Fixes for current RC images
* Make jobs uploads unique and match security context of peridot * change image build, fix extraction of build artifacts
This commit is contained in:
parent
4587287e1e
commit
0603620773
@ -1,17 +1,10 @@
|
|||||||
FROM golang:1.18 as skbn
|
FROM ghcr.io/neilhanlon/skbn:latest as skbn
|
||||||
|
|
||||||
ADD images/get_arch /get_arch
|
|
||||||
RUN git clone https://github.com/rubroboletus/skbn.git /usr/src/app/skbn.git
|
|
||||||
|
|
||||||
WORKDIR /usr/src/app/skbn.git
|
|
||||||
RUN CGO_ENABLED=0 GOOS=linux GOARCH=$(/get_arch) go build \
|
|
||||||
-ldflags "-X main.GitTag=$(git describe --tags --always) -X main.GitCommit=$(git rev-parse --short HEAD)" \
|
|
||||||
-o skbn cmd/skbn.go
|
|
||||||
|
|
||||||
FROM quay.io/centos/centos:stream9
|
FROM quay.io/centos/centos:stream9
|
||||||
|
|
||||||
|
ADD images/get_arch /get_arch
|
||||||
|
|
||||||
COPY --from=skbn /usr/src/app/skbn.git/skbn /usr/local/bin/skbn
|
COPY --from=skbn /usr/src/app/skbn.git/skbn /usr/local/bin/skbn
|
||||||
COPY --from=skbn /get_arch /get_arch
|
|
||||||
|
|
||||||
ENV TINI_VERSION v0.19.0
|
ENV TINI_VERSION v0.19.0
|
||||||
RUN curl -o /tini -L "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-$(/get_arch)"
|
RUN curl -o /tini -L "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-$(/get_arch)"
|
||||||
@ -69,7 +62,7 @@ RUN chown peridotbuilder:mock /etc/yum.conf && chown -R peridotbuilder:mock /etc
|
|||||||
|
|
||||||
RUN pip install 'git+https://git.rockylinux.org/release-engineering/public/toolkit.git@feature/iso-kube#egg=empanadas&subdirectory=iso/empanadas'
|
RUN pip install 'git+https://git.rockylinux.org/release-engineering/public/toolkit.git@feature/iso-kube#egg=empanadas&subdirectory=iso/empanadas'
|
||||||
|
|
||||||
RUN echo "nameserver 1.1.1.1 > /etc/resolv.conf"
|
RUN echo "nameserver 1.1.1.1" > /etc/resolv.conf
|
||||||
|
|
||||||
ENV USER=1002
|
ENV USER=1002
|
||||||
USER 1002
|
USER 1002
|
||||||
|
@ -35,10 +35,11 @@ def run():
|
|||||||
architecture=arch,
|
architecture=arch,
|
||||||
backoffLimit=4,
|
backoffLimit=4,
|
||||||
command=["build-iso", "--release", "9", "--rc", "--isolation", "simple"],
|
command=["build-iso", "--release", "9", "--rc", "--isolation", "simple"],
|
||||||
containerName="buildiso",
|
containerName=f"buildiso-{major}-{arch}",
|
||||||
imageName="ghcr.io/neilhanlon/sig-core-toolkit:latest",
|
imageName="ghcr.io/neilhanlon/sig-core-toolkit:latest",
|
||||||
jobName=f"build-iso-{arch}",
|
jobName=f"build-iso-{arch}",
|
||||||
namespace="empanadas",
|
namespace="empanadas",
|
||||||
|
major=major,
|
||||||
restartPolicy="Never",
|
restartPolicy="Never",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -11,9 +11,6 @@ spec:
|
|||||||
- name: {{ containerName }}
|
- name: {{ containerName }}
|
||||||
image: {{ imageName }}
|
image: {{ imageName }}
|
||||||
command: {{ command }}
|
command: {{ command }}
|
||||||
securityContext:
|
|
||||||
runAsUser: 1002
|
|
||||||
privileged: true
|
|
||||||
lifecycle:
|
lifecycle:
|
||||||
preStop:
|
preStop:
|
||||||
exec:
|
exec:
|
||||||
@ -21,10 +18,18 @@ spec:
|
|||||||
"skbn",
|
"skbn",
|
||||||
"cp",
|
"cp",
|
||||||
"--src",
|
"--src",
|
||||||
"/mnt/compose/9/latest-Rocky-9/",
|
"/var/lib/mock/rocky-{{ major }}-{{ architecture }}/root/builddir/lorax-*`",
|
||||||
"--dst",
|
"--dst",
|
||||||
"s3://resf-empanadas/{{ containerName }}/"
|
"s3://resf-empanadas/{{ containerName }}/$(date +%s)/",
|
||||||
|
"--parallel",
|
||||||
|
"2"
|
||||||
]
|
]
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 0
|
||||||
|
runAsGroup: 0
|
||||||
|
privileged: true
|
||||||
|
runAsNonRoot: false
|
||||||
|
allowPrivilegeEscalation: true
|
||||||
env:
|
env:
|
||||||
- name: AWS_REGION
|
- name: AWS_REGION
|
||||||
value: us-east-2
|
value: us-east-2
|
||||||
@ -38,11 +43,11 @@ spec:
|
|||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: empanadas-s3
|
name: empanadas-s3
|
||||||
key: SECRET
|
key: SECRET
|
||||||
restartPolicy: {{ restartPolicy }}
|
|
||||||
tolerations:
|
tolerations:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
key: peridot.rockylinux.org/workflow-tolerates-arch
|
key: peridot.rockylinux.org/workflow-tolerates-arch
|
||||||
operator: Equal
|
operator: Equal
|
||||||
value: {{ architecture }}
|
value: {{ architecture }}
|
||||||
|
restartPolicy: {{ restartPolicy }}
|
||||||
backoffLimit: {{ backoffLimit }}
|
backoffLimit: {{ backoffLimit }}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user