breaking: removed support for CentOS (#207)
- Due to excessive vulnerabilities removed `brew` from Ubuntu images.
This commit is contained in:
parent
e6f03c8b73
commit
b7d2fa64af
|
@ -62,12 +62,8 @@ jobs:
|
||||||
images:
|
images:
|
||||||
runs-on: ubuntu-latest-8-cores
|
runs-on: ubuntu-latest-8-cores
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
|
||||||
job:
|
|
||||||
- centos
|
|
||||||
- ubuntu
|
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
name: images/${{ matrix.job }}
|
name: images/ubuntu
|
||||||
steps:
|
steps:
|
||||||
- name: Cancel previous runs
|
- name: Cancel previous runs
|
||||||
if: github.event_name == 'pull_request'
|
if: github.event_name == 'pull_request'
|
||||||
|
@ -80,28 +76,28 @@ jobs:
|
||||||
run: |
|
run: |
|
||||||
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.37.1
|
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.37.1
|
||||||
|
|
||||||
- name: Build ${{ matrix.job }} images
|
- name: Build ubuntu images
|
||||||
run: |
|
run: |
|
||||||
${{ github.workspace }}/scripts/build_images.sh \
|
${{ github.workspace }}/scripts/build_images.sh \
|
||||||
--tag=${{ matrix.job }}
|
--tag=ubuntu
|
||||||
|
|
||||||
- name: Scan ${{ matrix.job }} images
|
- name: Scan ubuntu images
|
||||||
run: |
|
run: |
|
||||||
${{ github.workspace }}/scripts/scan_images.sh \
|
${{ github.workspace }}/scripts/scan_images.sh \
|
||||||
--tag=${{ matrix.job }} \
|
--tag=ubuntu \
|
||||||
--output-file=trivy-results-${{ matrix.job }}.sarif
|
--output-file=trivy-results-ubuntu.sarif
|
||||||
|
|
||||||
- name: Upload Trivy scan results to GitHub Security tab
|
- name: Upload Trivy scan results to GitHub Security tab
|
||||||
uses: github/codeql-action/upload-sarif@v2
|
uses: github/codeql-action/upload-sarif@v2
|
||||||
with:
|
with:
|
||||||
sarif_file: trivy-results-${{ matrix.job }}.sarif
|
sarif_file: trivy-results-ubuntu.sarif
|
||||||
category: trivy-${{ matrix.job }}
|
category: trivy-ubuntu
|
||||||
|
|
||||||
- name: Upload Trivy scan results as an artifact
|
- name: Upload Trivy scan results as an artifact
|
||||||
uses: actions/upload-artifact@v3
|
uses: actions/upload-artifact@v3
|
||||||
with:
|
with:
|
||||||
name: trivy-${{ matrix.job }}
|
name: trivy-ubuntu
|
||||||
path: trivy-results-${{ matrix.job }}.sarif
|
path: trivy-results-ubuntu.sarif
|
||||||
retention-days: 7
|
retention-days: 7
|
||||||
|
|
||||||
- name: Authenticate to Docker Hub
|
- name: Authenticate to Docker Hub
|
||||||
|
@ -115,4 +111,4 @@ jobs:
|
||||||
if: github.event_name != 'pull_request'
|
if: github.event_name != 'pull_request'
|
||||||
run: |
|
run: |
|
||||||
${{ github.workspace }}/scripts/push_images.sh \
|
${{ github.workspace }}/scripts/push_images.sh \
|
||||||
--tag=${{ matrix.job }}
|
--tag=ubuntu
|
||||||
|
|
|
@ -37,3 +37,7 @@ under the `ubuntu` tag.
|
||||||
## Contributing
|
## Contributing
|
||||||
|
|
||||||
See our [contributing guide](.github/CONTRIBUTING.md).
|
See our [contributing guide](.github/CONTRIBUTING.md).
|
||||||
|
|
||||||
|
## Changelog
|
||||||
|
|
||||||
|
Reference our [changelog](./changelog.md) for updates made to images.
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
# Enterprise Images Changelog
|
||||||
|
|
||||||
|
## BREAKING 02/15/2023
|
||||||
|
|
||||||
|
- Due to low usage, removed support for CentOS base images.
|
||||||
|
- Due to excessive vulnerabilities removed `brew` from Ubuntu images.
|
|
@ -1,55 +0,0 @@
|
||||||
FROM quay.io/centos/centos:stream8
|
|
||||||
|
|
||||||
SHELL ["/bin/bash", "-c"]
|
|
||||||
|
|
||||||
# Add the EPEL repolist
|
|
||||||
RUN dnf upgrade --assumeyes --refresh && \
|
|
||||||
dnf install --assumeyes epel-release && \
|
|
||||||
dnf install --assumeyes \
|
|
||||||
bash \
|
|
||||||
ca-certificates \
|
|
||||||
curl \
|
|
||||||
device-mapper-persistent-data \
|
|
||||||
dnf-utils \
|
|
||||||
gcc \
|
|
||||||
gcc-c++ \
|
|
||||||
git \
|
|
||||||
htop \
|
|
||||||
lvm2 \
|
|
||||||
make \
|
|
||||||
man \
|
|
||||||
python3 \
|
|
||||||
sudo \
|
|
||||||
unzip \
|
|
||||||
vim \
|
|
||||||
wget \
|
|
||||||
rsync && \
|
|
||||||
dnf clean all
|
|
||||||
|
|
||||||
RUN dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \
|
|
||||||
dnf install --assumeyes \
|
|
||||||
containerd.io \
|
|
||||||
docker-ce && \
|
|
||||||
systemctl enable docker
|
|
||||||
|
|
||||||
# Add docker-compose
|
|
||||||
RUN curl -L "https://github.com/docker/compose/releases/download/v2.16.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
|
||||||
RUN chmod +x /usr/local/bin/docker-compose
|
|
||||||
|
|
||||||
# Make typing unicode characters in the terminal work.
|
|
||||||
ENV LANG en_US.UTF-8
|
|
||||||
|
|
||||||
# Add a user `coder` so that you're not developing as the `root` user
|
|
||||||
RUN useradd coder \
|
|
||||||
--create-home \
|
|
||||||
--shell=/bin/bash \
|
|
||||||
--groups=docker \
|
|
||||||
--uid=1000 \
|
|
||||||
--user-group && \
|
|
||||||
echo "coder ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers.d/nopasswd
|
|
||||||
|
|
||||||
USER coder
|
|
||||||
|
|
||||||
# install Homebrew, must be as a non-root user
|
|
||||||
RUN HOMEBREW_INSTALL_FROM_API=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
|
|
||||||
ENV PATH /home/linuxbrew/.linuxbrew/bin:${PATH}
|
|
|
@ -57,7 +57,3 @@ RUN useradd coder \
|
||||||
echo "coder ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers.d/nopasswd
|
echo "coder ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers.d/nopasswd
|
||||||
|
|
||||||
USER coder
|
USER coder
|
||||||
|
|
||||||
# install Homebrew, must be as a non-root user
|
|
||||||
RUN HOMEBREW_INSTALL_FROM_API=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
|
|
||||||
ENV PATH /home/linuxbrew/.linuxbrew/bin:${PATH}
|
|
||||||
|
|
|
@ -1,14 +0,0 @@
|
||||||
FROM codercom/enterprise-multieditor:centos
|
|
||||||
|
|
||||||
# Run everything as root
|
|
||||||
USER root
|
|
||||||
|
|
||||||
# Install clion.
|
|
||||||
RUN mkdir -p /opt/clion
|
|
||||||
RUN curl -L "https://download.jetbrains.com/product?code=CL&latest&distribution=linux" | tar -C /opt/clion --strip-components 1 -xzvf -
|
|
||||||
|
|
||||||
# Add a binary to the PATH that points to the clion startup script.
|
|
||||||
RUN ln -s /opt/clion/bin/clion.sh /usr/bin/clion
|
|
||||||
|
|
||||||
# Set back to coder user
|
|
||||||
USER coder
|
|
|
@ -1,14 +0,0 @@
|
||||||
FROM codercom/enterprise-multieditor:centos
|
|
||||||
|
|
||||||
# Run everything as root
|
|
||||||
USER root
|
|
||||||
|
|
||||||
# Install DataSpell.
|
|
||||||
RUN mkdir -p /opt/dataspell
|
|
||||||
RUN curl -L "https://download-cdn.jetbrains.com/python/dataspell-2021.3.3.tar.gz" | tar -C /opt/dataspell --strip-components 1 -xzvf -
|
|
||||||
|
|
||||||
# Add a binary to the PATH that points to the pycharm startup script.
|
|
||||||
RUN ln -s /opt/dataspell/bin/dataspell.sh /usr/bin/dataspell
|
|
||||||
|
|
||||||
# Set back to coder user
|
|
||||||
USER coder
|
|
|
@ -1,24 +0,0 @@
|
||||||
FROM codercom/enterprise-golang:centos
|
|
||||||
|
|
||||||
# Run everything as root
|
|
||||||
USER root
|
|
||||||
|
|
||||||
# Packages required for multi-editor support
|
|
||||||
RUN yum update -y && yum install -y \
|
|
||||||
openssl \
|
|
||||||
libXtst \
|
|
||||||
libXrender \
|
|
||||||
fontconfig \
|
|
||||||
libXi \
|
|
||||||
gtk3 \
|
|
||||||
libGL
|
|
||||||
|
|
||||||
# Install goland.
|
|
||||||
RUN mkdir -p /opt/goland
|
|
||||||
RUN curl -L "https://download.jetbrains.com/product?code=GO&latest&distribution=linux" | tar -C /opt/goland --strip-components 1 -xzvf -
|
|
||||||
|
|
||||||
# Add a binary to the PATH that points to the goland startup script.
|
|
||||||
RUN ln -s /opt/goland/bin/goland.sh /usr/bin/goland
|
|
||||||
|
|
||||||
# Set back to coder user
|
|
||||||
USER coder
|
|
|
@ -1,18 +0,0 @@
|
||||||
FROM codercom/enterprise-base:centos
|
|
||||||
|
|
||||||
# Run everything as root
|
|
||||||
USER root
|
|
||||||
|
|
||||||
# Install go
|
|
||||||
RUN curl -L "https://go.dev/dl/go1.20.linux-amd64.tar.gz" | tar -C /usr/local -xzvf -
|
|
||||||
|
|
||||||
# Setup go env vars
|
|
||||||
ENV GOROOT /usr/local/go
|
|
||||||
ENV PATH $PATH:$GOROOT/bin
|
|
||||||
|
|
||||||
ENV GOPATH /home/coder/go
|
|
||||||
ENV GOBIN $GOPATH/bin
|
|
||||||
ENV PATH $PATH:$GOBIN
|
|
||||||
|
|
||||||
# Set back to coder user
|
|
||||||
USER coder
|
|
|
@ -1,24 +0,0 @@
|
||||||
FROM codercom/enterprise-java:centos
|
|
||||||
|
|
||||||
# Run everything as root
|
|
||||||
USER root
|
|
||||||
|
|
||||||
# Packages required for multi-editor support
|
|
||||||
RUN yum update -y && yum install -y \
|
|
||||||
openssl \
|
|
||||||
libXtst \
|
|
||||||
libXrender \
|
|
||||||
fontconfig \
|
|
||||||
libXi \
|
|
||||||
gtk3 \
|
|
||||||
libGL
|
|
||||||
|
|
||||||
# Install intellij
|
|
||||||
RUN mkdir -p /opt/idea
|
|
||||||
RUN curl -L "https://download.jetbrains.com/product?code=IIC&latest&distribution=linux" | tar -C /opt/idea --strip-components 1 -xzvf -
|
|
||||||
|
|
||||||
# Add a binary to the PATH that points to the intellij startup script.
|
|
||||||
RUN ln -s /opt/idea/bin/idea.sh /usr/bin/intellij-idea-ultimate
|
|
||||||
|
|
||||||
# Set back to coder user
|
|
||||||
USER coder
|
|
|
@ -1,55 +0,0 @@
|
||||||
FROM codercom/enterprise-base:centos
|
|
||||||
|
|
||||||
# Run everything as root
|
|
||||||
USER root
|
|
||||||
|
|
||||||
# Install JDK (OpenJDK 8)
|
|
||||||
RUN yum install -y java-1.8.0-openjdk-devel
|
|
||||||
ENV JAVA_HOME /usr/lib/jvm/java-1.8.0
|
|
||||||
ENV PATH $PATH:$JAVA_HOME/bin
|
|
||||||
|
|
||||||
# Install Maven
|
|
||||||
ARG MAVEN_VERSION=3.6.3
|
|
||||||
ARG MAVEN_SHA512=c35a1803a6e70a126e80b2b3ae33eed961f83ed74d18fcd16909b2d44d7dada3203f1ffe726c17ef8dcca2dcaa9fca676987befeadc9b9f759967a8cb77181c0
|
|
||||||
|
|
||||||
ENV MAVEN_HOME /usr/share/maven
|
|
||||||
ENV MAVEN_CONFIG "/home/coder/.m2"
|
|
||||||
|
|
||||||
RUN mkdir -p $MAVEN_HOME $MAVEN_HOME/ref \
|
|
||||||
&& echo "Downloading maven" \
|
|
||||||
&& curl -fsSL -o /tmp/apache-maven.tar.gz https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
|
|
||||||
\
|
|
||||||
&& echo "Checking downloaded file hash" \
|
|
||||||
&& echo "${MAVEN_SHA512} /tmp/apache-maven.tar.gz" | sha512sum -c - \
|
|
||||||
\
|
|
||||||
&& echo "Unzipping maven" \
|
|
||||||
&& tar -xzf /tmp/apache-maven.tar.gz -C $MAVEN_HOME --strip-components=1 \
|
|
||||||
\
|
|
||||||
&& echo "Cleaning and setting links" \
|
|
||||||
&& rm -f /tmp/apache-maven.tar.gz \
|
|
||||||
&& ln -s $MAVEN_HOME/bin/mvn /usr/bin/mvn
|
|
||||||
|
|
||||||
# Install Gradle
|
|
||||||
ENV GRADLE_VERSION=6.7
|
|
||||||
ARG GRADLE_SHA512=d495bc65379d2a854d2cca843bd2eeb94f381e5a7dcae89e6ceb6ef4c5835524932313e7f30d7a875d5330add37a5fe23447dc3b55b4d95dffffa870c0b24493
|
|
||||||
|
|
||||||
ENV GRADLE_HOME /usr/bin/gradle
|
|
||||||
|
|
||||||
RUN mkdir -p /usr/share/gradle /usr/share/gradle/ref \
|
|
||||||
&& echo "Downloading gradle" \
|
|
||||||
&& curl -fsSL -o /tmp/gradle.zip https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip \
|
|
||||||
\
|
|
||||||
&& echo "Checking downloaded file hash" \
|
|
||||||
&& echo "${GRADLE_SHA512} /tmp/gradle.zip" | sha512sum -c - \
|
|
||||||
\
|
|
||||||
&& echo "Unziping gradle" \
|
|
||||||
&& unzip -d /usr/share/gradle /tmp/gradle.zip \
|
|
||||||
\
|
|
||||||
&& echo "Cleaning and setting links" \
|
|
||||||
&& rm -f /tmp/gradle.zip \
|
|
||||||
&& ln -s /usr/share/gradle/gradle-${GRADLE_VERSION} /usr/bin/gradle
|
|
||||||
|
|
||||||
ENV PATH $PATH:$GRADLE_HOME/bin
|
|
||||||
|
|
||||||
# Set back to coder user
|
|
||||||
USER coder
|
|
|
@ -1,18 +0,0 @@
|
||||||
FROM codercom/enterprise-base:centos
|
|
||||||
|
|
||||||
# Run everything as root
|
|
||||||
USER root
|
|
||||||
|
|
||||||
# Install required dependencies
|
|
||||||
RUN dnf install --assumeyes \
|
|
||||||
platform-python-devel
|
|
||||||
|
|
||||||
# Install jupyter
|
|
||||||
RUN python3 -m pip install --upgrade pip && \
|
|
||||||
pip3 install --upgrade setuptools && \
|
|
||||||
pip3 install jupyterlab==3.2.9 && \
|
|
||||||
pip3 install jupyter-core==4.6.3 && \
|
|
||||||
pip3 install notebook==6.4.10
|
|
||||||
|
|
||||||
# Set back to coder user
|
|
||||||
USER coder
|
|
|
@ -1,17 +0,0 @@
|
||||||
FROM codercom/enterprise-base:centos
|
|
||||||
|
|
||||||
# Run everything as root
|
|
||||||
USER root
|
|
||||||
|
|
||||||
# Packages required for multi-editor support
|
|
||||||
RUN yum update -y && yum install -y \
|
|
||||||
openssl \
|
|
||||||
libXtst \
|
|
||||||
libXrender \
|
|
||||||
fontconfig \
|
|
||||||
libXi \
|
|
||||||
gtk3 \
|
|
||||||
libGL
|
|
||||||
|
|
||||||
# Set back to coder user
|
|
||||||
USER coder
|
|
|
@ -1,15 +0,0 @@
|
||||||
FROM codercom/enterprise-base:centos
|
|
||||||
|
|
||||||
# Run everything as root
|
|
||||||
USER root
|
|
||||||
|
|
||||||
# Install whichever Node version is LTS
|
|
||||||
RUN curl -sL https://rpm.nodesource.com/setup_lts.x | bash -
|
|
||||||
RUN yum install -y nodejs
|
|
||||||
|
|
||||||
# Install Yarn
|
|
||||||
RUN curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo
|
|
||||||
RUN yum install -y yarn
|
|
||||||
|
|
||||||
# Set back to coder user
|
|
||||||
USER coder
|
|
|
@ -1,14 +0,0 @@
|
||||||
FROM codercom/enterprise-multieditor:centos
|
|
||||||
|
|
||||||
# Run everything as root
|
|
||||||
USER root
|
|
||||||
|
|
||||||
# Install pycharm.
|
|
||||||
RUN mkdir -p /opt/pycharm
|
|
||||||
RUN curl -L "https://download.jetbrains.com/product?code=PCC&latest&distribution=linux" | tar -C /opt/pycharm --strip-components 1 -xzvf -
|
|
||||||
|
|
||||||
# Add a binary to the PATH that points to the pycharm startup script.
|
|
||||||
RUN ln -s /opt/pycharm/bin/pycharm.sh /usr/bin/pycharm-community
|
|
||||||
|
|
||||||
# Set back to coder user
|
|
||||||
USER coder
|
|
|
@ -1,17 +0,0 @@
|
||||||
FROM codercom/enterprise-base:centos
|
|
||||||
|
|
||||||
# Run everything as root
|
|
||||||
USER root
|
|
||||||
|
|
||||||
# Install OpenSSL library
|
|
||||||
RUN yum install -y openssl-devel
|
|
||||||
|
|
||||||
# Install Ruby from source
|
|
||||||
COPY ./install-ruby.sh /tmp
|
|
||||||
RUN chmod +x /tmp/install-ruby.sh && /tmp/install-ruby.sh
|
|
||||||
|
|
||||||
# Install bundler gem
|
|
||||||
RUN gem install bundler
|
|
||||||
|
|
||||||
# Set back to coder user
|
|
||||||
USER coder
|
|
|
@ -1,25 +0,0 @@
|
||||||
FROM codercom/enterprise-base:centos
|
|
||||||
|
|
||||||
# Run everything as root
|
|
||||||
USER root
|
|
||||||
|
|
||||||
# Set environment variables
|
|
||||||
ENV RUSTUP_HOME=/opt/rustup
|
|
||||||
ENV CARGO_HOME=/opt/cargo
|
|
||||||
ENV PATH=/opt/cargo/bin:$PATH
|
|
||||||
|
|
||||||
# Install Rust
|
|
||||||
COPY rustup.sh /tmp/rustup.sh
|
|
||||||
RUN /tmp/rustup.sh -y \
|
|
||||||
--no-modify-path \
|
|
||||||
--profile minimal \
|
|
||||||
--default-toolchain stable \
|
|
||||||
--default-host x86_64-unknown-linux-gnu && \
|
|
||||||
rm -f /tmp/rustup.sh && \
|
|
||||||
chmod -R a+w ${RUSTUP_HOME} ${CARGO_HOME}
|
|
||||||
|
|
||||||
# Validate that cargo and rustc are available
|
|
||||||
RUN cargo --version && rustc --version
|
|
||||||
|
|
||||||
# Set back to coder user
|
|
||||||
USER coder
|
|
|
@ -1,14 +0,0 @@
|
||||||
FROM codercom/enterprise-multieditor:centos
|
|
||||||
|
|
||||||
# Run everything as root
|
|
||||||
USER root
|
|
||||||
|
|
||||||
# Install webstorm.
|
|
||||||
RUN mkdir -p /opt/webstorm
|
|
||||||
RUN curl -L "https://download.jetbrains.com/product?code=WS&latest&distribution=linux" | tar -C /opt/webstorm --strip-components 1 -xzvf -
|
|
||||||
|
|
||||||
# Add a binary to the PATH that points to the webstorm startup script.
|
|
||||||
RUN ln -s /opt/webstorm/bin/webstorm.sh /usr/bin/webstorm
|
|
||||||
|
|
||||||
# Set back to coder user
|
|
||||||
USER coder
|
|
|
@ -25,7 +25,7 @@ function usage() {
|
||||||
echo " --dry-run Show commands that would run, but"
|
echo " --dry-run Show commands that would run, but"
|
||||||
echo " do not run them"
|
echo " do not run them"
|
||||||
echo " --tag=<tag> Select an image tag group to build,"
|
echo " --tag=<tag> Select an image tag group to build,"
|
||||||
echo " one of: centos, ubuntu)"
|
echo " e.g. ubuntu)"
|
||||||
echo " --quiet Suppress container build output"
|
echo " --quiet Suppress container build output"
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,7 +25,7 @@ function usage() {
|
||||||
echo " --dry-run Show commands that would run, but"
|
echo " --dry-run Show commands that would run, but"
|
||||||
echo " do not run them"
|
echo " do not run them"
|
||||||
echo " --tag=<tag> Select an image tag group to build,"
|
echo " --tag=<tag> Select an image tag group to build,"
|
||||||
echo " one of: centos, ubuntu)"
|
echo " e.g. ubuntu)"
|
||||||
echo " --quiet Suppress container build output"
|
echo " --quiet Suppress container build output"
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,7 +28,7 @@ function usage() {
|
||||||
echo " --dry-run Show commands that would run, but"
|
echo " --dry-run Show commands that would run, but"
|
||||||
echo " do not run them"
|
echo " do not run them"
|
||||||
echo " --tag=<tag> Select an image tag group to build,"
|
echo " --tag=<tag> Select an image tag group to build,"
|
||||||
echo " one of: centos, ubuntu)"
|
echo " e.g. ubuntu)"
|
||||||
echo " --output-file=<path> File path to write merged SARIF file to"
|
echo " --output-file=<path> File path to write merged SARIF file to"
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue