Update build script to support base builds

Dockerfile

@@ -1,5 +1,6 @@
 # Build the manager binary
-FROM registry.access.redhat.com/ubi8/go-toolset:1.19.9-2.1687187497 as builder
+ARG BASE_IMAGE=
+FROM $BASE_IMAGE as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -14,12 +15,10 @@ COPY main.go main.go
 COPY api/ api/
 COPY controllers/ controllers/
 
-USER 0
-
 # Build
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o manager main.go
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7-1031
+FROM registry.access.redhat.com/ubi8/go-toolset:1.19.9-2.1687187497
 WORKDIR /
 COPY --from=builder /workspace/manager .
 USER 65534:65534

build/Dockerfile.pr

@@ -1,6 +1,6 @@
-FROM registry.access.redhat.com/ubi8/go-toolset:1.17.7
+FROM registry.access.redhat.com/ubi8/go-toolset:1.19.9-2.1687187497
 USER 0
-RUN dnf install -y openssh-clients git podman make which go jq
+RUN dnf install -y openssh-clients git podman make which go jq python3
 RUN mkdir /root/go -p
 RUN GOBIN=/root/go go install sigs.k8s.io/controller-tools/cmd/[email protected] \
     && GOBIN=/root/go go install sigs.k8s.io/kustomize/kustomize/[email protected] \
@@ -9,5 +9,4 @@ RUN GOBIN=/root/go go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0
     && rm -rf /root/go/pkg
 ENV GOBIN="/root/go"
 RUN ln -s /usr/bin/podman /usr/bin/docker
-COPY pr_check_inner.sh .
-RUN chmod 775 pr_check_inner.sh
+

build_deploy.sh

@@ -17,7 +17,28 @@ fi
 
 DOCKER_CONF="$PWD/.docker"
 mkdir -p "$DOCKER_CONF"
+
 docker --config="$DOCKER_CONF" login -u="$QUAY_USER" -p="$QUAY_TOKEN" quay.io
 docker --config="$DOCKER_CONF" login -u="$RH_REGISTRY_USER" -p="$RH_REGISTRY_TOKEN" registry.redhat.io
-docker --config="$DOCKER_CONF" build -t "${IMAGE}:${IMAGE_TAG}" .
+
+
+### Start base image build and push
+BASE_TAG=`cat go.mod go.sum Dockerfile.base | sha256sum  | head -c 8`
+BASE_IMG=quay.io/cloudservices/frontend-operator-build-base:$BASE_TAG
+RESPONSE=$( \
+        curl -Ls -H "Authorization: Bearer $QUAY_TOKEN" \
+        "https://quay.io/api/v1/repository/cloudservices/frontend-operator-build-base/tag/?specificTag=$BASE_TAG" \
+    )
+echo "received HTTP response: $RESPONSE"
+# find all non-expired tags
+VALID_TAGS_LENGTH=$(echo $RESPONSE | jq '[ .tags[] | select(.end_ts == null) ] | length')
+
+if [[ "$VALID_TAGS_LENGTH" -eq 0 ]]; then
+    docker --config="$DOCKER_CONF" build -f Dockerfile.base . -t "$BASE_IMG"
+	docker --config="$DOCKER_CONF" push "$BASE_IMG"
+fi
+docker --config="$DOCKER_CONF" build  --build-arg BASE_IMAGE="$BASE_IMG" -t "${IMAGE}:${IMAGE_TAG}"
+#### End 
+
+docker --config="$DOCKER_CONF" build  --build-arg BASE_IMAGE="$BASE_IMG" -t "${IMAGE}:${IMAGE_TAG}" .
 docker --config="$DOCKER_CONF" push "${IMAGE}:${IMAGE_TAG}"

pr_check.sh

@@ -2,32 +2,29 @@
 
 set -exv
 
-# Note, this does not currently work with podman. pr_check_inner.sh has insufficient permissions
-RUNTIME="docker"
-DOCKER_CONF="$PWD/.docker"
-mkdir -p "$DOCKER_CONF"
-
-export IMAGE_TAG=`git rev-parse --short HEAD`
-export IMAGE_NAME=quay.io/cloudservices/frontend-operator
+mkdir -p "$PWD/.docker"
 
 CONTAINER_NAME="${FEO_CONTAINER_NAME:-frontend-operator-pr-check-$ghprbPullId}"
-# NOTE: Make sure this volume is mounted 'ro', otherwise Jenkins cannot clean up the workspace due to file permission errors
-set +e
-# Run the pr check container (stored in the build dir) and invoke the
-# pr_check_inner as its command
-$RUNTIME run -i \
---name $CONTAINER_NAME \
--v $PWD:/workspace:ro \
-quay.io/bholifie/frontend-op-pr-check:v0.0.8 \
-/workspace/build/pr_check_inner.sh
+docker rm -f $CONTAINER_NAME
+docker rm -f $CONTAINER_NAME-run
+
+
+# We're mounting the jenkins workspace over the root of the container
+# This means that the pr_check_inner.sh script will be run in the context of the jenkins workspace
+# This confused me for a while because pr_check_inner.sh is also copied into the pr check container at build time
+# but the template_check.sh isn't. I couldn't figure out how it was sourcing it
+
+docker build -t $CONTAINER_NAME -f build/Dockerfile.pr .
+
+docker run -i --name $CONTAINER_NAME-run -v $PWD:/workspace:ro $CONTAINER_NAME /workspace/build/pr_check_inner.sh
 
 TEST_RESULT=$?
 
 mkdir -p artifacts
 
-$RUNTIME cp $CONTAINER_NAME:/container_workspace/artifacts/ $PWD
+docker cp $CONTAINER_NAME-run:/container_workspace/artifacts/ $PWD
 
-$RUNTIME rm -f $CONTAINER_NAME
-set -e
+docker rm -f $CONTAINER_NAME
+docker rm -f $CONTAINER_NAME-run
 
 exit $TEST_RESULT