ai-workspace-infra/artifacts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

oci/base: update alpine base images

Browse Source
This commit is contained in:
Haitao Pan 2023-08-08 12:35:20 +08:00
parent dff4c2a464
commit 39522dd74f
6 changed files with 93 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.github/workflows/base-images.yaml vendored
View File

@ -6,7 +6,6 @@ on:
push:
paths:
- 'oci/base/alpine/Dockerfile'
- 'oci/base/alpine-cli/Dockerfile'
- 'oci/base/alpine-glibc/Dockerfile'
- 'oci/base/alpine-awscli/Dockerfile'
- 'oci/base/alpine-awscli-python3/Dockerfile'
@ -94,26 +93,6 @@ jobs:
tag: 22.04
cache: true
cache_registry: cache
alpine-cli:
runs-on: ubuntu-latest
name: Build alpine-cli base image
needs:
- alpine
steps:
- uses: actions/checkout@master
- name: 'Artifact: build && push alpine-cli image'
uses: aevea/action-kaniko@master
with:
registry: artifact.onwalk.net
username: admin
password: ${{ secrets.HELM_REPO_PASSWORD }}
path: 'oci/base/alpine-cli'
build_file: 'Dockerfile'
image: base/alpine-cli
tag: latest
cache: true
cache_registry: cache
alpine-glibc:
runs-on: ubuntu-latest
name: Build alpine-glibc base image

53
oci/base/alpine-awscli-python3/Dockerfile
View File

@ -1,9 +1,54 @@
# Build AWS Cli image for alpine
FROM artifact.onwalk.net/base/alpine-awscli:2.6.1
FROM alpine:3.18.3
LABEL maintainer="Haitao Pan <manbuzhe2009@qq.com>"
ARG GLIBC_VERSION=2.34-r0
ARG AWSCLI_VERSION=2.6.1
# install Glibc compatibility for alpine
RUN apk add --update --no-cache curl binutils \
&& curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub \
&& curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \
&& curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-bin-${GLIBC_VERSION}.apk \
&& curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-i18n-${GLIBC_VERSION}.apk \
&& apk add --no-cache --force-overwrite \
glibc-${GLIBC_VERSION}.apk \
glibc-bin-${GLIBC_VERSION}.apk \
glibc-i18n-${GLIBC_VERSION}.apk \
&& apk fix --force-overwrite alpine-baselayout-data \
&& /usr/glibc-compat/bin/localedef -i en_US -f UTF-8 en_US.UTF-8 \
&& rm -rf glibc-*.apk \
&& rm -rf /var/cache/apk/*
# Install AWS CLI v2 for alpine
RUN apk add --update --no-cache ca-certificates curl bash py3-pip unzip && \
curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWSCLI_VERSION}.zip -o awscliv2.zip \
&& unzip awscliv2.zip && \
aws/install && \
rm -rf awscliv2.zip \
aws \
/usr/local/aws-cli/v2/current/dist/aws_completer \
/usr/local/aws-cli/v2/current/dist/awscli/data/ac.index \
/usr/local/aws-cli/v2/current/dist/awscli/examples \
glibc-*.apk && \
find /usr/local/aws-cli/v2/current/dist/awscli/botocore/data -name examples-1.json -delete && \
rm -rf /var/cache/apk/*
# install python3
RUN apk add --update --no-cache openssh bash wget make curl jq unzip zip git python3 py3-pip unzip && \
pip install --upgrade pip --user && pip install pyyaml boto3 Jinja2
RUN apk add --update --no-cache curl bash curl wget make jq git openssh python3 py3-pip zip unzip ca-certificates && \
&& pip install --upgrade pip --user && pip install pyyaml boto3 Jinja2 \
&& rm -rf /var/cache/apk/*
# Add Roche ca certs
RUN cd /usr/local/share/ca-certificates/ && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20Root%20CA%201.crt -o RocheRootCA1.cer && \
curl -k https://certinfo.roche.com/rootcerts/RocheEnterpriseCA1.crt -o RocheEnterpriseCA1.cer && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20Root%20CA%201%20-%20G2.crt -o RocheRootCA1-G2.cer.cer && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20Enterprise%20CA%201%20-%20G2.crt -o RocheEnterpriseCA1-G2.crt && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Root%20CA.crt -o RocheG3RootCA.crt && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%201.crt -o RocheG3IssuingCA1.crt && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%202.crt -o RocheG3IssuingCA2.crt && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%203.crt -o RocheG3IssuingCA3.crt && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%204.crt -o RocheG3IssuingCA4.crt && \
update-ca-certificates
ENTRYPOINT ["sh"]

33
oci/base/alpine-awscli/Dockerfile
View File

@ -1,9 +1,25 @@
# Build AWS Cli image for alpine
FROM artifact.onwalk.net/base/alpine-glibc:2.34
FROM alpine:3.18.3
LABEL maintainer="Haitao Pan <manbuzhe2009@qq.com>"
ARG GLIBC_VERSION=2.34-r0
ARG AWSCLI_VERSION=2.6.1
# install Glibc compatibility for alpine
RUN apk add --update --no-cache curl binutils \
&& curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub \
&& curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \
&& curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-bin-${GLIBC_VERSION}.apk \
&& curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-i18n-${GLIBC_VERSION}.apk \
&& apk add --no-cache --force-overwrite \
glibc-${GLIBC_VERSION}.apk \
glibc-bin-${GLIBC_VERSION}.apk \
glibc-i18n-${GLIBC_VERSION}.apk \
&& apk fix --force-overwrite alpine-baselayout-data \
&& /usr/glibc-compat/bin/localedef -i en_US -f UTF-8 en_US.UTF-8 \
&& rm -rf glibc-*.apk \
&& rm -rf /var/cache/apk/*
# Install AWS CLI v2 for alpine
RUN apk add --update --no-cache ca-certificates curl bash py3-pip unzip && \
curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWSCLI_VERSION}.zip -o awscliv2.zip \
&& unzip awscliv2.zip && \
@ -17,4 +33,17 @@ RUN apk add --update --no-cache ca-certificates curl bash py3-pip unzip && \
find /usr/local/aws-cli/v2/current/dist/awscli/botocore/data -name examples-1.json -delete && \
rm -rf /var/cache/apk/*
# Add Roche ca certs
RUN cd /usr/local/share/ca-certificates/ && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20Root%20CA%201.crt -o RocheRootCA1.cer && \
curl -k https://certinfo.roche.com/rootcerts/RocheEnterpriseCA1.crt -o RocheEnterpriseCA1.cer && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20Root%20CA%201%20-%20G2.crt -o RocheRootCA1-G2.cer.cer && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20Enterprise%20CA%201%20-%20G2.crt -o RocheEnterpriseCA1-G2.crt && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Root%20CA.crt -o RocheG3RootCA.crt && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%201.crt -o RocheG3IssuingCA1.crt && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%202.crt -o RocheG3IssuingCA2.crt && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%203.crt -o RocheG3IssuingCA3.crt && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%204.crt -o RocheG3IssuingCA4.crt && \
update-ca-certificates
ENTRYPOINT ["sh"]

9
oci/base/alpine-cli/Dockerfile
View File

@ -1,9 +0,0 @@
# Build alpine base Imagec with Bash
FROM artifact.onwalk.net/base/alpine:latest
LABEL maintainer="Haitao Pan <manbuzhe2009@qq.com>"
ARG AWSCLI_VERSION=2.6.1
RUN apk add --update --no-cache ca-certificates curl bash py3-pip unzip && rm -rf /var/cache/apk/*
ENTRYPOINT ["sh"]

15
oci/base/alpine-glibc/Dockerfile
View File

@ -1,5 +1,4 @@
# Build IAC Runner
FROM artifact.onwalk.net/base/alpine:latest
FROM alpine:3.18.3
LABEL maintainer="Haitao Pan <manbuzhe2009@qq.com>"
ARG GLIBC_VERSION=2.34-r0
@ -19,4 +18,16 @@ RUN apk add --update --no-cache curl binutils \
&& rm -rf glibc-*.apk \
&& rm -rf /var/cache/apk/*
RUN cd /usr/local/share/ca-certificates/ && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20Root%20CA%201.crt -o RocheRootCA1.cer && \
curl -k https://certinfo.roche.com/rootcerts/RocheEnterpriseCA1.crt -o RocheEnterpriseCA1.cer && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20Root%20CA%201%20-%20G2.crt -o RocheRootCA1-G2.cer.cer && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20Enterprise%20CA%201%20-%20G2.crt -o RocheEnterpriseCA1-G2.crt && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Root%20CA.crt -o RocheG3RootCA.crt && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%201.crt -o RocheG3IssuingCA1.crt && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%202.crt -o RocheG3IssuingCA2.crt && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%203.crt -o RocheG3IssuingCA3.crt && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%204.crt -o RocheG3IssuingCA4.crt && \
update-ca-certificates
ENTRYPOINT ["bash"]

3
oci/base/alpine/Dockerfile
View File

@ -3,9 +3,6 @@ MAINTAINER shenlan manbuzhe2009@qq.com
USER root
ADD ca.crt /usr/share/ca-certificates/mozilla/Lets_Encrypt_ca.crt
RUN echo "mozilla/Lets_Encrypt_ca.crt" >> /etc/ca-certificates.conf
RUN apk add --no-cache curl ca-certificates
RUN cd /usr/local/share/ca-certificates/ && \
curl -k https://certinfo.roche.com/rootcerts/Roche%20Root%20CA%201.crt -o RocheRootCA1.cer && \