[SECURESIGN-1399] update pipelines: add prefetch and hermetic builds (#84)

* update pipelines: add prefetch and hermetic builds

* enable prefetch for RPMs

* remove packages install

* add cargo, rust to preinstalled packages

* add cargo, rust to preinstalled packages

* update

* add rpm prefetch-input

* upste Dockerfiles, use rust/cargo version 1.84.0

Author: fghanmi

.github/workflows/rust.yml

@@ -39,7 +39,8 @@ jobs:
       - name: Install ninja-build tool
         uses: seanmiddleditch/gha-setup-ninja@v5
       # print the current rustc. replace stable to pin to a specific toolchain version.
-      - run: rustup default stable
+      # - run: rustup default stable
+      - run: rustup default 1.84.0
       - run: rustup component add rustfmt
       - run: rustup component add clippy
       - name: Install CMake 3.x (Ubuntu)

.tekton/tuf-tool-pull-request.yaml

@@ -30,6 +30,12 @@ spec:
     value: Dockerfile.rh
   - name: build-source-image
     value: "true"
+  - name: prefetch-input
+    value: '[{"type": "cargo", "path": "."}, {"type": "rpm", "path": "."}]'
+  - name: hermetic
+    value: "true"
+  - name: dev-package-managers 
+    value: "true"
   pipelineRef:
     resolver: git
     params:

.tekton/tuf-tool-push.yaml

@@ -27,6 +27,12 @@ spec:
     value: Dockerfile.rh
   - name: build-source-image
     value: "true"
+  - name: prefetch-input
+    value: '[{"type": "cargo", "path": "."}, {"type": "rpm", "path": "."}]'
+  - name: hermetic
+    value: "true"
+  - name: dev-package-managers 
+    value: "true"
   pipelineRef:
     resolver: git
     params:

.tekton/tuffer-pull-request.yaml

@@ -30,6 +30,12 @@ spec:
     value: Dockerfile.tuffer
   - name: build-source-image
     value: "true"
+  - name: prefetch-input
+    value: '[{"type": "cargo", "path": "."}, {"type": "rpm", "path": "."}]'
+  - name: hermetic
+    value: "true"
+  - name: dev-package-managers 
+    value: "true"
   pipelineRef:
     resolver: git
     params:

.tekton/tuffer-push.yaml

@@ -27,6 +27,12 @@ spec:
     value: Dockerfile.tuffer
   - name: build-source-image
     value: "true"
+  - name: prefetch-input
+    value: '[{"type": "cargo", "path": "."}, {"type": "rpm", "path": "."}]'
+  - name: hermetic
+    value: "true"
+  - name: dev-package-managers 
+    value: "true"
   pipelineRef:
     resolver: git
     params:

Dockerfile.rh

@@ -2,13 +2,7 @@ FROM registry.access.redhat.com/ubi9/ubi:latest as builder
 
 USER root
 
-ARG RUST_VERSION="1.79.0"
-
-RUN dnf install -y perl gcc openssl openssl-devel cmake gcc-c++ git curl-minimal unzip cyrus-sasl-devel
-
-RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs/ | sh -s -- --default-toolchain=${RUST_VERSION} -y
-
-ENV PATH "$PATH:/root/.cargo/bin"
+RUN dnf install -y perl gcc openssl openssl-devel cmake gcc-c++ git curl-minimal unzip cyrus-sasl-devel rust cargo
 
 RUN mkdir /tmp/tuftool
 COPY . /tmp/tuftool

Dockerfile.tuffer

@@ -2,13 +2,7 @@ FROM registry.access.redhat.com/ubi9/ubi:latest as builder
 
 USER root
 
-ARG RUST_VERSION="1.79.0"
-
-RUN dnf install -y perl gcc openssl openssl-devel cmake gcc-c++ git curl-minimal unzip cyrus-sasl-devel
-
-RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs/ | sh -s -- --default-toolchain=${RUST_VERSION} -y
-
-ENV PATH "$PATH:/root/.cargo/bin"
+RUN dnf install -y perl gcc openssl openssl-devel cmake gcc-c++ git curl-minimal unzip cyrus-sasl-devel rust cargo
 
 RUN mkdir /tmp/tuftool
 COPY . /tmp/tuftool

rpms.in.yaml

@@ -0,0 +1,4 @@
+packages: [perl, gcc, openssl, openssl-devel, cmake, gcc-c++, git, curl-minimal, unzip, cyrus-sasl-devel, rust, cargo]
+contentOrigin:
+  repofiles: ["./ubi.repo"]
+arches: [x86_64]