Skip to content

[master] rpm: scan-cli-plugin: fix build-time "version" and "commit" variables #549

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fredericdalleau merged 1 commit into from
Jun 2, 2021
Merged

[master] rpm: scan-cli-plugin: fix build-time "version" and "commit" variables #549

fredericdalleau merged 1 commit into from
Jun 2, 2021

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Jun 2, 2021

When building rpm (and deb) packages, binaries are built from a source tarball.
Source tarballs will only include the raw source code, but do not include the
git repository;

docker-ce-packaging/rpm/Makefile

Lines 110 to 116 in c4c2d89

rpmbuild/SOURCES/scan-cli-plugin.tgz:
mkdir -p $(@D)
docker run --rm -w /v \
-v $(realpath $(CURDIR)/../src/github.com/docker/scan-cli-plugin):/scan-cli-plugin \
-v $(CURDIR)/$(@D):/v \
alpine \
tar -C / -c -z -f /v/scan-cli-plugin.tgz --exclude .git scan-cli-plugin 

tar -C / -c -z -f /v/scan-cli-plugin.tgz --exclude .git scan-cli-plugin

Because of this, the makefile used to build the scan-cli-plugin binaries will
not be able to determine the "commit" (and version) to set as build-time variable
to include in the --version output; https://github.com/docker/scan-cli-plugin/blob/3eaac3e88412543fb18767feb697e11dca21d20f/builder.Makefile#L5-L19
resulting in both version and git commit to be empty in the version output:

docker scan --version
Version:
Git commit:
Provider:   Snyk (1.563.0 (standalone))

This patch updates the RPM spec to add variables for passing this information,
and collects the commit and version from the host to pass it to the build-
container in which the RPMs are built, similar to how they're passed for the
equivalent "deb" build-containers (which use env-vars for this);

docker-ce-packaging/deb/Makefile

Lines 36 to 37 in c4c2d89

-e SCAN_VERSION=$(DOCKER_SCAN_REF) \
-e SCAN_GITCOMMIT=$(SCAN_GITCOMMIT) \

Before:

docker scan --version
Version:
Git commit:
Provider:   Snyk (1.563.0 (standalone))

docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
  scan: Docker Scan (Docker Inc.)
...

After:

docker scan --version
Version:    v0.8.0
Git commit: 35651ca
Provider:   Snyk (1.563.0 (standalone))

docker info

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
  scan: Docker Scan (Docker Inc., v0.8.0)
...

@thaJeztah
rpm: scan-cli-plugin: fix build-time "version" and "commit" variables
20c5fee 
When building rpm (and deb) packages, binaries are built from a source tarball.
Source tarballs will only include the raw source code, but do not include the
git repository; https://github.com/docker/docker-ce-packaging/blob/c4c2d89b4e22ff484b08f138ca05b6098077590c/rpm/Makefile#L110-L116

    tar -C / -c -z -f /v/scan-cli-plugin.tgz --exclude .git scan-cli-plugin

Because of this, the makefile used to build the scan-cli-plugin binaries will
not be able to determine the "commit" (and version) to set as build-time variable
to include in the `--version` output; https://github.com/docker/scan-cli-plugin/blob/3eaac3e88412543fb18767feb697e11dca21d20f/builder.Makefile#L5-L19
resulting in both `version` and `git commit` to be empty in the version output:

    docker scan --version
    Version:
    Git commit:
    Provider:   Snyk (1.563.0 (standalone))

This patch updates the RPM spec to add variables for passing this information,
and collects the commit and version from the host to pass it to the build-
container in which the RPMs are built, similar to how  they're passed for the
equivalent "deb" build-containers (which use env-vars for this);
https://github.com/docker/docker-ce-packaging/blob/c4c2d89b4e22ff484b08f138ca05b6098077590c/deb/Makefile#L36-L37

Before:

    docker scan --version
    Version:
    Git commit:
    Provider:   Snyk (1.563.0 (standalone))

    docker info
    Client:
     Context:    default
     Debug Mode: false
     Plugins:
      app: Docker App (Docker Inc., v0.9.1-beta3)
      buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
      scan: Docker Scan (Docker Inc.)
    ...

After:

    docker scan --version
    Version:    v0.8.0
    Git commit: 35651ca
    Provider:   Snyk (1.563.0 (standalone))

    docker info

    Client:
     Context:    default
     Debug Mode: false
     Plugins:
      app: Docker App (Docker Inc., v0.9.1-beta3)
      buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
      scan: Docker Scan (Docker Inc., v0.8.0)
    ...

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah mentioned this pull request Jun 2, 2021
Merged
@thaJeztah
Copy link
Member Author

thaJeztah commented Jun 2, 2021

@fredericdalleau @glours @StefanScherer ptal

also opened a backport for 20.10: #550

glours
glours approved these changes Jun 2, 2021
View reviewed changes
Copy link
Contributor

@glours glours left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LTGM
Thanks @thaJeztah 🙏

fredericdalleau
fredericdalleau approved these changes Jun 2, 2021
View reviewed changes
Copy link
Contributor

@fredericdalleau fredericdalleau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

StefanScherer
StefanScherer approved these changes Jun 2, 2021
View reviewed changes
Copy link
Member

@StefanScherer StefanScherer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fredericdalleau fredericdalleau merged commit 3f7664e into docker:master Jun 2, 2021
@thaJeztah thaJeztah deleted the fix_scan_cli_version branch June 2, 2021 09:26
@thaJeztah thaJeztah mentioned this pull request Jun 2, 2021
Merged
@thaJeztah thaJeztah changed the title rpm: scan-cli-plugin: fix build-time "version" and "commit" variables [master] rpm: scan-cli-plugin: fix build-time "version" and "commit" variables Jul 28, 2021
@thaJeztah thaJeztah mentioned this pull request Mar 7, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@glours glours glours approved these changes

+2 more reviewers

@StefanScherer StefanScherer StefanScherer approved these changes

@fredericdalleau fredericdalleau fredericdalleau approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@thaJeztah @StefanScherer @glours @fredericdalleau