diff --git a/.gitignore b/.gitignore index 6551e48428f6ec2ff0b0fbafac45e373a1c00119..b9e1e7dc33246177c85a508be190dd8191fb0e58 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,6 @@ gradlew gradlew.bat gradle build_dependencies -libs \ No newline at end of file +libs +jars.tar.gz +redis-cli.tar.gz \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index fd33ffe17f2efe8f78b736ae239feac7b268473f..3951229818077d75eccba5708489947afeaeab11 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,47 +1,43 @@ ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=opensource/gradle/gradle-jre11 -ARG BASE_TAG=6.7.1 +ARG BASE_TAG=6.8.3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} USER 0 -# Make sure we are up to date +# Make sure we are up to date. RUN dnf update -y && dnf clean all -# Copy in the project files -WORKDIR /app -COPY ./scripts /app -COPY redis-cli.tar.gz . -COPY jars.tar.gz . +# Copy in the project files. +COPY ./scripts \ + redis-cli.tar.gz \ + jars.tar.gz /app/ # Set workdir. WORKDIR /app -# Setup redis. -RUN tar xzf redis-cli.tar.gz && rm redis-cli.tar.gz -RUN mv redis-cli /usr/local/bin/redis-cli - -# Setup jars. -RUN tar xzf jars.tar.gz && rm jars.tar.gz -RUN mkdir libs && mv jars/main/* libs/ -RUN mkdir process_job/libs && mv jars/process_job/* process_job/libs/ -RUN mkdir send_results/libs && mv jars/send_results/* send_results/libs/ -RUN rm -rf jars - -# Set permissions and ownership -RUN chown -R 1000 /app -RUN chmod 0555 /app/get-job.sh - -# Change to the gradle user +# Setup redis and jar files. +RUN tar xzf redis-cli.tar.gz \ + && rm redis-cli.tar.gz \ + && mv redis-cli /usr/local/bin/redis-cli \ + && tar xzf jars.tar.gz && rm jars.tar.gz \ + && mkdir libs && mv jars/main/* libs/ \ + && mkdir process_job/libs && mv jars/process_job/* process_job/libs/ \ + && mkdir send_results/libs && mv jars/send_results/* send_results/libs/ \ + && rm -rf jars \ + && chown -R 1000 /app \ + && chmod 0555 /app/get-job.sh + +# Change to the gradle user. USER 1000 -# Prebuild, then build. This should speed things up before processing the first job -RUN gradle --offline build -RUN cd process_job && gradle --offline build && cd .. -RUN cd send_results && gradle --offline build && cd .. +# Pre-build. This should speed things up before processing the first job. +RUN gradle --offline build \ + && cd process_job && gradle --offline build && cd .. \ + && cd send_results && gradle --offline build && cd .. -# Health check +# Health check. HEALTHCHECK none -# Start the job processor -ENTRYPOINT ["/app/get-job.sh"] +# Start the job processor. +ENTRYPOINT ["/app/get-job.sh"] \ No newline at end of file diff --git a/README.md b/README.md index d260c9db3f37e43b7ffa21910b8230a14db7aa10..147ea143f26325aee1126921aca2d2b17102e2a7 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ code snippets that were submitted from students through the LEARN application. ## Requirements: - Redis CLI - Java 11 -- Gradle 6.7 +- Gradle 6.8 ## Container Usage: diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 1f24c1db908cbd86587e9d937dd626dd5ac6e04e..4b138ae1a3c25eff3ccc8dce2a4a265247a46d3d 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -14,7 +14,7 @@ tags: # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "opensource/gradle/gradle-jre11" - BASE_TAG: "6.7.1" + BASE_TAG: "6.8.3" # Docker image labels labels: @@ -38,7 +38,7 @@ resources: filename: redis-cli.tar.gz validation: type: sha256 - value: 975e37c4165969c4cd612ddd81a6950e872f2d9a7a355376a05be4ad901e62fe + value: 656bf2fc3f4e63bb4ee96744a550a875b316e3f99da241a378a63db47b91e1ee - auth: type: s3 id: galvanize @@ -47,7 +47,7 @@ resources: filename: jars.tar.gz validation: type: sha256 - value: 8d9cbd2da25b8c1792e6fc900c9bd88c7e79005fdacf81fd0765933682b53c21 + value: 179f64dd1799517dbec988e8f54be50496bc7dc093dadcd43ce758d103644357 # List of project maintainers maintainers: diff --git a/scripts/Dockerfile.packages b/scripts/Dockerfile.packages index 8940719541b1fd7d565573e05a66c42b94419b58..1460416f7158adc453200a7fd4d75cb4650fe03c 100644 --- a/scripts/Dockerfile.packages +++ b/scripts/Dockerfile.packages @@ -6,7 +6,8 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} USER 0 # Install required libs. -RUN dnf update -y && dnf install -y \ +RUN dnf update -y \ + && dnf install -y \ curl \ make \ gcc \ @@ -16,13 +17,16 @@ RUN dnf update -y && dnf install -y \ WORKDIR /app # Redis -RUN curl -L http://download.redis.io/redis-stable.tar.gz -o redis-stable.tar.gz -RUN tar xzf redis-stable.tar.gz +RUN curl -L http://download.redis.io/redis-stable.tar.gz -o redis-stable.tar.gz \ + && tar xzf redis-stable.tar.gz + WORKDIR /app/redis-stable RUN make redis-cli + WORKDIR /app/redis-stable/src -RUN tar czf redis-cli.tar.gz redis-cli -RUN mv redis-cli.tar.gz /app/ +RUN tar czf redis-cli.tar.gz redis-cli \ + && mv redis-cli.tar.gz /app/ + WORKDIR /app # Add write permissions. diff --git a/scripts/repackage.sh b/scripts/repackage.sh index d58fa27387e527b987d4cc5faa2ccf7625faee00..159aad65082ab211f5c642f3305ac2ed60b928d1 100755 --- a/scripts/repackage.sh +++ b/scripts/repackage.sh @@ -1,9 +1,9 @@ -#!/bin/bash +#!/usr/bin/env bash # Image Params. -BASE_REGISTRY=registry.il2.dso.mil -BASE_IMAGE=platform-one/devops/pipeline-templates/ironbank/gradle-jre11 -BASE_TAG=6.7.1 +BASE_REGISTRY=registry1.dso.mil +BASE_IMAGE=ironbank/opensource/gradle/gradle-jre11 +BASE_TAG=6.8.3 # This is the profile name in your aws credentials file. DEPENDENCY_FOLDER=build_dependencies @@ -23,11 +23,11 @@ IMAGE_ID=$(docker build --file Dockerfile.packages . -q \ echo "Image ID: ${IMAGE_ID}" echo "Starting docker container." -CONTAINER_ID=$(docker run -d "$IMAGE_ID") +CONTAINER_ID=$(docker run -d $IMAGE_ID) echo "Container ID: ${CONTAINER_ID}" echo "Copying node modules and gems to the bundles directory." -docker cp "$CONTAINER_ID":/app/redis-cli.tar.gz $DEPENDENCY_FOLDER +docker cp $CONTAINER_ID:/app/redis-cli.tar.gz $DEPENDENCY_FOLDER/redis-cli.tar.gz echo "Stopping the docker container." docker stop "$CONTAINER_ID"