build: add missing scripts

jbpratt · jbpratt · commit b42e4e3e2bc6 · 2024-12-06T02:25:05.000-06:00
nonroot is not a user in these images, set up the user

Signed-off-by: bpratt &lt;bpratt@redhat.com&gt;
diff --git a/.gitignore b/.gitignore
@@ -5,7 +5,6 @@
 *.dll
 *.so
 *.dylib
-bin
 
 .envrc
 
diff --git a/build/Dockerfile b/build/Dockerfile
@@ -1,26 +1,26 @@
 FROM quay.io/redhat-services-prod/openshift/boilerplate:image-v6.0.1 AS builder
 
 WORKDIR /workspace
-# Copy the Go Modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
-# cache deps before building and copying source so that we don't need to re-download as much
-# and so that source changes don't invalidate our downloaded layer
 RUN go mod download
 
-# Copy the go source
-COPY *.go .
-COPY controllers/ controllers/
-COPY api/ api/
+COPY . .
+RUN make go-build
 
-# Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -mod=mod -a -o manager main.go
-
-# Use distroless as minimal base image to package the manager binary
-# Refer to https://github.com/GoogleContainerTools/distroless for more details
 FROM registry.access.redhat.com/ubi8/ubi-minimal:8.10-1130
-WORKDIR /
-COPY --from=builder /workspace/manager .
-USER nonroot:nonroot
+ENV OPERATOR=/usr/local/bin/must-gather-operator \
+    USER_UID=1001 \
+    USER_NAME=osd-example-operator
+
+COPY --from=builder /workspace/build/_output/bin/* /usr/local/bin/
+
+COPY build/bin /usr/local/bin
+RUN /usr/local/bin/user_setup
+
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
+
+USER ${USER_UID}
 
-ENTRYPOINT ["/manager"]
+LABEL io.openshift.managed.name="osd-example-operator" \
+      io.openshift.managed.description="OSD Example Operator"
diff --git a/build/bin/entrypoint b/build/bin/entrypoint
@@ -0,0 +1,12 @@
+#!/bin/sh -e
+
+# This is documented here:
+# https://docs.openshift.com/container-platform/4.10/openshift_images/create-images.html#images-create-guide-openshift_create-images
+
+if ! whoami &>/dev/null; then
+  if [ -w /etc/passwd ]; then
+    echo "${USER_NAME:-osd-example-operator}:x:$(id -u):$(id -g):${USER_NAME:-osd-example-operator} user:${HOME}:/sbin/nologin" >> /etc/passwd
+  fi
+fi
+
+exec ${OPERATOR} $@
diff --git a/build/bin/user_setup b/build/bin/user_setup
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -x
+
+# ensure $HOME exists and is accessible by group 0 (we don't know what the runtime UID will be)
+mkdir -p ${HOME}
+chown ${USER_UID}:0 ${HOME}
+chmod ug+rwx ${HOME}
+
+# runtime user will need to be able to self-insert in /etc/passwd
+chmod g+rw /etc/passwd
+
+# no need for this script to remain in the image after running
+rm $0

-Original file line number
+Diff line change
 *.dll
 *.so
 *.dylib
 -bin
 .envrc