From 9e72a9064502fb75d83e3db8456a2b5e23865e29 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Mon, 23 Jun 2025 15:01:59 +0200 Subject: [PATCH] distro: add rhel 8 and 9 Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- .github/workflows/.build.yml | 3 +++ Makefile | 2 ++ docker-bake.hcl | 33 ++++++++++++++++++++++++ hack/scripts/rpm-init.sh | 11 ++++++++ pkg/buildx/Dockerfile | 6 +++-- pkg/compose/Dockerfile | 6 +++-- pkg/containerd/Dockerfile | 6 +++-- pkg/credential-helpers/Dockerfile | 6 +++-- pkg/credential-helpers/verify.Dockerfile | 4 +-- pkg/docker-cli/Dockerfile | 6 +++-- pkg/docker-engine/Dockerfile | 6 +++-- pkg/sbom/Dockerfile | 6 +++-- pkg/scan/Dockerfile | 6 +++-- 13 files changed, 83 insertions(+), 18 deletions(-) diff --git a/.github/workflows/.build.yml b/.github/workflows/.build.yml index 3e7fb79e..9d59dd7a 100644 --- a/.github/workflows/.build.yml +++ b/.github/workflows/.build.yml @@ -125,6 +125,9 @@ jobs: targets: pkg-${{ inputs.name }}-${{ matrix.distro }} set: | *.platform=${{ matrix.platform }} + env: + RH_USER: ${{ secrets.RH_USER }} + RH_PASS: ${{ secrets.RH_PASS }} - name: List artifacts run: | diff --git a/Makefile b/Makefile index 78a9a0b0..798cf158 100644 --- a/Makefile +++ b/Makefile @@ -30,6 +30,8 @@ DISTROS ?= static \ fedora42 \ oraclelinux8 \ oraclelinux9 \ + rhel8 \ + rhel9 \ rockylinux8 \ rockylinux9 diff --git a/docker-bake.hcl b/docker-bake.hcl index 7457598b..9ec8ae99 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -32,6 +32,8 @@ variable "DISTROS" { "fedora42", "oraclelinux8", "oraclelinux9", + "rhel8", + "rhel9", "rockylinux8", "rockylinux9" ] @@ -326,6 +328,28 @@ target "_distro-oraclelinux9" { } } +target "_distro-rhel8" { + args = { + DISTRO_NAME = "rhel8" + DISTRO_TYPE = "rpm" + DISTRO_RELEASE = "rhel" + DISTRO_ID = "8" + DISTRO_SUITE = "8" + DISTRO_IMAGE = DISTRO_IMAGE != null ? DISTRO_IMAGE : "registry.access.redhat.com/ubi8/ubi" + } +} + +target "_distro-rhel9" { + args = { + DISTRO_NAME = "rhel9" + DISTRO_TYPE = "rpm" + DISTRO_RELEASE = "rhel" + DISTRO_ID = "9" + DISTRO_SUITE = "9" + DISTRO_IMAGE = DISTRO_IMAGE != null ? DISTRO_IMAGE : "registry.access.redhat.com/ubi9/ubi" + } +} + target "_distro-rockylinux8" { args = { DISTRO_NAME = "rockylinux8" @@ -375,6 +399,8 @@ function "distroPlatforms" { fedora42 = ["linux/amd64", "linux/arm64", "linux/ppc64le", "linux/s390x"] oraclelinux8 = ["linux/amd64", "linux/arm64"] oraclelinux9 = ["linux/amd64", "linux/arm64"] + rhel8 = ["linux/amd64", "linux/arm64", "linux/ppc64le", "linux/s390x"] + rhel9 = ["linux/amd64", "linux/arm64", "linux/ppc64le", "linux/s390x"] rockylinux8 = ["linux/amd64", "linux/arm64"] rockylinux9 = ["linux/amd64", "linux/arm64"] }, distro, []), @@ -387,6 +413,12 @@ function "distroPlatforms" { ) } +# Returns the list of secrets to use for a given distro. +function "distroSecrets" { + params = [distro] + result = length(regexall("^rhel", distro)) > 0 ? ["type=env,id=RH_USER,env=RH_USER", "type=env,id=RH_PASS,env=RH_PASS"] : [] +} + # # pkgs configurations # @@ -551,6 +583,7 @@ target "pkg" { # BAKE_LOCAL_PLATFORM is a built-in var returning the current platform's # default platform specification: https://docs.docker.com/build/customize/bake/file-definition/#built-in-variables platforms = LOCAL_PLATFORM != null ? [BAKE_LOCAL_PLATFORM] : distroPlatforms(distro, pkg) + secret = distroSecrets(distro) attest = [ "type=sbom", "type=provenance,mode=max" diff --git a/hack/scripts/rpm-init.sh b/hack/scripts/rpm-init.sh index 73e77161..ed7c8275 100755 --- a/hack/scripts/rpm-init.sh +++ b/hack/scripts/rpm-init.sh @@ -59,4 +59,15 @@ case "$pkgrelease" in dnf install -y git rpm-build rpmlint dnf-plugins-core epel-release dnf config-manager --set-enabled crb ;; + rhel*) + dnf install -y git rpm-build rpmlint dnf-plugins-core + rm -f /etc/rhsm-host + if [ -z "$RH_USER" ] || [ -z "$RH_PASS" ]; then + echo "Either RH_USER or RH_PASS is not set. Running build without subscription." + else + subscription-manager register --username="${RH_USER}" --password="${RH_PASS}" + subscription-manager repos --enable "codeready-builder-for-rhel-$(xx-info os-version | cut -d. -f1)-$(xx-info rhel-arch)-rpms" + # dnf config-manager --set-enabled codeready-builder-for-rhel-$(xx-info os-version | cut -d. -f1)-$(xx-info rhel-arch)-rpms + fi + ;; esac diff --git a/pkg/buildx/Dockerfile b/pkg/buildx/Dockerfile index 92266927..f7d27cde 100644 --- a/pkg/buildx/Dockerfile +++ b/pkg/buildx/Dockerfile @@ -127,11 +127,13 @@ ENV GO111MODULE="on" ENV CGO_ENABLED="0" ARG DISTRO_NAME RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \ - rpm-init $DISTRO_NAME + --mount=type=secret,id=RH_USER,env=RH_USER \ + --mount=type=secret,id=RH_PASS,env=RH_PASS \ + rpm-init $DISTRO_NAME COPY rpm /root/rpmbuild/SPECS ARG TARGETPLATFORM RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \ - rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS + rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS WORKDIR /root/rpmbuild ARG NIGHTLY_BUILD ARG DISTRO_RELEASE diff --git a/pkg/compose/Dockerfile b/pkg/compose/Dockerfile index 9da4c048..d3ff2a47 100644 --- a/pkg/compose/Dockerfile +++ b/pkg/compose/Dockerfile @@ -130,11 +130,13 @@ ENV GO111MODULE="on" ENV CGO_ENABLED="0" ARG DISTRO_NAME RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \ - rpm-init $DISTRO_NAME + --mount=type=secret,id=RH_USER,env=RH_USER \ + --mount=type=secret,id=RH_PASS,env=RH_PASS \ + rpm-init $DISTRO_NAME COPY rpm /root/rpmbuild/SPECS ARG TARGETPLATFORM RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \ - rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS + rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS WORKDIR /root/rpmbuild ARG NIGHTLY_BUILD ARG DISTRO_RELEASE diff --git a/pkg/containerd/Dockerfile b/pkg/containerd/Dockerfile index 4b3e03e5..0211540e 100644 --- a/pkg/containerd/Dockerfile +++ b/pkg/containerd/Dockerfile @@ -184,11 +184,13 @@ ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin" COPY --from=go-md2man /go/bin/go-md2man $GOPATH/bin/go-md2man ARG DISTRO_NAME RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \ - rpm-init $DISTRO_NAME + --mount=type=secret,id=RH_USER,env=RH_USER \ + --mount=type=secret,id=RH_PASS,env=RH_PASS \ + rpm-init $DISTRO_NAME COPY rpm /root/rpmbuild/SPECS ARG TARGETPLATFORM RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \ - rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS + rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS WORKDIR /root/rpmbuild ARG NIGHTLY_BUILD ARG DISTRO_RELEASE diff --git a/pkg/credential-helpers/Dockerfile b/pkg/credential-helpers/Dockerfile index 34eaddac..5d6d2e7b 100644 --- a/pkg/credential-helpers/Dockerfile +++ b/pkg/credential-helpers/Dockerfile @@ -129,11 +129,13 @@ ENV GOTOOLCHAIN="local" ENV GO111MODULE="on" ARG DISTRO_NAME RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \ - rpm-init $DISTRO_NAME + --mount=type=secret,id=RH_USER,env=RH_USER \ + --mount=type=secret,id=RH_PASS,env=RH_PASS \ + rpm-init $DISTRO_NAME COPY rpm /root/rpmbuild/SPECS ARG TARGETPLATFORM RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \ - rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS + rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS WORKDIR /root/rpmbuild ARG NIGHTLY_BUILD ARG DISTRO_RELEASE diff --git a/pkg/credential-helpers/verify.Dockerfile b/pkg/credential-helpers/verify.Dockerfile index 26bf685e..7aa23b82 100644 --- a/pkg/credential-helpers/verify.Dockerfile +++ b/pkg/credential-helpers/verify.Dockerfile @@ -80,7 +80,7 @@ RUN --mount=from=bin,target=/build <