我目前正在使用 fabric8io - docker maven 插件 来构建容器映像。
我需要指定更多容器图像标签 - 特别是here记录的 opencontainer 图像标签。
标签
org.opencontainers.image.base.digest
对我来说有特殊的意义,因为我构建的镜像将用作进一步应用程序的基础镜像,并且我想为完整的容器基础设施递归地创建一个谱系。
现在这里需要基础容器镜像的摘要。但我不知道如何在maven中查询摘要来指定它。
插件当前配置如下:
<plugin>
<groupId>io.fabric8</groupId>
<artifactId>docker-maven-plugin</artifactId>
<configuration>
<images>
<image>
<name>my/app</name>
<build>
<dockerFile>${project.basedir}/Dockerfile</dockerFile>
<contextDir>${project.basedir}</contextDir>
<args>
<APP_NAME>app</APP_NAME>
<BASE_IMAGE_DIGEST>HOW TO DETERMINE?</BASE_IMAGE_DIGEST>
<BASE_IMAGE_NAME>docker.io/library/rockylinux:8.6</BASE_IMAGE_NAME>
<BUILD_DATE>${docker.app.image.created}</BUILD_DATE>
<GIT_TAG>${docker.app.image.version}</GIT_TAG>
<PROJECT_DOC>${docker.app.image.scm.url}#README</PROJECT_DOC>
<PROJECT_SCM>${docker.app.image.scm.url}.git</PROJECT_SCM>
<PROJECT_URL>${docker.app.image.scm.url}</PROJECT_URL>
</args>
</build>
</image>
</images>
</configuration>
<executions>
<execution>
<id>build</id>
<phase>package</phase>
<goals>
<goal>build</goal>
</goals>
</execution>
<execution>
<id>push</id>
<phase>deploy</phase>
<goals>
<goal>push</goal>
</goals>
</execution>
</executions>
</plugin>
Dockerfile:
ARG BASE_IMAGE_NAME
FROM ${BASE_IMAGE_NAME}
ARG APP_NAME
ARG BASE_IMAGE_DIGEST
ARG BASE_IMAGE_NAME
ARG BUILD_DATE
ARG GIT_TAG
ARG PROJECT_DOC
ARG PROJECT_SCM
ARG PROJECT_URL
# Open specifications from the Open Container Initative (OCI)
# https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
LABEL org.opencontainers.image.base.name=${BASE_IMAGE_NAME} \
org.opencontainers.image.base.ref=${BASE_IMAGE_DIGEST} \
org.opencontainers.image.created=${BUILD_DATE} \
org.opencontainers.image.description="My App" \
org.opencontainers.image.documentation=${PROJECT_DOC} \
org.opencontainers.image.source=${PROJECT_SCM} \
org.opencontainers.image.title="My App Base image" \
org.opencontainers.image.url=${PROJECT_URL} \
org.opencontainers.image.version=${GIT_TAG}
沃尔克
我设法使用
gmavenplus-plugin
做到了这一点。 Groovy 似乎在处理引号方面遇到了困难,这就是为什么我不得不做相当奇怪的 docker inspect
和管道。
我已经使用老化的 Spotify Maven 插件对此进行了测试,它按预期工作。
由于我只在 GNU/Linux 上工作,所以我无法确定如何在 Windows 或 MacO 上完成此操作,但我已经提供了一个配置文件,以便有人可以解决它们。
插件定义:
<plugin>
<groupId>org.codehaus.gmavenplus</groupId>
<artifactId>gmavenplus-plugin</artifactId>
<version>3.0.2</version>
<!-- So long as this runs before the docker build, it's good -->
<executions>
<execution>
<phase>compile</phase>
<goals>
<goal>execute</goal>
</goals>
</execution>
</executions>
<configuration>
<scripts>
<!-- Run the script determined from OS profile -->
<script>${base.image.digest.script}</script>
</scripts>
</configuration>
<dependencies>
<dependency>
<groupId>org.apache.groovy</groupId>
<artifactId>groovy</artifactId>
<version>4.0.15</version>
<scope>compile</scope>
</dependency>
</dependencies>
</plugin>
然后是设置
base.image.digest.script
值的配置文件。值 docker.base.image.name
需要通过属性设置,或者硬编码到脚本中:
<profile>
<id>unix</id>
<activation>
<os>
<family>unix</family>
</os>
</activation>
<properties>
<!-- Using CDATA just to be safe -->
<base.image.digest.script><![CDATA[
def sub={ it.split("@")[1] }
def process = "docker image inspect ${docker.base.image.name}".execute() | 'grep @sha256'.execute() | 'head -n1'.execute()
def digest = sub(process.in.text.trim()).take(71)
println "Setting 'docker.base.image.digest' to '" + digest + "'"
project.properties.setProperty('docker.base.image.digest', digest)
]]></base.image.digest.script>
</properties>
</profile>
<profile>
<id>windows</id>
<activation>
<os>
<family>windows</family>
</os>
</activation>
<properties>
<base.image.digest.script><![CDATA[
println "!!!WARNING !!!"
println "WARNING: Cannot determine base image digest on Windows"
println "!!!WARNING !!!"
]]></base.image.digest.script>
</properties>
</profile>
<profile>
<id>mac</id>
<activation>
<os>
<family>mac</family>
</os>
</activation>
<properties>
<base.image.digest.script><![CDATA[
println "!!!WARNING !!!"
println "WARNING: Cannot determine base image digest on MacOS"
println "!!!WARNING !!!"
]]></base.image.digest.script>
</properties>
</profile>