[8.11] [artifacts] Test mock building Iron Bank context (#170682) (#1…

…70742)

# Backport

This will backport the following commits from `main` to `8.11`:
- [[artifacts] Test mock building Iron Bank context
(#170682)](#170682)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"Jon","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-11-07T14:07:09Z","message":"[artifacts]
Test mock building Iron Bank context (#170682)\n\nThis uses our mirror
to fetch UBI instead of the upstream mirror. It's\r\nintended to
approximately test changes in development and to provide\r\nquicker
feedback before publishing pipelines are
run.\r\n\r\nhttps://buildkite.com/elastic/kibana-artifacts-snapshot/builds/3443","sha":"553cbd2c76c460596e7236075bc1a885621f5b58","branchLabelMapping":{"^v8.12.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Operations","release_note:skip","backport:all-open","v8.12.0"],"number":170682,"url":"https://github.com/elastic/kibana/pull/170682","mergeCommit":{"message":"[artifacts]
Test mock building Iron Bank context (#170682)\n\nThis uses our mirror
to fetch UBI instead of the upstream mirror. It's\r\nintended to
approximately test changes in development and to provide\r\nquicker
feedback before publishing pipelines are
run.\r\n\r\nhttps://buildkite.com/elastic/kibana-artifacts-snapshot/builds/3443","sha":"553cbd2c76c460596e7236075bc1a885621f5b58"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.12.0","labelRegex":"^v8.12.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/170682","number":170682,"mergeCommit":{"message":"[artifacts]
Test mock building Iron Bank context (#170682)\n\nThis uses our mirror
to fetch UBI instead of the upstream mirror. It's\r\nintended to
approximately test changes in development and to provide\r\nquicker
feedback before publishing pipelines are
run.\r\n\r\nhttps://buildkite.com/elastic/kibana-artifacts-snapshot/builds/3443","sha":"553cbd2c76c460596e7236075bc1a885621f5b58"}}]}]
BACKPORT-->

Co-authored-by: Jon <[email protected]>

.buildkite/pipelines/artifacts.yml

@@ -71,6 +71,16 @@ steps:
         - exit_status: '*'
           limit: 1
 
+  - command: KIBANA_DOCKER_CONTEXT=ironbank .buildkite/scripts/steps/artifacts/docker_context.sh
+    label: 'Docker Context Verification'
+    agents:
+      queue: n2-2
+    timeout_in_minutes: 30
+    retry:
+      automatic:
+        - exit_status: '*'
+          limit: 1
+
   - command: .buildkite/scripts/steps/artifacts/cloud.sh
     label: 'Cloud Deployment'
     soft_fail:

.buildkite/scripts/steps/artifacts/docker_context.sh

@@ -11,25 +11,43 @@ KIBANA_DOCKER_CONTEXT="${KIBANA_DOCKER_CONTEXT:="default"}"
 
 echo "--- Create contexts"
 mkdir -p target
-node scripts/build --skip-initialize --skip-generic-folders --skip-platform-folders --skip-archives --docker-context-use-local-artifact "${BUILD_ARGS[@]}"
+node scripts/build --skip-initialize --skip-generic-folders --skip-platform-folders --skip-archives --docker-context-use-local-artifact
 
 echo "--- Setup context"
 DOCKER_BUILD_FOLDER=$(mktemp -d)
+DOCKER_BUILD_ARGS=''
+case $KIBANA_DOCKER_CONTEXT in
+  default)
+    DOCKER_CONTEXT_FILE="kibana-$FULL_VERSION-docker-build-context.tar.gz"
+  ;;
+  cloud)
+    DOCKER_CONTEXT_FILE="kibana-cloud-$FULL_VERSION-docker-build-context.tar.gz"
+  ;;
+  ubi8)
+    DOCKER_CONTEXT_FILE="kibana-ubi8-$FULL_VERSION-docker-build-context.tar.gz"
+  ;;
+  ubi9)
+    DOCKER_CONTEXT_FILE="kibana-ubi9-$FULL_VERSION-docker-build-context.tar.gz"
+  ;;
+  ironbank)
+    DOCKER_CONTEXT_FILE="kibana-ironbank-$FULL_VERSION-docker-build-context.tar.gz"
+    DOCKER_BUILD_ARGS='--build-arg BASE_REGISTRY=docker.elastic.co --build-arg BASE_IMAGE=ubi9/ubi --build-arg BASE_TAG=latest'
+
+    # See src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/hardening_manifest.yaml
+    curl --retry 8 -sS -L -o "$DOCKER_BUILD_FOLDER/tini" "https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64"
+    echo "8053cc21a3a9bdd6042a495349d1856ae8d3b3e7664c9654198de0087af031f5d41139ec85a2f5d7d2febd22ec3f280767ff23b9d5f63d490584e2b7ad3c218c  $DOCKER_BUILD_FOLDER/tini" | sha512sum -c -
+    curl --retry 8 -sS -L -o "$DOCKER_BUILD_FOLDER/NotoSansCJK-Regular.ttc" https://github.com/googlefonts/noto-cjk/raw/NotoSansV2.001/NotoSansCJK-Regular.ttc
+    echo "0ce56bde1853fed3e53282505bac65707385275a27816c29712ab04c187aa249797c82c58759b2b36c210d4e2683eda92359d739a8045cb8385c2c34d37cc9e1  $DOCKER_BUILD_FOLDER/NotoSansCJK-Regular.ttc" | sha512sum -c -
+
+    echo "Warning: this will build an approximation of the Iron Bank context, using a swapped base image"
+  ;;
+esac
 
-if [[ "$KIBANA_DOCKER_CONTEXT" == "default" ]]; then
-  DOCKER_CONTEXT_FILE="kibana-$FULL_VERSION-docker-build-context.tar.gz"
-elif [[ "$KIBANA_DOCKER_CONTEXT" == "cloud" ]]; then
-  DOCKER_CONTEXT_FILE="kibana-cloud-$FULL_VERSION-docker-build-context.tar.gz"
-elif [[ "$KIBANA_DOCKER_CONTEXT" == "ubi8" ]]; then
-  DOCKER_CONTEXT_FILE="kibana-ubi8-$FULL_VERSION-docker-build-context.tar.gz"
-elif [[ "$KIBANA_DOCKER_CONTEXT" == "ubi9" ]]; then
-  DOCKER_CONTEXT_FILE="kibana-ubi9-$FULL_VERSION-docker-build-context.tar.gz"
-fi
 
 tar -xf "target/$DOCKER_CONTEXT_FILE" -C "$DOCKER_BUILD_FOLDER"
 cd $DOCKER_BUILD_FOLDER
 
 download_artifact "kibana-$FULL_VERSION-linux-x86_64.tar.gz" . --build "${KIBANA_BUILD_ID:-$BUILDKITE_BUILD_ID}"
 
 echo "--- Build context"
-docker build .
+docker build $DOCKER_BUILD_ARGS .