Fixes for current RC images

* Make jobs uploads unique and match security context of peridot
* change image build, fix extraction of build artifacts

iso/empanadas/Containerfile

@@ -1,17 +1,10 @@
-FROM golang:1.18 as skbn
+FROM ghcr.io/neilhanlon/skbn:latest as skbn
-
-ADD images/get_arch /get_arch
-RUN git clone https://github.com/rubroboletus/skbn.git /usr/src/app/skbn.git
-
-WORKDIR /usr/src/app/skbn.git
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=$(/get_arch) go build \
-    -ldflags "-X main.GitTag=$(git describe --tags --always) -X main.GitCommit=$(git rev-parse --short HEAD)" \
-    -o skbn cmd/skbn.go
 
 FROM quay.io/centos/centos:stream9
 
+ADD images/get_arch /get_arch
+
 COPY --from=skbn  /usr/src/app/skbn.git/skbn /usr/local/bin/skbn
-COPY --from=skbn  /get_arch /get_arch
 
 ENV TINI_VERSION v0.19.0
 RUN curl -o /tini -L "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-$(/get_arch)"
@@ -69,7 +62,7 @@ RUN chown peridotbuilder:mock /etc/yum.conf && chown -R peridotbuilder:mock /etc
 
 RUN pip install 'git+https://git.rockylinux.org/release-engineering/public/toolkit.git@feature/iso-kube#egg=empanadas&subdirectory=iso/empanadas'
 
-RUN echo "nameserver 1.1.1.1 > /etc/resolv.conf"
+RUN echo "nameserver 1.1.1.1" > /etc/resolv.conf
 
 ENV USER=1002
 USER 1002

iso/empanadas/empanadas/scripts/launch_builds.py

@@ -35,10 +35,11 @@ def run():
             architecture=arch,
             backoffLimit=4,
             command=["build-iso", "--release", "9", "--rc", "--isolation", "simple"],
-            containerName="buildiso",
+            containerName=f"buildiso-{major}-{arch}",
             imageName="ghcr.io/neilhanlon/sig-core-toolkit:latest",
             jobName=f"build-iso-{arch}",
             namespace="empanadas",
+            major=major,
             restartPolicy="Never",
         )
 

iso/empanadas/empanadas/templates/kube/Job.tmpl

@@ -11,9 +11,6 @@ spec:
       - name: {{ containerName }}
         image: {{ imageName }} 
         command: {{ command }}
-        securityContext:
-          runAsUser: 1002
-          privileged: true
         lifecycle:
           preStop:
             exec:
@@ -21,10 +18,18 @@ spec:
                 "skbn",
                 "cp",
                 "--src",
-                "/mnt/compose/9/latest-Rocky-9/",
+                "/var/lib/mock/rocky-{{ major }}-{{ architecture }}/root/builddir/lorax-*`",
                 "--dst",
-                "s3://resf-empanadas/{{ containerName }}/"
+                "s3://resf-empanadas/{{ containerName }}/$(date +%s)/",
+                "--parallel",
+                "2"
               ]
+        securityContext:
+          runAsUser: 0
+          runAsGroup: 0
+          privileged: true
+          runAsNonRoot: false
+          allowPrivilegeEscalation: true
         env:
         - name: AWS_REGION
           value: us-east-2
@@ -38,11 +43,11 @@ spec:
             secretKeyRef:
               name: empanadas-s3
               key: SECRET
-      restartPolicy: {{ restartPolicy }}
       tolerations:
       - effect: NoSchedule
         key: peridot.rockylinux.org/workflow-tolerates-arch
         operator: Equal
         value: {{ architecture }}
+      restartPolicy: {{ restartPolicy }}
   backoffLimit: {{ backoffLimit }}