chore(imagebuilder): use env replace creds volume

duanhongyi · duanhongyi · commit e088abda1b2c · 2022-04-25T20:59:46.000+08:00
diff --git a/charts/imagebuilder/templates/imagebuilder-configmap.yaml b/charts/imagebuilder/templates/imagebuilder-configmap.yaml
@@ -5,6 +5,7 @@ metadata:
   labels:
     heritage: drycc
 data:
+  buildpacks: "{{.Values.imageRegistry}}/{{.Values.imageOrg}}/buildpacks:bullseye"
   images.json: |
     [
         {
@@ -19,4 +20,3 @@ data:
   registries.conf: |
     {{- .Values.containerRegistries | nindent 4 }}
   imagePullPolicy: {{ .Values.imagePullPolicy }}
-  defaultBuildpacksUrl: ="{{.Values.imageRegistry}}/{{.Values.imageOrg}}/buildpacks:bullseye"
diff --git a/rootfs/imagebuilder/build b/rootfs/imagebuilder/build
@@ -50,69 +50,66 @@ if [[ -n "${TAR_PATH}" ]]; then
     tar -xzf /tmp/app.tgz -C /workspace/ && unset TAR_PATH
 fi
 
-pack_builder=$(< /etc/imagebuilder/defaultBuildpacksUrl tr -d '[:space:]')
+pack_builder=$(< /etc/imagebuilder/buildpacks tr -d '[:space:]')
 if [[ -f .pack-builder ]]; then
     pack_builder=$(< .pack-builder tr -d '[:space:]')
 fi
 
 # Get registry and login
 if [[ "${DRYCC_REGISTRY_LOCATION}" == "off-cluster" ]] ; then
-    registry="${DRYCC_REGISTRY_HOSTNAME}/${DRYCC_REGISTRY_ORGANIZATION}"
     podman login \
         --username "${DRYCC_REGISTRY_USERNAME}" \
         --password "${DRYCC_REGISTRY_PASSWORD}" \
-        "${DRYCC_REGISTRY_HOSTNAME}" \
+        "${DRYCC_REGISTRY_HOST}" \
         --tls-verify=false > /dev/null
 else
     # Start registry proxy
-    registry="${DRYCC_REGISTRY_PROXY_HOST}:${DRYCC_REGISTRY_PROXY_PORT}"
-
+    DRYCC_REGISTRY_PROXY_HOST="${DRYCC_REGISTRY_PROXY_HOST:?DRYCC_REGISTRY_PROXY_HOST env required}"
+    DRYCC_REGISTRY_PROXY_PORT=$(echo "${DRYCC_REGISTRY_PROXY_HOST}" | awk -F ':' '{print $2}')
     caddy_command="caddy reverse-proxy \
-        --from ":${DRYCC_REGISTRY_PROXY_PORT}" \
-        --to "${DRYCC_REGISTRY_SERVICE_HOST}:${DRYCC_REGISTRY_SERVICE_PORT}""
+        --from :${DRYCC_REGISTRY_PROXY_PORT} \
+        --to ${DRYCC_REGISTRY_HOST}"
     if [[ ${log_level} != "debug" ]] ; then
         caddy_command="${caddy_command} > /dev/null"
     fi
     $caddy_command 2>&1 &
     waiting_process caddy
     podman login \
-        --username drycc \
-        --password drycc \
-        --tls-verify=false "${registry}" \
-        > /dev/null
+        --username "${DRYCC_REGISTRY_USERNAME}" \
+        --password "${DRYCC_REGISTRY_PASSWORD}" \
+        "${DRYCC_REGISTRY_PROXY_HOST}" \
+        --tls-verify=false > /dev/null
 fi
 
 # Get image name and image tag
-image_name=$(echo "${IMG_NAME}" | awk -F ':' '{print $1}')
-image_tag=$(echo "${IMG_NAME}" | awk -F ':' '{print $2}')
-image_repo="${registry}/${image_name}:${image_tag}"
-image_cache_repo="${registry}/${image_name}:cache"
-image_latest_repo="${registry}/${image_name}:latest"
+image_base_name=$(echo "${IMAGE_NAME}" | awk -F ':' '{print $1}')
+image_cache_name="${image_base_name}":cache
+image_latest_name="${image_base_name}":latest
 
 # Building
 if [[ "${DRYCC_STACK}" == "container" ]] ; then
     echo "---> Building container"
     if [[ $log_level == "debug" ]] ; then
-        podman build --tag"${image_repo}" --network host .
-        podman push "${image_repo}" --tls-verify=false
+        podman build --tag"${IMAGE_NAME}" --network host .
+        podman push "${IMAGE_NAME}" --tls-verify=false
     else
-        podman build --quiet --tag "${image_repo}" --network host .
-        podman push "${image_repo}" --quiet --tls-verify=false
+        podman build --quiet --tag "${IMAGE_NAME}" --network host .
+        podman push "${IMAGE_NAME}" --quiet --tls-verify=false
     fi
 else
     echo "---> Building pack"
     echo "---> Using builder ${pack_builder}"
     # podman connection
     readonly DOCKER_HOST="unix://$(podman info -f "{{.Host.RemoteSocket.Path}}")"
     export DOCKER_HOST
-    pack_command="pack build ${image_repo} \
+    pack_command="pack build ${IMAGE_NAME} \
             --builder ${pack_builder} \
             --docker-host ${DOCKER_HOST} \
-            --previous-image ${image_latest_repo} \
+            --previous-image ${image_latest_name} \
             --trust-builder \
             --publish \
-            --cache-image ${image_cache_repo} \
-            --tag ${image_latest_repo} \
+            --cache-image ${image_cache_name} \
+            --tag ${image_latest_name} \
             --network host"
     if [[ $log_level == "debug" ]] ; then
         pack_command="$pack_command --verbose"
diff --git a/rootfs/usr/local/bin/get_object b/rootfs/usr/local/bin/get_object
@@ -1,6 +1,12 @@
 #!/usr/bin/env bash
+
+mc config host add minio \
+  "${DRYCC_MINIO_ENDPOINT}" \
+  "${DRYCC_MINIO_ACCESSKEY}" \
+  "${DRYCC_MINIO_SECRETKEY}" \
+  --lookup "${DRYCC_MINIO_LOOKUP}" \
+  --api s3v4
+
 GET_PATH=/tmp/app.tgz
-# shellcheck disable=SC1091
-source /usr/local/bin/normalize_storage
 
-mc cp minio/"${MINIO_BUCKET}/${TAR_PATH}" "${GET_PATH}" &>/tmp/objstorage.log
+mc cp minio/"${DRYCC_MINIO_BUCKET}/${TAR_PATH}" "${GET_PATH}"
diff --git a/rootfs/usr/local/bin/normalize_storage b/rootfs/usr/local/bin/normalize_storage

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ metadata:`
`5`	`5`	`labels:`
`6`	`6`	`heritage: drycc`
`7`	`7`	`data:`
	`8`	`+ buildpacks: "{{.Values.imageRegistry}}/{{.Values.imageOrg}}/buildpacks:bullseye"`
`8`	`9`	`images.json: \|`
`9`	`10`	`[`
`10`	`11`	`{`
`@@ -19,4 +20,3 @@ data:`
`19`	`20`	`registries.conf: \|`
`20`	`21`	`{{- .Values.containerRegistries \| nindent 4 }}`
`21`	`22`	`imagePullPolicy: {{ .Values.imagePullPolicy }}`
`22`		`- defaultBuildpacksUrl: ="{{.Values.imageRegistry}}/{{.Values.imageOrg}}/buildpacks:bullseye"`