From 41b5db08fd2ac26ddd951b5bebd59c08ba04ae07 Mon Sep 17 00:00:00 2001 From: Christopher Bradford Date: Fri, 12 Apr 2024 01:22:22 -0400 Subject: [PATCH] Adjusted user creation in UBI 8 image Added chown and chmod flags to COPY commands Added update step to UBI 8 Updated UBI 8 to point at Docker Hub container Removed UBI 7 container --- docker/Dockerfile | 57 ++++++++---------------------------- scripts/build-push-images.sh | 22 ++------------ 2 files changed, 15 insertions(+), 64 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 19750b2..5ef1cbc 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -6,6 +6,8 @@ COPY . . RUN ./gradlew copyDockerBuildCtx +############################################################# + # The datastax base image is not multiarch presently, so we use the openjdk # image as our base for arm builds instead. FROM eclipse-temurin:8-jdk as cass-config-builder @@ -30,7 +32,9 @@ ENTRYPOINT ["/usr/local/bin/entrypoint"] USER ${USER_UID} -FROM registry.access.redhat.com/ubi7/ubi-minimal:7.9 AS builder-ubi +############################################################# + +FROM redhat/ubi8-minimal:8.9 AS builder-ubi # Update the builder packages and create user RUN microdnf update && rm -rf /var/cache/yum && \ @@ -39,8 +43,8 @@ RUN microdnf update && rm -rf /var/cache/yum && \ ############################################################# -FROM registry.access.redhat.com/ubi7/ubi-minimal:7.9 as cass-config-builder-ubi - +# Build the UBI8 image +FROM redhat/ubi8-minimal:8.9 as cass-config-builder-ubi LABEL maintainer="DataStax, Inc " LABEL name="cass-config-builder" LABEL vendor="DataStax, Inc" @@ -61,51 +65,16 @@ COPY --from=builder-ubi /etc/group /etc/group COPY --from=builder-ubi /etc/gshadow /etc/gshadow # Install the uber jar -COPY --from=builder build/docker/*.jar /usr/local/bin/ +COPY --from=builder --chown=cassandra:root --chmod=444 build/docker/*.jar /usr/local/bin/ # Install definition files -COPY --from=builder build/docker/definitions /definitions - -COPY --from=builder build/docker/bin/* /usr/local/bin/ - -COPY --from=builder build/docker/LICENSE /licenses/ - -# Fix permissions -RUN chown cassandra:root -Rv /usr/local/bin/* && \ - chmod -Rv g+x /usr/local/bin - -USER cassandra:root - -ENV PATH=$PATH:/usr/local/bin - -ENTRYPOINT ["/usr/local/bin/entrypoint"] - -# Build the UBI8 image -FROM registry.access.redhat.com/ubi8/openjdk-8:1.18 as cass-config-builder-ubi-8 -LABEL maintainer="DataStax, Inc " -LABEL name="cass-config-builder" -LABEL vendor="DataStax, Inc" -LABEL release="1.0.0" -LABEL summary="Configuration templating engine for Apache Cassandra®." -LABEL description="Configuration templating engine for Apache Cassandra®. Powers the configuration of containers deployed via the DataStax Kubernetes Operator for Apache Cassandra." - -# Create user -USER root -RUN microdnf install shadow-utils && useradd -r -s /bin/false -U -G root cassandra - -# Install the uber jar -COPY --from=builder build/docker/*.jar /usr/local/bin/ - -# Install definition files -COPY --from=builder build/docker/definitions /definitions - -COPY --from=builder build/docker/bin/* /usr/local/bin/ +COPY --from=builder --chown=cassandra:root --chmod=444 build/docker/definitions /definitions -COPY --from=builder build/docker/LICENSE /licenses/ +# Install scripts +COPY --from=builder --chown=cassandra:root --chmod=555 build/docker/bin/* /usr/local/bin/ -# Fix permissions -RUN chown cassandra:root -Rv /usr/local/bin/* && \ - chmod -Rv g+x /usr/local/bin +# Install licenses +COPY --from=builder --chown=cassandra:root --chmod=444 build/docker/LICENSE /licenses/ USER cassandra:root diff --git a/scripts/build-push-images.sh b/scripts/build-push-images.sh index 3a97a20..ba518c7 100755 --- a/scripts/build-push-images.sh +++ b/scripts/build-push-images.sh @@ -16,8 +16,7 @@ RELEASE_VERSION="${VERSION_NUMBER}-${VERSION_DATE}" GH_REPOSITORY="ghcr.io/${GITHUB_REPO_OWNER}/cass-config-builder/cass-config-builder" GH_TAGS=(--tag "${GH_REPOSITORY}:${RELEASE_VERSION}") -GH_UBI_TAGS=(--tag "${GH_REPOSITORY}:${RELEASE_VERSION}-ubi7") -GH_UBI8_TAGS=(--tag "${GH_REPOSITORY}:${RELEASE_VERSION}-ubi8") +GH_UBI_TAGS=(--tag "${GH_REPOSITORY}:${RELEASE_VERSION}-ubi") GH_ARM64_TAGS=(--tag "${GH_REPOSITORY}:${RELEASE_VERSION}-arm64") LABELS=( @@ -45,11 +44,6 @@ UBI_ARGS=( --target cass-config-builder-ubi ) -UBI8_ARGS=( - "${COMMON_ARGS[@]}" - --target cass-config-builder-ubi-8 -) - # GitHub packages does not presently support multiarch images, so we # will have to create independent tags for each arch. This feature is # coming though: @@ -75,19 +69,7 @@ docker buildx build --load \ --platform linux/amd64 \ . -docker buildx build --load \ - "${GH_UBI8_TAGS[@]}" \ - "${UBI8_ARGS[@]}" \ - --platform linux/amd64 \ - . - -docker buildx build --load \ - "${GH_UBI8_TAGS[@]}" \ - "${UBI8_ARGS[@]}" \ - --platform linux/arm64 \ - . - -TAGS_TO_PUSH=("${GH_ARM64_TAGS[@]}" "${GH_TAGS[@]}" "${GH_UBI_TAGS[@]}" "${GH_UBI8_TAGS[@]}") +TAGS_TO_PUSH=("${GH_ARM64_TAGS[@]}" "${GH_TAGS[@]}" "${GH_UBI_TAGS[@]}") echo "Pushing tags: " "${TAGS_TO_PUSH[@]}" # Note: Every even index of TAGS_TO_PUSH will be the string '--tag'