From 1f596d6de0acdeb8b8f21f559c856428b0aa3ef7 Mon Sep 17 00:00:00 2001 From: quebim Date: Tue, 26 Nov 2024 12:07:47 -0300 Subject: [PATCH] Update builder Dockerfile entrypoint script Make Docker image more lightweight Add output messages for build process --- docker/builder/Dockerfile | 109 +++++------------------- docker/builder/entrypoint.sh | 146 ++++++++++++++++++++++++++++++++ docker/builder/image/Dockerfile | 89 ------------------- docker/builder/image/build.sh | 75 ---------------- 4 files changed, 165 insertions(+), 254 deletions(-) create mode 100644 docker/builder/entrypoint.sh delete mode 100644 docker/builder/image/Dockerfile delete mode 100644 docker/builder/image/build.sh diff --git a/docker/builder/Dockerfile b/docker/builder/Dockerfile index 9e5779dca61d6..d65a18e603552 100644 --- a/docker/builder/Dockerfile +++ b/docker/builder/Dockerfile @@ -7,12 +7,11 @@ ENV DEBIAN_FRONTEND=noninteractive # Update the package list and install necessary tools RUN apt-get update \ && apt-get upgrade -y \ - && apt-get install curl gnupg2 -y \ - && curl -o- https://www.aptly.info/pubkey.txt | apt-key add - \ - && echo "deb http://repo.aptly.info/ squeeze main" | tee -a /etc/apt/sources.list.d/aptly.list \ && apt-get install -y \ wget \ + curl \ unzip \ + gnupg2 \ git \ build-essential \ debmake \ @@ -43,35 +42,7 @@ RUN apt-get update \ rpm \ rpm2cpio \ maven \ - && dpkg -r lintian \ - && rm -rf /var/lib/apt/lists/* - -# Define build arguments with default values -ARG indexer_branch=master -ARG indexer_plugins_branch=master -ARG indexer_reporting_branch=master -ARG revision=0 -ARG is_stage=false -ARG distribution=tar -ARG architecture=x64 - -# Use build arguments as environment variables in the container -ENV INDEXER_BRANCH=${indexer_branch} \ - INDEXER_PLUGINS_BRANCH=${indexer_plugins_branch} \ - INDEXER_REPORTING_BRANCH=${indexer_reporting_branch} \ - REVISION=${revision} \ - IS_STAGE=${is_stage} \ - DISTRIBUTION=${distribution} \ - ARCHITECTURE=${architecture} - -RUN mkdir -p /artifacts/dist/ - -VOLUME /artifacts/dist/ - -# Clone the repositories using the specified branches -RUN git clone --branch ${INDEXER_BRANCH} https://github.com/wazuh/wazuh-indexer --depth 1 /opt/wazuh-indexer && \ - git clone --branch ${INDEXER_PLUGINS_BRANCH} https://github.com/wazuh/wazuh-indexer-plugins --depth 1 /opt/wazuh-indexer-plugins && \ - git clone --branch ${INDEXER_REPORTING_BRANCH} https://github.com/wazuh/wazuh-indexer-reporting --depth 1 /opt/wazuh-indexer-reporting + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # Install OpenJDK 21 RUN wget -O- https://download.java.net/openjdk/jdk21/ri/openjdk-21+35_linux-x64_bin.tar.gz | tar xz -C /opt/ @@ -79,9 +50,8 @@ RUN wget -O- https://download.java.net/openjdk/jdk21/ri/openjdk-21+35_linux-x64_ # Set JAVA_HOME environment variable ENV JAVA_HOME=/opt/jdk-21 ENV PATH=$JAVA_HOME/bin:$PATH - -# Install Gradle 8.10 ENV GRADLE_VERSION=8.10 +ENV GRADLE_OPTS="-Xmx2048m -XX:ReservedCodeCacheSize=440m" RUN wget https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip -P /tmp \ && unzip -d /opt/gradle /tmp/gradle-${GRADLE_VERSION}-bin.zip \ @@ -91,68 +61,27 @@ RUN wget https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin. ENV GRADLE_HOME=/opt/gradle/gradle-${GRADLE_VERSION} ENV PATH=$GRADLE_HOME/bin/$PATH -# Create the artifacts directory -RUN mkdir -p /opt/wazuh-indexer/artifacts/plugins - # Clean up APT when done RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* -# Create a non-root user and set up permissions -RUN useradd -ms /bin/bash opensearchuser && \ - mkdir -p /home/opensearchuser && \ - chown -R opensearchuser:opensearchuser /opt/wazuh-indexer-plugins && \ - chown -R opensearchuser:opensearchuser /opt/wazuh-indexer-reporting && \ - chown -R opensearchuser:opensearchuser /opt/wazuh-indexer +# Create volume dir +RUN mkdir -p /artifacts +VOLUME /artifacts -USER opensearchuser +# Create a non-root user and set up permissions +RUN useradd -ms /bin/bash indexer && mkdir -p /home/indexer && chown -R indexer:indexer /home/indexer -# ---PACKAGE-BUILDING--- +# Copy your build scripts into the container as root +ADD entrypoint.sh /home/indexer/ -# Build plugins -RUN export VERSION=$(cat /opt/wazuh-indexer/VERSION) && \ - cd /opt/wazuh-indexer-plugins/plugins/setup && \ - ./gradlew build -Dversion=${VERSION} -Drevision=${REVISION} && \ - cd /opt/wazuh-indexer-plugins/plugins/command-manager && \ - ./gradlew build -Dversion=${VERSION} -Drevision=${REVISION} && \ - cd /opt/wazuh-indexer-reporting && \ - ./gradlew build -Dversion=${VERSION} -Drevision=${REVISION} && \ - # Copy the built packages - cp /opt/wazuh-indexer-plugins/plugins/setup/build/distributions/wazuh-indexer-setup-${VERSION}.${REVISION}.zip /opt/wazuh-indexer/artifacts/plugins/ && \ - cp /opt/wazuh-indexer-plugins/plugins/command-manager/build/distributions/wazuh-indexer-command-manager-${VERSION}.${REVISION}.zip /opt/wazuh-indexer/artifacts/plugins/ && \ - cp /opt/wazuh-indexer-reporting/build/distributions/wazuh-indexer-reports-scheduler-${VERSION}.${REVISION}.zip /opt/wazuh-indexer/artifacts/plugins/ +# Change file permissions as root +RUN chmod +x /home/indexer/entrypoint.sh -USER root +# Switch to non-root user +USER indexer -# Configure Git to trust the repositories' directories -RUN git config --global --add safe.directory /opt/wazuh-indexer-plugins && \ - git config --global --add safe.directory /opt/wazuh-indexer-reporting && \ - git config --global --add safe.directory /opt/wazuh-indexer +# Set the working directory +WORKDIR /home/indexer -# Combined RUN command -RUN cd /opt/wazuh-indexer-plugins && PLUGINS_HASH=$(git rev-parse --short HEAD) && \ - cd /opt/wazuh-indexer-reporting && REPORTING_HASH=$(git rev-parse --short HEAD) && \ - cd /opt/wazuh-indexer && \ - PACKAGE_MIN_NAME=$(bash build-scripts/baptizer.sh -m \ - -a ${ARCHITECTURE} \ - -d ${DISTRIBUTION} \ - -r ${REVISION} \ - -l ${PLUGINS_HASH} \ - -e ${REPORTING_HASH} \ - $(if [ "${IS_STAGE}" = "true" ]; then echo "-x"; fi)) && \ - PACKAGE_NAME=$(bash build-scripts/baptizer.sh \ - -a ${ARCHITECTURE} \ - -d ${DISTRIBUTION} \ - -r ${REVISION} \ - -l ${PLUGINS_HASH} \ - -e ${REPORTING_HASH} \ - $(if [ "${IS_STAGE}" = "true" ]; then echo "-x"; fi)) && \ - bash build-scripts/build.sh \ - -a ${ARCHITECTURE} \ - -d ${DISTRIBUTION} \ - -n ${PACKAGE_MIN_NAME} && \ - bash build-scripts/assemble.sh \ - -a ${ARCHITECTURE} \ - -d ${DISTRIBUTION} \ - -r ${REVISION} && \ - mkdir -p /artifacts/dist/ && \ - mv artifacts/dist/${PACKAGE_NAME} /artifacts/dist/ +# Entry point to the build script +ENTRYPOINT ["./entrypoint.sh"] diff --git a/docker/builder/entrypoint.sh b/docker/builder/entrypoint.sh new file mode 100644 index 0000000000000..f331230cdf9c0 --- /dev/null +++ b/docker/builder/entrypoint.sh @@ -0,0 +1,146 @@ +#!/bin/bash + +# Exit immediately if a command exits with a non-zero status. +set -e + +# Set default values for environment variables +INDEXER_BRANCH=${INDEXER_BRANCH:-master} +INDEXER_PLUGINS_BRANCH=${INDEXER_PLUGINS_BRANCH:-master} +INDEXER_REPORTING_BRANCH=${INDEXER_REPORTING_BRANCH:-master} +REVISION=${REVISION:-0} +IS_STAGE=${IS_STAGE:-false} +DISTRIBUTION=${DISTRIBUTION:-tar} +ARCHITECTURE=${ARCHITECTURE:-x64} + +# Function to clone repositories +clone_repositories() { + echo "----------------------------------------" + echo "Cloning Repositories" + echo "----------------------------------------" + git clone --branch "$INDEXER_BRANCH" https://github.com/wazuh/wazuh-indexer --depth 1 /home/indexer/wazuh-indexer + git clone --branch "$INDEXER_PLUGINS_BRANCH" https://github.com/wazuh/wazuh-indexer-plugins --depth 1 /home/indexer/wazuh-indexer-plugins + git clone --branch "$INDEXER_REPORTING_BRANCH" https://github.com/wazuh/wazuh-indexer-reporting --depth 1 /home/indexer/wazuh-indexer-reporting +} + +# Function to build wazuh-indexer-plugins +build_plugins() { + echo "----------------------------------------" + echo "Building Plugins" + echo "----------------------------------------" + local version="$1" + local revision="$2" + cd /home/indexer/wazuh-indexer-plugins/plugins/setup + echo "Building setup plugin..." + ./gradlew build -Dversion="$version" -Drevision="$revision" --no-daemon + cd /home/indexer/wazuh-indexer-plugins/plugins/command-manager + echo "Building command-manager plugin..." + ./gradlew build -Dversion="$version" -Drevision="$revision" --no-daemon +} + +# Function to build wazuh-indexer-reporting +build_reporting() { + echo "----------------------------------------" + echo "Building Reporting" + echo "----------------------------------------" + local version="$1" + local revision="$2" + cd /home/indexer/wazuh-indexer-reporting + echo "Building reporting..." + ./gradlew build -Dversion="$version" -Drevision="$revision" --no-daemon +} + +# Function to copy builds +copy_builds() { + echo "----------------------------------------" + echo "Copying Builds" + echo "----------------------------------------" + local version="$1" + local revision="$2" + mkdir -p /home/indexer/wazuh-indexer/artifacts/plugins + echo "Copying setup plugin..." + cp /home/indexer/wazuh-indexer-plugins/plugins/setup/build/distributions/wazuh-indexer-setup-"$version"."$revision".zip /home/indexer/wazuh-indexer/artifacts/plugins + echo "Copying command-manager plugin..." + cp /home/indexer/wazuh-indexer-plugins/plugins/command-manager/build/distributions/wazuh-indexer-command-manager-"$version"."$revision".zip /home/indexer/wazuh-indexer/artifacts/plugins + echo "Copying reporting..." + cp /home/indexer/wazuh-indexer-reporting/build/distributions/wazuh-indexer-reports-scheduler-"$version"."$revision".zip /home/indexer/wazuh-indexer/artifacts/plugins +} + +# Function for packaging process +package_artifacts() { + echo "----------------------------------------" + echo "Packaging Artifacts" + echo "----------------------------------------" + local architecture="$1" + local distribution="$2" + local revision="$3" + local is_stage="$4" + + local plugins_hash + local reporting_hash + local package_min_name + local package_name + + cd /home/indexer/wazuh-indexer + + plugins_hash=$(cd /home/indexer/wazuh-indexer-plugins && git rev-parse --short HEAD) + reporting_hash=$(cd /home/indexer/wazuh-indexer-reporting && git rev-parse --short HEAD) + + echo "Creating package minimum name..." + package_min_name=$(bash build-scripts/baptizer.sh -m \ + -a "$architecture" \ + -d "$distribution" \ + -r "$revision" \ + -l "$plugins_hash" \ + -e "$reporting_hash" \ + "$(if [ "$is_stage" = "true" ]; then echo "-x"; fi)") + + echo "Creating package name..." + package_name=$(bash build-scripts/baptizer.sh \ + -a "$architecture" \ + -d "$distribution" \ + -r "$revision" \ + -l "$plugins_hash" \ + -e "$reporting_hash" \ + "$(if [ "$is_stage" = "true" ]; then echo "-x"; fi)") + + echo "Building package..." + bash build-scripts/build.sh -a "$architecture" -d "$distribution" -n "$package_min_name" + echo "Assembling package..." + bash build-scripts/assemble.sh -a "$architecture" -d "$distribution" -r "$revision" + + mkdir -p /artifacts/dist/ + echo "Moving package to artifacts..." + mv /home/indexer/wazuh-indexer/artifacts/dist/"$package_name" /artifacts/ +} + +# Function for cleanup +cleanup() { + echo "----------------------------------------" + echo "Cleaning Up" + echo "----------------------------------------" + rm -rf /home/indexer/wazuh-indexer + rm -rf /home/indexer/wazuh-indexer-plugins + rm -rf /home/indexer/wazuh-indexer-reporting + echo "Cleanup completed." +} + +# Main script execution +main() { + echo "---------Starting Build Process---------" + clone_repositories + # Set version env var + VERSION=$(cat /home/indexer/wazuh-indexer/VERSION) + # Build and assemble the package + build_plugins "$VERSION" "$REVISION" + build_reporting "$VERSION" "$REVISION" + copy_builds "$VERSION" "$REVISION" + package_artifacts "$ARCHITECTURE" "$DISTRIBUTION" "$REVISION" "$IS_STAGE" + # Clean the environment + cleanup + echo "----------------------------------------" + echo "Build and Packaging Process Completed Successfully!" + echo "----------------------------------------" +} + +# Execute the main function +main diff --git a/docker/builder/image/Dockerfile b/docker/builder/image/Dockerfile deleted file mode 100644 index ab35d2d69fe6f..0000000000000 --- a/docker/builder/image/Dockerfile +++ /dev/null @@ -1,89 +0,0 @@ -# Use the official Ubuntu Noble image as the base image -FROM ubuntu:noble - -# Set environment variables for non-interactive installation -ENV DEBIAN_FRONTEND=noninteractive - -# Update the package list and install necessary tools -RUN apt-get update \ - && apt-get upgrade -y \ - && apt-get install curl gnupg2 -y \ - && curl -o- https://www.aptly.info/pubkey.txt | apt-key add - \ - && echo "deb http://repo.aptly.info/ squeeze main" | tee -a /etc/apt/sources.list.d/aptly.list \ - && apt-get install -y \ - wget \ - unzip \ - git \ - build-essential \ - debmake \ - debhelper-compat \ - libxrender1 \ - libxtst6 \ - libxi6 \ - libatk1.0-0 \ - libatk-bridge2.0-0 \ - libcups2 \ - libdrm2 \ - libatspi2.0-dev \ - libxcomposite-dev \ - libxdamage1 \ - libxfixes3 \ - libxfixes-dev \ - libxrandr2 \ - libgbm-dev \ - libxkbcommon-x11-0 \ - libpangocairo-1.0-0 \ - libcairo2 \ - libcairo2-dev \ - libnss3 \ - libnspr4 \ - libnspr4-dev \ - aptly \ - cpio \ - rpm \ - rpm2cpio \ - maven \ - && dpkg -r lintian \ - && rm -rf /var/lib/apt/lists/* - -# Install OpenJDK 21 -RUN wget -O- https://download.java.net/openjdk/jdk21/ri/openjdk-21+35_linux-x64_bin.tar.gz | tar xz -C /opt/ - -# Set JAVA_HOME environment variable -ENV JAVA_HOME=/opt/jdk-21 -ENV PATH=$JAVA_HOME/bin:$PATH -ENV GRADLE_VERSION=8.10 -ENV GRADLE_OPTS="-Xmx8096m -XX:ReservedCodeCacheSize=440m" - -RUN wget https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip -P /tmp \ - && unzip -d /opt/gradle /tmp/gradle-${GRADLE_VERSION}-bin.zip \ - && rm /tmp/gradle-${GRADLE_VERSION}-bin.zip - -# Set GRADLE_HOME environment variable -ENV GRADLE_HOME=/opt/gradle/gradle-${GRADLE_VERSION} -ENV PATH=$GRADLE_HOME/bin/$PATH - -# Clean up APT when done -RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - -# Create volume dir -RUN mkdir -p /artifacts/dist/ -VOLUME /artifacts/dist/ - -# Create a non-root user and set up permissions -RUN useradd -ms /bin/bash indexer && mkdir -p /home/indexer && chown -R indexer:indexer /home/indexer - -# Copy your build scripts into the container as root -ADD build.sh /home/indexer/ - -# Change file permissions as root -RUN chmod +x /home/indexer/build.sh - -# Switch to non-root user -USER indexer - -# Set the working directory -WORKDIR /home/indexer - -# Entry point to the build script -ENTRYPOINT ["./build.sh"] diff --git a/docker/builder/image/build.sh b/docker/builder/image/build.sh deleted file mode 100644 index 7676483b39e00..0000000000000 --- a/docker/builder/image/build.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/bash - -# Exit immediately if a command exits with a non-zero status. -set -e - -# Print commands and their arguments as they are executed. -set -x - -# Set default values for environment variables -INDEXER_BRANCH=${INDEXER_BRANCH:-master} -INDEXER_PLUGINS_BRANCH=${INDEXER_PLUGINS_BRANCH:-master} -INDEXER_REPORTING_BRANCH=${INDEXER_REPORTING_BRANCH:-master} -REVISION=${REVISION:-0} -IS_STAGE=${IS_STAGE:-false} -DISTRIBUTION=${DISTRIBUTION:-tar} -ARCHITECTURE=${ARCHITECTURE:-x64} - -# Clone the repositories -git clone --branch "$INDEXER_BRANCH" https://github.com/wazuh/wazuh-indexer --depth 1 /home/indexer/wazuh-indexer -git clone --branch "$INDEXER_PLUGINS_BRANCH" https://github.com/wazuh/wazuh-indexer-plugins --depth 1 /home/indexer/wazuh-indexer-plugins -git clone --branch "$INDEXER_REPORTING_BRANCH" https://github.com/wazuh/wazuh-indexer-reporting --depth 1 /home/indexer/wazuh-indexer-reporting - -# Set version env var -VERSION=$(cat /home/indexer/wazuh-indexer/VERSION) - -# Build plugins -cd /home/indexer/wazuh-indexer-plugins/plugins/setup && ./gradlew build -Dversion="$VERSION" -Drevision="$REVISION" --no-daemon -cd /home/indexer/wazuh-indexer-plugins/plugins/command-manager && ./gradlew build -Dversion="$VERSION" -Drevision="$REVISION" --no-daemon - -# Build reporting -cd /home/indexer/wazuh-indexer-reporting && ./gradlew build -Dversion="$VERSION" -Drevision="$REVISION" --no-daemon - -# Copy builds -mkdir -p /home/indexer/wazuh-indexer/artifacts/plugins -cp /home/indexer/wazuh-indexer-plugins/plugins/setup/build/distributions/wazuh-indexer-setup-"$VERSION"."$REVISION".zip /home/indexer/wazuh-indexer/artifacts/plugins -cp /home/indexer/wazuh-indexer-plugins/plugins/command-manager/build/distributions/wazuh-indexer-command-manager-"$VERSION"."$REVISION".zip /home/indexer/wazuh-indexer/artifacts/plugins -cp /home/indexer/wazuh-indexer-reporting/build/distributions/wazuh-indexer-reports-scheduler-"$VERSION"."$REVISION".zip /home/indexer/wazuh-indexer/artifacts/plugins - -# Combined RUN command for packaging -PLUGINS_HASH=$(cd /home/indexer/wazuh-indexer-plugins && git rev-parse --short HEAD) -REPORTING_HASH=$(cd /home/indexer/wazuh-indexer-reporting && git rev-parse --short HEAD) -cd /home/indexer/wazuh-indexer - -PACKAGE_MIN_NAME=$(bash build-scripts/baptizer.sh -m \ - -a "$ARCHITECTURE" \ - -d "$DISTRIBUTION" \ - -r "$REVISION" \ - -l "$PLUGINS_HASH" \ - -e "$REPORTING_HASH" \ - "$(if [ "$IS_STAGE" = "true" ]; then echo "-x"; fi)") - -PACKAGE_NAME=$(bash build-scripts/baptizer.sh \ - -a "$ARCHITECTURE" \ - -d "$DISTRIBUTION" \ - -r "$REVISION" \ - -l "$PLUGINS_HASH" \ - -e "$REPORTING_HASH" \ - "$(if [ "$IS_STAGE" = "true" ]; then echo "-x"; fi)") - -bash build-scripts/build.sh \ - -a "$ARCHITECTURE" \ - -d "$DISTRIBUTION" \ - -n "$PACKAGE_MIN_NAME" - -bash build-scripts/assemble.sh \ - -a "$ARCHITECTURE" \ - -d "$DISTRIBUTION" \ - -r "$REVISION" - -mkdir -p /artifacts/dist/ -ls -ll /home/indexer/wazuh-indexer/artifacts/ -ls -ll /home/indexer/wazuh-indexer/artifacts/dist/ -mv /home/indexer/wazuh-indexer/artifacts/dist/"$PACKAGE_NAME" /artifacts/dist/ - -echo "Build and packaging process completed successfully!"