From 6efb333243dd4739595dee8d0a35836b4cd330b2 Mon Sep 17 00:00:00 2001
From: Tsvetomir Palashki <tpalashki@vmware.com>
Date: Mon, 21 Feb 2022 16:32:42 +0200
Subject: [PATCH 1/2] job-builder: add amazon-ecr-credential-helper to the job
 builder

The rootless job builder is based on an image that does not contain
the amazon-ecr-credential-helper utility. This utility is necessary
to authenticate against ECR when pushing data job images.

This commit adds the amazon-ecr-credential-helper utility to the job-builder
image by pulling it and building it locally from source. Maybe there is
a better way of provisioning it but I could not find it out.

Testing done: manually build and push a job-builder image with the change,
then create a k8s job with this image and run it to verify that it manages
to successfully push data job images to ECR.

Signed-off-by: Tsvetomir Palashki <tpalashki@vmware.com>
---
 .../projects/job-builder-rootless/Dockerfile       | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/projects/control-service/projects/job-builder-rootless/Dockerfile b/projects/control-service/projects/job-builder-rootless/Dockerfile
index 09ae5b2d08..648d41d3a9 100644
--- a/projects/control-service/projects/job-builder-rootless/Dockerfile
+++ b/projects/control-service/projects/job-builder-rootless/Dockerfile
@@ -17,9 +17,21 @@ RUN chmod +x /build_image.sh
 
 # Setup Python and Git
 ## Update & Install dependencies
+## go and make are used to build amazon-ecr-credential-helper (see below)
 RUN apk add --no-cache --update \
     git \
-    bash
+    bash \
+    go \
+    make
+
+# pull and build amazon-ecr-credential-helper; it is required to authenticate to ecr when pushing images
+RUN git clone https://github.com/awslabs/amazon-ecr-credential-helper.git \
+    && cd amazon-ecr-credential-helper \
+    && make \
+    && mv bin/local/docker-credential-ecr-login /usr/local/bin \
+    && chmod +x /usr/local/bin/docker-credential-ecr-login \
+    && cd .. \
+    && rm amazon-ecr-credential-helper/ -rf
 
 RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/v3.10/main python3=3.7.10-r0 py3-pip \
     && pip3 install -U pip \

From bf003d711e126354eeca4617886e66881e224c16 Mon Sep 17 00:00:00 2001
From: Tsvetomir Palashki <tpalashki@vmware.com>
Date: Mon, 21 Feb 2022 16:51:24 +0200
Subject: [PATCH 2/2] increment the builder version

Signed-off-by: Tsvetomir Palashki <tpalashki@vmware.com>
---
 .../control-service/projects/job-builder-rootless/version.txt   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/projects/control-service/projects/job-builder-rootless/version.txt b/projects/control-service/projects/job-builder-rootless/version.txt
index 0473de98d2..1892b92676 100644
--- a/projects/control-service/projects/job-builder-rootless/version.txt
+++ b/projects/control-service/projects/job-builder-rootless/version.txt
@@ -1 +1 @@
-1.3.1dev2
+1.3.2