nicolas
/
demo-edge-retail
mirror of https://github.com/nmasse-itix/demo-edge-retail.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Demo about Edge Computing in the Retail vertical using Red Hat products
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
42 Commits
1 Branch
1 Tag
191 KiB
 
 
Tree: cd09313ef8
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cd09313ef8'
${ noResults }
demo-edge-retail/bootc/scripts/build.sh

88 lines
2.9 KiB
Raw Blame History

#!/bin/bash
set -Eeuo pipefail
if [[ "$UID" -ne 0 ]]; then
echo "This command must be run as root!"
exit 1
fi
if [ "$#" -lt 1 ]; then
echo "Usage: $0 <bootc-target-image> [qcow2-target-image]"
exit 1
fi
TARGET_IMAGE="$1"
QCOW2_TARGET_IMAGE="${2:-}"
# Parses the target image to get the tag and registry
# Example: myregistry.com/myimage:tag -> (myregistry.com/myimage + tag)
if [[ "$TARGET_IMAGE" == *":"* ]]; then
TARGET_IMAGE_NAME="${TARGET_IMAGE%%:*}"
TARGET_IMAGE_TAG="${TARGET_IMAGE##*:}"
else
TARGET_IMAGE_NAME="$TARGET_IMAGE"
TARGET_IMAGE_TAG="latest"
TARGET_IMAGE="${IMAGE_NAME}:latest"
fi
# Compute the qcow2 target image if not provided
if [ -z "$QCOW2_TARGET_IMAGE" ]; then
QCOW2_TARGET_IMAGE="${TARGET_IMAGE_NAME}-qcow2:${TARGET_IMAGE_TAG}"
fi
OCI_REGISTRY="${TARGET_IMAGE%%/*}"
SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
if [ ! -f "$PROJECT_DIR/signing-key.pass" ]; then
openssl rand -base64 30 > "$PROJECT_DIR/signing-key.pass"
chmod 600 "$PROJECT_DIR/signing-key.pass"
fi
if [ ! -f "$PROJECT_DIR/signing-key.pub" ]; then
skopeo generate-sigstore-key --output-prefix "$PROJECT_DIR/signing-key" --passphrase-file "$PROJECT_DIR/signing-key.pass"
fi
if [ ! -f "/etc/containers/registries.d/${OCI_REGISTRY}.yaml" ]; then
tee "/etc/containers/registries.d/${OCI_REGISTRY}.yaml" > /dev/null <<EOF
docker:
${OCI_REGISTRY}:
use-sigstore-attachments: true
EOF
fi
export REGISTRY_AUTH_FILE="$PROJECT_DIR/auth.json"
if [ ! -f "$REGISTRY_AUTH_FILE" ]; then
echo "Please enter your credentials for ${OCI_REGISTRY}:"
podman login "${OCI_REGISTRY}"
echo "Please enter your credentials for registry.redhat.io:"
podman login registry.redhat.io
fi
if [ -x "$PWD/custom.sh" ]; then
echo "Running custom.sh..."
"$PWD/custom.sh"
fi
echo "Building and pushing image $TARGET_IMAGE..."
podman build --no-cache -t "${TARGET_IMAGE}" .
podman push --sign-by-sigstore-private-key "$PROJECT_DIR/signing-key.private" --sign-passphrase-file "$PROJECT_DIR/signing-key.pass" "${TARGET_IMAGE}"
echo "Building and pushing image $QCOW2_TARGET_IMAGE..."
temp_dir="$(mktemp -d)"
trap 'rm -rf "$temp_dir"' EXIT
function bootc_image_builder () {
local config="$1"
shift
podman run --rm -it --privileged --pull=newer --security-opt label=type:unconfined_t -v "$config:/$(basename $config):ro" \
-v $temp_dir:/output -v /var/lib/containers/storage:/var/lib/containers/storage \
registry.redhat.io/rhel10/bootc-image-builder:latest --config "/$(basename $config)" "$@"
}
bootc_image_builder "$PROJECT_DIR/config.toml" --type qcow2 "$TARGET_IMAGE"
podman artifact add "$QCOW2_TARGET_IMAGE" "$temp_dir/qcow2/disk.qcow2"
podman artifact push --sign-by-sigstore-private-key "$PROJECT_DIR/signing-key.private" --sign-passphrase-file "$PROJECT_DIR/signing-key.pass" "$QCOW2_TARGET_IMAGE"
podman artifact rm "$QCOW2_TARGET_IMAGE"