diff --git a/.github/scripts/determine-image-version.sh b/.github/scripts/determine-image-version.sh new file mode 100755 index 0000000..c18dd9a --- /dev/null +++ b/.github/scripts/determine-image-version.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +IMAGE_REPOSITORY=${REGISTRY_URI}/${REGISTRY_REPOSITORY}/${IMAGE_NAME} + +# determine version +# if scheduled build then version is 'nightly' +# else if REF is a tag then version is tag +# else if REF is the default branch then version is 'edge +# else if REF is pull request then version is pull request event number +VERSION=noop +if [ "${GITHUB_EVENT_NAME}" == "schedule" ]; then + VERSION=nightly +elif [[ ${GITHUB_REF} == refs/tags/* ]]; then + VERSION=${GITHUB_REF#refs/tags/} +elif [[ ${GITHUB_REF} == refs/heads/* ]]; then + VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') + if [ "${GITHUB_EVENT_REPOSITORY_DEFAULT_BRANCH}" = "$VERSION" ]; then + VERSION=edge + fi +elif [[ ${GITHUB_REF} == refs/pull/* ]]; then + VERSION=pr-${GITHUB_EVENT_NUMBER} +fi +VERSION="${VERSION}" +TAGS="${IMAGE_REPOSITORY}:${VERSION}" + +# if version is vMAJOR.MINOR.MICRO then also tag with vMAJOR and vMAJOR.MINOR +if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then + MINOR=${VERSION%.*} + MAJOR=${MINOR%.*} + TAGS="${TAGS},${IMAGE_REPOSITORY}:${MINOR},${IMAGE_REPOSITORY}:${MAJOR},${IMAGE_REPOSITORY}:latest" +fi + +# add sha tag if not a pull request +if [[ ${GITHUB_REF} != refs/pull/* ]]; then + TAGS="${TAGS},${IMAGE_REPOSITORY}:sha-${GITHUB_SHA::12}" +fi + +# if a flavor is provided then iterate each tag and add the flavor to it +# if IMAGE_IS_DEFAULT_FLAVOR is also true, then also use the unflavored tags +if [[ ${IMAGE_TAG_FLAVOR} ]] ; then + original_tags=$TAGS + TAGS="" + + for original_tag in $(echo $original_tags | sed "s/,/ /g") + do + if [[ ${IMAGE_IS_DEFAULT_FLAVOR} =~ true|True|t|T|yes|Yes|y|Y ]]; then + new_tags="${original_tag},${original_tag}${IMAGE_TAG_FLAVOR}" + else + new_tags="${original_tag}${IMAGE_TAG_FLAVOR}" + fi + + if [[ ${TAGS} ]]; then + TAGS="${TAGS},${new_tags}" + else + TAGS="${new_tags}" + fi + done +fi + +# set output for future github action steps +echo ::set-output name=version::${VERSION}${IMAGE_TAG_FLAVOR} +echo ::set-output name=tags::${TAGS} +echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index e954683..686f0ed 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -10,6 +10,12 @@ on: - 'v*.*.*' pull_request: +env: + GITHUB_EVENT_REPOSITORY_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} + GITHUB_EVENT_NUMBER: ${{ github.event.number }} + REGISTRY_URI: ${{ secrets.REGISTRY_URI }} + REGISTRY_REPOSITORY: ${{ secrets.REGISTRY_REPOSITORY }} + jobs: cancel-previous: runs-on: ubuntu-latest @@ -19,10 +25,12 @@ jobs: with: access_token: ${{ github.token }} - ################ - # ploigos-base # - ################ - ploigos-base: +## UBI8 ## + + ##################### + # ploigos-base_ubi8 # + ##################### + ploigos-base_ubi8: needs: - cancel-previous @@ -30,9 +38,11 @@ jobs: env: IMAGE_CONTEXT: ./ploigos-base - IMAGE_FILE: Containerfile + IMAGE_FILE: Containerfile.ubi8 IMAGE_NAME: ploigos-base - IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-base:latest + IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-base:latest.ubi8 + IMAGE_TAG_FLAVOR: .ubi8 + IMAGE_IS_DEFAULT_FLAVOR: true services: registry: @@ -46,34 +56,7 @@ jobs: - name: Determine Image Version and Tags โš™๏ธ id: prep - run: | - IMAGE_REPOSITORY=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.IMAGE_NAME }} - - VERSION=noop - if [ "${{ github.event_name }}" = "schedule" ]; then - VERSION=nightly - elif [[ $GITHUB_REF == refs/tags/* ]]; then - VERSION=${GITHUB_REF#refs/tags/} - elif [[ $GITHUB_REF == refs/heads/* ]]; then - VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') - if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then - VERSION=edge - fi - elif [[ $GITHUB_REF == refs/pull/* ]]; then - VERSION=pr-${{ github.event.number }} - fi - TAGS="${IMAGE_REPOSITORY}:${VERSION}" - if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - MINOR=${VERSION%.*} - MAJOR=${MINOR%.*} - TAGS="$TAGS,${IMAGE_REPOSITORY}:${MINOR},${IMAGE_REPOSITORY}:${MAJOR},${IMAGE_REPOSITORY}:latest" - elif [ "${{ github.event_name }}" = "push" ]; then - TAGS="$TAGS,${IMAGE_REPOSITORY}:sha-${GITHUB_SHA::8}" - fi - - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::${TAGS} - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh - name: Version ๐Ÿ“Œ run: echo ${{ steps.prep.outputs.version }} @@ -155,21 +138,23 @@ jobs: - name: Image Digest ๐Ÿ”– run: echo ${{ steps.image_build.outputs.digest }} - ####################### - # ploigos-base-java-8 # - ####################### - ploigos-base-java-8: + ############################# + # ploigos-base-java-8_ubi8 # + ############################# + ploigos-base-java-8_ubi8 : needs: - - ploigos-base + - ploigos-base_ubi8 runs-on: ubuntu-latest env: IMAGE_CONTEXT: ./ploigos-base-java-8 - IMAGE_FILE: Containerfile + IMAGE_FILE: Containerfile.ubi8 IMAGE_NAME: ploigos-base-java-8 - IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-base-java-8:latest - FROM_IMAGE_NAME: ploigos-base + IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-base-java-8:latest.ubi8 + BASE_IMAGE_NAME: ploigos-base + IMAGE_TAG_FLAVOR: .ubi8 + IMAGE_IS_DEFAULT_FLAVOR: true services: registry: @@ -183,34 +168,7 @@ jobs: - name: Determine Image Version and Tags โš™๏ธ id: prep - run: | - IMAGE_REPOSITORY=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.IMAGE_NAME }} - - VERSION=noop - if [ "${{ github.event_name }}" = "schedule" ]; then - VERSION=nightly - elif [[ $GITHUB_REF == refs/tags/* ]]; then - VERSION=${GITHUB_REF#refs/tags/} - elif [[ $GITHUB_REF == refs/heads/* ]]; then - VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') - if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then - VERSION=edge - fi - elif [[ $GITHUB_REF == refs/pull/* ]]; then - VERSION=pr-${{ github.event.number }} - fi - TAGS="${IMAGE_REPOSITORY}:${VERSION}" - if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - MINOR=${VERSION%.*} - MAJOR=${MINOR%.*} - TAGS="$TAGS,${IMAGE_REPOSITORY}:${MINOR},${IMAGE_REPOSITORY}:${MAJOR},${IMAGE_REPOSITORY}:latest" - elif [ "${{ github.event_name }}" = "push" ]; then - TAGS="$TAGS,${IMAGE_REPOSITORY}:sha-${GITHUB_SHA::8}" - fi - - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::${TAGS} - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh - name: Version ๐Ÿ“Œ run: echo ${{ steps.prep.outputs.version }} @@ -238,7 +196,7 @@ jobs: id: image_build uses: docker/build-push-action@v2.2.1 env: - IMAGE_BUILD_ARGS: FROM_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.FROM_IMAGE_NAME }}:${{ steps.prep.outputs.version }} + IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.prep.outputs.version }} with: context: ${{ env.IMAGE_CONTEXT }} file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} @@ -280,21 +238,23 @@ jobs: - name: Image Digest ๐Ÿ”– run: echo ${{ steps.image_build.outputs.digest }} - ############################ - # ploigos-ci-agent-jenkins # - ############################ - ploigos-ci-agent-jenkins: + ################################## + # ploigos-ci-agent-jenkins_ubi8 # + ################################## + ploigos-ci-agent-jenkins_ubi8: needs: - - ploigos-base-java-8 + - ploigos-base-java-8_ubi8 runs-on: ubuntu-latest env: IMAGE_CONTEXT: ./ploigos-ci-agent-jenkins - IMAGE_FILE: Containerfile + IMAGE_FILE: Containerfile.ubi8 IMAGE_NAME: ploigos-ci-agent-jenkins - IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-ci-agent-jenkins:latest - FROM_IMAGE_NAME: ploigos-base-java-8 + IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-ci-agent-jenkins:latest.ubi8 + BASE_IMAGE_NAME: ploigos-base-java-8 + IMAGE_TAG_FLAVOR: .ubi8 + IMAGE_IS_DEFAULT_FLAVOR: true services: registry: @@ -308,34 +268,7 @@ jobs: - name: Determine Image Version and Tags โš™๏ธ id: prep - run: | - IMAGE_REPOSITORY=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.IMAGE_NAME }} - - VERSION=noop - if [ "${{ github.event_name }}" = "schedule" ]; then - VERSION=nightly - elif [[ $GITHUB_REF == refs/tags/* ]]; then - VERSION=${GITHUB_REF#refs/tags/} - elif [[ $GITHUB_REF == refs/heads/* ]]; then - VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') - if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then - VERSION=edge - fi - elif [[ $GITHUB_REF == refs/pull/* ]]; then - VERSION=pr-${{ github.event.number }} - fi - TAGS="${IMAGE_REPOSITORY}:${VERSION}" - if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - MINOR=${VERSION%.*} - MAJOR=${MINOR%.*} - TAGS="$TAGS,${IMAGE_REPOSITORY}:${MINOR},${IMAGE_REPOSITORY}:${MAJOR},${IMAGE_REPOSITORY}:latest" - elif [ "${{ github.event_name }}" = "push" ]; then - TAGS="$TAGS,${IMAGE_REPOSITORY}:sha-${GITHUB_SHA::8}" - fi - - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::${TAGS} - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh - name: Version ๐Ÿ“Œ run: echo ${{ steps.prep.outputs.version }} @@ -363,7 +296,7 @@ jobs: id: image_build uses: docker/build-push-action@v2.2.1 env: - IMAGE_BUILD_ARGS: FROM_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.FROM_IMAGE_NAME }}:${{ steps.prep.outputs.version }} + IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.prep.outputs.version }} with: context: ${{ env.IMAGE_CONTEXT }} file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} @@ -405,9 +338,9 @@ jobs: - name: Image Digest ๐Ÿ”– run: echo ${{ steps.image_build.outputs.digest }} - ############################ - # ploigos-jenkins-init # - ############################ + ######################### + # ploigos-jenkins-init # + ######################### ploigos-jenkins-init: needs: - cancel-previous @@ -419,6 +352,7 @@ jobs: IMAGE_FILE: Containerfile IMAGE_NAME: ploigos-jenkins-init IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-jenkins-init:latest + IMAGE_IS_DEFAULT_FLAVOR: true services: registry: @@ -432,34 +366,7 @@ jobs: - name: Determine Image Version and Tags โš™๏ธ id: prep - run: | - IMAGE_REPOSITORY=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.IMAGE_NAME }} - - VERSION=noop - if [ "${{ github.event_name }}" = "schedule" ]; then - VERSION=nightly - elif [[ $GITHUB_REF == refs/tags/* ]]; then - VERSION=${GITHUB_REF#refs/tags/} - elif [[ $GITHUB_REF == refs/heads/* ]]; then - VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') - if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then - VERSION=edge - fi - elif [[ $GITHUB_REF == refs/pull/* ]]; then - VERSION=pr-${{ github.event.number }} - fi - TAGS="${IMAGE_REPOSITORY}:${VERSION}" - if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - MINOR=${VERSION%.*} - MAJOR=${MINOR%.*} - TAGS="$TAGS,${IMAGE_REPOSITORY}:${MINOR},${IMAGE_REPOSITORY}:${MAJOR},${IMAGE_REPOSITORY}:latest" - elif [ "${{ github.event_name }}" = "push" ]; then - TAGS="$TAGS,${IMAGE_REPOSITORY}:sha-${GITHUB_SHA::8}" - fi - - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::${TAGS} - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh - name: Version ๐Ÿ“Œ run: echo ${{ steps.prep.outputs.version }} @@ -526,21 +433,23 @@ jobs: - name: Image Digest ๐Ÿ”– run: echo ${{ steps.image_build.outputs.digest }} - ####################### - # ploigos-tool-argocd # - ####################### - ploigos-tool-argocd: + ############################ + # ploigos-tool-argocd_ubi8 # + ############################ + ploigos-tool-argocd_ubi8: needs: - - ploigos-base + - ploigos-base_ubi8 runs-on: ubuntu-latest env: IMAGE_CONTEXT: ./ploigos-tool-argocd - IMAGE_FILE: Containerfile + IMAGE_FILE: Containerfile.ubi8 IMAGE_NAME: ploigos-tool-argocd - IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-argocd:latest - FROM_IMAGE_NAME: ploigos-base + IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-argocd:latest.ubi8 + IMAGE_TAG_FLAVOR: .ubi8 + IMAGE_IS_DEFAULT_FLAVOR: true + BASE_IMAGE_NAME: ploigos-base services: registry: @@ -554,34 +463,7 @@ jobs: - name: Determine Image Version and Tags โš™๏ธ id: prep - run: | - IMAGE_REPOSITORY=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.IMAGE_NAME }} - - VERSION=noop - if [ "${{ github.event_name }}" = "schedule" ]; then - VERSION=nightly - elif [[ $GITHUB_REF == refs/tags/* ]]; then - VERSION=${GITHUB_REF#refs/tags/} - elif [[ $GITHUB_REF == refs/heads/* ]]; then - VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') - if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then - VERSION=edge - fi - elif [[ $GITHUB_REF == refs/pull/* ]]; then - VERSION=pr-${{ github.event.number }} - fi - TAGS="${IMAGE_REPOSITORY}:${VERSION}" - if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - MINOR=${VERSION%.*} - MAJOR=${MINOR%.*} - TAGS="$TAGS,${IMAGE_REPOSITORY}:${MINOR},${IMAGE_REPOSITORY}:${MAJOR},${IMAGE_REPOSITORY}:latest" - elif [ "${{ github.event_name }}" = "push" ]; then - TAGS="$TAGS,${IMAGE_REPOSITORY}:sha-${GITHUB_SHA::8}" - fi - - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::${TAGS} - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh - name: Version ๐Ÿ“Œ run: echo ${{ steps.prep.outputs.version }} @@ -609,7 +491,7 @@ jobs: id: image_build uses: docker/build-push-action@v2.2.1 env: - IMAGE_BUILD_ARGS: FROM_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.FROM_IMAGE_NAME }}:${{ steps.prep.outputs.version }} + IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.prep.outputs.version }} with: context: ${{ env.IMAGE_CONTEXT }} file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} @@ -651,21 +533,23 @@ jobs: - name: Image Digest ๐Ÿ”– run: echo ${{ steps.image_build.outputs.digest }} - ############################ - # ploigos-tool-config-lint # - ############################ - ploigos-tool-config-lint: + ################################# + # ploigos-tool-config-lint_ubi8 # + ################################# + ploigos-tool-config-lint_ubi8: needs: - - ploigos-base + - ploigos-base_ubi8 runs-on: ubuntu-latest env: IMAGE_CONTEXT: ./ploigos-tool-config-lint - IMAGE_FILE: Containerfile + IMAGE_FILE: Containerfile.ubi8 IMAGE_NAME: ploigos-tool-config-lint - IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-config-lint:latest - FROM_IMAGE_NAME: ploigos-base + IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-config-lint:latest.ubi8 + IMAGE_TAG_FLAVOR: .ubi8 + IMAGE_IS_DEFAULT_FLAVOR: true + BASE_IMAGE_NAME: ploigos-base services: registry: @@ -679,34 +563,7 @@ jobs: - name: Determine Image Version and Tags โš™๏ธ id: prep - run: | - IMAGE_REPOSITORY=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.IMAGE_NAME }} - - VERSION=noop - if [ "${{ github.event_name }}" = "schedule" ]; then - VERSION=nightly - elif [[ $GITHUB_REF == refs/tags/* ]]; then - VERSION=${GITHUB_REF#refs/tags/} - elif [[ $GITHUB_REF == refs/heads/* ]]; then - VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') - if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then - VERSION=edge - fi - elif [[ $GITHUB_REF == refs/pull/* ]]; then - VERSION=pr-${{ github.event.number }} - fi - TAGS="${IMAGE_REPOSITORY}:${VERSION}" - if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - MINOR=${VERSION%.*} - MAJOR=${MINOR%.*} - TAGS="$TAGS,${IMAGE_REPOSITORY}:${MINOR},${IMAGE_REPOSITORY}:${MAJOR},${IMAGE_REPOSITORY}:latest" - elif [ "${{ github.event_name }}" = "push" ]; then - TAGS="$TAGS,${IMAGE_REPOSITORY}:sha-${GITHUB_SHA::8}" - fi - - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::${TAGS} - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh - name: Version ๐Ÿ“Œ run: echo ${{ steps.prep.outputs.version }} @@ -734,7 +591,7 @@ jobs: id: image_build uses: docker/build-push-action@v2.2.1 env: - IMAGE_BUILD_ARGS: FROM_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.FROM_IMAGE_NAME }}:${{ steps.prep.outputs.version }} + IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.prep.outputs.version }} with: context: ${{ env.IMAGE_CONTEXT }} file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} @@ -776,21 +633,23 @@ jobs: - name: Image Digest ๐Ÿ”– run: echo ${{ steps.image_build.outputs.digest }} - ##################### - # ploigos-tool-helm # - ##################### - ploigos-tool-helm: + ########################## + # ploigos-tool-helm_ubi8 # + ########################## + ploigos-tool-helm_ubi8: needs: - - ploigos-base + - ploigos-base_ubi8 runs-on: ubuntu-latest env: IMAGE_CONTEXT: ./ploigos-tool-helm - IMAGE_FILE: Containerfile + IMAGE_FILE: Containerfile.ubi8 IMAGE_NAME: ploigos-tool-helm - IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-helm:latest - FROM_IMAGE_NAME: ploigos-base + IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-helm:latest.ubi8 + IMAGE_TAG_FLAVOR: .ubi8 + IMAGE_IS_DEFAULT_FLAVOR: true + BASE_IMAGE_NAME: ploigos-base services: registry: @@ -804,34 +663,7 @@ jobs: - name: Determine Image Version and Tags โš™๏ธ id: prep - run: | - IMAGE_REPOSITORY=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.IMAGE_NAME }} - - VERSION=noop - if [ "${{ github.event_name }}" = "schedule" ]; then - VERSION=nightly - elif [[ $GITHUB_REF == refs/tags/* ]]; then - VERSION=${GITHUB_REF#refs/tags/} - elif [[ $GITHUB_REF == refs/heads/* ]]; then - VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') - if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then - VERSION=edge - fi - elif [[ $GITHUB_REF == refs/pull/* ]]; then - VERSION=pr-${{ github.event.number }} - fi - TAGS="${IMAGE_REPOSITORY}:${VERSION}" - if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - MINOR=${VERSION%.*} - MAJOR=${MINOR%.*} - TAGS="$TAGS,${IMAGE_REPOSITORY}:${MINOR},${IMAGE_REPOSITORY}:${MAJOR},${IMAGE_REPOSITORY}:latest" - elif [ "${{ github.event_name }}" = "push" ]; then - TAGS="$TAGS,${IMAGE_REPOSITORY}:sha-${GITHUB_SHA::8}" - fi - - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::${TAGS} - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh - name: Version ๐Ÿ“Œ run: echo ${{ steps.prep.outputs.version }} @@ -859,7 +691,7 @@ jobs: id: image_build uses: docker/build-push-action@v2.2.1 env: - IMAGE_BUILD_ARGS: FROM_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.FROM_IMAGE_NAME }}:${{ steps.prep.outputs.version }} + IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.prep.outputs.version }} with: context: ${{ env.IMAGE_CONTEXT }} file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} @@ -916,21 +748,23 @@ jobs: - name: Image Digest ๐Ÿ”– run: echo ${{ steps.image_build.outputs.digest }} - ###################### - # ploigos-tool-maven # - ###################### - ploigos-tool-maven: + ########################### + # ploigos-tool-maven_ubi8 # + ########################### + ploigos-tool-maven_ubi8: needs: - - ploigos-base-java-8 + - ploigos-base-java-8_ubi8 runs-on: ubuntu-latest env: IMAGE_CONTEXT: ./ploigos-tool-maven - IMAGE_FILE: Containerfile + IMAGE_FILE: Containerfile.ubi8 IMAGE_NAME: ploigos-tool-maven - IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-maven:latest - FROM_IMAGE_NAME: ploigos-base-java-8 + IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-maven:latest.ubi8 + IMAGE_TAG_FLAVOR: .ubi8 + IMAGE_IS_DEFAULT_FLAVOR: true + BASE_IMAGE_NAME: ploigos-base-java-8 services: registry: @@ -944,34 +778,7 @@ jobs: - name: Determine Image Version and Tags โš™๏ธ id: prep - run: | - IMAGE_REPOSITORY=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.IMAGE_NAME }} - - VERSION=noop - if [ "${{ github.event_name }}" = "schedule" ]; then - VERSION=nightly - elif [[ $GITHUB_REF == refs/tags/* ]]; then - VERSION=${GITHUB_REF#refs/tags/} - elif [[ $GITHUB_REF == refs/heads/* ]]; then - VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') - if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then - VERSION=edge - fi - elif [[ $GITHUB_REF == refs/pull/* ]]; then - VERSION=pr-${{ github.event.number }} - fi - TAGS="${IMAGE_REPOSITORY}:${VERSION}" - if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - MINOR=${VERSION%.*} - MAJOR=${MINOR%.*} - TAGS="$TAGS,${IMAGE_REPOSITORY}:${MINOR},${IMAGE_REPOSITORY}:${MAJOR},${IMAGE_REPOSITORY}:latest" - elif [ "${{ github.event_name }}" = "push" ]; then - TAGS="$TAGS,${IMAGE_REPOSITORY}:sha-${GITHUB_SHA::8}" - fi - - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::${TAGS} - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh - name: Version ๐Ÿ“Œ run: echo ${{ steps.prep.outputs.version }} @@ -999,7 +806,7 @@ jobs: id: image_build uses: docker/build-push-action@v2.2.1 env: - IMAGE_BUILD_ARGS: FROM_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.FROM_IMAGE_NAME }}:${{ steps.prep.outputs.version }} + IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.prep.outputs.version }} with: context: ${{ env.IMAGE_CONTEXT }} file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} @@ -1045,21 +852,23 @@ jobs: - name: Image Digest ๐Ÿ”– run: echo ${{ steps.image_build.outputs.digest }} - ###################### - # ploigos-tool-sonar # - ###################### - ploigos-tool-sonar: + ########################### + # ploigos-tool-sonar_ubi8 # + ########################### + ploigos-tool-sonar_ubi8: needs: - - ploigos-base + - ploigos-base_ubi8 runs-on: ubuntu-latest env: IMAGE_CONTEXT: ./ploigos-tool-sonar - IMAGE_FILE: Containerfile + IMAGE_FILE: Containerfile.ubi8 IMAGE_NAME: ploigos-tool-sonar - IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-sonar:latest - FROM_IMAGE_NAME: ploigos-base + IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-sonar:latest.ubi8 + IMAGE_TAG_FLAVOR: .ubi8 + IMAGE_IS_DEFAULT_FLAVOR: true + BASE_IMAGE_NAME: ploigos-base services: registry: @@ -1073,34 +882,7 @@ jobs: - name: Determine Image Version and Tags โš™๏ธ id: prep - run: | - IMAGE_REPOSITORY=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.IMAGE_NAME }} - - VERSION=noop - if [ "${{ github.event_name }}" = "schedule" ]; then - VERSION=nightly - elif [[ $GITHUB_REF == refs/tags/* ]]; then - VERSION=${GITHUB_REF#refs/tags/} - elif [[ $GITHUB_REF == refs/heads/* ]]; then - VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') - if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then - VERSION=edge - fi - elif [[ $GITHUB_REF == refs/pull/* ]]; then - VERSION=pr-${{ github.event.number }} - fi - TAGS="${IMAGE_REPOSITORY}:${VERSION}" - if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - MINOR=${VERSION%.*} - MAJOR=${MINOR%.*} - TAGS="$TAGS,${IMAGE_REPOSITORY}:${MINOR},${IMAGE_REPOSITORY}:${MAJOR},${IMAGE_REPOSITORY}:latest" - elif [ "${{ github.event_name }}" = "push" ]; then - TAGS="$TAGS,${IMAGE_REPOSITORY}:sha-${GITHUB_SHA::8}" - fi - - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::${TAGS} - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh - name: Version ๐Ÿ“Œ run: echo ${{ steps.prep.outputs.version }} @@ -1128,7 +910,7 @@ jobs: id: image_build uses: docker/build-push-action@v2.2.1 env: - IMAGE_BUILD_ARGS: FROM_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.FROM_IMAGE_NAME }}:${{ steps.prep.outputs.version }} + IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.prep.outputs.version }} with: context: ${{ env.IMAGE_CONTEXT }} file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} @@ -1184,6 +966,7 @@ jobs: IMAGE_FILE: Containerfile IMAGE_NAME: ploigos-jenkins IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-jenkins:latest + IMAGE_IS_DEFAULT_FLAVOR: true services: registry: @@ -1197,34 +980,7 @@ jobs: - name: Determine Image Version and Tags โš™๏ธ id: prep - run: | - IMAGE_REPOSITORY=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.IMAGE_NAME }} - - VERSION=noop - if [ "${{ github.event_name }}" = "schedule" ]; then - VERSION=nightly - elif [[ $GITHUB_REF == refs/tags/* ]]; then - VERSION=${GITHUB_REF#refs/tags/} - elif [[ $GITHUB_REF == refs/heads/* ]]; then - VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') - if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then - VERSION=edge - fi - elif [[ $GITHUB_REF == refs/pull/* ]]; then - VERSION=pr-${{ github.event.number }} - fi - TAGS="${IMAGE_REPOSITORY}:${VERSION}" - if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - MINOR=${VERSION%.*} - MAJOR=${MINOR%.*} - TAGS="$TAGS,${IMAGE_REPOSITORY}:${MINOR},${IMAGE_REPOSITORY}:${MAJOR},${IMAGE_REPOSITORY}:latest" - elif [ "${{ github.event_name }}" = "push" ]; then - TAGS="$TAGS,${IMAGE_REPOSITORY}:sha-${GITHUB_SHA::8}" - fi - - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::${TAGS} - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh - name: Version ๐Ÿ“Œ run: echo ${{ steps.prep.outputs.version }} @@ -1294,20 +1050,23 @@ jobs: - name: Image Digest ๐Ÿ”– run: echo ${{ steps.image_build.outputs.digest }} - ###################### - # ploigos-tool-rekor # - ###################### - ploigos-tool-rekor: + ########################### + # ploigos-tool-rekor_ubi8 # + ########################### + ploigos-tool-rekor_ubi8: needs: - - ploigos-base + - ploigos-base_ubi8 runs-on: ubuntu-latest env: IMAGE_CONTEXT: ./ploigos-tool-rekor - IMAGE_FILE: Containerfile + IMAGE_FILE: Containerfile.ubi8 IMAGE_NAME: ploigos-tool-rekor - IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-rekor:latest + IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-rekor:latest.ubi8 + IMAGE_TAG_FLAVOR: .ubi8 + IMAGE_IS_DEFAULT_FLAVOR: true + BASE_IMAGE_NAME: ploigos-base services: registry: @@ -1321,34 +1080,7 @@ jobs: - name: Determine Image Version and Tags โš™๏ธ id: prep - run: | - IMAGE_REPOSITORY=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.IMAGE_NAME }} - - VERSION=noop - if [ "${{ github.event_name }}" = "schedule" ]; then - VERSION=nightly - elif [[ $GITHUB_REF == refs/tags/* ]]; then - VERSION=${GITHUB_REF#refs/tags/} - elif [[ $GITHUB_REF == refs/heads/* ]]; then - VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') - if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then - VERSION=edge - fi - elif [[ $GITHUB_REF == refs/pull/* ]]; then - VERSION=pr-${{ github.event.number }} - fi - TAGS="${IMAGE_REPOSITORY}:${VERSION}" - if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - MINOR=${VERSION%.*} - MAJOR=${MINOR%.*} - TAGS="$TAGS,${IMAGE_REPOSITORY}:${MINOR},${IMAGE_REPOSITORY}:${MAJOR},${IMAGE_REPOSITORY}:latest" - elif [ "${{ github.event_name }}" = "push" ]; then - TAGS="$TAGS,${IMAGE_REPOSITORY}:sha-${GITHUB_SHA::8}" - fi - - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::${TAGS} - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh - name: Version ๐Ÿ“Œ run: echo ${{ steps.prep.outputs.version }} @@ -1376,7 +1108,7 @@ jobs: id: image_build uses: docker/build-push-action@v2.2.1 env: - IMAGE_BUILD_ARGS: + IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.prep.outputs.version }} with: context: ${{ env.IMAGE_CONTEXT }} file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} @@ -1417,3 +1149,428 @@ jobs: - name: Image Digest ๐Ÿ”– run: echo ${{ steps.image_build.outputs.digest }} + + ################################ + # ploigos-tool-containers_ubi8 # + ################################ + ploigos-tool-containers_ubi8: + needs: + - ploigos-base_ubi8 + + runs-on: ubuntu-latest + + env: + IMAGE_CONTEXT: ./ploigos-tool-containers + IMAGE_FILE: Containerfile.ubi8 + IMAGE_NAME: ploigos-tool-containers + IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-containers:latest.ubi8 + IMAGE_TAG_FLAVOR: .ubi8 + IMAGE_IS_DEFAULT_FLAVOR: true + BASE_IMAGE_NAME: ploigos-base + + services: + registry: + image: registry:2 + ports: + - 5000:5000 + + steps: + - name: Checkout ๐Ÿ›Ž๏ธ + uses: actions/checkout@v2 + + - name: Determine Image Version and Tags โš™๏ธ + id: prep + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh + + - name: Version ๐Ÿ“Œ + run: echo ${{ steps.prep.outputs.version }} + + - name: Image Tags ๐Ÿท + run: echo ${{ steps.prep.outputs.tags }} + + - name: Set up QEMU ๐Ÿงฐ + uses: docker/setup-qemu-action@v1.0.1 + + - name: Set up Docker Buildx ๐Ÿงฐ + uses: docker/setup-buildx-action@v1.0.4 + with: + driver-opts: network=host + + - name: Cache Docker layers ๐Ÿ—ƒ + uses: actions/cache@v2.1.3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Build Image ๐Ÿ›  + id: image_build + uses: docker/build-push-action@v2.2.1 + env: + IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.prep.outputs.version }} + with: + context: ${{ env.IMAGE_CONTEXT }} + file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} + build-args: ${{ env.IMAGE_BUILD_ARGS }} + push: true + tags: ${{ env.IMAGE_TAG_LOCAL }} + labels: | + org.opencontainers.image.created=${{ steps.prep.outputs.created }} + org.opencontainers.image.source=${{ github.repositoryUrl }} + org.opencontainers.image.version=${{ steps.prep.outputs.version }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.licenses=${{ github.event.repository.license.name }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + + - name: Test Image ๐Ÿงช + run: | + echo "test skopeo" + docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} skopeo --version + + echo "test podman" + docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} podman --version + + echo "test buildah" + docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} buildah --version + + - name: Login to External Registry ๐Ÿ”‘ + uses: docker/login-action@v1 + with: + registry: ${{ secrets.REGISTRY_URI }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + + - name: Push to External Registry ๐Ÿ”บ + id: push + run: | + docker pull ${{ env.IMAGE_TAG_LOCAL }} + + TAGS=${{ steps.prep.outputs.tags }} + for TAG in ${TAGS//,/ }; do + docker tag ${{ env.IMAGE_TAG_LOCAL }} ${TAG} + docker push ${TAG} + done + + - name: Image Digest ๐Ÿ”– + run: echo ${{ steps.image_build.outputs.digest }} + +## CENTOS ## + + ####################### + # ploigos-base_centos # + ####################### + ploigos-base_centos: + needs: + - cancel-previous + + runs-on: ubuntu-latest + + env: + IMAGE_CONTEXT: ./ploigos-base + IMAGE_FILE: Containerfile.centos + IMAGE_NAME: ploigos-base + IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-base:latest.centos + IMAGE_TAG_FLAVOR: .centos + IMAGE_IS_DEFAULT_FLAVOR: false + + services: + registry: + image: registry:2 + ports: + - 5000:5000 + + steps: + - name: Checkout ๐Ÿ›Ž๏ธ + uses: actions/checkout@v2 + + - name: Determine Image Version and Tags โš™๏ธ + id: prep + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh + + - name: Version ๐Ÿ“Œ + run: echo ${{ steps.prep.outputs.version }} + + - name: Image Tags ๐Ÿท + run: echo ${{ steps.prep.outputs.tags }} + + - name: Set up QEMU ๐Ÿงฐ + uses: docker/setup-qemu-action@v1.0.1 + + - name: Set up Docker Buildx ๐Ÿงฐ + uses: docker/setup-buildx-action@v1.0.4 + with: + driver-opts: network=host + + - name: Cache Docker layers ๐Ÿ—ƒ + uses: actions/cache@v2.1.3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Build Image ๐Ÿ›  + id: image_build + uses: docker/build-push-action@v2.2.1 + env: + IMAGE_BUILD_ARGS: + with: + context: ${{ env.IMAGE_CONTEXT }} + file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} + build-args: ${{ env.IMAGE_BUILD_ARGS }} + push: true + tags: ${{ env.IMAGE_TAG_LOCAL }} + labels: | + org.opencontainers.image.created=${{ steps.prep.outputs.created }} + org.opencontainers.image.source=${{ github.repositoryUrl }} + org.opencontainers.image.version=${{ steps.prep.outputs.version }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.licenses=${{ github.event.repository.license.name }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + + - name: Test Image ๐Ÿงช + run: | + echo "Test python3 installed" + docker run ${{ env.IMAGE_TAG_LOCAL }} python3 --version + echo "Test pip3 installed" + docker run ${{ env.IMAGE_TAG_LOCAL }} pip3 --version + echo "Test ploigos-step-runner is installed" + docker run ${{ env.IMAGE_TAG_LOCAL }} pip show ploigos-step-runner + echo "Test psr CLI works" + docker run ${{ env.IMAGE_TAG_LOCAL }} psr --help + echo "Test oc installed" + docker run ${{ env.IMAGE_TAG_LOCAL }} oc version + echo "Test git installed" + docker run ${{ env.IMAGE_TAG_LOCAL }} git version + echo "Test yq installed" + docker run ${{ env.IMAGE_TAG_LOCAL }} yq --version + + - name: Login to External Registry ๐Ÿ”‘ + uses: docker/login-action@v1 + with: + registry: ${{ secrets.REGISTRY_URI }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + + - name: Push to External Registry ๐Ÿ”บ + id: push + run: | + docker pull ${{ env.IMAGE_TAG_LOCAL }} + + TAGS=${{ steps.prep.outputs.tags }} + for TAG in ${TAGS//,/ }; do + docker tag ${{ env.IMAGE_TAG_LOCAL }} ${TAG} + docker push ${TAG} + done + + - name: Image Digest ๐Ÿ”– + run: echo ${{ steps.image_build.outputs.digest }} + + ################################## + # ploigos-tool-containers_centos # + ################################## + ploigos-tool-containers_centos: + needs: + - ploigos-base_centos + + runs-on: ubuntu-latest + + env: + IMAGE_CONTEXT: ./ploigos-tool-containers + IMAGE_FILE: Containerfile.centos + IMAGE_NAME: ploigos-tool-containers + IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-containers:latest.centos + IMAGE_TAG_FLAVOR: .centos + IMAGE_IS_DEFAULT_FLAVOR: false + BASE_IMAGE_NAME: ploigos-base + + services: + registry: + image: registry:2 + ports: + - 5000:5000 + + steps: + - name: Checkout ๐Ÿ›Ž๏ธ + uses: actions/checkout@v2 + + - name: Determine Image Version and Tags โš™๏ธ + id: prep + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh + + - name: Version ๐Ÿ“Œ + run: echo ${{ steps.prep.outputs.version }} + + - name: Image Tags ๐Ÿท + run: echo ${{ steps.prep.outputs.tags }} + + - name: Set up QEMU ๐Ÿงฐ + uses: docker/setup-qemu-action@v1.0.1 + + - name: Set up Docker Buildx ๐Ÿงฐ + uses: docker/setup-buildx-action@v1.0.4 + with: + driver-opts: network=host + + - name: Cache Docker layers ๐Ÿ—ƒ + uses: actions/cache@v2.1.3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Build Image ๐Ÿ›  + id: image_build + uses: docker/build-push-action@v2.2.1 + env: + IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.prep.outputs.version }} + with: + context: ${{ env.IMAGE_CONTEXT }} + file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} + build-args: ${{ env.IMAGE_BUILD_ARGS }} + push: true + tags: ${{ env.IMAGE_TAG_LOCAL }} + labels: | + org.opencontainers.image.created=${{ steps.prep.outputs.created }} + org.opencontainers.image.source=${{ github.repositoryUrl }} + org.opencontainers.image.version=${{ steps.prep.outputs.version }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.licenses=${{ github.event.repository.license.name }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + + - name: Test Image ๐Ÿงช + run: | + echo "test skopeo" + docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} skopeo --version + + echo "test podman" + docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} podman --version + + echo "test buildah" + docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} buildah --version + + - name: Login to External Registry ๐Ÿ”‘ + uses: docker/login-action@v1 + with: + registry: ${{ secrets.REGISTRY_URI }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + + - name: Push to External Registry ๐Ÿ”บ + id: push + run: | + docker pull ${{ env.IMAGE_TAG_LOCAL }} + + TAGS=${{ steps.prep.outputs.tags }} + for TAG in ${TAGS//,/ }; do + docker tag ${{ env.IMAGE_TAG_LOCAL }} ${TAG} + docker push ${TAG} + done + + - name: Image Digest ๐Ÿ”– + run: echo ${{ steps.image_build.outputs.digest }} + + ################################ + # ploigos-tool-openscap_centos # + ################################ + ploigos-tool-openscap_centos: + needs: + - ploigos-tool-containers_centos + + runs-on: ubuntu-latest + + env: + IMAGE_CONTEXT: ./ploigos-tool-openscap + IMAGE_FILE: Containerfile.ubi8 + IMAGE_NAME: ploigos-tool-openscap + IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-openscap:latest + IMAGE_TAG_FLAVOR: .centos + IMAGE_IS_DEFAULT_FLAVOR: true + BASE_IMAGE_NAME: ploigos-tool-containers + + services: + registry: + image: registry:2 + ports: + - 5000:5000 + + steps: + - name: Checkout ๐Ÿ›Ž๏ธ + uses: actions/checkout@v2 + + - name: Determine Image Version and Tags โš™๏ธ + id: prep + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh + + - name: Version ๐Ÿ“Œ + run: echo ${{ steps.prep.outputs.version }} + + - name: Image Tags ๐Ÿท + run: echo ${{ steps.prep.outputs.tags }} + + - name: Set up QEMU ๐Ÿงฐ + uses: docker/setup-qemu-action@v1.0.1 + + - name: Set up Docker Buildx ๐Ÿงฐ + uses: docker/setup-buildx-action@v1.0.4 + with: + driver-opts: network=host + + - name: Cache Docker layers ๐Ÿ—ƒ + uses: actions/cache@v2.1.3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Build Image ๐Ÿ›  + id: image_build + uses: docker/build-push-action@v2.2.1 + env: + IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.prep.outputs.version }} + with: + context: ${{ env.IMAGE_CONTEXT }} + file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} + build-args: ${{ env.IMAGE_BUILD_ARGS }} + push: true + tags: ${{ env.IMAGE_TAG_LOCAL }} + labels: | + org.opencontainers.image.created=${{ steps.prep.outputs.created }} + org.opencontainers.image.source=${{ github.repositoryUrl }} + org.opencontainers.image.version=${{ steps.prep.outputs.version }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.licenses=${{ github.event.repository.license.name }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + + - name: Test Image ๐Ÿงช + run: | + echo "test oscap" + docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} oscap --version + + - name: Login to External Registry ๐Ÿ”‘ + uses: docker/login-action@v1 + with: + registry: ${{ secrets.REGISTRY_URI }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + + - name: Push to External Registry ๐Ÿ”บ + id: push + run: | + docker pull ${{ env.IMAGE_TAG_LOCAL }} + + TAGS=${{ steps.prep.outputs.tags }} + for TAG in ${TAGS//,/ }; do + docker tag ${{ env.IMAGE_TAG_LOCAL }} ${TAG} + docker push ${TAG} + done + + - name: Image Digest ๐Ÿ”– + run: echo ${{ steps.image_build.outputs.digest }} diff --git a/README.md b/README.md index 009c933..afc9a2d 100644 --- a/README.md +++ b/README.md @@ -76,84 +76,88 @@ to kick off which will build, test, publish the images (that can) to [quay.io/pl ## Images * ploigos-base + * ubi8 + * centos +* ploigos-base-java-8 + * ubi8 * ploigos-ci-agent-jenkins + * ubi8 +* ploigos-jenkins + * ubi8 +* ploigos-jenkins-init + * ubi8 * ploigos-tool-argocd + * ubi8 * ploigos-tool-config-lint + * ubi8 +* ploigos-tool-containers + * ubi8 + * centos +* ploigos-tool-helm + * ubi8 * ploigos-tool-maven + * ubi8 * ploigos-tool-openscap + * centos +* ploigos-tool-reokor + * ubi8 * ploigos-tool-sonar - + * ubi8 # Local Build, Test, and Publish ## Build The following commands can be used for building these images locally -``` -# Run these commands from the directory where this repository was cloned - -podman build --tag ploigos-base ploigos-base -podman build --build-arg FROM_IMAGE=ploigos-base --tag ploigos-tool-helm ploigos-tool-helm -podman build --build-arg FROM_IMAGE=ploigos-base --tag ploigos-base-java-8 ploigos-base-java-8 -podman build --build-arg FROM_IMAGE=ploigos-base-java-8 --tag ploigos-ci-agent-jenkins ploigos-ci-agent-jenkins -podman build --build-arg FROM_IMAGE=ploigos-base --tag ploigos-tool-argocd ploigos-tool-argocd -podman build --build-arg FROM_IMAGE=ploigos-base --tag ploigos-tool-containers ploigos-tool-containers -podman build --build-arg FROM_IMAGE=ploigos-base --tag ploigos-tool-config-lint ploigos-tool-config-lint -podman build --build-arg FROM_IMAGE=ploigos-base-java-8 --tag ploigos-tool-maven ploigos-tool-maven -podman build --build-arg FROM_IMAGE=ploigos-tool-containers --tag ploigos-tool-openscap ploigos-tool-openscap -podman build --build-arg FROM_IMAGE=ploigos-base --tag ploigos-tool-sonar ploigos-tool-sonar +### With Red Hat Subscription +The `openscap-scanner` RPM for RHEL is currently only available to those with a Red Hat +subscription, so to build the `ploigos-tools-openscap` image on ubi8 these commands must be run +from a RHEL 8 system with valid Red Hat subscriptions. + +``` +podman build --tag ploigos-base ploigos-base +podman build --tag ploigos-base-java-8 --build-arg BASE_IMAGE=ploigos-base ploigos-base-java-8 +podman build --tag ploigos-ci-agent-jenkins --build-arg BASE_IMAGE=ploigos-base-java-8 ploigos-ci-agent-jenkins +podman build --tag ploigos-jenkins ploigos-jenkins +podman build --tag ploigos-jenkins-init ploigos-jenkins-init +podman build --tag ploigos-tool-argocd --build-arg BASE_IMAGE=ploigos-base ploigos-tool-argocd +podman build --tag ploigos-tool-config-lint --build-arg BASE_IMAGE=ploigos-base ploigos-tool-config-lint +podman build --tag ploigos-tool-containers --build-arg BASE_IMAGE=ploigos-base ploigos-tool-containers +podman build --tag ploigos-tool-helm --build-arg BASE_IMAGE=ploigos-base ploigos-tool-helm +podman build --tag ploigos-tool-maven --build-arg BASE_IMAGE=ploigos-base-java-8 ploigos-tool-maven +podman build --tag ploigos-tool-openscap --build-arg BASE_IMAGE=ploigos-tool-containers ploigos-tool-openscap +podman build --tag ploigos-tool-rekor --build-arg BASE_IMAGE=ploigos-base ploigos-tool-rekor +podman build --tag ploigos-tool-sonar --build-arg BASE_IMAGE=ploigos-base ploigos-tool-sonar +``` + +### No Red Hat Subscription +The `openscap-scanner` RPM for RHEL is currently only available to those with a Red Hat +subscription, so to build the `ploigos-tools-openscap` image without a Red Hat subscription +centos must be used rather then ubi8 for the base image. + +``` +podman build --tag ploigos-base ploigos-base +podman build --tag ploigos-base-java-8 --build-arg BASE_IMAGE=ploigos-base ploigos-base-java-8 +podman build --tag ploigos-ci-agent-jenkins --build-arg BASE_IMAGE=ploigos-base-java-8 ploigos-ci-agent-jenkins +podman build --tag ploigos-jenkins ploigos-jenkins +podman build --tag ploigos-jenkins-init ploigos-jenkins-init +podman build --tag ploigos-tool-argocd --build-arg BASE_IMAGE=ploigos-base ploigos-tool-argocd +podman build --tag ploigos-tool-config-lint --build-arg BASE_IMAGE=ploigos-base ploigos-tool-config-lint +podman build --tag ploigos-tool-containers --build-arg BASE_IMAGE=ploigos-base ploigos-tool-containers +podman build --tag ploigos-tool-helm --build-arg BASE_IMAGE=ploigos-base ploigos-tool-helm +podman build --tag ploigos-tool-maven --build-arg BASE_IMAGE=ploigos-base-java-8 ploigos-tool-maven +podman build --tag ploigos-tool-rekor --build-arg BASE_IMAGE=ploigos-base ploigos-tool-rekor +podman build --tag ploigos-tool-sonar --build-arg BASE_IMAGE=ploigos-base ploigos-tool-sonar + +podman build -f Containerfile.centos --tag ploigos-base:latest.centos ploigos-base +podman build -f Containerfile.centos --tag ploigos-tool-containers:latest.centos --build-arg BASE_IMAGE=ploigos-base:latest.centos ploigos-tool-containers +podman build -f Containerfile.centos --tag ploigos-tool-openscap --build-arg BASE_IMAGE=ploigos-tool-containers:latest.centos ploigos-tool-openscap ``` ## Test > **TODO** - -## Publish -Steps for manually publishing the images that need to be manually published. - -* ploigos-tool-containers -* ploigos-tool-openscap - -### Setup -Setup steps. -``` -yum -y install podman, buildah -``` - -### Publish edge - -#### Publish to quay.io/ploigos -``` -./manual-publish.sh -``` -or -``` -./manual-publish.sh edge ploigos -``` -or -``` -./manual-publish.sh edge ploigos quay.io -``` - -#### Publish to personal quay.io repo -``` -./manual-publish.sh edge $QUAY_USER_NAME -``` -or -``` -./manual-publish.sh edge $QUAY_USER_NAME quay.io -``` - -### Pubish release verson - -#### Publish the v1.0.0 release version to quay.io/ploigos -``` -./manual-publish.sh v1.0.0 -``` - # How to Release? 1. tag this repository with the release version * ex: `v1.42.0` * __NOTE__: must start with `v` -2. manually publish the images that can't be automatically published - * ex: `./manual-publish.sh v1.42.0 ploigos quay.io` diff --git a/manual-publish.sh b/manual-publish.sh deleted file mode 100755 index 9a98181..0000000 --- a/manual-publish.sh +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/bash - -# PARAMS -# $1 - image version -# $2 - registry repository -# $3 - registry uri - -build_tag_push() { - IMAGE_NAME=$1 - FROM_IMAGE_NAME=$2 - - echo BUILD: ${IMAGE_NAME} - podman build --build-arg FROM_IMAGE=${REGISTRY_URI}/${REGISTRY_REPOSITORY}/${FROM_IMAGE_NAME}:${IMAGE_VERSION} --tag ${IMAGE_NAME} --no-cache --pull-always ${IMAGE_NAME} - - for IMAGE_TAG in ${IMAGE_TAGS}; do - FULL_TAG="${REGISTRY_URI}/${REGISTRY_REPOSITORY}/${IMAGE_NAME}:${IMAGE_TAG}" - echo "TAG: ${FULL_TAG}" - buildah tag localhost/${IMAGE_NAME} ${FULL_TAG} - - echo "PUSH: ${FULL_TAG}" - buildah push ${FULL_TAG} - done -} - -if [ -z "$1" ]; then - IMAGE_VERSION='edge' -else - IMAGE_VERSION=$1 -fi - -if [ -z "$2" ]; then - REGISTRY_REPOSITORY='ploigos' -else - REGISTRY_REPOSITORY=$2 -fi - -if [ -z "$3" ]; then - REGISTRY_URI='quay.io' -else - REGISTRY_URI=$3 -fi - -GIT_REV=$(git rev-parse HEAD) -GIT_HASH_TAG=sha-${GIT_REV::8} - -echo -echo -------------------- -echo -echo "LOGIN: ${REGISTRY_URI}" -buildah login ${REGISTRY_URI} - -echo -echo -------------------- -echo -echo CALCULATE TAGS -IMAGE_TAGS="${IMAGE_VERSION} ${GIT_HASH_TAG}" -if [[ $IMAGE_VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - MINOR=${IMAGE_VERSION%.*} - MAJOR=${MINOR%.*} - IMAGE_TAGS="${IMAGE_TAGS} ${MINOR} ${MAJOR} latest" -fi - -echo -echo -------------------- -echo -echo CONFIRMATION -echo " IMAGES: ploigos-tool-containers ploigos-tool-openscap" -echo " IMAGE VERSION: ${IMAGE_VERSION}" -echo " IMAGE TAGS: ${IMAGE_TAGS}" -echo " REGISTRY REPOSITORY: ${REGISTRY_REPOSITORY}" -echo " REGISTRY_URI: ${REGISTRY_URI}" -echo - -read -p "Are you sure you want to build, tag, and push? (Y/N): " -if ! [[ $REPLY =~ ^[Yy]$ ]]; then - exit 1 -fi - -########################### -# ploigos-tool-containers # -########################### -echo -echo -------------------- -echo -IMAGE_NAME=ploigos-tool-containers -FROM_IMAGE_NAME=ploigos-base -build_tag_push ${IMAGE_NAME} ${FROM_IMAGE_NAME} - -######################### -# ploigos-tool-openscap # -######################### -echo -echo -------------------- -echo -IMAGE_NAME=ploigos-tool-openscap -FROM_IMAGE_NAME=ploigos-tool-containers -build_tag_push ${IMAGE_NAME} ${FROM_IMAGE_NAME} - diff --git a/ploigos-base-java-8/Containerfile.ubi8 b/ploigos-base-java-8/Containerfile.ubi8 index 4a8ea24..ebb7b42 100644 --- a/ploigos-base-java-8/Containerfile.ubi8 +++ b/ploigos-base-java-8/Containerfile.ubi8 @@ -1,27 +1,29 @@ -ARG FROM_IMAGE=quay.io/ploigos/ploigos-base:latest +ARG BASE_IMAGE=quay.io/ploigos/ploigos-base:latest.ubi8 -FROM $FROM_IMAGE +FROM $BASE_IMAGE ARG PLOIGOS_USER_UID -# Labels consumed by Red Hat build service -LABEL com.redhat.component="ploigos-base-java-8" \ - name="ploigos/ploigos-base-java-8" \ - architecture="x86_64" \ - io.k8s.display-name="Ploigos Base Java 8" \ - io.k8s.description="The Ploigos Base Java 8 image builds on top of the Ploigos base image to include the Java 8 JDK" \ - io.openshift.tags="ploigos,openshift,java,python,python3,python36" \ - maintainer="ploigos@redhat.com" +# labels +ENV DESCRIPTION="Ploigos Java 8 base container" +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-base-java-8" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Base - Java 8" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,java" \ + com.redhat.component="ploigos-base-java-8-container" USER root # Install headless Java RUN INSTALL_PKGS="java-1.8.0-openjdk-devel" && \ + dnf update -y --allowerasing --nobest && \ dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ - rpm -V $INSTALL_PKGS && \ - dnf update -y && \ - dnf clean all + dnf clean all && \ + rm -rf /var/cache /var/log/dnf* /var/log/yum.* USER $PLOIGOS_USER_UID - -############################################## -# End -############################################## diff --git a/ploigos-base/Containerfile.centos b/ploigos-base/Containerfile.centos new file mode 100644 index 0000000..d589237 --- /dev/null +++ b/ploigos-base/Containerfile.centos @@ -0,0 +1,83 @@ +ARG BASE_IMAGE=quay.io/centos/centos:8 +ARG PLOIGOS_USER_NAME=ploigos +ARG PLOIGOS_USER_UID=1001 +ARG PLOIGOS_USER_GID=0 +ARG PLOIGOS_HOME_DIR=/home/ploigos +ARG PLOIGOS_SOURCE=ploigos-step-runner==0.16.0 +ARG OPENSHIFT_CLI_VERSION=4.6 +ARG YQ_VERSION=3.4.1 + +############################################## +# Stage 1 : Retrieive oc cli +############################################## +FROM quay.io/openshift/origin-cli:$OPENSHIFT_CLI_VERSION as origin-cli + +############################################## +# Stage 2 : Build ploigos-base +############################################## +FROM $BASE_IMAGE +ARG PLOIGOS_USER_NAME +ARG PLOIGOS_USER_UID +ARG PLOIGOS_USER_GID +ARG PLOIGOS_HOME_DIR +ARG PLOIGOS_SOURCE +ARG YQ_VERSION +COPY --from=origin-cli /usr/bin/oc /usr/bin/oc +COPY --from=origin-cli /usr/bin/kubectl /usr/bin/kubectl + +# arguments +# NOTE: arguments used in sub stage have to be in that stage (at least when building with docker, buildah doesn't seem to have a problem either way) +ARG SOPS_RPM="https://github.com/mozilla/sops/releases/download/v3.6.1/sops-3.6.1-1.x86_64.rpm" + +# labels +ENV DESCRIPTION="Ploigos base container." +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-base" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Base" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos" \ + com.redhat.component="ploigos-base-container" + +ENV HOME=/home/ploigos \ + LANG=en_US.UTF-8 \ + LC_ALL=en_US.UTF-8 + +USER root + +# Install JQ +RUN curl -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -o /usr/bin/jq && \ + chmod +x /usr/bin/jq + +# Install YQ +RUN curl -L https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o /usr/bin/yq &&\ + chmod +x /usr/bin/yq + +# Install packages +RUN INSTALL_PKGS="gettext git rsync tar unzip which zip bzip2 python36 python3-pip python3-pip-wheel python3-setuptools python36-devel ${SOPS_RPM} gnupg2" && \ + dnf update -y --allowerasing --nobest && \ + dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ + dnf clean all && \ + rm -rf /var/cache /var/log/dnf* /var/log/yum.* + +# Configure Python +RUN alternatives --set python /usr/bin/python3 && \ + python -m pip install --no-cache-dir --upgrade pip + +# Install Ploigos step runner python library +RUN python -m pip install --no-cache-dir --upgrade ${PLOIGOS_SOURCE} + +# Configure ploigos user +RUN useradd ploigos --uid $PLOIGOS_USER_UID --gid $PLOIGOS_USER_GID --home-dir ${PLOIGOS_HOME_DIR} --create-home --shell /sbin/nologin && \ + chown -R $PLOIGOS_USER_UID:${PLOIGOS_USER_GID} ${PLOIGOS_HOME_DIR} && \ + chmod -R g+w ${PLOIGOS_HOME_DIR} + +# Allow root(0) group to run update-ca-trust extract +RUN chmod -R g+w /etc/pki/ca-trust/extracted + +USER $PLOIGOS_USER_UID diff --git a/ploigos-base/Containerfile.ubi8 b/ploigos-base/Containerfile.ubi8 index 0323275..5f7e552 100644 --- a/ploigos-base/Containerfile.ubi8 +++ b/ploigos-base/Containerfile.ubi8 @@ -29,14 +29,20 @@ COPY --from=origin-cli /usr/bin/kubectl /usr/bin/kubectl # NOTE: arguments used in sub stage have to be in that stage (at least when building with docker, buildah doesn't seem to have a problem either way) ARG SOPS_RPM="https://github.com/mozilla/sops/releases/download/v3.6.1/sops-3.6.1-1.x86_64.rpm" -# Labels consumed by Red Hat build service -LABEL com.redhat.component="ploigos-base" \ - name="ploigos/ploigos-base" \ - architecture="x86_64" \ - io.k8s.display-name="Ploigos Base Image" \ - io.k8s.description="Ploigos Base image, including python 3.6, and miscellaneous utilities" \ - io.openshift.tags="ploigos,openshift,python3,python36" \ - maintainer="ploigos@redhat.com" +# labels +ENV DESCRIPTION="Ploigos base container." +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-base" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Base" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos" \ + com.redhat.component="ploigos-base-container" ENV HOME=/home/ploigos \ LANG=en_US.UTF-8 \ @@ -54,11 +60,10 @@ RUN curl -L https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_l # Install packages RUN INSTALL_PKGS="gettext git rsync tar unzip which zip bzip2 python36 python3-pip python3-pip-wheel python3-setuptools python36-devel ${SOPS_RPM} gnupg2" && \ + dnf update -y --allowerasing --nobest && \ dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ - dnf update -y && \ - rpm -V $INSTALL_PKGS && \ - dnf clean all - + dnf clean all && \ + rm -rf /var/cache /var/log/dnf* /var/log/yum.* # Configure Python RUN alternatives --set python /usr/bin/python3 && \ @@ -76,6 +81,3 @@ RUN useradd ploigos --uid $PLOIGOS_USER_UID --gid $PLOIGOS_USER_GID --home-dir $ RUN chmod -R g+w /etc/pki/ca-trust/extracted USER $PLOIGOS_USER_UID -############################################## -# End -############################################## diff --git a/ploigos-ci-agent-jenkins/Containerfile.ubi8 b/ploigos-ci-agent-jenkins/Containerfile.ubi8 index f5225cf..edf6d41 100644 --- a/ploigos-ci-agent-jenkins/Containerfile.ubi8 +++ b/ploigos-ci-agent-jenkins/Containerfile.ubi8 @@ -1,16 +1,22 @@ -ARG FROM_IMAGE=quay.io/ploigos/ploigos-base-java-8:latest +ARG BASE_IMAGE=quay.io/ploigos/ploigos-base-java-8:latest.ubi8 -FROM $FROM_IMAGE +FROM $BASE_IMAGE ARG PLOIGOS_USER_UID -# Labels consumed by Red Hat build service -LABEL com.redhat.component="ploigos-ci-agent-jenkins" \ - name="ploigos/ploigos-ci-agent-jenkins" \ - architecture="x86_64" \ - io.k8s.display-name="Jenkins Agent" \ - io.k8s.description="The Ploigos jenkins agent" \ - io.openshift.tags="ploigos,openshift,java,jenkins,agent,python,python3,python36" \ - maintainer="ploigos@redhat.com" +# labels +ENV DESCRIPTION="Ploigos CI agent for Jenkins" +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-ci-agent-jenkins" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - CI Agent - Jenkins" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,jenkins,jnlp" \ + com.redhat.component="ploigos-ci-agent-jenkins-container" ENV LANG=en_US.UTF-8 \ LC_ALL=en_US.UTF-8 @@ -35,7 +41,3 @@ USER $PLOIGOS_USER_UID # Run the Jenkins JNLP client ENTRYPOINT ["/usr/local/bin/run-jnlp-client"] - -############################################## -# End -############################################## diff --git a/ploigos-jenkins-init/Containerfile b/ploigos-jenkins-init/Containerfile deleted file mode 120000 index b499254..0000000 --- a/ploigos-jenkins-init/Containerfile +++ /dev/null @@ -1 +0,0 @@ -Containerfile.ubi8 \ No newline at end of file diff --git a/ploigos-jenkins-init/Containerfile b/ploigos-jenkins-init/Containerfile new file mode 100644 index 0000000..beec2fd --- /dev/null +++ b/ploigos-jenkins-init/Containerfile @@ -0,0 +1,39 @@ +# use the existing Jenkins image so we have access to the install-plugins +# script. It also lets us avoid pulling down dependencies that are already in +# the base image +FROM quay.io/openshift/origin-jenkins:latest AS jenkins + +# labels +ENV DESCRIPTION="Ploigos Jenkins init container" +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-jenkins-init" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Jenkins init" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,jenkins,init" \ + com.redhat.component="ploigos-jenkins-init-container" + +USER root + +# fetch the container images +COPY ./ploigos-plugins.txt /tmp/ploigos-plugins.txt +RUN /usr/local/bin/install-plugins.sh /tmp/ploigos-plugins.txt + +# delete the symlinks +# copy everything into /usr/lib/jenkins so we can grab it for the final image. +RUN find /opt/openshift/plugins -type l -delete && \ + cp -v /opt/openshift/plugins/* /usr/lib/jenkins/ + +# shift to a ubi-minimal image, copy in the plugins that were installed above. +# this leaves us with a minimal image with just the plugins. +FROM registry.access.redhat.com/ubi8/ubi-minimal:latest + +USER 1001 + +# copy the artifacts from the previous image +COPY --from=jenkins /usr/lib/jenkins /ploigos-jenkins-plugins diff --git a/ploigos-jenkins-init/Containerfile.ubi8 b/ploigos-jenkins-init/Containerfile.ubi8 deleted file mode 100644 index a94adc5..0000000 --- a/ploigos-jenkins-init/Containerfile.ubi8 +++ /dev/null @@ -1,24 +0,0 @@ -# use the existing Jenkins image so we have access to the install-plugins -# script. It also lets us avoid pulling down dependencies that are already in -# the base image -FROM quay.io/openshift/origin-jenkins:latest AS jenkins - -USER root - -# fetch the container images -COPY ./ploigos-plugins.txt /tmp/ploigos-plugins.txt -RUN /usr/local/bin/install-plugins.sh /tmp/ploigos-plugins.txt - -# delete the symlinks -# copy everything into /usr/lib/jenkins so we can grab it for the final image. -RUN find /opt/openshift/plugins -type l -delete && \ - cp -v /opt/openshift/plugins/* /usr/lib/jenkins/ - -# shift to a ubi-minimal image, copy in the plugins that were installed above. -# this leaves us with a minimal image with just the plugins. -FROM registry.access.redhat.com/ubi8/ubi-minimal:latest - -USER 1001 - -# copy the artifacts from the previous image -COPY --from=jenkins /usr/lib/jenkins /ploigos-jenkins-plugins \ No newline at end of file diff --git a/ploigos-jenkins/Containerfile b/ploigos-jenkins/Containerfile deleted file mode 120000 index b499254..0000000 --- a/ploigos-jenkins/Containerfile +++ /dev/null @@ -1 +0,0 @@ -Containerfile.ubi8 \ No newline at end of file diff --git a/ploigos-jenkins/Containerfile b/ploigos-jenkins/Containerfile new file mode 100644 index 0000000..33840fc --- /dev/null +++ b/ploigos-jenkins/Containerfile @@ -0,0 +1,21 @@ +FROM quay.io/openshift/origin-jenkins:latest + +# labels +ENV DESCRIPTION="Ploigos version of Jenkins allowing for runtime changes of ca-trust." +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-jenkins" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - CI Agent - Jenkins" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,jenkins" \ + com.redhat.component="ploigos-jenkins-container" + +USER root + +# Allow root(0) group to run update-ca-trust extract +RUN chmod -R g+w /etc/pki/ca-trust/extracted diff --git a/ploigos-jenkins/Containerfile.ubi8 b/ploigos-jenkins/Containerfile.ubi8 deleted file mode 100644 index da901df..0000000 --- a/ploigos-jenkins/Containerfile.ubi8 +++ /dev/null @@ -1,6 +0,0 @@ -FROM quay.io/openshift/origin-jenkins:latest - -USER root - -# Allow root(0) group to run update-ca-trust extract -RUN chmod -R g+w /etc/pki/ca-trust/extracted \ No newline at end of file diff --git a/ploigos-tool-argocd/Containerfile.ubi8 b/ploigos-tool-argocd/Containerfile.ubi8 index b0237c3..4bd5f68 100644 --- a/ploigos-tool-argocd/Containerfile.ubi8 +++ b/ploigos-tool-argocd/Containerfile.ubi8 @@ -1,17 +1,24 @@ -ARG FROM_IMAGE=quay.io/ploigos/ploigos-base:latest +ARG BASE_IMAGE=quay.io/ploigos/ploigos-base:latest.ubi8 -FROM $FROM_IMAGE +FROM $BASE_IMAGE ARG PLOIGOS_USER_UID -LABEL com.redhat.component="ploigos-tool-argocd" \ - name="ploigos/ploigos-tool-argocd" \ - architecture="x86_64" \ - io.k8s.display-name="Ploigos argocd" \ - io.k8s.description="The Ploigos argocd image provides the argocd executable" \ - io.openshift.tags="ploigos,openshift,argocd,python,python3,python36" \ - maintainer="ploigos@redhat.com" +# labels +ENV DESCRIPTION="Ploigos tool container with ArgoCD cli" +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-tool-argocd" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Tool - ArgoCD" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,argocd" \ + com.redhat.component="ploigos-tool-argocd-container" -USER 0 +USER root # TODO: Currently (7/29/2020) podman does not support passing arguments into environment variables # see https://github.com/containers/buildah/issues/2345 @@ -23,7 +30,3 @@ RUN curl -L https://github.com/argoproj/argo-cd/releases/download/v1.6.1/argocd- USER $PLOIGOS_USER_UID ENTRYPOINT [ "/usr/bin/argocd" ] - -############################################## -# End -############################################## diff --git a/ploigos-tool-config-lint/Containerfile.ubi8 b/ploigos-tool-config-lint/Containerfile.ubi8 index f8c8343..fa33040 100644 --- a/ploigos-tool-config-lint/Containerfile.ubi8 +++ b/ploigos-tool-config-lint/Containerfile.ubi8 @@ -1,27 +1,30 @@ -ARG FROM_IMAGE=quay.io/ploigos/ploigos-base:latest +ARG BASE_IMAGE=quay.io/ploigos/ploigos-base:latest.ubi8 -FROM $FROM_IMAGE +FROM $BASE_IMAGE ARG PLOIGOS_USER_UID -LABEL architecture="x86_64" \ - com.redhat.component="ploigos-tool-config-lint" \ - io.k8s.description="The Ploigos config-lint image provides the config-lint executable" \ - io.k8s.display-name="Ploigos config-lint scanner" \ - io.openshift.tags="ploigos,openshift,config-lint,python,python3,python36" \ - maintainer="ploigos@redhat.com" \ - name="ploigos/ploigos-tool-config-lint" +# labels +ENV DESCRIPTION="Ploigos tool container with config-ling" +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-tool-config-lint" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Tool - config-lint" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,config-lint" \ + com.redhat.component="ploigos-tool-config-lint-container" -USER 0 +USER root WORKDIR /usr/local/bin RUN curl -L https://github.com/stelligent/config-lint/releases/latest/download/config-lint_Linux_x86_64.tar.gz --output config-lint.tar.gz && \ -tar xzf ./config-lint.tar.gz && \ -rm ./config-lint.tar.gz && \ -chmod 775 ./config-lint && \ -chown 1001:0 ./config-lint + tar xzf ./config-lint.tar.gz && \ + rm ./config-lint.tar.gz && \ + chmod 775 ./config-lint && \ + chown 1001:0 ./config-lint USER $PLOIGOS_USER_UID - -############################################## -# End -############################################## diff --git a/ploigos-tool-containers/Containerfile.centos b/ploigos-tool-containers/Containerfile.centos new file mode 100644 index 0000000..14fb403 --- /dev/null +++ b/ploigos-tool-containers/Containerfile.centos @@ -0,0 +1,44 @@ +# This image is based on the following Dockerfiles: +# https://catalog.redhat.com/software/containers/rhel8/buildah/5dca3d76dd19c71643b226d5?container-tabs=dockerfile +# https://github.com/containers/buildah/blob/master/contrib/buildahimage/stable/Dockerfile +ARG BASE_IMAGE=quay.io/ploigos/ploigos-base:latest.centos +ARG GO_VERSION=1.12.17 + +FROM $BASE_IMAGE +ARG PLOIGOS_USER_UID +ARG GO_VERSION + +# labels +ENV DESCRIPTION="Ploigos tool container with container tools, skopeo, buildah, and podman." +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-tool-containers" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Tool - containers" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,podman,skopeo,buildah" \ + com.redhat.component="ploigos-tool-containers-container" + +USER root + +# update and install packages +RUN INSTALL_PKGS="buildah podman skopeo" && \ + dnf update -y --allowerasing --nobest && \ + dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ + dnf clean all && \ + rm -rf /var/cache /var/log/dnf* /var/log/yum.* + +# Adjust storage.conf to enable Fuse storage. +RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf +RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock + +USER $PLOIGOS_USER_UID + +# Set up environment variables to note that this is +# not starting with usernamespace and default to +# isolate the filesystem with chroot. +ENV _BUILDAH_STARTED_IN_USERNS="" BUILDAH_ISOLATION=chroot diff --git a/ploigos-tool-containers/Containerfile.ubi8 b/ploigos-tool-containers/Containerfile.ubi8 index 20949b3..1ebfe36 100644 --- a/ploigos-tool-containers/Containerfile.ubi8 +++ b/ploigos-tool-containers/Containerfile.ubi8 @@ -1,30 +1,36 @@ # This image is based on the following Dockerfiles: # https://catalog.redhat.com/software/containers/rhel8/buildah/5dca3d76dd19c71643b226d5?container-tabs=dockerfile # https://github.com/containers/buildah/blob/master/contrib/buildahimage/stable/Dockerfile -ARG FROM_IMAGE=quay.io/ploigos/ploigos-base:latest +ARG BASE_IMAGE=quay.io/ploigos/ploigos-base:latest.ubi8 +ARG GO_VERSION=1.12.17 -FROM $FROM_IMAGE +FROM $BASE_IMAGE ARG PLOIGOS_USER_UID +ARG GO_VERSION -LABEL maintainer="ploigos@redhat.com" \ - name="ploigos/ploigos-tool-containers" \ - architecture="x86_64" \ - io.k8s.display-name="ploigos-tool-containers" \ - io.k8s.description="Ploigos tools container that has tools for working with containers." \ - io.openshift.tags="ploigos,openshift,buildah,podman,skopeo,python,python3,python36" \ - summary="Ploigos tools container that has tools for working with containers." \ - description="Includes buildah, podman, and skopeo" +# labels +ENV DESCRIPTION="Ploigos tool container with container tools, skopeo, buildah, and podman." +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-tool-containers" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Tool - containers" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,podman,skopeo,buildah" \ + com.redhat.component="ploigos-tool-containers-container" # NOTE This image must run priviliged -USER 0 +USER root -# Don't include container-selinux and remove -# directories used by yum that are just taking -# up space. -RUN dnf -y module enable container-tools:rhel8; \ - dnf -y update; \ - dnf -y reinstall shadow-utils; \ - dnf -y install buildah podman skopeo fuse-overlayfs /etc/containers/storage.conf; \ +# update and install packages +RUN INSTALL_PKGS="buildah podman skopeo" && \ + dnf update -y --allowerasing --nobest && \ + dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ + dnf clean all && \ rm -rf /var/cache /var/log/dnf* /var/log/yum.* # Adjust storage.conf to enable Fuse storage. diff --git a/ploigos-tool-helm/Containerfile.ubi8 b/ploigos-tool-helm/Containerfile.ubi8 index d2d6850..402dddb 100644 --- a/ploigos-tool-helm/Containerfile.ubi8 +++ b/ploigos-tool-helm/Containerfile.ubi8 @@ -1,24 +1,30 @@ -ARG FROM_IMAGE=quay.io/ploigos/ploigos-base:latest - +ARG BASE_IMAGE=quay.io/ploigos/ploigos-base:latest.ubi8 ARG HELM_PLUGINS_DIR=/helm/plugins ARG HELM_VERSION=v3.3.4 ARG HELM_PLUGIN_HELM_SECRETS_VERSION=v2.0.2 -FROM ${FROM_IMAGE} +FROM $BASE_IMAGE ARG PLOIGOS_USER_UID ARG HELM_VERSION ARG HELM_PLUGINS_DIR ARG HELM_PLUGIN_HELM_SECRETS_VERSION -LABEL com.redhat.component="ploigos-tool-helm" \ - name="ploigos/ploigos-tool-helm" \ - architecture="x86_64" \ - io.k8s.display-name="Ploigos helm" \ - io.k8s.description="Provides the helm executable" \ - io.openshift.tags="ploigos,openshift,helm,python,python3,python36" \ - maintainer="ploigos@redhat.com" - -USER 0 +# labels +ENV DESCRIPTION="Ploigos tool container with helm." +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-tool-helm" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Tool - Helm" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,helm" \ + com.redhat.component="ploigos-tool-helm-container" + +USER root # download HELM and install in /usr/local/bin RUN curl -L https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -o helm-${HELM_VERSION}-linux-amd64.tar.gz \ @@ -37,7 +43,6 @@ RUN export XDG_DATA_HOME="/" \ && unset XDG_DATA_HOME RUN chmod -R g+w ${HELM_PLUGINS_DIR} - USER ${PLOIGOS_USER_UID} ENTRYPOINT [ "/usr/local/bin/helm" ] diff --git a/ploigos-tool-maven/Containerfile.ubi8 b/ploigos-tool-maven/Containerfile.ubi8 index 9e596fe..07b5a50 100644 --- a/ploigos-tool-maven/Containerfile.ubi8 +++ b/ploigos-tool-maven/Containerfile.ubi8 @@ -1,26 +1,33 @@ -ARG FROM_IMAGE=quay.io/ploigos/ploigos-base-java-8:latest +ARG BASE_IMAGE=quay.io/ploigos/ploigos-base-java-8:latest.ubi8 -FROM $FROM_IMAGE +FROM $BASE_IMAGE ARG PLOIGOS_USER_UID -# Labels consumed by Red Hat build service -LABEL com.redhat.component="ploigos-ubi8-maven" \ - name="ploigos/ploigos-ubi8-mavenpodm" \ - architecture="x86_64" \ - io.k8s.display-name="Ploigos Maven" \ - io.k8s.description="The Ploigos Maven image builds on top of the Ploigos base Java 8 image to include maven" \ - io.openshift.tags="ploigos,openshift,java,maven,python,python3,python36" \ - maintainer="ploigos@redhat.com" +# labels +ENV DESCRIPTION="Ploigos tool container with maven." +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-tool-maven" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Tool - maven" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,maven" \ + com.redhat.component="ploigos-tool-maven-container" ENV MAVEN_OPTS="-Duser.home=$HOME" USER root -# Install Maven + +# update and install packages RUN INSTALL_PKGS="maven" && \ + dnf update -y --allowerasing --nobest && \ dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ - rpm -V $INSTALL_PKGS && \ - dnf update -y && \ - dnf clean all + dnf clean all && \ + rm -rf /var/cache /var/log/dnf* /var/log/yum.* # Copy scripts ADD contrib/bin/* /usr/local/bin/ @@ -29,7 +36,3 @@ USER $PLOIGOS_USER_UID # Configure maven settings ENTRYPOINT [ "/usr/local/bin/entrypoint" ] - -############################################## -# End -############################################## diff --git a/ploigos-tool-openscap/Containerfile.centos b/ploigos-tool-openscap/Containerfile.centos new file mode 100644 index 0000000..ca24a05 --- /dev/null +++ b/ploigos-tool-openscap/Containerfile.centos @@ -0,0 +1,25 @@ +ARG BASE_IMAGE=quay.io/ploigos/ploigos-tool-containers:latest.centos + +FROM $BASE_IMAGE +ARG PLOIGOS_USER_UID + +# labels +ENV DESCRIPTION="Ploigos tool container with OpenSCAP." +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-tool-openscap" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Tool - OpenSCAP" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,oscap,openscap" \ + com.redhat.component="ploigos-tool-openscap-container" + +RUN INSTALL_PKGS="openscap-scanner" && \ + dnf update -y --allowerasing --nobest && \ + dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ + dnf clean all && \ + rm -rf /var/cache /var/log/dnf* /var/log/yum.* diff --git a/ploigos-tool-openscap/Containerfile.ubi8 b/ploigos-tool-openscap/Containerfile.ubi8 index cc27943..fbe8759 100644 --- a/ploigos-tool-openscap/Containerfile.ubi8 +++ b/ploigos-tool-openscap/Containerfile.ubi8 @@ -1,16 +1,25 @@ -ARG FROM_IMAGE=quay.io/ploigos/ploigos-tool-buildah:latest +ARG BASE_IMAGE=quay.io/ploigos/ploigos-tool-containers:latest.ubi8 -FROM $FROM_IMAGE +FROM $BASE_IMAGE ARG PLOIGOS_USER_UID -LABEL com.redhat.component="ploigos-tool-image-scanner" \ - name="ploigos/ploigos-tool-image-scanner" \ - architecture="x86_64" \ - io.k8s.display-name="Ploigos image-scanner" \ - io.k8s.description="The Ploigos image-scanner image provides the image-scanner executable" \ - io.openshift.tags="ploigos,openshift,image-scanner,python,python3,python36" \ - maintainer="ploigos@redhat.com" +# labels +ENV DESCRIPTION="Ploigos tool container with OpenSCAP." +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-tool-openscap" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Tool - OpenSCAP" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,oscap,openscap" \ + com.redhat.component="ploigos-tool-openscap-container" -ENV INSTALL_PKGS="openscap-scanner" -RUN dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS \ - && dnf clean all --enablerepo=\* +RUN INSTALL_PKGS="openscap-scanner" && \ + dnf update -y --allowerasing --nobest && \ + dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ + dnf clean all && \ + rm -rf /var/cache /var/log/dnf* /var/log/yum.* diff --git a/ploigos-tool-rekor/Containerfile b/ploigos-tool-rekor/Containerfile deleted file mode 100644 index 78a099c..0000000 --- a/ploigos-tool-rekor/Containerfile +++ /dev/null @@ -1,38 +0,0 @@ -ARG FROM_IMAGE=quay.io/ploigos/ploigos-base:latest - -FROM $FROM_IMAGE -ARG PLOIGOS_USER_UID - -# Labels consumed by Red Hat build service -LABEL com.redhat.component="ploigos-tool-rekor" \ - name="ploigos/ploigos-tool-rekor" \ - architecture="x86_64" \ - io.k8s.display-name="Rekor-cli Tool" \ - io.k8s.description="The Ploigos Rekor-cli tool" \ - io.openshift.tags="ploigos,jenkins,rekor" \ - maintainer="ploigos@redhat.com" - -ENV LANG=en_US.UTF-8 \ - LC_ALL=en_US.UTF-8 - -USER root - -# Copy the entrypoint -ADD contrib/centos.repo /etc/yum.repos.d/ - -# Install jenkins agent -RUN git clone https://github.com/sigstore/rekor.git && \ - yum install golang maven -y && \ - cd rekor && \ - go build ./cmd/rekor-cli && \ - mv rekor-cli /usr/local/bin/rekor && \ - chmod 775 /usr/bin && \ - chmod 777 /usr/local/bin/rekor && \ - chown 1001:0 /usr/local/bin/rekor - -USER $PLOIGOS_USER_UID - - -############################################## -# End -############################################## diff --git a/ploigos-tool-rekor/Containerfile b/ploigos-tool-rekor/Containerfile new file mode 120000 index 0000000..b499254 --- /dev/null +++ b/ploigos-tool-rekor/Containerfile @@ -0,0 +1 @@ +Containerfile.ubi8 \ No newline at end of file diff --git a/ploigos-tool-rekor/Containerfile.ubi8 b/ploigos-tool-rekor/Containerfile.ubi8 index 78a099c..1a7761f 100644 --- a/ploigos-tool-rekor/Containerfile.ubi8 +++ b/ploigos-tool-rekor/Containerfile.ubi8 @@ -1,16 +1,22 @@ -ARG FROM_IMAGE=quay.io/ploigos/ploigos-base:latest +ARG BASE_IMAGE=quay.io/ploigos/ploigos-base:latest.ubi8 -FROM $FROM_IMAGE +FROM $BASE_IMAGE ARG PLOIGOS_USER_UID -# Labels consumed by Red Hat build service -LABEL com.redhat.component="ploigos-tool-rekor" \ - name="ploigos/ploigos-tool-rekor" \ - architecture="x86_64" \ - io.k8s.display-name="Rekor-cli Tool" \ - io.k8s.description="The Ploigos Rekor-cli tool" \ - io.openshift.tags="ploigos,jenkins,rekor" \ - maintainer="ploigos@redhat.com" +# labels +ENV DESCRIPTION="Ploigos tool container with Rekor." +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-tool-openscap" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Tool - Rekor" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,rekor" \ + com.redhat.component="ploigos-tool-rekor-container" ENV LANG=en_US.UTF-8 \ LC_ALL=en_US.UTF-8 @@ -20,9 +26,15 @@ USER root # Copy the entrypoint ADD contrib/centos.repo /etc/yum.repos.d/ -# Install jenkins agent +# update and install packages +RUN INSTALL_PKGS="golang" && \ + dnf update -y --allowerasing --nobest && \ + dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ + dnf clean all && \ + rm -rf /var/cache /var/log/dnf* /var/log/yum.* + +# Install rekor RUN git clone https://github.com/sigstore/rekor.git && \ - yum install golang maven -y && \ cd rekor && \ go build ./cmd/rekor-cli && \ mv rekor-cli /usr/local/bin/rekor && \ @@ -31,8 +43,3 @@ RUN git clone https://github.com/sigstore/rekor.git && \ chown 1001:0 /usr/local/bin/rekor USER $PLOIGOS_USER_UID - - -############################################## -# End -############################################## diff --git a/ploigos-tool-sonar/Containerfile.ubi8 b/ploigos-tool-sonar/Containerfile.ubi8 index 0677f07..8490697 100644 --- a/ploigos-tool-sonar/Containerfile.ubi8 +++ b/ploigos-tool-sonar/Containerfile.ubi8 @@ -1,19 +1,26 @@ -ARG FROM_IMAGE=quay.io/ploigos/ploigos-base:latest +ARG BASE_IMAGE=quay.io/ploigos/ploigos-base:latest.ubi8 -FROM $FROM_IMAGE +FROM $BASE_IMAGE ARG PLOIGOS_USER_UID ARG SONAR_CLI=sonar-scanner-cli-4.4.0.2170-linux ARG SONAR=sonar-scanner-4.4.0.2170-linux -LABEL com.redhat.component="ploigos-tool-sonar" \ - name="ploigos/ploigos-tool-sonar" \ - architecture="x86_64" \ - io.k8s.display-name="Ploigos sonar scanner" \ - io.k8s.description="The Ploigos sonar image provides the sonar scanner executable" \ - io.openshift.tags="openshift,sonar,python,python3,python36" \ - maintainer="ploigos@redhat.com" +# labels +ENV DESCRIPTION="Ploigos tool container with Sonar CLI." +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-tool-sonar" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Tool - sonar" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,sonar" \ + com.redhat.component="ploigos-tool-sonar-container" -USER 0 +USER root # Goal: # Install sonar-scanner for CLI. @@ -25,15 +32,11 @@ USER 0 # https://amoffat.github.io/sh/sections/faq.html WORKDIR /usr/bin RUN curl https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/${SONAR_CLI}.zip -o sonar.zip && \ -unzip ./sonar.zip && \ -rm ./sonar.zip && \ -mv ./${SONAR} ./sonar && \ -chown -R 1001:0 /usr/bin/sonar + unzip ./sonar.zip && \ + rm ./sonar.zip && \ + mv ./${SONAR} ./sonar && \ + chown -R 1001:0 /usr/bin/sonar ENV PATH /usr/bin/sonar/bin:$PATH USER $PLOIGOS_USER_UID - -############################################## -# End -##############################################