Only run domain proxy during hermetic mode. Configure domain proxy in AbstractPreprocessor.

tecarter94 · tecarter94 · commit bcc6aadd3681 · 2024-10-25T15:45:46.000+11:00
diff --git a/deploy/tasks/buildah-oci-ta.yaml b/deploy/tasks/buildah-oci-ta.yaml
@@ -291,12 +291,9 @@ spec:
         cp "$dockerfile_path" "$dockerfile_copy"
 
         if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] && grep -q '^\s*RUN \(./\)\?mvn' "$dockerfile_copy"; then
-          settings="<settings><proxies><proxy><id>domain-proxy</id><active>true</active><protocol>http</protocol><host>localhost</host><port>8080</port></proxy></proxies><mirrors><mirror><id>mirror.default</id><url>http://$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR/v1/cache/default/0/</url><mirrorOf>*</mirrorOf></mirror></mirrors></settings>"
-        else
-          settings="<settings><proxies><proxy><id>domain-proxy</id><active>true</active><protocol>http</protocol><host>localhost</host><port>8080</port></proxy></proxies></settings>"
+          sed -i -e "s|^\s*RUN \(\(./\)\?mvn\)\(.*\)|RUN echo \"<settings><mirrors><mirror><id>mirror.default</id><url>http://$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR/v1/cache/default/0/</url><mirrorOf>*</mirrorOf></mirror></mirrors></settings>\" > /tmp/settings.yaml; \1 -s /tmp/settings.yaml \3|g" "$dockerfile_copy"
+          touch /var/lib/containers/java
         fi
-        sed -i -e "s|^\s*RUN \(\(./\)\?mvn\)\(.*\)|RUN echo \"$settings\" > /tmp/settings.yaml; \1 -s /tmp/settings.yaml \3|g" "$dockerfile_copy"
-        touch /var/lib/containers/java
 
         # Fixing group permission on /var/lib/containers
         chown root:root /var/lib/containers
@@ -365,6 +362,8 @@ spec:
             unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image
           done
           echo "Build will be executed with network isolation"
+          /app/domain-proxy-server-runner &
+          server_pid=$!
         fi
 
         if [ -n "${TARGET_STAGE}" ]; then
@@ -418,9 +417,6 @@ spec:
           VOLUME_MOUNTS="${VOLUME_MOUNTS} --volume ${mount_point}:${YUM_REPOS_D_TARGET}"
         fi
 
-        /app/domain-proxy-server-runner &
-        server_pid=$!
-
         DEFAULT_LABELS=(
           "--label" "build-date=$(date -u +'%Y-%m-%dT%H:%M:%S')"
           "--label" "architecture=$(uname -m)"
@@ -464,36 +460,46 @@ spec:
         # Prevent ShellCheck from giving a warning because 'image' is defined and 'IMAGE' is not.
         declare IMAGE
 
-        # Without expansion
-        cat > /app/build-script.sh << 'EOF'
-        #!/bin/sh
-        ip link set lo up
-        /app/domain-proxy-client-runner &
-        client_pid=$!
-        EOF
-
-        # With expansion
-        cat >> /app/build-script.sh << EOF
-        buildah build $VOLUME_MOUNTS ${BUILDAH_ARGS[@]} ${LABELS[@]} --tls-verify=$TLSVERIFY --no-cache --ulimit nofile=4096:4096 -f "$dockerfile_copy" -t $IMAGE .
-        EOF
-
-        # Without expansion
-        cat >> /app/build-script.sh << 'EOF'
-        set +e
-        kill $client_pid
-        wait $client_pid
-        set -e
-        EOF
-
-        cat /app/build-script.sh
-        chmod +x /app/build-script.sh
-
-        unshare -Uf $UNSHARE_ARGS --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w ${SOURCE_CODE_DIR}/$CONTEXT -- /app/build-script.sh
-
-        set +e
-        kill $server_pid
-        wait $server_pid
-        set -e
+        if [ "${HERMETIC}" == "true" ]; then
+          # Without expansion
+          cat > /app/build-script.sh << 'EOF'
+          #!/bin/sh
+          ip link set lo up
+          /app/domain-proxy-client-runner &
+          client_pid=$!
+          EOF
+
+          # With expansion
+          cat >> /app/build-script.sh << EOF
+          buildah build $VOLUME_MOUNTS ${BUILDAH_ARGS[@]} ${LABELS[@]} --tls-verify=$TLSVERIFY --no-cache --ulimit nofile=4096:4096 -f "$dockerfile_copy" -t $IMAGE .
+          EOF
+
+          # Without expansion
+          cat >> /app/build-script.sh << 'EOF'
+          set +e
+          kill $client_pid
+          wait $client_pid
+          set -e
+          EOF
+
+          cat /app/build-script.sh
+          chmod +x /app/build-script.sh
+
+          unshare -Uf $UNSHARE_ARGS --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w ${SOURCE_CODE_DIR}/$CONTEXT -- /app/build-script.sh
+
+          set +e
+          kill $server_pid
+          wait $server_pid
+          set -e
+        else
+          unshare -Uf $UNSHARE_ARGS --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w ${SOURCE_CODE_DIR}/$CONTEXT -- buildah build \
+            $VOLUME_MOUNTS \
+            "${BUILDAH_ARGS[@]}" \
+            "${LABELS[@]}" \
+            --tls-verify=$TLSVERIFY --no-cache \
+            --ulimit nofile=4096:4096 \
+            -f "$dockerfile_copy" -t "$IMAGE" .
+        fi
 
         container=$(buildah from --pull-never "$IMAGE")
         buildah mount $container | tee /shared/container_path
diff --git a/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/build/preprocessor/AbstractPreprocessor.java b/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/build/preprocessor/AbstractPreprocessor.java
@@ -227,6 +227,15 @@ private String getMavenSetup() {
               <mirrorOf>*</mirrorOf>
             </mirror>
           </mirrors>
+          <proxies>
+            <proxy>
+              <id>domain-proxy</id>
+              <active>true</active>
+              <protocol>http</protocol>
+              <host>localhost</host>
+              <port>8080</port>
+            </proxy>
+          </proxies>
         EOF
             else
                 cat >${HOME}/.m2/settings.xml <<EOF
