diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index ed4d60f..ac29ac8 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -62,12 +62,8 @@ jobs: images: runs-on: ubuntu-latest-8-cores strategy: - matrix: - job: - - centos - - ubuntu fail-fast: false - name: images/${{ matrix.job }} + name: images/ubuntu steps: - name: Cancel previous runs if: github.event_name == 'pull_request' @@ -80,28 +76,28 @@ jobs: run: | curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.37.1 - - name: Build ${{ matrix.job }} images + - name: Build ubuntu images run: | ${{ github.workspace }}/scripts/build_images.sh \ - --tag=${{ matrix.job }} + --tag=ubuntu - - name: Scan ${{ matrix.job }} images + - name: Scan ubuntu images run: | ${{ github.workspace }}/scripts/scan_images.sh \ - --tag=${{ matrix.job }} \ - --output-file=trivy-results-${{ matrix.job }}.sarif + --tag=ubuntu \ + --output-file=trivy-results-ubuntu.sarif - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: - sarif_file: trivy-results-${{ matrix.job }}.sarif - category: trivy-${{ matrix.job }} + sarif_file: trivy-results-ubuntu.sarif + category: trivy-ubuntu - name: Upload Trivy scan results as an artifact uses: actions/upload-artifact@v3 with: - name: trivy-${{ matrix.job }} - path: trivy-results-${{ matrix.job }}.sarif + name: trivy-ubuntu + path: trivy-results-ubuntu.sarif retention-days: 7 - name: Authenticate to Docker Hub @@ -115,4 +111,4 @@ jobs: if: github.event_name != 'pull_request' run: | ${{ github.workspace }}/scripts/push_images.sh \ - --tag=${{ matrix.job }} + --tag=ubuntu diff --git a/README.md b/README.md index 827c8f1..b7f9999 100644 --- a/README.md +++ b/README.md @@ -37,3 +37,7 @@ under the `ubuntu` tag. ## Contributing See our [contributing guide](.github/CONTRIBUTING.md). + +## Changelog + +Reference our [changelog](./changelog.md) for updates made to images. diff --git a/changelog.md b/changelog.md new file mode 100644 index 0000000..b19b400 --- /dev/null +++ b/changelog.md @@ -0,0 +1,6 @@ +# Enterprise Images Changelog + +## BREAKING 02/15/2023 + +- Due to low usage, removed support for CentOS base images. +- Due to excessive vulnerabilities removed `brew` from Ubuntu images. diff --git a/images/base/Dockerfile.centos b/images/base/Dockerfile.centos deleted file mode 100644 index 357a770..0000000 --- a/images/base/Dockerfile.centos +++ /dev/null @@ -1,55 +0,0 @@ -FROM quay.io/centos/centos:stream8 - -SHELL ["/bin/bash", "-c"] - -# Add the EPEL repolist -RUN dnf upgrade --assumeyes --refresh && \ - dnf install --assumeyes epel-release && \ - dnf install --assumeyes \ - bash \ - ca-certificates \ - curl \ - device-mapper-persistent-data \ - dnf-utils \ - gcc \ - gcc-c++ \ - git \ - htop \ - lvm2 \ - make \ - man \ - python3 \ - sudo \ - unzip \ - vim \ - wget \ - rsync && \ - dnf clean all - -RUN dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \ - dnf install --assumeyes \ - containerd.io \ - docker-ce && \ - systemctl enable docker - -# Add docker-compose -RUN curl -L "https://github.com/docker/compose/releases/download/v2.16.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose -RUN chmod +x /usr/local/bin/docker-compose - -# Make typing unicode characters in the terminal work. -ENV LANG en_US.UTF-8 - -# Add a user `coder` so that you're not developing as the `root` user -RUN useradd coder \ - --create-home \ - --shell=/bin/bash \ - --groups=docker \ - --uid=1000 \ - --user-group && \ - echo "coder ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers.d/nopasswd - -USER coder - -# install Homebrew, must be as a non-root user -RUN HOMEBREW_INSTALL_FROM_API=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" -ENV PATH /home/linuxbrew/.linuxbrew/bin:${PATH} diff --git a/images/base/Dockerfile.ubuntu b/images/base/Dockerfile.ubuntu index 1c03d2c..59824d8 100644 --- a/images/base/Dockerfile.ubuntu +++ b/images/base/Dockerfile.ubuntu @@ -57,7 +57,3 @@ RUN useradd coder \ echo "coder ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers.d/nopasswd USER coder - -# install Homebrew, must be as a non-root user -RUN HOMEBREW_INSTALL_FROM_API=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" -ENV PATH /home/linuxbrew/.linuxbrew/bin:${PATH} diff --git a/images/clion/Dockerfile.centos b/images/clion/Dockerfile.centos deleted file mode 100644 index 7c349d8..0000000 --- a/images/clion/Dockerfile.centos +++ /dev/null @@ -1,14 +0,0 @@ -FROM codercom/enterprise-multieditor:centos - -# Run everything as root -USER root - -# Install clion. -RUN mkdir -p /opt/clion -RUN curl -L "https://download.jetbrains.com/product?code=CL&latest&distribution=linux" | tar -C /opt/clion --strip-components 1 -xzvf - - -# Add a binary to the PATH that points to the clion startup script. -RUN ln -s /opt/clion/bin/clion.sh /usr/bin/clion - -# Set back to coder user -USER coder diff --git a/images/dataSpell/Dockerfile.centos b/images/dataSpell/Dockerfile.centos deleted file mode 100644 index 79009b7..0000000 --- a/images/dataSpell/Dockerfile.centos +++ /dev/null @@ -1,14 +0,0 @@ -FROM codercom/enterprise-multieditor:centos - -# Run everything as root -USER root - -# Install DataSpell. -RUN mkdir -p /opt/dataspell -RUN curl -L "https://download-cdn.jetbrains.com/python/dataspell-2021.3.3.tar.gz" | tar -C /opt/dataspell --strip-components 1 -xzvf - - -# Add a binary to the PATH that points to the pycharm startup script. -RUN ln -s /opt/dataspell/bin/dataspell.sh /usr/bin/dataspell - -# Set back to coder user -USER coder \ No newline at end of file diff --git a/images/goland/Dockerfile.centos b/images/goland/Dockerfile.centos deleted file mode 100644 index 2e42e58..0000000 --- a/images/goland/Dockerfile.centos +++ /dev/null @@ -1,24 +0,0 @@ -FROM codercom/enterprise-golang:centos - -# Run everything as root -USER root - -# Packages required for multi-editor support -RUN yum update -y && yum install -y \ - openssl \ - libXtst \ - libXrender \ - fontconfig \ - libXi \ - gtk3 \ - libGL - -# Install goland. -RUN mkdir -p /opt/goland -RUN curl -L "https://download.jetbrains.com/product?code=GO&latest&distribution=linux" | tar -C /opt/goland --strip-components 1 -xzvf - - -# Add a binary to the PATH that points to the goland startup script. -RUN ln -s /opt/goland/bin/goland.sh /usr/bin/goland - -# Set back to coder user -USER coder diff --git a/images/golang/Dockerfile.centos b/images/golang/Dockerfile.centos deleted file mode 100644 index b8c8975..0000000 --- a/images/golang/Dockerfile.centos +++ /dev/null @@ -1,18 +0,0 @@ -FROM codercom/enterprise-base:centos - -# Run everything as root -USER root - -# Install go -RUN curl -L "https://go.dev/dl/go1.20.linux-amd64.tar.gz" | tar -C /usr/local -xzvf - - -# Setup go env vars -ENV GOROOT /usr/local/go -ENV PATH $PATH:$GOROOT/bin - -ENV GOPATH /home/coder/go -ENV GOBIN $GOPATH/bin -ENV PATH $PATH:$GOBIN - -# Set back to coder user -USER coder diff --git a/images/intellij/Dockerfile.centos b/images/intellij/Dockerfile.centos deleted file mode 100644 index 95cb905..0000000 --- a/images/intellij/Dockerfile.centos +++ /dev/null @@ -1,24 +0,0 @@ -FROM codercom/enterprise-java:centos - -# Run everything as root -USER root - -# Packages required for multi-editor support -RUN yum update -y && yum install -y \ - openssl \ - libXtst \ - libXrender \ - fontconfig \ - libXi \ - gtk3 \ - libGL - -# Install intellij -RUN mkdir -p /opt/idea -RUN curl -L "https://download.jetbrains.com/product?code=IIC&latest&distribution=linux" | tar -C /opt/idea --strip-components 1 -xzvf - - -# Add a binary to the PATH that points to the intellij startup script. -RUN ln -s /opt/idea/bin/idea.sh /usr/bin/intellij-idea-ultimate - -# Set back to coder user -USER coder diff --git a/images/java/Dockerfile.centos b/images/java/Dockerfile.centos deleted file mode 100644 index 2a4974f..0000000 --- a/images/java/Dockerfile.centos +++ /dev/null @@ -1,55 +0,0 @@ -FROM codercom/enterprise-base:centos - -# Run everything as root -USER root - -# Install JDK (OpenJDK 8) -RUN yum install -y java-1.8.0-openjdk-devel -ENV JAVA_HOME /usr/lib/jvm/java-1.8.0 -ENV PATH $PATH:$JAVA_HOME/bin - -# Install Maven -ARG MAVEN_VERSION=3.6.3 -ARG MAVEN_SHA512=c35a1803a6e70a126e80b2b3ae33eed961f83ed74d18fcd16909b2d44d7dada3203f1ffe726c17ef8dcca2dcaa9fca676987befeadc9b9f759967a8cb77181c0 - -ENV MAVEN_HOME /usr/share/maven -ENV MAVEN_CONFIG "/home/coder/.m2" - -RUN mkdir -p $MAVEN_HOME $MAVEN_HOME/ref \ - && echo "Downloading maven" \ - && curl -fsSL -o /tmp/apache-maven.tar.gz https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz \ - \ - && echo "Checking downloaded file hash" \ - && echo "${MAVEN_SHA512} /tmp/apache-maven.tar.gz" | sha512sum -c - \ - \ - && echo "Unzipping maven" \ - && tar -xzf /tmp/apache-maven.tar.gz -C $MAVEN_HOME --strip-components=1 \ - \ - && echo "Cleaning and setting links" \ - && rm -f /tmp/apache-maven.tar.gz \ - && ln -s $MAVEN_HOME/bin/mvn /usr/bin/mvn - -# Install Gradle -ENV GRADLE_VERSION=6.7 -ARG GRADLE_SHA512=d495bc65379d2a854d2cca843bd2eeb94f381e5a7dcae89e6ceb6ef4c5835524932313e7f30d7a875d5330add37a5fe23447dc3b55b4d95dffffa870c0b24493 - -ENV GRADLE_HOME /usr/bin/gradle - -RUN mkdir -p /usr/share/gradle /usr/share/gradle/ref \ - && echo "Downloading gradle" \ - && curl -fsSL -o /tmp/gradle.zip https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip \ - \ - && echo "Checking downloaded file hash" \ - && echo "${GRADLE_SHA512} /tmp/gradle.zip" | sha512sum -c - \ - \ - && echo "Unziping gradle" \ - && unzip -d /usr/share/gradle /tmp/gradle.zip \ - \ - && echo "Cleaning and setting links" \ - && rm -f /tmp/gradle.zip \ - && ln -s /usr/share/gradle/gradle-${GRADLE_VERSION} /usr/bin/gradle - -ENV PATH $PATH:$GRADLE_HOME/bin - -# Set back to coder user -USER coder diff --git a/images/jupyter/Dockerfile.centos b/images/jupyter/Dockerfile.centos deleted file mode 100644 index 29c9268..0000000 --- a/images/jupyter/Dockerfile.centos +++ /dev/null @@ -1,18 +0,0 @@ -FROM codercom/enterprise-base:centos - -# Run everything as root -USER root - -# Install required dependencies -RUN dnf install --assumeyes \ - platform-python-devel - -# Install jupyter -RUN python3 -m pip install --upgrade pip && \ - pip3 install --upgrade setuptools && \ - pip3 install jupyterlab==3.2.9 && \ - pip3 install jupyter-core==4.6.3 && \ - pip3 install notebook==6.4.10 - -# Set back to coder user -USER coder diff --git a/images/multieditor/Dockerfile.centos b/images/multieditor/Dockerfile.centos deleted file mode 100644 index eb1d323..0000000 --- a/images/multieditor/Dockerfile.centos +++ /dev/null @@ -1,17 +0,0 @@ -FROM codercom/enterprise-base:centos - -# Run everything as root -USER root - -# Packages required for multi-editor support -RUN yum update -y && yum install -y \ - openssl \ - libXtst \ - libXrender \ - fontconfig \ - libXi \ - gtk3 \ - libGL - -# Set back to coder user -USER coder diff --git a/images/node/Dockerfile.centos b/images/node/Dockerfile.centos deleted file mode 100644 index df8ea9d..0000000 --- a/images/node/Dockerfile.centos +++ /dev/null @@ -1,15 +0,0 @@ -FROM codercom/enterprise-base:centos - -# Run everything as root -USER root - -# Install whichever Node version is LTS -RUN curl -sL https://rpm.nodesource.com/setup_lts.x | bash - -RUN yum install -y nodejs - -# Install Yarn -RUN curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo -RUN yum install -y yarn - -# Set back to coder user -USER coder diff --git a/images/pycharm/Dockerfile.centos b/images/pycharm/Dockerfile.centos deleted file mode 100644 index cdb948d..0000000 --- a/images/pycharm/Dockerfile.centos +++ /dev/null @@ -1,14 +0,0 @@ -FROM codercom/enterprise-multieditor:centos - -# Run everything as root -USER root - -# Install pycharm. -RUN mkdir -p /opt/pycharm -RUN curl -L "https://download.jetbrains.com/product?code=PCC&latest&distribution=linux" | tar -C /opt/pycharm --strip-components 1 -xzvf - - -# Add a binary to the PATH that points to the pycharm startup script. -RUN ln -s /opt/pycharm/bin/pycharm.sh /usr/bin/pycharm-community - -# Set back to coder user -USER coder diff --git a/images/ruby/Dockerfile.centos b/images/ruby/Dockerfile.centos deleted file mode 100644 index 6f8e8f4..0000000 --- a/images/ruby/Dockerfile.centos +++ /dev/null @@ -1,17 +0,0 @@ -FROM codercom/enterprise-base:centos - -# Run everything as root -USER root - -# Install OpenSSL library -RUN yum install -y openssl-devel - -# Install Ruby from source -COPY ./install-ruby.sh /tmp -RUN chmod +x /tmp/install-ruby.sh && /tmp/install-ruby.sh - -# Install bundler gem -RUN gem install bundler - -# Set back to coder user -USER coder diff --git a/images/rust/Dockerfile.centos b/images/rust/Dockerfile.centos deleted file mode 100644 index 20586af..0000000 --- a/images/rust/Dockerfile.centos +++ /dev/null @@ -1,25 +0,0 @@ -FROM codercom/enterprise-base:centos - -# Run everything as root -USER root - -# Set environment variables -ENV RUSTUP_HOME=/opt/rustup -ENV CARGO_HOME=/opt/cargo -ENV PATH=/opt/cargo/bin:$PATH - -# Install Rust -COPY rustup.sh /tmp/rustup.sh -RUN /tmp/rustup.sh -y \ - --no-modify-path \ - --profile minimal \ - --default-toolchain stable \ - --default-host x86_64-unknown-linux-gnu && \ - rm -f /tmp/rustup.sh && \ - chmod -R a+w ${RUSTUP_HOME} ${CARGO_HOME} - -# Validate that cargo and rustc are available -RUN cargo --version && rustc --version - -# Set back to coder user -USER coder diff --git a/images/webstorm/Dockerfile.centos b/images/webstorm/Dockerfile.centos deleted file mode 100644 index cef1617..0000000 --- a/images/webstorm/Dockerfile.centos +++ /dev/null @@ -1,14 +0,0 @@ -FROM codercom/enterprise-multieditor:centos - -# Run everything as root -USER root - -# Install webstorm. -RUN mkdir -p /opt/webstorm -RUN curl -L "https://download.jetbrains.com/product?code=WS&latest&distribution=linux" | tar -C /opt/webstorm --strip-components 1 -xzvf - - -# Add a binary to the PATH that points to the webstorm startup script. -RUN ln -s /opt/webstorm/bin/webstorm.sh /usr/bin/webstorm - -# Set back to coder user -USER coder diff --git a/scripts/build_images.sh b/scripts/build_images.sh index bb8c3d1..e322f2d 100755 --- a/scripts/build_images.sh +++ b/scripts/build_images.sh @@ -25,7 +25,7 @@ function usage() { echo " --dry-run Show commands that would run, but" echo " do not run them" echo " --tag= Select an image tag group to build," - echo " one of: centos, ubuntu)" + echo " e.g. ubuntu)" echo " --quiet Suppress container build output" exit 1 } diff --git a/scripts/push_images.sh b/scripts/push_images.sh index 17eefc7..70a4c88 100755 --- a/scripts/push_images.sh +++ b/scripts/push_images.sh @@ -25,7 +25,7 @@ function usage() { echo " --dry-run Show commands that would run, but" echo " do not run them" echo " --tag= Select an image tag group to build," - echo " one of: centos, ubuntu)" + echo " e.g. ubuntu)" echo " --quiet Suppress container build output" exit 1 } diff --git a/scripts/scan_images.sh b/scripts/scan_images.sh index 4cd4fdc..c9c7412 100755 --- a/scripts/scan_images.sh +++ b/scripts/scan_images.sh @@ -28,7 +28,7 @@ function usage() { echo " --dry-run Show commands that would run, but" echo " do not run them" echo " --tag= Select an image tag group to build," - echo " one of: centos, ubuntu)" + echo " e.g. ubuntu)" echo " --output-file= File path to write merged SARIF file to" exit 1 }