diff --git a/Makefile b/Makefile index 7e6266318..514ac05b8 100644 --- a/Makefile +++ b/Makefile @@ -23,6 +23,7 @@ endif PKG := github.com/oracle/mysql-operator REGISTRY := iad.ocir.io +IMAGE_PREFIX ?= $(REGISTRY)/$(TENANT) SRC_DIRS := cmd pkg test/examples CMD_DIRECTORIES := $(sort $(dir $(wildcard ./cmd/*/))) COMMANDS := $(CMD_DIRECTORIES:./cmd/%/=%) @@ -33,15 +34,13 @@ UNAME_S := $(shell uname -s) ifeq ($(UNAME_S),Darwin) # Cross-compiling from OSX to linux, go install puts the binaries in $GOPATH/bin/$GOOS_$GOARCH - BINARIES := $(addprefix $(GOPATH)/bin/$(OS)_$(ARCH)/,$(COMMANDS)) -else -ifeq ($(UNAME_S),Linux) + BINARIES := $(addprefix $(GOPATH)/bin/$(OS)_$(ARCH)/,$(COMMANDS)) +else ifeq ($(UNAME_S),Linux) # Compiling on linux for linux, go install puts the binaries in $GOPATH/bin - BINARIES := $(addprefix $(GOPATH)/bin/,$(COMMANDS)) + BINARIES := $(addprefix $(GOPATH)/bin/,$(COMMANDS)) else $(error "Unsupported OS: $(UNAME_S)") endif -endif .PHONY: all all: build @@ -71,17 +70,27 @@ build: dist build-dirs Makefile cp $(BINARIES) ./bin/$(OS)_$(ARCH)/ .PHONY: build-docker -build-docker: +build-docker: build-docker-mysql-operator build-docker-mysql-agent + +.PHONY: build-docker-mysql-operator +build-docker-mysql-operator: @docker build \ --build-arg=http_proxy \ --build-arg=https_proxy \ - -t $(REGISTRY)/$(TENANT)/mysql-operator:$(VERSION) \ + -t $(IMAGE_PREFIX)/mysql-operator:$(VERSION) \ -f docker/mysql-operator/Dockerfile . +.PHONY: build-docker-mysql-agent +build-docker-mysql-agent: + # Retrieve the UID for the mysql user, passed in when building the mysql-agent image + $(eval MYSQL_AGENT_IMAGE := $(shell sed -n 's/^FROM \(.*\)/\1/p' docker/mysql-agent/Dockerfile)) + $(eval MYSQL_UID=$(shell docker run --rm --entrypoint id ${MYSQL_AGENT_IMAGE} -u mysql)) + @docker build \ --build-arg=http_proxy \ --build-arg=https_proxy \ - -t $(REGISTRY)/$(TENANT)/mysql-agent:$(VERSION) \ + --build-arg=MYSQL_USER=${MYSQL_UID} \ + -t $(IMAGE_PREFIX)/mysql-agent:$(VERSION) \ -f docker/mysql-agent/Dockerfile . # Note: Only used for development, i.e. in CI the images are pushed using Wercker. diff --git a/docker/mysql-agent/Dockerfile b/docker/mysql-agent/Dockerfile index 637c752a4..86e39f7e6 100644 --- a/docker/mysql-agent/Dockerfile +++ b/docker/mysql-agent/Dockerfile @@ -2,6 +2,8 @@ FROM mysql/mysql-server:8.0.12 COPY bin/linux_amd64/mysql-agent / -USER mysql +# Set default value for 'MYSQL_USER', which is overridden with the UID at build time +ARG MYSQL_USER=mysql +USER ${MYSQL_USER} ENTRYPOINT ["/mysql-agent"] diff --git a/docker/mysql-operator/Dockerfile b/docker/mysql-operator/Dockerfile index 4b968cf63..5d034c3e2 100644 --- a/docker/mysql-operator/Dockerfile +++ b/docker/mysql-operator/Dockerfile @@ -2,4 +2,8 @@ FROM oraclelinux:7.3 COPY bin/linux_amd64/mysql-operator / +# Add a non-root user and reference the UID +RUN adduser -rU -u 1000 mysql-operator +USER 1000 + ENTRYPOINT ["/mysql-operator"] diff --git a/wercker.yml b/wercker.yml index 503f7f049..b65be8ce3 100644 --- a/wercker.yml +++ b/wercker.yml @@ -19,9 +19,7 @@ build: - script: name: copy build artifacts code: | - mkdir -p ${WERCKER_OUTPUT_DIR}/bin - cp -R /go/bin/mysql-agent ${WERCKER_OUTPUT_DIR}/bin/ - cp -R /go/bin/mysql-operator ${WERCKER_OUTPUT_DIR}/bin/ + cp -R bin ${WERCKER_OUTPUT_DIR}/ cp -R dist ${WERCKER_OUTPUT_DIR}/ - script: @@ -35,106 +33,96 @@ build: cp -R hack ${WERCKER_OUTPUT_DIR}/ cp -R mysql-operator ${WERCKER_OUTPUT_DIR}/ cp -R .git ${WERCKER_OUTPUT_DIR}/ + cp -R docker ${WERCKER_OUTPUT_DIR}/ push-operator-image: - box: - id: oraclelinux:7.3 steps: - - script: - name: set environment variables - code: | - export VERSION=$(cat dist/version.txt) - echo "Pushing operator version ${VERSION}" + - internal/docker-build: + dockerfile: docker/mysql-operator/Dockerfile + image-name: wercker-build-mysql-operator - script: - name: prepare + name: Set environment variables code: | - mv bin/mysql-operator /mysql-operator - chmod +x /mysql-operator + export VERSION=$(cat dist/version.txt) + echo "Pushing mysql-operator version ${VERSION}" - internal/docker-push: + image-name: wercker-build-mysql-operator registry: https://iad.ocir.io/v2 repository: iad.ocir.io/oracle/mysql-operator tag: $VERSION - entrypoint: /mysql-operator username: $OCIRUSERNAME password: $OCIRPASSWORD - internal/docker-push: + image-name: wercker-build-mysql-operator registry: https://lhr.ocir.io/v2 repository: lhr.ocir.io/oracle/mysql-operator tag: $VERSION - entrypoint: /mysql-operator username: $OCIRUSERNAME password: $OCIRPASSWORD - internal/docker-push: + image-name: wercker-build-mysql-operator registry: https://phx.ocir.io/v2 repository: phx.ocir.io/oracle/mysql-operator tag: $VERSION - entrypoint: /mysql-operator username: $OCIRUSERNAME password: $OCIRPASSWORD - internal/docker-push: + image-name: wercker-build-mysql-operator registry: https://fra.ocir.io/v2 repository: fra.ocir.io/oracle/mysql-operator tag: $VERSION - entrypoint: /mysql-operator username: $OCIRUSERNAME password: $OCIRPASSWORD push-agent-image: - box: - id: mysql/mysql-server:8.0.11 steps: - - script: - name: set environment variables - code: | - export VERSION=$(cat dist/version.txt) - echo "Pushing agent version ${VERSION}" + - internal/docker-build: + dockerfile: docker/mysql-agent/Dockerfile + image-name: wercker-build-mysql-agent + build-args: "MYSQL_USER=27" - script: - name: prepare + name: Set environment variables code: | - mv bin/mysql-agent /mysql-agent - chmod +x /mysql-agent + export VERSION=$(cat dist/version.txt) + echo "Pushing mysql-agent version ${VERSION}" - internal/docker-push: + image-name: wercker-build-mysql-agent registry: https://iad.ocir.io/v2 username: $OCIRUSERNAME password: $OCIRPASSWORD repository: iad.ocir.io/oracle/mysql-agent tag: $VERSION - entrypoint: /mysql-agent - user: mysql - internal/docker-push: + image-name: wercker-build-mysql-agent registry: https://lhr.ocir.io/v2 username: $OCIRUSERNAME password: $OCIRPASSWORD repository: lhr.ocir.io/oracle/mysql-agent tag: $VERSION - entrypoint: /mysql-agent - user: mysql - internal/docker-push: + image-name: wercker-build-mysql-agent registry: https://phx.ocir.io/v2 username: $OCIRUSERNAME password: $OCIRPASSWORD repository: phx.ocir.io/oracle/mysql-agent tag: $VERSION - entrypoint: /mysql-agent - user: mysql - internal/docker-push: + image-name: wercker-build-mysql-agent registry: https://fra.ocir.io/v2 username: $OCIRUSERNAME password: $OCIRPASSWORD repository: fra.ocir.io/oracle/mysql-agent tag: $VERSION - entrypoint: /mysql-agent - user: mysql e2e-test: base-path: "/go/src/github.com/oracle/mysql-operator"