chore: update from CentOS Stream 8 to UBI 8

.github/actions/build-and-push-image/build-and-push-image.sh

@@ -8,8 +8,7 @@ build_and_push_image() {
     # Login may be required for pulling the base image for building (if used) and to avoid rate limits.
     docker login -u "$QUAY_RHACS_ENG_RW_USERNAME" --password-stdin <<<"$QUAY_RHACS_ENG_RW_PASSWORD" quay.io
 
-    STACKROX_CENTOS_TAG="$(cat STACKROX_CENTOS_TAG)"
-    TAG="$(scripts/get_tag.sh "$image_flavor" "${STACKROX_CENTOS_TAG}")"
+    TAG="$(scripts/get_tag.sh "$image_flavor")"
     IMAGE="quay.io/rhacs-eng/apollo-ci:${TAG}"
 
     make "$image_flavor"-image

Makefile

@@ -1,6 +1,3 @@
-ifeq ($(STACKROX_CENTOS_TAG),)
-STACKROX_CENTOS_TAG=$(shell cat STACKROX_CENTOS_TAG)
-endif
 ifeq ($(DOCKER),)
 DOCKER=docker
 endif
@@ -12,7 +9,6 @@ STACKROX_BUILD_TAG=$(shell scripts/get_tag.sh "stackrox-build")
 stackrox-build-image:
 	$(DOCKER) build \
 		-t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_BUILD_TAG) \
-		--build-arg STACKROX_CENTOS_TAG=$(STACKROX_CENTOS_TAG) \
 		-f images/stackrox-build.Dockerfile \
 		images/
 

images/collector.Dockerfile

@@ -1,4 +1,4 @@
-FROM quay.io/centos/centos:stream8
+FROM registry.access.redhat.com/ubi8:latest
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
@@ -10,10 +10,31 @@ RUN set -ex \
   && rm -r /static-tmp
 
 RUN dnf update -y && \
-    dnf install -y epel-release dnf-plugins-core && \
-    dnf config-manager --set-enabled powertools && \
-    dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \
-    dnf -y groupinstall "Development Tools" && \
+    dnf install -y dnf-plugins-core && \
+    dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo && \
+    # This set replaces centos:stream8 "Development Tools". It is possible
+    # rox-ci-image does not need all of these.
+    dnf install -y \
+        autoconf \
+        automake \
+        binutils \
+        gcc \
+        gcc-c++ \
+        gdb \
+        glibc-devel \
+        libtool \
+        make \
+        pkgconf \
+        pkgconf-m4 \
+        pkgconf-pkg-config \
+        redhat-rpm-config \
+        rpm-build \
+        strace \
+        ctags \
+        git \
+        perl-Fedora-VSP \
+        perl-generators \
+        source-highlight && \
     dnf install -y \
         clang-tools-extra \
         cmake \
@@ -25,7 +46,6 @@ RUN dnf update -y && \
         docker-ce \
         docker-ce-cli \
         docker-ce-rootless-extras \
-        docker-scan-plugin \
         && \
     dnf upgrade -y && \
     dnf clean all && \

images/scanner-build.Dockerfile

@@ -1,12 +1,37 @@
 # Provides the tooling required to run Scanner dockerized build targets.
 
-FROM quay.io/centos/centos:stream8
+FROM registry.access.redhat.com/ubi8:latest
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 RUN dnf update -y && \
-    dnf install -y dnf-plugins-core epel-release wget && \
-    dnf -y groupinstall "Development Tools" && \
+    dnf install -y dnf-plugins-core wget && \
+    dnf config-manager --set-enabled ubi-8-codeready-builder-rpms && \
+    dnf update -y && \
+    # This set replaces centos:stream8 "Development Tools". It is possible
+    # rox-ci-image does not need all of these.
+    dnf install -y \
+        autoconf \
+        automake \
+        binutils \
+        gcc \
+        gcc-c++ \
+        gdb \
+        glibc-devel \
+        libtool \
+        make \
+        pkgconf \
+        pkgconf-m4 \
+        pkgconf-pkg-config \
+        redhat-rpm-config \
+        rpm-build \
+        strace \
+        ctags \
+        git \
+        perl-Fedora-VSP \
+        perl-generators \
+        source-highlight && \
+    dnf upgrade -y && \
     dnf clean all && \
     rm -rf /var/cache/dnf /var/cache/yum
 

images/scanner-test.Dockerfile

@@ -34,9 +34,8 @@ ENV BASH_ENV /etc/initial-bash.env
 ENV PG_MAJOR=15
 ENV PATH="$PATH:/usr/pgsql-$PG_MAJOR/bin/"
 
-RUN dnf install -y \
+RUN dnf install --disablerepo="*" -y \
         https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm \
- && dnf -qy module disable postgresql \
  && dnf update -y \
  && dnf install -y \
         expect \
@@ -49,7 +48,6 @@ RUN dnf install -y \
         lsof \
         lz4 \
         openssl \
-        postgresql${PG_MAJOR}-server \
         procps-ng \
         python3 \
         unzip \

images/stackrox-build.Dockerfile

@@ -1,7 +1,6 @@
 # Provides the tooling required to run StackRox dockerized build targets.
 
-ARG STACKROX_CENTOS_TAG
-FROM quay.io/centos/centos:${STACKROX_CENTOS_TAG} as base
+FROM registry.access.redhat.com/ubi8:latest
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
@@ -10,24 +9,45 @@ RUN touch /i-am-rox-ci-image
 RUN dnf update -y && \
     dnf install -y \
         dnf-plugins-core \
-        epel-release \
         wget \
         && \
-    dnf config-manager --set-enabled powertools && \
+    dnf config-manager --set-enabled ubi-8-codeready-builder-rpms && \
     dnf update -y && \
     wget --quiet -O - https://rpm.nodesource.com/setup_lts.x | bash - && \
     wget --quiet -O - https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo && \
     dnf update -y && \
-    dnf -y groupinstall "Development Tools" && \
+    # This set replaces centos:stream8 "Development Tools". It is possible
+    # rox-ci-image does not need all of these.
+    dnf install -y \
+        autoconf \
+        automake \
+        binutils \
+        gcc \
+        gcc-c++ \
+        gdb \
+        glibc-devel \
+        libtool \
+        make \
+        pkgconf \
+        pkgconf-m4 \
+        pkgconf-pkg-config \
+        redhat-rpm-config \
+        rpm-build \
+        strace \
+        ctags \
+        git \
+        perl-Fedora-VSP \
+        perl-generators \
+        source-highlight && \
     dnf install -y \
         bzip2-devel \
+        gettext \
         git-core \
         jq \
-        libzstd-devel \
+        zstd \
         lz4-devel \
         nodejs \
         procps-ng \
-        snappy-devel \
         yarn \
         zlib-devel \
         && \

images/stackrox-test.Dockerfile

@@ -39,14 +39,11 @@ RUN dnf update -y && \
         lsof \
         lz4 \
         openssl \
-        parallel \
         python3-devel \
         unzip \
         xmlstarlet \
         xz \
         zip \
-        # `# Cypress dependencies: (see https://docs.cypress.io/guides/guides/continuous-integration.html#Dependencies)` \
-        xorg-x11-server-Xvfb gtk2-devel gtk3-devel libnotify-devel GConf2 nss libXScrnSaver alsa-lib \
         && \
 	dnf remove -y java-1.8.0-openjdk-headless && \
     dnf --disablerepo="*" --enablerepo="pgdg14" install -y postgresql14 postgresql14-server postgresql14-contrib && \

scripts/get_tag.sh

@@ -3,7 +3,7 @@
 set -euo pipefail
 
 if [[ -z "${1:-}" ]]; then
-    echo "Usage: $0 <image flavor> [<centos_tag>]"
+    echo "Usage: $0 <image flavor>"
     exit 1
 fi