From b969fa193012d100f4827d58e9c48779d8e155a7 Mon Sep 17 00:00:00 2001 From: Antony Natale Date: Thu, 6 Feb 2025 08:45:22 -0500 Subject: [PATCH] updates for better podman support and local container building --- Makefile | 4 ++++ README.md | 19 ++++++++++++++++++- build_deploy.sh | 19 +++++++++++-------- build_push_minimal.sh | 16 ++++++++++++++++ 4 files changed, 49 insertions(+), 9 deletions(-) create mode 100755 build_push_minimal.sh diff --git a/Makefile b/Makefile index c98e377..387155c 100644 --- a/Makefile +++ b/Makefile @@ -67,6 +67,10 @@ local-build: docker-build-push: ./build_deploy.sh +.PHONY: build-push-minimal +build-push-minimal: + ./build_push_minimal.sh + # run all tests .PHONY: test test: diff --git a/README.md b/README.md index 3774782..e6eb2a9 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,22 @@ go build -o ./bin/ ./... ./bin/server -conf ./configs ``` +### Build Container Images + +By default, the quay repository is `quay.io/cloudservices/kessel-relations`. If you wish to use another for testing, set IMAGE value first +```shell +export IMAGE=your-quay-repo # if desired +make docker-build-push +``` + +### Build Container Images (macOS) +This is an alternative to the above command for macOS users, but should work for any arch +```shell +export QUAY_REPO_RELATIONS=your-quay-repo # required +podman login quay.io # required, this target assumes you are already logged in +make build-push-minimal +``` + ### Generate other auxiliary files by Makefile ``` @@ -70,11 +86,12 @@ wire ## Spicedb using docker/podman -The latest [production ready schema](https://github.com/RedHatInsights/rbac-config/blob/master/configs/prod/schemas/schema.zed) can be downloaded prior to running via +The latest [production ready schema](https://github.com/RedHatInsights/rbac-config/blob/master/configs/prod/schemas/schema.zed) can be downloaded prior to running via ``` curl -o deploy/schema.zed https://raw.githubusercontent.com/RedHatInsights/rbac-config/refs/heads/master/configs/prod/schemas/schema.zed ``` +> Note: The `podman-compose` provider struggles with compose files that leverage `depends_on` as it can't always properly handle the dependency graphs. You can fix this issue on Linux by installing the `docker-compose-plugin` or by also having `docker-compose` installed. When installed, podman uses the `docker-compose` provider by default instead. The benefit of the `docker-compose-plugin` is that it doesn't require the full Docker setup or docker daemon! ### Run spicedb and postgresql db with docker/podman compose diff --git a/build_deploy.sh b/build_deploy.sh index 73b741a..b45309f 100755 --- a/build_deploy.sh +++ b/build_deploy.sh @@ -1,5 +1,8 @@ set -exv +# check for podman or docker +DOCKER=$(command -v podman || command -v docker) + if [[ -z "$IMAGE" ]]; then IMAGE="quay.io/cloudservices/kessel-relations" fi @@ -32,15 +35,15 @@ trap job_cleanup EXIT ERR SIGINT SIGTERM DOCKER_CONF="$TMP_JOB_DIR/.docker" mkdir -p "$DOCKER_CONF" -docker --config="$DOCKER_CONF" login -u="$QUAY_USER" -p="$QUAY_TOKEN" quay.io -docker --config="$DOCKER_CONF" login -u="$RH_REGISTRY_USER" -p="$RH_REGISTRY_TOKEN" registry.redhat.io -docker --config="$DOCKER_CONF" build --build-arg GIT_COMMIT=$GIT_COMMIT --no-cache -t "${IMAGE}:${IMAGE_TAG}" . -f ./Dockerfile +$DOCKER --config="$DOCKER_CONF" login -u="$QUAY_USER" -p="$QUAY_TOKEN" quay.io +$DOCKER --config="$DOCKER_CONF" login -u="$RH_REGISTRY_USER" -p="$RH_REGISTRY_TOKEN" registry.redhat.io +$DOCKER --config="$DOCKER_CONF" build --build-arg GIT_COMMIT=$GIT_COMMIT --no-cache -t "${IMAGE}:${IMAGE_TAG}" . -f ./Dockerfile if [[ "$GIT_BRANCH" == "origin/security-compliance" ]]; then - docker --config="$DOCKER_CONF" tag "${IMAGE}:${IMAGE_TAG}" "${IMAGE}:${SECURITY_COMPLIANCE_TAG}" - docker --config="$DOCKER_CONF" push "${IMAGE}:${SECURITY_COMPLIANCE_TAG}" + $DOCKER --config="$DOCKER_CONF" tag "${IMAGE}:${IMAGE_TAG}" "${IMAGE}:${SECURITY_COMPLIANCE_TAG}" + $DOCKER --config="$DOCKER_CONF" push "${IMAGE}:${SECURITY_COMPLIANCE_TAG}" else - docker --config="$DOCKER_CONF" push "${IMAGE}:${IMAGE_TAG}" - docker --config="$DOCKER_CONF" tag "${IMAGE}:${IMAGE_TAG}" "${IMAGE}:latest" - docker --config="$DOCKER_CONF" push "${IMAGE}:latest" + $DOCKER --config="$DOCKER_CONF" push "${IMAGE}:${IMAGE_TAG}" + $DOCKER --config="$DOCKER_CONF" tag "${IMAGE}:${IMAGE_TAG}" "${IMAGE}:latest" + $DOCKER --config="$DOCKER_CONF" push "${IMAGE}:latest" fi diff --git a/build_push_minimal.sh b/build_push_minimal.sh new file mode 100755 index 0000000..e7b4c60 --- /dev/null +++ b/build_push_minimal.sh @@ -0,0 +1,16 @@ +# Publish relations images to your personal quay.io repository +# Compatible with MacOS and other archs for cross-compilation +# Excludes redhat.registry.io as this is not needed for local/ephem development +set -exv + +if [[ -z "$QUAY_REPO_RELATIONS" ]]; then + # required since this script is not used in the CI pipeline, publishing should + # only happen from a developer's local machine to their personal repo + echo "QUAY_REPO_RELATIONS must be set" + exit 1 +fi +IMAGE_TAG=$(git rev-parse --short=7 HEAD) + +source ./scripts/check_docker_podman.sh +${DOCKER} build --platform linux/amd64 --build-arg TARGETARCH=amd64 -t "${QUAY_REPO_RELATIONS}:${IMAGE_TAG}" -f ./Dockerfile +${DOCKER} push "${QUAY_REPO_RELATIONS}:${IMAGE_TAG}"