cleanup of toolbox and utils

.github/workflows/tookbox-pr.yaml

@@ -24,6 +24,11 @@ jobs:
         with:
           IMAGE_CONTEXT_DIR: ${{ env.context }}
 
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          dockerfile: ${{ env.context }}/Dockerfile
+          ignore: DL3041,SC2174
+
       - name: Build image
         uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2
         with:

.github/workflows/ubi8-bats-pr.yaml

@@ -23,6 +23,11 @@ jobs:
         with:
           IMAGE_CONTEXT_DIR: ${{ env.context }}
 
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          dockerfile: ${{ env.context }}/Dockerfile
+          ignore: DL3041
+
       - name: Build image
         uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2
         with:

.github/workflows/ubi8-git-pr.yaml

@@ -23,6 +23,11 @@ jobs:
         with:
           IMAGE_CONTEXT_DIR: ${{ env.context }}
 
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          dockerfile: ${{ env.context }}/Dockerfile
+          ignore: DL3041
+
       - name: Build image
         uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2
         with:

.github/workflows/ubi8-google-api-python-client-pr.yaml

@@ -23,6 +23,11 @@ jobs:
         with:
           IMAGE_CONTEXT_DIR: ${{ env.context }}
 
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          dockerfile: ${{ env.context }}/Dockerfile
+          ignore: DL3041
+
       - name: Build image
         uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2
         with:

tekton-task-images/conftest/Dockerfile

@@ -1,3 +1,4 @@
+# Builder
 FROM registry.access.redhat.com/ubi9/ubi:9.3-1361.1699548029@sha256:6b95efc134c2af3d45472c0a2f88e6085433df058cc210abb2bb061ac4d74359 AS builder
 
 SHELL ["/bin/bash", "-c"]

tool-box/Dockerfile

@@ -1,60 +1,82 @@
-FROM registry.access.redhat.com/ubi8:8.9-1028@sha256:449da7f8f2ef6285a8445a1e31af57a97b9dae5dcf009b1629c59742c89c68c3
+# Builder
+FROM registry.access.redhat.com/ubi9/ubi:9.3-1361.1699548029@sha256:6b95efc134c2af3d45472c0a2f88e6085433df058cc210abb2bb061ac4d74359 AS builder
 
-ENV HOME=/home/tool-box \
-    INSTALL_PKGS="git iputils procps-ng python311 vim unzip zip"
+SHELL ["/bin/bash", "-c"]
 
 # renovate: datasource=repology depName=homebrew/openshift-cli
-ENV OC_VERSION=4.14.3
+ARG OC_VERSION=4.14.3
 # renovate: datasource=github-releases depName=openshift/rosa
-ENV ROSA_VERSION=v1.2.15
+ARG ROSA_VERSION=v1.2.15
 # renovate: datasource=github-releases depName=redhat-developer/odo
-ENV ODO_VERSION=v3.15.0
-# renovate: datasource=pypi depName=ansible-core
-ENV ANSIBLE_CORE_VERSION=2.16.2
+ARG ODO_VERSION=v3.15.0
 # renovate: datasource=github-releases depName=stedolan/jq
-ENV JQ_VERSION=1.6
+ARG JQ_VERSION=1.6
 # renovate: datasource=github-releases depName=helm/helm
-ENV HELM_VERSION=v3.11.3
+ARG HELM_VERSION=v3.11.3
 # renovate: datasource=github-releases depName=tektoncd/cli
-ENV TEKTON_VERSION=v0.33.0
-
-RUN yum -y update && \
-    yum -y install $INSTALL_PKGS && \
-    yum clean all
-
-RUN curl -o jq --fail -sL https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 && \
-    chmod +x jq && \
-    mv jq /usr/local/bin
-
-RUN mkdir -m 775 $HOME && \
-    chmod 775 /etc/passwd && \
-    python3 -m ensurepip --default-pip && \
-    python3 -m pip install --upgrade pip && \
-    python3 -m pip install ansible-core==${ANSIBLE_CORE_VERSION}
-
-RUN curl --fail -s https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -xvz && \
-    chmod u+x linux-amd64/helm && mv linux-amd64/helm /usr/local/bin/ && rm -rf linux-amd64
-
-RUN curl --fail -sL https://github.com/tektoncd/cli/releases/download/${TEKTON_VERSION}/tkn_${TEKTON_VERSION//v}_Linux_x86_64.tar.gz | tar --no-same-owner -xvz -C /usr/local/bin/ tkn
-
-RUN curl --fail -sL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz | tar --no-same-owner -C /usr/local/bin/ -xzf -
-
-RUN curl --fail -sL https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/rosa/${ROSA_VERSION//v}/rosa-linux.tar.gz | tar --no-same-owner -C /usr/local/bin/ -xzf -
-
-RUN curl --fail -sL https://mirror.openshift.com/pub/openshift-v4/clients/odo/${ODO_VERSION}/odo-linux-amd64 -o /usr/local/bin/odo && \
-    chmod +x /usr/local/bin/odo
-
-RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \
+ARG TEKTON_VERSION=v0.33.0
+
+RUN curl -L "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz" -o /tmp/openshift-client-linux.tar.gz && \
+    tar --no-same-owner -xzf /tmp/openshift-client-linux.tar.gz && \
+    mv oc kubectl /usr/local/bin && \
+    oc version --client && \
+    kubectl version --client
+
+RUN curl -L "https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/rosa/${ROSA_VERSION//v}/rosa-linux.tar.gz" -o /tmp/rosa-linux.tar.gz && \
+    tar --no-same-owner -xzf /tmp/rosa-linux.tar.gz && \
+    mv rosa /usr/local/bin && \
+    rosa version
+
+RUN curl -L "https://mirror.openshift.com/pub/openshift-v4/clients/odo/${ODO_VERSION}/odo-linux-amd64" -o /usr/local/bin/odo && \
+    chmod +x /usr/local/bin/odo && \
+    odo version --client
+
+RUN curl -L "https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64" -o /usr/local/bin/jq  && \
+    chmod +x /usr/local/bin/jq && \
+    jq --version
+
+RUN curl -L "https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz" -o /tmp/helm.tar.gz && \
+    tar -xzf /tmp/helm.tar.gz && \
+    mv linux-amd64/helm /usr/local/bin/helm && \
+    helm version
+
+RUN curl -L "https://github.com/tektoncd/cli/releases/download/${TEKTON_VERSION}/tkn_${TEKTON_VERSION//v}_Linux_x86_64.tar.gz" -o /tmp/tkn.tar.gz && \
+    tar --no-same-owner -xzf /tmp/tkn.tar.gz && \
+    mv tkn /usr/local/bin && \
+    tkn version
+
+# Runnable
+FROM registry.access.redhat.com/ubi9/ubi:9.3-1361.1699548029@sha256:6b95efc134c2af3d45472c0a2f88e6085433df058cc210abb2bb061ac4d74359
+
+ENV HOME=/home/tool-box
+
+COPY requirements.txt /requirements.txt
+RUN dnf -y update && \
+    dnf -y install git iputils procps-ng python3.11 python3.11-pip vim unzip zip && \
+    dnf clean all && \
+    pip3.11 install --no-cache-dir -r /requirements.txt && \
+    ansible --version
+
+COPY --from=builder /usr/local/bin/oc /usr/local/bin/oc
+COPY --from=builder /usr/local/bin/kubectl /usr/local/bin/kubectl
+COPY --from=builder /usr/local/bin/rosa /usr/local/bin/rosa
+COPY --from=builder /usr/local/bin/odo /usr/local/bin/odo
+COPY --from=builder /usr/local/bin/jq /usr/local/bin/jq
+COPY --from=builder /usr/local/bin/helm /usr/local/bin/helm
+COPY --from=builder /usr/local/bin/tkn /usr/local/bin/tkn
+
+RUN curl -L https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip && \
     unzip awscliv2.zip && \
-    ./aws/install -i /usr/local/aws-cli -b /usr/local/bin; \
-    rm -rf awscliv2.zip aws
+    ./aws/install -i /usr/local/aws-cli -b /usr/local/bin && \
+    rm -rf awscliv2.zip aws && \
+    aws --version
 
 WORKDIR $HOME
 
-ADD ./root /
-
-RUN chmod u+x /usr/local/bin/run && \
-    rm -rf $HOME/.cache
+COPY ./root /
+RUN mkdir -m 775 -p $HOME && \
+    chmod 775 /etc/passwd && \
+    chmod u+x /usr/local/bin/run
 
 USER 1001
 

tool-box/requirements.txt

@@ -0,0 +1 @@
+ansible-core==2.16.2

utilities/ubi8-bats/Dockerfile

@@ -1,28 +1,66 @@
-FROM registry.access.redhat.com/ubi8/ubi-minimal
+# Builder
+FROM registry.access.redhat.com/ubi8/ubi:8.9 AS builder
 
-LABEL io.k8s.description="OCP Bats"
-LABEL io.k8s.display-name="OCP Bats"
+SHELL ["/bin/bash", "-c"]
 
-ARG BATS_VERSION=1.2.1
-ARG HELM_VERSION=3.5.2
+# renovate: datasource=repology depName=homebrew/openshift-cli
+ARG OC_VERSION=4.14.3
+# renovate: datasource=github-releases depName=stedolan/jq
 ARG JQ_VERSION=1.6
-ARG OC_VERSION=4.7
-ARG YQ_VERSION=3.4.1
-
-RUN microdnf install -y gzip tar ncurses && \
-    microdnf clean all && \
-    curl -L https://github.com/bats-core/bats-core/archive/v${BATS_VERSION}.tar.gz | tar -C /tmp -xzf - && \
-    /tmp/bats-core-${BATS_VERSION}/install.sh /opt/bats && \
-    rm -rf /tmp/bats-core-${BATS_VERSION} && \
-    ln -s /opt/bats/bin/bats /usr/local/bin/bats && \
-    curl -Lo /usr/local/bin/jq https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 && \
+# renovate: datasource=github-releases depName=helm/helm
+ARG HELM_VERSION=v3.11.3
+# renovate: datasource=github-releases depName=mikefarah/yq
+ARG YQ_VERSION=v4.40.5
+
+RUN curl -L "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz" -o /tmp/openshift-client-linux.tar.gz && \
+    tar --no-same-owner -xzf /tmp/openshift-client-linux.tar.gz && \
+    mv oc kubectl /usr/local/bin && \
+    oc version --client && \
+    kubectl version --client
+
+RUN curl -L "https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64" -o /usr/local/bin/jq  && \
     chmod +x /usr/local/bin/jq && \
-    curl -L https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz | tar --strip-components=1 -C /usr/local/bin -xzf - linux-amd64/helm && \
-    curl -Lo /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 && \
+    jq --version
+
+RUN curl -L "https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz" -o /tmp/helm.tar.gz && \
+    tar -xzf /tmp/helm.tar.gz && \
+    mv linux-amd64/helm /usr/local/bin/helm && \
+    helm version
+
+RUN curl -L "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" -o /usr/local/bin/yq && \
     chmod +x /usr/local/bin/yq && \
-    curl -L http://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable-${OC_VERSION}/openshift-client-linux.tar.gz | tar -C /usr/local/bin -xzf - && \
-    mkdir -p /code
+    yq --version
+
+# Runnable
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.9
+
+SHELL ["/bin/bash", "-c"]
+
+# renovate: datasource=github-releases depName=bats-core/bats-core
+ARG BATS_VERSION=v1.10.0
+
+LABEL io.k8s.description="OCP Bats"
+LABEL io.k8s.display-name="OCP Bats"
+
+RUN microdnf install -y --nodocs gzip tar ncurses && \
+    microdnf clean all
+
+COPY --from=builder /usr/local/bin/oc /usr/local/bin/oc
+COPY --from=builder /usr/local/bin/kubectl /usr/local/bin/kubectl
+COPY --from=builder /usr/local/bin/jq /usr/local/bin/jq
+COPY --from=builder /usr/local/bin/helm /usr/local/bin/helm
+COPY --from=builder /usr/local/bin/yq /usr/local/bin/yq
+
+RUN curl -L "https://github.com/bats-core/bats-core/archive/${BATS_VERSION}.tar.gz" -o /tmp/bats.tar.gz && \
+    tar -C /tmp -xzf /tmp/bats.tar.gz && \
+    ls -lrt /tmp && \
+    "/tmp/bats-core-${BATS_VERSION//v}/install.sh" /tmp/bats && \
+    ln -s /tmp/bats/bin/bats /usr/local/bin/bats && \
+    bats --version
+
+RUN mkdir -p /code
 
 WORKDIR /code
+
 USER 1001
 ENTRYPOINT ["bats"]

utilities/ubi8-bats/test/unit.bats

@@ -3,13 +3,13 @@
 @test "bats: version" {
   run bats --version
   [ "${status}" -eq 0 ]
-  [ "${lines[0]}" = "Bats 1.2.1" ]
+  [ "${lines[0]}" = "Bats 1.10.0" ]
 }
 
 @test "helm: version" {
   run helm version
   [ "${status}" -eq 0 ]
-  [[ "${lines[0]}" =~ v3.5.2 ]]
+  [[ "${lines[0]}" =~ v3.11.3 ]]
 }
 
 @test "jq: version" {
@@ -21,11 +21,11 @@
 @test "oc: version" {
   run oc version
   [ "${status}" -eq 0 ]
-  [[ "${lines[0]}" =~ 4.7 ]]
+  [[ "${lines[0]}" =~ 4.14.3 ]]
 }
 
 @test "yq: version" {
   run yq --version
   [ "${status}" -eq 0 ]
-  [ "${lines[0]}" = "yq version 3.4.1" ]
+  [ "${lines[0]}" = "yq (https://github.com/mikefarah/yq/) version v4.40.5" ]
 }

utilities/ubi8-git/Dockerfile

@@ -1,11 +1,7 @@
-FROM registry.access.redhat.com/ubi8
+FROM registry.access.redhat.com/ubi8/ubi:8.9
 
 LABEL maintainer="Red Hat Services"
 
-# Update image
-RUN dnf update -y && rm -rf /var/cache/yum
-
-# Install packages
-RUN dnf install -y \
-  git \
-  && dnf clean all
+RUN dnf update -y && \
+    dnf install -y --nodocs git && \
+    dnf clean all

utilities/ubi8-google-api-python-client/Dockerfile

@@ -1,29 +1,13 @@
-FROM registry.access.redhat.com/ubi8
+FROM registry.access.redhat.com/ubi8/ubi:8.9
 
 LABEL maintainer="Red Hat Services"
 
-# Update image
-RUN dnf update -y && rm -rf /var/cache/yum
-
-# Install packages
-RUN dnf install -y \
-  git \
-  python36 \
-  python3-pip \
-  python3-numpy \
-  python3-scipy \
-  python3-setuptools \
-  python3-six \
-  && dnf clean all
-
-# Install Python modules
-RUN pip3 install --upgrade \
-  pip \
-  google-api-python-client \
-  google-auth-httplib2 \
-  google-auth-oauthlib \
-  oauth2client
+COPY requirements.txt /requirements.txt
+RUN dnf update -y && \
+    dnf install -y git python3.11 python3.11-pip python3.11-setuptools python3.11-numpy python3.11-scipy python3.11-six && \
+    dnf clean all && \
+    pip3.11 install --no-cache-dir -r /requirements.txt
 
 # Copy in custom helper scripts
-add ./root /
+COPY ./root /
 RUN chmod u+x /usr/local/bin/upload-file-to-google-drive

utilities/ubi8-google-api-python-client/requirements.txt

@@ -0,0 +1,4 @@
+google-api-python-client
+google-auth-httplib2
+google-auth-oauthlib
+oauth2client