From db80bc571f2f7d1ad78ff9c78dedb9044059dce7 Mon Sep 17 00:00:00 2001 From: Pat Ledgerwood <32804494+vexingly@users.noreply.github.com> Date: Thu, 15 Aug 2024 14:01:50 -0400 Subject: [PATCH] feat: add kubectl & utils to ompp image (#122) copied from jupyterlab-cpu image --- .github/workflows/build.yml | 16 +++++++--------- .github/workflows/publish.yml | 18 ++++++++---------- ompp-run-ubuntu/Dockerfile | 14 ++++++++++++++ 3 files changed, 29 insertions(+), 19 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 98c0711..2656f43 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -26,6 +26,7 @@ jobs: build: env: TRIVY_VERSION: "v0.43.1" + HADOLINT_VERSION: "2.12.0" needs: listimages strategy: fail-fast: false @@ -51,12 +52,9 @@ jobs: curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${{ env.TRIVY_VERSION }} trivy image localhost:5000/${{ matrix.image }}:${{ github.sha }} --exit-code 1 --timeout=20m --security-checks vuln --severity CRITICAL - # Run Dockle - - name: Run dockle - uses: goodwithtech/dockle-action@main - with: - image: localhost:5000/${{ matrix.image }}:${{ github.sha }} - format: 'list' - exit-code: '0' - exit-level: 'fatal' - ignore: 'DKL-DI-0006' + # Run Hadolint + - name: Run Hadolint + run: | + sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${{ env.HADOLINT_VERSION }}/hadolint-Linux-x86_64 --output hadolint + sudo chmod +x hadolint + ./hadolint ${{ matrix.image }}/Dockerfile --no-fail diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index af75cc8..2f9a2eb 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -33,6 +33,7 @@ jobs: build: env: TRIVY_VERSION: "v0.43.1" + HADOLINT_VERSION: "2.12.0" needs: listimages strategy: fail-fast: false @@ -64,16 +65,13 @@ jobs: run: | curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${{ env.TRIVY_VERSION }} trivy image localhost:5000/${{ matrix.image }}:${{ github.sha }} --exit-code 1 --timeout=20m --security-checks vuln --severity CRITICAL - - # Run Dockle - - name: Run dockle - uses: goodwithtech/dockle-action@main - with: - image: localhost:5000/${{ matrix.image }}:${{ github.sha }} - format: 'list' - exit-code: '0' - exit-level: 'fatal' - ignore: 'DKL-DI-0006' + + # Run Hadolint + - name: Run Hadolint + run: | + sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${{ env.HADOLINT_VERSION }}/hadolint-Linux-x86_64 --output hadolint + sudo chmod +x hadolint + ./hadolint ${{ matrix.image }}/Dockerfile --no-fail # Container build and push to a Azure Container registry (ACR) - run: | diff --git a/ompp-run-ubuntu/Dockerfile b/ompp-run-ubuntu/Dockerfile index 82af119..7ad1813 100644 --- a/ompp-run-ubuntu/Dockerfile +++ b/ompp-run-ubuntu/Dockerfile @@ -41,12 +41,26 @@ RUN echo "ulimit -S -s 65536" >> etc/bash.bashrc && \ apt-get update && \ apt-get install -y \ apt-utils \ + curl \ + jq \ + htop \ + tree \ + zip \ sqlite3 \ openmpi-bin \ unixodbc && \ apt-get upgrade -y && \ rm -rf /var/lib/apt/lists/* +ARG KUBECTL_VERSION=v1.28.2 +ARG KUBECTL_URL=https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl +ARG KUBECTL_SHA=c922440b043e5de1afa3c1382f8c663a25f055978cbc6e8423493ec157579ec5 + +RUN curl -LO "${KUBECTL_URL}" \ + && echo "${KUBECTL_SHA} kubectl" | sha256sum -c - \ + && chmod +x ./kubectl \ + && mv ./kubectl /usr/local/bin/kubectl + # set local openM++ timezone RUN rm -f /etc/localtime && \ ln -s /usr/share/zoneinfo/America/Toronto /etc/localtime