Enable hermetic builds

Signed-off-by: Dale Haiducek <[email protected]>
stolostron · Jan 16, 2025 · 1ab4e65 · 1ab4e65
1 parent 926ad55
commit 1ab4e65
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 8 deletions.
diff --git a/.tekton/governance-policy-addon-controller-acm-213-pull-request.yaml b/.tekton/governance-policy-addon-controller-acm-213-pull-request.yaml
@@ -32,6 +32,12 @@ spec:
       value: build/Dockerfile.rhtap
     - name: path-context
       value: .
+    - name: build-source-image
+      value: "true"
+    - name: hermetic
+      value: "true"
+    - name: prefetch-input
+      value: '[{"type": "gomod", "path": "."}]'
   pipelineSpec:
     description: |
       This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.

diff --git a/.tekton/governance-policy-addon-controller-acm-213-push.yaml b/.tekton/governance-policy-addon-controller-acm-213-push.yaml
@@ -29,6 +29,12 @@ spec:
       value: build/Dockerfile.rhtap
     - name: path-context
       value: .
+    - name: build-source-image
+      value: "true"
+    - name: hermetic
+      value: "true"
+    - name: prefetch-input
+      value: '[{"type": "gomod", "path": "."}]'
   pipelineSpec:
     description: |
       This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.

diff --git a/Makefile b/Makefile
@@ -76,7 +76,7 @@ gosec-scan:
 
 .PHONY: build
 build: ## Build manager binary.
-	CGO_ENABLED=1 go build -o build/_output/bin/$(IMG) main.go
+	CGO_ENABLED=1 go build -mod=readonly -o build/_output/bin/$(IMG) main.go
 
 ############################################################
 # images section

diff --git a/build/Dockerfile b/build/Dockerfile
@@ -26,7 +26,12 @@ RUN  /usr/local/bin/user_setup
 
 ENTRYPOINT ["/usr/local/bin/entrypoint"]
 
-RUN microdnf update -y && \
-    microdnf clean all
-
 USER ${USER_UID}
+
+LABEL name="rhacm2/acm-governance-policy-addon-controller-rhel9"
+LABEL summary="Manage the governance addon deployed to managed clusters"
+LABEL description="Manage the governance addon deployed to managed clusters"
+LABEL io.k8s.display-name="Governance policy addon controller"
+LABEL io.k8s.description="Manage the governance addon deployed to managed clusters"
+LABEL com.redhat.component="acm-governance-policy-addon-controller-container"
+LABEL io.openshift.tags="data,images"
diff --git a/build/Dockerfile.rhtap b/build/Dockerfile.rhtap
@@ -7,7 +7,6 @@ ENV COMPONENT=governance-policy-addon-controller
 ENV REPO_PATH=/go/src/github.com/stolostron/${COMPONENT}
 WORKDIR ${REPO_PATH}
 COPY . .
-RUN go mod vendor
 RUN make build
 
 # Stage 2: Copy the binaries from the image builder to the base image
@@ -27,7 +26,12 @@ RUN  /usr/local/bin/user_setup
 
 ENTRYPOINT ["/usr/local/bin/entrypoint"]
 
-RUN microdnf update -y && \
-    microdnf clean all
-
 USER ${USER_UID}
+
+LABEL name="rhacm2/acm-governance-policy-addon-controller-rhel9"
+LABEL summary="Manage the governance addon deployed to managed clusters"
+LABEL description="Manage the governance addon deployed to managed clusters"
+LABEL io.k8s.display-name="Governance policy addon controller"
+LABEL io.k8s.description="Manage the governance addon deployed to managed clusters"
+LABEL com.redhat.component="acm-governance-policy-addon-controller-container"
+LABEL io.openshift.tags="data,images"