forked from deepfence/ThreatMapper
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbuild.sh
executable file
·129 lines (102 loc) · 4.55 KB
/
build.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
#!/bin/sh
DEEPFENCE_CONSOLE_DIR=$(pwd)/deepfence_console
DEEPFENCE_AGENT_DIR=$(pwd)/deepfence_agent
DOCKER_BUILD_LOG="docker-build.log"
DEEPFENCE_BACKEND_DIR=$(pwd)/deepfence_backend
DEEPFENCE_UI_DIR=$(pwd)/deepfence_ui
DEEPFENCE_DIAG_DIR=$(pwd)/deepfence_diagnosis
DEEPFENCE_FETCHER_DIR=$DEEPFENCE_CONSOLE_DIR/clair
DEEPAUDIT_DIR=$DEEPFENCE_CONSOLE_DIR/deepaudit
cd $DEEPFENCE_CONSOLE_DIR
if [ ! -f certs/ssl/filebeat.crt ]; then
echo "SSL certificate not found! Grenerating SSL certificate...."
mkdir -p certs/ssl
sudo openssl genrsa -out certs/ssl/filebeat.key 2048
sudo openssl req -new -x509 -config self-signed-certificate.cnf -nodes -days 365 -key certs/ssl/filebeat.key -out certs/ssl/filebeat.crt
sudo chmod a+r certs/ssl/filebeat*
else
echo "SSL certificate found"
fi
dependency_check_file=$(pwd)/clair/dependency-check-6.4.1-release.zip
if [ ! -f "$dependency_check_file" ]; then
wget https://github.com/jeremylong/DependencyCheck/releases/download/v6.4.1/dependency-check-6.4.1-release.zip -P "$(pwd)/clair/"
if [ ! $? -eq 0 ]; then
exit 1
fi
fi
echo "Building Vulnerability mapper image"
cd $DEEPFENCE_CONSOLE_DIR
rm -rf $DEEPAUDIT_DIR/filebeat $DEEPAUDIT_DIR/cve_scan_registry
cp -r filebeat $DEEPAUDIT_DIR
rm -rf $DEEPAUDIT_DIR/filebeat/filebeat.yml
cp clair/dependency-check-6.4.1-release.zip $DEEPAUDIT_DIR
cp -r $DEEPFENCE_BACKEND_DIR/cve_scan_registry $DEEPAUDIT_DIR
docker build -f $DEEPAUDIT_DIR/Dockerfile -t ${IMAGE_REPOSITORY:-deepfenceio}/deepfence_vulnerability_mapper_ce:${DF_IMG_TAG:-latest} $DEEPAUDIT_DIR
if [ ! $? -eq 0 ]; then
echo "Building vulnerability mapper image failed. Exiting"
exit 1
fi
echo "Creating elastic-search docker image. You can check $DOCKER_BUILD_LOG for status"
docker build --network host --tag=${IMAGE_REPOSITORY:-deepfenceio}/deepfence_elastic_ce:${DF_IMG_TAG:-latest} --rm=true -f elastic-Dockerfile .
if [ ! $? -eq 0 ]; then
echo "Error while creating elastic-search docker. Check $DOCKER_BUILD_LOG"
exit 1
fi
echo "Creating redis docker image. You can check $DOCKER_BUILD_LOG for status"
docker build --network host --tag=${IMAGE_REPOSITORY:-deepfenceio}/deepfence_redis_ce:${DF_IMG_TAG:-latest} --rm=true -f redis-Dockerfile .
if [ ! $? -eq 0 ]; then
echo "Error while creating redis docker. Check $DOCKER_BUILD_LOG"
exit 1
fi
echo "Building postgres"
docker build --network host --tag=${IMAGE_REPOSITORY:-deepfenceio}/deepfence_postgres_ce:${DF_IMG_TAG:-latest} --rm=true -f postgres-Dockerfile .
if [ ! $? -eq 0 ]; then
echo "Building postgres failed. Exiting"
exit 1
fi
echo "Building deepfence_router image"
docker build -f $DEEPFENCE_BACKEND_DIR/dockerify/haproxy/Dockerfile --build-arg is_dev_build=${IS_DEV_BUILD:-false} -t ${IMAGE_REPOSITORY:-deepfenceio}/deepfence_router_ce:${DF_IMG_TAG:-latest} $DEEPFENCE_BACKEND_DIR
if [ ! $? -eq 0 ]; then
echo "Building deepfence_router failed. Exiting"
exit 1
fi
echo "Building steampipe image"
docker build -f $DEEPFENCE_BACKEND_DIR/dockerify/api/Dockerfile.steampipe -t steampipe_build:latest $DEEPFENCE_BACKEND_DIR
if [ ! $? -eq 0 ]; then
echo "Building steampipe failed. Exiting"
exit 1
fi
echo "Building API image"
docker build -f $DEEPFENCE_BACKEND_DIR/dockerify/api/Dockerfile -t ${IMAGE_REPOSITORY:-deepfenceio}/deepfence_api_ce:${DF_IMG_TAG:-latest} $DEEPFENCE_BACKEND_DIR
if [ ! $? -eq 0 ]; then
echo "Building API image failed. Exiting"
exit 1
fi
echo "Building UI image"
bash ./write_console_version.sh
docker build -f $DEEPFENCE_UI_DIR/Dockerfile -t ${IMAGE_REPOSITORY:-deepfenceio}/deepfence_ui_ce:${DF_IMG_TAG:-latest} $DEEPFENCE_UI_DIR
if [ ! $? -eq 0 ]; then
echo "Building UI image failed. Exiting"
exit 1
fi
bash ./clean_console_version.sh
echo "Building fetcher"
cp filebeat/filebeat.crt filebeat/filebeat.key $DEEPFENCE_FETCHER_DIR
docker build -f $DEEPFENCE_FETCHER_DIR/Dockerfile -t ${IMAGE_REPOSITORY:-deepfenceio}/deepfence_fetcher_ce:${DF_IMG_TAG:-latest} $DEEPFENCE_FETCHER_DIR
if [ ! $? -eq 0 ]; then
echo "Building fetcher image failed. Exiting"
exit 1
fi
echo "Building diagnosis"
docker build -f $DEEPFENCE_DIAG_DIR/service/Dockerfile -t ${IMAGE_REPOSITORY:-deepfenceio}/deepfence_diagnosis_ce:${DF_IMG_TAG:-latest} $DEEPFENCE_DIAG_DIR/service
if [ ! $? -eq 0 ]; then
echo "Building diagnosis image failed. Exiting"
exit 1
fi
echo "Building agent"
cd $DEEPFENCE_AGENT_DIR
env IMAGE_REPOSITORY="${IMAGE_REPOSITORY:-deepfenceio}" DF_IMG_TAG="${DF_IMG_TAG:-latest}" bash build.sh
if [ ! $? -eq 0 ]; then
echo "Building agent image failed. Exiting"
exit 1
fi