scenescape/common.mk at main · ucjaiswal/scenescape · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# SPDX-FileCopyrightText: (C) 2021 - 2025 Intel Corporation
# SPDX-License-Identifier: Apache-2.0

SHELL := /bin/bash
VERSION := $(shell cat ../version.txt)
BUILD_DIR ?= $(PWD)/build
ROOT_DIR := $(PWD)
LOG_FILE := $(BUILD_DIR)/$(IMAGE).log
HAS_PIP ?= yes
HAS_DPKG ?= yes
USES_SCENE_COMMON ?= no
GITHUB_ACTIONS_CACHE ?= false
# Read the SHA-pinned image from the Dockerfile ARG default — single source of truth
RUNTIME_OS_IMAGE ?= $(shell sed -n 's/^ARG RUNTIME_OS_IMAGE=//p' Dockerfile)

default: build-image

$(BUILD_DIR):
	mkdir -p $@

# ANSI color codes
RED    := \033[0;31m
GREEN  := \033[0;32m
YELLOW := \033[0;33m
RESET  := \033[0m


.PHONY: build-image
build-image: $(BUILD_DIR) Dockerfile
	@echo -e "$(GREEN)------- STARTING BUILD OF IMAGE: $(IMAGE):$(VERSION) -------$(RESET)"
	@{ \
		set -xe; \
		set -o pipefail; \
		if [ "$(GITHUB_ACTIONS_CACHE)" = "true" ]; then \
		  EXTRA_BUILD_ARGS+=" --cache-from type=registry,ref=ghcr.io/${CACHE_REGISTRY}/cache-$(IMAGE):${CACHE_TAG} --cache-from type=registry,ref=ghcr.io/${CACHE_REGISTRY}/cache-$(IMAGE):main --cache-to type=registry,ref=ghcr.io/${CACHE_REGISTRY}/cache-$(IMAGE):${CACHE_TAG},ignore-error=true"; \
		fi; \
		TARGET_ARG=""; \
		if [ -n "$(TARGET)" ]; then TARGET_ARG="--target $(TARGET)"; fi; \
		if env BUILDKIT_PROGRESS=plain docker build $(REBUILDFLAGS) $$TARGET_ARG \
			--build-arg http_proxy=$(http_proxy) \
			--build-arg https_proxy=$(https_proxy) \
			--build-arg no_proxy=$(no_proxy) \
			--build-arg CERTDOMAIN=$(CERTDOMAIN) \
			--build-arg FORCE_VAAPI=$(FORCE_VAAPI) \
			$$EXTRA_BUILD_ARGS \
			--rm -t $(IMAGE):$(VERSION) \
			-f ./Dockerfile .. 2>&1 | tee $(LOG_FILE); \
		then \
			docker tag $(IMAGE):$(VERSION) $(IMAGE):latest; \
			echo -e "$(GREEN)------- BUILD OF IMAGE $(IMAGE):$(VERSION) COMPLETED SUCCESSFULLY -------$(RESET)"; \
			echo "Log file created at $(LOG_FILE)"; \
		else \
			echo -e "$(RED)------- BUILD OF IMAGE $(IMAGE):$(VERSION) FAILED. CHECK $(LOG_FILE) FOR DETAILS. -------$(RESET)"; \
			grep --color=auto -i -r "^error" $(LOG_FILE); \
			exit 1; \
		fi \
	}

.PHONY: rebuild
rebuild:
	$(MAKE) REBUILDFLAGS="--no-cache"

.PHONY: list-dependencies
list-dependencies: $(BUILD_DIR)
	@if [[ -z $$(docker images | grep "^$(IMAGE)" | grep $(VERSION)) ]]; then \
	  echo "Error: the image $(IMAGE):$(VERSION) does not exist! Cannot generate dependency list."; \
	  echo "Please build the image first."; \
	  exit 1; \
	fi
	@if [[ "$(HAS_PIP)" == "yes" ]]; then \
	  docker run --rm --entrypoint pip $(IMAGE):$(VERSION) freeze --all > $(BUILD_DIR)/$(IMAGE)-pip-deps.txt; \
	  echo "Python dependencies listed in $(BUILD_DIR)/$(IMAGE)-pip-deps.txt"; \
	fi
	@if [[ "$(HAS_DPKG)" == "yes" ]]; then \
	  if [[ -z "$(RUNTIME_OS_IMAGE)" ]]; then \
	    echo "Error: RUNTIME_OS_IMAGE is not set for $(IMAGE). Ensure 'ARG RUNTIME_OS_IMAGE=<image>' is present in $(CURDIR)/Dockerfile."; \
	    exit 1; \
	  fi; \
	  docker run --rm $(RUNTIME_OS_IMAGE) dpkg -l | awk '{ print $$2, $$3, $$4 }' > $(BUILD_DIR)/$(IMAGE)-system-packages.txt; \
	  docker run --rm --entrypoint dpkg $(IMAGE):$(VERSION) -l | awk '{ print $$2, $$3, $$4 }' > $(BUILD_DIR)/$(IMAGE)-packages.txt; \
	  grep -Fxv -f $(BUILD_DIR)/$(IMAGE)-system-packages.txt $(BUILD_DIR)/$(IMAGE)-packages.txt > $(BUILD_DIR)/$(IMAGE)-apt-deps.txt || true; \
	  rm -rf $(BUILD_DIR)/$(IMAGE)-system-packages.txt $(BUILD_DIR)/$(IMAGE)-packages.txt; \
	  echo "OS dependencies listed in $(BUILD_DIR)/$(IMAGE)-apt-deps.txt"; \
	fi

.PHONY: check-buildkit
check-buildkit:
	@if ! docker buildx inspect 2>&1 | grep -q "Driver:.*docker-container"; then \
	  echo "Error: generate-sbom requires a BuildKit container builder (current builder uses an incompatible driver)."; \
	  echo "Create one with:"; \
	  echo "  docker buildx create --use --name=scenescape-buildkit-container --driver=docker-container \\"; \
	  echo "    --driver-opt=env.http_proxy=\$$http_proxy,env.https_proxy=\$$https_proxy,env.HTTP_PROXY=\$$HTTP_PROXY,env.HTTPS_PROXY=\$$HTTPS_PROXY,default-load=true"; \
	  exit 1; \
	fi

.PHONY: generate-sbom
generate-sbom: $(BUILD_DIR) check-buildkit
# if the Dockerfile is based on scene_common/Dockerfile, prepend it to get the full context as a work-around for docker buildx limitations
	@if [[ -z "$(RUNTIME_OS_IMAGE)" ]]; then \
	  echo "Error: RUNTIME_OS_IMAGE is not set for $(IMAGE). Ensure 'ARG RUNTIME_OS_IMAGE=<image>' is present in $(CURDIR)/Dockerfile."; \
	  exit 1; \
	fi
	@if [[ "$(USES_SCENE_COMMON)" == "yes" ]]; then \
	  echo "ARG RUNTIME_OS_IMAGE=${RUNTIME_OS_IMAGE}" > $(BUILD_DIR)/sbom-$(IMAGE).Dockerfile; \
	  cat $(ROOT_DIR)/scene_common/Dockerfile ./Dockerfile >> $(BUILD_DIR)/sbom-$(IMAGE).Dockerfile; \
	else \
	  cp ./Dockerfile $(BUILD_DIR)/sbom-$(IMAGE).Dockerfile; \
	fi
	@mkdir -p $(BUILD_DIR)/sboms
	docker buildx build \
	--sbom=true \
	--build-arg http_proxy=$(http_proxy) \
	--build-arg https_proxy=$(https_proxy) \
	--build-arg no_proxy=$(no_proxy) \
	--build-arg BUILDKIT_SBOM_SCAN_STAGE=$(TARGET) \
	--build-arg RUNTIME_OS_IMAGE=$(RUNTIME_OS_IMAGE) \
	--target $(TARGET) \
	-f $(BUILD_DIR)/sbom-$(IMAGE).Dockerfile \
	$(ROOT_DIR) \
	-o type=tar,dest=$(BUILD_DIR)/sboms/$(IMAGE).tar
	@cd $(BUILD_DIR)/sboms && \
	tar -xf $(IMAGE).tar sbom.spdx.json && \
	mv sbom.spdx.json $(IMAGE)-sbom.spdx.json && \
	rm $(IMAGE).tar $(BUILD_DIR)/sbom-$(IMAGE).Dockerfile
	@echo "SBOM generated at $(BUILD_DIR)/sboms/"

.PHONY: clean
clean:
	@docker rmi $(IMAGE):$(VERSION) $(IMAGE):latest || true
	@rm -f $(BUILD_DIR)/$(IMAGE)-*deps.txt $(LOG_FILE) || true