Implement Scorecard 2 Base Image (#2837)

Ish Shah · web-flow · commit 874fac2d2b9a · 2020-04-14T14:31:07.000-07:00
* scorecard 2 base image

* remove extra chmod

* fix test user entrypoint

* update according to 2469
diff --git a/Makefile b/Makefile
@@ -21,10 +21,12 @@ SOURCES = $(shell find . -name '*.go' -not -path "*/vendor/*")
 ANSIBLE_BASE_IMAGE = quay.io/operator-framework/ansible-operator
 HELM_BASE_IMAGE = quay.io/operator-framework/helm-operator
 SCORECARD_PROXY_BASE_IMAGE = quay.io/operator-framework/scorecard-proxy
+SCORECARD_TEST_BASE_IMAGE = quay.io/operator-framework/scorecard-test
 
 ANSIBLE_IMAGE ?= $(ANSIBLE_BASE_IMAGE)
 HELM_IMAGE ?= $(HELM_BASE_IMAGE)
 SCORECARD_PROXY_IMAGE ?= $(SCORECARD_PROXY_BASE_IMAGE)
+SCORECARD_TEST_IMAGE ?= $(SCORECARD_TEST_BASE_IMAGE)
 
 ANSIBLE_ARCHES:="amd64" "ppc64le" "s390x" "arm64"
 HELM_ARCHES:="amd64" "ppc64le" "s390x" "arm64"
@@ -171,6 +173,9 @@ image-build-helm: build/operator-sdk-dev-linux-gnu
 image-build-scorecard-proxy:
 	./hack/image/build-scorecard-proxy-image.sh $(SCORECARD_PROXY_BASE_IMAGE):dev
 
+image-build-scorecard-test:
+	./hack/image/build-scorecard-test-image.sh $(SCORECARD_TEST_BASE_IMAGE):dev
+
 image-push: image-push-ansible image-push-helm image-push-scorecard-proxy ## Push all images
 
 image-push-ansible:
@@ -191,6 +196,9 @@ image-push-scorecard-proxy:
 image-push-scorecard-proxy-multiarch:
 	./hack/image/push-manifest-list.sh $(SCORECARD_PROXY_IMAGE) ${SCORECARD_PROXY_ARCHES}
 
+image-push-scorecard-test:
+	./hack/image/push-image-tags.sh $(SCORECARD_TEST_BASE_IMAGE):dev $(SCORECARD_TEST_IMAGE)-$(shell go env GOARCH)
+
 ##############################
 # Tests                      #
 ##############################
diff --git a/hack/image/build-scorecard-test-image.sh b/hack/image/build-scorecard-test-image.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+set -eux
+
+source hack/lib/image_lib.sh
+
+# TODO build test image
+#WD="$(dirname "$(pwd)")"
+#GOOS=linux CGO_ENABLED=0 \
+#  go build \
+#  -gcflags "all=-trimpath=${WD}" \
+#  -asmflags "all=-trimpath=${WD}" \
+#  -o images/scorecard-test/scorecard-test \
+#  images/scorecard-test/cmd/test/main.go
+
+# Build base image
+pushd images/scorecard-test
+docker build -t "$1" .
+# If using a kind cluster, load the image into all nodes.
+load_image_if_kind "$1"
+popd
diff --git a/images/scorecard-test/Dockerfile b/images/scorecard-test/Dockerfile
@@ -0,0 +1,17 @@
+# Base image
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+
+ENV TEST=/usr/local/bin/scorecard-test \
+    USER_UID=1001 \
+    USER_NAME=test
+
+# TODO install test binary 
+# COPY scorecard-test ${TEST}
+
+COPY bin /usr/local/bin
+RUN  /usr/local/bin/user_setup
+
+
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
+
+USER ${USER_UID}
diff --git a/images/scorecard-test/bin/entrypoint b/images/scorecard-test/bin/entrypoint
@@ -0,0 +1,6 @@
+#!/bin/sh -e
+
+# This is documented here:
+# https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines
+
+exec ${TEST} $@
diff --git a/images/scorecard-test/bin/user_setup b/images/scorecard-test/bin/user_setup
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -x
+
+# ensure $HOME exists and is accessible by group 0 (we don't know what the runtime UID will be)
+echo "${USER_NAME}:x:${USER_UID}:0:${USER_NAME} user:${HOME}:/sbin/nologin" >> /etc/passwd
+
+mkdir -p "${HOME}"
+chown "${USER_UID}:0" "${HOME}"
+chmod ug+rwx "${HOME}"
+
+# no need for this script to remain in the image after running
+rm "$0"
