Skip to content

Commit 06ec004

Browse files
adilhusain-sadilhusain-s
committed
feat: update Makefile to improve artifact handling with enhanced logging
1 parent 9557a2f commit 06ec004

File tree

1 file changed

+20
-20
lines changed

1 file changed

+20
-20
lines changed

Makefile

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -51,26 +51,26 @@ python-versions/output/python-$(PYTHON_VERSION)-linux-$(ARCH).tar.gz: powershell
5151
--build-arg TARGETARCH=$(ARCH) \
5252
--build-arg BASE_IMAGE=$(BASE_IMAGE) \
5353
-t $(IMAGE_NAME) . || exit 1; \
54-
# Use a deterministic temporary container name so we can reliably copy
55-
# artifacts out of the image even if the runtime prints nothing (some
56-
# container engines/modes may not return an id to backticks reliably).
57-
# note: TEMP_CONTAINER_NAME is defined above at Makefile parse time.
58-
# Ensure no stale container exists with the same name
59-
$(CONTAINER_ENGINE) rm -f $(TEMP_CONTAINER_NAME) 2>/dev/null || true; \
60-
# Create a stopped container from the built image so we can `cp` files out
61-
# (use --name to guarantee a usable identifier). Fail the make target if
62-
# creation does not succeed.
63-
$(CONTAINER_ENGINE) create --name $(TEMP_CONTAINER_NAME) python:$(PYTHON_VERSION)-ubuntu-$(UBUNTU_VERSION)-$(ARCH) >/dev/null || (echo "ERROR: failed to create container $(TEMP_CONTAINER_NAME)" && exit 1); \
64-
# Copy the produced artifact into the repo output directory. If this fails
65-
# we want make to fail so CI can detect the problem.
66-
$(CONTAINER_ENGINE) cp $(TEMP_CONTAINER_NAME):/tmp/artifact/$(ARTIFACT_NAME) $(abspath ../$(OUTPUT_DIR))/$(ARTIFACT_NAME) || (echo "ERROR: failed to copy artifact from $(TEMP_CONTAINER_NAME)" && $(CONTAINER_ENGINE) rm -f $(TEMP_CONTAINER_NAME) >/dev/null 2>&1 || true; exit 1); \
67-
# Also try to copy SBOM and Trivy JSON reports from the image (if present)
68-
# Do not fail the build if these optional reports are absent.
69-
$(CONTAINER_ENGINE) cp $(TEMP_CONTAINER_NAME):/tmp/artifact/python-$(PYTHON_VERSION)-$(ARCH).sbom.json $(abspath ../$(OUTPUT_DIR))/python-$(PYTHON_VERSION)-linux-$(UBUNTU_VERSION)-$(ARCH).sbom.json || true; \
70-
$(CONTAINER_ENGINE) cp $(TEMP_CONTAINER_NAME):/tmp/artifact/trivy-$(PYTHON_VERSION)-$(ARCH)-vuln.json $(abspath ../$(OUTPUT_DIR))/trivy-python-$(PYTHON_VERSION)-linux-$(UBUNTU_VERSION)-$(ARCH)-vuln.json || true; \
71-
$(CONTAINER_ENGINE) cp $(TEMP_CONTAINER_NAME):/tmp/artifact/trivy-$(PYTHON_VERSION)-$(ARCH)-secret.json $(abspath ../$(OUTPUT_DIR))/trivy-python-$(PYTHON_VERSION)-linux-$(UBUNTU_VERSION)-$(ARCH)-secret.json || true; \
72-
# Clean up the temporary container
73-
$(CONTAINER_ENGINE) rm -f $(TEMP_CONTAINER_NAME) >/dev/null 2>&1 || true
54+
@# Use a deterministic temporary container name so we can reliably copy
55+
@# artifacts out of the image even if the runtime prints nothing (some
56+
@# container engines/modes may not return an id to backticks reliably).
57+
@# note: TEMP_CONTAINER_NAME is defined above at Makefile parse time.
58+
@# Ensure no stale container exists with the same name
59+
@$(CONTAINER_ENGINE) rm -f $(TEMP_CONTAINER_NAME) 2>/dev/null || true; \
60+
@# Create a stopped container from the built image so we can `cp` files out
61+
@# (use --name to guarantee a usable identifier). Fail the make target if
62+
@# creation does not succeed.
63+
@$(CONTAINER_ENGINE) create --name $(TEMP_CONTAINER_NAME) $(IMAGE_NAME) >/dev/null || (echo "ERROR: failed to create container $(TEMP_CONTAINER_NAME)" && exit 1); \
64+
@# Copy the produced artifact into the repo output directory. If this fails
65+
@# we want make to fail so CI can detect the problem.
66+
@$(CONTAINER_ENGINE) cp $(TEMP_CONTAINER_NAME):/tmp/artifact/$(ARTIFACT_NAME) $(abspath ../$(OUTPUT_DIR))/$(ARTIFACT_NAME) || (echo "ERROR: failed to copy artifact from $(TEMP_CONTAINER_NAME)" && $(CONTAINER_ENGINE) rm -f $(TEMP_CONTAINER_NAME) >/dev/null 2>&1 || true; exit 1); \
67+
@# Also try to copy SBOM and Trivy JSON reports from the image (if present)
68+
@# Do not fail the build if these optional reports are absent.
69+
@$(CONTAINER_ENGINE) cp $(TEMP_CONTAINER_NAME):/tmp/artifact/python-$(PYTHON_VERSION)-$(ARCH).sbom.json $(abspath ../$(OUTPUT_DIR))/python-$(PYTHON_VERSION)-linux-$(UBUNTU_VERSION)-$(ARCH).sbom.json || true; \
70+
@$(CONTAINER_ENGINE) cp $(TEMP_CONTAINER_NAME):/tmp/artifact/trivy-$(PYTHON_VERSION)-$(ARCH)-vuln.json $(abspath ../$(OUTPUT_DIR))/trivy-python-$(PYTHON_VERSION)-linux-$(UBUNTU_VERSION)-$(ARCH)-vuln.json || true; \
71+
@$(CONTAINER_ENGINE) cp $(TEMP_CONTAINER_NAME):/tmp/artifact/trivy-$(PYTHON_VERSION)-$(ARCH)-secret.json $(abspath ../$(OUTPUT_DIR))/trivy-python-$(PYTHON_VERSION)-linux-$(UBUNTU_VERSION)-$(ARCH)-secret.json || true; \
72+
@# Clean up the temporary container
73+
@$(CONTAINER_ENGINE) rm -f $(TEMP_CONTAINER_NAME) >/dev/null 2>&1 || true
7474

7575
powershell: PowerShell/Dockerfile \
7676
PowerShell/patch/powershell-native-$(POWERSHELL_NATIVE_VERSION).patch \

0 commit comments

Comments
 (0)