Skip to content

Commit

Permalink
Fix #830 - Make Images Reproducible
Browse files Browse the repository at this point in the history
Signed-off-by: Ricardo Zanini <[email protected]>
  • Loading branch information
ricardozanini committed Feb 1, 2024
1 parent 34fb881 commit b91aa49
Show file tree
Hide file tree
Showing 13 changed files with 92 additions and 51 deletions.
20 changes: 2 additions & 18 deletions kogito-swf-builder-image.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,32 +17,24 @@
# under the License.
#
- name: builder
from: "registry.access.redhat.com/ubi8/ubi-minimal:latest"
from: "registry.access.redhat.com/ubi8/openjdk-17:1.18"
version: "999-SNAPSHOT"
modules:
repositories:
- path: modules
install:
- name: org.kie.kogito.image.dependencies
- name: org.kie.kogito.system.user
- name: org.kie.kogito.logging
- name: org.kie.kogito.launch.scripts
- name: org.kie.kogito.openjdk
version: "17"
- name: org.kie.kogito.dynamic.resources
- name: org.kie.kogito.maven
version: "3.9.3"
- name: org.kie.kogito.maven.common
- name: org.kie.kogito.project.versions
- name: org.kie.kogito.swf.common.scripts
- name: org.kie.kogito.swf.builder.build-config
- name: org.kie.kogito.swf.common.build

packages:
manager: microdnf

- name: "quay.io/kiegroup/kogito-swf-builder"
from: "registry.access.redhat.com/ubi8/ubi-minimal:latest"
from: "registry.access.redhat.com/ubi8/openjdk-17:1.18"
version: "999-SNAPSHOT"
description: "Kogito Serverless Workflow base builder with Quarkus extensions libraries preinstalled"

Expand All @@ -64,22 +56,14 @@
- name: "io.openshift.tags"
value: "kogito,builder,serverless,workflow"

packages:
manager: microdnf

modules:
repositories:
- path: modules
install:
- name: org.kie.kogito.image.dependencies
- name: org.kie.kogito.system.user
- name: org.kie.kogito.logging
- name: org.kie.kogito.launch.scripts
- name: org.kie.kogito.openjdk
version: "17"
- name: org.kie.kogito.dynamic.resources
- name: org.kie.kogito.maven
version: "3.9.3"
- name: org.kie.kogito.maven.common
- name: org.kie.kogito.project.versions
- name: org.kie.kogito.swf.common.scripts
Expand Down
14 changes: 2 additions & 12 deletions kogito-swf-devmode-image.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,21 +17,16 @@
# under the License.
#
- name: builder
from: "registry.access.redhat.com/ubi8/ubi-minimal:latest"
from: "registry.access.redhat.com/ubi8/openjdk-17:1.18"
version: "999-SNAPSHOT"
modules:
repositories:
- path: modules
install:
- name: org.kie.kogito.image.dependencies
- name: org.kie.kogito.system.user
- name: org.kie.kogito.logging
- name: org.kie.kogito.launch.scripts
- name: org.kie.kogito.openjdk
version: "17"
- name: org.kie.kogito.dynamic.resources
- name: org.kie.kogito.maven
version: "3.9.3"
- name: org.kie.kogito.maven.common
- name: org.kie.kogito.project.versions
- name: org.kie.kogito.swf.common.scripts
Expand All @@ -42,7 +37,7 @@
manager: microdnf

- name: "quay.io/kiegroup/kogito-swf-devmode"
from: "registry.access.redhat.com/ubi8/ubi-minimal:latest"
from: "registry.access.redhat.com/ubi8/openjdk-17:1.18"
version: "999-SNAPSHOT"
description: "Kogito Serverless Workflow development mode with Quarkus extensions libraries preinstalled"

Expand All @@ -69,15 +64,10 @@
repositories:
- path: modules
install:
- name: org.kie.kogito.image.dependencies
- name: org.kie.kogito.system.user
- name: org.kie.kogito.logging
- name: org.kie.kogito.launch.scripts
- name: org.kie.kogito.openjdk
version: "17"
- name: org.kie.kogito.dynamic.resources
- name: org.kie.kogito.maven
version: "3.9.3"
- name: org.kie.kogito.maven.common
- name: org.kie.kogito.project.versions
- name: org.kie.kogito.swf.common.scripts
Expand Down
30 changes: 30 additions & 0 deletions modules/kogito-clean-cache/clean-cache.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/bin/bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#

# Remove font cache
rm -rf /usr/lib/fontconfig/cache/*
# Clean dnf history see https://access.redhat.com/solutions/4500331
rm -f /var/lib/dnf/history*
# Clean RPM database. We know it's not safe, but we must do it anyway to achieve a reproducible builds
# Since we won't use rpm once the image is built, it should be ok
# See
# - https://access.redhat.com/solutions/439953
# - https://access.redhat.com/solutions/6903
rm -rf /var/lib/rpm/*
25 changes: 25 additions & 0 deletions modules/kogito-clean-cache/module.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
schema_version: 1
name: org.kie.kogito.clean.cache
version: "999-SNAPSHOT"
description: Clean up cache files and non-deterministic files leftovers to guarantee a reproducible build.

execute:
- script: clean-cache.sh
2 changes: 0 additions & 2 deletions modules/kogito-dynamic-resources/module.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,6 @@ execute:
- script: configure

envs:
- name: JBOSS_CONTAINER_JAVA_JVM_MODULE
value: /opt/container/java/jvm
- name: JAVA_OPTIONS
description: User specified Java options to be appended to generated options in JAVA_OPTS (internal use).
example: "-verbose:class"
Expand Down
13 changes: 11 additions & 2 deletions modules/kogito-maven/common/configure
100644 → 100755
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,17 @@ set -e
SOURCES_DIR=/tmp/artifacts
SCRIPT_DIR=$(dirname "${0}")

tar xzf "${SOURCES_DIR}"/apache-maven-"${MAVEN_VERSION}"-bin.tar.gz -C /usr/share
mv /usr/share/apache-maven-"${MAVEN_VERSION}" /usr/share/maven
mvn_install_dir="/usr/share/maven"

# Verify if mvn is installed
if [ ! -d ${mvn_install_dir} ] && ! command -v mvn &> /dev/null ;
then
echo "---> Maven not found, downloading and installing it"
tar xzf "${SOURCES_DIR}"/apache-maven-"${MAVEN_VERSION}"-bin.tar.gz -C /usr/share
mv /usr/share/apache-maven-"${MAVEN_VERSION}" ${mvn_install_dir}
else
echo "---> Maven already present in the current context"
fi

mkdir "${KOGITO_HOME}"/.m2
cp -v "${SCRIPT_DIR}"/maven/* "${KOGITO_HOME}"/.m2
Expand Down
5 changes: 3 additions & 2 deletions modules/kogito-swf/builder/runtime/community/configure.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,11 @@ set -e
SOURCES_DIR=/tmp/artifacts

mkdir -p "${KOGITO_HOME}"/.m2/repository
mkdir -p "${KOGITO_HOME}/${PROJECT_ARTIFACT_ID}"

# Unzip Quarkus app and Maven repository
unzip "${SOURCES_DIR}"/kogito-swf-quarkus-app.zip -d "${KOGITO_HOME}"
unzip "${SOURCES_DIR}"/kogito-swf-maven-repo.zip -d "${KOGITO_HOME}"/.m2/repository
tar xf "${SOURCES_DIR}"/kogito-swf-quarkus-app.tar -C "${KOGITO_HOME}/${PROJECT_ARTIFACT_ID}"
tar xf "${SOURCES_DIR}"/kogito-swf-maven-repo.tar -C "${KOGITO_HOME}"/.m2/repository

chown -R 1001:0 "${KOGITO_HOME}"
chmod -R ug+rwX "${KOGITO_HOME}"
4 changes: 2 additions & 2 deletions modules/kogito-swf/builder/runtime/community/module.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,9 @@ description: "Kogito Serverless Workflow builder runtime module"

artifacts:
- image: builder
path: /home/kogito/build_output/kogito-swf-quarkus-app.zip
path: /home/kogito/build_output/kogito-swf-quarkus-app.tar
- image: builder
path: /home/kogito/build_output/kogito-swf-maven-repo.zip
path: /home/kogito/build_output/kogito-swf-maven-repo.tar

execute:
- script: configure.sh
7 changes: 6 additions & 1 deletion modules/kogito-swf/common/build/added/cleanup_project.sh
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,9 @@ rm -rfv "${PROJECT_ARTIFACT_ID}"/*.bak
echo 'Clean Maven useless files'
find "${KOGITO_HOME}"/.m2/repository -name _remote.repositories -type f -delete
find "${KOGITO_HOME}"/.m2/repository -name _maven.repositories -type f -delete
find "${KOGITO_HOME}"/.m2/repository -name *.lastUpdated -type f -delete
find "${KOGITO_HOME}"/.m2/repository -name *.lastUpdated -type f -delete

# Remove files that include build timestamps to have reproducible images
find "${KOGITO_HOME}"/.m2/ -name resolver-status.properties -delete
# Remove quarkus registry
rm -rf "${KOGITO_HOME}"/.m2/repository/io/quarkus/registry/
8 changes: 4 additions & 4 deletions modules/kogito-swf/common/build/added/zip_files.sh
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@ BUILD_OUTPUT="${KOGITO_HOME}"/build_output/
mkdir -p "${BUILD_OUTPUT}"

echo "Zip and copy scaffold project"
zip -r kogito-swf-quarkus-app.zip "${PROJECT_ARTIFACT_ID}"/
cp -v kogito-swf-quarkus-app.zip "${BUILD_OUTPUT}"
tar cf kogito-swf-quarkus-app.tar -C "${PROJECT_ARTIFACT_ID}" .
cp -v kogito-swf-quarkus-app.tar "${BUILD_OUTPUT}"

echo "Zip and copy maven repo"
cd "${KOGITO_HOME}"/.m2/repository/
zip -r kogito-swf-maven-repo.zip *
cp -v kogito-swf-maven-repo.zip "${BUILD_OUTPUT}"
tar cf kogito-swf-maven-repo.tar .
cp -v kogito-swf-maven-repo.tar "${BUILD_OUTPUT}"
4 changes: 0 additions & 4 deletions modules/kogito-swf/common/build/module.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,5 @@ name: org.kie.kogito.swf.common.build
version: "999-SNAPSHOT"
description: "Kogito Serverless Workflow image build process"

packages:
install:
- zip

execute:
- script: configure.sh
7 changes: 5 additions & 2 deletions modules/kogito-swf/devmode/runtime/community/configure.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,12 @@ set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
SOURCES_DIR=/tmp/artifacts

mkdir -p "${KOGITO_HOME}/${PROJECT_ARTIFACT_ID}"
mkdir -p "${KOGITO_HOME}"/.m2/repository

# Unzip Quarkus app and Maven repository
unzip "${SOURCES_DIR}"/kogito-swf-quarkus-app.zip -d "${KOGITO_HOME}"
unzip "${SOURCES_DIR}"/kogito-swf-maven-repo.zip -d "${KOGITO_HOME}"/.m2/repository
tar xf "${SOURCES_DIR}"/kogito-swf-quarkus-app.tar -C "${KOGITO_HOME}/${PROJECT_ARTIFACT_ID}"
tar xf "${SOURCES_DIR}"/kogito-swf-maven-repo.tar -C "${KOGITO_HOME}"/.m2/repository

chown -R 1001:0 "${KOGITO_HOME}"
chmod -R ug+rwX "${KOGITO_HOME}"
4 changes: 2 additions & 2 deletions modules/kogito-swf/devmode/runtime/community/module.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@ envs:

artifacts:
- image: builder
path: /home/kogito/build_output/kogito-swf-quarkus-app.zip
path: /home/kogito/build_output/kogito-swf-quarkus-app.tar
- image: builder
path: /home/kogito/build_output/kogito-swf-maven-repo.zip
path: /home/kogito/build_output/kogito-swf-maven-repo.tar

execute:
- script: configure.sh

0 comments on commit b91aa49

Please sign in to comment.