harbor icon indicating copy to clipboard operation
harbor copied to clipboard

Published 20 hours ago verified publisher icon goharbor

Simplify trivy-adapter build

Open kariya-mitsuru opened this issue 8 months ago • 0 comments

Comprehensive Summary of your change

  1. make/photon/Makefile

    Remove cd command since the current directory is changed in make/photon/trivy-adapter/builder.sh.

  2. make/photon/trivy-adapter/Dockerfile.base

    Change the owner of /etc/pki/tls/certs when building the base image. (Since files under /etc/pki/tls/certs are not affected by binary build.)

  3. make/photon/trivy-adapter/Dockerfile

    • Remove changing the owner of /etc/pki/tls/certs since the change has been moved to the base image.
    • The owner/permission changes of files copied from the context are now performed simultaneously when the COPY command is executed. (If COPY and the owner/permission changes were separated, both image layers before and after change would be created, making the image unnecessarily large.)
    • Add --link option to COPY command. (This will improve image build efficiency since the base image will not be extracted at build time.)

  4. make/photon/trivy-adapter/builder.sh.

    • Move set -e (exit immediately on error) to the top.
    • There is no error command, so change it to the echo command.
    • Remove cur variables that are no longer used.
    • Add -b $VERSION option to git clone command and remove git checkout command.
    • Add --depth 1 option to git clone command. (Since we only need the specified version of the source to build, we don't need the whole history, and this reduces the amount of transfer at clone time.)
    • Change the docker build command to specify the source file directly with the -f option instead of copying Dockerfile.binary.
    • Change the docker build command to directly output the binary file without creating a container image and a container by specifying the output directory with the -o option.

  5. make/photon/trivy-adapter/Dockerfile.binary.

    Add a stage to extract only binary files, since make/photon/trivy-adapter/builder.sh now outputs binary files directly.

Issue being fixed

Please indicate you've done the following:

  • [x] Well Written Title and Summary of the PR
  • [ ] Label the PR as needed. "release-note/ignore-for-release, release-note/new-feature, release-note/update, release-note/enhancement, release-note/community, release-note/breaking-change, release-note/docs, release-note/infra, release-note/deprecation"
  • [x] Accepted the DCO. Commits without the DCO will delay acceptance.
  • [x] Made sure tests are passing and test coverage is added if needed.
  • [ ] Considered the docs impact and opened a new docs issue or PR with docs changes if needed in website repository.

kariya-mitsuru avatar Jun 19 '24 07:06 kariya-mitsuru