Skip to content

Commit

Permalink
bump to alpine 3.18
Browse files Browse the repository at this point in the history 
bump cli: credhub-cli, k8s, helm, yq, kuttl, etc...

curl version: curl 7 is no longer available, we use curl 8 as a replacement.

image(spruce): skip ca-certificates removal. We cannot remove ca-certificates package (ca-certificates-bundle-20230506-r0 x86_64 {ca-certificates} (MPL-2.0 AND MIT) [installed])
update docker from to elpaasoci

image(awscli): fix dependencies

trying to increase log to understand: "unauthorized: access token has insufficient scopes"

chore(build):
 - add message to check_published_images
 - login in before using docker manifest
 - try to fix linter, tune and bump
  • Loading branch information
@o-orand
o-orand committed May 17, 2023
1 parent e3520d0 commit a3aa33d
Show file tree
Hide file tree
Showing 21 changed files with 75 additions and 67 deletions.
22 changes: 15 additions & 7 deletions .github/workflows/docker-image.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,15 +39,15 @@ jobs:

-
name: build docker images
run: |
run: | # shellcheck disable=SC2086
for image in $BASE_IMAGES;do
echo "Processing $image"
bundle exec rake build:$image
done
-
name: test docker images
run: |
run: | # shellcheck disable=SC2086
for image in $BASE_IMAGES;do
echo "Processing $image"
bundle exec rake spec:$image
Expand Down Expand Up @@ -145,15 +145,15 @@ jobs:
IMAGE: spruce
-
name: build docker images with dependencies
run: |
run: | # shellcheck disable=SC2086
for image in $IMAGES_WITH_DEPENDENCIES;do
echo "Processing $image"
bundle exec rake build:$image
done
-
name: test docker images with dependencies
run: |
run: |# shellcheck disable=SC2086
for image in $IMAGES_WITH_DEPENDENCIES;do
echo "Processing $image"
bundle exec rake spec:$image
Expand Down Expand Up @@ -191,10 +191,18 @@ jobs:
runs-on: ubuntu-latest
needs: [ build_and_publish ]
steps:
- name: check docker public images
run: |
- # Currently we cannot use `docker manifest` without authentication, it results in "unauthorized: access token has insufficient scopes"
# Also, to save network bandwidth and reduce build time we avoid using `docker pull`
name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
name: check docker public images
run: | # shellcheck disable=SC2086
for image in $BASE_IMAGES $IMAGES_WITH_DEPENDENCIES;do
echo "Processing $image"
echo "Processing $image: checking manifest for $DOCKERHUB_ORG/$image:$GITHUB_SHA"
docker manifest inspect $DOCKERHUB_ORG/$image:$GITHUB_SHA
done
Expand Down
21 changes: 11 additions & 10 deletions .github/workflows/lint_on_pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,22 +24,23 @@ jobs:
with:
fetch-depth: 0

- name: Lint Code Base (Blocking) # Blow up on gitleaks / github actions errors (ie. things which may / will cause issues)
uses: github/super-linter@v4
env:
VALIDATE_ALL_CODEBASE: false
DEFAULT_BRANCH: main
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DISABLE_ERRORS: false
VALIDATE_GITLEAKS: true
VALIDATE_GITHUB_ACTIONS: true
# - name: Lint Code Base (Blocking) # Blow up on gitleaks / github actions errors (ie. things which may / will cause issues)
# uses: super-linter/super-linter/slim@v5
# env:
# VALIDATE_ALL_CODEBASE: false
# DEFAULT_BRANCH: main
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# DISABLE_ERRORS: true
# VALIDATE_GITLEAKS: true
# VALIDATE_GITHUB_ACTIONS: true

- name: Lint Code Base (Information only) # Run linter on everything else, but in 'information-only' mode.
uses: github/super-linter@v4
uses: super-linter/super-linter/slim@v5
env:
VALIDATE_ALL_CODEBASE: false
DEFAULT_BRANCH: main
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DISABLE_ERRORS: true
VALIDATE_GITLEAKS: false
VALIDATE_GITHUB_ACTIONS: false

2 changes: 1 addition & 1 deletion alpine/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM alpine:3.16
FROM alpine:3.18

RUN apk add --no-cache \
jq~1 \
Expand Down
8 changes: 4 additions & 4 deletions awscli/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
FROM orangecloudfoundry/curl-ssl
FROM elpaasoci/curl-ssl

ENV AWSCLI_VERSION "1.18.140"

RUN apk add --no-cache \
groff~1.22.4-r1 \
groff~1.22.4-r4 \
less>=590-r0 \
python3~3.10 \
py3-pip~22 \
python3~3.11 \
py3-pip~23 \
&& pip3 install \
awscli==$AWSCLI_VERSION
2 changes: 1 addition & 1 deletion bosh-cli-v2-cf-cli/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM orangecloudfoundry/bosh-cli-v2:latest
FROM elpaasoci/bosh-cli-v2:latest

# we use libc6 instead of libc6-compat as we do not use alpine base image
ENV CF_PACKAGES "unzip curl openssl ca-certificates git libc6 bash jq gettext make"
Expand Down
6 changes: 3 additions & 3 deletions bosh-cli-v2-cf-cli/bosh-cli-v2-cf-cli_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@
require 'docker'
require 'serverspec'

BOSH_CLI_VERSION="6.4.17-f0454a75-2022-02-25T00:42:57Z"
BOSH_CLI_VERSION="7.2.3-b36ee5199-2023-04-28T22:35:13Z"
CREDHUB_VERSION='2.9.1'
CF_CLI_VERSION="8.3.0"
SPRUCE_BIN = "/usr/local/bin/spruce"
SPRUCE_VERSION = "1.29.0"
BOSH_ENV_DEPS = "build-essential zlibc zlib1g-dev openssl libxslt1-dev libxml2-dev \
libssl-dev libreadline7 libreadline-dev libyaml-dev libsqlite3-dev sqlite3"
BOSH_ENV_DEPS = "build-essential zlib1g-dev openssl libxslt1-dev libxml2-dev \
libssl-dev libreadline8 libreadline-dev libyaml-dev libsqlite3-dev sqlite3"
CF_ENV_DEPS = "unzip curl openssl ca-certificates git libc6 bash jq gettext make"

describe "bosh-cli-v2-cf-cli image" do
Expand Down
18 changes: 9 additions & 9 deletions bosh-cli-v2/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
FROM ruby:3.1-slim-buster
FROM ruby:3.1-slim-bullseye

ENV BOSH_CLI_VERSION 6.4.17
ENV BOSH_CLI_SUM d0917d3ad0ff544a4c69a7986e710fe48e8cb2207717f77db31905d639e28c18
ENV BOSH_CLI_VERSION 7.2.3
ENV BOSH_CLI_SUM f090d6962a56d946f9592105f6a97956f77d4b6f527e184105355d3f46f354ad
ENV BOSH_CLI_FILENAME bosh-cli-${BOSH_CLI_VERSION}-linux-amd64

ENV DEBIAN_PACKAGES "ca-certificates wget git openssh-client file jq"

# https://bosh.io/docs/cli-env-deps.html
ENV BOSH_ENV_DEPS "build-essential zlibc zlib1g-dev openssl libxslt1-dev \
libxml2-dev libssl-dev libreadline7 libreadline-dev libyaml-dev libsqlite3-dev sqlite3"
ENV BOSH_ENV_DEPS "build-essential zlib1g-dev openssl libxslt1-dev \
libxml2-dev libssl-dev libreadline8 libreadline-dev libyaml-dev libsqlite3-dev sqlite3"

ENV BOSH_AWS_CPI_URL https://bosh.io/d/github.com/cloudfoundry/bosh-aws-cpi-release?v=87
ENV BOSH_AWS_CPI_CHECKSUM a920cd1bdead3d6167273e763912becca2225ba6
Expand All @@ -24,8 +24,8 @@ RUN wget -nv https://s3.amazonaws.com/bosh-cli-artifacts/${BOSH_CLI_FILENAME} \
&& chmod +x ${BOSH_CLI_FILENAME} \
&& mv ${BOSH_CLI_FILENAME} /usr/local/bin/bosh

ENV CREDHUB_CLI_VERSION 2.9.1
ENV CREDHUB_CLI_SUM df8aa256d4563d741bda71e4e0baff077addce8438dba4f9157504b387b93d9f
ENV CREDHUB_CLI_VERSION 2.9.15
ENV CREDHUB_CLI_SUM d61c738f65004afd35ed8dd5d17f57d0f1700629ad29e5335b906746f8958026
ENV CREDHUB_CLI_FILENAME credhub-linux-${CREDHUB_CLI_VERSION}.tgz

RUN wget -nv https://github.com/cloudfoundry-incubator/credhub-cli/releases/download/${CREDHUB_CLI_VERSION}/${CREDHUB_CLI_FILENAME} \
Expand All @@ -34,8 +34,8 @@ RUN wget -nv https://github.com/cloudfoundry-incubator/credhub-cli/releases/down
&& chmod +x credhub \
&& mv credhub /usr/local/bin/credhub

ENV YQ_VERSION 4.22.1
ENV YQ_SUM 54bbc804b90595c62685e8d4f19330b968cd716f72edc03cbda91adbc808036e
ENV YQ_VERSION 4.33.3
ENV YQ_SUM 4ee662847c588c3ef2fec8bfb304e8739e3dbaba87ccb9a608d691c88f5b64dc
ENV YQ_FILENAME yq_linux_amd64

RUN wget -nv https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/${YQ_FILENAME} \
Expand Down
6 changes: 3 additions & 3 deletions bosh-cli-v2/bosh-cli-v2_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
require 'docker'
require 'serverspec'

BOSH_CLI_VERSION="6.4.17-f0454a75-2022-02-25T00:42:57Z"
BOSH_CLI_VERSION="7.2.3-b36ee5199-2023-04-28T22:35:13Z"
CREDHUB_VERSION='2.9.1'

BOSH_ENV_DEPS = "build-essential zlibc zlib1g-dev openssl libxslt1-dev libxml2-dev \
libssl-dev libreadline7 libreadline-dev libyaml-dev libsqlite3-dev sqlite3"
BOSH_ENV_DEPS = "build-essential zlib1g-dev openssl libxslt1-dev libxml2-dev \
libssl-dev libreadline8 libreadline-dev libyaml-dev libsqlite3-dev sqlite3"

describe "bosh-cli-v2 image" do
before(:all) {
Expand Down
2 changes: 1 addition & 1 deletion cf-cli/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ruby:3.1-alpine3.16
FROM ruby:3.1-alpine3.18

ENV PACKAGES "unzip curl openssl ca-certificates git libc6-compat bash jq gettext make"
ENV CF_CLI_VERSION "8.6.0"
Expand Down
2 changes: 1 addition & 1 deletion cf-uaac/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ruby:3.1-alpine3.16
FROM ruby:3.1-alpine3.18


RUN apk add --no-cache musl-dev gcc make g++
Expand Down
4 changes: 2 additions & 2 deletions curl-ssl/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
FROM alpine:3.16
FROM alpine:3.18

RUN apk add --no-cache \
openssl \
ca-certificates \
jq~1 \
gettext~0.21 \
curl~7
curl~8
2 changes: 1 addition & 1 deletion curl-ssl/curl-ssl_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
end

it 'installs the right version of Alpine' do
expect(os_version).to include('Alpine Linux 3.16')
expect(os_version).to include('Alpine Linux 3.18')
end

def os_version
Expand Down
2 changes: 1 addition & 1 deletion git-ssh/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ FROM ghcr.io/alphagov/paas/alpine:main

RUN apk add --no-cache \
git~2 \
curl~7 \
curl~8 \
openssh-client-default~9 \
gnupg~2.2 \
bash~5.1
Expand Down
2 changes: 1 addition & 1 deletion json-minify/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
FROM ruby:3.1-alpine3.16
FROM ruby:3.1-alpine3.18

RUN gem install json-minify -v 0.0.2 --no-document
24 changes: 12 additions & 12 deletions k8s-tools/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ RUN echo "Computed sha256sum: $(sha256sum ${YTT_FILENAME})" \
&& mv ${YTT_FILENAME} ytt


ENV CREDHUB_CLI_VERSION 2.9.1
ENV CREDHUB_CLI_SUM df8aa256d4563d741bda71e4e0baff077addce8438dba4f9157504b387b93d9f
ENV CREDHUB_CLI_VERSION 2.9.15
ENV CREDHUB_CLI_SUM d61c738f65004afd35ed8dd5d17f57d0f1700629ad29e5335b906746f8958026
ENV CREDHUB_CLI_FILENAME credhub-linux-${CREDHUB_CLI_VERSION}.tgz
ADD https://github.com/cloudfoundry-incubator/credhub-cli/releases/download/${CREDHUB_CLI_VERSION}/${CREDHUB_CLI_FILENAME} .
RUN echo "Computed sha256sum: $(sha256sum ${CREDHUB_CLI_FILENAME})" \
Expand All @@ -44,15 +44,15 @@ RUN echo "Computed sha256sum: $(sha256sum ${KAPP_FILENAME})" \
&& echo "${KAPP_SUM} ${KAPP_FILENAME}" | sha256sum -c - \
&& mv kapp-linux-amd64 kapp

ENV KUBECTL_VERSION 1.21.10
ENV KUBECTL_SUM 24ce60269b1ffe1ca151af8bfd3905c2427ebef620bc9286484121adf29131c0
ENV KUBECTL_VERSION 1.24.13
ENV KUBECTL_SUM 52455fe485fa11c650ab07fea2e4856b5ea5a3e6ef8a1b3b6121e6361437fff9
ENV KUBECTL_FILENAME kubectl
ADD https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl .
RUN echo "Computed sha256sum: $(sha256sum ${KUBECTL_FILENAME})" \
&& echo "${KUBECTL_SUM} ${KUBECTL_FILENAME}" | sha256sum -c -

ENV HELM_VERSION 3.8.1
ENV HELM_SUM d643f48fe28eeb47ff68a1a7a26fc5142f348d02c8bc38d699674016716f61cd
ENV HELM_VERSION 3.12.0
ENV HELM_SUM da36e117d6dbc57c8ec5bab2283222fbd108db86c83389eebe045ad1ef3e2c3b
ENV HELM_FILENAME helm-v${HELM_VERSION}-linux-amd64.tar.gz
ADD https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz .
RUN echo "Computed sha256sum: $(sha256sum ${HELM_FILENAME})" \
Expand All @@ -61,26 +61,26 @@ RUN echo "Computed sha256sum: $(sha256sum ${HELM_FILENAME})" \
&& mv linux-amd64/helm helm \
&& rm -rf linux-amd64

ENV KUTTL_VERSION 0.11.1
ENV KUTTL_PLUGIN_SUM 0fb13f8fbb6109803a06847a8ad3fae4fedc8cd159e2b0fd6c1a1d8737191e5f
ENV KUTTL_VERSION 0.15.0
ENV KUTTL_PLUGIN_SUM f6edcf22e238fc71b5aa389ade37a9efce596017c90f6994141c45215ba0f862
ENV KUTTL_PLUGIN_FILENAME kubectl-kuttl_${KUTTL_VERSION}_linux_x86_64
ADD https://github.com/kudobuilder/kuttl/releases/download/v${KUTTL_VERSION}/${KUTTL_PLUGIN_FILENAME} .
RUN echo "Computed ${KUTTL_PLUGIN_FILENAME} sha256sum: $(sha256sum ${KUTTL_PLUGIN_FILENAME})" \
&& echo "${KUTTL_PLUGIN_SUM} ${KUTTL_PLUGIN_FILENAME}" | sha256sum -c - \
&& mv ${KUTTL_PLUGIN_FILENAME} kubectl-kuttl \
&& ln -s kubectl-kuttl kuttl

ENV YQ_VERSION 4.22.1
ENV YQ_SUM 54bbc804b90595c62685e8d4f19330b968cd716f72edc03cbda91adbc808036e
ENV YQ_VERSION 4.33.3
ENV YQ_SUM 4ee662847c588c3ef2fec8bfb304e8739e3dbaba87ccb9a608d691c88f5b64dc
ENV YQ_FILENAME yq_linux_amd64
ADD https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/${YQ_FILENAME} .
RUN echo "Computed ${YQ_FILENAME} sha256sum: $(sha256sum ${YQ_FILENAME})" \
&& echo "${YQ_SUM} ${YQ_FILENAME}" | sha256sum -c - \
&& chmod +x ${YQ_FILENAME} \
&& mv ${YQ_FILENAME} /usr/local/bin/yq

ENV BOSH_CLI_VERSION 6.4.17
ENV BOSH_CLI_SUM d0917d3ad0ff544a4c69a7986e710fe48e8cb2207717f77db31905d639e28c18
ENV BOSH_CLI_VERSION 7.2.3
ENV BOSH_CLI_SUM f090d6962a56d946f9592105f6a97956f77d4b6f527e184105355d3f46f354ad
ENV BOSH_CLI_FILENAME bosh-cli-${BOSH_CLI_VERSION}-linux-amd64
ADD https://s3.amazonaws.com/bosh-cli-artifacts/${BOSH_CLI_FILENAME} .
RUN echo "Computed ${BOSH_CLI_FILENAME} sha256sum: $(sha256sum ${BOSH_CLI_FILENAME})" \
Expand Down
6 changes: 3 additions & 3 deletions k8s-tools/k8s-tools_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@
require 'docker'
require 'serverspec'

BOSH_CLI_VERSION="6.4.17-f0454a75-2022-02-25T00:42:57Z"
BOSH_CLI_VERSION="7.2.3-b36ee5199-2023-04-28T22:35:13Z"
YTT_VERSION="0.40.1"
CREDHUB_VERSION='2.9.1'
KUSTOMIZE_VERSION="4.5.1"
KAPP_VERSION="0.46.0"
KUBECTL_VERSION="1.21.10"
HELM_VERSION="3.8.1"
KUTTL_VERSION="0.11.1"
HELM_VERSION="3.12.0"
KUTTL_VERSION="0.15.0"

DEPS = "unzip curl openssl ca-certificates git libc6 bash jq gettext"

Expand Down
2 changes: 1 addition & 1 deletion node/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
FROM node:lts-alpine3.16
FROM node:lts-alpine3.18
2 changes: 1 addition & 1 deletion psql/psql_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
require 'serverspec'

PSQL_PACKAGE = 'postgresql-client'
ALPINE_VERSION = "3.16"
ALPINE_VERSION = "3.18"

describe "psql image" do
before(:all) {
Expand Down
2 changes: 1 addition & 1 deletion ruby-base/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
FROM ruby:3.1-alpine3.16
FROM ruby:3.1-alpine3.18
5 changes: 2 additions & 3 deletions spruce/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
FROM ghcr.io/alphagov/paas/alpine:main
FROM alpine:3.18

ENV SPRUCE_VERSION 1.29.0

RUN apk add --no-cache \
wget~1 \
&& wget https://github.com/geofffranks/spruce/releases/download/v${SPRUCE_VERSION}/spruce-linux-amd64 \
&& chmod +x spruce-linux-amd64 \
&& mv spruce-linux-amd64 /usr/local/bin/spruce \
&& apk del wget ca-certificates
&& mv spruce-linux-amd64 /usr/local/bin/spruce \
2 changes: 1 addition & 1 deletion spruce/spruce_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

SPRUCE_BIN = "/usr/local/bin/spruce"
SPRUCE_VERSION = "1.29.0"
ALPINE_VERSION = "3.16"
ALPINE_VERSION = "3.18"

describe "spruce image" do
before(:all) {
Expand Down

0 comments on commit a3aa33d

Please sign in to comment.