dpc-sdp · GROwen · Feb 21, 2024 · Jan 17, 2024 · Jan 18, 2024 · Jan 18, 2024
diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml
@@ -24,7 +24,7 @@ jobs:
         uses: docker/setup-qemu-action@v2
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - uses: actions/checkout@v3
 
@@ -53,6 +53,15 @@ jobs:
             org.opencontainers.image.title=${{ matrix.images }}
             org.opencontainers.image.description=${{ matrix.images }} image for Bay container platform
 
+      - name: Create the AWX-EE context
+        if: matrix.images == 'awx-ee'
+        run: |
+          pip install --upgrade ansible-builder
+          ansible-builder create \
+            --output-filename Dockerfile \
+            --verbosity 3
+        working-directory: ./images/awx-ee
+
       - name: Build and push the images
         uses: docker/[email protected]
         with:

diff --git a/.github/workflows/vulnerability-scan-build.yml b/.github/workflows/vulnerability-scan-build.yml
@@ -21,7 +21,7 @@ jobs:
           echo "SANITISED-REF-NAME=${{ github.ref_name }}" | tr  '/' '-' >> "$GITHUB_OUTPUT"
       - name: Scan for vulnerabilities
         id: scan
-        uses: crazy-max/ghaction-container-scan@v2
+        uses: crazy-max/ghaction-container-scan@v3
         with:
           image: ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.images }}:${{ steps.sanitise-ref-name.outputs.SANITISED-REF-NAME }}
           dockerfile: ./images/${{ matrix.images }}

diff --git a/.github/workflows/vulnerability-scan-schedule.yml b/.github/workflows/vulnerability-scan-schedule.yml
@@ -35,7 +35,7 @@ jobs:
     steps:
       - name: Scan for vulnerabilities
         id: scan
-        uses: crazy-max/ghaction-container-scan@v2
+        uses: crazy-max/ghaction-container-scan@v3
         with:
           image: ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.images }}:${{matrix.branches}}
           dockerfile: ./images/${{ matrix.images }}

diff --git a/gh-actions-bake.hcl b/gh-actions-bake.hcl
@@ -86,4 +86,12 @@ target "ripple-static" {
     "org.opencontainers.image.description" = "Ripple static site generator image optimised for the Bay container platform"
   }
 }
-
+target "awx-ee" {
+    inherits = ["docker-metadata-action"]
+    context = "${CONTEXT}/awx-ee/context"
+    platforms = ["linux/amd64", "linux/arm64"]
+    args = {
+        PYCMD = "/usr/local/bin/python3"
+        PKGMGR = "/usr/bin/apt-get"
+    }
+}
diff --git a/images/awx-ee/docker-bake.hcl b/images/awx-ee/docker-bake.hcl
@@ -7,17 +7,15 @@ variable "IMAGE_TAG" {
 }
 
 group "default" {
-    targets = ["ee"]
+    targets = ["awx-ee"]
 }
 
-target "ee" {
+target "docker-metadata-action" {}
+
+target "awx-ee" {
+    inherits = ["docker-metadata-action"]
     context = "./context"
-    dockerfile = "Dockerfile"
     platforms = ["linux/amd64", "linux/arm64"]
-    tags = [
-        // "singledigital/awx-ee:${IMAGE_TAG}",
-        "${GHCR}/dpc-sdp/bay/awx-ee:${IMAGE_TAG}"
-    ]
     args = {
         PYCMD = "/usr/local/bin/python3"
         PKGMGR = "/usr/bin/apt-get"

diff --git a/images/awx-ee/execution-environment.yml b/images/awx-ee/execution-environment.yml
@@ -19,17 +19,19 @@ additional_build_steps:
   append_base: []
 
   prepend_final:
-    - LABEL org.opencontainers.image.authors="Digital Victoria"
-    - LABEL org.opencontainers.image.description="Provides an AWX execution environment image optimised for use with SDP."
-    - LABEL org.opencontainers.image.source="https://github.com/dpc-sdp/bay/blob/6.x/images/awx-ee/context/Dockerfile"
+    - LABEL maintainer="Digital Transformation"
+    - LABEL org.opencontainers.image.authors="Digital Transformation"
+    - LABEL org.opencontainers.image.title="SDP AWX Execution Environment image."
+    - LABEL org.opencontainers.image.description="Provides an AWX execution environment image optimised for use with SDP. Built with ansible-builder."
+    - LABEL org.opencontainers.image.source="https://github.com/dpc-sdp/bay/blob/6.x/images/awx-ee/"
     - ARG LAGOON_CLI_VERSION=v0.15.4
     - ARG NVM_INSTALL_VERSION=v0.39.1
     - ARG NODE_VERSION=v14.15.1
 
   append_final:
     - | # Required dependencies.
       RUN set -eux; \
-          apt-get update && apt-get install -y \
+          apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
               git git-lfs \
               jq \
               rsync \
@@ -39,7 +41,7 @@ additional_build_steps:
     - | # Install php & composer.
       RUN set -eux; \
           curl -sSL https://packages.sury.org/php/README.txt | bash -x; \
-          apt-get update && apt-get install -y \
+          apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
               php8.3-cli \
               php8.3-gd \
               php8.3-zip; \
@@ -73,4 +75,12 @@ additional_build_steps:
     - RUN curl -L https://github.com/google/yamlfmt/releases/download/v0.10.0/yamlfmt_0.10.0_Linux_x86_64.tar.gz --output /tmp/yamlfmt_0.10.0_Linux_x86_64.tar.gz
     - RUN tar -C /tmp -xvf /tmp/yamlfmt_0.10.0_Linux_x86_64.tar.gz
     - RUN chmod +x /tmp/yamlfmt
-    - RUN mv /tmp/yamlfmt /usr/local/bin
+    - RUN mv /tmp/yamlfmt /usr/local/bin
+    - | # Install GitHub gh cli tool
+      SHELL ["/bin/bash", "-c"]
+      RUN set -eux; \
+        curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
+        && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
+        && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
+        && apt update \
+        && DEBIAN_FRONTEND=noninteractive apt install gh -y
diff --git a/images/php/Dockerfile.cli b/images/php/Dockerfile.cli
@@ -22,8 +22,10 @@ RUN wget -O /usr/local/bin/dockerize https://github.com/dpc-sdp/dockerize/releas
 RUN apk add redis --no-cache
 
 # Install bay-cli.
-RUN wget "https://github.com/dpc-sdp/bay-cli/releases/download/v0.1.0/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_')" -O /bin/bay && \
-    chmod +x /bin/bay
+RUN curl -L "https://github.com/dpc-sdp/bay-cli/releases/download/v0.1.1/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz" --output /tmp/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz
+RUN tar -C /tmp -xvf /tmp/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz
+RUN chmod +x /tmp/bay
+RUN mv /tmp/bay /bin/bay
 
 RUN mkdir /bay
 

diff --git a/images/php/Dockerfile.fpm b/images/php/Dockerfile.fpm
@@ -24,8 +24,10 @@ RUN  apk add --no-cache tzdata \
     && echo $TZ > /etc/timezone
 
 # Install bay-cli.
-RUN wget "https://github.com/dpc-sdp/bay-cli/releases/download/v0.0.1/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_')" -O /bin/bay && \
-    chmod +x /bin/bay
+RUN curl -L "https://github.com/dpc-sdp/bay-cli/releases/download/v0.1.1/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz" --output /tmp/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz
+RUN tar -C /tmp -xvf /tmp/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz
+RUN chmod +x /tmp/bay
+RUN mv /tmp/bay /bin/bay
 
 ONBUILD ARG BAY_DISABLE_FUNCTIONS=phpinfo,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,system,exec,shell_exec,passthru,phpinfo,show_source,highlight_file,popen,fopen_with_path,dbmopen,dbase_open,filepro,filepro_rowcount,filepro_retrieve,posix_mkfifo
 ONBUILD ARG BAY_UPLOAD_LIMIT=100M