add scan plugin

Signed-off-by: Sebastiaan van Stijn <[email protected]>
docker · Jul 6, 2022 · 776cb8f · 776cb8f
1 parent 9a1e7a8
commit 776cb8f
Showing 1 changed file with 72 additions and 27 deletions.
diff --git a/static/Makefile b/static/Makefile
@@ -4,11 +4,14 @@ CLI_DIR     = $(realpath $(CURDIR)/../src/github.com/docker/cli)
 ENGINE_DIR  = $(realpath $(CURDIR)/../src/github.com/docker/docker)
 COMPOSE_DIR = $(realpath $(CURDIR)/../src/github.com/docker/compose)
 BUILDX_DIR  = $(realpath $(CURDIR)/../src/github.com/docker/buildx)
+SCAN_DIR    = $(realpath $(CURDIR)/../src/github.com/docker/scan-cli-plugin)
 
 CLI_VERSION        = $(shell ./gen-static-ver $(CLI_DIR) $(VERSION))
 ENGINE_VERSION     = $(shell ./gen-static-ver $(ENGINE_DIR) $(VERSION))
 CONTAINERD_PKG_VER = $(shell ./gen-containerd-ver $(ENGINE_DIR) $(CONTAINERD_VERSION))
 
+SCAN_GITCOMMIT?=$(shell cd "$(SCAN_DIR)" && git rev-parse --short HEAD)
+
 HASH_CMD=docker run -v $(CURDIR):/sum -w /sum debian:jessie bash hash_files
 DIR_TO_HASH:=build/linux
 DOCKER_CLI_GOLANG_IMG=golang:$(GO_VERSION)
@@ -48,7 +51,7 @@ clean: ## remove build artifacts
 static: static-linux cross-mac cross-win cross-arm ## create all static packages
 
 .PHONY: static-linux
-static-linux: static-cli static-engine static-buildx-plugin static-compose-plugin ## create tgz
+static-linux: static-cli static-engine static-buildx-plugin static-compose-plugin docker-scan-plugin ## create tgz
 	# docker cli binaries
 	mkdir -p build/linux/docker-cli
 	cp $(CLI_DIR)/build/docker build/linux/docker-cli/
@@ -87,6 +90,9 @@ static-linux: static-cli static-engine static-buildx-plugin static-compose-plugi
 	# docker buildx
 	tar -C "$(BUILDX_DIR)"/bin/ -c -z -f build/linux/docker-buildx-plugin-"$(DOCKER_BUILDX_REF:v%=%)".tgz docker-buildx
 
+	# docker scan
+	tar -C "$(SCAN_DIR)"/bin/ -c -z -f build/linux/docker-scan-plugin-"$(DOCKER_SCAN_REF:v%=%)".tgz docker-scan
+
 .PHONY: hash_files
 hash_files:
 	@echo "Hashing directory $(DIR_TO_HASH)"
@@ -102,65 +108,84 @@ cross-mac: cross-mac-amd64 cross-mac-arm64
 
 .PHONY: cross-mac-amd64
 cross-mac-amd64: TARGETPLATFORM=darwin/amd64
-cross-mac-amd64: buildx static-cli static-buildx-plugin static-compose-plugin
+cross-mac-amd64: BUILD_DIR=build/mac/amd64
+cross-mac-amd64: buildx static-cli static-buildx-plugin static-compose-plugin cross-scan-plugin
 	# docker cli binaries
-	mkdir -p build/mac/amd64/docker-cli
-	cp -L $(CLI_DIR)/build/docker build/mac/amd64/docker-cli/docker
-	tar -C build/mac/amd64/ -c -z -f build/mac/amd64/docker-cli-$(CLI_VERSION).tgz docker-cli
-	rm -r build/mac/amd64/docker-cli
+	mkdir -p $(BUILD_DIR)/docker-cli
+	cp -L $(CLI_DIR)/build/docker $(BUILD_DIR)/docker-cli/docker
+	tar -C $(BUILD_DIR)/ -c -z -f $(BUILD_DIR)/docker-cli-$(CLI_VERSION).tgz docker-cli
+	rm -r $(BUILD_DIR)/docker-cli
 
 	# docker compose
-	tar -C "$(COMPOSE_DIR)"/bin/ -c -z -f build/mac/amd64/docker-compose-plugin-"$(DOCKER_COMPOSE_REF:v%=%)".tgz docker-compose
+	tar -C "$(COMPOSE_DIR)"/bin/ -c -z -f $(BUILD_DIR)/docker-compose-plugin-"$(DOCKER_COMPOSE_REF:v%=%)".tgz docker-compose
 
 	# docker buildx
-	tar -C "$(BUILDX_DIR)"/bin/ -c -z -f build/mac/amd64/docker-buildx-plugin-"$(DOCKER_BUILDX_REF:v%=%)".tgz docker-buildx
+	tar -C "$(BUILDX_DIR)"/bin/ -c -z -f $(BUILD_DIR)/docker-buildx-plugin-"$(DOCKER_BUILDX_REF:v%=%)".tgz docker-buildx
+
+	# docker scan
+	mkdir -p $(BUILD_DIR)/docker-scan
+	cp -L $(SCAN_DIR)/dist/docker-scan_darwin_amd64 $(BUILD_DIR)/docker-scan/docker-scan
+	tar -C $(BUILD_DIR)/ -c -z -f $(BUILD_DIR)/docker-scan-plugin-"$(DOCKER_SCAN_REF:v%=%)".tgz docker-scan
+	rm -r $(BUILD_DIR)/docker-scan
 
 .PHONY: cross-mac-arm64
 cross-mac-arm64: TARGETPLATFORM=darwin/arm64
-cross-mac-arm64: buildx static-cli static-buildx-plugin static-compose-plugin
+cross-mac-arm64: BUILD_DIR=build/mac/arm64
+cross-mac-arm64: buildx static-cli static-buildx-plugin static-compose-plugin cross-scan-plugin
 	# docker cli binaries
-	mkdir -p build/mac/arm64/docker-cli
-	cp -L $(CLI_DIR)/build/docker build/mac/arm64/docker-cli/docker
-	tar -C build/mac/arm64/ -c -z -f build/mac/arm64/docker-cli-$(CLI_VERSION).tgz docker-cli
-	rm -r build/mac/arm64/docker-cli
+	mkdir -p $(BUILD_DIR)/docker-cli
+	cp -L $(CLI_DIR)/build/docker $(BUILD_DIR)/docker-cli/docker
+	tar -C $(BUILD_DIR)/ -c -z -f $(BUILD_DIR)/docker-cli-$(CLI_VERSION).tgz docker-cli
+	rm -r $(BUILD_DIR)/docker-cli
 
 	# docker compose
-	tar -C "$(COMPOSE_DIR)"/bin/ -c -z -f build/mac/arm64/docker-compose-plugin-"$(DOCKER_COMPOSE_REF:v%=%)".tgz docker-compose
+	tar -C "$(COMPOSE_DIR)"/bin/ -c -z -f $(BUILD_DIR)/docker-compose-plugin-"$(DOCKER_COMPOSE_REF:v%=%)".tgz docker-compose
 
 	# docker buildx
-	tar -C "$(BUILDX_DIR)"/bin/ -c -z -f build/mac/arm64/docker-buildx-plugin-"$(DOCKER_BUILDX_REF:v%=%)".tgz docker-buildx
+	tar -C "$(BUILDX_DIR)"/bin/ -c -z -f $(BUILD_DIR)/docker-buildx-plugin-"$(DOCKER_BUILDX_REF:v%=%)".tgz docker-buildx
+
+	# docker scan
+	mkdir -p $(BUILD_DIR)/docker-scan
+	cp -L $(SCAN_DIR)/dist/docker-scan_darwin_aarch64 $(BUILD_DIR)/docker-scan/docker-scan
+	tar -C $(BUILD_DIR)/ -c -z -f $(BUILD_DIR)/docker-scan-plugin-"$(DOCKER_SCAN_REF:v%=%)".tgz docker-scan
+	rm -r $(BUILD_DIR)/docker-scan
 
 .PHONY: cross-win
 cross-win: TARGETPLATFORM=windows/arm64
 cross-win: EXT=.exe
-cross-win: cross-win-engine static-cli static-buildx-plugin static-compose-plugin
+cross-win: BUILD_DIR=build/win/amd64
+cross-win: cross-win-engine static-cli static-buildx-plugin static-compose-plugin cross-scan-plugin
 	# docker cli binaries
-	mkdir -p build/win/amd64/docker-cli
-	cp -L $(CLI_DIR)/build/docker build/win/amd64/docker-cli/docker.exe
+	mkdir -p $(BUILD_DIR)/docker-cli
+	cp -L $(CLI_DIR)/build/docker $(BUILD_DIR)/docker-cli/docker.exe
 
 	# docker engine binaries
-	mkdir -p build/win/amd64/docker-engine
-	for f in dockerd.exe docker-init docker-proxy.exe; do \
-		cp -L $(ENGINE_DIR)/bundles/cross/windows/amd64-daemon/$$f build/win/amd64/docker-engine/$$f; \
+	mkdir -p $(BUILD_DIR)/docker-engine
+	for f in dockerd.exe docker-proxy.exe; do \
+		cp -L $(ENGINE_DIR)/bundles/cross/windows/amd64-daemon/$$f $(BUILD_DIR)/docker-engine/$$f; \
 	done
 
 	# docker compose, docker buildx
-	mkdir -p build/win/amd64/docker-compose
-	cp $(COMPOSE_DIR)/bin/docker-compose/docker-compose.exe build/win/amd64/docker-compose/docker-compose.exe
+	mkdir -p $(BUILD_DIR)/docker-compose
+	cp $(COMPOSE_DIR)/bin/docker-compose/docker-compose.exe $(BUILD_DIR)/docker-compose/docker-compose.exe
 
 	# docker buildx
-	mkdir -p build/win/amd64/docker-buildx
-	cp $(BUILDX_DIR)/bin/docker-buildx.exe build/win/amd64/docker-buildx/docker-buildx.exe
+	mkdir -p $(BUILD_DIR)/docker-buildx
+	cp $(BUILDX_DIR)/bin/docker-buildx.exe $(BUILD_DIR)/docker-buildx/docker-buildx.exe
+
+	# docker scan
+	mkdir -p $(BUILD_DIR)/docker-scan
+	cp $(SCAN_DIR)/dist/docker-scan-plugin-windows_amd64.exe $(BUILD_DIR)/docker-scan/docker-scan.exe
 
-	docker run --rm -v $(CURDIR)/build/win/amd64:/v -w /v alpine sh -c 'apk add --no-cache zip \
+	docker run --rm -v $(CURDIR)/$(BUILD_DIR):/v -w /v alpine sh -c 'apk add --no-cache zip \
 	&& zip -r docker-cli-$(CLI_VERSION).zip docker-cli \
 	&& zip -r docker-engine-$(ENGINE_VERSION).zip docker-engine \
 	&& zip -r docker-compose-plugin-$(DOCKER_COMPOSE_REF:v%=%).zip docker-compose \
 	&& zip -r docker-buildx-plugin-$(DOCKER_BUILDX_REF:v%=%).zip docker-buildx '
 	$(CHOWN) -R $(shell id -u):$(shell id -g) build
 
 	# clean up temporary directories
-	$(RM) -r build/win/amd64/docker-cli build/win/amd64/docker-engine build/win/amd64/docker-compose build/win/amd64/docker-buildx
+	$(RM) -r $(BUILD_DIR)/docker-cli $(BUILD_DIR)/docker-engine $(BUILD_DIR)/docker-compose $(BUILD_DIR)/docker-buildx $(BUILD_DIR)/docker-scan
 
 .PHONY: cross-arm
 cross-arm: cross-all-cli ## create tgz with linux armhf client only
@@ -193,6 +218,26 @@ static-compose-plugin:
 
 	ls -laR $(COMPOSE_DIR)/bin
 
+.PHONY: docker-scan-plugin
+docker-scan-plugin:
+	# Build the scan-plugin
+	# TODO this should be skipped on non-x86 because there's no image for non-x86?
+	# TODO change once we support scan-plugin on other architectures
+	$(MAKE) -C $(SCAN_DIR) GIT_TAG_NAME="$(DOCKER_SCAN_REF)" build
+
+	# TODO(thaJeztah) upstream Makefile should pass PLATFORM_BINARY
+	# Binary is named (e.g.) docker-scan_linux_amd64. Rename it to have something consistent
+	mv $(SCAN_DIR)/bin/docker-scan_linux_* $(SCAN_DIR)/bin/docker-scan
+
+	ls -laR $(SCAN_DIR)/bin
+
+.PHONY: cross-scan-plugin
+cross-scan-plugin:
+	# TODO: Add TARGETPLATFORM support on scan-cli-plugin repo to build efficiently with --platform
+	$(MAKE) -C  $(SCAN_DIR) GIT_TAG_NAME="$(DOCKER_SCAN_REF)" cross
+
+	ls -laR $(SCAN_DIR)/dist
+
 .PHONY: cross-all-cli
 cross-all-cli:
 	$(MAKE) -C $(CLI_DIR) -f docker.Makefile VERSION=$(CLI_VERSION) cross