diff --git a/.github/actions/before-publish/action.yaml b/.github/actions/before-publish/action.yaml index 971ff29..fbe4ff9 100644 --- a/.github/actions/before-publish/action.yaml +++ b/.github/actions/before-publish/action.yaml @@ -39,3 +39,10 @@ runs: with: op-value: empc-lab/svc-cosign-private-key/notesPlain out-file: cosign.key + + - name: generate release notess + shell: bash + run: | + cat tpl/release-notes.tpl > release-notes.md + cat ${{ inputs.instance }} >> release-notes.md + echo "" >> release-notes.md diff --git a/.github/workflows/development-build.yaml b/.github/workflows/development-build.yaml index bee1511..259118b 100644 --- a/.github/workflows/development-build.yaml +++ b/.github/workflows/development-build.yaml @@ -12,22 +12,22 @@ on: jobs: - alpine-dev-release: - name: development build and release of alpine image - uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/job-container-dev-release.yaml@main - secrets: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - with: - image: twdps/gha-container-base-image - opencontainer-labels: true - before-static-analysis: true - snyk-scan: true - snyk-severity-threshold: medium - snyk-organization: twdps - bats-test: true - bats-run-container-name: gha-container-base-image - bats-entry-point: /bin/ash - bats-test-path: test/gha-container-base-image.bats + # alpine-dev-release: + # name: development build and release of alpine image + # uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/job-container-dev-release.yaml@main + # secrets: + # OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + # with: + # image: twdps/gha-container-base-image + # opencontainer-labels: true + # before-static-analysis: true + # snyk-scan: true + # snyk-severity-threshold: medium + # snyk-organization: twdps + # bats-test: true + # bats-run-container-name: gha-container-base-image + # bats-entry-point: /bin/ash + # bats-test-path: test/gha-container-base-image.bats ubuntu-22-dev-release: name: development build and release of ubuntu.2204 image @@ -37,7 +37,7 @@ jobs: with: dockerfile: Dockerfile.ubuntu.22 image: twdps/gha-container-base-image - tag-annotation: ubuntu-22. + tag-annotation: 22.04- opencontainer-labels: true before-static-analysis: true snyk-scan: true @@ -48,21 +48,21 @@ jobs: bats-entry-point: /bin/bash bats-test-path: test/gha-container-base-image-ubuntu-22.bats - ubuntu-24-dev-release: - name: development build and release of ubuntu.2404 image - uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/job-container-dev-release.yaml@main - secrets: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - with: - dockerfile: Dockerfile.ubuntu.24 - image: twdps/gha-container-base-image - tag-annotation: ubuntu-24. - opencontainer-labels: true - before-static-analysis: true - snyk-scan: true - snyk-severity-threshold: medium - snyk-organization: twdps - bats-test: true - bats-run-container-name: gha-container-base-image - bats-entry-point: /bin/bash - bats-test-path: test/gha-container-base-image-ubuntu-24.bats \ No newline at end of file + # ubuntu-24-dev-release: + # name: development build and release of ubuntu.2404 image + # uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/job-container-dev-release.yaml@main + # secrets: + # OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + # with: + # dockerfile: Dockerfile.ubuntu.24 + # image: twdps/gha-container-base-image + # tag-annotation: ubuntu-24. + # opencontainer-labels: true + # before-static-analysis: true + # snyk-scan: true + # snyk-severity-threshold: medium + # snyk-organization: twdps + # bats-test: true + # bats-run-container-name: gha-container-base-image + # bats-entry-point: /bin/bash + # bats-test-path: test/gha-container-base-image-ubuntu-24.bats \ No newline at end of file diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index e863a43..95e826b 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -12,18 +12,18 @@ on: jobs: - alpine-publish: - name: publish alpine image - uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/publish-container.yaml@main - secrets: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - with: - image: twdps/gha-container-base-image - sign-image: true - sbom: true - release-notes: true - release-message: New release Alpine ThoughtWorks-DPS/gha-container-base-image - before-publish: true + # alpine-publish: + # name: publish alpine image + # uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/publish-container.yaml@main + # secrets: + # OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + # with: + # image: twdps/gha-container-base-image + # sign-image: true + # sbom: true + # release-notes: true + # release-message: New release Alpine ThoughtWorks-DPS/gha-container-base-image + # before-publish: true ubuntu-22-publish: name: publish ubuntu.22 image @@ -32,23 +32,25 @@ jobs: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} with: image: twdps/gha-container-base-image - tag-annotation: ubuntu-22. + tag-annotation: 22.04- + release-tag: 22.04 sign-image: true sbom: true release-notes: true - release-message: New release Ubuntu.2204 ThoughtWorks-DPS/gha-container-base-image + release-body-path: release-notes.md + release-message: New release Ubuntu 22.04 ThoughtWorks-DPS/gha-container-base-image before-publish: true - ubuntu-24-publish: - name: publish ubuntu.24 image - uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/publish-container.yaml@main - secrets: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - with: - image: twdps/gha-container-base-image - tag-annotation: ubuntu-24. - sign-image: true - sbom: true - release-notes: true - release-message: New release Ubuntu.2404 ThoughtWorks-DPS/gha-container-base-image - before-publish: true \ No newline at end of file + # ubuntu-24-publish: + # name: publish ubuntu.24 image + # uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/publish-container.yaml@main + # secrets: + # OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + # with: + # image: twdps/gha-container-base-image + # tag-annotation: ubuntu-24. + # sign-image: true + # sbom: true + # release-notes: true + # release-message: New release Ubuntu.2404 ThoughtWorks-DPS/gha-container-base-image + # before-publish: true \ No newline at end of file diff --git a/Dockerfile.ubuntu.22 b/Dockerfile.ubuntu.22 index 74be3f0..7e7b991 100644 --- a/Dockerfile.ubuntu.22 +++ b/Dockerfile.ubuntu.22 @@ -11,82 +11,99 @@ LABEL org.opencontainers.image.title="gha-container-base-image" \ org.opencontainers.image.created="CREATED" \ org.opencontainers.image.version="VERSION" -ENV DOCKER_VERSION=5:27.3.1-1~ubuntu.22.04~jammy -ENV DOCKER_BUILDX_VERSION=0.17.1-1~ubuntu.22.04~jammy -ENV DOCKER_COMPOSE_VERSION=2.29.7-1~ubuntu.22.04~jammy -ENV CONTAINERD_VERSION=1.7.22-1 -ENV ONEPASSWORD_VERSION=2.30.0 -ENV VAULT_VERSION=1.18.0 -ENV TELLER_VERSION=1.5.6 -ENV BUILDEVENTS_VERSION=0.16.0 -ENV DEBIAN_FRONTEND=noninteractive - -ENV PATH=/home/circleci/bin:/home/circleci/.local/bin:$PATH \ - LANG=en_US.UTF-8 \ - LANGUAGE=en_US:en \ - LC_ALL=en_US.UTF-8 - SHELL ["/bin/bash", "-exo", "pipefail", "-c"] -# hadolint ignore=DL4001,DL3004,DL3047,DL3027,DL3008,SC1091,SC2174 -RUN echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/90forceyes && \ - echo 'DPkg::Options "--force-confnew";' >> /etc/apt/apt.conf.d/90forceyes && apt update && \ +ENV TELLER_VERSION=1.5.6 +ENV DEBIAN_FRONTEND=noninteractive \ + TERM=dumb \ + PAGER=cat \ + LANG=en_US.UTF-8 \ + LANGUAGE=en_US:en \ + LC_ALL=en_US.UTF-8 + +RUN echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/90circleci && \ + echo 'DPkg::Options "--force-confnew";' >> /etc/apt/apt.conf.d/90circleci && apt-get update && \ + apt-get install -y \ + curl \ + locales && \ + locale-gen en_US.UTF-8 && \ + rm -rf /var/lib/apt/lists/* && \ + \ + dockerizeArch=x86_64 && \ + if uname -p | grep "arm64"; then \ + dockerizeArch=arm64; \ + fi && \ + curl -sSL --fail --retry 3 --output /usr/local/bin/dockerize "https://github.com/powerman/dockerize/releases/download/v0.8.0/dockerize-linux-${dockerizeArch}" && \ + chmod +x /usr/local/bin/dockerize && apt-get update && \ apt-get install --no-install-recommends -y \ - ca-certificates=20240203~22.04.1 \ - locales=2.35-0ubuntu3.8 \ - build-essential=12.9ubuntu3 \ - software-properties-common=0.99.22.9 \ - apt-transport-https=2.4.13 \ - tzdata=2024a-0ubuntu0.22.04.1 \ - lsb-release=11.1.0ubuntu4 \ - gettext-base=0.21-4ubuntu4 \ - gcc=4:11.2.0-1ubuntu1 \ - g++=4:11.2.0-1ubuntu1 \ - cmake=3.22.1-1ubuntu1.22.04.2 \ - make=4.3-4.1build1 \ - git=1:2.34.1-1ubuntu1.11 \ - git-lfs=3.0.2-1ubuntu0.2 \ - curl=7.81.0-1ubuntu1.18 \ - libcurl4-openssl-dev=7.81.0-1ubuntu1.18 \ - tar=1.34+dfsg-1ubuntu0.1.22.04.2 \ - wget=1.21.2-2ubuntu1.1 \ - unzip=6.0-26ubuntu3.2 \ - gzip=1.10-4ubuntu4.1 \ - zip=3.0-12build2 \ - bzip2=1.0.8-5build1 \ - jq=1.6-2.1ubuntu3 \ - gnupg=2.2.27-3ubuntu2.1 \ - gnupg-agent=2.2.27-3ubuntu2.1 && \ + autoconf \ + build-essential \ + ca-certificates \ + gettext-base \ + apt-transport-https \ + lsb-release \ + libcurl4-openssl-dev \ + libssl-dev \ + software-properties-common \ + gcc \ + g++ \ + cmake \ + make \ + lsof \ + pkg-config \ + retry \ + file \ + gnupg \ + gnupg-agent \ + jq \ + tar \ + tzdata \ + unzip \ + wget \ + gzip \ + bzip2 \ + zip && \ + add-apt-repository ppa:git-core/ppa && \ + curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash && \ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \ mkdir -p -m 755 /etc/apt/keyrings && \ wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null && \ chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg && \ echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null && \ - apt-get update && \ + wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg && \ + echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list && apt-get update && \ apt-get install --no-install-recommends -y \ - gh=2.59.0 \ - docker-ce=${DOCKER_VERSION} \ - docker-ce-cli=${DOCKER_VERSION} \ - containerd.io=${CONTAINERD_VERSION} \ - docker-buildx-plugin=${DOCKER_BUILDX_VERSION} \ - docker-compose-plugin=${DOCKER_COMPOSE_VERSION} && \ + git \ + git-lfs \ + gh \ + vault \ + docker-ce \ + docker-ce-cli \ + containerd.io \ + docker-buildx-plugin && \ + setcap -r /usr/bin/vault && \ + ONEPASSWORD_VERSION="$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N -s | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')" && \ curl -L https://cache.agilebits.com/dist/1P/op2/pkg/v${ONEPASSWORD_VERSION}/op_linux_amd64_v${ONEPASSWORD_VERSION}.zip -o op.zip && \ unzip -o op.zip && mv op /usr/local/bin/op && \ rm op.zip && rm op.sig && \ - curl -SLO "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip" > "vault_${VAULT_VERSION}_linux_amd64.zip" && \ - unzip "vault_${VAULT_VERSION}_linux_amd64.zip" -d /usr/local/bin && \ - rm "vault_${VAULT_VERSION}_linux_amd64.zip" && \ curl -L https://github.com/tellerops/teller/releases/download/v${TELLER_VERSION}/teller_${TELLER_VERSION}_Linux_x86_64.tar.gz --output teller_${TELLER_VERSION}_Linux_x86_64.tar.gz && \ tar -xzf teller_${TELLER_VERSION}_Linux_x86_64.tar.gz && \ mv teller /usr/local/bin/teller && \ rm teller_${TELLER_VERSION}_Linux_x86_64.tar.gz && \ - curl -L -o buildevents https://github.com/honeycombio/buildevents/releases/download/v${BUILDEVENTS_VERSION}/buildevents-linux-amd64 && \ + curl -L -o buildevents https://github.com/honeycombio/buildevents/releases/latest/download/buildevents-linux-amd64 && \ chmod +x buildevents && \ mv buildevents /usr/local/bin/buildevents && \ - sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen && locale-gen && \ mkdir /root/.gnupg && \ bash -c "echo 'allow-loopback-pinentry' > /root/.gnupg/gpg-agent.conf" && \ bash -c "echo 'pinentry-mode loopback' > /root/.gnupg/gpg.conf" && \ chmod 700 /root/.gnupg && chmod 600 /root/.gnupg/* && \ apt-get clean && rm -rf /var/lib/apt/lists/* + +# easier view of key tool versions by outputing at end of build log +RUN docker --version && \ + gh --version && \ + op --version && \ + vault --version && \ + teller version && \ + buildevents -v \ No newline at end of file diff --git a/Dockerfile.ubuntu.24 b/Dockerfile.ubuntu.24 index 6be27f6..4b9faf2 100644 --- a/Dockerfile.ubuntu.24 +++ b/Dockerfile.ubuntu.24 @@ -11,80 +11,86 @@ LABEL org.opencontainers.image.title="gha-container-base-image" \ org.opencontainers.image.created="CREATED" \ org.opencontainers.image.version="VERSION" -ENV DOCKER_VERSION=5:27.3.1-1~ubuntu.24.04~noble -ENV DOCKER_BUILDX_VERSION=0.17.1-1~ubuntu.24.04~noble -ENV DOCKER_COMPOSE_VERSION=2.29.7-1~ubuntu.24.04~noble -ENV CONTAINERD_VERSION=1.7.22-1 -ENV ONEPASSWORD_VERSION=2.30.0 -ENV VAULT_VERSION=1.18.0 -ENV TELLER_VERSION=1.5.6 -ENV BUILDEVENTS_VERSION=0.16.0 -ENV DEBIAN_FRONTEND=noninteractive +SHELL ["/bin/bash", "-exo", "pipefail", "-c"] -ENV PATH=/home/circleci/bin:/home/circleci/.local/bin:$PATH \ +ENV TELLER_VERSION=1.5.6 +ENV DEBIAN_FRONTEND=noninteractive \ + TERM=dumb \ + PAGER=cat \ LANG=en_US.UTF-8 \ LANGUAGE=en_US:en \ LC_ALL=en_US.UTF-8 -SHELL ["/bin/bash", "-exo", "pipefail", "-c"] - -# hadolint ignore=DL4001,DL3004,DL3047,DL3027,DL3008,SC1091,SC2174 -RUN echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/90forceyes && \ - echo 'DPkg::Options "--force-confnew";' >> /etc/apt/apt.conf.d/90forceyes && apt update && \ +RUN echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/90circleci && \ + echo 'DPkg::Options "--force-confnew";' >> /etc/apt/apt.conf.d/90circleci && apt-get update && \ + apt-get install -y \ + curl \ + locales && \ + locale-gen en_US.UTF-8 && \ + rm -rf /var/lib/apt/lists/* && \ + \ + dockerizeArch=x86_64 && \ + if uname -p | grep "arm64"; then \ + dockerizeArch=arm64; \ + fi && \ + curl -sSL --fail --retry 3 --output /usr/local/bin/dockerize "https://github.com/powerman/dockerize/releases/download/v0.8.0/dockerize-linux-${dockerizeArch}" && \ + chmod +x /usr/local/bin/dockerize && apt-get update && \ apt-get install --no-install-recommends -y \ - ca-certificates=20240203 \ - locales=2.39-0ubuntu8.3 \ - build-essential=12.10ubuntu1 \ - software-properties-common=0.99.48 \ - apt-transport-https=2.7.14build2 \ - tzdata=2024a-3ubuntu1.1 \ - lsb-release=12.0-2 \ - gettext-base=0.21-14ubuntu2 \ - gcc=4:13.2.0-7ubuntu1 \ - g++=4:13.2.0-7ubuntu1 \ - cmake=3.28.3-1build7 \ - make=4.3-4.1build2 \ - git=1:2.43.0-1ubuntu7.1 \ - git-lfs=3.4.1-1ubuntu0.1 \ - curl=8.5.0-2ubuntu10.4 \ - libcurl4-openssl-dev=8.5.0-2ubuntu10.4 \ - tar=1.35+dfsg-3build1 \ - wget=1.21.4-1ubuntu4.1 \ - unzip=6.0-28ubuntu4.1 \ - gzip=1.12-1ubuntu3 \ - zip=3.0-13build1 \ - bzip2=1.0.8-5.1build0.1 \ - jq=1.7.1-3build1 \ - gnupg=2.4.4-2ubuntu17 \ - gnupg-agent=2.4.4-2ubuntu17 && \ + autoconf \ + build-essential \ + ca-certificates \ + gettext-base \ + apt-transport-https \ + lsb-release \ + libcurl4-openssl-dev \ + libssl-dev \ + software-properties-common \ + gcc \ + g++ \ + cmake \ + make \ + lsof \ + pkg-config \ + retry \ + file \ + gnupg \ + gnupg-agent \ + jq \ + tar \ + tzdata \ + unzip \ + wget \ + gzip \ + bzip2 \ + zip && \ + add-apt-repository ppa:git-core/ppa && apt-get install -y git && \ + curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash && apt-get install -y git-lfs && \ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \ mkdir -p -m 755 /etc/apt/keyrings && \ wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null && \ chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg && \ echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null && \ - apt-get update && \ + wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg && \ + echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list && apt-get update && \ apt-get install --no-install-recommends -y \ - gh=2.59.0 \ - docker-ce=${DOCKER_VERSION} \ - docker-ce-cli=${DOCKER_VERSION} \ - containerd.io=${CONTAINERD_VERSION} \ - docker-buildx-plugin=${DOCKER_BUILDX_VERSION} \ - docker-compose-plugin=${DOCKER_COMPOSE_VERSION} && \ + gh \ + vault \ + docker-ce \ + docker-ce-cli \ + containerd.io \ + docker-buildx-plugin && \ + ONEPASSWORD_VERSION="v$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N -s | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')" && \ curl -L https://cache.agilebits.com/dist/1P/op2/pkg/v${ONEPASSWORD_VERSION}/op_linux_amd64_v${ONEPASSWORD_VERSION}.zip -o op.zip && \ unzip -o op.zip && mv op /usr/local/bin/op && \ rm op.zip && rm op.sig && \ - curl -SLO "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip" > "vault_${VAULT_VERSION}_linux_amd64.zip" && \ - unzip "vault_${VAULT_VERSION}_linux_amd64.zip" -d /usr/local/bin && \ - rm "vault_${VAULT_VERSION}_linux_amd64.zip" && \ curl -L https://github.com/tellerops/teller/releases/download/v${TELLER_VERSION}/teller_${TELLER_VERSION}_Linux_x86_64.tar.gz --output teller_${TELLER_VERSION}_Linux_x86_64.tar.gz && \ tar -xzf teller_${TELLER_VERSION}_Linux_x86_64.tar.gz && \ mv teller /usr/local/bin/teller && \ rm teller_${TELLER_VERSION}_Linux_x86_64.tar.gz && \ - curl -L -o buildevents https://github.com/honeycombio/buildevents/releases/download/v${BUILDEVENTS_VERSION}/buildevents-linux-amd64 && \ + curl -L -o buildevents https://github.com/honeycombio/buildevents/releases/latest/download/buildevents-linux-amd64 && \ chmod +x buildevents && \ mv buildevents /usr/local/bin/buildevents && \ - sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen && locale-gen && \ mkdir /root/.gnupg && \ bash -c "echo 'allow-loopback-pinentry' > /root/.gnupg/gpg-agent.conf" && \ bash -c "echo 'pinentry-mode loopback' > /root/.gnupg/gpg.conf" && \ diff --git a/README.md b/README.md index 6653ab4..c04f111 100644 --- a/README.md +++ b/README.md @@ -42,3 +42,24 @@ download sbom: oras pull docker.io/twdps/gha-container-base-image:0.1.0:sha256-9d8e8eef60900fcf207e3b258b4ce13b4cdb1765f0f7ca3022fd685cd53b8a14.spdx ``` Review `.snyk` for current vulnerability status. + +## release versions + +There are three base-image release versions maintained: +- Alpine 3.x (current distribution) +- Ubuntu 22.04 +- Ubuntun 24.04 + +Builds happen on an automatic monthly release cycle, with occasional interim builds. New releases will have two version tags. For example, the October 2024 release includes the following tags: + +- 3.20-2024.10.01, 3.20 (alpine) +- 22.04-2024.10.01, 22.04 (ubuntu) +- 24.04-2024.10.01, 24.04 (ubuntu) + +The November 2024 release would then include: + +- 3.20-2024.11.01, 3.20 +- 22.04-2024.11.01, 22.04 +- 24.04-2024.11.01, 24.04 + +Use the shorter, FROM image distribution version if you want to always pull the current release for the distribution. The longer release tag includes year.month.number information and this tag will remain tied to the underlying commit. This provides users the option of either using the current distribution release with related libraries and packages, or a pinned version that will remain fixed until referencing a new pinned release. \ No newline at end of file diff --git a/test/gha-container-base-image-ubuntu-22.bats b/test/gha-container-base-image-ubuntu-22.bats index 5761b68..f59c1b1 100644 --- a/test/gha-container-base-image-ubuntu-22.bats +++ b/test/gha-container-base-image-ubuntu-22.bats @@ -1,71 +1,41 @@ #!/usr/bin/env bats -@test "gcc version" { - run bash -c "docker exec gha-container-base-image gcc --version" - [[ "${output}" =~ "11.4" ]] -} - -@test "make version" { - run bash -c "docker exec gha-container-base-image make --version" - [[ "${output}" =~ "4.3" ]] -} - -@test "curl version" { - run bash -c "docker exec gha-container-base-image curl --version" - [[ "${output}" =~ "7.81" ]] -} - -@test "wget version" { - run bash -c "docker exec gha-container-base-image wget --version" - [[ "${output}" =~ "1.21" ]] -} - -@test "unzip version" { - run bash -c "docker exec gha-container-base-image unzip -v" - [[ "${output}" =~ "6.0" ]] -} - -@test "zip version" { - run bash -c "docker exec gha-container-base-image zip --version" - [[ "${output}" =~ "3.0" ]] -} - -@test "jq version" { - run bash -c "docker exec gha-container-base-image jq --version" - [[ "${output}" =~ "1.6" ]] +@test "os-release version" { + run bash -c "docker exec gha-container-base-image cat /etc/os-release" + [[ "${output}" =~ "Ubuntu 22.04" ]] } @test "gnupg version" { - run bash -c "docker exec gha-container-base-image gpg --version" - [[ "${output}" =~ "2.2" ]] -} - -@test "bash version" { - run bash -c "docker exec gha-container-base-image bash --version" - [[ "${output}" =~ "5.1" ]] + run bash -c "docker exec gha-container-base-image gpg --help" + [[ "${output}" =~ "gpg (GnuPG)" ]] } -@test "check locale" { - run bash -c "docker exec gha-container-base-image locale" - [[ "${output}" =~ "LC_ALL=en_US.UTF-8" ]] +@test "docker version" { + run bash -c "docker exec gha-container-base-image docker --help" + [[ "${output}" =~ "Usage: docker [OPTIONS] COMMAND" ]] } @test "1password version" { - run bash -c "docker exec gha-container-base-image op --version" - [[ "${output}" =~ "2.30" ]] + run bash -c "docker exec gha-container-base-image op --help" + [[ "${output}" =~ "Usage: op [command] [flags]" ]] } @test "teller version" { - run bash -c "docker exec gha-container-base-image teller version" - [[ "${output}" =~ "1.5.6" ]] + run bash -c "docker exec gha-container-base-image teller --help" + [[ "${output}" =~ "Usage: teller " ]] } @test "vault version" { - run bash -c "docker exec gha-container-base-image vault -v" - [[ "${output}" =~ "1.18" ]] + run bash -c "docker exec gha-container-base-image vault --help" + [[ "${output}" =~ "Usage: vault [args]" ]] } @test "gh version" { - run bash -c "docker exec gha-container-base-image gh --version" - [[ "${output}" =~ "2.59" ]] + run bash -c "docker exec gha-container-base-image gh --help" + [[ "${output}" =~ "Work seamlessly with GitHub from the command line." ]] +} + +@test "check locale" { + run bash -c "docker exec gha-container-base-image locale" + [[ "${output}" =~ "LC_ALL=en_US.UTF-8" ]] } diff --git a/tpl/release-notes.tpl b/tpl/release-notes.tpl new file mode 100644 index 0000000..c9661ef --- /dev/null +++ b/tpl/release-notes.tpl @@ -0,0 +1,6 @@ +New release build. + +
+ +Review build log for package adn tool version details +