IMAGES_DIR := ./misc/images # # $1: IMAGE_NAME # define build_image echo "Building ${IMAGE_REPO}/$1";\ docker build \ -t "${IMAGE_REPO}/$1:$(IMAGE_VERSION)" \ -f ${IMAGES_DIR}/$1/Dockerfile \ . endef # # $1: IMAGE_NAME # $2: IMAGE_TAG # define scan_image echo "Scanning ${IMAGE_REPO}/$1"; \ mkdir -p .trivy/$(IMAGE_REPO)/$1; \ tools/trivy/bin/trivy --cache-dir .trivy/.cache image -o ".trivy/$(IMAGE_REPO)/$1/$2/report.txt" $(TRIVY_ARGS) $(IMAGE_REPO)/$1:$2 ; \ cat ".trivy/$(IMAGE_REPO)/$1/$2report.txt" endef define install_trivy mkdir -p tools/trivy/bin ; \ curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.27.1 endef define release_image docker tag $(IMAGE_REPO)/$1:$(IMAGE_VERSION) $(IMAGE_REPO)/$1:$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG) ; \ docker tag $(IMAGE_REPO)/$1:$(IMAGE_VERSION) $(IMAGE_REPO)/$1:$(IMAGE_VERSION); \ docker tag $(IMAGE_REPO)/$1:$(IMAGE_VERSION) $(IMAGE_REPO)/$1:latest ; \ docker push $(IMAGE_REPO)/$1:latest ; \ docker push $(IMAGE_REPO)/$1:$(IMAGE_VERSION) ; \ docker push $(IMAGE_REPO)/$1:$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG) endef #list: build: ${IMAGES_DIR}/* @for name in $(basename $(notdir $^)); do \ $(call build_image,$${name}); \ done;\ scan: ${IMAGES_DIR}/* $(call install_trivy) @for name in $(basename $(notdir $^)); do \ $(call scan_image,$${name}); \ done;\ tools/trivy/bin/trivy: mkdir -p tools/trivy/bin curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.27.1 release: ${IMAGES_DIR}/* @for name in $(basename $(notdir $^)); do \ $(call release_image,$${name},base); \ done;\ _release: docker tag $(IMAGE_FULL_NAME):$(IMAGE_TAG) $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG) docker tag $(IMAGE_FULL_NAME):$(IMAGE_TAG) $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION) docker tag $(IMAGE_FULL_NAME):$(IMAGE_TAG) $(IMAGE_FULL_NAME):$(IMAGE_TAG)-latest docker push $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG) docker push $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION) docker push $(IMAGE_FULL_NAME):$(IMAGE_TAG)-latest _test: tools/bin/bash_unit tools/bin/bash_unit ./tests/test_$(IMAGE_TAG).sh tools/bin/bash_unit: mkdir -p tools/bin cd tools/bin && bash <(curl -s https://raw.githubusercontent.com/pgrange/bash_unit/master/install.sh) ##include recipes/*.mk