move busybox build from core to golden containers (#8561)

Author: mandeepsplaha

…rceData/base/Dockerfile-Busybox-Template …nerSourceData/busybox/Dockerfile-Busybox.pipelines/containerSourceData/base/Dockerfile-Busybox-Template renamed to .pipelines/containerSourceData/busybox/Dockerfile-Busybox .pipelines/containerSourceData/base/Dockerfile-Busybox-Template renamed to .pipelines/containerSourceData/busybox/Dockerfile-Busybox

@@ -7,31 +7,28 @@ FROM $BASE_IMAGE AS BASE
 
 ARG AZL_VERSION=2.0
 
-ARG RPMS
-ARG LOCAL_REPO_FILE="local.repo"
-ARG LOCAL_REPO_PATH="/localrepo" 
+ARG RPMS_TO_INSTALL
+ARG RPMS_PATH="/dockerStage/RPMS"
+ARG LOCAL_REPO_FILE="/dockerStage/marinerLocalRepo.repo"
+ARG LOCAL_REPO_PATH="/localrepo"
 
-COPY ${RPMS} /WORKDIR/RPMS
-COPY ${LOCAL_REPO_FILE} /WORKDIR/REPO/local.repo
-
-# Create local repo if RPMS are provided
+# Create local repo with the given RPMS.
 # This will allow the user to install packages from the local repo
 # instead of fetching from PMC
-RUN if [ "${RPMS}" ]; then \
+RUN --mount=type=bind,source=./Stage/,target=/dockerStage/ \
     mkdir -p $LOCAL_REPO_PATH; \
     tdnf install -y --releasever=$AZL_VERSION createrepo; \
-    cp -r /WORKDIR/RPMS ${LOCAL_REPO_PATH}; \
-    cp /WORKDIR/REPO/local.repo /etc/yum.repos.d/local.repo; \
-    createrepo --database ${LOCAL_REPO_PATH} --workers 10; \
+    cp -r ${RPMS_PATH} ${LOCAL_REPO_PATH}; \
+    cp ${LOCAL_REPO_FILE} /etc/yum.repos.d/local.repo; \
+    createrepo --compatibility --database ${LOCAL_REPO_PATH} --workers 10; \
     tdnf makecache; \
-    tdnf autoremove -y createrepo; \
-fi
+    tdnf autoremove -y createrepo;
 
-# Install busybox, glibc, and their dependencies into a staging location.
+# Install packages into a staging location.
 # Staging directory is copied into the final scratch image.
 RUN mkdir /staging \
     && tdnf install -y --releasever=$AZL_VERSION --installroot /staging \
-    busybox glibc \
+    ${RPMS_TO_INSTALL} \
     && tdnf clean all \
     && pushd /staging \
     && rm -rf boot media mnt opt run \

.pipelines/containerSourceData/busybox/busybox.pkg

@@ -0,0 +1,3 @@
+busybox
+glibc
+mariner-release

.pipelines/containerSourceData/scripts/BuildBaseContainers.sh

@@ -23,7 +23,6 @@ set -e
 #   │   ├── base
 #   │   │   ├── Dockerfile-Base-Template
 #   │   │   ├── Dockerfile-Base-Nonroot-Template
-#   │   |   ├── Dockerfile-Busybox-Template
 #   │   │   ├── Dockerfile-Distroless-Template
 #   │   │   ├── Dockerfile-Distroless-Nonroot-Template
 #   │   container_tarballs
@@ -165,7 +164,6 @@ function initialization {
     # Image types
     BASE="base"
     DISTROLESS="distroless"
-    BUSYBOX="busybox"
     MARINARA="marinara"
 
     base_tarball_file_name=$(basename "$BASE_TARBALL")      # core-2.0.20230607.tar.gz
@@ -190,7 +188,6 @@ function initialization {
     DISTROLESS_DEBUG_NONROOT_IMAGE_NAME="$ACR_NAME_FULL/distroless/debug:$NONROOT_IMAGE_TAG"
     DISTROLESS_DEBUG_IMAGE_NAME="$ACR_NAME_FULL/distroless/debug:$IMAGE_TAG"
 
-    BUSYBOX_IMAGE_NAME="$ACR_NAME_FULL/busybox:$IMAGE_TAG"
     MARINARA_IMAGE_NAME="$ACR_NAME_FULL/marinara:$IMAGE_TAG"
 
     echo "BASE_IMAGE_NAME                       -> $BASE_IMAGE_NAME"
@@ -201,7 +198,6 @@ function initialization {
     echo "DISTROLESS_MINIMAL_NONROOT_IMAGE_NAME -> $DISTROLESS_MINIMAL_NONROOT_IMAGE_NAME"
     echo "DISTROLESS_DEBUG_IMAGE_NAME           -> $DISTROLESS_DEBUG_IMAGE_NAME"
     echo "DISTROLESS_DEBUG_NONROOT_IMAGE_NAME   -> $DISTROLESS_DEBUG_NONROOT_IMAGE_NAME"
-    echo "BUSYBOX_IMAGE_NAME                    -> $BUSYBOX_IMAGE_NAME"
     echo "MARINARA_IMAGE_NAME                   -> $MARINARA_IMAGE_NAME"
 }
 
@@ -233,7 +229,8 @@ function docker_build {
         --build-arg EULA="$EULA_FILE_NAME" \
         --build-arg BASE_IMAGE="$temp_image" \
         -t "$image_full_name" \
-        --no-cache
+        --no-cache \
+        --progress=plain
 
     docker rmi "$temp_image"
     popd > /dev/null
@@ -261,7 +258,8 @@ function docker_build_custom {
         --build-arg LOCAL_REPO_FILE="$LOCAL_REPO_FILE" \
         -t "$image_full_name" \
         -f "$CONTAINER_SRC_DIR/base/$dockerfile" \
-        --no-cache
+        --no-cache \
+        --progress=plain
 
     popd > /dev/null
 
@@ -323,8 +321,6 @@ function build_images {
     docker_build_custom $DISTROLESS "$DISTROLESS_MINIMAL_NONROOT_IMAGE_NAME" "$DISTROLESS_MINIMAL_IMAGE_NAME" "Dockerfile-Distroless-Nonroot-Template"
     docker_build_custom $DISTROLESS "$DISTROLESS_DEBUG_NONROOT_IMAGE_NAME" "$DISTROLESS_DEBUG_IMAGE_NAME" "Dockerfile-Distroless-Nonroot-Template"
 
-    docker_build_custom $BUSYBOX "$BUSYBOX_IMAGE_NAME" "" "Dockerfile-Busybox-Template"
-
     docker_build_marinara
 }
 

.pipelines/containerSourceData/scripts/BuildGoldenContainer.sh

@@ -27,6 +27,7 @@ set -e
 # - s) SBOM tool path.
 # - t) Script to create SBOM for the container image.
 # - u) Create Distroless container (e.g. true, false. If true, the script will also create a distroless container)
+# - v) Version extract command (e.g. 'busybox | head -1 | cut -c 10-15')
 
 # Assuming you are in your current working directory. Below should be the directory structure:
 #   │   rpms.tar.gz
@@ -55,7 +56,7 @@ set -e
 #     -j OUTPUT -k ./rpms.tar.gz -l ~/CBL-Mariner/.pipelines/containerSourceData \
 #     -m "false" -n "false" -p development -q "false" -u "true"
 
-while getopts ":a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:" OPTIONS; do
+while getopts ":a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:" OPTIONS; do
     case ${OPTIONS} in
     a ) BASE_IMAGE_NAME_FULL=$OPTARG;;
     b ) ACR=$OPTARG;;
@@ -78,6 +79,7 @@ while getopts ":a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:" OPTIONS; do
     s ) SBOM_TOOL_PATH=$OPTARG;;
     t ) SBOM_SCRIPT=$OPTARG;;
     u ) DISTROLESS=$OPTARG;;
+    v ) VERSION_EXTRACT_CMD=$OPTARG;;
 
     \? )
         echo "Error - Invalid Option: -$OPTARG" 1>&2
@@ -113,6 +115,7 @@ function print_inputs {
     echo "CONTAINER_SRC_DIR             -> $CONTAINER_SRC_DIR"
     echo "IS_HCI_IMAGE                  -> $IS_HCI_IMAGE"
     echo "USE_RPM_QA_CMD                -> $USE_RPM_QA_CMD"
+    echo "Version Extract Command       -> $VERSION_EXTRACT_CMD"
     echo "REPO_PREFIX                   -> $REPO_PREFIX"
     echo "PUBLISHING_LEVEL              -> $PUBLISHING_LEVEL"
     echo "PUBLISH_TO_ACR                -> $PUBLISH_TO_ACR"
@@ -277,21 +280,26 @@ function set_image_tag {
     local containerId
     local installedPackage
 
-    containerId=$(docker run --entrypoint /bin/bash -dt "$GOLDEN_IMAGE_NAME")
+    containerId=$(docker run --entrypoint /bin/sh -dt "$GOLDEN_IMAGE_NAME")
 
     echo "Container ID                  -> $containerId"
 
-    if [[ $USE_RPM_QA_CMD =~ [Tt]rue ]] ; then
-        echo "Using rpm -qa command to get installed package."
-        installedPackage=$(docker exec "$containerId" rpm -qa | grep ^"$COMPONENT")
+    if [[ -n "$VERSION_EXTRACT_CMD" ]]; then
+        echo "Using custom version extract command."
+        COMPONENT_VERSION=$(docker exec "$containerId" sh -c "$VERSION_EXTRACT_CMD")
     else
-        echo "Using tdnf repoquery command to get installed package."
-        # exec as root as the default user for some containers is non-root
-        installedPackage=$(docker exec -u 0 "$containerId" tdnf repoquery --installed "$COMPONENT" | grep ^"$COMPONENT")
+        if [[ $USE_RPM_QA_CMD =~ [Tt]rue ]] ; then
+            echo "Using rpm -qa command to get installed package."
+            installedPackage=$(docker exec "$containerId" rpm -qa | grep ^"$COMPONENT")
+        else
+            echo "Using tdnf repoquery command to get installed package."
+            # exec as root as the default user for some containers is non-root
+            installedPackage=$(docker exec -u 0 "$containerId" tdnf repoquery --installed "$COMPONENT" | grep ^"$COMPONENT")
+        fi
+        echo "Full Installed Package:       -> $installedPackage"
+        COMPONENT_VERSION=$(echo "$installedPackage" | awk '{n=split($0,a,"-")};{split(a[n],b,".")}; {print a[n-1]"-"b[1]}') # 16.16.0-1
     fi
 
-    echo "Full Installed Package:       -> $installedPackage"
-    COMPONENT_VERSION=$(echo "$installedPackage" | awk '{n=split($0,a,"-")};{split(a[n],b,".")}; {print a[n-1]"-"b[1]}') # 16.16.0-1
     echo "Component Version             -> $COMPONENT_VERSION"
     docker rm -f "$containerId"