This repository has been archived by the owner on Jul 24, 2024. It is now read-only.
forked from gardenlinux/gardenlinux
-
Notifications
You must be signed in to change notification settings - Fork 0
/
build
executable file
·133 lines (112 loc) · 3.24 KB
/
build
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#!/usr/bin/env bash
set -euo pipefail
shopt -s nullglob
exec 3>&1
exec 1>&2
container_image=localhost/builder
container_engine=podman
target_dir=.build
container_run_opts=(
--security-opt seccomp=unconfined
--security-opt apparmor=unconfined
--security-opt label=disable
--read-only
)
container_cmd=()
use_kms=0
resolve_cname=0
while [ $# -gt 0 ]; do
case "$1" in
--container-image)
container_image="$2"
shift 2
;;
--container-engine)
container_engine="$2"
shift 2
;;
--container-run-opts)
declare -a "container_run_opts=($2)"
shift 2
;;
--privileged)
container_run_opts+=(--privileged)
container_cmd=(--second-stage)
shift
;;
--kms)
use_kms=1
shift
;;
--print-container-image)
printf '%s\n' "$container_image" >&3
exit 0
;;
--resolve-cname)
resolve_cname=1
shift
;;
--target)
target_dir="$2"
shift 2
;;
*)
break
;;
esac
done
[ -d "$target_dir" ] || mkdir "$target_dir"
container_mount_opts=(
-v "$PWD/keyring.gpg:/builder/keyring.gpg:ro"
-v "$(realpath "$target_dir"):/builder/.build"
)
for feature in features/*; do
if [ -d "$feature" ]; then
container_mount_opts+=(-v "$(realpath -- "$feature"):/builder/$feature:ro")
fi
done
if [ "$container_image" = localhost/builder ]; then
dir="$(dirname -- "$(realpath -- "${BASH_SOURCE[0]}")")"
# Build from 'builder.dockerfile' if that exists, otherwise the default file name will be 'Dockerfile' or 'Containerfile'.
# It is recommended to call the file 'builder.dockerfile' to make it's intention clear.
# That file might only contain a single line 'FROM ghcr.io/gardenlinux/builder:...' which can be updated via dependabot.
if [[ -f "${dir}"/builder.dockerfile ]]; then
"$container_engine" build -t "$container_image" -f "${dir}"/builder.dockerfile "$dir"
else
"$container_engine" build -t "$container_image" "$dir"
fi
fi
repo="$(./get_repo)"
commit="$(./get_commit)"
timestamp="$(./get_timestamp)"
default_version="$(./get_version)"
if [ "$resolve_cname" = 1 ]; then
arch="$("$container_engine" run --rm "${container_run_opts[@]}" "${container_mount_opts[@]}" "$container_image" dpkg --print-architecture)"
cname="$("$container_engine" run --rm "${container_run_opts[@]}" "${container_mount_opts[@]}" "$container_image" /builder/parse_features --feature-dir /builder/features --default-arch "$arch" --default-version "$default_version" --cname "$1")"
short_commit="$(head -c 8 <<< "$commit")"
echo "$cname-$short_commit" >&3
exit 0
fi
make_opts=(
REPO="$repo"
COMMIT="$commit"
TIMESTAMP="$timestamp"
DEFAULT_VERSION="$default_version"
)
if [ "$use_kms" = 1 ]; then
for e in AWS_DEFAULT_REGION AWS_REGION AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN; do
if [ -n "${!e-}" ]; then
make_opts+=("$e=${!e}")
fi
done
fi
# Default values which can be overriden via 'build.config' file
tempfs_size=2G
if [[ -f "$PWD"/build.config ]]; then
. "$PWD"/build.config
fi
make_opts+=("TEMPFS_SIZE=$tempfs_size")
if [ -d cert ]; then
container_mount_opts+=(-v "$PWD/cert:/builder/cert:ro")
fi
"$container_engine" run --rm "${container_run_opts[@]}" "${container_mount_opts[@]}" "$container_image" ${container_cmd[@]+"${container_cmd[@]}"} fake_xattr make --no-print-directory -C /builder "${make_opts[@]}" "$@" >&3