breaking: removed support for CentOS (#207)
- Due to excessive vulnerabilities removed `brew` from Ubuntu images.
This commit is contained in:
parent
e6f03c8b73
commit
b7d2fa64af
|
@ -62,12 +62,8 @@ jobs:
|
|||
images:
|
||||
runs-on: ubuntu-latest-8-cores
|
||||
strategy:
|
||||
matrix:
|
||||
job:
|
||||
- centos
|
||||
- ubuntu
|
||||
fail-fast: false
|
||||
name: images/${{ matrix.job }}
|
||||
name: images/ubuntu
|
||||
steps:
|
||||
- name: Cancel previous runs
|
||||
if: github.event_name == 'pull_request'
|
||||
|
@ -80,28 +76,28 @@ jobs:
|
|||
run: |
|
||||
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.37.1
|
||||
|
||||
- name: Build ${{ matrix.job }} images
|
||||
- name: Build ubuntu images
|
||||
run: |
|
||||
${{ github.workspace }}/scripts/build_images.sh \
|
||||
--tag=${{ matrix.job }}
|
||||
--tag=ubuntu
|
||||
|
||||
- name: Scan ${{ matrix.job }} images
|
||||
- name: Scan ubuntu images
|
||||
run: |
|
||||
${{ github.workspace }}/scripts/scan_images.sh \
|
||||
--tag=${{ matrix.job }} \
|
||||
--output-file=trivy-results-${{ matrix.job }}.sarif
|
||||
--tag=ubuntu \
|
||||
--output-file=trivy-results-ubuntu.sarif
|
||||
|
||||
- name: Upload Trivy scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: trivy-results-${{ matrix.job }}.sarif
|
||||
category: trivy-${{ matrix.job }}
|
||||
sarif_file: trivy-results-ubuntu.sarif
|
||||
category: trivy-ubuntu
|
||||
|
||||
- name: Upload Trivy scan results as an artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: trivy-${{ matrix.job }}
|
||||
path: trivy-results-${{ matrix.job }}.sarif
|
||||
name: trivy-ubuntu
|
||||
path: trivy-results-ubuntu.sarif
|
||||
retention-days: 7
|
||||
|
||||
- name: Authenticate to Docker Hub
|
||||
|
@ -115,4 +111,4 @@ jobs:
|
|||
if: github.event_name != 'pull_request'
|
||||
run: |
|
||||
${{ github.workspace }}/scripts/push_images.sh \
|
||||
--tag=${{ matrix.job }}
|
||||
--tag=ubuntu
|
||||
|
|
|
@ -37,3 +37,7 @@ under the `ubuntu` tag.
|
|||
## Contributing
|
||||
|
||||
See our [contributing guide](.github/CONTRIBUTING.md).
|
||||
|
||||
## Changelog
|
||||
|
||||
Reference our [changelog](./changelog.md) for updates made to images.
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
# Enterprise Images Changelog
|
||||
|
||||
## BREAKING 02/15/2023
|
||||
|
||||
- Due to low usage, removed support for CentOS base images.
|
||||
- Due to excessive vulnerabilities removed `brew` from Ubuntu images.
|
|
@ -1,55 +0,0 @@
|
|||
FROM quay.io/centos/centos:stream8
|
||||
|
||||
SHELL ["/bin/bash", "-c"]
|
||||
|
||||
# Add the EPEL repolist
|
||||
RUN dnf upgrade --assumeyes --refresh && \
|
||||
dnf install --assumeyes epel-release && \
|
||||
dnf install --assumeyes \
|
||||
bash \
|
||||
ca-certificates \
|
||||
curl \
|
||||
device-mapper-persistent-data \
|
||||
dnf-utils \
|
||||
gcc \
|
||||
gcc-c++ \
|
||||
git \
|
||||
htop \
|
||||
lvm2 \
|
||||
make \
|
||||
man \
|
||||
python3 \
|
||||
sudo \
|
||||
unzip \
|
||||
vim \
|
||||
wget \
|
||||
rsync && \
|
||||
dnf clean all
|
||||
|
||||
RUN dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \
|
||||
dnf install --assumeyes \
|
||||
containerd.io \
|
||||
docker-ce && \
|
||||
systemctl enable docker
|
||||
|
||||
# Add docker-compose
|
||||
RUN curl -L "https://github.com/docker/compose/releases/download/v2.16.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
||||
RUN chmod +x /usr/local/bin/docker-compose
|
||||
|
||||
# Make typing unicode characters in the terminal work.
|
||||
ENV LANG en_US.UTF-8
|
||||
|
||||
# Add a user `coder` so that you're not developing as the `root` user
|
||||
RUN useradd coder \
|
||||
--create-home \
|
||||
--shell=/bin/bash \
|
||||
--groups=docker \
|
||||
--uid=1000 \
|
||||
--user-group && \
|
||||
echo "coder ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers.d/nopasswd
|
||||
|
||||
USER coder
|
||||
|
||||
# install Homebrew, must be as a non-root user
|
||||
RUN HOMEBREW_INSTALL_FROM_API=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
|
||||
ENV PATH /home/linuxbrew/.linuxbrew/bin:${PATH}
|
|
@ -57,7 +57,3 @@ RUN useradd coder \
|
|||
echo "coder ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers.d/nopasswd
|
||||
|
||||
USER coder
|
||||
|
||||
# install Homebrew, must be as a non-root user
|
||||
RUN HOMEBREW_INSTALL_FROM_API=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
|
||||
ENV PATH /home/linuxbrew/.linuxbrew/bin:${PATH}
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
FROM codercom/enterprise-multieditor:centos
|
||||
|
||||
# Run everything as root
|
||||
USER root
|
||||
|
||||
# Install clion.
|
||||
RUN mkdir -p /opt/clion
|
||||
RUN curl -L "https://download.jetbrains.com/product?code=CL&latest&distribution=linux" | tar -C /opt/clion --strip-components 1 -xzvf -
|
||||
|
||||
# Add a binary to the PATH that points to the clion startup script.
|
||||
RUN ln -s /opt/clion/bin/clion.sh /usr/bin/clion
|
||||
|
||||
# Set back to coder user
|
||||
USER coder
|
|
@ -1,14 +0,0 @@
|
|||
FROM codercom/enterprise-multieditor:centos
|
||||
|
||||
# Run everything as root
|
||||
USER root
|
||||
|
||||
# Install DataSpell.
|
||||
RUN mkdir -p /opt/dataspell
|
||||
RUN curl -L "https://download-cdn.jetbrains.com/python/dataspell-2021.3.3.tar.gz" | tar -C /opt/dataspell --strip-components 1 -xzvf -
|
||||
|
||||
# Add a binary to the PATH that points to the pycharm startup script.
|
||||
RUN ln -s /opt/dataspell/bin/dataspell.sh /usr/bin/dataspell
|
||||
|
||||
# Set back to coder user
|
||||
USER coder
|
|
@ -1,24 +0,0 @@
|
|||
FROM codercom/enterprise-golang:centos
|
||||
|
||||
# Run everything as root
|
||||
USER root
|
||||
|
||||
# Packages required for multi-editor support
|
||||
RUN yum update -y && yum install -y \
|
||||
openssl \
|
||||
libXtst \
|
||||
libXrender \
|
||||
fontconfig \
|
||||
libXi \
|
||||
gtk3 \
|
||||
libGL
|
||||
|
||||
# Install goland.
|
||||
RUN mkdir -p /opt/goland
|
||||
RUN curl -L "https://download.jetbrains.com/product?code=GO&latest&distribution=linux" | tar -C /opt/goland --strip-components 1 -xzvf -
|
||||
|
||||
# Add a binary to the PATH that points to the goland startup script.
|
||||
RUN ln -s /opt/goland/bin/goland.sh /usr/bin/goland
|
||||
|
||||
# Set back to coder user
|
||||
USER coder
|
|
@ -1,18 +0,0 @@
|
|||
FROM codercom/enterprise-base:centos
|
||||
|
||||
# Run everything as root
|
||||
USER root
|
||||
|
||||
# Install go
|
||||
RUN curl -L "https://go.dev/dl/go1.20.linux-amd64.tar.gz" | tar -C /usr/local -xzvf -
|
||||
|
||||
# Setup go env vars
|
||||
ENV GOROOT /usr/local/go
|
||||
ENV PATH $PATH:$GOROOT/bin
|
||||
|
||||
ENV GOPATH /home/coder/go
|
||||
ENV GOBIN $GOPATH/bin
|
||||
ENV PATH $PATH:$GOBIN
|
||||
|
||||
# Set back to coder user
|
||||
USER coder
|
|
@ -1,24 +0,0 @@
|
|||
FROM codercom/enterprise-java:centos
|
||||
|
||||
# Run everything as root
|
||||
USER root
|
||||
|
||||
# Packages required for multi-editor support
|
||||
RUN yum update -y && yum install -y \
|
||||
openssl \
|
||||
libXtst \
|
||||
libXrender \
|
||||
fontconfig \
|
||||
libXi \
|
||||
gtk3 \
|
||||
libGL
|
||||
|
||||
# Install intellij
|
||||
RUN mkdir -p /opt/idea
|
||||
RUN curl -L "https://download.jetbrains.com/product?code=IIC&latest&distribution=linux" | tar -C /opt/idea --strip-components 1 -xzvf -
|
||||
|
||||
# Add a binary to the PATH that points to the intellij startup script.
|
||||
RUN ln -s /opt/idea/bin/idea.sh /usr/bin/intellij-idea-ultimate
|
||||
|
||||
# Set back to coder user
|
||||
USER coder
|
|
@ -1,55 +0,0 @@
|
|||
FROM codercom/enterprise-base:centos
|
||||
|
||||
# Run everything as root
|
||||
USER root
|
||||
|
||||
# Install JDK (OpenJDK 8)
|
||||
RUN yum install -y java-1.8.0-openjdk-devel
|
||||
ENV JAVA_HOME /usr/lib/jvm/java-1.8.0
|
||||
ENV PATH $PATH:$JAVA_HOME/bin
|
||||
|
||||
# Install Maven
|
||||
ARG MAVEN_VERSION=3.6.3
|
||||
ARG MAVEN_SHA512=c35a1803a6e70a126e80b2b3ae33eed961f83ed74d18fcd16909b2d44d7dada3203f1ffe726c17ef8dcca2dcaa9fca676987befeadc9b9f759967a8cb77181c0
|
||||
|
||||
ENV MAVEN_HOME /usr/share/maven
|
||||
ENV MAVEN_CONFIG "/home/coder/.m2"
|
||||
|
||||
RUN mkdir -p $MAVEN_HOME $MAVEN_HOME/ref \
|
||||
&& echo "Downloading maven" \
|
||||
&& curl -fsSL -o /tmp/apache-maven.tar.gz https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
|
||||
\
|
||||
&& echo "Checking downloaded file hash" \
|
||||
&& echo "${MAVEN_SHA512} /tmp/apache-maven.tar.gz" | sha512sum -c - \
|
||||
\
|
||||
&& echo "Unzipping maven" \
|
||||
&& tar -xzf /tmp/apache-maven.tar.gz -C $MAVEN_HOME --strip-components=1 \
|
||||
\
|
||||
&& echo "Cleaning and setting links" \
|
||||
&& rm -f /tmp/apache-maven.tar.gz \
|
||||
&& ln -s $MAVEN_HOME/bin/mvn /usr/bin/mvn
|
||||
|
||||
# Install Gradle
|
||||
ENV GRADLE_VERSION=6.7
|
||||
ARG GRADLE_SHA512=d495bc65379d2a854d2cca843bd2eeb94f381e5a7dcae89e6ceb6ef4c5835524932313e7f30d7a875d5330add37a5fe23447dc3b55b4d95dffffa870c0b24493
|
||||
|
||||
ENV GRADLE_HOME /usr/bin/gradle
|
||||
|
||||
RUN mkdir -p /usr/share/gradle /usr/share/gradle/ref \
|
||||
&& echo "Downloading gradle" \
|
||||
&& curl -fsSL -o /tmp/gradle.zip https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip \
|
||||
\
|
||||
&& echo "Checking downloaded file hash" \
|
||||
&& echo "${GRADLE_SHA512} /tmp/gradle.zip" | sha512sum -c - \
|
||||
\
|
||||
&& echo "Unziping gradle" \
|
||||
&& unzip -d /usr/share/gradle /tmp/gradle.zip \
|
||||
\
|
||||
&& echo "Cleaning and setting links" \
|
||||
&& rm -f /tmp/gradle.zip \
|
||||
&& ln -s /usr/share/gradle/gradle-${GRADLE_VERSION} /usr/bin/gradle
|
||||
|
||||
ENV PATH $PATH:$GRADLE_HOME/bin
|
||||
|
||||
# Set back to coder user
|
||||
USER coder
|
|
@ -1,18 +0,0 @@
|
|||
FROM codercom/enterprise-base:centos
|
||||
|
||||
# Run everything as root
|
||||
USER root
|
||||
|
||||
# Install required dependencies
|
||||
RUN dnf install --assumeyes \
|
||||
platform-python-devel
|
||||
|
||||
# Install jupyter
|
||||
RUN python3 -m pip install --upgrade pip && \
|
||||
pip3 install --upgrade setuptools && \
|
||||
pip3 install jupyterlab==3.2.9 && \
|
||||
pip3 install jupyter-core==4.6.3 && \
|
||||
pip3 install notebook==6.4.10
|
||||
|
||||
# Set back to coder user
|
||||
USER coder
|
|
@ -1,17 +0,0 @@
|
|||
FROM codercom/enterprise-base:centos
|
||||
|
||||
# Run everything as root
|
||||
USER root
|
||||
|
||||
# Packages required for multi-editor support
|
||||
RUN yum update -y && yum install -y \
|
||||
openssl \
|
||||
libXtst \
|
||||
libXrender \
|
||||
fontconfig \
|
||||
libXi \
|
||||
gtk3 \
|
||||
libGL
|
||||
|
||||
# Set back to coder user
|
||||
USER coder
|
|
@ -1,15 +0,0 @@
|
|||
FROM codercom/enterprise-base:centos
|
||||
|
||||
# Run everything as root
|
||||
USER root
|
||||
|
||||
# Install whichever Node version is LTS
|
||||
RUN curl -sL https://rpm.nodesource.com/setup_lts.x | bash -
|
||||
RUN yum install -y nodejs
|
||||
|
||||
# Install Yarn
|
||||
RUN curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo
|
||||
RUN yum install -y yarn
|
||||
|
||||
# Set back to coder user
|
||||
USER coder
|
|
@ -1,14 +0,0 @@
|
|||
FROM codercom/enterprise-multieditor:centos
|
||||
|
||||
# Run everything as root
|
||||
USER root
|
||||
|
||||
# Install pycharm.
|
||||
RUN mkdir -p /opt/pycharm
|
||||
RUN curl -L "https://download.jetbrains.com/product?code=PCC&latest&distribution=linux" | tar -C /opt/pycharm --strip-components 1 -xzvf -
|
||||
|
||||
# Add a binary to the PATH that points to the pycharm startup script.
|
||||
RUN ln -s /opt/pycharm/bin/pycharm.sh /usr/bin/pycharm-community
|
||||
|
||||
# Set back to coder user
|
||||
USER coder
|
|
@ -1,17 +0,0 @@
|
|||
FROM codercom/enterprise-base:centos
|
||||
|
||||
# Run everything as root
|
||||
USER root
|
||||
|
||||
# Install OpenSSL library
|
||||
RUN yum install -y openssl-devel
|
||||
|
||||
# Install Ruby from source
|
||||
COPY ./install-ruby.sh /tmp
|
||||
RUN chmod +x /tmp/install-ruby.sh && /tmp/install-ruby.sh
|
||||
|
||||
# Install bundler gem
|
||||
RUN gem install bundler
|
||||
|
||||
# Set back to coder user
|
||||
USER coder
|
|
@ -1,25 +0,0 @@
|
|||
FROM codercom/enterprise-base:centos
|
||||
|
||||
# Run everything as root
|
||||
USER root
|
||||
|
||||
# Set environment variables
|
||||
ENV RUSTUP_HOME=/opt/rustup
|
||||
ENV CARGO_HOME=/opt/cargo
|
||||
ENV PATH=/opt/cargo/bin:$PATH
|
||||
|
||||
# Install Rust
|
||||
COPY rustup.sh /tmp/rustup.sh
|
||||
RUN /tmp/rustup.sh -y \
|
||||
--no-modify-path \
|
||||
--profile minimal \
|
||||
--default-toolchain stable \
|
||||
--default-host x86_64-unknown-linux-gnu && \
|
||||
rm -f /tmp/rustup.sh && \
|
||||
chmod -R a+w ${RUSTUP_HOME} ${CARGO_HOME}
|
||||
|
||||
# Validate that cargo and rustc are available
|
||||
RUN cargo --version && rustc --version
|
||||
|
||||
# Set back to coder user
|
||||
USER coder
|
|
@ -1,14 +0,0 @@
|
|||
FROM codercom/enterprise-multieditor:centos
|
||||
|
||||
# Run everything as root
|
||||
USER root
|
||||
|
||||
# Install webstorm.
|
||||
RUN mkdir -p /opt/webstorm
|
||||
RUN curl -L "https://download.jetbrains.com/product?code=WS&latest&distribution=linux" | tar -C /opt/webstorm --strip-components 1 -xzvf -
|
||||
|
||||
# Add a binary to the PATH that points to the webstorm startup script.
|
||||
RUN ln -s /opt/webstorm/bin/webstorm.sh /usr/bin/webstorm
|
||||
|
||||
# Set back to coder user
|
||||
USER coder
|
|
@ -25,7 +25,7 @@ function usage() {
|
|||
echo " --dry-run Show commands that would run, but"
|
||||
echo " do not run them"
|
||||
echo " --tag=<tag> Select an image tag group to build,"
|
||||
echo " one of: centos, ubuntu)"
|
||||
echo " e.g. ubuntu)"
|
||||
echo " --quiet Suppress container build output"
|
||||
exit 1
|
||||
}
|
||||
|
|
|
@ -25,7 +25,7 @@ function usage() {
|
|||
echo " --dry-run Show commands that would run, but"
|
||||
echo " do not run them"
|
||||
echo " --tag=<tag> Select an image tag group to build,"
|
||||
echo " one of: centos, ubuntu)"
|
||||
echo " e.g. ubuntu)"
|
||||
echo " --quiet Suppress container build output"
|
||||
exit 1
|
||||
}
|
||||
|
|
|
@ -28,7 +28,7 @@ function usage() {
|
|||
echo " --dry-run Show commands that would run, but"
|
||||
echo " do not run them"
|
||||
echo " --tag=<tag> Select an image tag group to build,"
|
||||
echo " one of: centos, ubuntu)"
|
||||
echo " e.g. ubuntu)"
|
||||
echo " --output-file=<path> File path to write merged SARIF file to"
|
||||
exit 1
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue