Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: used trustworthy Docker images #151

Merged
merged 7 commits into from
Jul 26, 2019
Merged

fix: used trustworthy Docker images #151

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
8a8cb36
fix: used trustworthy Docker images
kuisathaverat Jul 25, 2019
9eb3d6b
fix: set CMD and ENTRYPOINT, user a no pivileged user, use workdir
kuisathaverat Jul 25, 2019
436f67d
Update .ci/docker/shellcheck/Dockerfile
kuisathaverat Jul 26, 2019
a14e8a0
Update Dockerfile
kuisathaverat Jul 26, 2019
1d396aa
Update Dockerfile
kuisathaverat Jul 26, 2019
a8b0975
Update packer_cache.sh
kuisathaverat Jul 26, 2019
de94d87
Merge branch 'master' into fix/trustworthy-docker-images
kuisathaverat Jul 26, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions .ci/docker/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,17 +15,20 @@ prepare-test: bats ## Prepare the bats dependencies
@git submodule sync
@git submodule update --init --recursive

test-%: prepare-test ## Run the tests for the specific app
@DOCKERFILE=$* bats-core/bin/bats --tap tests | tee target/results.tap
convert-tests-results: ## convert TAP test results to JUnit
@APP=$*; docker run --rm -e APP=$${APP} -v "$(CURDIR)":/usr/src/app -w /usr/src/app node:${LTS_ALPINE} \
sh -c 'npm install tap-xunit -g && cat target/results.tap | tap-xunit --package="co.elastic.pipeline.$${APP}" > target/junit-$${APP}-results.xml'

test-%: prepare-test ## Run the tests for the specific app
@DOCKERFILE=$* bats-core/bin/bats --tap tests | tee target/results.tap
@$(MAKE) -s convert-tests-results

push-%: prepare-test ## Push the Docker image to the docker.elastic.co repository
docker push "docker.elastic.co/observability-ci/$*"

all-push: push-gren ## Push all Docker images to the docker.elastic.co repository
all-push: push-gren push-yamllint push-shellcheck## Push all Docker images to the docker.elastic.co repository

all-tests: test-gren ## Run the tests for all the apps
all-tests: test-gren test-yamllint test-shellcheck## Run the tests for all the apps

clean: ## Clean autogenerated files/folders
@rm -rf bats-core
Expand Down
6 changes: 3 additions & 3 deletions .ci/docker/gren/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
FROM node:12-slim
FROM node:12.7.0-stretch-slim

RUN apt-get update -qq -y \
&& apt-get install -qq -y --no-install-recommends git \
&& rm -rf /var/lib/apt/lists/*

RUN npm install github-release-notes -g

RUN npm install github-release-notes@0.17.0 -g
kuisathaverat marked this conversation as resolved.
Show resolved Hide resolved
WORKDIR /app
ENTRYPOINT [ "/usr/local/bin/gren" ]
29 changes: 29 additions & 0 deletions .ci/docker/shellcheck/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Build-only image
FROM ubuntu:18.04 AS build
USER root
WORKDIR /opt/shellCheck

# Install OS deps
RUN apt-get update -qq && apt-get install -qq -y ghc cabal-install git
RUN git clone -n https://github.com/koalaman/shellcheck.git .\
&& git checkout -B v0.6.0 cb57b4a74f490991e65ee8d0be1a6151a9819f91
kuisathaverat marked this conversation as resolved.
Show resolved Hide resolved

# Install Haskell deps
RUN cabal update && cabal install --dependencies-only --ghc-options="-optlo-Os -split-sections"

# Copy source and build it
RUN cabal build Paths_ShellCheck && \
ghc -optl-static -optl-pthread -isrc -idist/build/autogen --make shellcheck -split-sections -optc-Wl,--gc-sections -optlo-Os && \
strip --strip-all shellcheck

RUN mkdir -p /out/bin && \
cp shellcheck /out/bin/

# Resulting Alpine image
FROM alpine:3.10.1
COPY --from=build /out /
RUN /bin/shellcheck -V
WORKDIR /mnt

ENTRYPOINT ["/bin/shellcheck"]
CMD ["-V"]
2 changes: 1 addition & 1 deletion .ci/docker/tests/tests.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ CONTAINER="${DOCKERFILE//\//-}"
}

@test "${DOCKERFILE} - create test container" {
run docker run -d --name $CONTAINER -P ${IMAGE}
run docker run -d --name $CONTAINER -P ${IMAGE} ${CMD}
kuisathaverat marked this conversation as resolved.
Show resolved Hide resolved
assert_success
}

Expand Down
9 changes: 9 additions & 0 deletions .ci/docker/yamllint/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
FROM python:3.7.4-alpine3.10

WORKDIR /yaml

RUN pip install yamllint==1.16.0 && \
kuisathaverat marked this conversation as resolved.
Show resolved Hide resolved
rm -rf ~/.cache/pip

ENTRYPOINT ["yamllint"]
CMD ["--version"]
3 changes: 3 additions & 0 deletions .ci/packer_cache.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,10 @@ source /usr/local/bin/bash_standard_lib.sh
# docker.elastic.co/observability-ci/apm-integration-testing-tests-apm-server

DOCKER_IMAGES="alpine:3.4
alpine:3.10.1
node:12-slim
node:12.7.0-stretch-slim
python:3.7.4-alpine3.10
docker.elastic.co/observability-ci/yamllint
docker.elastic.co/observability-ci/shellcheck
docker.elastic.co/observability-ci/gren
Expand Down
2 changes: 1 addition & 1 deletion .ci/scripts/gren
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
#!/usr/bin/env bash
set -e
docker run --rm -t -v "$(pwd):/app" -w /app docker.elastic.co/observability-ci/gren "$@"
docker run --rm -t -v "$(pwd):/app" -u "$(id -u):$(id -g)" docker.elastic.co/observability-ci/gren "$@"
2 changes: 1 addition & 1 deletion .ci/scripts/shellcheck
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
#!/usr/bin/env bash
set -e
docker run --rm -v "$PWD:/mnt" koalaman/shellcheck:stable "$@"
docker run --rm -t -v "$PWD:/mnt" -u "$(id -u):$(id -g)" docker.elastic.co/observability-ci/shellcheck "$@"
kuisathaverat marked this conversation as resolved.
Show resolved Hide resolved
2 changes: 1 addition & 1 deletion .ci/scripts/yamllint
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
#!/usr/bin/env bash
set -e
docker run --rm -v "$PWD:/yaml" sdesbure/yamllint yamllint "$@"
docker run --rm -t -v "$PWD:/yaml" -u "$(id -u):$(id -g)" docker.elastic.co/observability-ci/yamllint "$@"