[7.17] [artifacts] Test mock building Iron Bank context (#170682) (#1…

…70746) #170682 Had conflicts so re-ran a build - https://buildkite.com/elastic/kibana-artifacts-snapshot/builds/3453
elastic · Nov 7, 2023 · 5beb0dd · 5beb0dd
1 parent 846ce67
commit 5beb0dd
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 9 deletions.
diff --git a/.buildkite/pipelines/artifacts.yml b/.buildkite/pipelines/artifacts.yml
@@ -71,6 +71,16 @@ steps:
         - exit_status: '*'
           limit: 1
 
+  - command: KIBANA_DOCKER_CONTEXT=ironbank .buildkite/scripts/steps/artifacts/docker_context.sh
+    label: 'Docker Context Verification'
+    agents:
+      queue: n2-2
+    timeout_in_minutes: 30
+    retry:
+      automatic:
+        - exit_status: '*'
+          limit: 1
+
   - wait
 
   - command: .buildkite/scripts/steps/artifacts/publish.sh

diff --git a/.buildkite/scripts/steps/artifacts/docker_context.sh b/.buildkite/scripts/steps/artifacts/docker_context.sh
@@ -8,23 +8,43 @@ source .buildkite/scripts/steps/artifacts/env.sh
 
 echo "--- Create contexts"
 mkdir -p target
-node scripts/build --skip-initialize --skip-generic-folders --skip-platform-folders --skip-archives --docker-context-use-local-artifact $(echo "$BUILD_ARGS")
+node scripts/build --skip-initialize --skip-generic-folders --skip-platform-folders --skip-archives --docker-context-use-local-artifact
 
 echo "--- Setup default context"
 DOCKER_BUILD_FOLDER=$(mktemp -d)
+DOCKER_BUILD_ARGS=''
+case $KIBANA_DOCKER_CONTEXT in
+  default)
+    DOCKER_CONTEXT_FILE="kibana-$FULL_VERSION-docker-build-context.tar.gz"
+  ;;
+  cloud)
+    DOCKER_CONTEXT_FILE="kibana-cloud-$FULL_VERSION-docker-build-context.tar.gz"
+  ;;
+  ubi8)
+    DOCKER_CONTEXT_FILE="kibana-ubi8-$FULL_VERSION-docker-build-context.tar.gz"
+  ;;
+  ubi9)
+    DOCKER_CONTEXT_FILE="kibana-ubi9-$FULL_VERSION-docker-build-context.tar.gz"
+  ;;
+  ironbank)
+    DOCKER_CONTEXT_FILE="kibana-ironbank-$FULL_VERSION-docker-build-context.tar.gz"
+    DOCKER_BUILD_ARGS='--build-arg BASE_REGISTRY=docker.elastic.co --build-arg BASE_IMAGE=ubi9/ubi --build-arg BASE_TAG=latest'
+
+    # See src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/hardening_manifest.yaml
+    curl --retry 8 -sS -L -o "$DOCKER_BUILD_FOLDER/tini" "https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64"
+    echo "8053cc21a3a9bdd6042a495349d1856ae8d3b3e7664c9654198de0087af031f5d41139ec85a2f5d7d2febd22ec3f280767ff23b9d5f63d490584e2b7ad3c218c  $DOCKER_BUILD_FOLDER/tini" | sha512sum -c -
+    curl --retry 8 -sS -L -o "$DOCKER_BUILD_FOLDER/NotoSansCJK-Regular.ttc" https://github.com/googlefonts/noto-cjk/raw/NotoSansV2.001/NotoSansCJK-Regular.ttc
+    echo "0ce56bde1853fed3e53282505bac65707385275a27816c29712ab04c187aa249797c82c58759b2b36c210d4e2683eda92359d739a8045cb8385c2c34d37cc9e1  $DOCKER_BUILD_FOLDER/NotoSansCJK-Regular.ttc" | sha512sum -c -
+
+    echo "Warning: this will build an approximation of the Iron Bank context, using a swapped base image"
+  ;;
+esac
 
-if [[ "$KIBANA_DOCKER_CONTEXT" == "default" ]]; then
-  DOCKER_CONTEXT_FILE="kibana-$FULL_VERSION-docker-build-context.tar.gz"
-elif [[ "$KIBANA_DOCKER_CONTEXT" == "ubi8" ]]; then
-  DOCKER_CONTEXT_FILE="kibana-ubi8-$FULL_VERSION-docker-build-context.tar.gz"
-elif [[ "$KIBANA_DOCKER_CONTEXT" == "ubi9" ]]; then
-  DOCKER_CONTEXT_FILE="kibana-ubi9-$FULL_VERSION-docker-build-context.tar.gz"
-fi
 
 tar -xf "target/$DOCKER_CONTEXT_FILE" -C "$DOCKER_BUILD_FOLDER"
 cd $DOCKER_BUILD_FOLDER
 
 buildkite-agent artifact download "kibana-$FULL_VERSION-linux-x86_64.tar.gz" . --build "${KIBANA_BUILD_ID:-$BUILDKITE_BUILD_ID}"
 
 echo "--- Build context"
-docker build .
+docker build $DOCKER_BUILD_ARGS .