diff --git a/.github/workflows/development-build.yaml b/.github/workflows/development-build.yaml index ac2b278..bee1511 100644 --- a/.github/workflows/development-build.yaml +++ b/.github/workflows/development-build.yaml @@ -29,15 +29,15 @@ jobs: bats-entry-point: /bin/ash bats-test-path: test/gha-container-base-image.bats - ubuntu-dev-release: - name: development build and release of ubuntu image + ubuntu-22-dev-release: + name: development build and release of ubuntu.2204 image uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/job-container-dev-release.yaml@main secrets: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} with: - dockerfile: Dockerfile.ubuntu + dockerfile: Dockerfile.ubuntu.22 image: twdps/gha-container-base-image - tag-annotation: ubuntu- + tag-annotation: ubuntu-22. opencontainer-labels: true before-static-analysis: true snyk-scan: true @@ -46,4 +46,23 @@ jobs: bats-test: true bats-run-container-name: gha-container-base-image bats-entry-point: /bin/bash - bats-test-path: test/gha-container-base-image-ubuntu.bats + bats-test-path: test/gha-container-base-image-ubuntu-22.bats + + ubuntu-24-dev-release: + name: development build and release of ubuntu.2404 image + uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/job-container-dev-release.yaml@main + secrets: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + with: + dockerfile: Dockerfile.ubuntu.24 + image: twdps/gha-container-base-image + tag-annotation: ubuntu-24. + opencontainer-labels: true + before-static-analysis: true + snyk-scan: true + snyk-severity-threshold: medium + snyk-organization: twdps + bats-test: true + bats-run-container-name: gha-container-base-image + bats-entry-point: /bin/bash + bats-test-path: test/gha-container-base-image-ubuntu-24.bats \ No newline at end of file diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 188aa6e..e863a43 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -25,16 +25,30 @@ jobs: release-message: New release Alpine ThoughtWorks-DPS/gha-container-base-image before-publish: true - ubuntu-publish: - name: publish ubuntu image + ubuntu-22-publish: + name: publish ubuntu.22 image uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/publish-container.yaml@main secrets: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} with: image: twdps/gha-container-base-image - tag-annotation: ubuntu- + tag-annotation: ubuntu-22. sign-image: true sbom: true release-notes: true - release-message: New release Ubuntu ThoughtWorks-DPS/gha-container-base-image + release-message: New release Ubuntu.2204 ThoughtWorks-DPS/gha-container-base-image + before-publish: true + + ubuntu-24-publish: + name: publish ubuntu.24 image + uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/publish-container.yaml@main + secrets: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + with: + image: twdps/gha-container-base-image + tag-annotation: ubuntu-24. + sign-image: true + sbom: true + release-notes: true + release-message: New release Ubuntu.2404 ThoughtWorks-DPS/gha-container-base-image before-publish: true \ No newline at end of file diff --git a/Dockerfile.ubuntu.22 b/Dockerfile.ubuntu.22 new file mode 100644 index 0000000..a1021bc --- /dev/null +++ b/Dockerfile.ubuntu.22 @@ -0,0 +1,92 @@ +FROM ubuntu:22.04 + +LABEL org.opencontainers.image.title="gha-container-base-image" \ + org.opencontainers.image.description="Ubuntu-based github actions job container image" \ + org.opencontainers.image.documentation="https://github.com/ThoughtWorks-DPS/gha-container-base-image" \ + org.opencontainers.image.source="https://github.com/ThoughtWorks-DPS/gha-container-base-image" \ + org.opencontainers.image.url="https://github.com/ThoughtWorks-DPS/gha-container-base-image" \ + org.opencontainers.image.vendor="ThoughtWorks, Inc." \ + org.opencontainers.image.authors="nic.cheneweth@thoughtworks.com" \ + org.opencontainers.image.licenses="MIT" \ + org.opencontainers.image.created="CREATED" \ + org.opencontainers.image.version="VERSION" + +ENV DOCKER_VERSION=5:27.3.1-1~ubuntu.22.04~jammy +ENV DOCKER_BUILDX_VERSION=0.17.1-1~ubuntu.22.04~jammy +ENV DOCKER_COMPOSE_VERSION=2.29.7-1~ubuntu.22.04~jammy +ENV CONTAINERD_VERSION=1.7.22-1 +ENV ONEPASSWORD_VERSION=2.30.0 +ENV VAULT_VERSION=1.18.0 +ENV TELLER_VERSION=1.5.6 +ENV BUILDEVENTS_VERSION=0.16.0 +ENV DEBIAN_FRONTEND=noninteractive + +ENV PATH=/home/circleci/bin:/home/circleci/.local/bin:$PATH \ + LANG=en_US.UTF-8 \ + LANGUAGE=en_US:en \ + LC_ALL=en_US.UTF-8 + +SHELL ["/bin/bash", "-exo", "pipefail", "-c"] + +# hadolint ignore=DL4001,DL3004,DL3047,DL3027,DL3008,SC1091 +RUN echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/90forceyes && \ + echo 'DPkg::Options "--force-confnew";' >> /etc/apt/apt.conf.d/90forceyes && apt update && \ + apt-get install --no-install-recommends -y \ + ca-certificates=20240203~22.04.1 \ + locales=2.35-0ubuntu3.8 \ + build-essential=12.9ubuntu3 \ + software-properties-common=0.99.22.9 \ + apt-transport-https=2.4.13 \ + tzdata=2024a-0ubuntu0.22.04.1 \ + lsb-release=11.1.0ubuntu4 \ + gettext-base=0.21-4ubuntu4 \ + gcc=4:11.2.0-1ubuntu1 \ + g++=4:11.2.0-1ubuntu1 \ + cmake=3.22.1-1ubuntu1.22.04.2 \ + make=4.3-4.1build1 \ + git=1:2.34.1-1ubuntu1.11 \ + git-lfs=3.0.2-1ubuntu0.2 \ + curl=7.81.0-1ubuntu1.18 \ + libcurl4-openssl-dev=7.81.0-1ubuntu1.18 \ + tar=1.34+dfsg-1ubuntu0.1.22.04.2 \ + wget=1.21.2-2ubuntu1.1 \ + unzip=6.0-26ubuntu3.2 \ + gzip=1.10-4ubuntu4.1 \ + zip=3.0-12build2 \ + bzip2=1.0.8-5build1 \ + jq=1.6-2.1ubuntu3 \ + gnupg=2.2.27-3ubuntu2.1 \ + gnupg-agent=2.2.27-3ubuntu2.1 && \ + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \ + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \ + mkdir -p -m 755 /etc/apt/keyrings && \ + wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null && \ + chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg && \ + echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null && \ + apt-get update && \ + apt-get install --no-install-recommends -y \ + gh=2.59.0 \ + docker-ce=${DOCKER_VERSION} \ + docker-ce-cli=${DOCKER_VERSION} \ + containerd.io=${CONTAINERD_VERSION} \ + docker-buildx-plugin=${DOCKER_BUILDX_VERSION} \ + docker-compose-plugin=${DOCKER_COMPOSE_VERSION} && \ + curl -L https://cache.agilebits.com/dist/1P/op2/pkg/v${ONEPASSWORD_VERSION}/op_linux_amd64_v${ONEPASSWORD_VERSION}.zip -o op.zip && \ + unzip -o op.zip && mv op /usr/local/bin/op && \ + rm op.zip && rm op.sig && \ + curl -SLO "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip" > "vault_${VAULT_VERSION}_linux_amd64.zip" && \ + unzip "vault_${VAULT_VERSION}_linux_amd64.zip" -d /usr/local/bin && \ + rm "vault_${VAULT_VERSION}_linux_amd64.zip" && \ + curl -L https://github.com/tellerops/teller/releases/download/v${TELLER_VERSION}/teller_${TELLER_VERSION}_Linux_x86_64.tar.gz --output teller_${TELLER_VERSION}_Linux_x86_64.tar.gz && \ + tar -xzf teller_${TELLER_VERSION}_Linux_x86_64.tar.gz && \ + mv teller /usr/local/bin/teller && \ + rm teller_${TELLER_VERSION}_Linux_x86_64.tar.gz && \ + curl -L -o buildevents https://github.com/honeycombio/buildevents/releases/download/v${BUILDEVENTS_VERSION}/buildevents-linux-amd64 && \ + chmod +x buildevents && \ + mv buildevents /usr/local/bin/buildevents && \ + sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen && locale-gen && \ + mkdir /root/.gnupg && \ + bash -c "echo 'allow-loopback-pinentry' > /root/.gnupg/gpg-agent.conf" && \ + bash -c "echo 'pinentry-mode loopback' > /root/.gnupg/gpg.conf" && \ + chmod 700 /root/.gnupg && chmod 600 /root/.gnupg/* && \ + apt-get clean && rm -rf /var/lib/apt/lists/* diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu.24 similarity index 69% rename from Dockerfile.ubuntu rename to Dockerfile.ubuntu.24 index 476a02b..5cd44ca 100644 --- a/Dockerfile.ubuntu +++ b/Dockerfile.ubuntu.24 @@ -1,4 +1,4 @@ -FROM ubuntu:oracular-20240918 +FROM ubuntu:24.04 LABEL org.opencontainers.image.title="gha-container-base-image" \ org.opencontainers.image.description="Ubuntu-based github actions job container image" \ @@ -12,64 +12,63 @@ LABEL org.opencontainers.image.title="gha-container-base-image" \ org.opencontainers.image.version="VERSION" ENV DOCKER_VERSION=5:27.3.1-1~ubuntu.24.04~noble -ENV DOCKER_BUILDX_VERSION=0.16.2-1~ubuntu.24.04~noble -ENV DOCKER_COMPOSE_VERSION=2.29.2-1~ubuntu.24.04~noble +ENV DOCKER_BUILDX_VERSION=0.17.1-1~ubuntu.24.04~noble +ENV DOCKER_COMPOSE_VERSION=2.29.7-1~ubuntu.24.04~noble +ENV CONTAINERD_VERSION=1.7.22-1 ENV ONEPASSWORD_VERSION=2.30.0 ENV VAULT_VERSION=1.18.0 ENV TELLER_VERSION=1.5.6 ENV BUILDEVENTS_VERSION=0.16.0 ENV DEBIAN_FRONTEND=noninteractive -# ENV TELLER_VERSION=2.0.7 ENV PATH=/home/circleci/bin:/home/circleci/.local/bin:$PATH \ - LANG=en_US.UTF-8 \ - LANGUAGE=en_US:en \ - LC_ALL=en_US.UTF-8 + LANG=en_US.UTF-8 \ + LANGUAGE=en_US:en \ + LC_ALL=en_US.UTF-8 SHELL ["/bin/bash", "-exo", "pipefail", "-c"] # hadolint ignore=DL4001,DL3004,DL3047,DL3027,DL3008,SC1091 RUN echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/90forceyes && \ - echo 'DPkg::Options "--force-confnew";' >> /etc/apt/apt.conf.d/90forceyes && \ - apt update && apt-get install --no-install-recommends -y \ - git=1:2.45.2-1ubuntu1 \ - openssh-server=1:9.7p1-7ubuntu4 \ - locales=2.40-1ubuntu3 \ - tzdata=2024a-4ubuntu1 \ - libcurl4-openssl-dev=8.9.1-2ubuntu2 \ - apt-transport-https=2.9.8 \ - lsb-release=12.1-1 \ - gettext-base=0.22.5-2 \ + echo 'DPkg::Options "--force-confnew";' >> /etc/apt/apt.conf.d/90forceyes && apt update && \ + apt-get install --no-install-recommends -y \ + ca-certificates=20240203 \ + locales=2.39-0ubuntu8.3 \ build-essential=12.10ubuntu1 \ - gcc=4:14.1.0-2ubuntu1 \ - g++=4:14.1.0-2ubuntu1 \ - cmake=3.30.3-1 \ + software-properties-common=0.99.48 \ + apt-transport-https=2.7.14build2 \ + tzdata=2024a-3ubuntu1.1 \ + lsb-release=12.0-2 \ + gettext-base=0.21-14ubuntu2 \ + gcc=4:13.2.0-7ubuntu1 \ + g++=4:13.2.0-7ubuntu1 \ + cmake=3.28.3-1build7 \ make=4.3-4.1build2 \ - curl=8.9.1-2ubuntu2 \ + git=1:2.43.0-1ubuntu7.1 \ + git-lfs=3.4.1-1ubuntu0.1 \ + curl=8.5.0-2ubuntu10.4 \ + libcurl4-openssl-dev=8.5.0-2ubuntu10.4 \ tar=1.35+dfsg-3build1 \ - wget=1.24.5-1ubuntu2 \ - unzip=6.0-28ubuntu6 \ - gzip=1.12-1.1ubuntu1 \ - zip=3.0-14 \ - bzip2=1.0.8-6 \ + wget=1.21.4-1ubuntu4.1 \ + unzip=6.0-28ubuntu4.1 \ + gzip=1.12-1ubuntu3 \ + zip=3.0-13build1 \ + bzip2=1.0.8-5.1build0.1 \ jq=1.7.1-3build1 \ - git-lfs=3.5.0-1 \ - gnupg=2.4.4-2ubuntu18 \ - gnupg-agent=2.4.4-2ubuntu18 \ - ca-certificates=20240203 && \ + gnupg=2.4.4-2ubuntu17 \ + gnupg-agent=2.4.4-2ubuntu17 && \ + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \ + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \ mkdir -p -m 755 /etc/apt/keyrings && \ wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null && \ chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg && \ echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null && \ - curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc && \ - chmod a+r /etc/apt/keyrings/docker.asc && \ - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo noble) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \ apt-get update && \ apt-get install --no-install-recommends -y \ gh=2.59.0 \ docker-ce=${DOCKER_VERSION} \ docker-ce-cli=${DOCKER_VERSION} \ - containerd.io=1.7.21-1 \ + containerd.io=${CONTAINERD_VERSION} \ docker-buildx-plugin=${DOCKER_BUILDX_VERSION} \ docker-compose-plugin=${DOCKER_COMPOSE_VERSION} && \ curl -L https://cache.agilebits.com/dist/1P/op2/pkg/v${ONEPASSWORD_VERSION}/op_linux_amd64_v${ONEPASSWORD_VERSION}.zip -o op.zip && \ @@ -90,6 +89,4 @@ RUN echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/90forceyes && \ bash -c "echo 'allow-loopback-pinentry' > /root/.gnupg/gpg-agent.conf" && \ bash -c "echo 'pinentry-mode loopback' > /root/.gnupg/gpg.conf" && \ chmod 700 /root/.gnupg && chmod 600 /root/.gnupg/* && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - docker --version + apt-get clean && rm -rf /var/lib/apt/lists/* diff --git a/test/gha-container-base-image-ubuntu-22.bats b/test/gha-container-base-image-ubuntu-22.bats new file mode 100644 index 0000000..5761b68 --- /dev/null +++ b/test/gha-container-base-image-ubuntu-22.bats @@ -0,0 +1,71 @@ +#!/usr/bin/env bats + +@test "gcc version" { + run bash -c "docker exec gha-container-base-image gcc --version" + [[ "${output}" =~ "11.4" ]] +} + +@test "make version" { + run bash -c "docker exec gha-container-base-image make --version" + [[ "${output}" =~ "4.3" ]] +} + +@test "curl version" { + run bash -c "docker exec gha-container-base-image curl --version" + [[ "${output}" =~ "7.81" ]] +} + +@test "wget version" { + run bash -c "docker exec gha-container-base-image wget --version" + [[ "${output}" =~ "1.21" ]] +} + +@test "unzip version" { + run bash -c "docker exec gha-container-base-image unzip -v" + [[ "${output}" =~ "6.0" ]] +} + +@test "zip version" { + run bash -c "docker exec gha-container-base-image zip --version" + [[ "${output}" =~ "3.0" ]] +} + +@test "jq version" { + run bash -c "docker exec gha-container-base-image jq --version" + [[ "${output}" =~ "1.6" ]] +} + +@test "gnupg version" { + run bash -c "docker exec gha-container-base-image gpg --version" + [[ "${output}" =~ "2.2" ]] +} + +@test "bash version" { + run bash -c "docker exec gha-container-base-image bash --version" + [[ "${output}" =~ "5.1" ]] +} + +@test "check locale" { + run bash -c "docker exec gha-container-base-image locale" + [[ "${output}" =~ "LC_ALL=en_US.UTF-8" ]] +} + +@test "1password version" { + run bash -c "docker exec gha-container-base-image op --version" + [[ "${output}" =~ "2.30" ]] +} + +@test "teller version" { + run bash -c "docker exec gha-container-base-image teller version" + [[ "${output}" =~ "1.5.6" ]] +} + +@test "vault version" { + run bash -c "docker exec gha-container-base-image vault -v" + [[ "${output}" =~ "1.18" ]] +} + +@test "gh version" { + run bash -c "docker exec gha-container-base-image gh --version" + [[ "${output}" =~ "2.59" ]] +} diff --git a/test/gha-container-base-image-ubuntu.bats b/test/gha-container-base-image-ubuntu-24.bats similarity index 90% rename from test/gha-container-base-image-ubuntu.bats rename to test/gha-container-base-image-ubuntu-24.bats index 4ba5f77..487300b 100644 --- a/test/gha-container-base-image-ubuntu.bats +++ b/test/gha-container-base-image-ubuntu-24.bats @@ -2,7 +2,7 @@ @test "gcc version" { run bash -c "docker exec gha-container-base-image gcc --version" - [[ "${output}" =~ "14.2" ]] + [[ "${output}" =~ "13.2" ]] } @test "make version" { @@ -12,16 +12,16 @@ @test "curl version" { run bash -c "docker exec gha-container-base-image curl --version" - [[ "${output}" =~ "8.9" ]] + [[ "${output}" =~ "8.5" ]] } @test "wget version" { run bash -c "docker exec gha-container-base-image wget --version" - [[ "${output}" =~ "1.24" ]] + [[ "${output}" =~ "1.21" ]] } @test "unzip version" { - run bash -c "docker exec gha-container-base-image unzip --version" + run bash -c "docker exec gha-container-base-image unzip -v" [[ "${output}" =~ "6.0" ]] }