diff --git a/Makefile b/Makefile index 2063bbe5c..be1b8d23a 100644 --- a/Makefile +++ b/Makefile @@ -7,6 +7,9 @@ include $(abspath $(PROJECT_DIR)/build/automation/init.mk) setup: project-config # Set up project make tester-build +container-check: # Check the container management tool - can be set with: "export DOCKER_CMD=`which podman`" or "export DOCKER_CMD=`which docker`" + echo $(DOCKER_CMD) + build: # Build lambdas for IMAGE_NAME in $$(echo $(PROJECT_LAMBDAS_LIST) | tr "," "\n"); do make -s build-lambda GENERIC_IMAGE_NAME=lambda NAME=$$IMAGE_NAME @@ -499,7 +502,7 @@ docker-run-tester: ### Run python container - mandatory: CMD; optional: SH=true, mkdir -p $(TMP_DIR)/.python/pip/{cache,packages} lib_volume_mount=$$(([ $(BUILD_ID) -eq 0 ] || [ "$(LIB_VOLUME_MOUNT)" == true ]) && echo "--volume $(TMP_DIR)/.python/pip/cache:/tmp/.cache/pip --volume $(TMP_DIR)/.python/pip/packages:/tmp/.packages" ||:) container=$$([ -n "$(CONTAINER)" ] && echo $(CONTAINER) || echo tester-$(BUILD_COMMIT_HASH)-$(BUILD_ID)-$$(date --date=$$(date -u +"%Y-%m-%dT%H:%M:%S%z") -u +"%Y%m%d%H%M%S" 2> /dev/null)-$$(make secret-random LENGTH=8)) - docker run --interactive $(_TTY) --rm \ + $(DOCKER_CMD) run --interactive $(_TTY) --rm \ --name $$container \ --user $$(id -u):$$(id -g) \ --env-file <(make _list-variables PATTERN="^(AWS|TX|TEXAS|NHSD|TERRAFORM)") \ @@ -556,3 +559,4 @@ python-run-ruff-fixes: # Auto fixes ruff warnings .SILENT: docker-run-ruff \ commit-date-hash-tag \ performance-test-results \ + container-check \ diff --git a/build/automation/lib/docker.mk b/build/automation/lib/docker.mk index cd6466beb..07a199ba3 100644 --- a/build/automation/lib/docker.mk +++ b/build/automation/lib/docker.mk @@ -5,7 +5,8 @@ DOCKER_LIB_DIR = $(LIB_DIR)/docker DOCKER_LIB_DIR_REL = $(shell echo $(DOCKER_LIB_DIR) | sed "s;$(PROJECT_DIR);;g") DOCKER_LIB_IMAGE_DIR = $(LIB_DIR)/docker/image DOCKER_LIB_IMAGE_DIR_REL = $(shell echo $(DOCKER_LIB_IMAGE_DIR) | sed "s;$(PROJECT_DIR);;g") -DOCKER_NETWORK = $(PROJECT_GROUP_SHORT)/$(PROJECT_NAME_SHORT)/$(BUILD_ID) +# DOCKER_NETWORK = $(PROJECT_GROUP_SHORT)/$(PROJECT_NAME_SHORT)/$(BUILD_ID) +DOCKER_NETWORK = $(PROJECT_GROUP_SHORT)_$(PROJECT_NAME_SHORT)_$(BUILD_ID) DOCKER_REGISTRY = $(AWS_ECR)/$(PROJECT_GROUP_SHORT)/$(PROJECT_NAME_SHORT) DOCKER_LIBRARY_REGISTRY = nhsd @@ -43,6 +44,10 @@ DOCKER_LIBRARY_TOOLS_VERSION = $(shell cat $(DOCKER_LIB_IMAGE_DIR)/tools/VERSION COMPOSE_HTTP_TIMEOUT := $(or $(COMPOSE_HTTP_TIMEOUT), 6000) DOCKER_CLIENT_TIMEOUT := $(or $(DOCKER_CLIENT_TIMEOUT), 6000) +DOCKER_CMD := $(or $(DOCKER_CMD), $(shell command -v docker >/dev/null 2>&1 && echo docker || echo podman)) +IS_PODMAN := $(shell [[ "$(DOCKER_CMD)" == *podman ]] && echo true || echo false) +OUTPUT_OPTION := $(if $(filter false,$(IS_PODMAN)),--output type=docker) + # ============================================================================== docker-create-from-template: ### Create Docker image from template - mandatory: NAME,TEMPLATE=[library template image name] @@ -65,7 +70,7 @@ docker-create-from-template: ### Create Docker image from template - mandatory: # ============================================================================== docker-config: ### Configure Docker networking - docker network create $(DOCKER_NETWORK) 2> /dev/null ||: + $(DOCKER_CMD) network create $(DOCKER_NETWORK) 2> /dev/null ||: docker-build docker-image: ### Build Docker image - mandatory: NAME; optional: VERSION,FROM_CACHE=true,BUILD_OPTS=[build options],EXAMPLE=true reg=$$(make _docker-get-reg) @@ -99,7 +104,7 @@ docker-build docker-image: ### Build Docker image - mandatory: NAME; optional: V export IMAGE=$$reg/$(NAME)$(shell [ -n "$(EXAMPLE)" ] && echo -example) export VERSION=$$(make docker-image-get-version) make -s file-replace-variables FILE=$$dir/Dockerfile.effective - docker buildx build --rm \ + $(DOCKER_CMD) buildx build --rm \ --build-arg IMAGE=$$IMAGE \ --build-arg VERSION=$$VERSION \ --build-arg BUILD_ID=$(BUILD_ID) \ @@ -108,7 +113,7 @@ docker-build docker-image: ### Build Docker image - mandatory: NAME; optional: V --build-arg BUILD_BRANCH=$(BUILD_BRANCH) \ --build-arg BUILD_COMMIT_HASH=$(BUILD_COMMIT_HASH) \ --build-arg BUILD_COMMIT_DATE=$(BUILD_COMMIT_DATE) \ - --output type=docker \ + $(OUTPUT_OPTION) \ --label name=$$IMAGE \ --label version=$$VERSION \ --label build-id=$(BUILD_ID) \ @@ -122,12 +127,12 @@ docker-build docker-image: ### Build Docker image - mandatory: NAME; optional: V --tag $$reg/$(NAME)$(shell [ -n "$(EXAMPLE)" ] && echo -example):$$(make docker-image-get-version) \ $$dir # Tag - docker tag \ + $(DOCKER_CMD) tag \ $$reg/$(NAME)$(shell [ -n "$(EXAMPLE)" ] && echo -example):$$(make docker-image-get-version) \ $$reg/$(NAME)$(shell [ -n "$(EXAMPLE)" ] && echo -example):latest - docker rmi --force $$(docker images | grep "" | awk '{ print $$3 }') 2> /dev/null ||: + $(DOCKER_CMD) rmi --force $$($(DOCKER_CMD) images | grep "" | awk '{ print $$3 }') 2> /dev/null ||: make docker-image-keep-latest-only NAME=$(NAME) - docker image inspect $$reg/$(NAME)$(shell [ -n "$(EXAMPLE)" ] && echo -example):latest --format='{{.Size}}' + $(DOCKER_CMD) image inspect $$reg/$(NAME)$(shell [ -n "$(EXAMPLE)" ] && echo -example):latest --format='{{.Size}}' docker-test: ### Test image - mandatory: NAME; optional: ARGS,CMD,GOSS_OPTS,EXAMPLE=true dir=$$(make _docker-get-dir) @@ -143,9 +148,9 @@ docker-test: ### Test image - mandatory: NAME; optional: ARGS,CMD,GOSS_OPTS,EXAM docker-login: ### Log into the Docker registry - optional: DOCKER_USERNAME,DOCKER_PASSWORD if [ -n "$(DOCKER_USERNAME)" ] && [ -n "$$(make _docker-get-login-password)" ]; then - make _docker-get-login-password | docker login --username "$(DOCKER_USERNAME)" --password-stdin + make _docker-get-login-password | $(DOCKER_CMD) login --username "$(DOCKER_USERNAME)" --password-stdin else - make aws-ecr-get-login-password | docker login --username AWS --password-stdin $(AWS_ECR) + make aws-ecr-get-login-password | $(DOCKER_CMD) login --username AWS --password-stdin $(AWS_ECR) fi docker-create-repository: ### Create Docker repository to store an image - mandatory: NAME; optional: POLICY_FILE=[policy file] @@ -155,11 +160,11 @@ docker-push: ### Push Docker image - mandatory: NAME; optional: VERSION|TAG make docker-login reg=$$(make _docker-get-reg) if [ -n "$(or $(VERSION), $(TAG))" ]; then - docker push $$reg/$(NAME):$(or $(VERSION), $(TAG)) + $(DOCKER_CMD) push $$reg/$(NAME):$(or $(VERSION), $(TAG)) else - docker push $$reg/$(NAME):$$(make docker-image-get-version) + $(DOCKER_CMD) push $$reg/$(NAME):$$(make docker-image-get-version) fi - docker push $$reg/$(NAME):latest 2> /dev/null ||: + $(DOCKER_CMD) push $$reg/$(NAME):latest 2> /dev/null ||: docker-push-for-production: ### Push Docker image - mandatory: NAME; optional: VERSION|TAG make docker-login @@ -174,23 +179,23 @@ docker-pull: ### Pull Docker image - mandatory: NAME,DIGEST|VERSION|TAG [ $$(make _docker-is-lib-image) == false ] && make docker-login reg=$$(make _docker-get-reg) if [ -n "$(DIGEST)" ]; then - docker pull $$reg/$(NAME)@$(DIGEST) ||: + $(DOCKER_CMD) pull $$reg/$(NAME)@$(DIGEST) ||: else - docker pull $$reg/$(NAME):$(or $(VERSION), $(TAG)) ||: + $(DOCKER_CMD) pull $$reg/$(NAME):$(or $(VERSION), $(TAG)) ||: fi docker-tag: ### Tag latest or provide arguments - mandatory: NAME,VERSION|TAG|[SOURCE,TARGET]|[DIGEST,VERSION|TAG] reg=$$(make _docker-get-reg) if [ -n "$(DIGEST)" ] && [ -n "$(TAG)" ]; then - docker tag \ + $(DOCKER_CMD) tag \ $$reg/$(NAME)@$(DIGEST) \ $$reg/$(NAME):$(or $(VERSION), $(TAG)) elif [ -n "$(SOURCE)" ] && [ -n "$(TARGET)" ]; then - docker tag \ + $(DOCKER_CMD) tag \ $$reg/$(NAME):$(SOURCE) \ $$reg/$(NAME):$(TARGET) elif [ -n "$(or $(VERSION), $(TAG))" ]; then - docker tag \ + $(DOCKER_CMD) tag \ $$reg/$(NAME):latest \ $$reg/$(NAME):$(or $(VERSION), $(TAG)) fi @@ -280,25 +285,25 @@ docker-image-set-version: ### Set effective Docker image version - mandatory: NA docker-image-pull-or-build: ### Pull or build image - mandatory: NAME; optional VERSION|TAG=[defaults to 'latest'],LATEST=true version=$(or $(or $(VERSION), $(TAG)), latest) image=$(DOCKER_LIBRARY_REGISTRY)/$(NAME):$$version - if [ -z "$$(docker images --filter=reference="$$image" --quiet)" ]; then + if [ -z "$$($(DOCKER_CMD) images --filter=reference="$$image" --quiet)" ]; then make docker-pull NAME=$(NAME) VERSION=$$version ||: fi - if [ -z "$$(docker images --filter=reference="$$image" --quiet)" ]; then + if [ -z "$$($(DOCKER_CMD) images --filter=reference="$$image" --quiet)" ]; then make docker-build NAME=$(NAME) || ( \ echo "ERROR: No image $$image found"; \ exit 1 \ ) fi - if [ -n "$$(docker images --filter=reference="$$image" --quiet)" ]; then + if [ -n "$$($(DOCKER_CMD) images --filter=reference="$$image" --quiet)" ]; then [[ "$(LATEST)" =~ ^(true|yes|y|on|1|TRUE|YES|Y|ON)$$ ]] && \ make docker-tag NAME=$(NAME) SOURCE=$$version TARGET=latest ||: fi docker-image-keep-latest-only: ### Remove other images than latest - mandatory: NAME reg=$$(make _docker-get-reg) - docker rmi --force $$( \ - docker images --filter=reference="$$reg/$(NAME):*" --quiet | \ - grep -v $$(docker images --filter=reference="$$reg/$(NAME):latest" --quiet) \ + $(DOCKER_CMD) rmi --force $$( \ + $(DOCKER_CMD) images --filter=reference="$$reg/$(NAME):*" --quiet | \ + grep -v $$($(DOCKER_CMD) images --filter=reference="$$reg/$(NAME):latest" --quiet) \ ) 2> /dev/null ||: docker-image-start: ### Start container - mandatory: NAME; optional: CMD,DIR,ARGS=[Docker args],VARS_FILE=[Makefile vars file],EXAMPLE=true @@ -364,7 +369,7 @@ docker-run: ### Run specified image - mandatory: IMAGE; optional: CMD,SH=true,DI make docker-config > /dev/null 2>&1 container=$$([ -n "$(CONTAINER)" ] && echo $(CONTAINER) || echo $$(echo '$(IMAGE)' | md5sum | cut -c1-7)-$(BUILD_COMMIT_HASH)-$(BUILD_ID)-$$(date --date=$$(date -u +"%Y-%m-%dT%H:%M:%S%z") -u +"%Y%m%d%H%M%S" 2> /dev/null)-$$(make secret-random LENGTH=8)) if [[ ! "$(SH)" =~ ^(true|yes|y|on|1|TRUE|YES|Y|ON)$$ ]]; then - docker run --interactive $(_TTY) --rm \ + $(DOCKER_CMD) run --interactive $(_TTY) --rm \ --name $$container \ --user $$(id -u):$$(id -g) \ --env-file <(make _list-variables PATTERN="^(AWS|TX|TEXAS|NHSD|TERRAFORM)") \ @@ -425,7 +430,7 @@ docker-run-editorconfig: ### Run editorconfig container - optional: DIR=[working make docker-config > /dev/null 2>&1 image=$$([ -n "$(IMAGE)" ] && echo $(IMAGE) || echo mstruebing/editorconfig-checker:$(DOCKER_EDITORCONFIG_CHECKER_VERSION)) container=$$([ -n "$(CONTAINER)" ] && echo $(CONTAINER) || echo editorconfig-$(BUILD_COMMIT_HASH)-$(BUILD_ID)-$$(date --date=$$(date -u +"%Y-%m-%dT%H:%M:%S%z") -u +"%Y%m%d%H%M%S" 2> /dev/null)-$$(make secret-random LENGTH=8)) - docker run --interactive $(_TTY) --rm \ + $(DOCKER_CMD) run --interactive $(_TTY) --rm \ --name $$container \ --user $$(id -u):$$(id -g) \ --volume $$([ -n "$(DIR)" ] && echo $(abspath $(DIR)) || echo $(PWD)):/check \ @@ -531,7 +536,7 @@ docker-run-python: ### Run python container - mandatory: CMD; optional: SH=true, image=$$([ -n "$(IMAGE)" ] && echo $(IMAGE) || echo python:$(DOCKER_PYTHON_VERSION)) container=$$([ -n "$(CONTAINER)" ] && echo $(CONTAINER) || echo python-$(BUILD_COMMIT_HASH)-$(BUILD_ID)-$$(date --date=$$(date -u +"%Y-%m-%dT%H:%M:%S%z") -u +"%Y%m%d%H%M%S" 2> /dev/null)-$$(make secret-random LENGTH=8)) if [[ ! "$(SH)" =~ ^(true|yes|y|on|1|TRUE|YES|Y|ON)$$ ]]; then - docker run --interactive $(_TTY) --rm \ + $(DOCKER_CMD) run --interactive $(_TTY) --rm \ --name $$container \ --user $$(id -u):$$(id -g) \ --env-file <(make _list-variables PATTERN="^(AWS|TX|TEXAS|NHSD|TERRAFORM)") \ @@ -549,7 +554,7 @@ docker-run-python: ### Run python container - mandatory: CMD; optional: SH=true, $$image \ $(CMD) else - docker run --interactive $(_TTY) --rm \ + $(DOCKER_CMD) run --interactive $(_TTY) --rm \ --name $$container \ --user $$(id -u):$$(id -g) \ --env-file <(make _list-variables PATTERN="^(AWS|TX|TEXAS|NHSD|TERRAFORM)") \ @@ -594,7 +599,7 @@ docker-run-terraform: ### Run terraform container - mandatory: CMD; optional: DI make docker-config > /dev/null 2>&1 image=$$([ -n "$(IMAGE)" ] && echo $(IMAGE) || echo hashicorp/terraform:$(DOCKER_TERRAFORM_VERSION)) container=$$([ -n "$(CONTAINER)" ] && echo $(CONTAINER) || echo terraform-$(BUILD_COMMIT_HASH)-$(BUILD_ID)-$$(date --date=$$(date -u +"%Y-%m-%dT%H:%M:%S%z") -u +"%Y%m%d%H%M%S" 2> /dev/null)-$$(make secret-random LENGTH=8)) - docker run --interactive $(_TTY) --rm \ + $(DOCKER_CMD) run --interactive $(_TTY) --rm \ --name $$container \ --user $$(id -u):$$(id -g) \ --env-file <(make _list-variables PATTERN="^(AWS|TX|TEXAS|NHSD|TERRAFORM)") \ @@ -613,7 +618,7 @@ docker-run-terraform-tfsec: ### Run terraform tfsec container - optional: DIR,AR make docker-config > /dev/null 2>&1 image=$$([ -n "$(IMAGE)" ] && echo $(IMAGE) || echo aquasec/tfsec:$(DOCKER_TERRAFORM_TFSEC_VERSION)) container=$$([ -n "$(CONTAINER)" ] && echo $(CONTAINER) || echo tfsec-$(BUILD_COMMIT_HASH)-$(BUILD_ID)-$$(date --date=$$(date -u +"%Y-%m-%dT%H:%M:%S%z") -u +"%Y%m%d%H%M%S" 2> /dev/null)-$$(make secret-random LENGTH=8)) - docker run --interactive $(_TTY) --rm \ + $(DOCKER_CMD) run --interactive $(_TTY) --rm \ --name $$container \ --user $$(id -u):$$(id -g) \ --env-file <(make _list-variables PATTERN="^(AWS|TX|TEXAS|NHSD|TERRAFORM)") \ @@ -632,7 +637,7 @@ docker-run-checkov: ### Run checkov container - optional: DIR,ARGS=[Docker args] make docker-config > /dev/null 2>&1 image=$$([ -n "$(IMAGE)" ] && echo $(IMAGE) || echo bridgecrew/checkov:$(DOCKER_CHECKOV_VERSION)) container=$$([ -n "$(CONTAINER)" ] && echo $(CONTAINER) || echo tfsec-$(BUILD_COMMIT_HASH)-$(BUILD_ID)-$$(date --date=$$(date -u +"%Y-%m-%dT%H:%M:%S%z") -u +"%Y%m%d%H%M%S" 2> /dev/null)-$$(make secret-random LENGTH=8)) - docker run --interactive $(_TTY) --rm \ + $(DOCKER_CMD) run --interactive $(_TTY) --rm \ --name $$container \ --user $$(id -u):$$(id -g) \ --env-file <(make _list-variables PATTERN="^(AWS|TX|TEXAS|NHSD|TERRAFORM)") \ @@ -714,7 +719,7 @@ docker-run-tools: ### Run tools (Python) container - mandatory: CMD; optional: S container=$$([ -n "$(CONTAINER)" ] && echo $(CONTAINER) || echo tools-$(BUILD_COMMIT_HASH)-$(BUILD_ID)-$$(date --date=$$(date -u +"%Y-%m-%dT%H:%M:%S%z") -u +"%Y%m%d%H%M%S" 2> /dev/null)-$$(make secret-random LENGTH=8)) make docker-image-pull-or-build NAME=tools VERSION=$(DOCKER_LIBRARY_TOOLS_VERSION) >&2 if [[ ! "$(SH)" =~ ^(true|yes|y|on|1|TRUE|YES|Y|ON)$$ ]]; then - docker run --interactive $(_TTY) --rm \ + $(DOCKER_CMD) run --interactive $(_TTY) --rm \ --name $$container \ --user $$(id -u):$$(id -g) \ --env-file <(make _list-variables PATTERN="^(AWS|TX|TEXAS|NHSD|TERRAFORM)") \ @@ -737,7 +742,7 @@ docker-run-tools: ### Run tools (Python) container - mandatory: CMD; optional: S $$image \ $(CMD) else - docker run --interactive $(_TTY) --rm \ + $(DOCKER_CMD) run --interactive $(_TTY) --rm \ --name $$container \ --user $$(id -u):$$(id -g) \ --env-file <(make _list-variables PATTERN="^(AWS|TX|TEXAS|NHSD|TERRAFORM)") \