Address all outstanding sonarqube docker issues (#1175)

opensearch-project · Dec 5, 2024 · 3d82d1f · 3d82d1f
1 parent 36098eb
commit 3d82d1f
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 10 deletions.
diff --git a/TrafficCapture/dockerSolution/src/main/docker/elasticsearchTestConsole/Dockerfile b/TrafficCapture/dockerSolution/src/main/docker/elasticsearchTestConsole/Dockerfile
@@ -32,8 +32,8 @@ RUN dnf install -y --setopt=install_weak_deps=False \
 
 # Install HDF5 from source for Opensearch Benchmark compatibility with ARM
 ARG HDF5_VERSION=1.14.4
-RUN wget --tries=5 --retry-connrefused --waitretry=15 -q https://github.com/HDFGroup/hdf5/archive/refs/tags/hdf5_${HDF5_VERSION}.tar.gz -O /tmp/hdf5.tar.gz && \
-    mkdir /tmp/hdf5 && \
+ADD https://github.com/HDFGroup/hdf5/archive/refs/tags/hdf5_${HDF5_VERSION}.tar.gz /tmp/hdf5.tar.gz
+RUN mkdir /tmp/hdf5 && \
     tar -xzf /tmp/hdf5.tar.gz -C /tmp/hdf5 --strip-components=1 && \
     rm /tmp/hdf5.tar.gz
 WORKDIR /tmp/hdf5

diff --git a/TrafficCapture/dockerSolution/src/main/docker/elasticsearchWithSearchGuard/Dockerfile b/TrafficCapture/dockerSolution/src/main/docker/elasticsearchWithSearchGuard/Dockerfile
@@ -29,4 +29,4 @@ RUN sed -i '/^-Xms/i # Increase default heap to 80% RAM, Requires JDK >= 10' $EL
 
 
 #CMD tail -f /dev/null
-CMD /usr/local/bin/docker-entrypoint.sh eswrapper
+CMD ["/usr/local/bin/docker-entrypoint.sh", "eswrapper"]
diff --git a/TrafficCapture/dockerSolution/src/main/docker/migrationConsole/Dockerfile b/TrafficCapture/dockerSolution/src/main/docker/migrationConsole/Dockerfile
@@ -6,13 +6,15 @@ ENV PIPENV_CUSTOM_VENV_NAME=.venv
 ENV PIPENV_DEFAULT_PYTHON_VERSION=3.11
 ENV PIPENV_MAX_DEPTH=1
 
-RUN mkdir /root/kafka-tools
-RUN mkdir /root/kafka-tools/aws
+RUN mkdir -p /root/kafka-tools/aws
 
 WORKDIR /root/kafka-tools
 # Get kafka distribution and unpack to 'kafka'
-RUN wget --tries=5 --retry-connrefused --waitretry=15 -O-  https://archive.apache.org/dist/kafka/3.6.0/kafka_2.13-3.6.0.tgz | tar --transform 's!^[^/]*!kafka!' -xvz
-RUN wget --tries=5 --retry-connrefused --waitretry=15 -O kafka/libs/msk-iam-auth.jar https://github.com/aws/aws-msk-iam-auth/releases/download/v2.0.3/aws-msk-iam-auth-2.0.3-all.jar
+ADD https://archive.apache.org/dist/kafka/3.6.0/kafka_2.13-3.6.0.tgz /root/kafka-tools/
+RUN tar --transform='s!^[^/]*!kafka!' -xzf kafka_2.13-3.6.0.tgz && \
+    rm kafka_2.13-3.6.0.tgz
+
+ADD https://github.com/aws/aws-msk-iam-auth/releases/download/v2.0.3/aws-msk-iam-auth-2.0.3-all.jar kafka/libs/msk-iam-auth.jar
 WORKDIR /root
 
 # Add Traffic Replayer jars for running KafkaPrinter from this container
@@ -63,7 +65,7 @@ RUN echo '. /etc/profile.d/bash_completion.sh' >> ~/.bashrc && \
 # Set ENV to control startup script in /bin/sh mode
 ENV ENV=/root/.bashrc
 
-CMD /root/loadServicesFromParameterStore.sh && tail -f /dev/null
+CMD ["/bin/bash", "-c", "/root/loadServicesFromParameterStore.sh && tail -f /dev/null"]
 
 # Experimental console API, uncomment to use in addition to uncomment port mapping in docker-compose.yml
 #CMD /root/loadServicesFromParameterStore.sh && pipenv run python /root/console_api/manage.py runserver_plus 0.0.0.0:8000 --cert-file cert.crt
diff --git a/sonar-project.properties b/sonar-project.properties
@@ -63,7 +63,7 @@ sonar.issue.ignore.multicriteria = \
   comp1, comp2, comp3, comp4, \
   loop1, loop2, loop3, loop4, loop5, \
   f1, f2, f3, f4, f5, f6, f7, f8, \
-  d1
+  d1, d2, d3, d4, d5
 
 sonar.issue.ignore.multicriteria.p1.ruleKey = python:S1135
 sonar.issue.ignore.multicriteria.p1.resourceKey = **/*.py
@@ -264,4 +264,20 @@ sonar.issue.ignore.multicriteria.f8.resourceKey = **/BlockingTrafficSource.java
 # We use some base Docker images that run as root; changing the default user in these containers
 # doesn't make sense
 sonar.issue.ignore.multicriteria.d1.ruleKey = docker:S6471
-sonar.issue.ignore.multicriteria.d1.resourceKey = **/Dockerfile
+sonar.issue.ignore.multicriteria.d1.resourceKey = **/Dockerfile
+
+# MigrationConsole image is reusing docker image built in this project, using the `latest` tag is fine for this project.
+sonar.issue.ignore.multicriteria.d2.ruleKey = docker:S6596
+sonar.issue.ignore.multicriteria.d2.resourceKey = **/migrationConsole/Dockerfile
+
+# Surrounding all variables with quoting rule isn't needed since docker images parameters are strictly controlled.
+sonar.issue.ignore.multicriteria.d3.ruleKey = docker:S6570
+sonar.issue.ignore.multicriteria.d3.resourceKey = **/Dockerfile
+
+# Too long run instructions is more of a style complaint than a real issue to address.
+sonar.issue.ignore.multicriteria.d4.ruleKey = docker:S7020
+sonar.issue.ignore.multicriteria.d4.resourceKey = **/Dockerfile
+
+# While consolidating multiple RUN commands creates fewer image layers, the current format works as is.
+sonar.issue.ignore.multicriteria.d5.ruleKey = docker:S7031
+sonar.issue.ignore.multicriteria.d5.resourceKey = **/Dockerfile
Original file line number	Diff line number	Diff line change
Expand Up		@@ -29,4 +29,4 @@ RUN sed -i '/^-Xms/i # Increase default heap to 80% RAM, Requires JDK >= 10' $EL


		#CMD tail -f /dev/null
		CMD /usr/local/bin/docker-entrypoint.sh eswrapper
		CMD ["/usr/local/bin/docker-entrypoint.sh", "eswrapper"]