From 6bd7571a279605df08e5c76bba8a899a8b526db3 Mon Sep 17 00:00:00 2001 From: Pawel Proskurnicki Date: Fri, 21 Jun 2024 12:00:17 +0200 Subject: [PATCH] docker: refactor docker folder structure - Refactored AS docker placement - Refactored KBS docker placement This change improves Dockerfile readability as current approach (format: Dockerfile.[name]) is not compatible with code inspection in IDEs which can lead to errors. Signed-off-by: Pawel Proskurnicki --- .github/workflows/as-build-and-push.yaml | 6 +++--- .github/workflows/as-dockerbuild.yml | 6 +++--- .github/workflows/kbs-build-and-push.yaml | 4 ++-- .github/workflows/kbs-docker-build.yml | 6 +++--- attestation-service/.dockerignore | 3 +-- .../{Dockerfile.as-grpc => docker/as-grpc/Dockerfile} | 0 .../{Dockerfile.as-restful => docker/as-restful/Dockerfile} | 0 attestation-service/{ => docker}/rvps/Dockerfile | 0 attestation-service/docs/grpc-as.md | 2 +- attestation-service/docs/restful-as.md | 2 +- attestation-service/rvps/README.md | 2 +- docker-compose.yml | 6 +++--- .../{Dockerfile.coco-as-grpc => coco-as-grpc/Dockerfile} | 0 .../Dockerfile} | 0 kbs/docker/{Dockerfile.rhel-ubi => rhel-ubi/Dockerfile} | 0 15 files changed, 18 insertions(+), 19 deletions(-) rename attestation-service/{Dockerfile.as-grpc => docker/as-grpc/Dockerfile} (100%) rename attestation-service/{Dockerfile.as-restful => docker/as-restful/Dockerfile} (100%) rename attestation-service/{ => docker}/rvps/Dockerfile (100%) rename kbs/docker/{Dockerfile.coco-as-grpc => coco-as-grpc/Dockerfile} (100%) rename kbs/docker/{Dockerfile.intel-trust-authority => intel-trust-authority/Dockerfile} (100%) rename kbs/docker/{Dockerfile.rhel-ubi => rhel-ubi/Dockerfile} (100%) diff --git a/.github/workflows/as-build-and-push.yaml b/.github/workflows/as-build-and-push.yaml index 04f7287278..6f9400a954 100644 --- a/.github/workflows/as-build-and-push.yaml +++ b/.github/workflows/as-build-and-push.yaml @@ -20,13 +20,13 @@ jobs: - coco-as-restful - rvps include: - - docker_file: attestation-service/Dockerfile.as-grpc + - docker_file: attestation-service/docker/as-grpc/Dockerfile tag: coco-as-grpc name: gRPC CoCo-AS - - docker_file: attestation-service/Dockerfile.as-restful + - docker_file: attestation-service/docker/as-restful/Dockerfile tag: coco-as-restful name: RESTful CoCo-AS - - docker_file: attestation-service/rvps/Dockerfile + - docker_file: attestation-service/docker/rvps/Dockerfile tag: rvps name: RVPS runs-on: ${{ matrix.instance }} diff --git a/.github/workflows/as-dockerbuild.yml b/.github/workflows/as-dockerbuild.yml index 5c4d1592bc..98720fa12a 100644 --- a/.github/workflows/as-dockerbuild.yml +++ b/.github/workflows/as-dockerbuild.yml @@ -28,12 +28,12 @@ jobs: - name: Build gRPC AS Container Image run: | - DOCKER_BUILDKIT=1 docker build -t attestation-service:latest . -f attestation-service/Dockerfile.as-grpc + DOCKER_BUILDKIT=1 docker build -t attestation-service:latest . -f attestation-service/docker/as-grpc/Dockerfile - name: Build RESTful AS Container Image run: | - DOCKER_BUILDKIT=1 docker build -t attestation-service:latest . -f attestation-service/Dockerfile.as-restful + DOCKER_BUILDKIT=1 docker build -t attestation-service:latest . -f attestation-service/docker/as-restful/Dockerfile - name: Build RVPS Container Image run: | - Docker_BUILDKIT=1 docker build -t rvps:latest . -f attestation-service/rvps/Dockerfile \ No newline at end of file + Docker_BUILDKIT=1 docker build -t rvps:latest . -f attestation-service/docker/rvps/Dockerfile \ No newline at end of file diff --git a/.github/workflows/kbs-build-and-push.yaml b/.github/workflows/kbs-build-and-push.yaml index 30590ea7ec..b38a58f98a 100644 --- a/.github/workflows/kbs-build-and-push.yaml +++ b/.github/workflows/kbs-build-and-push.yaml @@ -24,7 +24,7 @@ jobs: https_crypto: openssl name: build-in AS - tag: kbs-grpc-as - docker_file: kbs/docker/Dockerfile.coco-as-grpc + docker_file: kbs/docker/coco-as-grpc/Dockerfile https_crypto: rustls name: gRPC AS runs-on: ${{ matrix.instance }} @@ -122,6 +122,6 @@ jobs: - name: Build Container Image KBS (Intel Trust Authority AS) run: | commit_sha=${{ github.sha }} - DOCKER_BUILDKIT=1 docker build -f "kbs/docker/Dockerfile.intel-trust-authority" --push \ + DOCKER_BUILDKIT=1 docker build -f "kbs/docker/intel-trust-authority/Dockerfile" --push \ -t "ghcr.io/confidential-containers/staged-images/kbs-ita-as:${commit_sha}" \ -t "ghcr.io/confidential-containers/staged-images/kbs-ita-as:latest" . \ No newline at end of file diff --git a/.github/workflows/kbs-docker-build.yml b/.github/workflows/kbs-docker-build.yml index 8899d4d9a4..97e9954e7a 100644 --- a/.github/workflows/kbs-docker-build.yml +++ b/.github/workflows/kbs-docker-build.yml @@ -16,6 +16,6 @@ jobs: run: | DOCKER_BUILDKIT=1 docker build -t kbs:coco-as . -f kbs/docker/Dockerfile; \ DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-openssl --build-arg KBS_FEATURES=coco-as-builtin,openssl,resource,opa . -f kbs/docker/Dockerfile; \ - DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-grpc . -f kbs/docker/Dockerfile.coco-as-grpc; \ - DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-rhel-ubi . -f kbs/docker/Dockerfile.rhel-ubi; \ - DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-ita . -f kbs/docker/Dockerfile.intel-trust-authority + DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-grpc . -f kbs/docker/coco-as-grpc/Dockerfile; \ + DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-rhel-ubi . -f kbs/docker/rhel-ubi/Dockerfile; \ + DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-ita . -f kbs/docker/intel-trust-authority/Dockerfile diff --git a/attestation-service/.dockerignore b/attestation-service/.dockerignore index c81564d652..98d036a1da 100644 --- a/attestation-service/.dockerignore +++ b/attestation-service/.dockerignore @@ -1,4 +1,3 @@ target -Dockerfile.as* -Dockerfile.rvps \ No newline at end of file +docker \ No newline at end of file diff --git a/attestation-service/Dockerfile.as-grpc b/attestation-service/docker/as-grpc/Dockerfile similarity index 100% rename from attestation-service/Dockerfile.as-grpc rename to attestation-service/docker/as-grpc/Dockerfile diff --git a/attestation-service/Dockerfile.as-restful b/attestation-service/docker/as-restful/Dockerfile similarity index 100% rename from attestation-service/Dockerfile.as-restful rename to attestation-service/docker/as-restful/Dockerfile diff --git a/attestation-service/rvps/Dockerfile b/attestation-service/docker/rvps/Dockerfile similarity index 100% rename from attestation-service/rvps/Dockerfile rename to attestation-service/docker/rvps/Dockerfile diff --git a/attestation-service/docs/grpc-as.md b/attestation-service/docs/grpc-as.md index 48fd099365..95ba1194d7 100644 --- a/attestation-service/docs/grpc-as.md +++ b/attestation-service/docs/grpc-as.md @@ -105,7 +105,7 @@ Build and run container image ```shell git clone https://github.com/confidential-containers/trustee cd trustee -docker build -t coco-as:grpc -f attestation-service/Dockerfile.as-grpc . +docker build -t coco-as:grpc -f attestation-service/docker/as-grpc/Dockerfile . ``` ### API diff --git a/attestation-service/docs/restful-as.md b/attestation-service/docs/restful-as.md index a0ae247227..4be4274699 100644 --- a/attestation-service/docs/restful-as.md +++ b/attestation-service/docs/restful-as.md @@ -95,7 +95,7 @@ Build and run container image ```shell git clone https://github.com/confidential-containers/trustee cd trustee -docker build -t coco-as:restful -f attestation-service/Dockerfile.as-restful . +docker build -t coco-as:restful -f attestation-service/docker/as-restful/Dockerfile . ``` ### HTTPS support diff --git a/attestation-service/rvps/README.md b/attestation-service/rvps/README.md index 4a4126b4a2..ba29b2bd5a 100644 --- a/attestation-service/rvps/README.md +++ b/attestation-service/rvps/README.md @@ -72,7 +72,7 @@ By default listen to `localhost:50003` to wait for requests We can build RVPS docker image ```bash -cd ../.. && docker build -t rvps -f attestation-service/rvps/Dockerfile . +cd ../.. && docker build -t rvps -f attestation-service/docker/rvps/Dockerfile . ``` Run diff --git a/docker-compose.yml b/docker-compose.yml index 8e14c38da9..bb9c08ec07 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ services: kbs: build: context: . - dockerfile: ./kbs/docker/Dockerfile.coco-as-grpc + dockerfile: kbs/docker/coco-as-grpc/Dockerfile #image: ghcr.io/confidential-containers/key-broker-service:latest command: [ "/usr/local/bin/kbs", @@ -23,7 +23,7 @@ services: as: build: context: . - dockerfile: ./attestation-service/Dockerfile.as-grpc + dockerfile: attestation-service/docker/as-grpc/Dockerfile #image: ghcr.io/confidential-containers/attestation-service:latest ports: - "50004:50004" @@ -46,7 +46,7 @@ services: #image: ghcr.io/confidential-containers/reference-value-provider-service:latest build: context: . - dockerfile: ./attestation-service/rvps/Dockerfile + dockerfile: attestation-service/docker/rvps/Dockerfile restart: always # keep the server running ports: - "50003:50003" diff --git a/kbs/docker/Dockerfile.coco-as-grpc b/kbs/docker/coco-as-grpc/Dockerfile similarity index 100% rename from kbs/docker/Dockerfile.coco-as-grpc rename to kbs/docker/coco-as-grpc/Dockerfile diff --git a/kbs/docker/Dockerfile.intel-trust-authority b/kbs/docker/intel-trust-authority/Dockerfile similarity index 100% rename from kbs/docker/Dockerfile.intel-trust-authority rename to kbs/docker/intel-trust-authority/Dockerfile diff --git a/kbs/docker/Dockerfile.rhel-ubi b/kbs/docker/rhel-ubi/Dockerfile similarity index 100% rename from kbs/docker/Dockerfile.rhel-ubi rename to kbs/docker/rhel-ubi/Dockerfile