samples/bookinfo/build_push_update_images.sh - dubbo-go-pixiu - Git at Google

 #!/bin/bash
 #
 # Copyright 2018 Istio Authors
 #
 #   Licensed under the Apache License, Version 2.0 (the "License");
 #   you may not use this file except in compliance with the License.
 #   You may obtain a copy of the License at
 #
 #       http://www.apache.org/licenses/LICENSE-2.0
 #
 #   Unless required by applicable law or agreed to in writing, software
 #   distributed under the License is distributed on an "AS IS" BASIS,
 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #   See the License for the specific language governing permissions and
 #   limitations under the License.

 set -o errexit

 display_usage() {
     echo
     echo "USAGE: ./build_push_update_images.sh <version> [-h|--help] [--prefix=value] [--scan-images]"
     echo "	version : Version of the sample app images (Required)"
     echo "	-h|--help : Prints usage information"
     echo "	--prefix: Use the value as the prefix for image names. By default, 'istio' is used"
     echo -e "	--scan-images : Enable security vulnerability scans for docker images \n\t\t\trelated to bookinfo sample apps. By default, this feature \n\t\t\tis disabled."
     exit 1
 }

 # Check if there is atleast one input argument
 if [[ -z "$1" ]] ; then
 	echo "Missing version parameter"
         display_usage
 else
 	VERSION="$1"
 	shift
 fi

 # Process the input arguments. By default, image scanning is disabled.
 PREFIX=istio
 ENABLE_IMAGE_SCAN=false
 echo "$@"
 for i in "$@"
 do
 	case "$i" in
 		--prefix=* )
 		   PREFIX="${i#--prefix=}" ;;
 		--scan-images )
 		   ENABLE_IMAGE_SCAN=true ;;
 		-h|--help )
 		   echo
 		   echo "Build the docker images for bookinfo sample apps, push them to docker hub and update the yaml files."
 		   display_usage ;;
 		* )
 		   echo "Unknown argument: $i"
 		   display_usage ;;
 	esac
 done

 #Build docker images
 src/build-services.sh "${VERSION}" "${PREFIX}"

 #get all the new image names and tags
 for v in ${VERSION} "latest"
 do
   IMAGES+=$(docker images -f reference="${PREFIX}/examples-bookinfo*:$v" --format "{{.Repository}}:$v")
   IMAGES+=" "
 done

 # check that $IMAGES contains the images we've just built
 if [[ "${IMAGES}" =~ ^\ +$ ]] ; then
   echo "Found no images matching prefix \"${PREFIX}/examples-bookinfo\"."
   echo "Try running the script without specifying the image registry in --prefix (e.g. --prefix=/foo instead of --prefix=docker.io/foo)."
   exit 1
 fi

 #
 # Run security vulnerability scanning on bookinfo sample app images using
 # trivy. If the image has vulnerabilities, the file will have a .failed
 # suffix. A successult scan will have a .passed suffix.
 function run_vulnerability_scanning() {
   RESULT_DIR="vulnerability_scan_results"
   mkdir -p "$RESULT_DIR"
   # skip-dir added to prevent timeout of review images
   set +e
   trivy image --ignore-unfixed --no-progress --exit-code 2 --skip-dirs /opt/ibm/wlp --output "$RESULT_DIR/$1_$VERSION.failed" "$2"
   test $? -ne 0 || mv "$RESULT_DIR/$1_$VERSION.failed" "$RESULT_DIR/$1_$VERSION.passed"
   set -e
 }

 # Push images. Scan images if ENABLE_IMAGE_SCAN is true.
 for IMAGE in ${IMAGES};
 do
   echo "Pushing: ${IMAGE}"
   docker push "${IMAGE}";

   # $IMAGE has the following format: istio/examples-bookinfo*:"$v".
   # We want to get the sample app name from $IMAGE (the examples-bookinfo* portion)
   # to create the file to store the results of the scan for that image. The first
   # part of the $IMAGE_NAME gets examples-bookinfo*:"$v", and the second part gets
   # 'examples-bookinfo*'.
   if [[ "$ENABLE_IMAGE_SCAN" == "true"  ]]; then
   	echo "Scanning ${IMAGE} for security vulnerabilities"
   	IMAGE_NAME=${IMAGE#*/}
   	IMAGE_NAME=${IMAGE_NAME%:*}
   	run_vulnerability_scanning "${IMAGE_NAME}" "${IMAGE}"
   fi
 done

 #Update image references in the yaml files
 find . -name "*bookinfo*.yaml" -exec sed -i.bak "s/image:.*\\(\\/examples-bookinfo-.*\\):.*/image: ${PREFIX//\//\\\/}\\1:$VERSION/g" {} +
	#!/bin/bash
	#
	# Copyright 2018 Istio Authors
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	set -o errexit

	display_usage() {
	echo
	echo "USAGE: ./build_push_update_images.sh <version> [-h\|--help] [--prefix=value] [--scan-images]"
	echo " version : Version of the sample app images (Required)"
	echo " -h\|--help : Prints usage information"
	echo " --prefix: Use the value as the prefix for image names. By default, 'istio' is used"
	echo -e " --scan-images : Enable security vulnerability scans for docker images \n\t\t\trelated to bookinfo sample apps. By default, this feature \n\t\t\tis disabled."
	exit 1
	}

	# Check if there is atleast one input argument
	if [[ -z "$1" ]] ; then
	echo "Missing version parameter"
	display_usage
	else
	VERSION="$1"
	shift
	fi

	# Process the input arguments. By default, image scanning is disabled.
	PREFIX=istio
	ENABLE_IMAGE_SCAN=false
	echo "$@"
	for i in "$@"
	do
	case "$i" in
	--prefix=* )
	PREFIX="${i#--prefix=}" ;;
	--scan-images )
	ENABLE_IMAGE_SCAN=true ;;
	-h\|--help )
	echo
	echo "Build the docker images for bookinfo sample apps, push them to docker hub and update the yaml files."
	display_usage ;;
	* )
	echo "Unknown argument: $i"
	display_usage ;;
	esac
	done

	#Build docker images
	src/build-services.sh "${VERSION}" "${PREFIX}"

	#get all the new image names and tags
	for v in ${VERSION} "latest"
	do
	IMAGES+=$(docker images -f reference="${PREFIX}/examples-bookinfo*:$v" --format "{{.Repository}}:$v")
	IMAGES+=" "
	done

	# check that $IMAGES contains the images we've just built
	if [[ "${IMAGES}" =~ ^\ +$ ]] ; then
	echo "Found no images matching prefix \"${PREFIX}/examples-bookinfo\"."
	echo "Try running the script without specifying the image registry in --prefix (e.g. --prefix=/foo instead of --prefix=docker.io/foo)."
	exit 1
	fi

	#
	# Run security vulnerability scanning on bookinfo sample app images using
	# trivy. If the image has vulnerabilities, the file will have a .failed
	# suffix. A successult scan will have a .passed suffix.
	function run_vulnerability_scanning() {
	RESULT_DIR="vulnerability_scan_results"
	mkdir -p "$RESULT_DIR"
	# skip-dir added to prevent timeout of review images
	set +e
	trivy image --ignore-unfixed --no-progress --exit-code 2 --skip-dirs /opt/ibm/wlp --output "$RESULT_DIR/$1_$VERSION.failed" "$2"
	test $? -ne 0 \|\| mv "$RESULT_DIR/$1_$VERSION.failed" "$RESULT_DIR/$1_$VERSION.passed"
	set -e
	}

	# Push images. Scan images if ENABLE_IMAGE_SCAN is true.
	for IMAGE in ${IMAGES};
	do
	echo "Pushing: ${IMAGE}"
	docker push "${IMAGE}";

	# $IMAGE has the following format: istio/examples-bookinfo*:"$v".
	# We want to get the sample app name from $IMAGE (the examples-bookinfo* portion)
	# to create the file to store the results of the scan for that image. The first
	# part of the $IMAGE_NAME gets examples-bookinfo*:"$v", and the second part gets
	# 'examples-bookinfo*'.
	if [[ "$ENABLE_IMAGE_SCAN" == "true" ]]; then
	echo "Scanning ${IMAGE} for security vulnerabilities"
	IMAGE_NAME=${IMAGE#*/}
	IMAGE_NAME=${IMAGE_NAME%:*}
	run_vulnerability_scanning "${IMAGE_NAME}" "${IMAGE}"
	fi
	done

	#Update image references in the yaml files
	find . -name "bookinfo.yaml" -exec sed -i.bak "s/image:.\\(\\/examples-bookinfo-.\\):.*/image: ${PREFIX//\//\\\/}\\1:$VERSION/g" {} +