extras
/
coder-enterprise-images
mirror of https://github.com/coder/enterprise-images.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

breaking: removed support for CentOS (#207) 

- Due to excessive vulnerabilities removed `brew` from Ubuntu images.
This commit is contained in:
Jon Ayers 2023-02-16 11:43:56 -06:00 committed by GitHub
parent e6f03c8b73
commit b7d2fa64af
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 24 additions and 346 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
.github/workflows/build.yaml vendored
View File

@ -62,12 +62,8 @@ jobs:
images:
runs-on: ubuntu-latest-8-cores
strategy:
matrix:
job:
- centos
- ubuntu
fail-fast: false
name: images/${{ matrix.job }}
name: images/ubuntu
steps:
- name: Cancel previous runs
if: github.event_name == 'pull_request'
@ -80,28 +76,28 @@ jobs:
run: |
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.37.1
- name: Build ${{ matrix.job }} images
- name: Build ubuntu images
run: |
${{ github.workspace }}/scripts/build_images.sh \
--tag=${{ matrix.job }}
--tag=ubuntu
- name: Scan ${{ matrix.job }} images
- name: Scan ubuntu images
run: |
${{ github.workspace }}/scripts/scan_images.sh \
--tag=${{ matrix.job }} \
--output-file=trivy-results-${{ matrix.job }}.sarif
--tag=ubuntu \
--output-file=trivy-results-ubuntu.sarif
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: trivy-results-${{ matrix.job }}.sarif
category: trivy-${{ matrix.job }}
sarif_file: trivy-results-ubuntu.sarif
category: trivy-ubuntu
- name: Upload Trivy scan results as an artifact
uses: actions/upload-artifact@v3
with:
name: trivy-${{ matrix.job }}
path: trivy-results-${{ matrix.job }}.sarif
name: trivy-ubuntu
path: trivy-results-ubuntu.sarif
retention-days: 7
- name: Authenticate to Docker Hub
@ -115,4 +111,4 @@ jobs:
if: github.event_name != 'pull_request'
run: |
${{ github.workspace }}/scripts/push_images.sh \
--tag=${{ matrix.job }}
--tag=ubuntu

4
README.md
View File

@ -37,3 +37,7 @@ under the `ubuntu` tag.
## Contributing
See our [contributing guide](.github/CONTRIBUTING.md).
## Changelog
Reference our [changelog](./changelog.md) for updates made to images.

6
changelog.md Normal file
View File

@ -0,0 +1,6 @@
# Enterprise Images Changelog
## BREAKING 02/15/2023
- Due to low usage, removed support for CentOS base images.
- Due to excessive vulnerabilities removed `brew` from Ubuntu images.

55
images/base/Dockerfile.centos
View File

@ -1,55 +0,0 @@
FROM quay.io/centos/centos:stream8
SHELL ["/bin/bash", "-c"]
# Add the EPEL repolist
RUN dnf upgrade --assumeyes --refresh && \
dnf install --assumeyes epel-release && \
dnf install --assumeyes \
bash \
ca-certificates \
curl \
device-mapper-persistent-data \
dnf-utils \
gcc \
gcc-c++ \
git \
htop \
lvm2 \
make \
man \
python3 \
sudo \
unzip \
vim \
wget \
rsync && \
dnf clean all
RUN dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \
dnf install --assumeyes \
containerd.io \
docker-ce && \
systemctl enable docker
# Add docker-compose
RUN curl -L "https://github.com/docker/compose/releases/download/v2.16.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
RUN chmod +x /usr/local/bin/docker-compose
# Make typing unicode characters in the terminal work.
ENV LANG en_US.UTF-8
# Add a user `coder` so that you're not developing as the `root` user
RUN useradd coder \
--create-home \
--shell=/bin/bash \
--groups=docker \
--uid=1000 \
--user-group && \
echo "coder ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers.d/nopasswd
USER coder
# install Homebrew, must be as a non-root user
RUN HOMEBREW_INSTALL_FROM_API=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
ENV PATH /home/linuxbrew/.linuxbrew/bin:${PATH}

4
images/base/Dockerfile.ubuntu
View File

@ -57,7 +57,3 @@ RUN useradd coder \
echo "coder ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers.d/nopasswd
USER coder
# install Homebrew, must be as a non-root user
RUN HOMEBREW_INSTALL_FROM_API=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
ENV PATH /home/linuxbrew/.linuxbrew/bin:${PATH}

14
images/clion/Dockerfile.centos
View File

@ -1,14 +0,0 @@
FROM codercom/enterprise-multieditor:centos
# Run everything as root
USER root
# Install clion.
RUN mkdir -p /opt/clion
RUN curl -L "https://download.jetbrains.com/product?code=CL&latest&distribution=linux" | tar -C /opt/clion --strip-components 1 -xzvf -
# Add a binary to the PATH that points to the clion startup script.
RUN ln -s /opt/clion/bin/clion.sh /usr/bin/clion
# Set back to coder user
USER coder

14
images/dataSpell/Dockerfile.centos
View File

@ -1,14 +0,0 @@
FROM codercom/enterprise-multieditor:centos
# Run everything as root
USER root
# Install DataSpell.
RUN mkdir -p /opt/dataspell
RUN curl -L "https://download-cdn.jetbrains.com/python/dataspell-2021.3.3.tar.gz" | tar -C /opt/dataspell --strip-components 1 -xzvf -
# Add a binary to the PATH that points to the pycharm startup script.
RUN ln -s /opt/dataspell/bin/dataspell.sh /usr/bin/dataspell
# Set back to coder user
USER coder

24
images/goland/Dockerfile.centos
View File

@ -1,24 +0,0 @@
FROM codercom/enterprise-golang:centos
# Run everything as root
USER root
# Packages required for multi-editor support
RUN yum update -y && yum install -y \
openssl \
libXtst \
libXrender \
fontconfig \
libXi \
gtk3 \
libGL
# Install goland.
RUN mkdir -p /opt/goland
RUN curl -L "https://download.jetbrains.com/product?code=GO&latest&distribution=linux" | tar -C /opt/goland --strip-components 1 -xzvf -
# Add a binary to the PATH that points to the goland startup script.
RUN ln -s /opt/goland/bin/goland.sh /usr/bin/goland
# Set back to coder user
USER coder

18
images/golang/Dockerfile.centos
View File

@ -1,18 +0,0 @@
FROM codercom/enterprise-base:centos
# Run everything as root
USER root
# Install go
RUN curl -L "https://go.dev/dl/go1.20.linux-amd64.tar.gz" | tar -C /usr/local -xzvf -
# Setup go env vars
ENV GOROOT /usr/local/go
ENV PATH $PATH:$GOROOT/bin
ENV GOPATH /home/coder/go
ENV GOBIN $GOPATH/bin
ENV PATH $PATH:$GOBIN
# Set back to coder user
USER coder

24
images/intellij/Dockerfile.centos
View File

@ -1,24 +0,0 @@
FROM codercom/enterprise-java:centos
# Run everything as root
USER root
# Packages required for multi-editor support
RUN yum update -y && yum install -y \
openssl \
libXtst \
libXrender \
fontconfig \
libXi \
gtk3 \
libGL
# Install intellij
RUN mkdir -p /opt/idea
RUN curl -L "https://download.jetbrains.com/product?code=IIC&latest&distribution=linux" | tar -C /opt/idea --strip-components 1 -xzvf -
# Add a binary to the PATH that points to the intellij startup script.
RUN ln -s /opt/idea/bin/idea.sh /usr/bin/intellij-idea-ultimate
# Set back to coder user
USER coder

55
images/java/Dockerfile.centos
View File

@ -1,55 +0,0 @@
FROM codercom/enterprise-base:centos
# Run everything as root
USER root
# Install JDK (OpenJDK 8)
RUN yum install -y java-1.8.0-openjdk-devel
ENV JAVA_HOME /usr/lib/jvm/java-1.8.0
ENV PATH $PATH:$JAVA_HOME/bin
# Install Maven
ARG MAVEN_VERSION=3.6.3
ARG MAVEN_SHA512=c35a1803a6e70a126e80b2b3ae33eed961f83ed74d18fcd16909b2d44d7dada3203f1ffe726c17ef8dcca2dcaa9fca676987befeadc9b9f759967a8cb77181c0
ENV MAVEN_HOME /usr/share/maven
ENV MAVEN_CONFIG "/home/coder/.m2"
RUN mkdir -p $MAVEN_HOME $MAVEN_HOME/ref \
&& echo "Downloading maven" \
&& curl -fsSL -o /tmp/apache-maven.tar.gz https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
\
&& echo "Checking downloaded file hash" \
&& echo "${MAVEN_SHA512} /tmp/apache-maven.tar.gz" | sha512sum -c - \
\
&& echo "Unzipping maven" \
&& tar -xzf /tmp/apache-maven.tar.gz -C $MAVEN_HOME --strip-components=1 \
\
&& echo "Cleaning and setting links" \
&& rm -f /tmp/apache-maven.tar.gz \
&& ln -s $MAVEN_HOME/bin/mvn /usr/bin/mvn
# Install Gradle
ENV GRADLE_VERSION=6.7
ARG GRADLE_SHA512=d495bc65379d2a854d2cca843bd2eeb94f381e5a7dcae89e6ceb6ef4c5835524932313e7f30d7a875d5330add37a5fe23447dc3b55b4d95dffffa870c0b24493
ENV GRADLE_HOME /usr/bin/gradle
RUN mkdir -p /usr/share/gradle /usr/share/gradle/ref \
&& echo "Downloading gradle" \
&& curl -fsSL -o /tmp/gradle.zip https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip \
\
&& echo "Checking downloaded file hash" \
&& echo "${GRADLE_SHA512} /tmp/gradle.zip" | sha512sum -c - \
\
&& echo "Unziping gradle" \
&& unzip -d /usr/share/gradle /tmp/gradle.zip \
\
&& echo "Cleaning and setting links" \
&& rm -f /tmp/gradle.zip \
&& ln -s /usr/share/gradle/gradle-${GRADLE_VERSION} /usr/bin/gradle
ENV PATH $PATH:$GRADLE_HOME/bin
# Set back to coder user
USER coder

18
images/jupyter/Dockerfile.centos
View File

@ -1,18 +0,0 @@
FROM codercom/enterprise-base:centos
# Run everything as root
USER root
# Install required dependencies
RUN dnf install --assumeyes \
platform-python-devel
# Install jupyter
RUN python3 -m pip install --upgrade pip && \
pip3 install --upgrade setuptools && \
pip3 install jupyterlab==3.2.9 && \
pip3 install jupyter-core==4.6.3 && \
pip3 install notebook==6.4.10
# Set back to coder user
USER coder

17
images/multieditor/Dockerfile.centos
View File

@ -1,17 +0,0 @@
FROM codercom/enterprise-base:centos
# Run everything as root
USER root
# Packages required for multi-editor support
RUN yum update -y && yum install -y \
openssl \
libXtst \
libXrender \
fontconfig \
libXi \
gtk3 \
libGL
# Set back to coder user
USER coder

15
images/node/Dockerfile.centos
View File

@ -1,15 +0,0 @@
FROM codercom/enterprise-base:centos
# Run everything as root
USER root
# Install whichever Node version is LTS
RUN curl -sL https://rpm.nodesource.com/setup_lts.x | bash -
RUN yum install -y nodejs
# Install Yarn
RUN curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo
RUN yum install -y yarn
# Set back to coder user
USER coder

14
images/pycharm/Dockerfile.centos
View File

@ -1,14 +0,0 @@
FROM codercom/enterprise-multieditor:centos
# Run everything as root
USER root
# Install pycharm.
RUN mkdir -p /opt/pycharm
RUN curl -L "https://download.jetbrains.com/product?code=PCC&latest&distribution=linux" | tar -C /opt/pycharm --strip-components 1 -xzvf -
# Add a binary to the PATH that points to the pycharm startup script.
RUN ln -s /opt/pycharm/bin/pycharm.sh /usr/bin/pycharm-community
# Set back to coder user
USER coder

17
images/ruby/Dockerfile.centos
View File

@ -1,17 +0,0 @@
FROM codercom/enterprise-base:centos
# Run everything as root
USER root
# Install OpenSSL library
RUN yum install -y openssl-devel
# Install Ruby from source
COPY ./install-ruby.sh /tmp
RUN chmod +x /tmp/install-ruby.sh && /tmp/install-ruby.sh
# Install bundler gem
RUN gem install bundler
# Set back to coder user
USER coder

25
images/rust/Dockerfile.centos
View File

@ -1,25 +0,0 @@
FROM codercom/enterprise-base:centos
# Run everything as root
USER root
# Set environment variables
ENV RUSTUP_HOME=/opt/rustup
ENV CARGO_HOME=/opt/cargo
ENV PATH=/opt/cargo/bin:$PATH
# Install Rust
COPY rustup.sh /tmp/rustup.sh
RUN /tmp/rustup.sh -y \
--no-modify-path \
--profile minimal \
--default-toolchain stable \
--default-host x86_64-unknown-linux-gnu && \
rm -f /tmp/rustup.sh && \
chmod -R a+w ${RUSTUP_HOME} ${CARGO_HOME}
# Validate that cargo and rustc are available
RUN cargo --version && rustc --version
# Set back to coder user
USER coder

14
images/webstorm/Dockerfile.centos
View File

@ -1,14 +0,0 @@
FROM codercom/enterprise-multieditor:centos
# Run everything as root
USER root
# Install webstorm.
RUN mkdir -p /opt/webstorm
RUN curl -L "https://download.jetbrains.com/product?code=WS&latest&distribution=linux" | tar -C /opt/webstorm --strip-components 1 -xzvf -
# Add a binary to the PATH that points to the webstorm startup script.
RUN ln -s /opt/webstorm/bin/webstorm.sh /usr/bin/webstorm
# Set back to coder user
USER coder

2
scripts/build_images.sh
View File

@ -25,7 +25,7 @@ function usage() {
echo " --dry-run Show commands that would run, but"
echo " do not run them"
echo " --tag=<tag> Select an image tag group to build,"
echo " one of: centos, ubuntu)"
echo " e.g. ubuntu)"
echo " --quiet Suppress container build output"
exit 1
}

2
scripts/push_images.sh
View File

@ -25,7 +25,7 @@ function usage() {
echo " --dry-run Show commands that would run, but"
echo " do not run them"
echo " --tag=<tag> Select an image tag group to build,"
echo " one of: centos, ubuntu)"
echo " e.g. ubuntu)"
echo " --quiet Suppress container build output"
exit 1
}

2
scripts/scan_images.sh
View File

@ -28,7 +28,7 @@ function usage() {
echo " --dry-run Show commands that would run, but"
echo " do not run them"
echo " --tag=<tag> Select an image tag group to build,"
echo " one of: centos, ubuntu)"
echo " e.g. ubuntu)"
echo " --output-file=<path> File path to write merged SARIF file to"
exit 1
}