modules/build-individual.nu at main · blue-build/modules · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#!/usr/bin/env nu
# build separate images for each module in the repo

use constants.nu *

print $"(ansi green_bold)Gathering images"

let images = ls modules | each { |moduleDir|
    cd $moduleDir.name

    # module is unversioned
    if (glob $"($moduleDir.name | path basename).{sh,nu}" | any { path exists }) {

        print $"(ansi cyan)Found(ansi reset) (ansi cyan_bold)unversioned(ansi reset) (ansi cyan)module:(ansi reset) ($moduleDir.name | path basename)"

        let tags = (
            if ($env.GH_EVENT_NAME != "pull_request" and $env.GH_BRANCH == "main") {
                ["latest", "v1"]
            } else if ($env.GH_EVENT_NAME != "pull_request") {
                [$env.GH_BRANCH, $"v1-($env.GH_BRANCH)"]
            } else {
                [$"pr-($env.GH_PR_NUMBER)", $"v1-pr-($env.GH_PR_NUMBER)"]
            }
        )
        print $"(ansi cyan)Generated tags:(ansi reset) ($tags | str join ' ')"

        {
            name: ($moduleDir.name | path basename)
            directory: ($moduleDir.name)
            tags: $tags
        }

    } else { # module is versioned

        print $"(ansi cyan)Found(ansi reset) (ansi blue_bold)versioned(ansi reset) (ansi cyan)module:(ansi reset) ($moduleDir.name | path basename)"

        let versioned = ls v*/
            | get name | str substring 1.. | into int | sort # sort versions properly
            | each {|version|
                let tags = (
                    if ($env.GH_EVENT_NAME != "pull_request" and $env.GH_BRANCH == "main") {
                        [$"v($version)"]
                    } else if ($env.GH_EVENT_NAME != "pull_request") {
                        [$"v($version)-($env.GH_BRANCH)"]
                    } else {
                        [$"v($version)-pr-($env.GH_PR_NUMBER)"]
                    }
                )
                print $"(ansi cyan)Generated tags:(ansi reset) ($tags | str join ' ')"

                {
                    name: ($moduleDir.name | path basename)
                    directory: $"($moduleDir.name)/v($version)"
                    tags: $tags
                }
        }

        let latest_tag = (
            if ($env.GH_EVENT_NAME != "pull_request" and $env.GH_BRANCH == "main") {
                "latest"
            } else if ($env.GH_EVENT_NAME != "pull_request") {
                $env.GH_BRANCH
            } else {
                $"pr-($env.GH_PR_NUMBER)"
            }
        )
        print $"(ansi cyan)Extra tag for latest image:(ansi reset) ($latest_tag)"
        let latest = ($versioned | last)
        ($versioned
            | update (($versioned | length) - 1) # update the last / latest item in list
            ($latest | update "tags" ($latest.tags | append $latest_tag)) # append tag which should only be given to the latest version
        )

    }
} | flatten directory

print $"(ansi green_bold)Starting image build(ansi reset)"

$images | par-each { |img|

    print $"(ansi cyan)Building image:(ansi reset) modules/($img.name)"
    (docker build .
        -f ./individual.Containerfile
        --push
        ...($PLATFORMS | each { $'--platform=($in)' })
        ...($img.tags | each { |tag| ["-t", $"($env.REGISTRY)/modules/($img.name):($tag)"] } | flatten) # generate and spread list of tags
        --build-arg $"DIRECTORY=($img.directory)"
        --build-arg $"NAME=($img.name)"
        --annotation $"index,manifest:org.opencontainers.image.created=(date now | date to-timezone UTC | format date '%Y-%m-%dT%H:%M:%SZ')"
        --annotation "index,manifest:org.opencontainers.image.url=https://github.com/blue-build/modules"
        --annotation $"index,manifest:org.opencontainers.image.documentation=https://blue-build.org/reference/modules/($img.name)/"
        --annotation "index,manifest:org.opencontainers.image.source=https://github.com/blue-build/modules"
        --annotation "index,manifest:org.opencontainers.image.version=nightly"
        --annotation $"index,manifest:org.opencontainers.image.revision=($env.GITHUB_SHA)"
        --annotation "index,manifest:org.opencontainers.image.licenses=Apache-2.0"
        --annotation $"index,manifest:org.opencontainers.image.title=BlueBuild Module: ($img.name)"
        --annotation "index,manifest:org.opencontainers.image.description=BlueBuild standard modules used for building your Atomic Images"
    )

    let inspect_image = $'($env.REGISTRY)/modules/($img.name):($img.tags | first)'
    print $"(ansi cyan)Inspecting image:(ansi reset) ($inspect_image)"
    let digest = (docker
        buildx
        imagetools
        inspect
        --format '{{json .}}'
        $inspect_image)
        | from json
        | get manifest.digest

    let digest_image = $'($env.REGISTRY)/modules/($img.name)@($digest)'
    print $"(ansi cyan)Signing image:(ansi reset) ($digest_image)"
    (cosign sign
        --new-bundle-format=false
        --use-signing-config=false
        -y --recursive
        --key env://COSIGN_PRIVATE_KEY
        $digest_image)
    (cosign verify
        --key=./cosign.pub
        $digest_image)
}

print $"(ansi green_bold)DONE!(ansi reset)"