Apply changes from the kubectl review to this change

Updates scripts for grabing blob artifacts

Apply changes from the kubectl review to this change
Updates scripts for grabing blob artifacts
607f1499 · DJ Mountney · e5e60fd2 · 607f1499 · 607f1499 · 607f1499
Verified Commit 607f1499 authored Dec 04, 2019 by DJ Mountney
5 changed files
--- a/12.5/Dockerfile
+++ b/12.5/Dockerfile
@@ -11,7 +11,7 @@ ARG NEXUS_SERVER
 ARG GITLAB_VERSION
 ARG VENDOR=gitlab
 ARG PACKAGE_NAME=ubi8-build-dependencies-${GITLAB_VERSION}.tar
-ARG PACKAGE_URL=${NEXUS_SERVER}/dsop/${VENDOR}/gitlab-task-runner/${PACKAGE_NAME}
+ARG PACKAGE_URL=https://${NEXUS_SERVER}/repository/dsop/${VENDOR}/gitlab-task-runner/${PACKAGE_NAME}
 ADD build-scripts/ /build-scripts/
@@ -36,7 +36,9 @@ COPY --from=builder /prepare/dependencies /
 COPY scripts/bin/* /usr/local/bin/
 COPY scripts/lib/* /usr/lib/ruby/vendor_ruby
-RUN dnf --disableplugin=subscription-manager install -yb --nodocs ca-certificates openssl
+RUN dnf clean all \
+    && rm -r /var/cache/dnf \
+    && dnf --disableplugin=subscription-manager --nogpgcheck install -yb --nodocs ca-certificates openssl
 USER ${GITLAB_USER}:${GITLAB_USER}

--- a/12.5/LICENSE
+++ b/12.5/LICENSE
+MIT License
+Copyright (c) 2017
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/12.5/README.md
+++ b/12.5/README.md
+# gitlab-task-runner-container
+Task Runner is an entry point for interaction with other containers in the cluster. It contains scripts for running Rake tasks, backup, restore, and tools to intract with object storage.
+## GitLab 12.5.0 release
+The hardened containers for GitLab 12.5 require the gitlab 12.5 blob to be available for download.
+There are some included scripts to make this easier for user building images offline on their machine.
+## Building
+1. Switch to the 12.5 directory
+2. Run `./build-scripts/build.sh`
+   * Runs docker build, and takes care of setting the appropriate build args for users running locally
+   * Uses the `NEXUS_SERVER` variable from your environment, or full `PACKAGE_URL`.
+`build-script/build.sh` is provided as an example and helpful for building locally. You can also instead call docker build and pass build-args directly.
+## Build Phases
+Some of the GitLab containers are build ontop of previous containers, building the containers in ordered phases is necessary to build all containers.
+- Phase One
+  * kubectl
+  * gitlab-ruby
+- Phase Two
+  * git-base
+  * gitlab-exporter
+  * gitlab-mailroom
+  * gitlab-shell
+  * gitlab-rails
+  * gitlab-workhorse
+- Phase 3
+  * gitaly
+- Phase 4
+  * gitlab-sidekiq
+  * gitlab-task-runner
+  * gitlab-unicorn
--- a/12.5/build-scripts/prepare.sh
+++ b/12.5/build-scripts/prepare.sh
@@ -6,11 +6,9 @@ PACKAGE_URL=$1
 WORKSPACE="${WORKSPACE:-/prepare}"
 PACKAGE_NAME="${PACKAGE_NAME:-ubi8-build-dependencies.tar}"
-mkdir -p ${WORKSPACE}
 # Download UBI dependencies package and it sha256
-curl -Lf "${PACKAGE_URL}.sha256" -o "${WORKSPACE}/${PACKAGE_NAME}.sha256"
+curl -fLk --create-dirs "${PACKAGE_URL}.sha256" -o "${WORKSPACE}/${PACKAGE_NAME}.sha256"
-curl -Lf "${PACKAGE_URL}" -o "${WORKSPACE}/${PACKAGE_NAME}"
+curl -fLk --create-dirs "${PACKAGE_URL}" -o "${WORKSPACE}/${PACKAGE_NAME}"
 # Verify the package integrity
 echo "$(cat ${PACKAGE_NAME}.sha256) ${PACKAGE_NAME}" | sha256sum --check --status \

--- a/12.5/scripts/prebuild.sh
+++ b/12.5/scripts/prebuild.sh
@@ -5,21 +5,26 @@ set -e
 GITLAB_VERSION=v12.5.2-ubi8
 VENDOR=gitlab
 # These three variables are required to push whatever outside binaries your container needs at build time to our Nexus repo
 NEXUS_SERVER=${NEXUS_SERVER}
 NEXUS_USERNAME=${NEXUS_USERNAME}
 NEXUS_PASSWORD=${NEXUS_PASSWORD}
+## Download variables
+DOWNLOAD_DIR=tmp/${VENDOR}
+UPLOAD_URL=https://${NEXUS_SERVER}/repository/dsop/${VENDOR}/kubectl
 ### Download files/dependencies ###
-# temporarily place your binaries locally in /tmp/${VENDOR}/
+# temporarily place your binaries locally in the download directory
-curl --create-dirs https://gitlab-ubi.s3.us-east-2.amazonaws.com/ubi8-build-dependencies-${GITLAB_VERSION}.tar  -o /tmp/${VENDOR}/ubi8-build-dependencies-${GITLAB_VERSION}.tar
+curl --create-dirs https://gitlab-ubi.s3.us-east-2.amazonaws.com/ubi8-build-dependencies-${GITLAB_VERSION}.tar  -o ${DOWNLOAD_DIR}/ubi8-build-dependencies-${GITLAB_VERSION}.tar
 ### GPG Signature Check ###
 # GPG signature verification is a requirement in the case that the downloaded files have a GPG signature
 # For more information on GPG keys visit https://access.redhat.com/solutions/1541303 or https://gnupg.org/gph/en/manual.html
-curl --create-dirs https://gitlab-ubi.s3.us-east-2.amazonaws.com/ubi8-build-dependencies-${GITLAB_VERSION}.tar.asc  -o /tmp/${VENDOR}/ubi8-build-dependencies-${GITLAB_VERSION}.tar.asc
+curl --create-dirs https://gitlab-ubi.s3.us-east-2.amazonaws.com/ubi8-build-dependencies-${GITLAB_VERSION}.tar.asc  -o ${DOWNLOAD_DIR}/ubi8-build-dependencies-${GITLAB_VERSION}.tar.asc
 for server in $(shuf -e ha.pool.sks-keyservers.net \
                            hkp://p80.pool.sks-keyservers.net:80 \
@@ -30,13 +35,13 @@ do
    gpg --batch --keyserver "$server" --recv-keys 8040EEFCCED8C668EF27F7C61DC5606C0C7E9A9B && break || : ; \
 done
-gpg --verify /tmp/${VENDOR}/ubi8-build-dependencies-${GITLAB_VERSION}.tar.asc /tmp/${VENDOR}/ubi8-build-dependencies-${GITLAB_VERSION}.tar
+gpg --verify ${DOWNLOAD_DIR}/ubi8-build-dependencies-${GITLAB_VERSION}.tar.asc ${DOWNLOAD_DIR}/ubi8-build-dependencies-${GITLAB_VERSION}.tar
 ### SHA256 Verification ###
 # Verifying the files with the SHA256 is a requirement for all files
 # Make sure to not download the SHA256 from the internet, but create it, check it and upload it to the Nexus repo
-cd /tmp/${VENDOR}
+cd ${DOWNLOAD_DIR}
 sha256sum ubi8-build-dependencies-${GITLAB_VERSION}.tar  | awk '{print $1}' > ubi8-build-dependencies-${GITLAB_VERSION}.tar.sha256 \
 && echo "$(cat ubi8-build-dependencies-${GITLAB_VERSION}.tar.sha256) ubi8-build-dependencies-${GITLAB_VERSION}.tar" | sha256sum --check --status \
 && if [ $? == '0' ]; then printf "\nSHA256 check for ubi8-build-dependencies-${GITLAB_VERSION}.tar succeeded\n\n"; \
@@ -48,5 +53,5 @@ cd -
 # format as in Gitlab.  You will also need to push the GPG signature file and SHA256 file
 for package in ubi8-build-dependencies-${GITLAB_VERSION}.tar ubi8-build-dependencies-${GITLAB_VERSION}.tar.sha256 ubi8-build-dependencies-${GITLAB_VERSION}.tar.asc
 do
-    curl -k -fu ${NEXUS_USERNAME}:${NEXUS_PASSWORD} -T /tmp/${VENDOR}/${package} ${NEXUS_SERVER}/dsop/${VENDOR}/gitlab-task-runner/${package}
+    curl -kfS -u ${NEXUS_USERNAME}:${NEXUS_PASSWORD} -T ${DOWNLOAD_DIR}/${package} https://${NEXUS_SERVER}/repository/dsop/${VENDOR}/gitlab-task-runner/${package}
 done