Workflow test PR

canonical · Jul 15, 2024 · c9fd7d8 · c9fd7d8
1 parent 5108a1c
commit c9fd7d8
Show file tree

Hide file tree

Showing 28 changed files with 3,636 additions and 0 deletions.
diff --git a/v2.10.2/README.txt b/v2.10.2/README.txt
@@ -0,0 +1,14 @@
+# Canonical ROCKs for Harbor v2.10.2
+
+Aim to be compatible with following upstream images:
+
+* docker.io/goharbor/nginx-photon:v2.10.2
+* docker.io/goharbor/harbor-portal:v2.10.2
+* docker.io/goharbor/harbor-core:v2.10.2
+* docker.io/goharbor/harbor-jobservice:v2.10.2
+* docker.io/goharbor/registry-photon:v2.10.2
+* docker.io/goharbor/harbor-registryctl:v2.10.2
+* docker.io/goharbor/trivy-adapter-photon:v2.10.2
+* docker.io/goharbor/harbor-db:v2.10.2
+* docker.io/goharbor/redis-photon:v2.10.2
+* docker.io/goharbor/harbor-exporter:v2.10.2
diff --git a/v2.10.2/harbor-core/README.md b/v2.10.2/harbor-core/README.md
@@ -0,0 +1,3 @@
+# ROCK specs for harbor-core.
+
+Aims to be compatible with `docker.io/goharbor/harbor-core`.
diff --git a/v2.10.2/harbor-core/rockcraft.yaml b/v2.10.2/harbor-core/rockcraft.yaml
@@ -0,0 +1,189 @@
+# Copyright 2024 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+# Rockcraft definition for Harbor core image:
+# docker.io/goharbor/harbor-core:v2.10.2
+
+name: harbor-core
+summary: Rock containing Harbor Core components.
+description: |
+  Packages the core service of Harbor.
+license: Apache-2.0
+
+version: "2.10.2"
+
+# NOTE(aznashwan): the base for the core image is VMware's Photon,
+# but rockcraft only currently supports bare/ubuntu-based bases.
+base: [email protected]
+build-base: [email protected]
+platforms:
+  amd64:
+  arm64:
+
+
+services:
+  harbor_core:
+    startup: enabled
+    override: replace
+
+    # NOTE(aznashwan) set entrypoint.sh for compatibility with upstream image.
+    # All it does is run `./make/photon/common/install_cert.sh` and exec `harbor_core`.
+    # https://github.com/goharbor/harbor/blob/v2.10.2/make/photon/core/Dockerfile#L21
+    command: /harbor/entrypoint.sh
+
+    user: harbor
+    group: harbor
+    working-dir: /harbor
+
+    # TODO(aznashwan): original Docker image includes Healthcheck should/can we also?
+    # https://github.com/goharbor/harbor/blob/v2.10.2/make/photon/core/Dockerfile#L5
+
+
+parts:
+  create-harbor-user:
+    plugin: nil
+    overlay-script: |
+      groupadd -R $CRAFT_OVERLAY -r -g 10000 harbor
+      useradd -R $CRAFT_OVERLAY \
+        --no-log-init -r -m -g 10000 -u 10000 harbor
+
+  build-deps:
+    plugin: nil
+    build-snaps:
+      # https://github.com/goharbor/harbor/blob/v2.10.2/Makefile#L143
+      - go/1.21/stable
+    build-packages:
+      - make
+      - curl
+
+  # NOTE(aznashwan): lint_apis Makefile target should ideally
+  # be also run for added compatibility guarantees:
+  # https://github.com/goharbor/harbor/blob/f86f1cebc3a1af8c5c14c0a94d687fff04ebc6eb/Makefile#L289-L291
+  # Sourced from:
+  # https://github.com/goharbor/harbor/blob/v2.10.2/Makefile#L309
+  gen-apis:
+    plugin: nil
+
+    # TODO(aznashwan): avoid cloning the repo twice.
+    source-type: git
+    source: https://github.com/goharbor/harbor
+    source-tag: v2.10.2
+    source-depth: 1
+
+    build-environment:
+      # NOTE(aznashwan): the swagger binary needs a Go path pre-created.
+      - CGO_ENABLED: 0
+      - GOPATH: /root/go
+
+    override-build: |
+      set -eux
+
+      mkdir -p "$GOPATH"
+
+      SWAGGER_VERSION=v0.25.0
+      cd "$CRAFT_PART_SRC/src/core"
+
+      curl -fsSL -o /usr/bin/swagger \
+        https://github.com/go-swagger/go-swagger/releases/download/$SWAGGER_VERSION/swagger_linux_${CRAFT_ARCH_BUILD_FOR}
+      chmod +x /usr/bin/swagger
+
+      /usr/bin/swagger generate server \
+        --template-dir "$CRAFT_PART_SRC/tools/swagger/templates" --exclude-main \
+        --additional-initialism=CVE --additional-initialism=GC --additional-initialism=OIDC \
+        -f "$CRAFT_PART_SRC/api/v2.0/swagger.yaml" \
+        --target "$CRAFT_PART_BUILD/src/server/v2.0" \
+        -A harbor
+
+      # Move them to the project dir for use in later building part:
+      cp -r "$CRAFT_PART_BUILD/src/server/v2.0" "$CRAFT_PROJECT_DIR/swagger-server-specs"
+
+  # Sourced from:
+  # https://github.com/goharbor/harbor/blob/v2.10.2/make/photon/core/Dockerfile.base
+  # https://github.com/goharbor/harbor/blob/v2.10.2/make/photon/core/Dockerfile
+  image-prep:
+    after: [create-harbor-user]
+    plugin: nil
+
+    source-type: git
+    source: https://github.com/goharbor/harbor
+    source-tag: v2.10.2
+    source-depth: 1
+
+    stage-packages:
+      # https://github.com/goharbor/harbor/blob/v2.10.2/make/photon/core/Dockerfile.base#L3
+      - tzdata
+
+    override-build: |
+      set -eux
+      cd $CRAFT_PART_SRC
+
+      # Copy over auxiliary files:
+      OUTDIR="$CRAFT_PART_INSTALL/harbor"
+      mkdir -p "$OUTDIR"
+
+      cp ./make/photon/common/install_cert.sh "$OUTDIR/"
+      cp ./make/photon/core/entrypoint.sh "$OUTDIR/"
+
+      cp -r ./make/migrations "$OUTDIR/migrations"
+      cp -r ./src/core/views "$OUTDIR/views"
+      mkdir -p "$OUTDIR/icons"
+      cp -r ./icons "$OUTDIR/icons"
+
+      mkdir -p "$CRAFT_PART_INSTALL/etc/pki/tls/certs"
+      chown -R 10000:10000 "$CRAFT_PART_INSTALL/etc/pki/tls/certs"
+      chown -R 10000:10000 "$OUTDIR/"
+      chmod u+x "$OUTDIR/entrypoint.sh"
+      chmod u+x "$OUTDIR/install_cert.sh"
+
+      # NOTE(aznashwan): these values are harcoded in Harbor's Makefile.
+      # The Trivy version used by Harbor will almost surely be different from
+      # the one used in the rockcraft workflows, so this is techinically a lie:
+      # canonical/k8s-workflows/.github/workflows/scan_images.yaml
+      MAKEFILE="$CRAFT_PART_SRC/Makefile"
+      VERSION_FILE="$CRAFT_PART_INSTALL/harbor/version"
+      echo "VERSION_TAG: v2.10.2" >> "$VERSION_FILE"
+      sed -E -n "s/^(REGISTRYVERSION=(.*))$/REGISTRY_VERSION: \2/p" "$MAKEFILE" >> "$VERSION_FILE"
+      sed -E -n "s/^(TRIVYVERSION=(.*))$/TRIVY_VERSION: \2/p" "$MAKEFILE" >> "$VERSION_FILE"
+      sed -E -n "s/^(TRIVYADAPTERVERSION=(.*))$/TRIVY_ADAPTER_VERSION: \2/p" "$MAKEFILE" >> "$VERSION_FILE"
+
+  # Sourced from: https://github.com/goharbor/harbor/blob/v2.10.2/Makefile#L342
+  build-harbor-core:
+    after: [create-harbor-user, build-deps, gen-apis, image-prep]
+    # NOTE(aznashwan): Harbor's Makefile relies on building through Docker,
+    # so we have to run the build commands manually:
+    plugin: go
+
+    source-type: git
+    source: https://github.com/goharbor/harbor
+    source-tag: v2.10.2
+    source-depth: 1
+    source-subdir: src
+
+    build-environment:
+      - CGO_ENABLED: 0
+      - GOARCH: $CRAFT_ARCH_BUILD_FOR
+
+    override-build: |
+      set -eux
+
+      # Copy over swagger API gens from previous part:
+      mkdir -p "$CRAFT_PART_SRC/src/server/v2.0"
+      cp -r "$CRAFT_PROJECT_DIR/swagger-server-specs/"* "$CRAFT_PART_SRC/src/server/v2.0/"
+
+      # Deduce ldflags:
+      GIT_TAG="v2.10.2"
+      GIT_COMMIT_ID=`git -C "$CRAFT_PART_SRC" log --pretty=tformat:"%h" -n1`
+
+      # Build binary:
+      cd "$CRAFT_PART_SRC/src/core"
+      go build \
+        -ldflags="-w -s -X github.com/goharbor/harbor/src/pkg/version.GitCommit=$GIT_COMMIT_ID -X github.com/goharbor/harbor/src/pkg/version.ReleaseVersion=$GIT_TAG" \
+        -o "$CRAFT_PART_BUILD/harbor_core"
+
+      # Copy over binary and set appropriate permissions:
+      mkdir -p $CRAFT_PART_INSTALL/harbor
+      cp $CRAFT_PART_BUILD/harbor_core $CRAFT_PART_INSTALL/harbor
+
+      chown 10000:10000 "$CRAFT_PART_INSTALL/harbor/harbor_core"
+      chmod u+x "$CRAFT_PART_INSTALL/harbor/harbor_core"
+
diff --git a/v2.10.2/harbor-core/tests/test_rock.py b/v2.10.2/harbor-core/tests/test_rock.py
@@ -0,0 +1,87 @@
+# Copyright 2024 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+import logging
+import random
+import pytest
+import string
+import subprocess
+import sys
+
+from charmed_kubeflow_chisme.rock import CheckRock
+
+logger: logging.Logger = logging.getLogger(__name__)
+
+logger.addHandler(logging.FileHandler(f"{__name__}.log"))
+logger.addHandler(logging.StreamHandler(sys.stdout))
+
+
+ORIGINAL_IMAGE = "docker.io/goharbor/harbor-core"
+
+@pytest.fixture()
+def rock_test_env(tmpdir):
+    """Yields a temporary directory and random docker container name, then cleans them up after."""
+    container_name = "".join(
+        [str(i) for i in random.choices(string.ascii_lowercase, k=8)]
+    )
+    yield tmpdir, container_name
+
+    try:
+        subprocess.run(["docker", "rm", container_name])
+    except Exception:
+        pass
+    # tmpdir fixture we use here should clean up the other files for us
+
+
+def _list_files_in_image_dir(
+        image: str, container_name: str, root_dir: str="/") -> list[str]:
+    """Lists all regular file paths under the given dir in the given image."""
+    cmd = [
+        "docker",
+        "run",
+        "--rm",
+        "--name",
+        container_name,
+        image,
+        "find",
+        root_dir,
+        "-type",
+        "f"
+    ]
+
+    proc = subprocess.run(cmd, capture_output=True)
+    return [l.decode('utf8').strip() for l in proc.stdout.splitlines()]
+
+
+@pytest.mark.abort_on_fail
+def test_rock(rock_test_env):
+    """Test rock."""
+    _, container_name = rock_test_env
+    check_rock = CheckRock("rockcraft.yaml")
+    rock_image = check_rock.get_name()
+    rock_version = check_rock.get_version()
+    LOCAL_ROCK_IMAGE = f"{rock_image}:{rock_version}"
+    ORIGINAL_ROCK_IMAGE = f"{ORIGINAL_IMAGE}:{rock_version}"
+
+    dir_to_check = "/harbor"
+
+    original_image_files = _list_files_in_image_dir(
+        ORIGINAL_ROCK_IMAGE, f"{container_name}-original",
+        root_dir=dir_to_check)
+    local_rock_files = _list_files_in_image_dir(
+        LOCAL_ROCK_IMAGE, container_name, root_dir=dir_to_check)
+
+    rock_fileset = set(local_rock_files)
+    original_fileset = set(original_image_files)
+
+    original_extra_files = original_fileset - rock_fileset
+    if original_extra_files:
+        pytest.fail(
+            f"Missing some files from the original image: "
+            f"{original_extra_files}")
+
+    rock_extra_files = rock_fileset - original_fileset
+    if rock_extra_files:
+        pytest.fail(
+            f"Rock has extra files not present in original image: "
+            f"{rock_extra_files}")
diff --git a/v2.10.2/harbor-core/tox.ini b/v2.10.2/harbor-core/tox.ini
@@ -0,0 +1,47 @@
+# Copyright 2024 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+[tox]
+skipsdist = True
+skip_missing_interpreters = True
+envlist = pack, export-to-docker, sanity
+
+[testenv]
+setenv =
+    PYTHONPATH={toxinidir}
+    PYTHONBREAKPOINT=ipdb.set_trace
+
+[testenv:pack]
+passenv = *
+allowlist_externals =
+    rockcraft
+commands =
+    rockcraft pack -v
+
+[testenv:export-to-docker]
+passenv = *
+allowlist_externals =
+    bash
+    skopeo
+    yq
+commands =
+    # export already packed rock to docker
+    bash -c 'NAME="$(yq -r .name rockcraft.yaml)" && \
+             VERSION="$(yq -r .version rockcraft.yaml)" && \
+             ARCH="$(yq -r ".platforms | keys | .[0]" rockcraft.yaml)" && \
+             ROCK="$\{NAME\}_$\{VERSION\}_$\{ARCH\}.rock" && \
+             DOCKER_IMAGE=$NAME:$VERSION && \\
+             echo "Exporting $ROCK to docker as $DOCKER_IMAGE" && \
+             rockcraft.skopeo --insecure-policy copy \
+                oci-archive:$ROCK docker-daemon:$DOCKER_IMAGE'
+
+[testenv:sanity]
+passenv = *
+deps =
+    pytest
+    charmed-kubeflow-chisme
+allowlist_externals =
+    echo
+commands =
+    # run rock tests
+    pytest -v --tb native --show-capture=all --log-cli-level=INFO {posargs} {toxinidir}/tests
diff --git a/v2.10.2/harbor-db/README.md b/v2.10.2/harbor-db/README.md
@@ -0,0 +1,3 @@
+# ROCK specs for harbor-db.
+
+Aims to be compatible with `docker.io/goharbor/harbor-db`.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# ROCK specs for harbor-core.

		Aims to be compatible with `docker.io/goharbor/harbor-core`.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# ROCK specs for harbor-db.

		Aims to be compatible with `docker.io/goharbor/harbor-db`.