-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Reapply "add pnpm support, respect lockfiles"
This reverts commit 2d1046b. Signed-off-by: MarkAckert <[email protected]>
- Loading branch information
0 parents
commit 07cadb1
Showing
213 changed files
with
39,270 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| # Set base image as Debian Buster w/ Packaged Ruby | ||
| FROM debian:bullseye | ||
|
|
||
| ##################################################### | ||
| # version the Dockerfile, so we can do release bump | ||
| LABEL version="1.0.0" | ||
|
|
||
| USER root | ||
|
|
||
| RUN apt-get update -y && apt-get upgrade -y | ||
| RUN apt-get install -y curl bash python3 zip unzip wget software-properties-common python3-pip git | ||
| RUN curl -sL https://deb.nodesource.com/setup_20.x | bash - | ||
| RUN apt-get update -y && apt-get install -y nodejs openjdk-11-jdk pkg-config | ||
|
|
||
| RUN mkdir /report | ||
| RUN mkdir -p /home/build | ||
|
|
||
| ENV HOME=/root | ||
|
|
||
| WORKDIR /home/build | ||
|
|
||
| RUN mkdir -p "$HOME/.npm_global" | ||
| ENV NPM_CONFIG_PREFIX="$HOME/.npm-global" | ||
| ENV PATH=$PATH:"$HOME/.npm-global/bin" | ||
| ENV PATH="$HOME/.cargo/bin:$PATH" | ||
|
|
||
| RUN npm install -g yarn | ||
|
|
||
| RUN wget -qO- https://get.pnpm.io/install.sh | ENV="$HOME/.bashrc" SHELL="$(which bash)" bash - | ||
|
|
||
| ENV owasp_version=5.3.2 | ||
| ENV owasp_dc_download="https://github.com/jeremylong/DependencyCheck/releases/download/v${owasp_version}/" | ||
|
|
||
| RUN file="dependency-check-${owasp_version}-release.zip" && \ | ||
| wget "$owasp_dc_download/$file" && \ | ||
| unzip ${file} && \ | ||
| rm ${file} | ||
|
|
||
| WORKDIR /home/build | ||
|
|
||
| RUN curl -fL https://getcli.jfrog.io/v2 | sh && chmod 775 jfrog && mv jfrog /usr/local/bin | ||
|
|
||
|
|
||
| RUN apt-get install libssl-dev build-essential jq -y | ||
|
|
||
| RUN curl https://sh.rustup.rs -sSf | sh -s -- -y | ||
| RUN . "$HOME/.cargo/env" | ||
| RUN env | ||
|
|
||
| RUN rustup install stable && rustup default stable | ||
| RUN cargo install cargo-license | ||
| RUN cargo install get-license-helper | ||
|
|
||
| ARG ORT_VERSION=15.1.0 | ||
|
|
||
| RUN git clone https://github.com/oss-review-toolkit/ort | ||
| WORKDIR /home/build/ort | ||
| RUN git checkout "$ORT_VERSION" | ||
| RUN git submodule update --init --recursive | ||
| RUN ./gradlew installDist | ||
|
|
||
| ## ORT Binary install - requires Java 17+, which causes issues with some of our v2 projects (Java 11) | ||
| # RUN wget -O ort.zip "https://github.com/oss-review-toolkit/ort/releases/download/$ORT_VERSION/ort-$ORT_VERSION.zip" | ||
| # RUN unzip ort.zip | ||
| ENV PATH=/home/build/ort/cli/build/install/ort/bin:$PATH | ||
|
|
||
| WORKDIR /home/build | ||
|
|
||
| ENTRYPOINT [ "tail", "-f", "/dev/null" ] | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| FROM fossology/fossology:3.11.0 | ||
|
|
||
| RUN apt-get update -y && apt-get install python3 python3-pip -y | ||
|
|
||
| RUN pip3 install fossology requests |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,91 @@ | ||
| name: Clean up | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| # push: | ||
| schedule: | ||
| - cron: '04 2 * * *' | ||
|
|
||
| jobs: | ||
|
|
||
| cleanup-artifactory: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: 'Setup jFrog CLI' | ||
| uses: jfrog/setup-jfrog-cli@v4 | ||
| # env: | ||
| # JF_ENV_1: ${{ secrets.JF_ARTIFACTORY_TOKEN }} | ||
|
|
||
| - name: Update jfrog config | ||
| run: | | ||
| jfrog config add zowe --overwrite --interactive=false --artifactory-url=https://zowe.jfrog.io/zowe --user=${jfrog_username} --password=${jfrog_password} 1>/dev/null 2>/dev/null | ||
| env: | ||
| jfrog_username: ${{ secrets.ARTIFACTORY_X_USERNAME }} | ||
| jfrog_password: ${{ secrets.ARTIFACTORY_X_PASSWORD }} | ||
|
|
||
| - name: Cleanup nightly builds on Zowe Artifactory | ||
| run: | | ||
| cd artifactory-tools | ||
| ./clean-nightly.sh -a zowe | ||
| - name: Cleanup snapshots on Zowe Artifactory | ||
| run: | | ||
| cd artifactory-tools | ||
| ./clean-snapshots.sh -a zowe | ||
| cleanup-zos: | ||
| strategy: | ||
| matrix: | ||
| servers: | ||
| - {"name": "zzow06", "host": "SSH_MARIST_ACF2_HOST", "password": "SSH_MARIST_ACF2_PASSWORD"} | ||
| - {"name": "zzow07", "host": "SSH_MARIST_TSS_HOST", "password": "SSH_MARIST_TSS_PASSWORD"} | ||
| - {"name": "zzow08", "host": "SSH_MARIST_RACF_HOST", "password": "SSH_MARIST_RACF_PASSWORD"} | ||
| fail-fast: false | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Cleanup ${{ matrix.servers.name }} | ||
| run: | | ||
| sshpass -p "${ssh_password}" scp -P ${ssh_port} -o StrictHostKeyChecking=no -o PubkeyAuthentication=no scripts/cleanup-zos.sh ${ssh_user}@${ssh_host}:/tmp/cleanup-zos.sh | ||
| sshpass -p "${ssh_password}" scp -P ${ssh_port} -o StrictHostKeyChecking=no -o PubkeyAuthentication=no scripts/compress.rexx ${ssh_user}@${ssh_host}:/tmp/compress.rexx | ||
| SSHPASS=${ssh_password} sshpass -e ssh -tt -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -p ${ssh_port} ${ssh_user}@${ssh_host} << EOF | ||
| cd /tmp && chmod +x cleanup-zos.sh && chmod +x compress.rexx && ./cleanup-zos.sh | ||
| echo "done" && exit 0 | ||
| EOF | ||
| env: | ||
| ssh_host: ${{ secrets[matrix.servers.host] }} | ||
| ssh_port: 65522 | ||
| ssh_user: ${{ secrets.SSH_MARIST_USERNAME }} | ||
| ssh_password: ${{ secrets[matrix.servers.password] }} | ||
|
|
||
| cleanup-loz: | ||
| strategy: | ||
| matrix: | ||
| servers: | ||
| - {"name": "loz-docker-1", "host": "ZLINUX_HOST", "user": "ZLINUX_SSH_USER", "key": "ZLINUX_SSH_KEY", "passphrase": "ZLINUX_SSH_PASSPHRASE"} | ||
| fail-fast: false | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Cleanup ${{ matrix.servers.name }} | ||
| run: | | ||
| echo "${ssh_key}" > ~/ssh_key | ||
| chmod 700 ~/ssh_key | ||
| SSHPASS=${ssh_passphrase} sshpass -e -P 'passphrase for key' scp -P 22 -o StrictHostKeyChecking=no -o LogLevel=QUIET -i ~/ssh_key scripts/cleanup-zlinux.sh ${ssh_user}@${ssh_host}:/tmp/cleanup-zlinux.sh | ||
| SSHPASS=${ssh_passphrase} sshpass -e -P 'passphrase for key' ssh -tt -o StrictHostKeyChecking=no -o LogLevel=QUIET -p 22 -i ~/ssh_key ${ssh_user}@${ssh_host} << EOF | ||
| cd /tmp && chmod +x cleanup-zlinux.sh && ./cleanup-zlinux.sh | ||
| echo "done" && exit 0 | ||
| EOF | ||
| env: | ||
| ssh_host: ${{ secrets[matrix.servers.host] }} | ||
| ssh_port: 22 | ||
| ssh_user: ${{ secrets[matrix.servers.user] }} | ||
| ssh_key: ${{ secrets[matrix.servers.key] }} | ||
| ssh_passphrase: ${{ secrets[matrix.servers.passphrase] }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| name: Build and Push Dockerfiles | ||
|
|
||
| permissions: read-all | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| publish_release: | ||
| description: Should the license bundle be published to docker-release | ||
| type: boolean | ||
| required: true | ||
| default: false | ||
| image_version: | ||
| description: Version to associate with the image (default- 'latest') | ||
| type: string | ||
| required: false | ||
| default: 'latest' | ||
| env: | ||
| PUBLISH_RELEASE: ${{ github.event.inputs.publish_release }} | ||
| TARGET_DOCKER_REGISTRY: "" | ||
|
|
||
| jobs: | ||
|
|
||
| build: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
|
|
||
| - name: Set target docker registry | ||
| run: | | ||
| if [ "$PUBLISH_RELEASE" = true ]; then | ||
| echo "TARGET_DOCKER_REGISTRY=zowe-docker-release.jfrog.io" >> $GITHUB_ENV | ||
| else | ||
| echo "TARGET_DOCKER_REGISTRY=zowe-docker-snapshot.jfrog.io" >> $GITHUB_ENV | ||
| fi | ||
| - name: Checkout | ||
| uses: actions/checkout@v2 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v1 | ||
|
|
||
| - name: Login to JFrog | ||
| uses: docker/login-action@v1 | ||
| with: | ||
| registry: ${{ env.TARGET_DOCKER_REGISTRY }} | ||
| username: ${{ secrets.ARTIFACTORY_USERNAME }} | ||
| password: ${{ secrets.ARTIFACTORY_PASSWORD }} | ||
|
|
||
| - name: Build and push to release | ||
| id: docker_build | ||
| uses: docker/build-push-action@v2 | ||
| with: | ||
| push: true | ||
| file: .dockerfiles/ort.Dockerfile | ||
| tags: ${{ env.TARGET_DOCKER_REGISTRY }}/ompzowe/zowecicd-license-base:${{ github.event.inputs.image_version }} | ||
|
|
||
|
|
Oops, something went wrong.