Skip to content

Commit

Permalink
Various buildbox/Drone fixes (#3982)
Browse files Browse the repository at this point in the history
  • Loading branch information
@webvictim
webvictim authored Jul 9, 2020
1 parent 45d48aa commit 943e0d0
Show file tree
Hide file tree
Showing 6 changed files with 213 additions and 221 deletions.
160 changes: 61 additions & 99 deletions .drone.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ clone:

steps:
- name: Check out code
image: golang:1.13.2
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
Expand All @@ -44,67 +44,64 @@ steps:
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache

- name: Build buildbox
image: docker
environment:
QUAYIO_DOCKER_USERNAME:
from_secret: QUAYIO_DOCKER_USERNAME
QUAYIO_DOCKER_PASSWORD:
from_secret: QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$QUAYIO_DOCKER_USERNAME" -p="$QUAYIO_DOCKER_PASSWORD" quay.io
- docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets buildbox

- name: Run linter
image: docker:dind
image: docker
environment:
GOPATH: /gopath
GOPATH: /go
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- >-
docker run --rm=true
-e GOCACHE=$GOPATH/cache
-v /go/cache:$GOPATH/cache
-v /go/src/github.com/gravitational/teleport:$GOPATH/src/github.com/gravitational/teleport
-w $GOPATH/src/github.com/gravitational/teleport
-h testbox
-u $UID:$GID
-t quay.io/gravitational/teleport-buildbox:$RUNTIME
/bin/bash -c "make lint"
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets lint

- name: Run unit tests
image: docker:dind
image: docker
environment:
GOPATH: /gopath
GOPATH: /go
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- >-
docker run --rm=true
-e GOCACHE=$GOPATH/cache
-v /go/cache:$GOPATH/cache
-v /go/src/github.com/gravitational/teleport:$GOPATH/src/github.com/gravitational/teleport
-w $GOPATH/src/github.com/gravitational/teleport
-h testbox
-u $UID:$GID
-t quay.io/gravitational/teleport-buildbox:$RUNTIME
/bin/bash -c "make FLAGS='-cover -count 1' test"
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets test

- name: Run integration tests
image: docker:dind
image: docker
environment:
GOPATH: /gopath
GOPATH: /go
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- >-
docker run --rm=true
-e GOCACHE=$GOPATH/cache
-v /go/cache:$GOPATH/cache
-v /go/src/github.com/gravitational/teleport:$GOPATH/src/github.com/gravitational/teleport
-w $GOPATH/src/github.com/gravitational/teleport
-h testbox
-u $UID:$GID
-t quay.io/gravitational/teleport-buildbox:$RUNTIME
/bin/bash -c "make FLAGS='-cover -count 1' integration"
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets integration

- name: Send Slack notification
- name: Send Slack notification for build failures
image: plugins/slack
settings:
webhook:
Expand Down Expand Up @@ -170,7 +167,7 @@ steps:
commands:
- |
cd /go/src/github.com/gravitational/teleport
git diff --raw ${DRONE_TARGET_BRANCH:-master} | awk '{print $6}' | grep -E '^docs' | grep -v ^$ | cut -d/ -f2 | sort | uniq > /tmp/docs-versions-changed.txt
git diff --raw ${DRONE_COMMIT}..${DRONE_TARGET_BRANCH:-master} | awk '{print $6}' | grep -E '^docs' | grep -v ^$ | cut -d/ -f2 | sort | uniq > /tmp/docs-versions-changed.txt
if [ $(stat --printf="%s" /tmp/docs-versions-changed.txt) -gt 0 ]; then
echo "Changes to docs detected, versions $(cat /tmp/docs-versions-changed.txt | tr '\n' ' ')"
# Check trailing whitespace
Expand Down Expand Up @@ -785,7 +782,6 @@ type: kubernetes
name: build-buildboxes

environment:
REPO: quay.io
RUNTIME: go1.13.2
UID: 1000
GID: 1000
Expand Down Expand Up @@ -823,18 +819,11 @@ steps:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$QUAYIO_DOCKER_USERNAME" -p="$QUAYIO_DOCKER_PASSWORD" $REPO
- docker login -u="$QUAYIO_DOCKER_USERNAME" -p="$QUAYIO_DOCKER_PASSWORD" quay.io
- docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true
- >-
docker build
--build-arg UID=$UID
--build-arg GID=$GID
--build-arg RUNTIME=$RUNTIME
--cache-from quay.io/gravitational/teleport-buildbox:$RUNTIME
-f /go/src/github.com/gravitational/teleport/build.assets/Dockerfile
-t quay.io/gravitational/teleport-buildbox:$RUNTIME
/go/src/github.com/gravitational/teleport/build.assets
- make -C build.assets buildbox
- docker push quay.io/gravitational/teleport-buildbox:$RUNTIME

- name: Build and push buildbox-fips container
Expand All @@ -848,18 +837,11 @@ steps:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$QUAYIO_DOCKER_USERNAME" -p="$QUAYIO_DOCKER_PASSWORD" $REPO
- docker login -u="$QUAYIO_DOCKER_USERNAME" -p="$QUAYIO_DOCKER_PASSWORD" quay.io
- docker pull quay.io/gravitational/teleport-buildbox-fips:$RUNTIME || true
- >-
docker build
--build-arg UID=$UID
--build-arg GID=$GID
--build-arg RUNTIME=$RUNTIME
--cache-from quay.io/gravitational/teleport-buildbox-fips:$RUNTIME
-f /go/src/github.com/gravitational/teleport/build.assets/Dockerfile-fips
-t quay.io/gravitational/teleport-buildbox-fips:$RUNTIME
/go/src/github.com/gravitational/teleport/build.assets
- make -C build.assets buildbox-fips
- docker push quay.io/gravitational/teleport-buildbox-fips:$RUNTIME

- name: Build and push buildbox-centos6 container
Expand All @@ -873,18 +855,11 @@ steps:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$QUAYIO_DOCKER_USERNAME" -p="$QUAYIO_DOCKER_PASSWORD" $REPO
- docker login -u="$QUAYIO_DOCKER_USERNAME" -p="$QUAYIO_DOCKER_PASSWORD" quay.io
- docker pull quay.io/gravitational/teleport-buildbox-centos6:$RUNTIME || true
- >-
docker build
--build-arg UID=$UID
--build-arg GID=$GID
--build-arg RUNTIME=$RUNTIME
--cache-from quay.io/gravitational/teleport-buildbox-centos6:$RUNTIME
-f /go/src/github.com/gravitational/teleport/build.assets/Dockerfile-centos6
-t quay.io/gravitational/teleport-buildbox-centos6:$RUNTIME
/go/src/github.com/gravitational/teleport/build.assets
- make -C build.assets buildbox-centos6
- docker push quay.io/gravitational/teleport-buildbox-centos6:$RUNTIME

- name: Build and push buildbox-centos6-fips container
Expand All @@ -898,18 +873,11 @@ steps:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$QUAYIO_DOCKER_USERNAME" -p="$QUAYIO_DOCKER_PASSWORD" $REPO
- docker login -u="$QUAYIO_DOCKER_USERNAME" -p="$QUAYIO_DOCKER_PASSWORD" quay.io
- docker pull quay.io/gravitational/teleport-buildbox-centos6-fips:$RUNTIME || true
- >-
docker build
--build-arg UID=$UID
--build-arg GID=$GID
--build-arg RUNTIME=$RUNTIME
--cache-from quay.io/gravitational/teleport-buildbox-centos6-fips:$RUNTIME
-f /go/src/github.com/gravitational/teleport/build.assets/Dockerfile-centos6-fips
-t quay.io/gravitational/teleport-buildbox-centos6-fips:$RUNTIME
/go/src/github.com/gravitational/teleport/build.assets
- make -C build.assets buildbox-centos6-fips
- docker push quay.io/gravitational/teleport-buildbox-centos6-fips:$RUNTIME

services:
Expand All @@ -929,9 +897,6 @@ kind: pipeline
type: kubernetes
name: docker-cron

environment:
REPO: quay.io

trigger:
cron:
- docker-cron
Expand Down Expand Up @@ -971,7 +936,6 @@ steps:
environment:
OS: linux
ARCH: amd64
REPO: quay.io
settings:
username:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
Expand All @@ -982,10 +946,10 @@ steps:
path: /var/run
commands:
- export VERSION_TAG=$(cat /tmp/build/CURRENT_VERSION_TAG.txt)
- export OSS_IMAGE_NAME="$REPO/gravitational/teleport:$(cat /tmp/build/CURRENT_VERSION_TAG_GENERIC.txt)"
- export ENT_IMAGE_NAME="$REPO/gravitational/teleport-ent:$(cat /tmp/build/CURRENT_VERSION_TAG_GENERIC.txt)"
- export ENT_FIPS_IMAGE_NAME="$REPO/gravitational/teleport-ent:$(cat /tmp/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips"
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" $REPO
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /tmp/build/CURRENT_VERSION_TAG_GENERIC.txt)"
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /tmp/build/CURRENT_VERSION_TAG_GENERIC.txt)"
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /tmp/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips"
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
# OSS
- docker build --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /tmp/build/Dockerfile-cron /tmp/build
- docker push $OSS_IMAGE_NAME
Expand All @@ -1001,7 +965,6 @@ steps:
environment:
OS: linux
ARCH: amd64
REPO: quay.io
settings:
username:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
Expand All @@ -1012,10 +975,10 @@ steps:
path: /var/run
commands:
- export VERSION_TAG=$(cat /tmp/build/PREVIOUS_VERSION_ONE_TAG.txt)
- export OSS_IMAGE_NAME="$REPO/gravitational/teleport:$(cat /tmp/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
- export ENT_IMAGE_NAME="$REPO/gravitational/teleport-ent:$(cat /tmp/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
- export ENT_FIPS_IMAGE_NAME="$REPO/gravitational/teleport-ent:$(cat /tmp/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips"
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" $REPO
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /tmp/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /tmp/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /tmp/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips"
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
# OSS
- docker build --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /tmp/build/Dockerfile-cron /tmp/build
- docker push $OSS_IMAGE_NAME
Expand All @@ -1031,7 +994,6 @@ steps:
environment:
OS: linux
ARCH: amd64
REPO: quay.io
settings:
username:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
Expand All @@ -1042,10 +1004,10 @@ steps:
path: /var/run
commands:
- export VERSION_TAG=$(cat /tmp/build/PREVIOUS_VERSION_TWO_TAG.txt)
- export OSS_IMAGE_NAME="$REPO/gravitational/teleport:$(cat /tmp/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
- export ENT_IMAGE_NAME="$REPO/gravitational/teleport-ent:$(cat /tmp/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
- export ENT_FIPS_IMAGE_NAME="$REPO/gravitational/teleport-ent:$(cat /tmp/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips"
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" $REPO
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /tmp/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /tmp/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /tmp/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips"
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
# OSS
- docker build --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /tmp/build/Dockerfile-cron /tmp/build
- docker push $OSS_IMAGE_NAME
Expand Down Expand Up @@ -1116,6 +1078,6 @@ steps:

---
kind: signature
hmac: 9431d326c2652b31d49c8cb411c6b115f892609dcb8e80172e452a946cbe4bba
hmac: f5e1815ffbc9cac09bad62e7db6420b65281e4e0a8b2d4187cc0b7e565c95c90

...
42 changes: 25 additions & 17 deletions build.assets/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,21 +1,26 @@
# This Dockerfile makes the "build box": the container used to build official
# releases of Teleport and its documentation.
FROM quay.io/gravitational/buildbox-base:1.0
FROM ubuntu:20.04

ARG UID
ARG GID
COPY locale.gen /etc/locale.gen
COPY profile /etc/profile

COPY pam/pam_teleport.so /lib/x86_64-linux-gnu/security
COPY pam/teleport-acct-echo /etc/pam.d
COPY pam/teleport-acct-failure /etc/pam.d
COPY pam/teleport-success /etc/pam.d
COPY pam/teleport-session-failure /etc/pam.d
COPY pam/teleport-session-environment /etc/pam.d
ENV LANGUAGE="en_US.UTF-8" \
LANG="en_US.UTF-8" \
LC_ALL="en_US.UTF-8" \
LC_CTYPE="en_US.UTF-8" \
DEBIAN_FRONTEND="noninteractive"

RUN apt-get update; apt-get install -q -y libpam-dev libc6-dev-i386 net-tools tree
RUN apt-get update -y --fix-missing && \
apt-get -q -y upgrade && \
apt-get install -q -y apt-utils curl gcc git gzip libbpfcc-dev libc6-dev libpam-dev libsqlite3-0 locales make net-tools tar tree zip && \
dpkg-reconfigure locales && \
apt-get -y autoclean && apt-get -y clean

RUN (groupadd jenkins --gid=$GID -o && useradd jenkins --uid=$UID --gid=$GID --create-home --shell=/bin/sh ;\
mkdir -p -m0700 /var/lib/teleport && chown -R jenkins /var/lib/teleport)
ARG UID
ARG GID
RUN (groupadd ci --gid=$GID -o && useradd ci --uid=$UID --gid=$GID --create-home --shell=/bin/sh ;\
mkdir -p -m0700 /var/lib/teleport && chown -R ci /var/lib/teleport)

# Install etcd.
RUN (curl -L https://github.com/coreos/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-amd64.tar.gz | tar -xz ;\
Expand All @@ -24,19 +29,22 @@ RUN (curl -L https://github.com/coreos/etcd/releases/download/v3.3.9/etcd-v3.3.9
# Install Go.
ARG RUNTIME
RUN mkdir -p /opt && cd /opt && curl https://storage.googleapis.com/golang/$RUNTIME.linux-amd64.tar.gz | tar xz;\
mkdir -p /gopath/src/github.com/gravitational/teleport;\
chmod a+w /gopath;\
mkdir -p /go/src/github.com/gravitational/teleport;\
chmod a+w /go;\
chmod a+w /var/lib;\
chmod a-w /

ENV GOPATH="/gopath" \
ENV GOPATH="/go" \
GOROOT="/opt/go" \
PATH="$PATH:/opt/go/bin:/gopath/bin:/gopath/src/github.com/gravitational/teleport/build"
PATH="$PATH:/opt/go/bin:/go/bin:/go/src/github.com/gravitational/teleport/build"

# Install meta-linter.
RUN (curl -L https://github.com/golangci/golangci-lint/releases/download/v1.24.0/golangci-lint-1.24.0-$(go env GOOS)-$(go env GOARCH).tar.gz | tar -xz ;\
cp golangci-lint-1.24.0-$(go env GOOS)-$(go env GOARCH)/golangci-lint /bin/ ;\
rm -r golangci-lint*)

VOLUME ["/gopath/src/github.com/gravitational/teleport"]
COPY pam/pam_teleport.so /lib/x86_64-linux-gnu/security
COPY pam/teleport-* /etc/pam.d/

VOLUME ["/go/src/github.com/gravitational/teleport"]
EXPOSE 6600 2379 2380
Loading

0 comments on commit 943e0d0

Please sign in to comment.