Skip to content

distro: add rhel 8 and 9 #226

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
crazy-max merged 1 commit into from
Jul 4, 2025
Merged

distro: add rhel 8 and 9 #226

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .github/workflows/.build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,9 @@ jobs:
targets: pkg-${{ inputs.name }}-${{ matrix.distro }}
set: |
*.platform=${{ matrix.platform }}
env:
RH_USER: ${{ secrets.RH_USER }}
RH_PASS: ${{ secrets.RH_PASS }}
Comment on lines +129 to +130
Copy link
Copy Markdown
Member Author

@crazy-max crazy-max Jun 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to set these secrets in repo settings

Copy link
Copy Markdown
Collaborator

@vvoland vvoland Jun 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can add those. We're still missing a license for ARM64 though, so only the AMD64 build will work for now.

Copy link
Copy Markdown
Member

@thaJeztah thaJeztah Jun 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we skip these in the public repo? (Mostly wondering if they could leak, as they're made accessible to the build / container).

Copy link
Copy Markdown
Member Author

@crazy-max crazy-max Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're still missing a license for ARM64 though, so only the AMD64 build will work for now.

Oh there is specific license for arm64? Ok then maybe name the secret differently like RH_USER_X86 / RH_PASS_X86?

Should we skip these in the public repo? (Mostly wondering if they could leak, as they're made accessible to the build / container).

I think we need the subscription for building related to #226 (comment)

Copy link
Copy Markdown
Collaborator

@vvoland vvoland Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, the separate license is still on the same account so no need for separate secrets.

Copy link
Copy Markdown
Member

@thaJeztah thaJeztah Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need the subscription for building related to #226 (comment)

Yeah, correct; it's not possible to build RHEL without the subscription; mostly considering that on docker-ce-packaging we skip building RHEL in the public repo (and only build in our private pipeline).

-
name: List artifacts
run: |
Expand Down
2 changes: 2 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ DISTROS ?= static \
fedora42 \
oraclelinux8 \
oraclelinux9 \
rhel8 \
rhel9 \
rockylinux8 \
rockylinux9

Expand Down
33 changes: 33 additions & 0 deletions docker-bake.hcl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ variable "DISTROS" {
"fedora42",
"oraclelinux8",
"oraclelinux9",
"rhel8",
"rhel9",
"rockylinux8",
"rockylinux9"
]
Expand Down Expand Up @@ -326,6 +328,28 @@ target "_distro-oraclelinux9" {
}
}

target "_distro-rhel8" {
args = {
DISTRO_NAME = "rhel8"
DISTRO_TYPE = "rpm"
DISTRO_RELEASE = "rhel"
DISTRO_ID = "8"
DISTRO_SUITE = "8"
DISTRO_IMAGE = DISTRO_IMAGE != null ? DISTRO_IMAGE : "registry.access.redhat.com/ubi8/ubi"
}
}

target "_distro-rhel9" {
args = {
DISTRO_NAME = "rhel9"
DISTRO_TYPE = "rpm"
DISTRO_RELEASE = "rhel"
DISTRO_ID = "9"
DISTRO_SUITE = "9"
DISTRO_IMAGE = DISTRO_IMAGE != null ? DISTRO_IMAGE : "registry.access.redhat.com/ubi9/ubi"
}
}

target "_distro-rockylinux8" {
args = {
DISTRO_NAME = "rockylinux8"
Expand Down Expand Up @@ -375,6 +399,8 @@ function "distroPlatforms" {
fedora42 = ["linux/amd64", "linux/arm64", "linux/ppc64le", "linux/s390x"]
oraclelinux8 = ["linux/amd64", "linux/arm64"]
oraclelinux9 = ["linux/amd64", "linux/arm64"]
rhel8 = ["linux/amd64", "linux/arm64", "linux/ppc64le", "linux/s390x"]
rhel9 = ["linux/amd64", "linux/arm64", "linux/ppc64le", "linux/s390x"]
rockylinux8 = ["linux/amd64", "linux/arm64"]
rockylinux9 = ["linux/amd64", "linux/arm64"]
}, distro, []),
Expand All @@ -387,6 +413,12 @@ function "distroPlatforms" {
)
}

# Returns the list of secrets to use for a given distro.
function "distroSecrets" {
params = [distro]
result = length(regexall("^rhel", distro)) > 0 ? ["type=env,id=RH_USER,env=RH_USER", "type=env,id=RH_PASS,env=RH_PASS"] : []
}

#
# pkgs configurations
#
Expand Down Expand Up @@ -551,6 +583,7 @@ target "pkg" {
# BAKE_LOCAL_PLATFORM is a built-in var returning the current platform's
# default platform specification: https://docs.docker.com/build/customize/bake/file-definition/#built-in-variables
platforms = LOCAL_PLATFORM != null ? [BAKE_LOCAL_PLATFORM] : distroPlatforms(distro, pkg)
secret = distroSecrets(distro)
attest = [
"type=sbom",
"type=provenance,mode=max"
Expand Down
11 changes: 11 additions & 0 deletions hack/scripts/rpm-init.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,4 +59,15 @@ case "$pkgrelease" in
dnf install -y git rpm-build rpmlint dnf-plugins-core epel-release
dnf config-manager --set-enabled crb
;;
rhel*)
dnf install -y git rpm-build rpmlint dnf-plugins-core
rm -f /etc/rhsm-host
if [ -z "$RH_USER" ] || [ -z "$RH_PASS" ]; then
echo "Either RH_USER or RH_PASS is not set. Running build without subscription."
else
subscription-manager register --username="${RH_USER}" --password="${RH_PASS}"
subscription-manager repos --enable "codeready-builder-for-rhel-$(xx-info os-version | cut -d. -f1)-$(xx-info rhel-arch)-rpms"
# dnf config-manager --set-enabled codeready-builder-for-rhel-$(xx-info os-version | cut -d. -f1)-$(xx-info rhel-arch)-rpms
fi
;;
esac
6 changes: 4 additions & 2 deletions pkg/buildx/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,11 +127,13 @@ ENV GO111MODULE="on"
ENV CGO_ENABLED="0"
ARG DISTRO_NAME
RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \
rpm-init $DISTRO_NAME
--mount=type=secret,id=RH_USER,env=RH_USER \
--mount=type=secret,id=RH_PASS,env=RH_PASS \
rpm-init $DISTRO_NAME
COPY rpm /root/rpmbuild/SPECS
ARG TARGETPLATFORM
RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
WORKDIR /root/rpmbuild
ARG NIGHTLY_BUILD
ARG DISTRO_RELEASE
Expand Down
6 changes: 4 additions & 2 deletions pkg/compose/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,11 +130,13 @@ ENV GO111MODULE="on"
ENV CGO_ENABLED="0"
ARG DISTRO_NAME
RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \
rpm-init $DISTRO_NAME
--mount=type=secret,id=RH_USER,env=RH_USER \
--mount=type=secret,id=RH_PASS,env=RH_PASS \
rpm-init $DISTRO_NAME
COPY rpm /root/rpmbuild/SPECS
ARG TARGETPLATFORM
RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
WORKDIR /root/rpmbuild
ARG NIGHTLY_BUILD
ARG DISTRO_RELEASE
Expand Down
6 changes: 4 additions & 2 deletions pkg/containerd/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,11 +184,13 @@ ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin"
COPY --from=go-md2man /go/bin/go-md2man $GOPATH/bin/go-md2man
ARG DISTRO_NAME
RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \
rpm-init $DISTRO_NAME
--mount=type=secret,id=RH_USER,env=RH_USER \
--mount=type=secret,id=RH_PASS,env=RH_PASS \
rpm-init $DISTRO_NAME
COPY rpm /root/rpmbuild/SPECS
ARG TARGETPLATFORM
RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
WORKDIR /root/rpmbuild
ARG NIGHTLY_BUILD
ARG DISTRO_RELEASE
Expand Down
6 changes: 4 additions & 2 deletions pkg/credential-helpers/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,11 +129,13 @@ ENV GOTOOLCHAIN="local"
ENV GO111MODULE="on"
ARG DISTRO_NAME
RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \
rpm-init $DISTRO_NAME
--mount=type=secret,id=RH_USER,env=RH_USER \
--mount=type=secret,id=RH_PASS,env=RH_PASS \
rpm-init $DISTRO_NAME
COPY rpm /root/rpmbuild/SPECS
ARG TARGETPLATFORM
RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
WORKDIR /root/rpmbuild
ARG NIGHTLY_BUILD
ARG DISTRO_RELEASE
Expand Down
4 changes: 2 additions & 2 deletions pkg/credential-helpers/verify.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ RUN --mount=from=bin,target=/build <<EOT
extraflags=""
case "$DISTRO_NAME" in
# required pass package not available
oraclelinux9)
oraclelinux9|rhel*)
extraflags="--skip-broken"
;;
centos9)
Expand All @@ -99,7 +99,7 @@ RUN --mount=from=bin,target=/build <<EOT
docker-credential-secretservice version
case "$DISTRO_NAME" in
# FIXME: skip pass credential helper smoke test for some distros
centos9|oraclelinux9) ;;
centos9|oraclelinux9|rhel*) ;;
*) docker-credential-pass version ;;
esac
EOT
Expand Down
6 changes: 4 additions & 2 deletions pkg/docker-cli/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,11 +142,13 @@ ENV GO111MODULE="off"
ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin"
ARG DISTRO_NAME
RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \
rpm-init $DISTRO_NAME
--mount=type=secret,id=RH_USER,env=RH_USER \
--mount=type=secret,id=RH_PASS,env=RH_PASS \
rpm-init $DISTRO_NAME
COPY rpm /root/rpmbuild/SPECS
ARG TARGETPLATFORM
RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
WORKDIR /root/rpmbuild
ARG NIGHTLY_BUILD
ARG DISTRO_RELEASE
Expand Down
6 changes: 4 additions & 2 deletions pkg/docker-engine/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,11 +144,13 @@ ENV DOCKER_BUILDTAGS="seccomp selinux"
ENV RUNC_BUILDTAGS="seccomp selinux"
ARG DISTRO_NAME
RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \
rpm-init $DISTRO_NAME
--mount=type=secret,id=RH_USER,env=RH_USER \
--mount=type=secret,id=RH_PASS,env=RH_PASS \
rpm-init $DISTRO_NAME
COPY rpm /root/rpmbuild/SPECS
ARG TARGETPLATFORM
RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
WORKDIR /root/rpmbuild
ARG NIGHTLY_BUILD
ARG DISTRO_RELEASE
Expand Down
6 changes: 4 additions & 2 deletions pkg/sbom/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,11 +127,13 @@ ENV GO111MODULE="on"
ENV CGO_ENABLED="0"
ARG DISTRO_NAME
RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \
rpm-init $DISTRO_NAME
--mount=type=secret,id=RH_USER,env=RH_USER \
--mount=type=secret,id=RH_PASS,env=RH_PASS \
rpm-init $DISTRO_NAME
COPY rpm /root/rpmbuild/SPECS
ARG TARGETPLATFORM
RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
WORKDIR /root/rpmbuild
ARG NIGHTLY_BUILD
ARG DISTRO_RELEASE
Expand Down
6 changes: 4 additions & 2 deletions pkg/scan/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,11 +127,13 @@ ENV GO111MODULE="on"
ENV CGO_ENABLED="0"
ARG DISTRO_NAME
RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \
rpm-init $DISTRO_NAME
--mount=type=secret,id=RH_USER,env=RH_USER \
--mount=type=secret,id=RH_PASS,env=RH_PASS \
rpm-init $DISTRO_NAME
COPY rpm /root/rpmbuild/SPECS
ARG TARGETPLATFORM
RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
WORKDIR /root/rpmbuild
ARG NIGHTLY_BUILD
ARG DISTRO_RELEASE
Expand Down