add a minimal target for ocm-container-minimal

.gitignore

@@ -1,6 +1,9 @@
 # IDE configs
 .vscode/*
 
+# cp/mv backups
+*~
+
 # Ignore logfiles
 log/
 *.log

Containerfile

@@ -1,81 +1,56 @@
-### Pre-install yum stuff
 ARG BASE_IMAGE=registry.access.redhat.com/ubi9/ubi-minimal:9.3-1612
-FROM ${BASE_IMAGE} as base-update
+FROM ${BASE_IMAGE} as tools-base
+ARG OUTPUT_DIR="/opt"
 
-RUN microdnf --assumeyes install yum-utils \
-      && microdnf --assumeyes --nodocs update \
-      && microdnf clean all \
-      && rm -rf /var/cache/yum
+RUN microdnf --assumeyes install gzip jq tar
 
-FROM base-update as dnf-install
+# Adds Platform Conversion Tool for arm64/x86_64 compatibility
+# need to add this a second time to add it to the builder image
+COPY utils/dockerfile_assets/platforms.sh /usr/local/bin/platform_convert
 
-# OCM backplane console port to map
-ENV OCM_BACKPLANE_CONSOLE_PORT 9999
+### BACKPLANE TOOLS - download SRE standad binaries to a temporary container
+FROM tools-base as backplane-tools
+ARG OUTPUT_DIR="/opt"
 
-# Add Platform Conversion Tool for arm64/x86_64 compatibility
-COPY utils/dockerfile_assets/platforms.sh /usr/local/bin/platform_convert
+# Set GH_TOKEN to use authenticated GH requests
+ARG GH_TOKEN
 
-# Add google-cloud-sdk repo
-COPY utils/dockerfile_assets/google-cloud-sdk.repo /etc/yum.repos.d/
-# Use  Platform Conversion Tool to set google-cloud-sdk repo arch
-RUN platform_convert -i /etc/yum.repos.d/google-cloud-sdk.repo --x86_64 --aarch64
+ARG BACKPLANE_TOOLS_VERSION="tags/v1.1.0"
+ENV BACKPLANE_TOOLS_URL_SLUG="openshift/backplane-tools"
+ENV BACKPLANE_TOOLS_URL="https://api.github.com/repos/${BACKPLANE_TOOLS_URL_SLUG}/releases/${BACKPLANE_TOOLS_VERSION}"
+ENV BACKPLANE_BIN_DIR="/root/.local/bin/backplane"
 
-# Add epel repos
-RUN rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9 \
-      && rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
+RUN mkdir -p /backplane-tools
+WORKDIR /backplane-tools
 
-# Install packages
-# These packages will end up in the final image
-# Installed here to save build time
-RUN microdnf --assumeyes --nodocs install \
-      bash-completion \
-      bind-utils \
-      crun\
-      findutils \
-      fuse-overlayfs \
-      git \
-      golang \
-      jq \
-      make \
-      nodejs \
-      nodejs-nodemon \
-      npm \
-      openssl \
-      podman \
-      procps-ng \
-      python3 \
-      python3-pip \
-      rsync \
-      sshuttle \
-      tar \
-      vim-enhanced \
-      wget \
-      xz \
-      google-cloud-cli \
-      && microdnf clean all \
-      && yum-config-manager --disable google-cloud-sdk \
-      && rm -rf /var/cache/yum
+# Download the checksum
+RUN /bin/bash -c "curl -sSLf $(curl -sSLf ${BACKPLANE_TOOLS_URL} -o - | jq -r '.assets[] | select(.name|test("checksums.txt")) | .browser_download_url') -o checksums.txt"
 
-RUN git clone --depth 1 https://github.com/junegunn/fzf.git /root/.fzf \
-      && /root/.fzf/install --all
+# Download amd64 binary
+RUN [[ $(platform_convert "@@PLATFORM@@" --amd64 --arm64) != "amd64" ]] && exit 0 || /bin/bash -c "curl -sSLf -O $(curl -sSLf ${BACKPLANE_TOOLS_URL} -o - | jq -r '.assets[] | select(.name|test("linux_amd64")) | .browser_download_url') "
+# Download arm64 binary
+RUN [[ $(platform_convert "@@PLATFORM@@" --amd64 --arm64) != "arm64" ]] && exit 0 || /bin/bash -c "curl -sSLf -O $(curl -sSLf ${BACKPLANE_TOOLS_URL} -o - | jq -r '.assets[] | select(.name|test("linux_arm64")) | .browser_download_url') "
 
-### podman container config
-# Overlay over overlay is often denied by the kernel, so this creates non overlay volumes to be used within the container.
-VOLUME /var/lib/containers
+# Extract
+RUN tar --extract --gunzip --no-same-owner --directory "/usr/local/bin"  --file *.tar.gz
 
-# copy storage.conf to enable fuse-overlayfs storage.
-COPY utils/dockerfile_assets/storage.conf /etc/containers/storage.conf
+# Install all using backplane-tools
+RUN /bin/bash -c "PATH=${PATH}:${BACKPLANE_BIN_DIR}/latest /usr/local/bin/backplane-tools install all"
 
-# add containers.conf file to make sure containers run easier.
-COPY utils/dockerfile_assets/containers.conf /etc/containers/containers.conf
+# Copy symlink sources from ./local/bin to $OUTPUT_DIR
+RUN cp -Hv  ${BACKPLANE_BIN_DIR}/latest/* ${OUTPUT_DIR}
 
-### Download the binaries
-# Anything in this image must be COPY'd into the final image, below
-FROM ${BASE_IMAGE} as builder
+# copy aws cli assets
+RUN cp -r ${BACKPLANE_BIN_DIR}/aws/*/aws-cli/dist /${OUTPUT_DIR}/aws_dist
 
-# Adds Platform Conversion Tool for arm64/x86_64 compatibility
-# need to add this a second time to add it to the builder image
-COPY utils/dockerfile_assets/platforms.sh /usr/local/bin/platform_convert
+# Copy hypershift binary
+FROM quay.io/acm-d/rhtap-hypershift-operator as hypershift
+ARG OUTPUT_DIR="/opt"
+RUN cp /usr/bin/hypershift /${OUTPUT_DIR}/hypershift
+
+### Builder - Get or Build Individual Binaries
+FROM tools-base as builder
+ARG OUTPUT_DIR="/opt"
 
 # jq is a pre-req for making parsing of download urls easier
 RUN microdnf --assumeyes --nodocs install \
@@ -92,14 +67,11 @@ RUN curl -sSlo epel-gpg https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9
       && rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \
       && microdnf --assumeyes --nodocs install rhash
 
-# Directory for the extracted binaries, etc
-RUN mkdir -p /out
-
-##############################
-## Individual Binary Builds ##
-##############################
+# Directory for the extracted binaries, etc; used in child images
+RUN mkdir -p /${OUTPUT_DIR}
 
 FROM builder as omc-builder
+ARG OUTPUT_DIR="/opt"
 # Add `omc` utility to inspect must-gathers easily with 'oc' like commands
 # Replace "/latest" with "/tags/{tag}" to pin to a specific version (eg: "/tags/v0.4.0")
 # the URL_SLUG is for checking the releasenotes when a version updates
@@ -121,10 +93,11 @@ RUN [[ $(platform_convert "@@PLATFORM@@" --amd64 --arm64) != "arm64" ]] && exit
 
 # Check the binary and checksum match
 RUN bash -c 'md5sum --check <( grep $(platform_convert "Linux_@@PLATFORM@@.tar.gz" --x86_64 --arm64)  md5sum.txt )'
-RUN tar --extract --gunzip --no-same-owner --directory /out omc --file *.tar.gz
-RUN chmod -R +x /out
+RUN tar --extract --gunzip --no-same-owner --directory /${OUTPUT_DIR} omc --file *.tar.gz
+RUN chmod -R +x /${OUTPUT_DIR}
 
 FROM builder as jira-builder
+ARG OUTPUT_DIR="/opt"
 # Add `jira` utility for working with OHSS tickets
 # Replace "/latest" with "/tags/{tag}" to pin to a specific version (eg: "/tags/v0.4.0")
 # the URL_SLUG is for checking the releasenotes when a version updates
@@ -144,10 +117,11 @@ RUN [[ $(platform_convert "@@PLATFORM@@" --amd64 --arm64) != "arm64" ]] && exit
 
 # Check the tarball and checksum match
 RUN bash -c 'sha256sum --check <( grep $(platform_convert "linux_@@PLATFORM@@" --x86_64 --arm64)  checksums.txt )'
-RUN tar --extract --gunzip --no-same-owner --directory /out --strip-components=2 */bin/jira --file *.tar.gz
-RUN chmod -R +x /out
+RUN tar --extract --gunzip --no-same-owner --directory /${OUTPUT_DIR} --strip-components=2 */bin/jira --file *.tar.gz
+RUN chmod -R +x /${OUTPUT_DIR}
 
 FROM builder as k9s-builder
+ARG OUTPUT_DIR="/opt"
 # Add `k9s` utility
 # Replace "/latest" with "/tags/{tag}" to pin to a specific version (eg: "/tags/v0.4.0")
 # the URL_SLUG is for checking the releasenotes when a version updates
@@ -170,10 +144,11 @@ RUN [[ $(platform_convert "@@PLATFORM@@" --amd64 --arm64) != "arm64" ]] && exit
 
 # Check the tarball and checksum match
 RUN bash -c 'sha256sum --check <( grep $(platform_convert "Linux_@@PLATFORM@@.tar.gz$" --amd64 --arm64)  sha256sum.txt )'
-RUN tar --extract --gunzip --no-same-owner --directory /out k9s --file *.tar.gz
-RUN chmod +x /out/k9s
+RUN tar --extract --gunzip --no-same-owner --directory /${OUTPUT_DIR} k9s --file *.tar.gz
+RUN chmod +x /${OUTPUT_DIR}/k9s
 
 FROM builder as oc-nodepp-builder
+ARG OUTPUT_DIR="/opt"
 # Add `oc-nodepp` utility
 # Replace "/latest" with "/tags/{tag}" to pin to a specific version (eg: "/tags/v0.4.0")
 # the URL_SLUG is for checking the releasenotes when a version updates
@@ -195,67 +170,118 @@ RUN [[ $(platform_convert "@@PLATFORM@@" --x86_64 --arm64) != "arm64" ]] && exit
 
 # Check the tarball and checksum match
 RUN bash -c 'sha256sum --check <( grep $(platform_convert "Linux_@@PLATFORM@@.tar.gz" --x86_64 --arm64)  sha256sum.txt )'
-RUN tar --extract --gunzip --no-same-owner --directory /out oc-nodepp --file *.tar.gz
-RUN chmod +x /out/oc-nodepp
+RUN tar --extract --gunzip --no-same-owner --directory /${OUTPUT_DIR} oc-nodepp --file *.tar.gz
+RUN chmod +x /${OUTPUT_DIR}/oc-nodepp
 
-FROM builder as backplane-tools-builder
-# Install via backplane-tools
-ARG BACKPLANE_TOOLS_VERSION="tags/v1.1.0"
-ENV BACKPLANE_TOOLS_URL_SLUG="openshift/backplane-tools"
-ENV BACKPLANE_TOOLS_URL="https://api.github.com/repos/${BACKPLANE_TOOLS_URL_SLUG}/releases/${BACKPLANE_TOOLS_VERSION}"
-RUN mkdir /backplane-tools
-WORKDIR /backplane-tools
+### Pre-install yum stuff for final images
+FROM ${BASE_IMAGE} as base-update
+# ARG keeps the values from the final image
+ARG OUTPUT_DIR="/opt"
 
-# Download the checksum
-RUN /bin/bash -c "curl -sSLf $(curl -sSLf ${BACKPLANE_TOOLS_URL} -o - | jq -r '.assets[] | select(.name|test("checksums.txt")) | .browser_download_url') -o checksums.txt"
+RUN microdnf --assumeyes install yum-utils \
+      && microdnf --assumeyes --nodocs update \
+      && microdnf clean all \
+      && rm -rf /var/cache/yum
 
-# Download amd64 binary
-RUN [[ $(platform_convert "@@PLATFORM@@" --amd64 --arm64) != "amd64" ]] && exit 0 || /bin/bash -c "curl -sSLf -O $(curl -sSLf ${BACKPLANE_TOOLS_URL} -o - | jq -r '.assets[] | select(.name|test("linux_amd64")) | .browser_download_url') "
-# Download arm64 binary
-RUN [[ $(platform_convert "@@PLATFORM@@" --amd64 --arm64) != "arm64" ]] && exit 0 || /bin/bash -c "curl -sSLf -O $(curl -sSLf ${BACKPLANE_TOOLS_URL} -o - | jq -r '.assets[] | select(.name|test("linux_arm64")) | .browser_download_url') "
+ENV IO_OPENSHIFT_MANAGED_NAME="ocm-container"
+LABEL io.openshift.managed.name="ocm-container"
+LABEL io.openshift.managed.description="Containerized environment for accessing OpenShift v4 clusters, packing necessary tools/scripts"
 
-# Extract
-RUN tar --extract --gunzip --no-same-owner --directory "/usr/local/bin"  --file *.tar.gz
+# Set an exposable port for the cluster console proxy
+# Can be used with `-o "-P"` to map 9999 inside the container to a random port at runtime
+ENV OCM_BACKPLANE_CONSOLE_PORT 9999
+EXPOSE $OCM_BACKPLANE_CONSOLE_PORT
+ENTRYPOINT ["/bin/bash"]
 
-# Install all using backplane-tools
-ENV PATH "$PATH:/root/.local/bin/backplane/latest"
-RUN /usr/local/bin/backplane-tools install all
+### Final Minimal Image
+FROM base-update as ocm-container-minimal
+# ARG keeps the values from the final image
+ARG OUTPUT_DIR="/opt"
+ARG BIN_DIR="/usr/local/bin"
+
+COPY --from=backplane-tools /${OUTPUT_DIR}/aws_dist      /usr/local/aws-cli
+COPY --from=backplane-tools /${OUTPUT_DIR}/oc            ${BIN_DIR}
+COPY --from=backplane-tools /${OUTPUT_DIR}/ocm           ${BIN_DIR}
+COPY --from=backplane-tools /${OUTPUT_DIR}/ocm-backplane ${BIN_DIR}
+COPY --from=backplane-tools /${OUTPUT_DIR}/ocm-addons    ${BIN_DIR}
+COPY --from=backplane-tools /${OUTPUT_DIR}/osdctl        ${BIN_DIR}
+COPY --from=backplane-tools /${OUTPUT_DIR}/rosa          ${BIN_DIR}
+COPY --from=backplane-tools /${OUTPUT_DIR}/servicelogger ${BIN_DIR}
+COPY --from=backplane-tools /${OUTPUT_DIR}/yq            ${BIN_DIR}
+COPY --from=hypershift      /${OUTPUT_DIR}/hypershift    ${BIN_DIR}
+
+### DNF Install other tools on top of Minimal
+FROM ocm-container-minimal as dnf-install
 
-# Copy symlink sources from ./local/bin to /out
-RUN cp -Hv  /root/.local/bin/backplane/latest/* /out
-RUN chmod +x /out/*
-# copy aws cli assets
-RUN cp -r /root/.local/bin/backplane/aws/*/aws-cli/dist /out/aws_dist
+# Add Platform Conversion Tool for arm64/x86_64 compatibility
+COPY utils/dockerfile_assets/platforms.sh /usr/local/bin/platform_convert
 
-# Copy hypershift binary
-FROM quay.io/acm-d/rhtap-hypershift-operator as hypershift
-RUN mkdir -p /out
-RUN cp /usr/bin/hypershift /out/hypershift
-RUN chmod -R +x /out
+# Add google-cloud-sdk repo
+COPY utils/dockerfile_assets/google-cloud-sdk.repo /etc/yum.repos.d/
+# Use  Platform Conversion Tool to set google-cloud-sdk repo arch
+RUN platform_convert -i /etc/yum.repos.d/google-cloud-sdk.repo --x86_64 --aarch64
+
+# Add epel repos
+RUN rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9 \
+      && rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
+
+# Install packages
+# These packages will end up in the final image
+# Installed here to save build time
+RUN microdnf --assumeyes --nodocs install \
+      bash-completion \
+      bind-utils \
+      crun\
+      findutils \
+      fuse-overlayfs \
+      git \
+      golang \
+      jq \
+      make \
+      nodejs \
+      nodejs-nodemon \
+      npm \
+      openssl \
+      podman \
+      procps-ng \
+      python3 \
+      python3-pip \
+      rsync \
+      tar \
+      vim-enhanced \
+      wget \
+      xz \
+      && microdnf clean all \
+      && rm -rf /var/cache/yum
+
+RUN git clone --depth 1 https://github.com/junegunn/fzf.git /root/.fzf \
+      && /root/.fzf/install --all
+
+### podman container config
+# Overlay over overlay is often denied by the kernel, so this creates non overlay volumes to be used within the container.
+VOLUME /var/lib/containers
+
+# copy storage.conf to enable fuse-overlayfs storage.
+COPY utils/dockerfile_assets/storage.conf /etc/containers/storage.conf
+
+# add containers.conf file to make sure containers run easier.
+COPY utils/dockerfile_assets/containers.conf /etc/containers/containers.conf
 
 ###########################
 ## Build the final image ##
 ###########################
 # This is based on the first image build, with the yum packages installed
-FROM dnf-install
-ENV BIN_DIR="/usr/local/bin"
+FROM dnf-install as ocm-container
+# ARG keeps the values from the final image
+ARG OUTPUT_DIR="/opt"
+ARG BIN_DIR="/usr/local/bin"
 
 # Copy previously acquired binaries into the $PATH
 WORKDIR /
-COPY --from=jira-builder /out/jira ${BIN_DIR}
-COPY --from=omc-builder /out/omc ${BIN_DIR}
-COPY --from=k9s-builder /out/k9s ${BIN_DIR}
-COPY --from=oc-nodepp-builder /out/oc-nodepp ${BIN_DIR}
-COPY --from=backplane-tools-builder /out/oc ${BIN_DIR}
-COPY --from=backplane-tools-builder /out/ocm ${BIN_DIR}
-COPY --from=backplane-tools-builder /out/ocm-backplane ${BIN_DIR}
-COPY --from=backplane-tools-builder /out/ocm-addons ${BIN_DIR}
-COPY --from=backplane-tools-builder /out/osdctl ${BIN_DIR}
-COPY --from=backplane-tools-builder /out/rosa ${BIN_DIR}
-COPY --from=backplane-tools-builder /out/servicelogger ${BIN_DIR}
-COPY --from=backplane-tools-builder /out/yq ${BIN_DIR}
-COPY --from=backplane-tools-builder /out/aws_dist /usr/local/aws-cli
-COPY --from=hypershift /out/hypershift ${BIN_DIR}
+COPY --from=jira-builder      /${OUTPUT_DIR}/jira      ${BIN_DIR}
+COPY --from=omc-builder       /${OUTPUT_DIR}/omc       ${BIN_DIR}
+COPY --from=k9s-builder       /${OUTPUT_DIR}/k9s       ${BIN_DIR}
+COPY --from=oc-nodepp-builder /${OUTPUT_DIR}/oc-nodepp ${BIN_DIR}
 
 # Validate
 RUN /usr/local/aws-cli/aws --version
@@ -304,14 +330,4 @@ RUN printf 'if [ -d ${HOME}/.bashrc.d ] ; then\n  for file in ~/.bashrc.d/*.bash
 # Cleanup Home Dir
 RUN rm -rf /root/anaconda* /root/original-ks.cfg /root/buildinfo
 
-# Set an exposable port for the cluster console proxy
-# Can be used with `-o "-P"` to map 9999 inside the container to a random port at runtime
-EXPOSE $OCM_BACKPLANE_CONSOLE_PORT
-
 WORKDIR /root
-
-ENV IO_OPENSHIFT_MANAGED_NAME="ocm-container"
-LABEL io.openshift.managed.name="ocm-container" \
-      io.openshift.managed.description="Containerized environment for accessing OpenShift v4 clusters, packing necessary tools/scripts "
-
-ENTRYPOINT ["/bin/bash"]

Makefile

@@ -51,17 +51,21 @@ checkEnv:
 init:
 	bash init.sh
 
+.PHONY: build-minimal
+build-minimal:
+	@${CONTAINER_ENGINE} build $(BUILD_ARGS) -f Containerfile -t $(IMAGE_NAME)-minimal:$(TAG) --target=ocm-container-minimal
+
 .PHONY: build
 build:
-	@${CONTAINER_ENGINE} build $(BUILD_ARGS) -t $(IMAGE_NAME):$(TAG) .
+	@${CONTAINER_ENGINE} build $(BUILD_ARGS) -f Containerfile -t $(IMAGE_NAME):$(TAG) --target=ocm-container
 
 .PHONY: build-image-amd64
 build-image-amd64:
-	@${CONTAINER_ENGINE} build $(BUILD_ARGS) --platform=linux/amd64 -t $(IMAGE_NAME):$(TAG)-amd64 .
+	@${CONTAINER_ENGINE} build $(BUILD_ARGS) -f Containerfile --platform=linux/amd64 -t $(IMAGE_NAME):$(TAG)-amd64 --target=ocm-container
 
 .PHONY: build-image-arm64
 build-image-arm64:
-	@${CONTAINER_ENGINE} build $(BUILD_ARGS) --platform=linux/arm64 -t $(IMAGE_NAME):$(TAG)-arm64 .
+	@${CONTAINER_ENGINE} build $(BUILD_ARGS) -f Containerfile --platform=linux/arm64 -t $(IMAGE_NAME):$(TAG)-arm64 --target=ocm-container
 
 .PHONY: registry-login
 registry-login: