updates for better podman support and local container building

project-kessel · Feb 6, 2025 · b969fa1 · b969fa1
1 parent 9c02be4
commit b969fa1
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 9 deletions.
diff --git a/Makefile b/Makefile
@@ -67,6 +67,10 @@ local-build:
 docker-build-push:
 	./build_deploy.sh
 
+.PHONY: build-push-minimal
+build-push-minimal:
+	./build_push_minimal.sh
+
 # run all tests
 .PHONY: test
 test:

diff --git a/README.md b/README.md
@@ -44,6 +44,22 @@ go build -o ./bin/ ./...
 ./bin/server -conf ./configs
 ```
 
+### Build Container Images
+
+By default, the quay repository is `quay.io/cloudservices/kessel-relations`. If you wish to use another for testing, set IMAGE value first
+```shell
+export IMAGE=your-quay-repo # if desired
+make docker-build-push
+```
+
+### Build Container Images (macOS)
+This is an alternative to the above command for macOS users, but should work for any arch
+```shell
+export QUAY_REPO_RELATIONS=your-quay-repo # required
+podman login quay.io # required, this target assumes you are already logged in
+make build-push-minimal
+```
+
 ### Generate other auxiliary files by Makefile
 
 ```
@@ -70,11 +86,12 @@ wire
 
 ## Spicedb using docker/podman
 
-The latest [production ready schema](https://github.com/RedHatInsights/rbac-config/blob/master/configs/prod/schemas/schema.zed) can be downloaded prior to running via 
+The latest [production ready schema](https://github.com/RedHatInsights/rbac-config/blob/master/configs/prod/schemas/schema.zed) can be downloaded prior to running via
 ```
 curl -o deploy/schema.zed https://raw.githubusercontent.com/RedHatInsights/rbac-config/refs/heads/master/configs/prod/schemas/schema.zed
 ```
 
+> Note: The `podman-compose` provider struggles with compose files that leverage `depends_on` as it can't always properly handle the dependency graphs. You can fix this issue on Linux by installing the `docker-compose-plugin` or by also having `docker-compose` installed. When installed, podman uses the `docker-compose` provider by default instead. The benefit of the `docker-compose-plugin` is that it doesn't require the full Docker setup or docker daemon!
 
 ### Run spicedb and postgresql db with docker/podman compose
 

diff --git a/build_deploy.sh b/build_deploy.sh
@@ -1,5 +1,8 @@
 set -exv
 
+# check for podman or docker
+DOCKER=$(command -v podman || command -v docker)
+
 if [[ -z "$IMAGE" ]]; then
     IMAGE="quay.io/cloudservices/kessel-relations"
 fi
@@ -32,15 +35,15 @@ trap job_cleanup EXIT ERR SIGINT SIGTERM
 DOCKER_CONF="$TMP_JOB_DIR/.docker"
 
 mkdir -p "$DOCKER_CONF"
-docker --config="$DOCKER_CONF" login -u="$QUAY_USER" -p="$QUAY_TOKEN" quay.io
-docker --config="$DOCKER_CONF" login -u="$RH_REGISTRY_USER" -p="$RH_REGISTRY_TOKEN" registry.redhat.io
-docker --config="$DOCKER_CONF" build --build-arg GIT_COMMIT=$GIT_COMMIT --no-cache -t "${IMAGE}:${IMAGE_TAG}" . -f ./Dockerfile
+$DOCKER --config="$DOCKER_CONF" login -u="$QUAY_USER" -p="$QUAY_TOKEN" quay.io
+$DOCKER --config="$DOCKER_CONF" login -u="$RH_REGISTRY_USER" -p="$RH_REGISTRY_TOKEN" registry.redhat.io
+$DOCKER --config="$DOCKER_CONF" build --build-arg GIT_COMMIT=$GIT_COMMIT --no-cache -t "${IMAGE}:${IMAGE_TAG}" . -f ./Dockerfile
 
 if [[ "$GIT_BRANCH" == "origin/security-compliance" ]]; then
-    docker --config="$DOCKER_CONF" tag "${IMAGE}:${IMAGE_TAG}" "${IMAGE}:${SECURITY_COMPLIANCE_TAG}"
-    docker --config="$DOCKER_CONF" push "${IMAGE}:${SECURITY_COMPLIANCE_TAG}"
+    $DOCKER --config="$DOCKER_CONF" tag "${IMAGE}:${IMAGE_TAG}" "${IMAGE}:${SECURITY_COMPLIANCE_TAG}"
+    $DOCKER --config="$DOCKER_CONF" push "${IMAGE}:${SECURITY_COMPLIANCE_TAG}"
 else
-    docker --config="$DOCKER_CONF" push "${IMAGE}:${IMAGE_TAG}"
-    docker --config="$DOCKER_CONF" tag "${IMAGE}:${IMAGE_TAG}" "${IMAGE}:latest"
-    docker --config="$DOCKER_CONF" push "${IMAGE}:latest"
+    $DOCKER --config="$DOCKER_CONF" push "${IMAGE}:${IMAGE_TAG}"
+    $DOCKER --config="$DOCKER_CONF" tag "${IMAGE}:${IMAGE_TAG}" "${IMAGE}:latest"
+    $DOCKER --config="$DOCKER_CONF" push "${IMAGE}:latest"
 fi
diff --git a/build_push_minimal.sh b/build_push_minimal.sh
@@ -0,0 +1,16 @@
+# Publish relations images to your personal quay.io repository
+# Compatible with MacOS and other archs for cross-compilation
+# Excludes redhat.registry.io as this is not needed for local/ephem development
+set -exv
+
+if [[ -z "$QUAY_REPO_RELATIONS" ]]; then
+    # required since this script is not used in the CI pipeline, publishing should
+    # only happen from a developer's local machine to their personal repo
+    echo "QUAY_REPO_RELATIONS must be set"
+    exit 1
+fi
+IMAGE_TAG=$(git rev-parse --short=7 HEAD)
+
+source ./scripts/check_docker_podman.sh
+${DOCKER} build --platform linux/amd64 --build-arg TARGETARCH=amd64 -t "${QUAY_REPO_RELATIONS}:${IMAGE_TAG}" -f ./Dockerfile
+${DOCKER} push "${QUAY_REPO_RELATIONS}:${IMAGE_TAG}"