build UBI based coverage image

Signed-off-by: Navin Chandra <[email protected]>
kubearmor · Aug 23, 2024 · c04b43e · c04b43e
1 parent 35dca99
commit c04b43e
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -42,7 +42,7 @@ RUN make
 
 FROM builder AS builder-test
 WORKDIR /usr/src/KubeArmor/KubeArmor
-RUN go test -covermode=atomic -coverpkg=./... -c . -o kubearmor-test
+RUN CGO_ENABLED=0 go test -covermode=atomic -coverpkg=./... -c . -o kubearmor-test
 
 ### Make executable image
 
@@ -110,3 +110,36 @@ RUN setcap "cap_sys_admin=ep cap_sys_ptrace=ep cap_ipc_lock=ep cap_sys_resource=
 
 USER 1000
 ENTRYPOINT ["/KubeArmor/kubearmor"]
+
+### Make UBI-based test executable image for coverage calculation
+FROM redhat/ubi9-minimal AS kubearmor-ubi-test
+
+ARG VERSION=latest
+ENV KUBEARMOR_UBI=true
+
+LABEL name="kubearmor" \
+      vendor="Accuknox" \
+      version=${VERSION} \
+      release=${VERSION} \
+      summary="kubearmor container image based on redhat ubi" \
+      description="KubeArmor is a cloud-native runtime security enforcement system that restricts the behavior \
+                  (such as process execution, file access, and networking operations) of pods, containers, and nodes (VMs) \
+                  at the system level."
+
+RUN microdnf -y update && \
+    microdnf -y install --nodocs --setopt=install_weak_deps=0 --setopt=keepcache=0 shadow-utils procps libcap && \
+    microdnf clean all
+
+RUN groupadd --gid 1000 default \
+  && useradd --uid 1000 --gid default --shell /bin/bash --create-home default
+
+COPY LICENSE /licenses/license.txt
+COPY --from=builder --chown=default:default /usr/src/KubeArmor/KubeArmor/kubearmor /KubeArmor/kubearmor
+COPY --from=builder --chown=default:default /usr/src/KubeArmor/BPF/*.o /opt/kubearmor/BPF/
+COPY --from=builder --chown=default:default /usr/src/KubeArmor/KubeArmor/templates/* /KubeArmor/templates/
+COPY --from=builder-test --chown=default:default /usr/src/KubeArmor/KubeArmor/kubearmor-test /KubeArmor/kubearmor-test
+
+RUN setcap "cap_sys_admin=ep cap_sys_ptrace=ep cap_ipc_lock=ep cap_sys_resource=ep cap_dac_override=ep cap_dac_read_search=ep" /KubeArmor/kubearmor-test
+
+USER 1000
+ENTRYPOINT ["/KubeArmor/kubearmor-test"]
diff --git a/KubeArmor/build/build_kubearmor.sh b/KubeArmor/build/build_kubearmor.sh
@@ -70,6 +70,17 @@ if [[ "$IS_COVERAGE" == "true" ]]; then
     fi
     echo "[PASSED] Built $REPO-init:$VERSION"
 
+    # build kubearmor-ubi-test image
+    DTAGUBITEST="-t $UBIREPO-test:$VERSION"
+    echo "[INFO] Building $DTAGUBITEST"
+    cd $ARMOR_HOME/..; docker build $DTAGUBITEST -f Dockerfile --target kubearmor-ubi-test . $LABEL
+
+    if [ $? != 0 ]; then
+        echo "[FAILED] Failed to build $DTAGUBITEST:$VERSION"
+        exit 1
+    fi
+    echo "[PASSED] Built $DTAGUBITEST:$VERSION"
+
     exit 0
 fi