||||||
GO111MODULE=on go test ./integration/... -v -tags integration -timeout 1200s -args -kubebenchImg=$(IMAGE_NAME)
|
GO111MODULE=on go test ./integration/... -v -tags integration -timeout 1200s -args -kubebenchImg=$(IMAGE_NAME)
|
||||||
|
|
||||||
@ -49,13 +74,13 @@ endif
|
|||||||
kind create cluster --name $(KIND_PROFILE) --image kindest/node:v1.15.3 --wait 5m;\
|
kind create cluster --name $(KIND_PROFILE) --image kindest/node:v1.15.3 --wait 5m;\
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# pushses the current dev version to the kind cluster.
|
# pushes the current dev version to the kind cluster.
|
||||||
kind-push:
|
kind-push: build-docker
|
||||||
kind load docker-image $(IMAGE_NAME) --name $(KIND_PROFILE)
|
kind load docker-image $(IMAGE_NAME) --name $(KIND_PROFILE)
|
||||||
|
|
||||||
# runs the current version on kind using a job and follow logs
|
# runs the current version on kind using a job and follow logs
|
||||||
kind-run: KUBECONFIG = "./kubeconfig.kube-bench"
|
kind-run: KUBECONFIG = "./kubeconfig.kube-bench"
|
||||||
kind-run: ensure-stern
|
kind-run: ensure-stern kind-push
|
||||||
sed "s/\$${VERSION}/$(VERSION)/" ./hack/kind.yaml > ./hack/kind.test.yaml
|
sed "s/\$${VERSION}/$(VERSION)/" ./hack/kind.yaml > ./hack/kind.test.yaml
|
||||||
kind get kubeconfig --name="$(KIND_PROFILE)" > $(KUBECONFIG)
|
kind get kubeconfig --name="$(KIND_PROFILE)" > $(KUBECONFIG)
|
||||||
-KUBECONFIG=$(KUBECONFIG) \
|
-KUBECONFIG=$(KUBECONFIG) \
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user