Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor image building (e.g. using Buildah instead of Docker) #66

Merged
merged 9 commits into from
Nov 13, 2024
33 changes: 8 additions & 25 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,6 @@ jobs:
TAG: "24.03-lts"
- CONTEXT: operating_systems/oraclelinux
TAG: "5"
UPDATED: false
- CONTEXT: operating_systems/oraclelinux
TAG: "6"
- CONTEXT: operating_systems/oraclelinux
Expand All @@ -136,59 +135,45 @@ jobs:
- CONTEXT: operating_systems/rhel
BASEIMAGE: registry.access.redhat.com/ubi7
TAG: "7.6"
UPDATED: false
- CONTEXT: operating_systems/rhel
BASEIMAGE: registry.access.redhat.com/ubi7
TAG: "7.7"
UPDATED: false
- CONTEXT: operating_systems/rhel
BASEIMAGE: registry.access.redhat.com/ubi7
TAG: "7.8"
UPDATED: false
- CONTEXT: operating_systems/rhel
BASEIMAGE: registry.access.redhat.com/ubi7
TAG: "7.9"
UPDATED: false
- CONTEXT: operating_systems/rhel
BASEIMAGE: registry.access.redhat.com/ubi8
TAG: "8.0"
UPDATED: false
- CONTEXT: operating_systems/rhel
BASEIMAGE: registry.access.redhat.com/ubi8
TAG: "8.1"
UPDATED: false
- CONTEXT: operating_systems/rhel
BASEIMAGE: registry.access.redhat.com/ubi8
TAG: "8.2"
UPDATED: false
- CONTEXT: operating_systems/rhel
BASEIMAGE: registry.access.redhat.com/ubi8
TAG: "8.3"
UPDATED: false
- CONTEXT: operating_systems/rhel
BASEIMAGE: registry.access.redhat.com/ubi8
TAG: "8.4"
UPDATED: false
- CONTEXT: operating_systems/rhel
BASEIMAGE: registry.access.redhat.com/ubi8
TAG: "8.5"
UPDATED: false
- CONTEXT: operating_systems/rhel
BASEIMAGE: registry.access.redhat.com/ubi8
TAG: "8.6"
UPDATED: false
- CONTEXT: operating_systems/rhel
BASEIMAGE: registry.access.redhat.com/ubi8
TAG: "8.7"
UPDATED: false
- CONTEXT: operating_systems/rhel
BASEIMAGE: registry.access.redhat.com/ubi9
TAG: "9.0.0"
UPDATED: false
- CONTEXT: operating_systems/rhel
BASEIMAGE: registry.access.redhat.com/ubi9
TAG: "9.1.0"
UPDATED: false
- CONTEXT: operating_systems/rockylinux
TAG: "8.5"
- CONTEXT: operating_systems/rockylinux
Expand Down Expand Up @@ -217,6 +202,7 @@ jobs:
TAG: "15.0"
- CONTEXT: operating_systems/slackware
TAG: current
UPDATED: true
- CONTEXT: operating_systems/ubuntu
TAG: "10.04"
- CONTEXT: operating_systems/ubuntu
Expand Down Expand Up @@ -273,9 +259,9 @@ jobs:
TAG: "24.10"
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Login to Docker Registry
uses: docker/login-action@v3
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7
with:
registry: ghcr.io
username: ${{ github.actor }}
Expand All @@ -295,29 +281,26 @@ jobs:
echo "EOF" >> $GITHUB_ENV

- name: Build Docker image
uses: docker/build-push-action@v6
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2.13
with:
context: ${{ matrix.CONTEXT }}
load: true
containerfiles: ${{ matrix.CONTEXT }}/Dockerfile
tags: ${{ env.IMAGE }}
build-args: ${{ env.BUILD_ARGS }}

- name: Test Docker image
run: |
docker run --rm -d --name target -p 2222:22 ${{ env.IMAGE }}
podman run --rm -d --name target -p 2222:22 ${{ env.IMAGE }}
sshpass -p demo ssh \
-o "StrictHostKeyChecking no" \
-o "KexAlgorithms $(ssh -Q kex | tr '\n' ',' | head -c -1)" \
-o "Ciphers $(ssh -Q ciphers | tr '\n' ',' | head -c -1)" \
-o "HostKeyAlgorithms $(ssh -Q key | tr '\n' ',' | head -c -1)" \
demo@localhost -p 2222 echo "Hello from \$(whoami)@\$(cat /etc/hostname)"
docker stop target
podman stop target

- name: Publish Docker image
uses: docker/build-push-action@v6
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8
if: ${{ github.event_name == 'push' }}
with:
context: ${{ matrix.CONTEXT }}
push: true
tags: ${{ env.IMAGE }}
build-args: ${{ env.BUILD_ARGS }}
2 changes: 1 addition & 1 deletion .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,4 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Dependency Review'
uses: greenbone/actions/dependency-review@v3
uses: greenbone/actions/dependency-review@a1883bd24d2d921426b3f06413e84606ecd43bdd # v3.27.11
2 changes: 1 addition & 1 deletion .github/workflows/sbom-upload.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@ jobs:
contents: write
steps:
- name: 'SBOM upload'
uses: greenbone/actions/sbom-upload@v3
uses: greenbone/actions/sbom-upload@a1883bd24d2d921426b3f06413e84606ecd43bdd # v3.27.11
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -164,8 +164,8 @@ To build e.g. the image for Mageia 8 use:
docker build operating_systems/mageia --build-arg=TAG=8 -t mageia:8
```

If not specified otherwise, the image will be built with its packages explicitly updated. This is available for most images. To build the image for Oracle Linux 5 (non-updated) use:
If not specified otherwise, the image will be built with its packages explicitly not updated. This is available for most images. To build the image for Oracle Linux 5 (updated) use:

```
docker build operating_systems/oraclelinux --build-arg=TAG=5 --build-arg=UPDATED=false -t oraclelinux:5
docker build operating_systems/oraclelinux --build-arg=TAG=5 --build-arg=UPDATED=true -t oraclelinux:5
```
2 changes: 1 addition & 1 deletion applications/generic/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ ARG BASEIMAGE
ARG TAG

FROM ghcr.io/greenbone/vt-test-environments/${BASEIMAGE}:${TAG}
ARG UPDATED=true
ARG UPDATED=false
ARG TAG

# Install dependencies
Expand Down
2 changes: 1 addition & 1 deletion applications/home-assistant/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ARG BASEIMAGE=homeassistant/home-assistant
ARG BASEIMAGE=docker.io/homeassistant/home-assistant
ARG TAG

FROM ${BASEIMAGE}:${TAG}
Expand Down
4 changes: 2 additions & 2 deletions applications/oracle-weblogic/10.3.6.0-2017/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BASEIMAGE=vulhub/weblogic
ARG BASEIMAGE=docker.io/vulhub/weblogic
ARG TAG=10.3.6.0-2017

FROM ${BASEIMAGE}:${TAG}
ARG UPDATED=true
ARG UPDATED=false

ENV DEBIAN_FRONTEND=noninteractive
RUN ( \
Expand Down
4 changes: 2 additions & 2 deletions applications/oracle-weblogic/12.2.1.3-2018/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BASEIMAGE=vulhub/weblogic
ARG BASEIMAGE=docker.io/vulhub/weblogic
ARG TAG=12.2.1.3-2018

FROM ${BASEIMAGE}:${TAG}
ARG UPDATED=true
ARG UPDATED=false

USER root

Expand Down
4 changes: 2 additions & 2 deletions operating_systems/almalinux/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BASEIMAGE=almalinux
ARG BASEIMAGE=docker.io/library/almalinux
ARG TAG

FROM ${BASEIMAGE}:${TAG}
ARG UPDATED=true
ARG UPDATED=false
ARG TAG

# Lock releasever to the tag to pin the minor release
Expand Down
4 changes: 2 additions & 2 deletions operating_systems/amazonlinux/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BASEIMAGE=amazonlinux
ARG BASEIMAGE=docker.io/library/amazonlinux
ARG TAG

FROM ${BASEIMAGE}:${TAG}
ARG UPDATED=true
ARG UPDATED=false

RUN if [ "$UPDATED" = true ]; then yum upgrade -y; fi \
&& yum install -y openssh-server passwd \
Expand Down
4 changes: 2 additions & 2 deletions operating_systems/debian/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BASEIMAGE=debian
ARG BASEIMAGE=docker.io/library/debian
ARG TAG

FROM ${BASEIMAGE}:${TAG}
ARG UPDATED=true
ARG UPDATED=false

ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update \
Expand Down
2 changes: 1 addition & 1 deletion operating_systems/euleros/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Don't use anything RHEL 9-based. It'll break the RPM GPG key.
FROM rockylinux:8.6 as builder
FROM docker.io/library/rockylinux:8.6 as builder

ARG TAG
WORKDIR /tmp
Expand Down
4 changes: 2 additions & 2 deletions operating_systems/fedora/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BASEIMAGE=fedora
ARG BASEIMAGE=docker.io/library/fedora
ARG TAG

FROM ${BASEIMAGE}:${TAG}
ARG UPDATED=true
ARG UPDATED=false

RUN if [ "$UPDATED" = true ]; then dnf upgrade -y; fi \
&& dnf install -y openssh-server \
Expand Down
4 changes: 2 additions & 2 deletions operating_systems/mageia/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BASEIMAGE=mageia
ARG BASEIMAGE=docker.io/library/mageia
ARG TAG

FROM ${BASEIMAGE}:${TAG}
ARG UPDATED=true
ARG UPDATED=false

RUN if [ "$UPDATED" = true ]; then dnf upgrade -y; fi \
&& dnf install -y openssh-server \
Expand Down
4 changes: 2 additions & 2 deletions operating_systems/openeuler/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BASEIMAGE=openeuler/openeuler
ARG BASEIMAGE=docker.io/openeuler/openeuler
ARG TAG

FROM ${BASEIMAGE}:${TAG}
ARG UPDATED=true
ARG UPDATED=false

RUN if [ "$UPDATED" = true ]; then dnf upgrade -y; fi \
&& dnf install -y openssh-server passwd \
Expand Down
4 changes: 2 additions & 2 deletions operating_systems/oraclelinux/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BASEIMAGE=oraclelinux
ARG BASEIMAGE=docker.io/library/oraclelinux
ARG TAG

FROM ${BASEIMAGE}:${TAG}
ARG UPDATED=true
ARG UPDATED=false

RUN if [ "$UPDATED" = true ]; then yum upgrade -y && yum clean all; fi \
&& useradd demo \
Expand Down
4 changes: 2 additions & 2 deletions operating_systems/rockylinux/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BASEIMAGE=rockylinux
ARG BASEIMAGE=docker.io/library/rockylinux
ARG TAG

FROM ${BASEIMAGE}:${TAG}
ARG UPDATED=true
ARG UPDATED=false
ARG TAG

# Lock releasever to the tag to pin the minor release
Expand Down
4 changes: 2 additions & 2 deletions operating_systems/slackware/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BASEIMAGE=vbatts/slackware
ARG BASEIMAGE=docker.io/vbatts/slackware
ARG TAG

FROM ${BASEIMAGE}:${TAG}
ARG UPDATED=true
ARG UPDATED=false

RUN slackpkg update \
# When updating, we need to upgrade slackpkg itself first. Otherwise upgrade-all will abort.
Expand Down
4 changes: 2 additions & 2 deletions operating_systems/ubuntu/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BASEIMAGE=ubuntu
ARG BASEIMAGE=docker.io/library/ubuntu
ARG TAG

FROM ${BASEIMAGE}:${TAG}
ARG UPDATED=true
ARG UPDATED=false

ENV DEBIAN_FRONTEND=noninteractive
RUN ( \
Expand Down
Loading