From e7bb4f61ae5fac352b3116f323d82e371d774477 Mon Sep 17 00:00:00 2001 From: Brad Lugo Date: Mon, 12 Aug 2024 16:14:01 -0700 Subject: [PATCH] ROX-24700: Resolve CentOS 8 deprecation (#212) Co-authored-by: RTann Co-authored-by: Gavin Jefferies --- .../build-and-push-image.sh | 3 +- .github/workflows/build.yaml | 12 + Makefile | 22 +- STACKROX_CENTOS_TAG | 1 - images/collector.Dockerfile | 32 ++- images/scanner-build.Dockerfile | 31 ++- images/scanner-test.Dockerfile | 14 +- images/stackrox-build.Dockerfile | 34 ++- images/stackrox-test.Dockerfile | 16 +- images/stackrox-ui-test.Dockerfile | 218 ++++++++++++++++++ scripts/get_tag.sh | 2 +- 11 files changed, 344 insertions(+), 41 deletions(-) delete mode 100644 STACKROX_CENTOS_TAG create mode 100644 images/stackrox-ui-test.Dockerfile diff --git a/.github/actions/build-and-push-image/build-and-push-image.sh b/.github/actions/build-and-push-image/build-and-push-image.sh index 264088d2..a7cd217c 100755 --- a/.github/actions/build-and-push-image/build-and-push-image.sh +++ b/.github/actions/build-and-push-image/build-and-push-image.sh @@ -8,8 +8,7 @@ build_and_push_image() { # Login may be required for pulling the base image for building (if used) and to avoid rate limits. docker login -u "$QUAY_RHACS_ENG_RW_USERNAME" --password-stdin <<<"$QUAY_RHACS_ENG_RW_PASSWORD" quay.io - STACKROX_CENTOS_TAG="$(cat STACKROX_CENTOS_TAG)" - TAG="$(scripts/get_tag.sh "$image_flavor" "${STACKROX_CENTOS_TAG}")" + TAG="$(scripts/get_tag.sh "$image_flavor")" IMAGE="quay.io/rhacs-eng/apollo-ci:${TAG}" make "$image_flavor"-image diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 6e4ec62f..d40aea6a 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -42,6 +42,18 @@ jobs: - uses: ./.github/actions/build-and-push-image with: image-flavor: "stackrox-test" + + build-and-push-stackrox-ui-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} + - uses: ./.github/actions/build-and-push-image + with: + image-flavor: "stackrox-ui-test" build-and-push-collector: runs-on: ubuntu-latest diff --git a/Makefile b/Makefile index 66eb8944..2961d42b 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,3 @@ -ifeq ($(STACKROX_CENTOS_TAG),) -STACKROX_CENTOS_TAG=$(shell cat STACKROX_CENTOS_TAG) -endif ifeq ($(DOCKER),) DOCKER=docker endif @@ -11,8 +8,8 @@ STACKROX_BUILD_TAG=$(shell scripts/get_tag.sh "stackrox-build") .PHONY: stackrox-build-image stackrox-build-image: $(DOCKER) build \ + --platform linux/amd64 \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_BUILD_TAG) \ - --build-arg STACKROX_CENTOS_TAG=$(STACKROX_CENTOS_TAG) \ -f images/stackrox-build.Dockerfile \ images/ @@ -21,14 +18,27 @@ STACKROX_TEST_TAG=$(shell scripts/get_tag.sh "stackrox-test") .PHONY: stackrox-test-image stackrox-test-image: $(DOCKER) build \ + --platform linux/amd64 \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_TEST_TAG) \ --build-arg BASE_TAG=$(STACKROX_BUILD_TAG) \ -f images/stackrox-test.Dockerfile \ images/ +STACKROX_UI_TEST_TAG=$(shell scripts/get_tag.sh "stackrox-ui-test") + +.PHONY: stackrox-ui-test-image +stackrox-ui-test-image: + $(DOCKER) build \ + --platform linux/amd64 \ + -t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_UI_TEST_TAG) \ + --build-arg BASE_TAG=$(STACKROX_UI_TEST_TAG) \ + -f images/stackrox-ui-test.Dockerfile \ + images/ + .PHONY: test-cci-export test-cci-export: $(DOCKER) build \ + --platform linux/amd64 \ -t test-cci-export \ --build-arg BASE_TAG=$(STACKROX_TEST_TAG) \ -f images/test.cci-export.Dockerfile \ @@ -40,6 +50,7 @@ test-cci-export: .PHONY: collector-image collector-image: $(DOCKER) build \ + --platform linux/amd64 \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(shell scripts/get_tag.sh "collector") \ -f images/collector.Dockerfile \ images/ @@ -47,6 +58,7 @@ collector-image: .PHONY: scanner-build-image scanner-build-image: $(DOCKER) build \ + --platform linux/amd64 \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(shell scripts/get_tag.sh "scanner-build") \ -f images/scanner-build.Dockerfile \ images/ @@ -54,6 +66,7 @@ scanner-build-image: .PHONY: scanner-test-image scanner-test-image: $(DOCKER) build \ + --platform linux/amd64 \ --build-arg BASE_TAG=$(shell scripts/get_tag.sh "scanner-build") \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(shell scripts/get_tag.sh "scanner-test") \ -f images/scanner-test.Dockerfile \ @@ -62,6 +75,7 @@ scanner-test-image: .PHONY: jenkins-plugin-image jenkins-plugin-image: $(DOCKER) build \ + --platform linux/amd64 \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(shell scripts/get_tag.sh "jenkins-plugin") \ -f images/jenkins-plugin.Dockerfile \ images/ diff --git a/STACKROX_CENTOS_TAG b/STACKROX_CENTOS_TAG deleted file mode 100644 index a1f22cdc..00000000 --- a/STACKROX_CENTOS_TAG +++ /dev/null @@ -1 +0,0 @@ -stream8 diff --git a/images/collector.Dockerfile b/images/collector.Dockerfile index 102cd014..5d610e87 100644 --- a/images/collector.Dockerfile +++ b/images/collector.Dockerfile @@ -1,4 +1,4 @@ -FROM quay.io/centos/centos:stream8 +FROM registry.access.redhat.com/ubi8:latest SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -10,10 +10,31 @@ RUN set -ex \ && rm -r /static-tmp RUN dnf update -y && \ - dnf install -y epel-release dnf-plugins-core && \ - dnf config-manager --set-enabled powertools && \ - dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \ - dnf -y groupinstall "Development Tools" && \ + dnf install -y dnf-plugins-core && \ + dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo && \ + # This set replaces centos:stream8 "Development Tools". It is possible + # rox-ci-image does not need all of these. + dnf install -y \ + autoconf \ + automake \ + binutils \ + gcc \ + gcc-c++ \ + gdb \ + glibc-devel \ + libtool \ + make \ + pkgconf \ + pkgconf-m4 \ + pkgconf-pkg-config \ + redhat-rpm-config \ + rpm-build \ + strace \ + ctags \ + git \ + perl-Fedora-VSP \ + perl-generators \ + source-highlight && \ dnf install -y \ clang-tools-extra \ cmake \ @@ -25,7 +46,6 @@ RUN dnf update -y && \ docker-ce \ docker-ce-cli \ docker-ce-rootless-extras \ - docker-scan-plugin \ && \ dnf upgrade -y && \ dnf clean all && \ diff --git a/images/scanner-build.Dockerfile b/images/scanner-build.Dockerfile index 493db4e5..bf8dfe8f 100644 --- a/images/scanner-build.Dockerfile +++ b/images/scanner-build.Dockerfile @@ -1,12 +1,37 @@ # Provides the tooling required to run Scanner dockerized build targets. -FROM quay.io/centos/centos:stream8 +FROM registry.access.redhat.com/ubi8:latest SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN dnf update -y && \ - dnf install -y dnf-plugins-core epel-release wget && \ - dnf -y groupinstall "Development Tools" && \ + dnf install -y dnf-plugins-core wget && \ + dnf config-manager --set-enabled ubi-8-codeready-builder-rpms && \ + dnf update -y && \ + # This set replaces centos:stream8 "Development Tools". It is possible + # rox-ci-image does not need all of these. + dnf install -y \ + autoconf \ + automake \ + binutils \ + gcc \ + gcc-c++ \ + gdb \ + glibc-devel \ + libtool \ + make \ + pkgconf \ + pkgconf-m4 \ + pkgconf-pkg-config \ + redhat-rpm-config \ + rpm-build \ + strace \ + ctags \ + git \ + perl-Fedora-VSP \ + perl-generators \ + source-highlight && \ + dnf upgrade -y && \ dnf clean all && \ rm -rf /var/cache/dnf /var/cache/yum diff --git a/images/scanner-test.Dockerfile b/images/scanner-test.Dockerfile index 3c609df5..1a7c6e30 100644 --- a/images/scanner-test.Dockerfile +++ b/images/scanner-test.Dockerfile @@ -34,10 +34,10 @@ ENV BASH_ENV /etc/initial-bash.env ENV PG_MAJOR=15 ENV PATH="$PATH:/usr/pgsql-$PG_MAJOR/bin/" -RUN dnf install -y \ - https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm \ - && dnf -qy module disable postgresql \ - && dnf update -y \ +# Install Postgres repo +RUN dnf --disablerepo="*" install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm + +RUN dnf update -y \ && dnf install -y \ expect \ gcc \ @@ -49,15 +49,15 @@ RUN dnf install -y \ lsof \ lz4 \ openssl \ + postgresql${PG_MAJOR}-contrib \ postgresql${PG_MAJOR}-server \ procps-ng \ python3 \ unzip \ xz \ zip \ - && \ - dnf clean all && \ - rm -rf /var/cache/dnf /var/cache/yum + && dnf clean all \ + && rm -rf /var/cache/dnf /var/cache/yum # Use updated auth plugin for GCP ENV USE_GKE_GCLOUD_AUTH_PLUGIN=True diff --git a/images/stackrox-build.Dockerfile b/images/stackrox-build.Dockerfile index b4bf630a..1d68c44a 100644 --- a/images/stackrox-build.Dockerfile +++ b/images/stackrox-build.Dockerfile @@ -1,7 +1,6 @@ # Provides the tooling required to run StackRox dockerized build targets. -ARG STACKROX_CENTOS_TAG -FROM quay.io/centos/centos:${STACKROX_CENTOS_TAG} as base +FROM registry.access.redhat.com/ubi8:latest SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -10,24 +9,45 @@ RUN touch /i-am-rox-ci-image RUN dnf update -y && \ dnf install -y \ dnf-plugins-core \ - epel-release \ wget \ && \ - dnf config-manager --set-enabled powertools && \ + dnf config-manager --set-enabled ubi-8-codeready-builder-rpms && \ dnf update -y && \ wget --quiet -O - https://rpm.nodesource.com/setup_lts.x | bash - && \ wget --quiet -O - https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo && \ dnf update -y && \ - dnf -y groupinstall "Development Tools" && \ + # This set replaces centos:stream8 "Development Tools". It is possible + # rox-ci-image does not need all of these. + dnf install -y \ + autoconf \ + automake \ + binutils \ + gcc \ + gcc-c++ \ + gdb \ + glibc-devel \ + libtool \ + make \ + pkgconf \ + pkgconf-m4 \ + pkgconf-pkg-config \ + redhat-rpm-config \ + rpm-build \ + strace \ + ctags \ + git \ + perl-Fedora-VSP \ + perl-generators \ + source-highlight && \ dnf install -y \ bzip2-devel \ + gettext \ git-core \ jq \ - libzstd-devel \ + zstd \ lz4-devel \ nodejs \ procps-ng \ - snappy-devel \ yarn \ zlib-devel \ && \ diff --git a/images/stackrox-test.Dockerfile b/images/stackrox-test.Dockerfile index b0b275eb..ea18effd 100644 --- a/images/stackrox-test.Dockerfile +++ b/images/stackrox-test.Dockerfile @@ -27,8 +27,8 @@ ENV BASH_ENV /etc/initial-bash.env RUN dnf --disablerepo="*" install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm # Install all the packages -RUN dnf update -y && \ - dnf install -y \ +RUN dnf update -y \ + && dnf install -y \ expect \ gcc \ gcc-c++ \ @@ -39,19 +39,15 @@ RUN dnf update -y && \ lsof \ lz4 \ openssl \ - parallel \ python3-devel \ unzip \ xmlstarlet \ xz \ zip \ - # `# Cypress dependencies: (see https://docs.cypress.io/guides/guides/continuous-integration.html#Dependencies)` \ - xorg-x11-server-Xvfb gtk2-devel gtk3-devel libnotify-devel GConf2 nss libXScrnSaver alsa-lib \ - && \ - dnf remove -y java-1.8.0-openjdk-headless && \ - dnf --disablerepo="*" --enablerepo="pgdg14" install -y postgresql14 postgresql14-server postgresql14-contrib && \ - dnf clean all && \ - rm -rf /var/cache/dnf /var/cache/yum + && dnf remove -y java-1.8.0-openjdk-headless \ + && dnf --disablerepo="*" --enablerepo="pgdg14" install -y postgresql14 postgresql14-server postgresql14-contrib \ + && dnf clean all \ + && rm -rf /var/cache/dnf /var/cache/yum # Use updated auth plugin for GCP ENV USE_GKE_GCLOUD_AUTH_PLUGIN=True diff --git a/images/stackrox-ui-test.Dockerfile b/images/stackrox-ui-test.Dockerfile new file mode 100644 index 00000000..82014a5a --- /dev/null +++ b/images/stackrox-ui-test.Dockerfile @@ -0,0 +1,218 @@ +# Provides the tooling required run UI tests against the StackRox images. + +FROM quay.io/centos/centos:stream9 + +# This line makes sure that piped commands in RUN instructions exit early. +# This should not affect use in CircleCI because Circle doesn't use +# CMD/ENTRYPOINT. +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +RUN touch /i-am-rox-ci-image + +# We are copying the contents in static-contents into / in the image, following the directory structure. +# The reason we don't do a simple COPY ./static-contents / is that, in the base image (as of ubuntu:20.04) +# /bin is a symlink to /usr/bin, and so the COPY ends up overwriting the symlink with a directory containing only +# the contents of static-contents/bin, which is NOT what we want. +# The following method of copying to /static-tmp and then explicitly copying file by file works around that. +COPY ./static-contents/ /static-tmp +RUN set -ex \ + && find /static-tmp -type f -print0 | \ + xargs -0 -I '{}' -n1 bash -c 'dir="$(dirname "${1}")"; new_dir="${dir#/static-tmp}"; mkdir -p "${new_dir}"; cp "${1}" "${new_dir}";' -- {} \ + && rm -r /static-tmp +# Circle CI uses BASH_ENV to pass an environment for bash. Other environments need +# an initial BASH_ENV as a foundation for cci-export(). +ENV BASH_ENV /etc/initial-bash.env + +# Setup and install some prerequities +RUN dnf update -y \ + && dnf install -y wget \ + && wget --quiet -O - https://rpm.nodesource.com/setup_lts.x | bash - \ + && wget --quiet -O - https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo \ + && dnf --disablerepo=* -y install https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm \ + && dnf -qy module disable postgresql + +# Install all the packages +# We need to fix up the PostgreSQL RPM repository GPG key: +# https://yum.postgresql.org/news/pgdg-rpm-repo-gpg-key-update/ +RUN dnf update -y \ + # Shared dependencies with build image + && dnf install -y \ + bzip2-devel \ + gettext \ + git-core \ + jq \ + zstd \ + lz4-devel \ + nodejs \ + procps-ng \ + yarn \ + zlib-devel \ + # Unique dependencies + && dnf install -y \ + expect \ + gcc \ + gcc-c++ \ + google-cloud-cli \ + google-cloud-cli-gke-gcloud-auth-plugin \ + java-17-openjdk-devel \ + kubectl \ + lsof \ + lz4 \ + openssl \ + python3-devel \ + unzip \ + xmlstarlet \ + xz \ + zip \ + # `# Cypress dependencies: (see https://docs.cypress.io/guides/guides/continuous-integration.html#Dependencies)` + xorg-x11-server-Xvfb gtk3-devel nss alsa-lib \ + # PostgreSQL 14 + postgresql14 postgresql14-server postgresql14-contrib \ + && dnf remove -y java-1.8.0-openjdk-headless \ + && dnf clean all \ + && rm -rf /var/cache/dnf /var/cache/yum + + +ARG GOLANG_VERSION=1.21.9 +ARG GOLANG_SHA256=f76194c2dc607e0df4ed2e7b825b5847cb37e34fc70d780e2f6c7e805634a7ea +ENV GOPATH /go +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +RUN url="https://dl.google.com/go/go${GOLANG_VERSION}.linux-amd64.tar.gz" && \ + wget --no-verbose -O go.tgz "$url" && \ + echo "${GOLANG_SHA256} *go.tgz" | sha256sum -c - && \ + tar -C /usr/local -xzf go.tgz && \ + rm go.tgz && \ + mkdir -p "$GOPATH/src" "$GOPATH/bin" && \ + chmod -R 777 "$GOPATH" + +ARG FETCH_VERSION=0.3.5 +ARG FETCH_SHA256=8d4d99e903b30dbd24290e9a056a982ea2326a05ded24c63be64df16e7e0d9f0 +RUN wget --no-verbose -O fetch https://github.com/gruntwork-io/fetch/releases/download/v${FETCH_VERSION}/fetch_linux_amd64 && \ + echo "${FETCH_SHA256} fetch" | sha256sum -c - && \ + install fetch /usr/bin && \ + rm fetch + +ARG OSSLS_VERSION=0.10.1 +ARG OSSLS_SHA256=afdec2fa63b27ced4aeb3297399d45b0f06861e6ebc8cb2431b9653b7f113320 +RUN fetch --repo="https://github.com/stackrox/ossls" --tag="${OSSLS_VERSION}" --release-asset="ossls_linux_amd64" . && \ + echo "${OSSLS_SHA256} *ossls_linux_amd64" | sha256sum -c - && \ + install ossls_linux_amd64 /usr/bin/ossls && \ + rm ossls_linux_amd64 && \ + ossls version + +# Use updated auth plugin for GCP +ENV USE_GKE_GCLOUD_AUTH_PLUGIN=True +RUN gke-gcloud-auth-plugin --version + +# Update PATH for Postgres14 +ENV PATH=$PATH:/usr/pgsql-14/bin + +# Install bats +RUN set -ex \ + && npm install -g bats@1.10.0 bats-support@0.3.0 bats-assert@2.0.0 tap-junit \ + && bats -v + +# Install docker binary +ARG DOCKER_VERSION=20.10.6 +RUN set -ex \ + && DOCKER_URL="https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz" \ + && echo Docker URL: $DOCKER_URL \ + && wget --no-verbose -O /tmp/docker.tgz "${DOCKER_URL}" \ + && ls -lha /tmp/docker.tgz \ + && tar -xz -C /tmp -f /tmp/docker.tgz \ + && install /tmp/docker/docker /usr/local/bin \ + && rm -rf /tmp/docker /tmp/docker.tgz \ + && command -v docker \ + && (docker version --format '{{.Client.Version}}' || true) + + # Symlink python to python3 + RUN ln -s /usr/bin/python3 /usr/bin/python + +# oc +RUN set -ex \ + && wget --no-verbose -O oc.tgz https://github.com/okd-project/okd/releases/download/4.11.0-0.okd-2022-12-02-145640/openshift-client-linux-4.11.0-0.okd-2022-12-02-145640.tar.gz \ + && mkdir "oc-dir" \ + && tar -C "oc-dir" -xf oc.tgz \ + && install oc-dir/oc /usr/local/bin \ + && rm -rf "oc-dir" oc.tgz \ + && command -v oc + +# helm +RUN set -ex \ + && wget --no-verbose -O helm.tgz https://get.helm.sh/helm-v3.11.2-linux-amd64.tar.gz \ + && tar -xf helm.tgz \ + && install linux-amd64/helm /usr/local/bin \ + && rm -rf helm.tgz linux-amd64 \ + && command -v helm + +# Install gradle +ARG GRADLE_VERSION=7.5.1 +ENV PATH=$PATH:/opt/gradle/bin +RUN set -ex \ + && wget --no-verbose https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip \ + && mkdir /opt/gradle \ + && unzip -q gradle-${GRADLE_VERSION}-bin.zip \ + && mv gradle-${GRADLE_VERSION}/* /opt/gradle \ + && rm gradle-${GRADLE_VERSION}-bin.zip \ + && rmdir gradle-${GRADLE_VERSION} \ + && command -v gradle + +# Install aws cli +RUN set -ex \ + && wget --no-verbose -O "awscliv2.zip" "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.7.17.zip" \ + && unzip awscliv2.zip \ + && ./aws/install \ + && rm awscliv2.zip \ + && rm -rf aws \ + && aws --version + +# Install yq v4.16.2 +RUN set -ex \ + && wget --no-verbose "https://github.com/mikefarah/yq/releases/download/v4.16.2/yq_linux_amd64" \ + && sha256sum --check --status <<< "5c911c4da418ae64af5527b7ee36e77effb85de20c2ce732ed14c7f72743084d yq_linux_amd64" \ + && mv yq_linux_amd64 /usr/bin/yq \ + && chmod +x /usr/bin/yq + +# Install hub-comment +RUN set -ex \ + && wget --quiet https://github.com/joshdk/hub-comment/releases/download/0.1.0-rc6/hub-comment_linux_amd64 \ + && sha256sum --check --status <<< "2a2640f44737873dfe30da0d5b8453419d48a494f277a70fd9108e4204fc4a53 hub-comment_linux_amd64" \ + && mv hub-comment_linux_amd64 /usr/bin/hub-comment \ + && chmod +x /usr/bin/hub-comment + +# Install shellcheck +ARG SHELLCHECK_VERSION=0.10.0 +ARG SHELLCHECK_SHA256=6c881ab0698e4e6ea235245f22832860544f17ba386442fe7e9d629f8cbedf87 +RUN set -ex \ + && wget --quiet "https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz" \ + && sha256sum --check --status <<< "${SHELLCHECK_SHA256} shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz" \ + && tar -xJf "shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz" \ + && cp "shellcheck-v${SHELLCHECK_VERSION}/shellcheck" /usr/bin/shellcheck \ + && rm "shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz" \ + && rm -rf "shellcheck-v${SHELLCHECK_VERSION}" \ + && shellcheck --version + +# Install hashicorp vault +ARG VAULT_VERSION=1.12.1 +ARG VAULT_SHA256=839fa81eacd250e0b0298e518751a792cd5d7194650af78cf5da74d7b7b1e5fb +RUN set -ex \ + && wget --quiet "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip" \ + && sha256sum --check --status <<< "${VAULT_SHA256} vault_${VAULT_VERSION}_linux_amd64.zip" \ + && unzip "vault_${VAULT_VERSION}_linux_amd64.zip" \ + && strip "vault" \ + && mv "vault" /usr/bin/vault \ + && rm "vault_${VAULT_VERSION}_linux_amd64.zip" \ + && vault --version + +# Add python development tooling. If these versions have to change check for +# dependent repos. e.g. stackrox/stackrox has .openshift-ci/dev-requirements.txt +# for local development style & lint. +ARG PYCODESTYLE_VERSION=2.10.0 +ARG PYLINT_VERSION=2.13.9 +RUN set -ex \ + && pip3 install pycodestyle=="${PYCODESTYLE_VERSION}" \ + pylint=="${PYLINT_VERSION}" + +RUN \ + mv /bin/bash /bin/real-bash && \ + mv /bin/bash-wrapper /bin/bash diff --git a/scripts/get_tag.sh b/scripts/get_tag.sh index e400bf30..604becd9 100755 --- a/scripts/get_tag.sh +++ b/scripts/get_tag.sh @@ -3,7 +3,7 @@ set -euo pipefail if [[ -z "${1:-}" ]]; then - echo "Usage: $0 []" + echo "Usage: $0 " exit 1 fi