Skip to content

Commit

Permalink
Merge pull request #15 from Yolean/reproducible-builds
Browse files Browse the repository at this point in the history 
Reproducible builds
  • Loading branch information
@solsson
solsson authored May 23, 2024
2 parents d16c316 + c0f9f90 commit 87152b2
Show file tree
Hide file tree
Showing 12 changed files with 26 additions and 22 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
FROM --platform=$TARGETPLATFORM ubuntu:22.04@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da
FROM --platform=$TARGETPLATFORM ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15
2 changes: 1 addition & 1 deletion builder-base/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM --platform=$TARGETPLATFORM docker.io/yolean/ystack-runner:1c49d6f0faa82e69d0028f53eecc2729e9517ff4@sha256:97b7645cb358198f3204516516b7e7ff19c00970c7ac00bb8f195897c10c8cac \
FROM --platform=$TARGETPLATFORM docker.io/yolean/ystack-runner:46632661e365442a1188f726a72d6843ef5b4ba8@sha256:c4905ec3bff2dc6dac80b592494821d962fe1e48e0dfba8ef48005c20664dd04 \
as base

FROM base as nonroot
Expand Down
4 changes: 2 additions & 2 deletions builder-quarkus/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ FROM --platform=$TARGETPLATFORM maven:3.9.6-eclipse-temurin-21@sha256:a7fc7af5e9
FROM --platform=$TARGETPLATFORM yolean/builder-base as mandrel
ARG TARGETARCH
ARG JAVA_VERSION=java21
ARG MANDREL_VERSION=23.1.2.0-Final
ARG MANDREL_VERSION=23.1.3.1-Final

RUN set -ex; \
ARCH=$TARGETARCH; \
Expand All @@ -16,7 +16,7 @@ RUN set -ex; \
curl -o $MANDREL_DIST -sLSf $MANDREL_DIST_URL; \
echo "$MANDREL_DIST_SHA256" | sha256sum -c -; \
mkdir ./mandrel; \
cat $MANDREL_DIST | tar xzf - --strip-components=1 -C ./mandrel
tar xzf $MANDREL_DIST --strip-components=1 -C ./mandrel

RUN rm -v /home/nonroot/mandrel/lib/src.zip

Expand Down
2 changes: 1 addition & 1 deletion builder-tooling/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM --platform=$TARGETPLATFORM golang:1.21-bookworm@sha256:d8c365d63879c2312e332cb796961f2695dd65124ceb3c0247d9c5426b7dde5f as golang
FROM --platform=$TARGETPLATFORM golang:1.21-bookworm@sha256:9070cb6a424004bb46987bfee510666a362d6a332a6949b33b2b644a0e21d196 as golang

FROM --platform=$TARGETPLATFORM yolean/builder-base-gcc

Expand Down
11 changes: 7 additions & 4 deletions git-init/git-init-tekton-compatible.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,10 @@ cd $CLONEPATH
# https://github.com/tektoncd/pipeline/blob/v0.41.0/pkg/git/git.go#L94
git config --add --global safe.directory $CLONEPATH

git init

git remote add origin $URL
[ -d "$CLONEPATH/.git" ] && git remote -v && git remote set-url origin $URL || {
git init
git remote add origin $URL
}

# https://github.com/tektoncd/pipeline/blob/v0.41.0/pkg/git/git.go#L285
git config core.sparsecheckout true
Expand All @@ -54,4 +55,6 @@ until git fetch --depth=1 origin --update-head-ok --force $REVISION; do
sleep $wait
done

git checkout -f $REVISION
git show-ref "origin/$REVISION" \
&& git checkout -f -B $REVISION origin/$REVISION \
|| git checkout -f $REVISION
2 changes: 1 addition & 1 deletion git/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM --platform=$TARGETPLATFORM ubuntu:22.04@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da
FROM --platform=$TARGETPLATFORM ubuntu:24.04@sha256:562456a05a0dbd62a671c1854868862a4687bf979a96d48ae8e766642cd911e8

RUN groupadd --gid 1000 git \
&& useradd --uid 1000 --gid git --shell /bin/bash --create-home git
Expand Down
4 changes: 2 additions & 2 deletions headless-chrome/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
FROM ubuntu:22.04@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da
FROM ubuntu:24.04@sha256:562456a05a0dbd62a671c1854868862a4687bf979a96d48ae8e766642cd911e8
ARG chrome_stage=stable
ARG chrome_build=121.0.6167.184-1
ARG chrome_build=124.0.6367.207-1

ENV CHROME_VERSION="${chrome_stage}=${chrome_build}"

Expand Down
13 changes: 7 additions & 6 deletions hooks/build
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,28 +54,29 @@ XTAG=""

[ -n "$NOPUSH" ] || BUILDX_PUSH="--push"

export SOURCE_DATE_EPOCH=0
OUTPUT="type=registry,oci-mediatypes=true"

cat ./Dockerfile | \
docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM \
docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM --output "$OUTPUT" \
-t yolean/docker-base -t ${PREFIX}yolean/docker-base:$SOURCE_COMMIT$XTAG -

for CONTEXT in $MULTIARCH_NONROOT; do
! (grep -r FROM ./$CONTEXT | grep -v 'FROM --platform=')
cat ./$CONTEXT/Dockerfile | \
docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - \
docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - --output "$OUTPUT" \
-t yolean/$CONTEXT -t ${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG ./$CONTEXT
done

for CONTEXT in $MULTIARCH_TONONROOT; do
! (grep -r FROM ./$CONTEXT | grep -v 'FROM --platform=')
cat ./$CONTEXT/Dockerfile | \
docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - \
--output type=registry,oci-mediatypes=false \
docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - --output "$OUTPUT" \
-t yolean/$CONTEXT:root -t ${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG-root ./$CONTEXT
done
for CONTEXT in $MULTIARCH_TONONROOT; do
cat ./$CONTEXT/Dockerfile ./nonroot-footer.Dockerfile | \
docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - \
--output type=registry,oci-mediatypes=false \
docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - --output "$OUTPUT" \
-t yolean/$CONTEXT -t ${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG ./$CONTEXT
done

Expand Down
2 changes: 1 addition & 1 deletion node-distroless/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM --platform=$TARGETPLATFORM gcr.io/distroless/nodejs20-debian12:nonroot@sha256:269e058a0b80a1d8cf8d2586c4370c3de470034d4d22d83ae31da4451a6a3ff8
FROM --platform=$TARGETPLATFORM gcr.io/distroless/nodejs20-debian12:nonroot@sha256:370f5779aa7dbe05b46741f2b1e5ff4bc760734b74c7df1c93eaf790d8bd51d4

WORKDIR /app
CMD [ "./main.js" ]
2 changes: 1 addition & 1 deletion node-watchexec/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
# syntax=docker/dockerfile:1.4

FROM --platform=$TARGETPLATFORM ghcr.io/turbokube/nodejs-watch:38f064020d1bafedf0e785bbadacdc78320b28c1@sha256:a57ed5b3331135c4b4e534d74b6d4ec959a6129a0c29c82eabee4bac6272dee7
FROM --platform=$TARGETPLATFORM ghcr.io/turbokube/nodejs-watch:0d4a599ce05cb323db29ee2ee0e0fafa6d30b132@sha256:88b94fb1f71af1b6d1704d37cb04c7f522ea032bc9331cf4b0eb1f65842b7ee7
2 changes: 1 addition & 1 deletion node/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM --platform=$TARGETPLATFORM node:20.11.1-bookworm-slim@sha256:474988d2fa8ad6321db19dc941af70202b163fca06a6b4e7f56067eda0c72eb9
FROM --platform=$TARGETPLATFORM node:20.13.1-bookworm-slim@sha256:cffed8cd39d6a380434e6d08116d188c53e70611175cd5ec7700f93f32a935a6

RUN runtimeDeps='procps git curl ca-certificates' \
&& set -ex \
Expand Down
2 changes: 1 addition & 1 deletion runtime-quarkus-ubuntu/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# ystack/runner
FROM --platform=$TARGETPLATFORM ubuntu:22.04@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da
FROM --platform=$TARGETPLATFORM ubuntu:24.04@sha256:562456a05a0dbd62a671c1854868862a4687bf979a96d48ae8e766642cd911e8

RUN set -ex; \
export DEBIAN_FRONTEND=noninteractive; \
Expand Down

0 comments on commit 87152b2

Please sign in to comment.