diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index eb9014f..d8fecd1 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -1895,6 +1895,110 @@ jobs: - name: Image Digest ๐Ÿ”– run: echo ${{ steps.image_build.outputs.digest }} + ############################ + # ploigos-tool-gcc_ubi8 # + ############################ + ploigos-tool-gcc_ubi8: + needs: + - ploigos-base_ubi8 + + runs-on: ubuntu-latest + + env: + IMAGE_CONTEXT: ./ploigos-tool-gcc + IMAGE_FILE: Containerfile.ubi8 + IMAGE_NAME: ploigos-tool-gcc + IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-gcc:latest.ubi8 + IMAGE_TAG_FLAVOR: .ubi8 + IMAGE_IS_DEFAULT_FLAVOR: true + BASE_IMAGE_NAME: ploigos-base + BASE_IMAGE_VERSION: ${{ needs.ploigos-base_ubi8.outputs.version }} + + services: + registry: + image: registry:2 + ports: + - 5000:5000 + + outputs: + version: ${{ steps.prep.outputs.version }} + + steps: + - name: Checkout ๐Ÿ›Ž๏ธ + uses: actions/checkout@v2 + + - name: Determine Image Version and Tags โš™๏ธ + id: prep + run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh + + - name: Version ๐Ÿ“Œ + run: echo ${{ steps.prep.outputs.version }} + + - name: Image Tags ๐Ÿท + run: echo ${{ steps.prep.outputs.tags }} + + - name: Set up QEMU ๐Ÿงฐ + uses: docker/setup-qemu-action@v1.0.1 + + - name: Set up Docker Buildx ๐Ÿงฐ + uses: docker/setup-buildx-action@v1.0.4 + with: + driver-opts: network=host + + - name: Cache Docker layers ๐Ÿ—ƒ + uses: actions/cache@v2.1.3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Build Image ๐Ÿ›  + id: image_build + uses: docker/build-push-action@v2.2.1 + env: + IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ env.BASE_IMAGE_VERSION }} + with: + context: ${{ env.IMAGE_CONTEXT }} + file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} + build-args: ${{ env.IMAGE_BUILD_ARGS }} + push: true + tags: ${{ env.IMAGE_TAG_LOCAL }} + labels: | + org.opencontainers.image.created=${{ steps.prep.outputs.created }} + org.opencontainers.image.source=${{ github.repositoryUrl }} + org.opencontainers.image.version=${{ steps.prep.outputs.version }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.licenses=${{ github.event.repository.license.name }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + + - name: Test Image ๐Ÿงช + run: | + echo "Verify GCC installed" + docker run ${{ env.IMAGE_TAG_LOCAL }} gcc --help + + - name: Login to External Registry ๐Ÿ”‘ + uses: docker/login-action@v1 + with: + registry: ${{ secrets.REGISTRY_URI }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + + - name: Push to External Registry ๐Ÿ”บ + id: push + run: | + docker pull ${{ env.IMAGE_TAG_LOCAL }} + + TAGS=${{ steps.prep.outputs.tags }} + for TAG in ${TAGS//,/ }; do + docker tag ${{ env.IMAGE_TAG_LOCAL }} ${TAG} + docker push ${TAG} + done + + - name: Image Digest ๐Ÿ”– + run: echo ${{ steps.image_build.outputs.digest }} + ############################## # ploigos-tool-openscap_ubi8 # ############################## diff --git a/README.md b/README.md index e552590..c5c6524 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,11 @@ Required Capabilities for rootless container building: * SETUID * SETGID +## ploigos-tool-gcc +[![ploigos-tool-gcc](https://img.shields.io/badge/quay.io-ploigos--tool--gcc-lightgrey?logo=open-containers-initiative)](https://quay.io/repository/ploigos/ploigos-tool-gcc) + +Defines a tools container that has tools for working with gcc. + ## ploigos-tool-helm [![ploigos-tool-helm](https://img.shields.io/badge/quay.io-ploigos--tool--helm-lightgrey?logo=open-containers-initiative)](https://quay.io/repository/ploigos/ploigos-tool-helm) @@ -167,6 +172,7 @@ podman build --tag ploigos-jenkins-init podman build --tag ploigos-tool-argocd --build-arg BASE_IMAGE=ploigos-base ploigos-tool-argocd podman build --tag ploigos-tool-config-lint --build-arg BASE_IMAGE=ploigos-base ploigos-tool-config-lint podman build --tag ploigos-tool-containers --build-arg BASE_IMAGE=ploigos-base ploigos-tool-containers +podman build --tag ploigos-tool-gcc --build-arg BASE_IMAGE=ploigos-base ploigos-tool-gcc podman build --tag ploigos-tool-helm --build-arg BASE_IMAGE=ploigos-base ploigos-tool-helm podman build --tag ploigos-tool-java --build-arg BASE_IMAGE=ploigos-base ploigos-tool-java podman build --tag ploigos-tool-maven --build-arg BASE_IMAGE=ploigos-tool-java ploigos-tool-maven diff --git a/ploigos-tool-gcc/Containerfile b/ploigos-tool-gcc/Containerfile new file mode 100644 index 0000000..2917545 --- /dev/null +++ b/ploigos-tool-gcc/Containerfile @@ -0,0 +1,32 @@ +ARG BASE_IMAGE=quay.io/ploigos/ploigos-tool-containers:latest.ubi8 + +FROM $BASE_IMAGE +ARG PLOIGOS_USER_UID + +# labels +ENV DESCRIPTION="Ploigos tool container with OpenSCAP." +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-tool-openscap" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Tool - OpenSCAP" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,oscap,openscap" \ + com.redhat.component="ploigos-tool-openscap-container" + +USER root + +RUN INSTALL_PKGS="openscap-scanner" && \ + dnf update -y --allowerasing --nobest && \ + dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ + dnf clean all && \ + rm -rf /var/cache /var/log/dnf* /var/log/yum.* + +# may not actually be able to run as this user at runtime +# but platforms like OpenShift will still respect users home directory +# so still worth setting +USER ${PLOIGOS_USER_UID} diff --git a/ploigos-tool-gcc/Containerfile.ubi8 b/ploigos-tool-gcc/Containerfile.ubi8 new file mode 100644 index 0000000..ce42f90 --- /dev/null +++ b/ploigos-tool-gcc/Containerfile.ubi8 @@ -0,0 +1,32 @@ +ARG BASE_IMAGE=quay.io/ploigos/ploigos-base:latest.ubi8 + +FROM $BASE_IMAGE +ARG PLOIGOS_USER_UID + +# labels +ENV DESCRIPTION="Ploigos tool container with OpenSCAP." +LABEL \ + maintainer="Ploigos " \ + name="ploigos/ploigos-tool-openscap" \ + summary="$DESCRIPTION" \ + description="$DESCRIPTION" \ + License="GPLv2+" \ + architecture="x86_64" \ + io.k8s.display-name="Ploigos - Tool - OpenSCAP" \ + io.k8s.description="$DESCRIPTION" \ + io.openshift.expose-services="" \ + io.openshift.tags="ploigos,oscap,openscap" \ + com.redhat.component="ploigos-tool-openscap-container" + +USER root + +RUN INSTALL_PKGS="gcc" && \ + dnf update -y --allowerasing --nobest && \ + dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ + dnf clean all && \ + rm -rf /var/cache /var/log/dnf* /var/log/yum.* + +# may not actually be able to run as this user at runtime +# but platforms like OpenShift will still respect users home directory +# so still worth setting +USER ${PLOIGOS_USER_UID} diff --git a/ploigos-tool-gcc/README.md b/ploigos-tool-gcc/README.md new file mode 100644 index 0000000..cc45bfc --- /dev/null +++ b/ploigos-tool-gcc/README.md @@ -0,0 +1,7 @@ +# ploigos-tool-gcc + +This repository contains the container definition for creating the Ploigos workflow +gcc CLI tools container image. + +This container image is intended to be used as the container image to run Ploigos workflow steps +in that require access to the gcc CLI tool.