From 4888a624828ec306ec208d4ab4d8b0c1c97957a7 Mon Sep 17 00:00:00 2001 From: RTann Date: Tue, 11 Jun 2024 17:27:27 -0700 Subject: [PATCH 1/8] chore: update from CentOS Stream 8 to UBI 8 --- .github/actions/build-and-push-image/build-and-push-image.sh | 3 +-- Makefile | 5 ----- STACKROX_CENTOS_TAG | 1 - images/collector.Dockerfile | 2 +- images/scanner-build.Dockerfile | 2 +- images/stackrox-build.Dockerfile | 3 +-- scripts/get_tag.sh | 2 +- 7 files changed, 5 insertions(+), 13 deletions(-) delete mode 100644 STACKROX_CENTOS_TAG diff --git a/.github/actions/build-and-push-image/build-and-push-image.sh b/.github/actions/build-and-push-image/build-and-push-image.sh index 264088d2..a7cd217c 100755 --- a/.github/actions/build-and-push-image/build-and-push-image.sh +++ b/.github/actions/build-and-push-image/build-and-push-image.sh @@ -8,8 +8,7 @@ build_and_push_image() { # Login may be required for pulling the base image for building (if used) and to avoid rate limits. docker login -u "$QUAY_RHACS_ENG_RW_USERNAME" --password-stdin <<<"$QUAY_RHACS_ENG_RW_PASSWORD" quay.io - STACKROX_CENTOS_TAG="$(cat STACKROX_CENTOS_TAG)" - TAG="$(scripts/get_tag.sh "$image_flavor" "${STACKROX_CENTOS_TAG}")" + TAG="$(scripts/get_tag.sh "$image_flavor")" IMAGE="quay.io/rhacs-eng/apollo-ci:${TAG}" make "$image_flavor"-image diff --git a/Makefile b/Makefile index 66eb8944..f5199533 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,3 @@ -ifeq ($(STACKROX_CENTOS_TAG),) -STACKROX_CENTOS_TAG=$(shell cat STACKROX_CENTOS_TAG) -endif ifeq ($(DOCKER),) DOCKER=docker endif @@ -12,7 +9,6 @@ STACKROX_BUILD_TAG=$(shell scripts/get_tag.sh "stackrox-build") stackrox-build-image: $(DOCKER) build \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_BUILD_TAG) \ - --build-arg STACKROX_CENTOS_TAG=$(STACKROX_CENTOS_TAG) \ -f images/stackrox-build.Dockerfile \ images/ @@ -22,7 +18,6 @@ STACKROX_TEST_TAG=$(shell scripts/get_tag.sh "stackrox-test") stackrox-test-image: $(DOCKER) build \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_TEST_TAG) \ - --build-arg BASE_TAG=$(STACKROX_BUILD_TAG) \ -f images/stackrox-test.Dockerfile \ images/ diff --git a/STACKROX_CENTOS_TAG b/STACKROX_CENTOS_TAG deleted file mode 100644 index a1f22cdc..00000000 --- a/STACKROX_CENTOS_TAG +++ /dev/null @@ -1 +0,0 @@ -stream8 diff --git a/images/collector.Dockerfile b/images/collector.Dockerfile index 102cd014..8e70e15d 100644 --- a/images/collector.Dockerfile +++ b/images/collector.Dockerfile @@ -1,4 +1,4 @@ -FROM quay.io/centos/centos:stream8 +FROM registry.access.redhat.com/ubi8:latest SHELL ["/bin/bash", "-o", "pipefail", "-c"] diff --git a/images/scanner-build.Dockerfile b/images/scanner-build.Dockerfile index 493db4e5..44b972e6 100644 --- a/images/scanner-build.Dockerfile +++ b/images/scanner-build.Dockerfile @@ -1,6 +1,6 @@ # Provides the tooling required to run Scanner dockerized build targets. -FROM quay.io/centos/centos:stream8 +FROM registry.access.redhat.com/ubi8:latest SHELL ["/bin/bash", "-o", "pipefail", "-c"] diff --git a/images/stackrox-build.Dockerfile b/images/stackrox-build.Dockerfile index b4bf630a..136ff4dd 100644 --- a/images/stackrox-build.Dockerfile +++ b/images/stackrox-build.Dockerfile @@ -1,7 +1,6 @@ # Provides the tooling required to run StackRox dockerized build targets. -ARG STACKROX_CENTOS_TAG -FROM quay.io/centos/centos:${STACKROX_CENTOS_TAG} as base +FROM registry.access.redhat.com/ubi8:latest SHELL ["/bin/bash", "-o", "pipefail", "-c"] diff --git a/scripts/get_tag.sh b/scripts/get_tag.sh index e400bf30..604becd9 100755 --- a/scripts/get_tag.sh +++ b/scripts/get_tag.sh @@ -3,7 +3,7 @@ set -euo pipefail if [[ -z "${1:-}" ]]; then - echo "Usage: $0 []" + echo "Usage: $0 " exit 1 fi From 6f84740adf3a2d88c56e839aa523b5accbab3cbd Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Thu, 13 Jun 2024 15:37:08 -0700 Subject: [PATCH 2/8] find missing --- images/stackrox-build.Dockerfile | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/images/stackrox-build.Dockerfile b/images/stackrox-build.Dockerfile index 136ff4dd..b1275c20 100644 --- a/images/stackrox-build.Dockerfile +++ b/images/stackrox-build.Dockerfile @@ -9,24 +9,44 @@ RUN touch /i-am-rox-ci-image RUN dnf update -y && \ dnf install -y \ dnf-plugins-core \ - epel-release \ wget \ && \ - dnf config-manager --set-enabled powertools && \ + dnf config-manager --set-enabled ubi-8-codeready-builder-rpms && \ dnf update -y && \ wget --quiet -O - https://rpm.nodesource.com/setup_lts.x | bash - && \ wget --quiet -O - https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo && \ dnf update -y && \ - dnf -y groupinstall "Development Tools" && \ + # This set replaces centos:stream8 "Development Tools". It is possible + # rox-ci-image does not need all of these. + dnf install -y \ + autoconf \ + automake \ + binutils \ + gcc \ + gcc-c++ \ + gdb \ + glibc-devel \ + libtool \ + make \ + pkgconf \ + pkgconf-m4 \ + pkgconf-pkg-config \ + redhat-rpm-config \ + rpm-build \ + strace \ + ctags \ + git \ + perl-Fedora-VSP \ + perl-generators \ + source-highlight && \ dnf install -y \ bzip2-devel \ git-core \ jq \ - libzstd-devel \ + zstd \ lz4-devel \ nodejs \ procps-ng \ - snappy-devel \ yarn \ zlib-devel \ && \ From bc9b0de28ef69067970b2f306162e17856b56d5d Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Thu, 13 Jun 2024 15:40:50 -0700 Subject: [PATCH 3/8] restore arg for test-image --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index f5199533..63f985b6 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,7 @@ STACKROX_TEST_TAG=$(shell scripts/get_tag.sh "stackrox-test") stackrox-test-image: $(DOCKER) build \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_TEST_TAG) \ + --build-arg BASE_TAG=$(STACKROX_BUILD_TAG) \ -f images/stackrox-test.Dockerfile \ images/ From 0ce75fe6ac65ba0c981ba9242e3a5a841117bb81 Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Thu, 13 Jun 2024 15:55:52 -0700 Subject: [PATCH 4/8] hack --- images/stackrox-test.Dockerfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/images/stackrox-test.Dockerfile b/images/stackrox-test.Dockerfile index b0b275eb..9c9fc3f9 100644 --- a/images/stackrox-test.Dockerfile +++ b/images/stackrox-test.Dockerfile @@ -39,14 +39,11 @@ RUN dnf update -y && \ lsof \ lz4 \ openssl \ - parallel \ python3-devel \ unzip \ xmlstarlet \ xz \ zip \ - # `# Cypress dependencies: (see https://docs.cypress.io/guides/guides/continuous-integration.html#Dependencies)` \ - xorg-x11-server-Xvfb gtk2-devel gtk3-devel libnotify-devel GConf2 nss libXScrnSaver alsa-lib \ && \ dnf remove -y java-1.8.0-openjdk-headless && \ dnf --disablerepo="*" --enablerepo="pgdg14" install -y postgresql14 postgresql14-server postgresql14-contrib && \ From b7de6f43510a79780c060b6f3d670f780ddf231b Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Thu, 13 Jun 2024 16:57:51 -0700 Subject: [PATCH 5/8] add gettext for envsubst --- images/stackrox-build.Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/images/stackrox-build.Dockerfile b/images/stackrox-build.Dockerfile index b1275c20..1d68c44a 100644 --- a/images/stackrox-build.Dockerfile +++ b/images/stackrox-build.Dockerfile @@ -41,6 +41,7 @@ RUN dnf update -y && \ source-highlight && \ dnf install -y \ bzip2-devel \ + gettext \ git-core \ jq \ zstd \ From d915ab5a7b33a29bdaac313e687f9c2dbce3c312 Mon Sep 17 00:00:00 2001 From: Brad Lugo Date: Wed, 24 Jul 2024 19:35:49 -0700 Subject: [PATCH 6/8] Fix up collector --- images/collector.Dockerfile | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/images/collector.Dockerfile b/images/collector.Dockerfile index 8e70e15d..5d610e87 100644 --- a/images/collector.Dockerfile +++ b/images/collector.Dockerfile @@ -10,10 +10,31 @@ RUN set -ex \ && rm -r /static-tmp RUN dnf update -y && \ - dnf install -y epel-release dnf-plugins-core && \ - dnf config-manager --set-enabled powertools && \ - dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \ - dnf -y groupinstall "Development Tools" && \ + dnf install -y dnf-plugins-core && \ + dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo && \ + # This set replaces centos:stream8 "Development Tools". It is possible + # rox-ci-image does not need all of these. + dnf install -y \ + autoconf \ + automake \ + binutils \ + gcc \ + gcc-c++ \ + gdb \ + glibc-devel \ + libtool \ + make \ + pkgconf \ + pkgconf-m4 \ + pkgconf-pkg-config \ + redhat-rpm-config \ + rpm-build \ + strace \ + ctags \ + git \ + perl-Fedora-VSP \ + perl-generators \ + source-highlight && \ dnf install -y \ clang-tools-extra \ cmake \ @@ -25,7 +46,6 @@ RUN dnf update -y && \ docker-ce \ docker-ce-cli \ docker-ce-rootless-extras \ - docker-scan-plugin \ && \ dnf upgrade -y && \ dnf clean all && \ From 5a94c41ea8b68a09d88c6879cacd55946614e655 Mon Sep 17 00:00:00 2001 From: Brad Lugo Date: Wed, 24 Jul 2024 19:36:06 -0700 Subject: [PATCH 7/8] Fix up scanner-build --- images/scanner-build.Dockerfile | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/images/scanner-build.Dockerfile b/images/scanner-build.Dockerfile index 44b972e6..bf8dfe8f 100644 --- a/images/scanner-build.Dockerfile +++ b/images/scanner-build.Dockerfile @@ -5,8 +5,33 @@ FROM registry.access.redhat.com/ubi8:latest SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN dnf update -y && \ - dnf install -y dnf-plugins-core epel-release wget && \ - dnf -y groupinstall "Development Tools" && \ + dnf install -y dnf-plugins-core wget && \ + dnf config-manager --set-enabled ubi-8-codeready-builder-rpms && \ + dnf update -y && \ + # This set replaces centos:stream8 "Development Tools". It is possible + # rox-ci-image does not need all of these. + dnf install -y \ + autoconf \ + automake \ + binutils \ + gcc \ + gcc-c++ \ + gdb \ + glibc-devel \ + libtool \ + make \ + pkgconf \ + pkgconf-m4 \ + pkgconf-pkg-config \ + redhat-rpm-config \ + rpm-build \ + strace \ + ctags \ + git \ + perl-Fedora-VSP \ + perl-generators \ + source-highlight && \ + dnf upgrade -y && \ dnf clean all && \ rm -rf /var/cache/dnf /var/cache/yum From 514967321d085c7b10e08b413905610b757e11b2 Mon Sep 17 00:00:00 2001 From: Brad Lugo Date: Wed, 24 Jul 2024 19:36:15 -0700 Subject: [PATCH 8/8] Fix up scanner-test --- images/scanner-test.Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/images/scanner-test.Dockerfile b/images/scanner-test.Dockerfile index 3c609df5..ad38ec74 100644 --- a/images/scanner-test.Dockerfile +++ b/images/scanner-test.Dockerfile @@ -34,9 +34,8 @@ ENV BASH_ENV /etc/initial-bash.env ENV PG_MAJOR=15 ENV PATH="$PATH:/usr/pgsql-$PG_MAJOR/bin/" -RUN dnf install -y \ +RUN dnf install --disablerepo="*" -y \ https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm \ - && dnf -qy module disable postgresql \ && dnf update -y \ && dnf install -y \ expect \ @@ -49,7 +48,6 @@ RUN dnf install -y \ lsof \ lz4 \ openssl \ - postgresql${PG_MAJOR}-server \ procps-ng \ python3 \ unzip \