VZ-10894: Build rancher-shell v0.1.20 from source (#5)

Dockerfile.dapper

@@ -1,9 +1,24 @@
-FROM registry.suse.com/bci/bci-base:15.4.27.14.56
+FROM ghcr.io/oracle/oraclelinux:7-slim
 
 ARG DAPPER_HOST_ARCH
 ENV ARCH $DAPPER_HOST_ARCH
 
-RUN zypper -n install docker git
+# Prepare Go env
+ENV GOPATH /go
+
+RUN yum-config-manager --enable ol7_optional_latest && \
+    yum-config-manager --enable ol7_addons
+
+RUN yum update -y && \
+    # NOTE - psmisc is needed for "killall" command, which Rancher uses to kill the proxy container on helm operation pods
+    yum install -y bash git gcc docker-cli vim less file curl wget psmisc
+
+RUN yum install -y oracle-golang-release-el7 && \
+    yum-config-manager --enable ol7_developer_golang117 && \
+    yum install -y golang-1.17.5 && \
+    yum-config-manager --add-repo https://yum.oracle.com/repo/OracleLinux/OL7/olcne13/x86_64/ && \
+    yum -y install docker-engine-19.03.11.ol-13.el7.x86_64 && \
+    yum clean all
 
 ENV DAPPER_ENV REPO TAG DRONE_TAG CROSS
 ENV DAPPER_SOURCE /shell

Makefile

@@ -1,14 +1,22 @@
 TARGETS := $(shell ls scripts)
 
-.dapper:
-	@echo Downloading dapper
-	@curl -sL https://releases.rancher.com/dapper/latest/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp
-	@@chmod +x .dapper.tmp
-	@./.dapper.tmp -v
-	@mv .dapper.tmp .dapper
-
-$(TARGETS): .dapper
-	./.dapper $@
+GO ?= CGO_ENABLED=0 GO111MODULE=on go
+DAPPER_VERSION = v0.6.0-v8o-1
+
+# find or download dapper
+DAPPER_PATH := $(shell eval go env GOPATH)
+.PHONY: dapper
+dapper:
+ifeq (, $(shell command -v dapper))
+	$(GO) install github.com/verrazzano/rancher-dapper@${DAPPER_VERSION}
+	mv ${DAPPER_PATH}/bin/rancher-dapper $(DAPPER_PATH)/bin/dapper
+	$(eval DAPPER=$(DAPPER_PATH)/bin/dapper)
+else
+	$(eval DAPPER=$(shell command -v dapper))
+endif
+
+$(TARGETS): dapper
+	dapper $@
 
 .DEFAULT_GOAL := ci
 

SECURITY.md

@@ -0,0 +1,17 @@
+# Reporting Security Vulnerabilities
+
+Oracle values the independent security research community and believes that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users.
+
+Please do NOT raise a GitHub Issue to report a security vulnerability. If you believe you have found a security vulnerability, please submit a report to secalert_us@oracle.com preferably with a proof of concept. We provide additional information on [how to report security vulnerabilities to Oracle](https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html) which includes public encryption keys for secure email.
+
+We ask that you do not use other channels or contact project contributors directly. 
+
+Non-vulnerability related security issues such as new great new ideas for security features are welcome on GitHub Issues. 
+
+## Security Updates, Alerts and Bulletins
+
+Security updates will be released on a regular cadence. Many of our projects will typically release security fixes in conjunction with the [Oracle Critical Patch Update](https://www.oracle.com/security-alerts/) program. Security updates are released on the Tuesday closest to the 17th day of January, April, July and October. A pre-release announcement will be published on the Thursday preceding each release. Additional information, including past advisories, is available on our [Security Alerts](https://www.oracle.com/security-alerts/) page.
+
+## Security-Related Information
+
+We will provide security related information such as a threat model, considerations for secure use, or any known security issues in our documentation. Please note that labs and sample code are intended to demonstrate a concept and may not be sufficiently hardened for production use.

THIRD_PARTY_LICENSES.txt

@@ -0,0 +1,4 @@
+
+-------- Copyrights
+  (no copyright notices found)
+

package/Dockerfile

@@ -1,26 +1,49 @@
-FROM registry.suse.com/bci/golang:1.19-20.13 AS helm
-RUN zypper -n install git
-RUN git -C / clone --branch release-v3.11.3 --depth=1 https://github.com/rancher/helm
-RUN make -C /helm
+FROM ghcr.io/oracle/oraclelinux:7-slim as helm
+ARG HELM_VERSION=3.9.0-rancher1
+RUN yum install -y make && \
+    yum install -y oracle-golang-release-el7 && \
+    yum-config-manager --enable ol7_developer_golang119 && \
+    yum install -y golang-1.19-1.0.1.el7.x86_64 && \
+    # software collections repo needed for git 2.x on OL7
+    yum-config-manager --add-repo=http://yum.oracle.com/repo/OracleLinux/OL7/SoftwareCollections/x86_64 && \
+    yum install -y rh-git227 && \
+    # Set up needed to ensure git 2.27 from rh-git227 is on the path (gitjob original v0.1.30 image uses git version 2.35.3)
+    ln /opt/rh/rh-git227/enable /etc/profile.d/git.sh && \
+    source /etc/profile.d/git.sh && \
+    git version && \
+    # Rancher uses its own Helm fork - build and install our BFS of that fork.
+    git -C / clone --branch oracle/release/${HELM_VERSION} --depth=1 https://github.com/verrazzano/helm && \
+    make -C /helm
 
-FROM registry.suse.com/bci/bci-base:15.4.27.14.56 AS build
+FROM ghcr.io/oracle/oraclelinux:7-slim as build
 ARG ARCH=amd64
-RUN zypper -n install curl gzip tar
-ENV KUBECTL_VERSION v1.24.13
-ENV K9S_VERSION=v0.27.4
-ENV KUSTOMIZE_VERSION=v5.0.2
+RUN yum-config-manager --enable ol7_optional_latest && \
+    yum-config-manager --enable ol7_addons && \
+    yum update -y && \
+    yum install -y bash curl gzip tar
+
+ENV KUSTOMIZE_VERSION v5.0.2
 ENV KUSTOMIZE_URL=https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_${ARCH}.tar.gz
-RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl && \
-    chmod +x kubectl
-RUN curl -sfL https://github.com/derailed/k9s/releases/download/${K9S_VERSION}/k9s_Linux_${ARCH}.tar.gz | tar xvzf -
+ENV K9S_VERSION v0.26.7
+RUN if [ "${ARCH}" = "amd64" ]; then ARCH=x86_64; fi && \
+    curl -sfL https://github.com/derailed/k9s/releases/download/${K9S_VERSION}/k9s_Linux_${ARCH}.tar.gz | tar xvzf -
 RUN if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "arm64" ] || [ "${ARCH}" = "s390x" ]; then \
     curl -sLf ${KUSTOMIZE_URL} | tar -xzf - && chmod +x kustomize; \
     fi
 
-FROM registry.suse.com/bci/bci-base:15.4.27.14.56
-RUN zypper -n update && \
-    zypper -n install bash-completion gzip jq tar unzip vim wget && \
-    zypper clean -a && rm -rf /tmp/* /var/tmp/* /usr/share/doc/packages/* /usr/share/doc/manual/* /var/log/*
+FROM ghcr.io/oracle/oraclelinux:7-slim
+
+RUN yum-config-manager --enable ol7_optional_latest && \
+    yum-config-manager --enable ol7_addons && \
+    yum update -y && \
+    # NOTE - psmisc is needed for "killall" command, which Rancher uses to kill the proxy container on helm operation pods
+    yum install -y bash bash-completion gzip jq tar unzip vim wget psmisc && \
+    yum-config-manager --add-repo https://yum.oracle.com/repo/OracleLinux/OL7/olcne16/x86_64 && \
+    yum -y install kubectl-1.25.11-1.el7.x86_64 && \
+    yum clean all && \
+    ln -s /usr/bin/vim /usr/bin/vi && \
+    rm -rf /tmp/* /var/tmp/* /usr/share/doc/packages/* /usr/share/doc/manual/* /var/log/*
+
 RUN echo 'shell:x:1000:1000:shell,,,:/home/shell:/bin/bash' > /etc/passwd && \
     echo 'shell:x:1000:' > /etc/group && \
     mkdir /home/shell && \
@@ -32,11 +55,14 @@ RUN echo 'shell:x:1000:1000:shell,,,:/home/shell:/bin/bash' > /etc/passwd && \
     echo 'PS1="> "' >> /home/shell/.bashrc && \
     mkdir /home/shell/.kube && \
     chown -R shell /home/shell && \
-    chmod 700 /run
+    chmod 700 /run && \
+    mkdir -p /LICENSES
+
 COPY --from=helm ./helm/bin/helm /usr/local/bin/
-COPY --from=build /kubectl /k9s ./kustomize* /usr/local/bin/
+COPY --from=build /k9s ./kustomize* /usr/local/bin/
 COPY package/helm-cmd package/welcome /usr/local/bin/
 COPY kustomize.sh /home/shell/
+COPY THIRD_PARTY_LICENSES.txt LICENSE SECURITY.md /LICENSES/
 USER 1000
 WORKDIR /home/shell
 CMD ["welcome"]