ploigos · cmasonrh · Feb 3, 2023 · Feb 3, 2023
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -1924,6 +1924,124 @@ jobs:
       - name: Image Digest 🔖
         run: echo ${{ steps.image_build.outputs.digest }}
 
+  ##################################
+  # ploigos-tool-quarkus-native_java17_ubi8 #
+  ##################################
+  ploigos-tool-quarkus-native_java17_ubi8:
+    needs:
+    - ploigos-tool-maven_java17_ubi8
+
+    runs-on: ubuntu-latest
+
+    env:
+      IMAGE_CONTEXT: ./ploigos-tool-quarkus-native
+      IMAGE_FILE: Containerfile.ubi8
+      IMAGE_NAME: ploigos-tool-quarkus-native
+      IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-quarkus-native:latest.java17.ubi8
+      BASE_IMAGE_NAME: ploigos-tool-maven
+      BASE_IMAGE_VERSION: ${{ needs.ploigos-tool-maven_java17_ubi8.outputs.version }}
+      IMAGE_TAG_FLAVOR: .java17.ubi8
+      IMAGE_IS_DEFAULT_FLAVOR: false
+
+    services:
+      registry:
+        image: registry:2
+        ports:
+        - 5000:5000
+
+    outputs:
+      version: ${{ steps.prep.outputs.version }}
+
+    steps:
+      - name: Checkout 🛎️
+        uses: actions/checkout@v2
+
+      - name: Determine Image Version and Tags ⚙️
+        id: prep
+        run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh
+
+      - name: Version 📌
+        run: echo ${{ steps.prep.outputs.version }}
+
+      - name: Image Tags 🏷
+        run: echo ${{ steps.prep.outputs.tags }}
+
+      - name: Set up QEMU 🧰
+        uses: docker/[email protected]
+
+      - name: Set up Docker Buildx 🧰
+        uses: docker/[email protected]
+        with:
+          driver-opts: network=host
+
+      - name: Cache Docker layers 🗃
+        uses: actions/[email protected]
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Build Image 🛠
+        id: image_build
+        uses: docker/[email protected]
+        env:
+          IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ env.BASE_IMAGE_VERSION }}
+        with:
+          context: ${{ env.IMAGE_CONTEXT }}
+          file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }}
+          build-args: ${{ env.IMAGE_BUILD_ARGS }}
+          push: true
+          tags: ${{ env.IMAGE_TAG_LOCAL }}
+          labels: |
+            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+            org.opencontainers.image.source=${{ github.repositoryUrl }}
+            org.opencontainers.image.version=${{ steps.prep.outputs.version }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.licenses=${{ github.event.repository.license.name }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+
+      - name: Test Image 🧪
+        run: |
+          echo "Verify java installed"
+          docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} java -version
+
+          echo "Verify maven installed"
+          docker run -u 1001  ${{ env.IMAGE_TAG_LOCAL }} mvn --version
+
+          echo "Verify can create file in ~/.m2"
+          docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} /bin/bash -c "mkdir -p ~/.m2 && touch ~/.m2/test-settings.xml"
+
+          echo "test podman"
+          docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} podman --version
+
+          echo "test buildah"
+          docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} buildah --version
+
+          # TODO: Test running quarkus native build here
+
+      - name: Login to External Registry 🔑
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ secrets.REGISTRY_URI }}
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Push to External Registry 🔺
+        id: push
+        run: |
+          docker pull ${{ env.IMAGE_TAG_LOCAL }}
+
+          TAGS=${{ steps.prep.outputs.tags }}
+          for TAG in ${TAGS//,/ }; do
+            docker tag ${{ env.IMAGE_TAG_LOCAL }} ${TAG}
+            docker push ${TAG}
+          done
+
+      - name: Image Digest 🔖
+        run: echo ${{ steps.image_build.outputs.digest }}
+
   ###########################
   # ploigos-tool-sonar_ubi8 #
   ###########################

diff --git a/README.md b/README.md
@@ -72,6 +72,11 @@ Defines a maven container image. Built from `ploigos-tool-java`.
 
 Defines a Maven JKube container image. Built from `ploigos-tool-maven`.
 
+## ploigos-tool-quarkus-native
+[![ploigos-tool-quarkus-native](https://img.shields.io/badge/quay.io-ploigos--tool--quarkus--native-lightgrey?logo=open-containers-initiative)](https://quay.io/repository/ploigos/ploigos-tool-quarkus-native)
+
+Defines a Maven Quarkus native container image. Built from `ploigos-tool-maven`.
+
 ## ploigos-tool-javascript
 [![ploigos-tool-javascript](https://img.shields.io/badge/quay.io-ploigos--tool--javascript-lightgrey?logo=open-containers-initiative)](https://quay.io/repository/ploigos/ploigos-tool-javascript)
 
@@ -145,6 +150,8 @@ to kick off which will build, test, publish the images (that can) to [quay.io/pl
 * ploigos-tool-jkube
   * .java8.ubi8
   * .java11.ubi8 (default)
+* ploigos-tool-quarkus-native
+  * .java17.ubi8 (default)
 * ploigos-tool-javascript
   * ubi8
 * ploigos-tool-openscap
@@ -160,21 +167,22 @@ to kick off which will build, test, publish the images (that can) to [quay.io/pl
 The following commands can be used for building these images locally.
 
 ```
-podman build --tag ploigos-base                                                            ploigos-base
-podman build --tag ploigos-ci-agent-jenkins --build-arg BASE_IMAGE=ploigos-tool-java       ploigos-ci-agent-jenkins
-podman build --tag ploigos-jenkins                                                         ploigos-jenkins
-podman build --tag ploigos-jenkins-init                                                    ploigos-jenkins-init
-podman build --tag ploigos-tool-argocd      --build-arg BASE_IMAGE=ploigos-base            ploigos-tool-argocd
-podman build --tag ploigos-tool-config-lint --build-arg BASE_IMAGE=ploigos-base            ploigos-tool-config-lint
-podman build --tag ploigos-tool-containers  --build-arg BASE_IMAGE=ploigos-base            ploigos-tool-containers
-podman build --tag ploigos-tool-helm        --build-arg BASE_IMAGE=ploigos-base            ploigos-tool-helm
-podman build --tag ploigos-tool-java        --build-arg BASE_IMAGE=ploigos-base            ploigos-tool-java
-podman build --tag ploigos-tool-maven       --build-arg BASE_IMAGE=ploigos-tool-java       ploigos-tool-maven
-podman build --tag ploigos-tool-javascript  --build-arg BASE_IMAGE=ploigos-base            ploigos-tool-javascript
-podman build --tag ploigos-tool-jkube       --build-arg BASE_IMAGE=ploigos-tool-maven      ploigos-tool-jkube
-podman build --tag ploigos-tool-openscap    --build-arg BASE_IMAGE=ploigos-tool-containers ploigos-tool-openscap
-podman build --tag ploigos-tool-autogov     --build-arg BASE_IMAGE=ploigos-autogov         ploigos-tool-autogov
-podman build --tag ploigos-tool-sonar       --build-arg BASE_IMAGE=ploigos-base            ploigos-tool-sonar
+podman build --tag ploigos-base                                                               ploigos-base
+podman build --tag ploigos-ci-agent-jenkins    --build-arg BASE_IMAGE=ploigos-tool-java       ploigos-ci-agent-jenkins
+podman build --tag ploigos-jenkins                                                            ploigos-jenkins
+podman build --tag ploigos-jenkins-init                                                       ploigos-jenkins-init
+podman build --tag ploigos-tool-argocd         --build-arg BASE_IMAGE=ploigos-base            ploigos-tool-argocd
+podman build --tag ploigos-tool-config-lint    --build-arg BASE_IMAGE=ploigos-base            ploigos-tool-config-lint
+podman build --tag ploigos-tool-containers     --build-arg BASE_IMAGE=ploigos-base            ploigos-tool-containers
+podman build --tag ploigos-tool-helm           --build-arg BASE_IMAGE=ploigos-base            ploigos-tool-helm
+podman build --tag ploigos-tool-java           --build-arg BASE_IMAGE=ploigos-base            ploigos-tool-java
+podman build --tag ploigos-tool-maven          --build-arg BASE_IMAGE=ploigos-tool-java       ploigos-tool-maven
+podman build --tag ploigos-tool-javascript     --build-arg BASE_IMAGE=ploigos-base            ploigos-tool-javascript
+podman build --tag ploigos-tool-jkube          --build-arg BASE_IMAGE=ploigos-tool-maven      ploigos-tool-jkube
+podman build --tag ploigos-tool-quarkus-native --build-arg BASE_IMAGE=ploigos-tool-maven      ploigos-tool-quarkus-native
+podman build --tag ploigos-tool-openscap       --build-arg BASE_IMAGE=ploigos-tool-containers ploigos-tool-openscap
+podman build --tag ploigos-tool-autogov        --build-arg BASE_IMAGE=ploigos-autogov         ploigos-tool-autogov
+podman build --tag ploigos-tool-sonar          --build-arg BASE_IMAGE=ploigos-base            ploigos-tool-sonar
 podman build --tag argocd-repo-server-sops  argocd-repo-server-sops -f ./Containerfile.ubi8
 ```
 

diff --git a/ploigos-tool-quarkus-native/Containerfile b/ploigos-tool-quarkus-native/Containerfile
@@ -0,0 +1 @@
+Containerfile.ubi8
diff --git a/ploigos-tool-quarkus-native/Containerfile.ubi8 b/ploigos-tool-quarkus-native/Containerfile.ubi8
@@ -0,0 +1,56 @@
+# This image is based on the following Dockerfiles:
+# https://catalog.redhat.com/software/containers/rhel8/buildah/5dca3d76dd19c71643b226d5?container-tabs=dockerfile
+# https://github.com/containers/buildah/blob/master/contrib/buildahimage/stable/Dockerfile
+ARG BASE_IMAGE=quay.io/ploigos/ploigos-tool-maven:latest.ubi8
+ARG GO_VERSION=1.12.17
+
+FROM $BASE_IMAGE
+ARG PLOIGOS_USER_UID
+ARG GO_VERSION
+
+# labels
+ENV DESCRIPTION="Ploigos tool container used to do Quarkus Native builds. Has both Maven and container tools."
+LABEL \
+    maintainer="Ploigos <[email protected]>" \
+    name="ploigos/ploigos-tool-quarkus-native" \
+    summary="$DESCRIPTION" \
+    description="$DESCRIPTION" \
+    License="GPLv2+" \
+    architecture="x86_64" \
+    io.k8s.display-name="Ploigos - Tool - Quarkus Native" \
+    io.k8s.description="$DESCRIPTION" \
+    io.openshift.expose-services="" \
+    io.openshift.tags="ploigos,podman,buildah,maven" \
+    com.redhat.component="ploigos-tool-containers-container"
+
+# NOTE This image must run priviliged
+USER root
+
+# update and install packages
+# NOTE: need to reinstall shadow-utils because of
+# * https://github.com/containers/buildah/issues/3053#issuecomment-790031931
+RUN INSTALL_PKGS="buildah podman" && \
+    dnf update -y --allowerasing --nobest && \
+    dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
+    dnf reinstall -y shadow-utils && \
+    dnf clean all && \
+    rm -rf /var/cache /var/log/dnf* /var/log/yum.*
+
+# allow for subgid and subuid to be set at runtime for random UIDs
+# needed to allow for buildah to call newgidmap and newuidmap
+RUN chmod g+rw /etc/subgid /etc/subuid
+
+# may not actually be able to run as this user at runtime
+# but platforms like OpenShift will still respect users home directory
+# so still worth setting
+USER $PLOIGOS_USER_UID
+
+# set up environment variables for use by podman/buildah/skopeo to be able to run as rootless
+ENV _BUILDAH_STARTED_IN_USERNS="" BUILDAH_ISOLATION=chroot STORAGE_DRIVER="vfs"
+
+# set up environment variables for podman service to be used by quarkus native
+ENV DOCKER_HOST="unix:///home/ploigos/podman.sock"
+
+# set custom entrypoint which also calls the base entrypoint
+COPY ploigos-tool-quarkus-native-entrypoint.sh /
+ENTRYPOINT [ "/ploigos-tool-quarkus-native-entrypoint.sh" ]
diff --git a/ploigos-tool-quarkus-native/README.md b/ploigos-tool-quarkus-native/README.md
@@ -0,0 +1,21 @@
+# ploigos-tool-quarkus-native
+
+This repository contains the container definition for creating the Ploigos workflow
+Quarkus native packaging container CLI tools container image.
+
+This container image is intended to be used as the container image to run Ploigos workflow steps
+that require access to CLI tools related to packaging Quarkus native images.
+
+Included CLI tools:
+* `mvn`
+* `buildah`
+* `podman`
+
+## Local Build
+
+To build and push this image perform the following on a properly subscribed RHEL 8 host:
+```
+podman login quay.io/ploigos
+podman build . -t quay.io/ploigos/ploigos-tool-quarkus-native:latest
+podman push quay.io/ploigos/ploigos-tool-quarkus-native:latest
+```
diff --git a/ploigos-tool-quarkus-native/ploigos-tool-quarkus-native-entrypoint.sh b/ploigos-tool-quarkus-native/ploigos-tool-quarkus-native-entrypoint.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# update subgid and subuid for our current id
+# NOTE: can not use usermod because also requires permisions to /etc/passwd
+echo $(whoami):10000:65536 >> /etc/subuid
+echo $(whoami):10000:65536 >> /etc/subgid
+
+# create a podman socket for the Quarkuns Native plugin to use
+# SEE https://github.com/fabric8io/docker-maven-plugin/issues/1330#issuecomment-872905283
+podman system service --time=0 ${DOCKER_HOST} 1> /home/ploigos/podman.stdout 2> /home/ploigos/podman.stderr &
+
+# call the base entrypoint
+/ploigos-base-entrypoint.sh "$@"