From e9c91fd67ca378576aedaa9cf0475267227d59d0 Mon Sep 17 00:00:00 2001 From: "J. Victor Martins" Date: Tue, 6 Sep 2022 20:02:55 -0700 Subject: [PATCH] fix: Downgrade scanner builder to stream8 (#166) --- Makefile | 15 +++++++++++ images/scanner-build.Dockerfile | 2 +- images/scanner-test.Dockerfile | 27 +++++-------------- .../etc/yum.repos.d/google-cloud-sdk.repo | 8 ------ 4 files changed, 23 insertions(+), 29 deletions(-) delete mode 100644 images/static-contents-scanner/etc/yum.repos.d/google-cloud-sdk.repo diff --git a/Makefile b/Makefile index 8800c1d4..e773b9ce 100644 --- a/Makefile +++ b/Makefile @@ -68,3 +68,18 @@ collector-test-image: $(DOCKER) build \ -f images/collector.Dockerfile \ images/ + +.PHONY: scanner-test-image scanner-build-image + +scanner-test-image: + $(DOCKER) build \ + --build-arg BASE_TAG=$(shell .circleci/get_tag.sh "scanner-build") \ + -t quay.io/rhacs-eng/apollo-ci:$(shell .circleci/get_tag.sh "scanner-test") \ + -f images/scanner-test.Dockerfile \ + images/ + +scanner-build-image: + $(DOCKER) build \ + -t quay.io/rhacs-eng/apollo-ci:$(shell .circleci/get_tag.sh "scanner-build") \ + -f images/scanner-build.Dockerfile \ + images/ diff --git a/images/scanner-build.Dockerfile b/images/scanner-build.Dockerfile index 14c0dc38..31cb6056 100644 --- a/images/scanner-build.Dockerfile +++ b/images/scanner-build.Dockerfile @@ -1,6 +1,6 @@ # Provides the tooling required to run Scanner dockerized build targets. -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream8 SHELL ["/bin/bash", "-o", "pipefail", "-c"] diff --git a/images/scanner-test.Dockerfile b/images/scanner-test.Dockerfile index d016122a..768ac719 100644 --- a/images/scanner-test.Dockerfile +++ b/images/scanner-test.Dockerfile @@ -26,9 +26,6 @@ RUN set -ex \ bash -c 'dir="$(dirname "${1}")"; new_dir="${dir#/static-tmp}"; mkdir -p "${new_dir}"; cp "${1}" "${new_dir}";' -- {} \ && rm -r /static-tmp -# Overwrite google cloud sdk with scanner's version. -COPY ./static-contents-scanner/etc/yum.repos.d/google-cloud-sdk.repo /etc/yum.repos.d/google-cloud-sdk.repo - # Circle CI uses BASH_ENV to pass an environment for bash. Other environments need # an initial BASH_ENV as a foundation for cci-export(). ENV BASH_ENV /etc/initial-bash.env @@ -38,15 +35,17 @@ ENV PG_MAJOR=12 ENV PATH="$PATH:/usr/pgsql-$PG_MAJOR/bin/" RUN dnf install -y \ - https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm \ + https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm \ + && dnf -qy module disable postgresql \ && dnf update -y \ && dnf install -y \ expect \ gcc \ gcc-c++ \ + google-cloud-sdk \ + google-cloud-sdk-gke-gcloud-auth-plugin \ jq \ kubectl \ - libxcrypt-compat \ lsof \ lz4 \ openssl \ @@ -55,21 +54,9 @@ RUN dnf install -y \ unzip \ xz \ zip \ - && dnf clean all \ - && rm -rf /var/cache/dnf /var/cache/yum - -# Installing GC and GCP SDK. -# -# These packages are signed with SHA1, which is restricted by default in -# RHEL9[1]. We disable the restriction to verify signatures. -# -# [1]: https://access.redhat.com/articles/6846411 -# -RUN update-crypto-policies --set DEFAULT:SHA1 \ - && dnf install -y \ - google-cloud-sdk \ - google-cloud-sdk-gke-gcloud-auth-plugin \ - && update-crypto-policies --set DEFAULT:NO-SHA1 + && \ + dnf clean all && \ + rm -rf /var/cache/dnf /var/cache/yum # Use updated auth plugin for GCP ENV USE_GKE_GCLOUD_AUTH_PLUGIN=True diff --git a/images/static-contents-scanner/etc/yum.repos.d/google-cloud-sdk.repo b/images/static-contents-scanner/etc/yum.repos.d/google-cloud-sdk.repo deleted file mode 100644 index b178a7af..00000000 --- a/images/static-contents-scanner/etc/yum.repos.d/google-cloud-sdk.repo +++ /dev/null @@ -1,8 +0,0 @@ -[google-cloud-sdk] -name=Google Cloud SDK -baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el9-x86_64 -enabled=1 -gpgcheck=1 -repo_gpgcheck=0 -gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg