From 39522dd74fcb8e6dfd02f0a880f1cf3fd482eb12 Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Tue, 8 Aug 2023 12:35:20 +0800 Subject: [PATCH] oci/base: update alpine base images --- .github/workflows/base-images.yaml | 21 --------- oci/base/alpine-awscli-python3/Dockerfile | 53 +++++++++++++++++++++-- oci/base/alpine-awscli/Dockerfile | 33 +++++++++++++- oci/base/alpine-cli/Dockerfile | 9 ---- oci/base/alpine-glibc/Dockerfile | 15 ++++++- oci/base/alpine/Dockerfile | 3 -- 6 files changed, 93 insertions(+), 41 deletions(-) delete mode 100644 oci/base/alpine-cli/Dockerfile diff --git a/.github/workflows/base-images.yaml b/.github/workflows/base-images.yaml index 8717219..71cb728 100644 --- a/.github/workflows/base-images.yaml +++ b/.github/workflows/base-images.yaml @@ -6,7 +6,6 @@ on: push: paths: - 'oci/base/alpine/Dockerfile' - - 'oci/base/alpine-cli/Dockerfile' - 'oci/base/alpine-glibc/Dockerfile' - 'oci/base/alpine-awscli/Dockerfile' - 'oci/base/alpine-awscli-python3/Dockerfile' @@ -94,26 +93,6 @@ jobs: tag: 22.04 cache: true cache_registry: cache - alpine-cli: - runs-on: ubuntu-latest - name: Build alpine-cli base image - needs: - - alpine - steps: - - uses: actions/checkout@master - - - name: 'Artifact: build && push alpine-cli image' - uses: aevea/action-kaniko@master - with: - registry: artifact.onwalk.net - username: admin - password: ${{ secrets.HELM_REPO_PASSWORD }} - path: 'oci/base/alpine-cli' - build_file: 'Dockerfile' - image: base/alpine-cli - tag: latest - cache: true - cache_registry: cache alpine-glibc: runs-on: ubuntu-latest name: Build alpine-glibc base image diff --git a/oci/base/alpine-awscli-python3/Dockerfile b/oci/base/alpine-awscli-python3/Dockerfile index 7bbcbeb..48852d0 100644 --- a/oci/base/alpine-awscli-python3/Dockerfile +++ b/oci/base/alpine-awscli-python3/Dockerfile @@ -1,9 +1,54 @@ -# Build AWS Cli image for alpine -FROM artifact.onwalk.net/base/alpine-awscli:2.6.1 +FROM alpine:3.18.3 LABEL maintainer="Haitao Pan " +ARG GLIBC_VERSION=2.34-r0 +ARG AWSCLI_VERSION=2.6.1 + +# install Glibc compatibility for alpine +RUN apk add --update --no-cache curl binutils \ + && curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub \ + && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \ + && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-bin-${GLIBC_VERSION}.apk \ + && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-i18n-${GLIBC_VERSION}.apk \ + && apk add --no-cache --force-overwrite \ + glibc-${GLIBC_VERSION}.apk \ + glibc-bin-${GLIBC_VERSION}.apk \ + glibc-i18n-${GLIBC_VERSION}.apk \ + && apk fix --force-overwrite alpine-baselayout-data \ + && /usr/glibc-compat/bin/localedef -i en_US -f UTF-8 en_US.UTF-8 \ + && rm -rf glibc-*.apk \ + && rm -rf /var/cache/apk/* + +# Install AWS CLI v2 for alpine +RUN apk add --update --no-cache ca-certificates curl bash py3-pip unzip && \ + curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWSCLI_VERSION}.zip -o awscliv2.zip \ + && unzip awscliv2.zip && \ + aws/install && \ + rm -rf awscliv2.zip \ + aws \ + /usr/local/aws-cli/v2/current/dist/aws_completer \ + /usr/local/aws-cli/v2/current/dist/awscli/data/ac.index \ + /usr/local/aws-cli/v2/current/dist/awscli/examples \ + glibc-*.apk && \ + find /usr/local/aws-cli/v2/current/dist/awscli/botocore/data -name examples-1.json -delete && \ + rm -rf /var/cache/apk/* + # install python3 -RUN apk add --update --no-cache openssh bash wget make curl jq unzip zip git python3 py3-pip unzip && \ - pip install --upgrade pip --user && pip install pyyaml boto3 Jinja2 +RUN apk add --update --no-cache curl bash curl wget make jq git openssh python3 py3-pip zip unzip ca-certificates && \ + && pip install --upgrade pip --user && pip install pyyaml boto3 Jinja2 \ + && rm -rf /var/cache/apk/* + +# Add Roche ca certs +RUN cd /usr/local/share/ca-certificates/ && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20Root%20CA%201.crt -o RocheRootCA1.cer && \ + curl -k https://certinfo.roche.com/rootcerts/RocheEnterpriseCA1.crt -o RocheEnterpriseCA1.cer && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20Root%20CA%201%20-%20G2.crt -o RocheRootCA1-G2.cer.cer && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20Enterprise%20CA%201%20-%20G2.crt -o RocheEnterpriseCA1-G2.crt && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Root%20CA.crt -o RocheG3RootCA.crt && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%201.crt -o RocheG3IssuingCA1.crt && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%202.crt -o RocheG3IssuingCA2.crt && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%203.crt -o RocheG3IssuingCA3.crt && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%204.crt -o RocheG3IssuingCA4.crt && \ + update-ca-certificates ENTRYPOINT ["sh"] diff --git a/oci/base/alpine-awscli/Dockerfile b/oci/base/alpine-awscli/Dockerfile index ba40487..9c2f10e 100644 --- a/oci/base/alpine-awscli/Dockerfile +++ b/oci/base/alpine-awscli/Dockerfile @@ -1,9 +1,25 @@ -# Build AWS Cli image for alpine -FROM artifact.onwalk.net/base/alpine-glibc:2.34 +FROM alpine:3.18.3 LABEL maintainer="Haitao Pan " +ARG GLIBC_VERSION=2.34-r0 ARG AWSCLI_VERSION=2.6.1 +# install Glibc compatibility for alpine +RUN apk add --update --no-cache curl binutils \ + && curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub \ + && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \ + && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-bin-${GLIBC_VERSION}.apk \ + && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-i18n-${GLIBC_VERSION}.apk \ + && apk add --no-cache --force-overwrite \ + glibc-${GLIBC_VERSION}.apk \ + glibc-bin-${GLIBC_VERSION}.apk \ + glibc-i18n-${GLIBC_VERSION}.apk \ + && apk fix --force-overwrite alpine-baselayout-data \ + && /usr/glibc-compat/bin/localedef -i en_US -f UTF-8 en_US.UTF-8 \ + && rm -rf glibc-*.apk \ + && rm -rf /var/cache/apk/* + +# Install AWS CLI v2 for alpine RUN apk add --update --no-cache ca-certificates curl bash py3-pip unzip && \ curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWSCLI_VERSION}.zip -o awscliv2.zip \ && unzip awscliv2.zip && \ @@ -17,4 +33,17 @@ RUN apk add --update --no-cache ca-certificates curl bash py3-pip unzip && \ find /usr/local/aws-cli/v2/current/dist/awscli/botocore/data -name examples-1.json -delete && \ rm -rf /var/cache/apk/* +# Add Roche ca certs +RUN cd /usr/local/share/ca-certificates/ && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20Root%20CA%201.crt -o RocheRootCA1.cer && \ + curl -k https://certinfo.roche.com/rootcerts/RocheEnterpriseCA1.crt -o RocheEnterpriseCA1.cer && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20Root%20CA%201%20-%20G2.crt -o RocheRootCA1-G2.cer.cer && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20Enterprise%20CA%201%20-%20G2.crt -o RocheEnterpriseCA1-G2.crt && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Root%20CA.crt -o RocheG3RootCA.crt && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%201.crt -o RocheG3IssuingCA1.crt && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%202.crt -o RocheG3IssuingCA2.crt && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%203.crt -o RocheG3IssuingCA3.crt && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%204.crt -o RocheG3IssuingCA4.crt && \ + update-ca-certificates + ENTRYPOINT ["sh"] diff --git a/oci/base/alpine-cli/Dockerfile b/oci/base/alpine-cli/Dockerfile deleted file mode 100644 index 306cf98..0000000 --- a/oci/base/alpine-cli/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -# Build alpine base Imagec with Bash -FROM artifact.onwalk.net/base/alpine:latest -LABEL maintainer="Haitao Pan " - -ARG AWSCLI_VERSION=2.6.1 - -RUN apk add --update --no-cache ca-certificates curl bash py3-pip unzip && rm -rf /var/cache/apk/* - -ENTRYPOINT ["sh"] diff --git a/oci/base/alpine-glibc/Dockerfile b/oci/base/alpine-glibc/Dockerfile index 0bf75e9..6d00012 100644 --- a/oci/base/alpine-glibc/Dockerfile +++ b/oci/base/alpine-glibc/Dockerfile @@ -1,5 +1,4 @@ -# Build IAC Runner -FROM artifact.onwalk.net/base/alpine:latest +FROM alpine:3.18.3 LABEL maintainer="Haitao Pan " ARG GLIBC_VERSION=2.34-r0 @@ -19,4 +18,16 @@ RUN apk add --update --no-cache curl binutils \ && rm -rf glibc-*.apk \ && rm -rf /var/cache/apk/* +RUN cd /usr/local/share/ca-certificates/ && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20Root%20CA%201.crt -o RocheRootCA1.cer && \ + curl -k https://certinfo.roche.com/rootcerts/RocheEnterpriseCA1.crt -o RocheEnterpriseCA1.cer && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20Root%20CA%201%20-%20G2.crt -o RocheRootCA1-G2.cer.cer && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20Enterprise%20CA%201%20-%20G2.crt -o RocheEnterpriseCA1-G2.crt && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Root%20CA.crt -o RocheG3RootCA.crt && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%201.crt -o RocheG3IssuingCA1.crt && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%202.crt -o RocheG3IssuingCA2.crt && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%203.crt -o RocheG3IssuingCA3.crt && \ + curl -k https://certinfo.roche.com/rootcerts/Roche%20G3%20Issuing%20CA%204.crt -o RocheG3IssuingCA4.crt && \ + update-ca-certificates + ENTRYPOINT ["bash"] diff --git a/oci/base/alpine/Dockerfile b/oci/base/alpine/Dockerfile index e87973d..15083d2 100644 --- a/oci/base/alpine/Dockerfile +++ b/oci/base/alpine/Dockerfile @@ -3,9 +3,6 @@ MAINTAINER shenlan manbuzhe2009@qq.com USER root -ADD ca.crt /usr/share/ca-certificates/mozilla/Lets_Encrypt_ca.crt -RUN echo "mozilla/Lets_Encrypt_ca.crt" >> /etc/ca-certificates.conf - RUN apk add --no-cache curl ca-certificates RUN cd /usr/local/share/ca-certificates/ && \ curl -k https://certinfo.roche.com/rootcerts/Roche%20Root%20CA%201.crt -o RocheRootCA1.cer && \