From 00b8a03c3ef5a93d664e90a0cbbba5396101e378 Mon Sep 17 00:00:00 2001
From: tommyd450 <tommyd811@gmail.com>
Date: Wed, 27 Sep 2023 15:12:50 +0100
Subject: [PATCH 1/2] Adding the server image to overlays

---
 redhat/overlays/DOckerfile.server | 51 +++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 redhat/overlays/DOckerfile.server

diff --git a/redhat/overlays/DOckerfile.server b/redhat/overlays/DOckerfile.server
new file mode 100644
index 000000000..114356277
--- /dev/null
+++ b/redhat/overlays/DOckerfile.server
@@ -0,0 +1,51 @@
+#
+# Copyright 2021 The Sigstore Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM registry.access.redhat.com/ubi9/go-toolset@sha256:52ab391730a63945f61d93e8c913db4cc7a96f200de909cd525e2632055d9fa6 AS builder
+ENV APP_ROOT=/opt/app-root
+ENV GOPATH=$APP_ROOT
+
+WORKDIR $APP_ROOT/src/
+ADD go.mod go.sum $APP_ROOT/src/
+RUN go mod download
+
+# Add source code
+ADD ./cmd/ $APP_ROOT/src/cmd/
+ADD ./pkg/ $APP_ROOT/src/pkg/
+
+ARG SERVER_LDFLAGS
+RUN go build -ldflags "${SERVER_LDFLAGS}" ./cmd/rekor-server
+RUN CGO_ENABLED=0 go build -gcflags "all=-N -l" -ldflags "${SERVER_LDFLAGS}" -o rekor-server_debug ./cmd/rekor-server
+RUN go test -c -ldflags "${SERVER_LDFLAGS}" -cover -covermode=count -coverpkg=./... -o rekor-server_test ./cmd/rekor-server
+
+# Multi-Stage production build
+FROM registry.access.redhat.com/ubi9/go-toolset@sha256:52ab391730a63945f61d93e8c913db4cc7a96f200de909cd525e2632055d9fa6 as deploy
+
+# Retrieve the binary from the previous stage
+COPY --from=builder /opt/app-root/src/rekor-server /usr/local/bin/rekor-server
+
+# Set the binary as the entrypoint of the container
+ENTRYPOINT ["rekor-server"]
+
+# debug compile options & debugger
+FROM deploy as debug
+RUN go install github.com/go-delve/delve/cmd/dlv@v1.8.0
+
+# overwrite server and include debugger
+COPY --from=builder /opt/app-root/src/rekor-server_debug /usr/local/bin/rekor-server
+
+FROM deploy as test
+# overwrite server with test build with code coverage
+COPY --from=builder /opt/app-root/src/rekor-server_test /usr/local/bin/rekor-server

From a6c824e92c7deaaf1b3e33cf04f4183a8757de16 Mon Sep 17 00:00:00 2001
From: tommyd450 <tommyd811@gmail.com>
Date: Tue, 3 Oct 2023 11:46:08 +0100
Subject: [PATCH 2/2] Changes needed for both Uniform Dockerfiles and required
 changes for RHTAP EC

---
 .github/workflows/cronjobs.yaml               | 68 -------------------
 .../{DOckerfile.server => Dockerfile}         | 19 ++++--
 redhat/patches/0001-dockerfile.patch          | 47 -------------
 3 files changed, 14 insertions(+), 120 deletions(-)
 rename redhat/overlays/{DOckerfile.server => Dockerfile} (60%)
 delete mode 100644 redhat/patches/0001-dockerfile.patch

diff --git a/.github/workflows/cronjobs.yaml b/.github/workflows/cronjobs.yaml
index fa3cf43fa..186db16bd 100644
--- a/.github/workflows/cronjobs.yaml
+++ b/.github/workflows/cronjobs.yaml
@@ -30,71 +30,3 @@ jobs:
         if: ${{ env.NUM_OPEN_PRS == 0 }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-  check-upstream-shas:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out the upstream rekor repository
-        uses: actions/checkout@v2
-        with:
-          repository: sigstore/rekor
-          path: upstream-rekor
-          ref: main
-
-      - name: Get upstream shas
-        run: |
-          cd upstream-rekor
-          upstreamSHA=$(grep -o -m 1 'golang:[^@]\+@sha256:[a-f0-9]\{64\}' Dockerfile)
-          echo 'UPSTREAM_SHA='$upstreamSHA >> $GITHUB_ENV
-
-      - name: Pull down the midstream rekor repository
-        uses: actions/checkout@v2
-        with:
-          path: midstream-rekor
-          ref: main
-
-      - name: Get midstream shas
-        run: |
-          cd midstream-rekor
-          midstreamSHA=$(grep -o -m 1 'golang:[^@]\+@sha256:[a-f0-9]\{64\}' redhat/patches/0001-dockerfile.patch)
-          echo 'MIDSTREAM_SHA='$midstreamSHA >> $GITHUB_ENV
-
-      - name: Generate new patch file
-        if: ${{ env.UPSTREAM_SHA != env.MIDSTREAM_SHA }}
-        run: |
-          cd upstream-rekor
-          sed -i 's|${{ env.UPSTREAM_SHA }}|${{ env.CURRENT_REDHAT_IMAGE }}|g' Dockerfile
-          git diff > 0001-dockerfile.patch
-
-          cd ../midstream-rekor
-          git fetch origin
-          git checkout -B update-dockerfile.patch-file origin/main
-
-          cp -f ../upstream-rekor/0001-dockerfile.patch redhat/patches/
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Check for existing pull request
-        if: ${{ env.UPSTREAM_SHA != env.MIDSTREAM_SHA }}
-        run: |
-          cd midstream-rekor
-          openPRs="$(gh pr list --state open -H update-dockerfile.patch-file --json number | jq -r '.[].number' | wc -l)"
-          echo 'NUM_OPEN_PRS='$openPRs >> $GITHUB_ENV
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Configure git
-        run: |
-          git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com"
-          git config --global user.name "${GITHUB_ACTOR}"
-
-      - name: Create pull request
-        if: ${{ env.NUM_OPEN_PRS == 0 && env.UPSTREAM_SHA != env.MIDSTREAM_SHA }}
-        run: |
-          cd midstream-rekor
-          git add .
-          git commit -m "Update image in docker file"
-          git push -f origin update-dockerfile.patch-file
-          gh pr create --base main --head update-dockerfile.patch-file --title "Update patch file" --body "This is an automated pr to update the docker patch file"
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/redhat/overlays/DOckerfile.server b/redhat/overlays/Dockerfile
similarity index 60%
rename from redhat/overlays/DOckerfile.server
rename to redhat/overlays/Dockerfile
index 114356277..204515cbd 100644
--- a/redhat/overlays/DOckerfile.server
+++ b/redhat/overlays/Dockerfile
@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM registry.access.redhat.com/ubi9/go-toolset@sha256:52ab391730a63945f61d93e8c913db4cc7a96f200de909cd525e2632055d9fa6 AS builder
+FROM registry.access.redhat.com/ubi9/go-toolset@sha256:e91cbbd0b659498d029dd43e050c8a009c403146bfba22cbebca8bcd0ee7925f AS builder
 ENV APP_ROOT=/opt/app-root
 ENV GOPATH=$APP_ROOT
 
@@ -31,7 +31,7 @@ RUN CGO_ENABLED=0 go build -gcflags "all=-N -l" -ldflags "${SERVER_LDFLAGS}" -o
 RUN go test -c -ldflags "${SERVER_LDFLAGS}" -cover -covermode=count -coverpkg=./... -o rekor-server_test ./cmd/rekor-server
 
 # Multi-Stage production build
-FROM registry.access.redhat.com/ubi9/go-toolset@sha256:52ab391730a63945f61d93e8c913db4cc7a96f200de909cd525e2632055d9fa6 as deploy
+FROM registry.access.redhat.com/ubi9/go-toolset@sha256:e91cbbd0b659498d029dd43e050c8a009c403146bfba22cbebca8bcd0ee7925f as deploy
 
 # Retrieve the binary from the previous stage
 COPY --from=builder /opt/app-root/src/rekor-server /usr/local/bin/rekor-server
@@ -40,12 +40,21 @@ COPY --from=builder /opt/app-root/src/rekor-server /usr/local/bin/rekor-server
 ENTRYPOINT ["rekor-server"]
 
 # debug compile options & debugger
-FROM deploy as debug
+FROM registry.access.redhat.com/ubi9/go-toolset@sha256:e91cbbd0b659498d029dd43e050c8a009c403146bfba22cbebca8bcd0ee7925f as debug
+COPY --from=deploy /usr/local/bin/rekor-server /usr/local/bin/rekor-server
 RUN go install github.com/go-delve/delve/cmd/dlv@v1.8.0
 
 # overwrite server and include debugger
 COPY --from=builder /opt/app-root/src/rekor-server_debug /usr/local/bin/rekor-server
 
-FROM deploy as test
+FROM registry.access.redhat.com/ubi9/go-toolset@sha256:e91cbbd0b659498d029dd43e050c8a009c403146bfba22cbebca8bcd0ee7925f as test
+
+LABEL description="Rekor aims to provide an immutable, tamper-resistant ledger of metadata generated within a software project’s supply chain."
+LABEL io.k8s.description="Rekor-Server provides a tamper resistant ledger."
+LABEL io.k8s.display-name="Rekor-Server container image for Red Hat Trusted Signer"
+LABEL io.openshift.tags="rekor-server trusted-signer"
+LABEL summary="Provides the rekor Server binary for running Rekor-Server"
+
+COPY --from=deploy /usr/local/bin/rekor-server /usr/local/bin/rekor-server
 # overwrite server with test build with code coverage
-COPY --from=builder /opt/app-root/src/rekor-server_test /usr/local/bin/rekor-server
+COPY --from=builder /opt/app-root/src/rekor-server_test /usr/local/bin/rekor-server
\ No newline at end of file
diff --git a/redhat/patches/0001-dockerfile.patch b/redhat/patches/0001-dockerfile.patch
deleted file mode 100644
index d0bb656ae..000000000
--- a/redhat/patches/0001-dockerfile.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-diff --git a/Dockerfile b/Dockerfile
-index 067c238..f91be3a 100644
---- a/Dockerfile
-+++ b/Dockerfile
-@@ -13,7 +13,7 @@
- # See the License for the specific language governing permissions and
- # limitations under the License.
- 
--FROM golang:1.21.1@sha256:c416ceeec1cdf037b80baef1ccb402c230ab83a9134b34c0902c542eb4539c82 AS builder
-+FROM registry.access.redhat.com/ubi9/go-toolset@sha256:e91cbbd0b659498d029dd43e050c8a009c403146bfba22cbebca8bcd0ee7925f AS builder
- ENV APP_ROOT=/opt/app-root
- ENV GOPATH=$APP_ROOT
- 
-@@ -31,7 +31,7 @@ RUN CGO_ENABLED=0 go build -gcflags "all=-N -l" -ldflags "${SERVER_LDFLAGS}" -o
- RUN go test -c -ldflags "${SERVER_LDFLAGS}" -cover -covermode=count -coverpkg=./... -o rekor-server_test ./cmd/rekor-server
- 
- # Multi-Stage production build
--FROM golang:1.21.1@sha256:c416ceeec1cdf037b80baef1ccb402c230ab83a9134b34c0902c542eb4539c82 as deploy
-+FROM registry.access.redhat.com/ubi9/go-toolset@sha256:e91cbbd0b659498d029dd43e050c8a009c403146bfba22cbebca8bcd0ee7925f as deploy
- 
- # Retrieve the binary from the previous stage
- COPY --from=builder /opt/app-root/src/rekor-server /usr/local/bin/rekor-server
-@@ -40,12 +40,21 @@ COPY --from=builder /opt/app-root/src/rekor-server /usr/local/bin/rekor-server
- CMD ["rekor-server", "serve"]
- 
- # debug compile options & debugger
--FROM deploy as debug
--RUN go install github.com/go-delve/delve/cmd/dlv@v1.21.0
-+FROM registry.access.redhat.com/ubi9/go-toolset@sha256:e91cbbd0b659498d029dd43e050c8a009c403146bfba22cbebca8bcd0ee7925f as debug
-+COPY --from=deploy /usr/local/bin/rekor-server /usr/local/bin/rekor-server
-+RUN go install github.com/go-delve/delve/cmd/dlv@v1.8.0
- 
- # overwrite server and include debugger
- COPY --from=builder /opt/app-root/src/rekor-server_debug /usr/local/bin/rekor-server
- 
--FROM deploy as test
-+FROM registry.access.redhat.com/ubi9/go-toolset@sha256:e91cbbd0b659498d029dd43e050c8a009c403146bfba22cbebca8bcd0ee7925f as test
-+
-+LABEL description="Rekor provides an immutable tamper resistant ledger of metadata generated within a software projects supply chain."
-+LABEL io.k8s.description="Rekor provides an immutable tamper resistant ledger of metadata generated within a software projects supply chain."
-+LABEL io.k8s.display-name="Rekor container image for Red Hat Trusted Signer"
-+LABEL io.openshift.tags="rekor trusted-signer"
-+LABEL summary="The rekor-server binary provides an immutable, tamper-resistant log."
-+
-+COPY --from=deploy /usr/local/bin/rekor-server /usr/local/bin/rekor-server
- # overwrite server with test build with code coverage
- COPY --from=builder /opt/app-root/src/rekor-server_test /usr/local/bin/rekor-server