diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml index 2fad1d60..eea72040 100644 --- a/.github/workflows/build-deploy.yml +++ b/.github/workflows/build-deploy.yml @@ -24,7 +24,7 @@ jobs: uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - uses: actions/checkout@v3 @@ -53,6 +53,15 @@ jobs: org.opencontainers.image.title=${{ matrix.images }} org.opencontainers.image.description=${{ matrix.images }} image for Bay container platform + - name: Create the AWX-EE context + if: matrix.images == 'awx-ee' + run: | + pip install --upgrade ansible-builder + ansible-builder create \ + --output-filename Dockerfile \ + --verbosity 3 + working-directory: ./images/awx-ee + - name: Build and push the images uses: docker/bake-action@v3.1.0 with: diff --git a/.github/workflows/vulnerability-scan-build.yml b/.github/workflows/vulnerability-scan-build.yml index 2b63e789..4fc8524c 100644 --- a/.github/workflows/vulnerability-scan-build.yml +++ b/.github/workflows/vulnerability-scan-build.yml @@ -21,7 +21,7 @@ jobs: echo "SANITISED-REF-NAME=${{ github.ref_name }}" | tr '/' '-' >> "$GITHUB_OUTPUT" - name: Scan for vulnerabilities id: scan - uses: crazy-max/ghaction-container-scan@v2 + uses: crazy-max/ghaction-container-scan@v3 with: image: ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.images }}:${{ steps.sanitise-ref-name.outputs.SANITISED-REF-NAME }} dockerfile: ./images/${{ matrix.images }} diff --git a/.github/workflows/vulnerability-scan-schedule.yml b/.github/workflows/vulnerability-scan-schedule.yml index 6e2823e7..4b99764c 100644 --- a/.github/workflows/vulnerability-scan-schedule.yml +++ b/.github/workflows/vulnerability-scan-schedule.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Scan for vulnerabilities id: scan - uses: crazy-max/ghaction-container-scan@v2 + uses: crazy-max/ghaction-container-scan@v3 with: image: ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.images }}:${{matrix.branches}} dockerfile: ./images/${{ matrix.images }} diff --git a/gh-actions-bake.hcl b/gh-actions-bake.hcl index 8915f491..5046fe38 100755 --- a/gh-actions-bake.hcl +++ b/gh-actions-bake.hcl @@ -86,4 +86,12 @@ target "ripple-static" { "org.opencontainers.image.description" = "Ripple static site generator image optimised for the Bay container platform" } } - +target "awx-ee" { + inherits = ["docker-metadata-action"] + context = "${CONTEXT}/awx-ee/context" + platforms = ["linux/amd64", "linux/arm64"] + args = { + PYCMD = "/usr/local/bin/python3" + PKGMGR = "/usr/bin/apt-get" + } +} diff --git a/images/awx-ee/docker-bake.hcl b/images/awx-ee/docker-bake.hcl index 03806621..363fbfd8 100644 --- a/images/awx-ee/docker-bake.hcl +++ b/images/awx-ee/docker-bake.hcl @@ -7,17 +7,15 @@ variable "IMAGE_TAG" { } group "default" { - targets = ["ee"] + targets = ["awx-ee"] } -target "ee" { +target "docker-metadata-action" {} + +target "awx-ee" { + inherits = ["docker-metadata-action"] context = "./context" - dockerfile = "Dockerfile" platforms = ["linux/amd64", "linux/arm64"] - tags = [ - // "singledigital/awx-ee:${IMAGE_TAG}", - "${GHCR}/dpc-sdp/bay/awx-ee:${IMAGE_TAG}" - ] args = { PYCMD = "/usr/local/bin/python3" PKGMGR = "/usr/bin/apt-get" diff --git a/images/awx-ee/execution-environment.yml b/images/awx-ee/execution-environment.yml index 28ab2ef8..2210a381 100644 --- a/images/awx-ee/execution-environment.yml +++ b/images/awx-ee/execution-environment.yml @@ -19,9 +19,11 @@ additional_build_steps: append_base: [] prepend_final: - - LABEL org.opencontainers.image.authors="Digital Victoria" - - LABEL org.opencontainers.image.description="Provides an AWX execution environment image optimised for use with SDP." - - LABEL org.opencontainers.image.source="https://github.com/dpc-sdp/bay/blob/6.x/images/awx-ee/context/Dockerfile" + - LABEL maintainer="Digital Transformation" + - LABEL org.opencontainers.image.authors="Digital Transformation" + - LABEL org.opencontainers.image.title="SDP AWX Execution Environment image." + - LABEL org.opencontainers.image.description="Provides an AWX execution environment image optimised for use with SDP. Built with ansible-builder." + - LABEL org.opencontainers.image.source="https://github.com/dpc-sdp/bay/blob/6.x/images/awx-ee/" - ARG LAGOON_CLI_VERSION=v0.15.4 - ARG NVM_INSTALL_VERSION=v0.39.1 - ARG NODE_VERSION=v14.15.1 @@ -29,7 +31,7 @@ additional_build_steps: append_final: - | # Required dependencies. RUN set -eux; \ - apt-get update && apt-get install -y \ + apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ git git-lfs \ jq \ rsync \ @@ -39,7 +41,7 @@ additional_build_steps: - | # Install php & composer. RUN set -eux; \ curl -sSL https://packages.sury.org/php/README.txt | bash -x; \ - apt-get update && apt-get install -y \ + apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ php8.3-cli \ php8.3-gd \ php8.3-zip; \ @@ -73,4 +75,12 @@ additional_build_steps: - RUN curl -L https://github.com/google/yamlfmt/releases/download/v0.10.0/yamlfmt_0.10.0_Linux_x86_64.tar.gz --output /tmp/yamlfmt_0.10.0_Linux_x86_64.tar.gz - RUN tar -C /tmp -xvf /tmp/yamlfmt_0.10.0_Linux_x86_64.tar.gz - RUN chmod +x /tmp/yamlfmt - - RUN mv /tmp/yamlfmt /usr/local/bin \ No newline at end of file + - RUN mv /tmp/yamlfmt /usr/local/bin + - | # Install GitHub gh cli tool + SHELL ["/bin/bash", "-c"] + RUN set -eux; \ + curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \ + && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \ + && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ + && apt update \ + && DEBIAN_FRONTEND=noninteractive apt install gh -y \ No newline at end of file diff --git a/images/php/Dockerfile.cli b/images/php/Dockerfile.cli index c779bd26..85c30821 100644 --- a/images/php/Dockerfile.cli +++ b/images/php/Dockerfile.cli @@ -22,8 +22,10 @@ RUN wget -O /usr/local/bin/dockerize https://github.com/dpc-sdp/dockerize/releas RUN apk add redis --no-cache # Install bay-cli. -RUN wget "https://github.com/dpc-sdp/bay-cli/releases/download/v0.1.0/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_')" -O /bin/bay && \ - chmod +x /bin/bay +RUN curl -L "https://github.com/dpc-sdp/bay-cli/releases/download/v0.1.1/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz" --output /tmp/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz +RUN tar -C /tmp -xvf /tmp/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz +RUN chmod +x /tmp/bay +RUN mv /tmp/bay /bin/bay RUN mkdir /bay diff --git a/images/php/Dockerfile.fpm b/images/php/Dockerfile.fpm index e845dfd3..1c9767fa 100644 --- a/images/php/Dockerfile.fpm +++ b/images/php/Dockerfile.fpm @@ -24,8 +24,10 @@ RUN apk add --no-cache tzdata \ && echo $TZ > /etc/timezone # Install bay-cli. -RUN wget "https://github.com/dpc-sdp/bay-cli/releases/download/v0.0.1/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_')" -O /bin/bay && \ - chmod +x /bin/bay +RUN curl -L "https://github.com/dpc-sdp/bay-cli/releases/download/v0.1.1/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz" --output /tmp/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz +RUN tar -C /tmp -xvf /tmp/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz +RUN chmod +x /tmp/bay +RUN mv /tmp/bay /bin/bay ONBUILD ARG BAY_DISABLE_FUNCTIONS=phpinfo,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,system,exec,shell_exec,passthru,phpinfo,show_source,highlight_file,popen,fopen_with_path,dbmopen,dbase_open,filepro,filepro_rowcount,filepro_retrieve,posix_mkfifo ONBUILD ARG BAY_UPLOAD_LIMIT=100M