--base-with-certs simple build engine flag for the imagebuild command to use a predefined base image that contains certs

Signed-off-by: Kyle Quest <kcq.public@gmail.com>

Author: kcq

README.md

@@ -620,7 +620,7 @@ USAGE: `mint [GLOBAL FLAGS] imagebuild [FLAGS] [IMAGE]`
 
 Flags:
 
-- `--engine` - Container image build engine to use: `docker` (Native Docker container build engine), `podman` (Native Podman/Buildah container build engine), `buildkit` (BuildKit container build engine), `depot` (Depot.dev cloud-based container build engine).
+- `--engine` - Container image build engine to use: `docker` (Native Docker container build engine), `podman` (Native Podman/Buildah container build engine), `buildkit` (BuildKit container build engine), `depot` (Depot.dev cloud-based container build engine), `simple` (built-in simple image build engine)
 - `--image-name` - Container image name to use (including tag).
 - `--image-archive-file` - Local file path for the image tar archive file (used for the `depot` and `buildkit` engines).
 - `--dockerfile` - Local Dockerfile path (for `buildkit` and `depot`) or a relative to the build context directory (for `docker` or `podman`). Default: `Dockerfile`.
@@ -632,6 +632,11 @@ Flags:
 - `--engine-token` - Build engine specific API token (for `depot`).
 - `--engine-namespace` - Build engine specific namespace (for `depot`).
 - `--runtime-load` - Container runtime where to load the created image: `none`, `docker`, `podman`.
+- `--base` - `simple` build engine: base image to use (from selected runtime, docker by default, or pulled if not available)
+- `--base-tar` - `simple` build engine: base image from a local tar file
+- `--base-with-certs` - `simple` build engine: boolean flat to use the static-debian12 distroless base image - contains only certs and timezone info
+- `--exe-path` - `simple` build engine: local (linux) executable file that will be used as the entrypoint for the new image (added to the selected base image or scratch image if no base image is provided)
+
 
 Examples:
 

pkg/app/master/command/build/image.go

@@ -20,7 +20,7 @@ import (
 	"github.com/mintoolkit/mint/pkg/crt"
 	"github.com/mintoolkit/mint/pkg/crt/docker/dockercrtclient"
 	"github.com/mintoolkit/mint/pkg/imagebuilder"
-	"github.com/mintoolkit/mint/pkg/imagebuilder/internalbuilder"
+	"github.com/mintoolkit/mint/pkg/imagebuilder/simplebuilder"
 	"github.com/mintoolkit/mint/pkg/imagebuilder/slimbuilder"
 	"github.com/mintoolkit/mint/pkg/imagebuilder/standardbuilder"
 	"github.com/mintoolkit/mint/pkg/report"
@@ -361,7 +361,7 @@ func buildOutputImage(
 	switch imageBuildEngine {
 	case IBENone:
 	case IBEInternal:
-		engine, err := internalbuilder.New(doShowBuildLogs,
+		engine, err := simplebuilder.New(doShowBuildLogs,
 			true, //pushToDaemon - TODO: have a param to control this &
 			//output image tar (if not 'saving' to daemon)
 			false)

pkg/app/master/command/imagebuild/cli.go

@@ -23,21 +23,22 @@ const (
 )
 
 type CommandParams struct {
-	Engine           string                 `json:"engine,omitempty"`
-	EngineEndpoint   string                 `json:"engine_endpoint,omitempty"`
-	EngineToken      string                 `json:"engine_token,omitempty"`
-	EngineNamespace  string                 `json:"engine_namespace,omitempty"`
-	ImageName        string                 `json:"image_name,omitempty"`
-	ImageArchiveFile string                 `json:"image_archive_file,omitempty"`
-	Runtime          string                 `json:"runtime,omitempty"` //runtime where to load the created image
-	Dockerfile       string                 `json:"dockerfile,omitempty"`
-	ContextDir       string                 `json:"context_dir,omitempty"`
-	BuildArgs        []imagebuilder.NVParam `json:"build_args,omitempty"`
-	Labels           map[string]string      `json:"labels,omitempty"`
-	Architecture     string                 `json:"architecture,omitempty"`
-	BaseImage        string                 `json:"base_image,omitempty"`
-	BaseImageTar     string                 `json:"base_image_tar,omitempty"`
-	ExePath          string                 `json:"exe_path,omitempty"`
+	Engine             string                 `json:"engine,omitempty"`
+	EngineEndpoint     string                 `json:"engine_endpoint,omitempty"`
+	EngineToken        string                 `json:"engine_token,omitempty"`
+	EngineNamespace    string                 `json:"engine_namespace,omitempty"`
+	ImageName          string                 `json:"image_name,omitempty"`
+	ImageArchiveFile   string                 `json:"image_archive_file,omitempty"`
+	Runtime            string                 `json:"runtime,omitempty"` //runtime where to load the created image
+	Dockerfile         string                 `json:"dockerfile,omitempty"`
+	ContextDir         string                 `json:"context_dir,omitempty"`
+	BuildArgs          []imagebuilder.NVParam `json:"build_args,omitempty"`
+	Labels             map[string]string      `json:"labels,omitempty"`
+	Architecture       string                 `json:"architecture,omitempty"`
+	BaseImage          string                 `json:"base_image,omitempty"`
+	BaseImageTar       string                 `json:"base_image_tar,omitempty"`
+	BaseImageWithCerts bool                   `json:"base_image_with_certs,omitempty"`
+	ExePath            string                 `json:"exe_path,omitempty"`
 }
 
 var ImageBuildFlags = useAllFlags()
@@ -62,20 +63,21 @@ var CLI = &cli.Command{
 			gcvalues.OutputFormat)
 
 		cparams := &CommandParams{
-			Engine:           ctx.String(FlagEngine),
-			EngineEndpoint:   ctx.String(FlagEngineEndpoint),
-			EngineToken:      ctx.String(FlagEngineToken),
-			EngineNamespace:  ctx.String(FlagEngineNamespace),
-			ImageName:        ctx.String(FlagImageName),
-			ImageArchiveFile: ctx.String(FlagImageArchiveFile),
-			Dockerfile:       ctx.String(FlagDockerfile),
-			ContextDir:       ctx.String(FlagContextDir),
-			Runtime:          ctx.String(FlagRuntimeLoad),
-			Architecture:     ctx.String(FlagArchitecture),
-			BaseImage:        ctx.String(FlagBase),
-			BaseImageTar:     ctx.String(FlagBaseTar),
-			ExePath:          ctx.String(FlagExePath),
-			Labels:           map[string]string{},
+			Engine:             ctx.String(FlagEngine),
+			EngineEndpoint:     ctx.String(FlagEngineEndpoint),
+			EngineToken:        ctx.String(FlagEngineToken),
+			EngineNamespace:    ctx.String(FlagEngineNamespace),
+			ImageName:          ctx.String(FlagImageName),
+			ImageArchiveFile:   ctx.String(FlagImageArchiveFile),
+			Dockerfile:         ctx.String(FlagDockerfile),
+			ContextDir:         ctx.String(FlagContextDir),
+			Runtime:            ctx.String(FlagRuntimeLoad),
+			Architecture:       ctx.String(FlagArchitecture),
+			BaseImage:          ctx.String(FlagBase),
+			BaseImageTar:       ctx.String(FlagBaseTar),
+			BaseImageWithCerts: ctx.Bool(FlagBaseWithCerts),
+			ExePath:            ctx.String(FlagExePath),
+			Labels:             map[string]string{},
 		}
 
 		cboBuildArgs := command.ParseKVParams(ctx.StringSlice(FlagBuildArg))

pkg/app/master/command/imagebuild/flags.go

@@ -51,6 +51,9 @@ const (
 	FlagBaseTar      = "base-tar"
 	FlagBaseTarUsage = "base image from a local tar file"
 
+	FlagBaseWithCerts      = "base-with-certs"
+	FlagBaseWithCertsUsage = "static-debian12 distroless base image - contains only certs and timezone info"
+
 	FlagExePath      = "exe-path"
 	FlagExePathUsage = "local (linux) executable file that will be used as the entrypoint for the new image (added to the selected base image or scratch image if no base image is provided)"
 )
@@ -221,6 +224,11 @@ var Flags = map[string]cli.Flag{
 		Usage:   FlagBaseTarUsage,
 		EnvVars: []string{"DSLIM_IMAGEBUILD_BASE_TAR"},
 	},
+	FlagBaseWithCerts: &cli.BoolFlag{
+		Name:    FlagBaseWithCerts,
+		Usage:   FlagBaseWithCertsUsage,
+		EnvVars: []string{"DSLIM_IMAGEBUILD_BASE_WITH_CERTS"},
+	},
 	FlagExePath: &cli.StringFlag{
 		Name:    FlagExePath,
 		Value:   "",

pkg/app/master/command/imagebuild/handle_engine_simple.go

@@ -11,7 +11,7 @@ import (
 	"github.com/mintoolkit/mint/pkg/app"
 	"github.com/mintoolkit/mint/pkg/app/master/command"
 	"github.com/mintoolkit/mint/pkg/imagebuilder"
-	"github.com/mintoolkit/mint/pkg/imagebuilder/internalbuilder"
+	"github.com/mintoolkit/mint/pkg/imagebuilder/simplebuilder"
 	"github.com/mintoolkit/mint/pkg/util/fsutil"
 	v "github.com/mintoolkit/mint/pkg/version"
 )
@@ -35,7 +35,7 @@ func HandleSimpleEngine(
 		targetExePath = parts[1]
 	} else {
 		localExePath = cparams.ExePath
-		targetExePath = path.Join(internalbuilder.DefaultAppDir, filepath.Base(localExePath))
+		targetExePath = path.Join(simplebuilder.DefaultAppDir, filepath.Base(localExePath))
 	}
 
 	if !fsutil.Exists(localExePath) || !fsutil.IsRegularFile(localExePath) {
@@ -59,7 +59,7 @@ func HandleSimpleEngine(
 	}
 
 	doShowBuildLogs := true
-	builder, err := internalbuilder.New(doShowBuildLogs, false, false)
+	builder, err := simplebuilder.New(doShowBuildLogs, false, false)
 	options := imagebuilder.SimpleBuildOptions{
 		OutputImageTar: cparams.ImageArchiveFile,
 		From:           cparams.BaseImage,
@@ -83,6 +83,10 @@ func HandleSimpleEngine(
 		},
 	}
 
+	if cparams.BaseImageWithCerts {
+		options.From = simplebuilder.BaseImageWithCerts
+	}
+
 	bresult, err := builder.Build(options)
 	if err != nil {
 		xc.Out.Info("build.error",

pkg/app/master/command/imagebuild/prompt.go

@@ -56,11 +56,18 @@ var CommandFlagSuggestions = &command.FlagSuggestions{
 		{Text: command.FullFlagName(FlagBuildArg), Description: FlagBuildArgUsage},
 		{Text: command.FullFlagName(FlagLabel), Description: FlagLabelUsage},
 		{Text: command.FullFlagName(FlagArchitecture), Description: FlagArchitectureUsage},
+		{Text: command.FullFlagName(FlagBase), Description: FlagBaseUsage},
+		{Text: command.FullFlagName(FlagBaseTar), Description: FlagBaseTarUsage},
+		{Text: command.FullFlagName(FlagBaseWithCerts), Description: FlagBaseWithCertsUsage},
+		{Text: command.FullFlagName(FlagExePath), Description: FlagExePathUsage},
 	},
 	Values: map[string]command.CompleteValue{
-		command.FullFlagName(FlagEngine):       completeBuildEngine,
-		command.FullFlagName(FlagRuntimeLoad):  completeRuntimeLoad,
-		command.FullFlagName(FlagArchitecture): completeArchitecture,
-		command.FullFlagName(FlagContextDir):   command.CompleteDir,
+		command.FullFlagName(FlagEngine):        completeBuildEngine,
+		command.FullFlagName(FlagRuntimeLoad):   completeRuntimeLoad,
+		command.FullFlagName(FlagArchitecture):  completeArchitecture,
+		command.FullFlagName(FlagContextDir):    command.CompleteDir,
+		command.FullFlagName(FlagBaseTar):       command.CompleteFile,
+		command.FullFlagName(FlagBaseWithCerts): command.CompleteBool,
+		command.FullFlagName(FlagExePath):       command.CompleteFile,
 	},
 }

pkg/app/master/command/merge/handler.go

@@ -19,7 +19,7 @@ import (
 	"github.com/mintoolkit/mint/pkg/crt/docker/dockerclient"
 	"github.com/mintoolkit/mint/pkg/crt/docker/dockercrtclient"
 	"github.com/mintoolkit/mint/pkg/imagebuilder"
-	"github.com/mintoolkit/mint/pkg/imagebuilder/internalbuilder"
+	"github.com/mintoolkit/mint/pkg/imagebuilder/simplebuilder"
 	"github.com/mintoolkit/mint/pkg/imagereader"
 	"github.com/mintoolkit/mint/pkg/report"
 	"github.com/mintoolkit/mint/pkg/util/errutil"
@@ -295,7 +295,7 @@ func OnCommand(
 
 	ibo.Layers = append(ibo.Layers, layerInfo)
 
-	engine, err := internalbuilder.New(
+	engine, err := simplebuilder.New(
 		false, //show build logs doShowBuildLogs,
 		true,  //push to daemon - TODO: have a param to control this later
 		//output image tar (if not 'saving' to daemon)

pkg/imagebuilder/internalbuilder/engine.go renamed to pkg/imagebuilder/simplebuilder/engine.go

@@ -1,4 +1,4 @@
-package internalbuilder
+package simplebuilder
 
 import (
 	"archive/tar"
@@ -29,6 +29,7 @@ const (
 	Name                   = "internal.container.build.engine"
 	DefaultAppDir          = "/opt/app"
 	DefaultOutputImageName = "mint-built-image:latest"
+	BaseImageWithCerts     = "gcr.io/distroless/static-debian12:latest"
 )
 
 // Engine is the default simple build engine
@@ -58,6 +59,8 @@ func (ref *Engine) Name() string {
 }
 
 func (ref *Engine) Build(options imagebuilder.SimpleBuildOptions) (*imagebuilder.ImageResult, error) {
+	logger := log.WithField("op", "simplebuilder.Engine.Build")
+
 	if len(options.Tags) == 0 {
 		options.Tags = append(options.Tags, DefaultOutputImageName)
 	}
@@ -112,27 +115,29 @@ func (ref *Engine) Build(options imagebuilder.SimpleBuildOptions) (*imagebuilder
 
 			img, err = tarball.ImageFromPath(options.FromTar, nil)
 			if err != nil {
-				log.WithError(err).Error("tarball.ImageFromPath")
+				logger.WithError(err).Error("tarball.ImageFromPath")
 				return nil, err
 			}
 		} else {
 			ref, err := name.ParseReference(options.From)
 			if err != nil {
-				log.WithError(err).Error("name.ParseReference")
+				logger.WithError(err).Error("name.ParseReference")
 				return nil, err
 			}
 
 			//TODO/FUTURE: add other image source options (not just local Docker daemon)
 			//TODO/ASAP: need to pass the 'daemon' client otherwise it'll fail if the default client isn't enough
+			logger.Debugf("getting base image from Docker daemon - %s", options.From)
 			img, err = daemon.Image(ref)
 			if err != nil {
-				log.WithError(err).Debugf("daemon.Image(%s)", options.From)
+				logger.WithError(err).Debugf("daemon.Image(%s)", options.From)
 				//return nil, err
 				//TODO: have a flag to control the 'pull' behavior (also need to consider auth)
 				//try to pull...
+				logger.Debugf("getting base image from registry - %s", options.From)
 				img, err = remote.Image(ref)
 				if err != nil {
-					log.WithError(err).Errorf("remote.Image(%s)", options.From)
+					logger.WithError(err).Errorf("remote.Image(%s)", options.From)
 					return nil, err
 				}
 			}