[nc] change base ubuntu convention and add 2204 and 2404 versions

Signed-off-by: Nic Cheneweth <[email protected]>

.github/workflows/development-build.yaml

@@ -29,15 +29,15 @@ jobs:
       bats-entry-point: /bin/ash
       bats-test-path: test/gha-container-base-image.bats
 
-  ubuntu-dev-release:
-    name: development build and release of ubuntu image
+  ubuntu-22-dev-release:
+    name: development build and release of ubuntu.2204 image
     uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/job-container-dev-release.yaml@main
     secrets:
       OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
     with:
-      dockerfile: Dockerfile.ubuntu
+      dockerfile: Dockerfile.ubuntu.22
       image: twdps/gha-container-base-image
-      tag-annotation: ubuntu-
+      tag-annotation: ubuntu-22.
       opencontainer-labels: true
       before-static-analysis: true
       snyk-scan: true
@@ -46,4 +46,23 @@ jobs:
       bats-test: true
       bats-run-container-name: gha-container-base-image
       bats-entry-point: /bin/bash
-      bats-test-path: test/gha-container-base-image-ubuntu.bats
+      bats-test-path: test/gha-container-base-image-ubuntu-22.bats
+
+  ubuntu-24-dev-release:
+    name: development build and release of ubuntu.2404 image
+    uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/job-container-dev-release.yaml@main
+    secrets:
+      OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+    with:
+      dockerfile: Dockerfile.ubuntu.24
+      image: twdps/gha-container-base-image
+      tag-annotation: ubuntu-24.
+      opencontainer-labels: true
+      before-static-analysis: true
+      snyk-scan: true
+      snyk-severity-threshold: medium
+      snyk-organization: twdps
+      bats-test: true
+      bats-run-container-name: gha-container-base-image
+      bats-entry-point: /bin/bash
+      bats-test-path: test/gha-container-base-image-ubuntu-24.bats

.github/workflows/publish.yaml

@@ -25,16 +25,30 @@ jobs:
       release-message: New release Alpine ThoughtWorks-DPS/gha-container-base-image
       before-publish: true
 
-  ubuntu-publish:
-    name: publish ubuntu image
+  ubuntu-22-publish:
+    name: publish ubuntu.22 image
     uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/publish-container.yaml@main
     secrets:
       OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
     with:
       image: twdps/gha-container-base-image
-      tag-annotation: ubuntu-
+      tag-annotation: ubuntu-22.
       sign-image: true
       sbom: true
       release-notes: true
-      release-message: New release Ubuntu ThoughtWorks-DPS/gha-container-base-image
+      release-message: New release Ubuntu.2204 ThoughtWorks-DPS/gha-container-base-image
+      before-publish: true
+
+  ubuntu-24-publish:
+    name: publish ubuntu.24 image
+    uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/publish-container.yaml@main
+    secrets:
+      OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+    with:
+      image: twdps/gha-container-base-image
+      tag-annotation: ubuntu-24.
+      sign-image: true
+      sbom: true
+      release-notes: true
+      release-message: New release Ubuntu.2404 ThoughtWorks-DPS/gha-container-base-image
       before-publish: true

Dockerfile.ubuntu.22

@@ -0,0 +1,92 @@
+FROM ubuntu:22.04
+
+LABEL org.opencontainers.image.title="gha-container-base-image" \
+      org.opencontainers.image.description="Ubuntu-based github actions job container image" \
+      org.opencontainers.image.documentation="https://github.com/ThoughtWorks-DPS/gha-container-base-image" \
+      org.opencontainers.image.source="https://github.com/ThoughtWorks-DPS/gha-container-base-image" \
+      org.opencontainers.image.url="https://github.com/ThoughtWorks-DPS/gha-container-base-image" \
+      org.opencontainers.image.vendor="ThoughtWorks, Inc." \
+      org.opencontainers.image.authors="[email protected]" \
+      org.opencontainers.image.licenses="MIT" \
+      org.opencontainers.image.created="CREATED" \
+      org.opencontainers.image.version="VERSION"
+
+ENV DOCKER_VERSION=5:27.3.1-1~ubuntu.22.04~jammy
+ENV DOCKER_BUILDX_VERSION=0.17.1-1~ubuntu.22.04~jammy
+ENV DOCKER_COMPOSE_VERSION=2.29.7-1~ubuntu.22.04~jammy
+ENV CONTAINERD_VERSION=1.7.22-1
+ENV ONEPASSWORD_VERSION=2.30.0
+ENV VAULT_VERSION=1.18.0
+ENV TELLER_VERSION=1.5.6
+ENV BUILDEVENTS_VERSION=0.16.0
+ENV DEBIAN_FRONTEND=noninteractive
+
+ENV PATH=/home/circleci/bin:/home/circleci/.local/bin:$PATH \
+	  LANG=en_US.UTF-8 \
+	  LANGUAGE=en_US:en \
+	  LC_ALL=en_US.UTF-8
+
+SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
+
+# hadolint ignore=DL4001,DL3004,DL3047,DL3027,DL3008,SC1091
+RUN echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/90forceyes && \
+    echo 'DPkg::Options "--force-confnew";' >> /etc/apt/apt.conf.d/90forceyes && apt update && \
+    apt-get install --no-install-recommends -y \
+            ca-certificates=20240203~22.04.1 \
+            locales=2.35-0ubuntu3.8 \
+            build-essential=12.9ubuntu3 \
+            software-properties-common=0.99.22.9 \
+            apt-transport-https=2.4.13 \
+            tzdata=2024a-0ubuntu0.22.04.1 \
+            lsb-release=11.1.0ubuntu4 \
+            gettext-base=0.21-4ubuntu4 \
+            gcc=4:11.2.0-1ubuntu1 \
+            g++=4:11.2.0-1ubuntu1 \
+            cmake=3.22.1-1ubuntu1.22.04.2 \
+            make=4.3-4.1build1 \
+            git=1:2.34.1-1ubuntu1.11 \
+            git-lfs=3.0.2-1ubuntu0.2 \
+            curl=7.81.0-1ubuntu1.18 \
+            libcurl4-openssl-dev=7.81.0-1ubuntu1.18 \
+            tar=1.34+dfsg-1ubuntu0.1.22.04.2 \
+            wget=1.21.2-2ubuntu1.1 \
+            unzip=6.0-26ubuntu3.2 \
+            gzip=1.10-4ubuntu4.1 \
+            zip=3.0-12build2 \
+            bzip2=1.0.8-5build1 \
+            jq=1.6-2.1ubuntu3 \
+            gnupg=2.2.27-3ubuntu2.1 \
+            gnupg-agent=2.2.27-3ubuntu2.1 && \
+    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \
+    mkdir -p -m 755 /etc/apt/keyrings && \
+    wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null && \
+    chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg && \
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null && \
+    apt-get update && \
+    apt-get install --no-install-recommends -y \
+            gh=2.59.0 \
+            docker-ce=${DOCKER_VERSION} \
+            docker-ce-cli=${DOCKER_VERSION} \
+            containerd.io=${CONTAINERD_VERSION} \
+            docker-buildx-plugin=${DOCKER_BUILDX_VERSION} \
+            docker-compose-plugin=${DOCKER_COMPOSE_VERSION} && \
+    curl -L https://cache.agilebits.com/dist/1P/op2/pkg/v${ONEPASSWORD_VERSION}/op_linux_amd64_v${ONEPASSWORD_VERSION}.zip -o op.zip && \
+    unzip -o op.zip && mv op /usr/local/bin/op && \
+    rm op.zip && rm op.sig && \
+    curl -SLO "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip" > "vault_${VAULT_VERSION}_linux_amd64.zip" && \
+    unzip "vault_${VAULT_VERSION}_linux_amd64.zip" -d /usr/local/bin && \
+    rm "vault_${VAULT_VERSION}_linux_amd64.zip" && \
+    curl -L https://github.com/tellerops/teller/releases/download/v${TELLER_VERSION}/teller_${TELLER_VERSION}_Linux_x86_64.tar.gz --output teller_${TELLER_VERSION}_Linux_x86_64.tar.gz && \
+    tar -xzf teller_${TELLER_VERSION}_Linux_x86_64.tar.gz && \
+    mv teller /usr/local/bin/teller && \
+    rm teller_${TELLER_VERSION}_Linux_x86_64.tar.gz && \
+    curl -L -o buildevents https://github.com/honeycombio/buildevents/releases/download/v${BUILDEVENTS_VERSION}/buildevents-linux-amd64 && \
+    chmod +x buildevents && \
+    mv buildevents /usr/local/bin/buildevents && \
+    sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen && locale-gen && \
+    mkdir /root/.gnupg && \
+    bash -c "echo 'allow-loopback-pinentry' > /root/.gnupg/gpg-agent.conf" && \
+    bash -c "echo 'pinentry-mode loopback' > /root/.gnupg/gpg.conf" && \
+    chmod 700 /root/.gnupg && chmod 600 /root/.gnupg/* && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*

Dockerfile.ubuntu → Dockerfile.ubuntu.24

@@ -1,4 +1,4 @@
-FROM ubuntu:oracular-20240918
+FROM ubuntu:24.04
 
 LABEL org.opencontainers.image.title="gha-container-base-image" \
       org.opencontainers.image.description="Ubuntu-based github actions job container image" \
@@ -12,64 +12,63 @@ LABEL org.opencontainers.image.title="gha-container-base-image" \
       org.opencontainers.image.version="VERSION"
 
 ENV DOCKER_VERSION=5:27.3.1-1~ubuntu.24.04~noble
-ENV DOCKER_BUILDX_VERSION=0.16.2-1~ubuntu.24.04~noble
-ENV DOCKER_COMPOSE_VERSION=2.29.2-1~ubuntu.24.04~noble
+ENV DOCKER_BUILDX_VERSION=0.17.1-1~ubuntu.24.04~noble
+ENV DOCKER_COMPOSE_VERSION=2.29.7-1~ubuntu.24.04~noble
+ENV CONTAINERD_VERSION=1.7.22-1
 ENV ONEPASSWORD_VERSION=2.30.0
 ENV VAULT_VERSION=1.18.0
 ENV TELLER_VERSION=1.5.6
 ENV BUILDEVENTS_VERSION=0.16.0
 ENV DEBIAN_FRONTEND=noninteractive
-# ENV TELLER_VERSION=2.0.7
 
 ENV PATH=/home/circleci/bin:/home/circleci/.local/bin:$PATH \
-	LANG=en_US.UTF-8 \
-	LANGUAGE=en_US:en \
-	LC_ALL=en_US.UTF-8
+    LANG=en_US.UTF-8 \
+    LANGUAGE=en_US:en \
+    LC_ALL=en_US.UTF-8
 
 SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
 
 # hadolint ignore=DL4001,DL3004,DL3047,DL3027,DL3008,SC1091
 RUN echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/90forceyes && \
-    echo 'DPkg::Options "--force-confnew";' >> /etc/apt/apt.conf.d/90forceyes && \
-    apt update && apt-get install --no-install-recommends -y \
-            git=1:2.45.2-1ubuntu1 \
-            openssh-server=1:9.7p1-7ubuntu4 \
-            locales=2.40-1ubuntu3 \
-            tzdata=2024a-4ubuntu1 \
-            libcurl4-openssl-dev=8.9.1-2ubuntu2 \
-            apt-transport-https=2.9.8 \
-            lsb-release=12.1-1 \
-            gettext-base=0.22.5-2 \
+    echo 'DPkg::Options "--force-confnew";' >> /etc/apt/apt.conf.d/90forceyes && apt update && \
+    apt-get install --no-install-recommends -y \
+            ca-certificates=20240203 \
+            locales=2.39-0ubuntu8.3 \
             build-essential=12.10ubuntu1 \
-            gcc=4:14.1.0-2ubuntu1 \
-            g++=4:14.1.0-2ubuntu1 \
-            cmake=3.30.3-1 \
+            software-properties-common=0.99.48 \
+            apt-transport-https=2.7.14build2 \
+            tzdata=2024a-3ubuntu1.1 \
+            lsb-release=12.0-2 \
+            gettext-base=0.21-14ubuntu2 \
+            gcc=4:13.2.0-7ubuntu1 \
+            g++=4:13.2.0-7ubuntu1 \
+            cmake=3.28.3-1build7 \
             make=4.3-4.1build2 \
-            curl=8.9.1-2ubuntu2 \
+            git=1:2.43.0-1ubuntu7.1 \
+            git-lfs=3.4.1-1ubuntu0.1 \
+            curl=8.5.0-2ubuntu10.4 \
+            libcurl4-openssl-dev=8.5.0-2ubuntu10.4 \
             tar=1.35+dfsg-3build1 \
-            wget=1.24.5-1ubuntu2 \
-            unzip=6.0-28ubuntu6 \
-            gzip=1.12-1.1ubuntu1 \
-            zip=3.0-14 \
-            bzip2=1.0.8-6 \
+            wget=1.21.4-1ubuntu4.1 \
+            unzip=6.0-28ubuntu4.1 \
+            gzip=1.12-1ubuntu3 \
+            zip=3.0-13build1 \
+            bzip2=1.0.8-5.1build0.1 \
             jq=1.7.1-3build1 \
-            git-lfs=3.5.0-1 \
-            gnupg=2.4.4-2ubuntu18 \
-            gnupg-agent=2.4.4-2ubuntu18 \
-            ca-certificates=20240203 && \
+            gnupg=2.4.4-2ubuntu17 \
+            gnupg-agent=2.4.4-2ubuntu17 && \
+    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \
     mkdir -p -m 755 /etc/apt/keyrings && \
     wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null && \
     chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg && \
     echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null && \
-    curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc && \
-    chmod a+r /etc/apt/keyrings/docker.asc && \
-    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo noble) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \
     apt-get update && \
     apt-get install --no-install-recommends -y \
             gh=2.59.0 \
             docker-ce=${DOCKER_VERSION} \
             docker-ce-cli=${DOCKER_VERSION} \
-            containerd.io=1.7.21-1 \
+            containerd.io=${CONTAINERD_VERSION} \
             docker-buildx-plugin=${DOCKER_BUILDX_VERSION} \
             docker-compose-plugin=${DOCKER_COMPOSE_VERSION} && \
     curl -L https://cache.agilebits.com/dist/1P/op2/pkg/v${ONEPASSWORD_VERSION}/op_linux_amd64_v${ONEPASSWORD_VERSION}.zip -o op.zip && \
@@ -90,6 +89,4 @@ RUN echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/90forceyes && \
     bash -c "echo 'allow-loopback-pinentry' > /root/.gnupg/gpg-agent.conf" && \
     bash -c "echo 'pinentry-mode loopback' > /root/.gnupg/gpg.conf" && \
     chmod 700 /root/.gnupg && chmod 600 /root/.gnupg/* && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/* && \
-    docker --version
+    apt-get clean && rm -rf /var/lib/apt/lists/*

test/gha-container-base-image-ubuntu-22.bats

@@ -0,0 +1,71 @@
+#!/usr/bin/env bats
+
+@test "gcc version" {
+  run bash -c "docker exec gha-container-base-image gcc --version"
+  [[ "${output}" =~ "11.4" ]]
+}
+
+@test "make version" {
+  run bash -c "docker exec gha-container-base-image make --version"
+  [[ "${output}" =~ "4.3" ]]
+}
+
+@test "curl version" {
+  run bash -c "docker exec gha-container-base-image curl --version"
+  [[ "${output}" =~ "7.81" ]]
+}
+
+@test "wget version" {
+  run bash -c "docker exec gha-container-base-image wget --version"
+  [[ "${output}" =~ "1.21" ]]
+}
+
+@test "unzip version" {
+  run bash -c "docker exec gha-container-base-image unzip -v"
+  [[ "${output}" =~ "6.0" ]]
+}
+
+@test "zip version" {
+  run bash -c "docker exec gha-container-base-image zip --version"
+  [[ "${output}" =~ "3.0" ]]
+}
+
+@test "jq version" {
+  run bash -c "docker exec gha-container-base-image jq --version"
+  [[ "${output}" =~ "1.6" ]]
+}
+
+@test "gnupg version" {
+  run bash -c "docker exec gha-container-base-image gpg --version"
+  [[ "${output}" =~ "2.2" ]]
+}
+
+@test "bash version" {
+  run bash -c "docker exec gha-container-base-image bash --version"
+  [[ "${output}" =~ "5.1" ]]
+}
+
+@test "check locale" {
+  run bash -c "docker exec gha-container-base-image locale"
+  [[ "${output}" =~ "LC_ALL=en_US.UTF-8" ]]
+}
+
+@test "1password version" {
+  run bash -c "docker exec gha-container-base-image op --version"
+  [[ "${output}" =~ "2.30" ]]
+}
+
+@test "teller version" {
+  run bash -c "docker exec gha-container-base-image teller version"
+  [[ "${output}" =~ "1.5.6" ]]
+}
+
+@test "vault version" {
+  run bash -c "docker exec gha-container-base-image vault -v"
+  [[ "${output}" =~ "1.18" ]]
+}
+
+@test "gh version" {
+  run bash -c "docker exec gha-container-base-image gh --version"
+  [[ "${output}" =~ "2.59" ]]
+}

test/gha-container-base-image-ubuntu.bats → test/gha-container-base-image-ubuntu-24.bats

@@ -2,7 +2,7 @@
 
 @test "gcc version" {
   run bash -c "docker exec gha-container-base-image gcc --version"
-  [[ "${output}" =~ "14.2" ]]
+  [[ "${output}" =~ "13.2" ]]
 }
 
 @test "make version" {
@@ -12,16 +12,16 @@
 
 @test "curl version" {
   run bash -c "docker exec gha-container-base-image curl --version"
-  [[ "${output}" =~ "8.9" ]]
+  [[ "${output}" =~ "8.5" ]]
 }
 
 @test "wget version" {
   run bash -c "docker exec gha-container-base-image wget --version"
-  [[ "${output}" =~ "1.24" ]]
+  [[ "${output}" =~ "1.21" ]]
 }
 
 @test "unzip version" {
-  run bash -c "docker exec gha-container-base-image unzip --version"
+  run bash -c "docker exec gha-container-base-image unzip -v"
   [[ "${output}" =~ "6.0" ]]
 }