diff --git a/.github/workflows/tookbox-pr.yaml b/.github/workflows/tookbox-pr.yaml index ca9c69dab..8cb95d212 100644 --- a/.github/workflows/tookbox-pr.yaml +++ b/.github/workflows/tookbox-pr.yaml @@ -24,6 +24,11 @@ jobs: with: IMAGE_CONTEXT_DIR: ${{ env.context }} + - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 + with: + dockerfile: ${{ env.context }}/Dockerfile + ignore: DL3041,SC2174 + - name: Build image uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2 with: diff --git a/.github/workflows/ubi8-bats-pr.yaml b/.github/workflows/ubi8-bats-pr.yaml index 942c53e85..ebf988f4c 100644 --- a/.github/workflows/ubi8-bats-pr.yaml +++ b/.github/workflows/ubi8-bats-pr.yaml @@ -23,6 +23,11 @@ jobs: with: IMAGE_CONTEXT_DIR: ${{ env.context }} + - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 + with: + dockerfile: ${{ env.context }}/Dockerfile + ignore: DL3041 + - name: Build image uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2 with: diff --git a/.github/workflows/ubi8-git-pr.yaml b/.github/workflows/ubi8-git-pr.yaml index d71608b3e..c1da1c3fc 100644 --- a/.github/workflows/ubi8-git-pr.yaml +++ b/.github/workflows/ubi8-git-pr.yaml @@ -23,6 +23,11 @@ jobs: with: IMAGE_CONTEXT_DIR: ${{ env.context }} + - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 + with: + dockerfile: ${{ env.context }}/Dockerfile + ignore: DL3041 + - name: Build image uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2 with: diff --git a/.github/workflows/ubi8-google-api-python-client-pr.yaml b/.github/workflows/ubi8-google-api-python-client-pr.yaml index 0524211e2..9465dcb91 100644 --- a/.github/workflows/ubi8-google-api-python-client-pr.yaml +++ b/.github/workflows/ubi8-google-api-python-client-pr.yaml @@ -23,6 +23,11 @@ jobs: with: IMAGE_CONTEXT_DIR: ${{ env.context }} + - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 + with: + dockerfile: ${{ env.context }}/Dockerfile + ignore: DL3041 + - name: Build image uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2 with: diff --git a/tekton-task-images/conftest/Dockerfile b/tekton-task-images/conftest/Dockerfile index 1aac07b6b..0df6c93d6 100644 --- a/tekton-task-images/conftest/Dockerfile +++ b/tekton-task-images/conftest/Dockerfile @@ -1,3 +1,4 @@ +# Builder FROM registry.access.redhat.com/ubi9/ubi:9.3-1361.1699548029@sha256:6b95efc134c2af3d45472c0a2f88e6085433df058cc210abb2bb061ac4d74359 AS builder SHELL ["/bin/bash", "-c"] diff --git a/tool-box/Dockerfile b/tool-box/Dockerfile index c5ccc307f..f0f04bf6f 100644 --- a/tool-box/Dockerfile +++ b/tool-box/Dockerfile @@ -1,60 +1,82 @@ -FROM registry.access.redhat.com/ubi8:8.9-1028@sha256:449da7f8f2ef6285a8445a1e31af57a97b9dae5dcf009b1629c59742c89c68c3 +# Builder +FROM registry.access.redhat.com/ubi9/ubi:9.3-1361.1699548029@sha256:6b95efc134c2af3d45472c0a2f88e6085433df058cc210abb2bb061ac4d74359 AS builder -ENV HOME=/home/tool-box \ - INSTALL_PKGS="git iputils procps-ng python311 vim unzip zip" +SHELL ["/bin/bash", "-c"] # renovate: datasource=repology depName=homebrew/openshift-cli -ENV OC_VERSION=4.14.3 +ARG OC_VERSION=4.14.3 # renovate: datasource=github-releases depName=openshift/rosa -ENV ROSA_VERSION=v1.2.15 +ARG ROSA_VERSION=v1.2.15 # renovate: datasource=github-releases depName=redhat-developer/odo -ENV ODO_VERSION=v3.15.0 -# renovate: datasource=pypi depName=ansible-core -ENV ANSIBLE_CORE_VERSION=2.16.2 +ARG ODO_VERSION=v3.15.0 # renovate: datasource=github-releases depName=stedolan/jq -ENV JQ_VERSION=1.6 +ARG JQ_VERSION=1.6 # renovate: datasource=github-releases depName=helm/helm -ENV HELM_VERSION=v3.11.3 +ARG HELM_VERSION=v3.11.3 # renovate: datasource=github-releases depName=tektoncd/cli -ENV TEKTON_VERSION=v0.33.0 - -RUN yum -y update && \ - yum -y install $INSTALL_PKGS && \ - yum clean all - -RUN curl -o jq --fail -sL https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 && \ - chmod +x jq && \ - mv jq /usr/local/bin - -RUN mkdir -m 775 $HOME && \ - chmod 775 /etc/passwd && \ - python3 -m ensurepip --default-pip && \ - python3 -m pip install --upgrade pip && \ - python3 -m pip install ansible-core==${ANSIBLE_CORE_VERSION} - -RUN curl --fail -s https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -xvz && \ - chmod u+x linux-amd64/helm && mv linux-amd64/helm /usr/local/bin/ && rm -rf linux-amd64 - -RUN curl --fail -sL https://github.com/tektoncd/cli/releases/download/${TEKTON_VERSION}/tkn_${TEKTON_VERSION//v}_Linux_x86_64.tar.gz | tar --no-same-owner -xvz -C /usr/local/bin/ tkn - -RUN curl --fail -sL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz | tar --no-same-owner -C /usr/local/bin/ -xzf - - -RUN curl --fail -sL https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/rosa/${ROSA_VERSION//v}/rosa-linux.tar.gz | tar --no-same-owner -C /usr/local/bin/ -xzf - - -RUN curl --fail -sL https://mirror.openshift.com/pub/openshift-v4/clients/odo/${ODO_VERSION}/odo-linux-amd64 -o /usr/local/bin/odo && \ - chmod +x /usr/local/bin/odo - -RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \ +ARG TEKTON_VERSION=v0.33.0 + +RUN curl -L "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz" -o /tmp/openshift-client-linux.tar.gz && \ + tar --no-same-owner -xzf /tmp/openshift-client-linux.tar.gz && \ + mv oc kubectl /usr/local/bin && \ + oc version --client && \ + kubectl version --client + +RUN curl -L "https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/rosa/${ROSA_VERSION//v}/rosa-linux.tar.gz" -o /tmp/rosa-linux.tar.gz && \ + tar --no-same-owner -xzf /tmp/rosa-linux.tar.gz && \ + mv rosa /usr/local/bin && \ + rosa version + +RUN curl -L "https://mirror.openshift.com/pub/openshift-v4/clients/odo/${ODO_VERSION}/odo-linux-amd64" -o /usr/local/bin/odo && \ + chmod +x /usr/local/bin/odo && \ + odo version --client + +RUN curl -L "https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64" -o /usr/local/bin/jq && \ + chmod +x /usr/local/bin/jq && \ + jq --version + +RUN curl -L "https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz" -o /tmp/helm.tar.gz && \ + tar -xzf /tmp/helm.tar.gz && \ + mv linux-amd64/helm /usr/local/bin/helm && \ + helm version + +RUN curl -L "https://github.com/tektoncd/cli/releases/download/${TEKTON_VERSION}/tkn_${TEKTON_VERSION//v}_Linux_x86_64.tar.gz" -o /tmp/tkn.tar.gz && \ + tar --no-same-owner -xzf /tmp/tkn.tar.gz && \ + mv tkn /usr/local/bin && \ + tkn version + +# Runnable +FROM registry.access.redhat.com/ubi9/ubi:9.3-1361.1699548029@sha256:6b95efc134c2af3d45472c0a2f88e6085433df058cc210abb2bb061ac4d74359 + +ENV HOME=/home/tool-box + +COPY requirements.txt /requirements.txt +RUN dnf -y update && \ + dnf -y install git iputils procps-ng python3.11 python3.11-pip vim unzip zip && \ + dnf clean all && \ + pip3.11 install --no-cache-dir -r /requirements.txt && \ + ansible --version + +COPY --from=builder /usr/local/bin/oc /usr/local/bin/oc +COPY --from=builder /usr/local/bin/kubectl /usr/local/bin/kubectl +COPY --from=builder /usr/local/bin/rosa /usr/local/bin/rosa +COPY --from=builder /usr/local/bin/odo /usr/local/bin/odo +COPY --from=builder /usr/local/bin/jq /usr/local/bin/jq +COPY --from=builder /usr/local/bin/helm /usr/local/bin/helm +COPY --from=builder /usr/local/bin/tkn /usr/local/bin/tkn + +RUN curl -L https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip && \ unzip awscliv2.zip && \ - ./aws/install -i /usr/local/aws-cli -b /usr/local/bin; \ - rm -rf awscliv2.zip aws + ./aws/install -i /usr/local/aws-cli -b /usr/local/bin && \ + rm -rf awscliv2.zip aws && \ + aws --version WORKDIR $HOME -ADD ./root / - -RUN chmod u+x /usr/local/bin/run && \ - rm -rf $HOME/.cache +COPY ./root / +RUN mkdir -m 775 -p $HOME && \ + chmod 775 /etc/passwd && \ + chmod u+x /usr/local/bin/run USER 1001 diff --git a/tool-box/requirements.txt b/tool-box/requirements.txt new file mode 100644 index 000000000..51cb6fdb3 --- /dev/null +++ b/tool-box/requirements.txt @@ -0,0 +1 @@ +ansible-core==2.16.2 \ No newline at end of file diff --git a/utilities/ubi8-bats/Dockerfile b/utilities/ubi8-bats/Dockerfile index 0fc081855..1eea84e33 100644 --- a/utilities/ubi8-bats/Dockerfile +++ b/utilities/ubi8-bats/Dockerfile @@ -1,28 +1,66 @@ -FROM registry.access.redhat.com/ubi8/ubi-minimal +# Builder +FROM registry.access.redhat.com/ubi8/ubi:8.9 AS builder -LABEL io.k8s.description="OCP Bats" -LABEL io.k8s.display-name="OCP Bats" +SHELL ["/bin/bash", "-c"] -ARG BATS_VERSION=1.2.1 -ARG HELM_VERSION=3.5.2 +# renovate: datasource=repology depName=homebrew/openshift-cli +ARG OC_VERSION=4.14.3 +# renovate: datasource=github-releases depName=stedolan/jq ARG JQ_VERSION=1.6 -ARG OC_VERSION=4.7 -ARG YQ_VERSION=3.4.1 - -RUN microdnf install -y gzip tar ncurses && \ - microdnf clean all && \ - curl -L https://github.com/bats-core/bats-core/archive/v${BATS_VERSION}.tar.gz | tar -C /tmp -xzf - && \ - /tmp/bats-core-${BATS_VERSION}/install.sh /opt/bats && \ - rm -rf /tmp/bats-core-${BATS_VERSION} && \ - ln -s /opt/bats/bin/bats /usr/local/bin/bats && \ - curl -Lo /usr/local/bin/jq https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 && \ +# renovate: datasource=github-releases depName=helm/helm +ARG HELM_VERSION=v3.11.3 +# renovate: datasource=github-releases depName=mikefarah/yq +ARG YQ_VERSION=v4.40.5 + +RUN curl -L "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz" -o /tmp/openshift-client-linux.tar.gz && \ + tar --no-same-owner -xzf /tmp/openshift-client-linux.tar.gz && \ + mv oc kubectl /usr/local/bin && \ + oc version --client && \ + kubectl version --client + +RUN curl -L "https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64" -o /usr/local/bin/jq && \ chmod +x /usr/local/bin/jq && \ - curl -L https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz | tar --strip-components=1 -C /usr/local/bin -xzf - linux-amd64/helm && \ - curl -Lo /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 && \ + jq --version + +RUN curl -L "https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz" -o /tmp/helm.tar.gz && \ + tar -xzf /tmp/helm.tar.gz && \ + mv linux-amd64/helm /usr/local/bin/helm && \ + helm version + +RUN curl -L "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" -o /usr/local/bin/yq && \ chmod +x /usr/local/bin/yq && \ - curl -L http://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable-${OC_VERSION}/openshift-client-linux.tar.gz | tar -C /usr/local/bin -xzf - && \ - mkdir -p /code + yq --version + +# Runnable +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.9 + +SHELL ["/bin/bash", "-c"] + +# renovate: datasource=github-releases depName=bats-core/bats-core +ARG BATS_VERSION=v1.10.0 + +LABEL io.k8s.description="OCP Bats" +LABEL io.k8s.display-name="OCP Bats" + +RUN microdnf install -y --nodocs gzip tar ncurses && \ + microdnf clean all + +COPY --from=builder /usr/local/bin/oc /usr/local/bin/oc +COPY --from=builder /usr/local/bin/kubectl /usr/local/bin/kubectl +COPY --from=builder /usr/local/bin/jq /usr/local/bin/jq +COPY --from=builder /usr/local/bin/helm /usr/local/bin/helm +COPY --from=builder /usr/local/bin/yq /usr/local/bin/yq + +RUN curl -L "https://github.com/bats-core/bats-core/archive/${BATS_VERSION}.tar.gz" -o /tmp/bats.tar.gz && \ + tar -C /tmp -xzf /tmp/bats.tar.gz && \ + ls -lrt /tmp && \ + "/tmp/bats-core-${BATS_VERSION//v}/install.sh" /tmp/bats && \ + ln -s /tmp/bats/bin/bats /usr/local/bin/bats && \ + bats --version + +RUN mkdir -p /code WORKDIR /code + USER 1001 ENTRYPOINT ["bats"] diff --git a/utilities/ubi8-bats/test/unit.bats b/utilities/ubi8-bats/test/unit.bats index 9c5541841..97be21610 100644 --- a/utilities/ubi8-bats/test/unit.bats +++ b/utilities/ubi8-bats/test/unit.bats @@ -3,13 +3,13 @@ @test "bats: version" { run bats --version [ "${status}" -eq 0 ] - [ "${lines[0]}" = "Bats 1.2.1" ] + [ "${lines[0]}" = "Bats 1.10.0" ] } @test "helm: version" { run helm version [ "${status}" -eq 0 ] - [[ "${lines[0]}" =~ v3.5.2 ]] + [[ "${lines[0]}" =~ v3.11.3 ]] } @test "jq: version" { @@ -21,11 +21,11 @@ @test "oc: version" { run oc version [ "${status}" -eq 0 ] - [[ "${lines[0]}" =~ 4.7 ]] + [[ "${lines[0]}" =~ 4.14.3 ]] } @test "yq: version" { run yq --version [ "${status}" -eq 0 ] - [ "${lines[0]}" = "yq version 3.4.1" ] + [ "${lines[0]}" = "yq (https://github.com/mikefarah/yq/) version v4.40.5" ] } diff --git a/utilities/ubi8-git/Dockerfile b/utilities/ubi8-git/Dockerfile index cbd912ba5..cef31122d 100644 --- a/utilities/ubi8-git/Dockerfile +++ b/utilities/ubi8-git/Dockerfile @@ -1,11 +1,7 @@ -FROM registry.access.redhat.com/ubi8 +FROM registry.access.redhat.com/ubi8/ubi:8.9 LABEL maintainer="Red Hat Services" -# Update image -RUN dnf update -y && rm -rf /var/cache/yum - -# Install packages -RUN dnf install -y \ - git \ - && dnf clean all +RUN dnf update -y && \ + dnf install -y --nodocs git && \ + dnf clean all diff --git a/utilities/ubi8-google-api-python-client/Dockerfile b/utilities/ubi8-google-api-python-client/Dockerfile index 7323b98ec..6151fa6e2 100644 --- a/utilities/ubi8-google-api-python-client/Dockerfile +++ b/utilities/ubi8-google-api-python-client/Dockerfile @@ -1,29 +1,13 @@ -FROM registry.access.redhat.com/ubi8 +FROM registry.access.redhat.com/ubi8/ubi:8.9 LABEL maintainer="Red Hat Services" -# Update image -RUN dnf update -y && rm -rf /var/cache/yum - -# Install packages -RUN dnf install -y \ - git \ - python36 \ - python3-pip \ - python3-numpy \ - python3-scipy \ - python3-setuptools \ - python3-six \ - && dnf clean all - -# Install Python modules -RUN pip3 install --upgrade \ - pip \ - google-api-python-client \ - google-auth-httplib2 \ - google-auth-oauthlib \ - oauth2client +COPY requirements.txt /requirements.txt +RUN dnf update -y && \ + dnf install -y git python3.11 python3.11-pip python3.11-setuptools python3.11-numpy python3.11-scipy python3.11-six && \ + dnf clean all && \ + pip3.11 install --no-cache-dir -r /requirements.txt # Copy in custom helper scripts -add ./root / +COPY ./root / RUN chmod u+x /usr/local/bin/upload-file-to-google-drive diff --git a/utilities/ubi8-google-api-python-client/requirements.txt b/utilities/ubi8-google-api-python-client/requirements.txt new file mode 100644 index 000000000..502c50ef0 --- /dev/null +++ b/utilities/ubi8-google-api-python-client/requirements.txt @@ -0,0 +1,4 @@ +google-api-python-client +google-auth-httplib2 +google-auth-oauthlib +oauth2client \ No newline at end of file