Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade test container image to Ubuntu 24.04 #3255

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Upgrade test container image to Ubuntu 24.04 #3255

wants to merge 5 commits into from

Conversation

lunkwill42
Copy link
Member

@lunkwill42 lunkwill42 commented Dec 12, 2024
edited
Loading

This upgrades the test container image used for local integration testing to Ubuntu 24.04, which brings it more in line with the current ubuntu-latest tag used on Github Actions.

It also fixes some problems with the image, highlighted by the upgrade to Ubuntu 24:

  • The way privilege escalation for management inside the container works has been turned on its head. The container now starts privileged and drops to a non-privileged user after startup-maintenance has been performed. The main way to elevate privileges inside the container is now through sudo, not gosu (which claims it was never intended for privilege escalation and will not not work if you try it).

  • Cache mounts for APT packages are added to the definition, in an attempt to make image builds faster.

  • Syntax problems/deprecations highlighted by newer Docker versions have been fixed

  • Just as newer Debian versions have started to do, newer Ubuntu versions will refuse to let pip install site-wide packages, in order to avoid breaking the OS' own Python packages. The image therefore switches to using a virtualenv for the few Python commands we need to drive tox and the test suite.

@lunkwill42
Run test image as root and drop privs instead
b4579d0 
Newer versions of gosu will complain loudly about having the setuid bit
set, and refuse to work.  gosu is not really intended to raise the
privilege level of the calling user, but to lower it.

This switches up the use of the test docker image and gosu, running the
container as root by default, but instead using the entrypoint script to
modify the `build` user and then *drop* privileges to that user before
running the container command.
@lunkwill42
Move away from legacy ENV command in Dockerfile
c13f373 
Newer Docker versions will complain about the legacy ENV syntax if used,
so it's time to switch.
@lunkwill42
Install unzip with basic utilities
6f0ceda 
Install the unzip package with basic system packages to reduce number of
apt-get install commands used in image.
@lunkwill42
Use cache mounts for apt package installations
23aff1b 
This should speed up rebuilds by retaining an apt package cache between
builds of the test image.
@lunkwill42
Upgrade test image to Ubuntu 24.04
74209c6 
Ubuntu has changed how its package lists are specified by default.  It
also ships with libsnmp40 rather than libsnmp35.  Finally, the most
important change is that pip no longer is allowed to install Python
packages globally, so tox and its associates are instead installed to a
virtualenv whose bin directory is added to the default PATH of the
container.
@lunkwill42 lunkwill42 self-assigned this Dec 12, 2024
@github-actions GitHub Actions
Copy link

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Dec 12, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions GitHub Actions
Copy link

Test results

    9 files      9 suites   8m 25s ⏱️
2 158 tests 2 158 ✅ 0 💤 0 ❌
4 055 runs  4 055 ✅ 0 💤 0 ❌

Results for commit 74209c6.

@codecov Codecov
Copy link

codecov bot commented Dec 12, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 60.54%. Comparing base (4b527c8) to head (74209c6).
Report is 3 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #3255      +/-   ##
==========================================
- Coverage   60.55%   60.54%   -0.01%     
==========================================
  Files         606      606              
  Lines       43723    43723              
  Branches       48       48              
==========================================
- Hits        26478    26474       -4     
- Misses      17233    17237       +4     
  Partials       12       12

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@lunkwill42 lunkwill42 requested a review from a team December 12, 2024 14:43
@lunkwill42 lunkwill42 marked this pull request as ready for review December 12, 2024 14:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@lunkwill42 lunkwill42

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lunkwill42