78 lines
2.5 KiB
Makefile
78 lines
2.5 KiB
Makefile
|
IMAGES_DIR := ./misc/images
|
||
|
|
||
|
#
|
||
|
# $1: IMAGE_NAME
|
||
|
#
|
||
|
define build_image
|
||
|
echo "Building ${IMAGE_REPO}/$1";\
|
||
|
docker build \
|
||
|
-t "${IMAGE_REPO}/$1:$(IMAGE_VERSION)" \
|
||
|
-f ${IMAGES_DIR}/$1/Dockerfile \
|
||
|
.
|
||
|
endef
|
||
|
|
||
|
#
|
||
|
# $1: IMAGE_NAME
|
||
|
# $2: IMAGE_TAG
|
||
|
#
|
||
|
define scan_image
|
||
|
echo "Scanning ${IMAGE_REPO}/$1"; \
|
||
|
mkdir -p .trivy/$(IMAGE_REPO)/$1; \
|
||
|
tools/trivy/bin/trivy --cache-dir .trivy/.cache image -o ".trivy/$(IMAGE_REPO)/$1/$2/report.txt" $(TRIVY_ARGS) $(IMAGE_REPO)/$1:$2 ; \
|
||
|
cat ".trivy/$(IMAGE_REPO)/$1/$2report.txt"
|
||
|
endef
|
||
|
|
||
|
define install_trivy
|
||
|
mkdir -p tools/trivy/bin ; \
|
||
|
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.27.1
|
||
|
endef
|
||
|
|
||
|
define release_image
|
||
|
docker tag $(IMAGE_REPO)/$1:$(IMAGE_VERSION) $(IMAGE_REPO)/$1:$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG) ; \
|
||
|
docker tag $(IMAGE_REPO)/$1:$(IMAGE_VERSION) $(IMAGE_REPO)/$1:$(IMAGE_VERSION); \
|
||
|
docker tag $(IMAGE_REPO)/$1:$(IMAGE_VERSION) $(IMAGE_REPO)/$1:latest ; \
|
||
|
docker push $(IMAGE_REPO)/$1:latest ; \
|
||
|
docker push $(IMAGE_REPO)/$1:$(IMAGE_VERSION) ; \
|
||
|
docker push $(IMAGE_REPO)/$1:$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG)
|
||
|
endef
|
||
|
|
||
|
|
||
|
#list:
|
||
|
build: ${IMAGES_DIR}/*
|
||
|
@for name in $(basename $(notdir $^)); do \
|
||
|
$(call build_image,$${name}); \
|
||
|
done;\
|
||
|
|
||
|
scan: ${IMAGES_DIR}/*
|
||
|
$(call install_trivy)
|
||
|
@for name in $(basename $(notdir $^)); do \
|
||
|
$(call scan_image,$${name}); \
|
||
|
done;\
|
||
|
|
||
|
tools/trivy/bin/trivy:
|
||
|
mkdir -p tools/trivy/bin
|
||
|
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.27.1
|
||
|
|
||
|
|
||
|
release: ${IMAGES_DIR}/*
|
||
|
@for name in $(basename $(notdir $^)); do \
|
||
|
$(call release_image,$${name},base); \
|
||
|
done;\
|
||
|
|
||
|
_release:
|
||
|
docker tag $(IMAGE_FULL_NAME):$(IMAGE_TAG) $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG)
|
||
|
docker tag $(IMAGE_FULL_NAME):$(IMAGE_TAG) $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)
|
||
|
docker tag $(IMAGE_FULL_NAME):$(IMAGE_TAG) $(IMAGE_FULL_NAME):$(IMAGE_TAG)-latest
|
||
|
docker push $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG)
|
||
|
docker push $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)
|
||
|
docker push $(IMAGE_FULL_NAME):$(IMAGE_TAG)-latest
|
||
|
|
||
|
_test: tools/bin/bash_unit
|
||
|
tools/bin/bash_unit ./tests/test_$(IMAGE_TAG).sh
|
||
|
|
||
|
tools/bin/bash_unit:
|
||
|
mkdir -p tools/bin
|
||
|
cd tools/bin && bash <(curl -s https://raw.githubusercontent.com/pgrange/bash_unit/master/install.sh)
|
||
|
|
||
|
##include recipes/*.mk
|