-
-
Save realgenekim/fdcad45286d065cc559cd75a8f946ad4 to your computer and use it in GitHub Desktop.
Attempts to use Jib Core API to create image from JAR file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(ns jib | |
(:import | |
(com.google.cloud.tools.jib.api Jib | |
DockerDaemonImage | |
Containerizer | |
TarImage | |
RegistryImage | |
ImageReference CredentialRetriever Credential) | |
(com.google.cloud.tools.jib.api.buildplan AbsoluteUnixPath) | |
(com.google.cloud.tools.jib.frontend | |
CredentialRetrieverFactory) | |
(java.nio.file Paths) | |
(java.io File) | |
(java.util List ArrayList Optional))) | |
(defn- get-path [filename] | |
(Paths/get (.toURI (File. ^String filename)))) | |
(defn- into-list | |
[& args] | |
(ArrayList. ^List args)) | |
(defn- to-imgref [image-config] | |
(ImageReference/parse image-config)) | |
(comment | |
(Jib/from "gcr.io/distroless/java") | |
(def standalone-jar "/Users/genekim/src.local/book-pubsub-components-rf/pubsub-web/pubsub-web-standalone.jar") | |
(def app-layer [(into-list (get-path standalone-jar)) | |
(AbsoluteUnixPath/get "/")]) | |
(def entrypoint ["/app/target/pubsub-web-standalone.jar"]) | |
(def registry (RegistryImage/from "us.gcr.io/booktracker-1208/pubsub-web:latest")) | |
(-> (RegistryImage/named (to-imgref "us.gcr.io/booktracker-1208/pubsub-web:latest"))) | |
(def arguments standalone-jar) | |
; 1. unauthorized! | |
(-> (Jib/from "gcr.io/distroless/java") | |
(.addLayer (first app-layer) (second app-layer)) | |
(.setEntrypoint (apply into-list entrypoint)) | |
(.setProgramArguments (into-list arguments)) | |
(.containerize (Containerizer/to | |
(RegistryImage/named | |
(to-imgref "us.gcr.io/booktracker-1208/pubsub-web:latest"))))) | |
; Execution error (HttpResponseException) at com.google.api.client.http.HttpRequest/execute (HttpRequest.java:1113). | |
;401 Unauthorized | |
;GET https://us.gcr.io/v2/token?service=us.gcr.io&scope=repository:booktracker-1208/pubsub-web:pull,push | |
;{"errors":[{"code":"UNAUTHORIZED","message":"You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication"}]} | |
(-> (Jib/from "gcr.io/distroless/java") | |
(.addLayer (first app-layer) (second app-layer)) | |
(.setEntrypoint (apply into-list entrypoint)) | |
(.setProgramArguments (into-list arguments)) | |
(.containerize (Containerizer/to | |
(RegistryImage/named | |
(to-imgref "us.gcr.io/booktracker-1208/pubsub-web:latest")))) | |
(.addCredentialRetriever | |
(-> (CredentialRetrieverFactory/forImage | |
(to-imgref "us.gcr.io/booktracker-1208/pubsub-web:latest") | |
nil) | |
(.googleApplicationDefaultCredentials)))) | |
; same error | |
(-> (Jib/from "gcr.io/distroless/java") | |
(.addLayer (first app-layer) (second app-layer)) | |
(.setEntrypoint (apply into-list entrypoint)) | |
(.setProgramArguments (into-list arguments)) | |
(.containerize (Containerizer/to | |
(RegistryImage/named | |
(to-imgref "us.gcr.io/booktracker-1208/pubsub-web:latest")))) | |
(.addCredentialRetriever | |
(-> (CredentialRetrieverFactory/forImage | |
(to-imgref "us.gcr.io/booktracker-1208/pubsub-web:latest") | |
nil) | |
;(.dockerCredentialHelper "/Users/genekim/software/google-cloud-sdk/bin/docker-credential-gcloud") | |
(.dockerConfig)))) | |
(def creds (-> (CredentialRetrieverFactory/forImage | |
(to-imgref "us.gcr.io/booktracker-1208/pubsub-web:latest") | |
nil) | |
(.wellKnownCredentialHelpers))) | |
(def creds (-> (CredentialRetrieverFactory/forImage | |
(to-imgref "us.gcr.io/booktracker-1208/pubsub-web:latest") | |
nil) | |
(.dockerConfig))) | |
(def creds (-> (CredentialRetrieverFactory/forImage | |
(to-imgref "us.gcr.io/booktracker-1208/pubsub-web:latest") | |
nil) | |
(.dockerConfig (get-path "/Users/genekim/.docker/config.json")))) | |
(def creds (-> (CredentialRetrieverFactory/forImage | |
(to-imgref "us.gcr.io/booktracker-1208/pubsub-web:latest") | |
nil) | |
(.googleApplicationDefaultCredentials))) | |
(def creds (-> (CredentialRetrieverFactory/forImage | |
(to-imgref "us.gcr.io/booktracker-1208/pubsub-web:latest") | |
nil) | |
(.dockerCredentialHelper "/Users/genekim/software/google-cloud-sdk/bin/docker-credential-gcloud"))) | |
(def creds (-> (CredentialRetrieverFactory/forImage | |
(to-imgref "us.gcr.io/booktracker-1208/pubsub-web:latest") | |
nil) | |
(.known ""))) | |
(.isPresent creds) | |
(bean creds) | |
(.retrieve creds) | |
(clojure.pprint/pprint (clojure.reflect/reflect creds)) | |
; from Jib CLI | |
; | |
; genekim@Genes-2020-M1-MacBook-Pro datomic-cloudrun % time make jibcli | |
;bin/jib-0.5.0/bin/jib jar --target=us.gcr.io/booktracker-1208/datomic-test-jib \ | |
; target/datomic-test-standalone.jar | |
;[WARN] Base image 'adoptopenjdk:8-jre' does not use a specific image digest - build may not be reproducible | |
;Using credentials from Docker config (/Users/genekim/.docker/config.json) for us.gcr.io/booktracker-1208/datomic-test-jib | |
;The base image requires auth. Trying again for adoptopenjdk:8-jre... | |
;Using base image with digest: sha256:bf736024c65942ab045c497e408706f9e599651bf8c01a75ecb3d6971d66700d | |
;==== original | |
(-> (Jib/from (configure-image base-image project)) | |
(.addLayer (first app-layer) (second app-layer)) | |
(.setEntrypoint (apply into-list entrypoint)) | |
(.setProgramArguments (into-list arguments)) | |
(.containerize (Containerizer/to (configure-image (:target-image config) project)))) | |
,) | |
; | |
; copied from: https://github.com/vehvis/lein-jib-build/blob/master/src/leiningen/jib_build.clj | |
; | |
(comment | |
(ns leiningen.jib-build | |
(:import [com.google.cloud.tools.jib.api Jib | |
DockerDaemonImage | |
Containerizer | |
TarImage | |
RegistryImage | |
AbsoluteUnixPath | |
ImageReference CredentialRetriever Credential] | |
[java.io File] | |
[java.util List ArrayList Optional] | |
[java.nio.file Paths]) | |
(:require [leiningen.core.main :as lein] | |
[leiningen.core.classpath :as lein-cp] | |
[leiningen.uberjar :as uberjar] | |
[leiningen.jar :as jar] | |
[clojure.pprint :as pprint] | |
[leiningen.core.project :as project])) | |
(def default-base-image {:type :registry | |
:image-name "gcr.io/distroless/java"}) | |
(def default-entrypoint ["java" "-jar"]) | |
(defn- into-list | |
[& args] | |
(ArrayList. ^List args)) | |
(defn- get-path [filename] | |
(Paths/get (.toURI (File. ^String filename)))) | |
(defn- to-imgref [image-config] | |
(ImageReference/parse (:image-name image-config))) | |
(defn add-registry-credentials [rimg registry-config] | |
(cond | |
(:username registry-config) | |
(do (lein/debug "Using username/password authentication, user:" (:username registry-config)) | |
(.addCredential rimg (:username registry-config) (:password registry-config))) | |
(:authorizer registry-config) | |
(let [auth (:authorizer registry-config)] | |
(lein/debug "Using custom registry authentication:" (:authorizer registry-config)) | |
(.addCredentialRetriever rimg (reify CredentialRetriever | |
(retrieve [_] | |
(require [(symbol (namespace (:fn auth)))]) | |
(let [creds (eval `(~(:fn auth) ~(:args auth)))] | |
(Optional/of (Credential/from (:username creds) (:password creds)))))))) | |
:default rimg)) | |
(defmulti configure-image (fn [image-config project] (:type image-config))) | |
(defmethod configure-image :tar [{:keys [image-name]} project] | |
(let [image-name (or image-name (str "target/" (:name project) ".tar"))] | |
(lein/debug "Tar image:" image-name) | |
(.named (TarImage/at (-> (File. ^String image-name) | |
.toURI | |
Paths/get)) | |
^String image-name))) | |
(defmethod configure-image :registry [{:keys [image-name] :as image-config} project] | |
(let [image-name (or image-name (:name project))] | |
(lein/debug "Registry image:" image-name) | |
(-> (RegistryImage/named ^ImageReference (to-imgref image-config)) | |
(add-registry-credentials image-config)))) | |
(defmethod configure-image :docker [{:keys [image-name] :as image-config} project] | |
(let [image-name (or image-name (:name project))] | |
(lein/debug "Local docker:" image-name) | |
(DockerDaemonImage/named ^ImageReference (to-imgref image-config)))) | |
(defmethod configure-image :default [image-config _] | |
(throw (Exception. ^String (str "Unknown image type: " (:image-name image-config))))) | |
(defn jib-build | |
"It places the jar in the container (or else it gets the hose again)." | |
[project & args] | |
#_(pprint/pprint (lein-cp/ext-classpath project)) | |
#_(pprint/pprint args) | |
(let [project (project/merge-profiles project [:uberjar]) | |
config (:jib-build/build-config project) | |
standalone-jar (jar/get-jar-filename project :standalone) | |
base-image (get config :base-image default-base-image) | |
entrypoint (get config :entrypoint default-entrypoint) | |
arguments (get config :arguments (.toString (.getFileName (get-path standalone-jar)))) | |
app-layer [(into-list (get-path standalone-jar)) | |
(AbsoluteUnixPath/get "/")]] | |
(lein/info "Building container upon" (:image-name base-image) "with" standalone-jar) | |
(-> (Jib/from (configure-image base-image project)) | |
(.addLayer (first app-layer) (second app-layer)) | |
(.setEntrypoint (apply into-list entrypoint)) | |
(.setProgramArguments (into-list arguments)) | |
(.containerize (Containerizer/to (configure-image (:target-image config) project))))))) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment