diff --git a/aws-code-build/ci/buildspec.yaml b/aws-code-build/ci/buildspec.yaml index 39c8929cf..d32b0f2c0 100644 --- a/aws-code-build/ci/buildspec.yaml +++ b/aws-code-build/ci/buildspec.yaml @@ -6,6 +6,13 @@ version: 0.2 batch: fast-fail: false build-graph: + - identifier: build_template_Exasol_all_java_17 + env: + variables: + FLAVOR: template-Exasol-all-java-17 + compute-type: BUILD_GENERAL1_MEDIUM + privileged-mode: true + buildspec: ./aws-code-build/ci/build_buildspec.yaml - identifier: build_template_Exasol_all_python_310 env: variables: diff --git a/flavors/template-Exasol-all-java-17/FLAVOR_DESCRIPTION.md b/flavors/template-Exasol-all-java-17/FLAVOR_DESCRIPTION.md new file mode 100644 index 000000000..2219ba607 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/FLAVOR_DESCRIPTION.md @@ -0,0 +1,10 @@ +# Details for r-4-minimal-EXASOL-6.2.0 + +## Packages + +- [UDFclient dependencies](flavor_base/udfclient_deps/packages/apt_get_packages) +- [Language dependencies](flavor_base/language_deps/packages/apt_get_packages) +- Flavor packages + - [Ubuntu packages](flavor_base/flavor_base_deps/packages/apt_get_packages) +- Customization + - [Ubuntu packages](flavor_customization/packages/apt_get_packages) diff --git a/flavors/template-Exasol-all-java-17/flavor_base/base_test_build_run/Dockerfile b/flavors/template-Exasol-all-java-17/flavor_base/base_test_build_run/Dockerfile new file mode 100644 index 000000000..e7c8a19c0 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/base_test_build_run/Dockerfile @@ -0,0 +1,41 @@ +FROM {{language_deps}} + +RUN mkdir /conf /buckets + +COPY --from={{base_test_deps}} /usr /usr +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{base_test_deps}} /lib /lib +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{base_test_deps}} /bin /bin +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{base_test_deps}} /opt /opt +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{base_test_deps}} /etc /etc +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{base_test_deps}} /env /env +RUN true # workaround for https://github.com/moby/moby/issues/37965 + + +RUN ldconfig + +RUN mkdir /exaudfclient /exaudf +COPY /exaudfclient /exaudfclient + +WORKDIR /exaudfclient/ +RUN ["/bin/bash", "-c", "source /env && bash build.sh --config no-tty -c dbg --config java --config test-binaries"] +RUN cp -r -L bazel-bin/* /exaudf && rm -r /exaudf/external +RUN rm -r /root/.cache/bazel #Delete bazel cache as it contains java rules with special characters which will cause a problem for Bucketfs + +WORKDIR /exaudfclient/base +RUN ./test_udfclient.sh /exaudf/exaudfclient + +WORKDIR / +RUN mkdir /exasol_emulator +COPY emulator/ /exasol_emulator +COPY /exaudfclient/base/exaudflib/zmqcontainer.proto /exasol_emulator +RUN cd /exasol_emulator && protoc zmqcontainer.proto --python_out=. diff --git a/flavors/template-Exasol-all-java-17/flavor_base/base_test_deps/Dockerfile b/flavors/template-Exasol-all-java-17/flavor_base/base_test_deps/Dockerfile new file mode 100644 index 000000000..3a8ca3f61 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/base_test_deps/Dockerfile @@ -0,0 +1,6 @@ +FROM {{build_deps}} + +RUN mkdir -p /build_info/packages +COPY base_test_deps/packages /build_info/packages/base_test_deps + +RUN /scripts/install_scripts/install_via_apt.pl --file /build_info/packages/base_test_deps/apt_get_packages --with-versions diff --git a/flavors/template-Exasol-all-java-17/flavor_base/base_test_deps/packages/apt_get_packages b/flavors/template-Exasol-all-java-17/flavor_base/base_test_deps/packages/apt_get_packages new file mode 100644 index 000000000..d7e9d1835 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/base_test_deps/packages/apt_get_packages @@ -0,0 +1,7 @@ +gdb|12.1-0ubuntu1~22.04.2 +valgrind|1:3.18.1-1ubuntu2 +gdbserver|12.1-0ubuntu1~22.04.2 +binutils|2.38-4ubuntu2.6 +patchelf|0.14.3-1 +strace|5.16-0ubuntu3 +chrpath|0.16-2 diff --git a/flavors/template-Exasol-all-java-17/flavor_base/build_deps/Dockerfile b/flavors/template-Exasol-all-java-17/flavor_base/build_deps/Dockerfile new file mode 100644 index 000000000..ebd01539c --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/build_deps/Dockerfile @@ -0,0 +1,37 @@ +FROM ubuntu:22.04 +ENV DEBIAN_FRONTEND=noninteractive + +ENV ARCHIVE_UBUNTU_PREFIX="" +RUN sed --in-place --regexp-extended "s/(\/\/)(archive\.ubuntu)/\1$ARCHIVE_UBUNTU_PREFIX\2/" /etc/apt/sources.list + +COPY 01_nodoc /etc/dpkg/dpkg.cfg.d/01_nodoc +COPY scripts /scripts + +RUN mkdir -p /build_info/packages +COPY build_deps/packages /build_info/packages/build_deps + +ENV BAZEL_PACKAGE_VERSION="7.2.1" +ENV BAZEL_PACKAGE_FILE="bazel_$BAZEL_PACKAGE_VERSION-linux-x86_64.deb" +ENV BAZEL_PACKAGE_URL="https://github.com/bazelbuild/bazel/releases/download/$BAZEL_PACKAGE_VERSION/$BAZEL_PACKAGE_FILE" + +RUN /scripts/install_scripts/install_via_apt.pl --file /build_info/packages/build_deps/apt_get_packages --with-versions + +RUN apt-get -y update && \ + curl -L --output "$BAZEL_PACKAGE_FILE" "$BAZEL_PACKAGE_URL" && \ + apt-get install -y "./$BAZEL_PACKAGE_FILE" && \ + rm "$BAZEL_PACKAGE_FILE" && \ + apt-get -y clean && \ + apt-get -y autoremove + +RUN curl -L -o swig-2.0.4.tar.gz https://exasol-script-languages-dependencies.s3.eu-central-1.amazonaws.com/swig-2.0.4.tar.gz && \ + tar zxf swig-2.0.4.tar.gz && \ + (cd swig-2.0.4 && ./configure --prefix=/usr && make && make install) && \ + rm -rf swig-2.0.4 swig-2.0.4.tar.gz + +RUN locale-gen en_US.UTF-8 && \ + update-locale LC_ALL=en_US.UTF-8 && \ + ldconfig + +RUN touch /env && \ + echo "export PROTOBUF_BIN=/usr/bin/protoc" >> /env && \ + echo "export JAVA_HOME=/usr/lib/jvm/java-1.17.0-openjdk-amd64" >> /env diff --git a/flavors/template-Exasol-all-java-17/flavor_base/build_deps/packages/apt_get_packages b/flavors/template-Exasol-all-java-17/flavor_base/build_deps/packages/apt_get_packages new file mode 100644 index 000000000..e715eb2d0 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/build_deps/packages/apt_get_packages @@ -0,0 +1,10 @@ +coreutils|8.32-4.1ubuntu1.2 +locales|2.35-0ubuntu3.8 +tar|1.34+dfsg-1ubuntu0.1.22.04.2 +curl|7.81.0-1ubuntu1.18 +openjdk-17-jdk-headless|17.0.12+7-1ubuntu2~22.04 +build-essential|12.9ubuntu3 +libpcre3-dev|2:8.39-13ubuntu0.22.04.1 +protobuf-compiler|3.12.4-1ubuntu7.22.04.1 +chrpath|0.16-2 +python3|3.10.6-1~22.04.1 diff --git a/flavors/template-Exasol-all-java-17/flavor_base/build_run/Dockerfile b/flavors/template-Exasol-all-java-17/flavor_base/build_run/Dockerfile new file mode 100644 index 000000000..bf11a29b8 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/build_run/Dockerfile @@ -0,0 +1,42 @@ +FROM {{language_deps}} + +COPY --from={{build_deps}} /usr /usr +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{build_deps}} /lib /lib +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{build_deps}} /bin /bin +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{build_deps}} /opt /opt +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{build_deps}} /etc /etc +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{build_deps}} /env /env +RUN true # workaround for https://github.com/moby/moby/issues/37965 + + +RUN ldconfig + +RUN mkdir /exaudfclient /exaudf /exaudf/src +COPY /exaudfclient /exaudfclient + +WORKDIR /exaudfclient/ +RUN ["/bin/bash", "-c", "source /env && bash build.sh --config no-tty --config optimize --config java --config fast-binary"] +RUN cp -r -L bazel-bin/* /exaudf && rm -r /exaudf/external + +WORKDIR /exaudfclient/base +RUN ./test_udfclient.sh /exaudf/exaudfclient + +WORKDIR /exaudf/ + +RUN rm -r /exaudfclient + +COPY --from={{build_deps}} /build_info /build_info +RUN true # workaround for https://github.com/moby/moby/issues/37965 + + +RUN mkdir /conf /buckets diff --git a/flavors/template-Exasol-all-java-17/flavor_base/build_steps.py b/flavors/template-Exasol-all-java-17/flavor_base/build_steps.py new file mode 100644 index 000000000..40441d91d --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/build_steps.py @@ -0,0 +1,147 @@ +from typing import Dict + +from exasol.slc.internal.tasks.build.docker_flavor_image_task import DockerFlavorAnalyzeImageTask + + +class AnalyzeUDFClientDeps(DockerFlavorAnalyzeImageTask): + + def get_build_step(self) -> str: + return "udfclient_deps" + + def get_additional_build_directories_mapping(self) -> Dict[str, str]: + return {"01_nodoc": "ext/01_nodoc","scripts": "ext/scripts"} + + def get_path_in_flavor(self): + return "flavor_base" + + +class AnalyzeLanguageDeps(DockerFlavorAnalyzeImageTask): + + def get_build_step(self) -> str: + return "language_deps" + + def get_additional_build_directories_mapping(self) -> Dict[str, str]: + return {"scripts": "ext/scripts"} + + def requires_tasks(self): + return {"udfclient_deps": AnalyzeUDFClientDeps} + + def get_path_in_flavor(self): + return "flavor_base" + + +class AnalyzeBuildDeps(DockerFlavorAnalyzeImageTask): + + def get_build_step(self) -> str: + return "build_deps" + + def get_additional_build_directories_mapping(self) -> Dict[str, str]: + return {"01_nodoc": "ext/01_nodoc", "scripts": "ext/scripts"} + + def get_path_in_flavor(self): + return "flavor_base" + + +class AnalyzeBuildRun(DockerFlavorAnalyzeImageTask): + + def get_build_step(self) -> str: + return "build_run" + + def requires_tasks(self): + return {"build_deps": AnalyzeBuildDeps, + "language_deps": AnalyzeLanguageDeps} + + def get_additional_build_directories_mapping(self) -> Dict[str, str]: + return {"exaudfclient": "exaudfclient"} + + def get_path_in_flavor(self): + return "flavor_base" + + +class AnalyzeBaseTestDeps(DockerFlavorAnalyzeImageTask): + + def get_build_step(self) -> str: + return "base_test_deps" + + def requires_tasks(self): + return {"build_deps": AnalyzeBuildDeps} + + def get_path_in_flavor(self): + return "flavor_base" + + +class AnalyzeBaseTestBuildRun(DockerFlavorAnalyzeImageTask): + + def get_build_step(self) -> str: + return "base_test_build_run" + + def requires_tasks(self): + return {"base_test_deps": AnalyzeBaseTestDeps, + "language_deps": AnalyzeLanguageDeps} + + def get_additional_build_directories_mapping(self) -> Dict[str, str]: + return {"exaudfclient": "exaudfclient", "emulator": "emulator"} + + def get_path_in_flavor(self): + return "flavor_base" + + +class AnalyzeFlavorBaseDeps(DockerFlavorAnalyzeImageTask): + + def get_build_step(self) -> str: + return "flavor_base_deps" + + def requires_tasks(self): + return {"language_deps": AnalyzeLanguageDeps} + + def get_additional_build_directories_mapping(self): + return {"01_nodoc": "ext/01_nodoc", "scripts": "ext/scripts"} + + def get_path_in_flavor(self): + return "flavor_base" + + +class AnalyzeFlavorCustomization(DockerFlavorAnalyzeImageTask): + + def get_build_step(self) -> str: + return "flavor_customization" + + def requires_tasks(self): + return {"flavor_base_deps": AnalyzeFlavorBaseDeps} + + +class AnalyzeFlavorTestBuildRun(DockerFlavorAnalyzeImageTask): + + def get_build_step(self) -> str: + return "flavor_test_build_run" + + def requires_tasks(self): + return {"flavor_customization": AnalyzeFlavorCustomization, + "base_test_build_run": AnalyzeBaseTestBuildRun} + + def get_path_in_flavor(self): + return "flavor_base" + + +class AnalyzeRelease(DockerFlavorAnalyzeImageTask): + def get_build_step(self) -> str: + return "release" + + def requires_tasks(self): + return {"flavor_customization": AnalyzeFlavorCustomization, + "build_run": AnalyzeBuildRun, + "language_deps": AnalyzeLanguageDeps} + + def get_path_in_flavor(self): + return "flavor_base" + + +class SecurityScan(DockerFlavorAnalyzeImageTask): + def get_build_step(self) -> str: + return "security_scan" + + def requires_tasks(self): + return {"release": AnalyzeRelease} + + def get_path_in_flavor(self): + return "flavor_base" \ No newline at end of file diff --git a/flavors/template-Exasol-all-java-17/flavor_base/flavor_base_deps/Dockerfile b/flavors/template-Exasol-all-java-17/flavor_base/flavor_base_deps/Dockerfile new file mode 100644 index 000000000..21e86b51a --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/flavor_base_deps/Dockerfile @@ -0,0 +1,6 @@ +FROM {{ language_deps }} + +RUN mkdir -p /build_info/packages/flavor_base_deps + +COPY flavor_base_deps/packages/apt_get_packages /build_info/packages/flavor_base_deps +RUN /scripts/install_scripts/install_via_apt.pl --file /build_info/packages/flavor_base_deps/apt_get_packages --with-versions diff --git a/flavors/template-Exasol-all-java-17/flavor_base/flavor_base_deps/packages/apt_get_packages b/flavors/template-Exasol-all-java-17/flavor_base/flavor_base_deps/packages/apt_get_packages new file mode 100644 index 000000000..e5641b0eb --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/flavor_base_deps/packages/apt_get_packages @@ -0,0 +1,5 @@ +coreutils|8.32-4.1ubuntu1.2 +locales|2.35-0ubuntu3.8 +unzip|6.0-26ubuntu3.2 +wget|1.21.2-2ubuntu1.1 +git|1:2.34.1-1ubuntu1.11 diff --git a/flavors/template-Exasol-all-java-17/flavor_base/flavor_test_build_run/Dockerfile b/flavors/template-Exasol-all-java-17/flavor_base/flavor_test_build_run/Dockerfile new file mode 100644 index 000000000..32230a4d9 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/flavor_test_build_run/Dockerfile @@ -0,0 +1,25 @@ +FROM {{base_test_build_run}} + +RUN mkdir -p /conf /buckets + +COPY --from={{flavor_customization}} /usr /usr +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{flavor_customization}} /opt /opt +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{flavor_customization}} /lib /lib +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{flavor_customization}} /bin /bin +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{flavor_customization}} /etc /etc +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{flavor_customization}} /build_info /build_info +RUN true # workaround for https://github.com/moby/moby/issues/37965 + + +RUN ldconfig + diff --git a/flavors/template-Exasol-all-java-17/flavor_base/language_definition b/flavors/template-Exasol-all-java-17/flavor_base/language_definition new file mode 100644 index 000000000..2050151f4 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/language_definition @@ -0,0 +1 @@ +JAVA=localzmq+protobuf:///{{ bucketfs_name }}/{{ bucket_name }}/{{ path_in_bucket }}{{ release_name }}?lang=java#buckets/{{ bucketfs_name }}/{{ bucket_name }}/{{ path_in_bucket }}{{ release_name }}/exaudf/exaudfclient diff --git a/flavors/template-Exasol-all-java-17/flavor_base/language_deps/Dockerfile b/flavors/template-Exasol-all-java-17/flavor_base/language_deps/Dockerfile new file mode 100644 index 000000000..9eb11e54c --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/language_deps/Dockerfile @@ -0,0 +1,7 @@ +FROM {{udfclient_deps}} + +COPY language_deps/packages /build_info/packages/language_deps + +RUN /scripts/install_scripts/install_via_apt.pl --file /build_info/packages/language_deps/apt_get_packages --with-versions + +ENV JAVA_PREFIX /usr/lib/jvm/java-17-openjdk-amd64 diff --git a/flavors/template-Exasol-all-java-17/flavor_base/language_deps/packages/apt_get_packages b/flavors/template-Exasol-all-java-17/flavor_base/language_deps/packages/apt_get_packages new file mode 100644 index 000000000..48c78b1ba --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/language_deps/packages/apt_get_packages @@ -0,0 +1,3 @@ +ca-certificates|20240203~22.04.1 +curl|7.81.0-1ubuntu1.18 +openjdk-17-jdk-headless|17.0.12+7-1ubuntu2~22.04 diff --git a/flavors/template-Exasol-all-java-17/flavor_base/release/Dockerfile b/flavors/template-Exasol-all-java-17/flavor_base/release/Dockerfile new file mode 100644 index 000000000..eab0a8bca --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/release/Dockerfile @@ -0,0 +1,61 @@ +FROM ubuntu:22.04 +RUN mkdir /conf /buckets + +COPY --from={{language_deps}} /usr /usr +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{language_deps}} /lib /lib +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{language_deps}} /bin /bin +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{language_deps}} /opt /opt +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{language_deps}} /etc /etc +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{language_deps}} /build_info /build_info +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{language_deps}} /var /var +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{language_deps}} /scripts /scripts +RUN true # workaround for https://github.com/moby/moby/issues/37965 + + +COPY --from={{flavor_customization}} /usr /usr +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{flavor_customization}} /lib /lib +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{flavor_customization}} /bin /bin +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{flavor_customization}} /opt /opt +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{flavor_customization}} /etc /etc +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{flavor_customization}} /build_info /build_info +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{flavor_customization}} /var /var +RUN true # workaround for https://github.com/moby/moby/issues/37965 + + +RUN ldconfig + +COPY --from={{build_run}} /exaudf /exaudf +RUN true # workaround for https://github.com/moby/moby/issues/37965 + +COPY --from={{build_run}} /build_info /build_info +RUN true # workaround for https://github.com/moby/moby/issues/37965 + + +RUN mkdir -p /build_info/actual_installed_packages/release && \ + /scripts/list_installed_scripts/list_installed_apt.sh > /build_info/actual_installed_packages/release/apt_get_packages diff --git a/flavors/template-Exasol-all-java-17/flavor_base/security_scan/.oysterignore b/flavors/template-Exasol-all-java-17/flavor_base/security_scan/.oysterignore new file mode 100644 index 000000000..e76644720 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/security_scan/.oysterignore @@ -0,0 +1,2 @@ +#ignore false positive for CURL, the underlying Ubuntu package already includes a fix for this CVE +CVE-2022-27774 diff --git a/flavors/template-Exasol-all-java-17/flavor_base/security_scan/.trivyignore b/flavors/template-Exasol-all-java-17/flavor_base/security_scan/.trivyignore new file mode 100644 index 000000000..e69de29bb diff --git a/flavors/template-Exasol-all-java-17/flavor_base/security_scan/Dockerfile b/flavors/template-Exasol-all-java-17/flavor_base/security_scan/Dockerfile new file mode 100644 index 000000000..84f5a6563 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/security_scan/Dockerfile @@ -0,0 +1,18 @@ +FROM {{release}} +ENV DEBIAN_FRONTEND=noninteractive + +RUN mkdir -p /build_info/packages +COPY security_scan/packages /build_info/packages/security_scan +RUN /scripts/install_scripts/install_via_apt.pl --file /build_info/packages/security_scan/apt_get_packages_trivy_deps +RUN curl -s https://aquasecurity.github.io/trivy-repo/deb/public.key | apt-key add - &&\ + /scripts/install_scripts/install_ppa.pl --ppa 'deb https://aquasecurity.github.io/trivy-repo/deb jammy main' --out-file trivy.list +RUN /scripts/install_scripts/install_via_apt.pl --file /build_info/packages/security_scan/apt_get_packages + +ENV SECURITY_SCANNERS="trivy" +COPY /security_scan/.trivyignore /.trivyignore +COPY /security_scan/trivy-secret.yaml /trivy-secret.yaml + +COPY /security_scan/.oysterignore /.oysterignore +COPY /security_scan/trivy.rego /trivy.rego + +ENTRYPOINT ["/scripts/security_scan/run.sh"] diff --git a/flavors/template-Exasol-all-java-17/flavor_base/security_scan/packages/apt_get_packages b/flavors/template-Exasol-all-java-17/flavor_base/security_scan/packages/apt_get_packages new file mode 100644 index 000000000..6bd628d4c --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/security_scan/packages/apt_get_packages @@ -0,0 +1 @@ +trivy diff --git a/flavors/template-Exasol-all-java-17/flavor_base/security_scan/packages/apt_get_packages_trivy_deps b/flavors/template-Exasol-all-java-17/flavor_base/security_scan/packages/apt_get_packages_trivy_deps new file mode 100644 index 000000000..8920661bf --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/security_scan/packages/apt_get_packages_trivy_deps @@ -0,0 +1,2 @@ +apt-transport-https +gnupg \ No newline at end of file diff --git a/flavors/template-Exasol-all-java-17/flavor_base/security_scan/trivy-secret.yaml b/flavors/template-Exasol-all-java-17/flavor_base/security_scan/trivy-secret.yaml new file mode 100644 index 000000000..86e881df0 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/security_scan/trivy-secret.yaml @@ -0,0 +1,4 @@ +allow-rules: + - id: r-open-ssl-samples + description: skip R open ssl sample secrets + path: usr/local/lib/R/site-library/openssl/doc/* diff --git a/flavors/template-Exasol-all-java-17/flavor_base/security_scan/trivy.rego b/flavors/template-Exasol-all-java-17/flavor_base/security_scan/trivy.rego new file mode 100644 index 000000000..fc807388d --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/security_scan/trivy.rego @@ -0,0 +1,10 @@ +package trivy + +import data.lib.trivy + +default ignore = false + +ignore { + input.PkgName == "linux-libc-dev" + regex.match("^kernel:", input.Title) +} \ No newline at end of file diff --git a/flavors/template-Exasol-all-java-17/flavor_base/testconfig b/flavors/template-Exasol-all-java-17/flavor_base/testconfig new file mode 100644 index 000000000..2b7b56e01 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/testconfig @@ -0,0 +1,2 @@ +generic_language_tests=java +test_folders=java diff --git a/flavors/template-Exasol-all-java-17/flavor_base/udfclient_deps/Dockerfile b/flavors/template-Exasol-all-java-17/flavor_base/udfclient_deps/Dockerfile new file mode 100644 index 000000000..a18d69b23 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/udfclient_deps/Dockerfile @@ -0,0 +1,26 @@ +FROM ubuntu:22.04 +ENV DEBIAN_FRONTEND=noninteractive + +ENV ARCHIVE_UBUNTU_PREFIX="" +RUN sed --in-place --regexp-extended "s/(\/\/)(archive\.ubuntu)/\1$ARCHIVE_UBUNTU_PREFIX\2/" /etc/apt/sources.list + +COPY 01_nodoc /etc/dpkg/dpkg.cfg.d/01_nodoc +COPY scripts /scripts + +RUN mkdir -p /build_info/packages +COPY udfclient_deps/packages /build_info/packages/udfclient_deps +RUN /scripts/install_scripts/install_via_apt.pl --file /build_info/packages/udfclient_deps/apt_get_packages --with-versions + +RUN addgroup --gid 1000 exasolution +RUN adduser --disabled-login --uid 1000 --gid 1000 exasolution --gecos "First Last,RoomNumber,WorkPhone,HomePhone" +RUN addgroup --gid 500 exausers +RUN adduser --disabled-login --uid 500 --gid 500 exadefusr --gecos "First Last,RoomNumber,WorkPhone,HomePhone" + +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +ENV PROTOBUF_LIBRARY_PREFIX=/usr/lib/ +ENV PROTOBUF_INCLUDE_PREFIX=/usr/include/ +ENV ZMQ_LIBRARY_PREFIX=/usr/lib +ENV ZMQ_INCLUDE_PREFIX=/usr/include diff --git a/flavors/template-Exasol-all-java-17/flavor_base/udfclient_deps/packages/apt_get_packages b/flavors/template-Exasol-all-java-17/flavor_base/udfclient_deps/packages/apt_get_packages new file mode 100644 index 000000000..49dc6a1cc --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_base/udfclient_deps/packages/apt_get_packages @@ -0,0 +1,6 @@ +coreutils|8.32-4.1ubuntu1.2 +locales|2.35-0ubuntu3.8 +libnss-db|2.2.3pre1-6ubuntu3 +libzmq3-dev|4.3.4-2 +libprotobuf-dev|3.12.4-1ubuntu7.22.04.1 +libssl-dev|3.0.2-0ubuntu1.18 diff --git a/flavors/template-Exasol-all-java-17/flavor_customization/Dockerfile b/flavors/template-Exasol-all-java-17/flavor_customization/Dockerfile new file mode 100644 index 000000000..f2cee4455 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_customization/Dockerfile @@ -0,0 +1,73 @@ +############################################################################################ +############################################################################################ +# This Dockerfile allows you to extend this flavor by installing packages or adding files. +# IF you didn't change the lines below, you can add packages and their version to the +# files in ./packages and they get automatically installed. +############################################################################################ +############################################################################################ + +####################################################################### +####################################################################### +# Do not change the following lines unless you know what you are doing +####################################################################### +####################################################################### + +FROM {{flavor_base_deps}} + +RUN mkdir -p /build_info/packages/flavor_customization + +COPY flavor_customization/packages/apt_get_packages /build_info/packages/flavor_customization +RUN /scripts/install_scripts/install_via_apt.pl --file /build_info/packages/flavor_customization/apt_get_packages --with-versions + +########################################################################## +########################################################################## +# Below this text you can add any Dockerfile commands except of FROM. +# However only commands which change the filesystem will be +# reflected to the final script-language container. +# We recommend to use only RUN, COPY and ADD. For example, WORKDIR, USER +# and ENV will be not carried over into the final container. For more +# information about Dockerfile commands, please check the reference +# https://docs.docker.com/engine/reference/builder/#dockerfile-reference +########################################################################## +########################################################################## + + +########### +########### +# Examples: +########### +########### + +################################################# +# Execute a command during the build of the image +################################################# + +# With RUN you can excute any command you usally would run in a bash shell. +# It usually is a good idea to cleanup downloaded files or packages +# caches in the same in the same RUN statement to keep the image size +# small. You can execute multiple shell commands in one RUN statement +# by combine them with +# - `&&` (only execute if the previous command was successfull), +# - `||` (only execute if the previous command was unsuccesfull) +# - `;` (execute regardless of the success of the previous command) +# To format multiple command per RUN statement you can add a line break with `\`. +# If you need to execute complex sequences of commands you should execute +# scripts which you can copy into the image. +# ------------------------------------------------------------------------------- + +# RUN git clone https://github.com/exasol/data-science-examples +# RUN curl -o data-science-examples.zip https://codeload.github.com/exasol/data-science-examples/zip/master && \ +# unzip data-science-examples.zip && \ +# rm data-science-examples.zip + +##################################### +# Copy a file from ./ into the image. +##################################### + +# In case of exaslct it is important to prefix source files or directories with `flavor_customization` +# if you want to copy files or directories located in the same directory as this Dockerfile +# ----------------------------------------------------------------------------------------------------- + +# COPY flavor_customization/packages/cran_packages /build_info/packages/flavor_customization +# ADD flavor_customization/code.tar.gz /code + diff --git a/flavors/template-Exasol-all-java-17/flavor_customization/packages/apt_get_packages b/flavors/template-Exasol-all-java-17/flavor_customization/packages/apt_get_packages new file mode 100644 index 000000000..d78cd6de0 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_customization/packages/apt_get_packages @@ -0,0 +1,9 @@ +# This file specifies the package list which gets installed via apt. +# You must specify the the package and its version separated by a |. +# We recommend here the usage of package versions, to ensure that the container +# builds are reproducible. However, we allow also packages without version. +# As you can see, this file can contain comments which start with #. +# If a line starts with # the whole line is a comment, however you can +# also start a comment after the package definition. + +# p7zip-full|16.02+dfsg-6 # you can check which versions of a package are available with apt-cache policy diff --git a/flavors/template-Exasol-all-java-17/flavor_customization/packages/python2_pip_packages b/flavors/template-Exasol-all-java-17/flavor_customization/packages/python2_pip_packages new file mode 100644 index 000000000..a9f22f993 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_customization/packages/python2_pip_packages @@ -0,0 +1,9 @@ +# This file specifies the package list which gets installed via pip for python3. +# You must specify the the package and its version separated by a |. +# We recommend here the usage of package versions, to ensure that the container +# builds are reproducible. However, we allow also packages without version. +# As you can see, this file can contain comments which start with #. +# If a line starts with # the whole line is a comment, however you can +# also start a comment after the package definition. + +#tensorflow-probability|0.9.0 diff --git a/flavors/template-Exasol-all-java-17/flavor_customization/packages/python3_pip_packages b/flavors/template-Exasol-all-java-17/flavor_customization/packages/python3_pip_packages new file mode 100644 index 000000000..a9f22f993 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_customization/packages/python3_pip_packages @@ -0,0 +1,9 @@ +# This file specifies the package list which gets installed via pip for python3. +# You must specify the the package and its version separated by a |. +# We recommend here the usage of package versions, to ensure that the container +# builds are reproducible. However, we allow also packages without version. +# As you can see, this file can contain comments which start with #. +# If a line starts with # the whole line is a comment, however you can +# also start a comment after the package definition. + +#tensorflow-probability|0.9.0 diff --git a/flavors/template-Exasol-all-java-17/flavor_customization/packages/r_cran_packages b/flavors/template-Exasol-all-java-17/flavor_customization/packages/r_cran_packages new file mode 100644 index 000000000..b82fe11e4 --- /dev/null +++ b/flavors/template-Exasol-all-java-17/flavor_customization/packages/r_cran_packages @@ -0,0 +1,10 @@ +# This file specifies the package list which gets installed via the +# R remotes (https://github.com/r-lib/remotes) package from CRAN. +# You must specify the the package and its version separated by a |. +# We recommend here the usage of package versions, to ensure that the container +# builds are reproducible. However, we allow also packages without version. +# As you can see, this file can contain comments which start with #. +# If a line starts with # the whole line is a comment, however you can +# also start a comment after the package definition. + +#stringr|1.4.0