From c676e22e092bcce5a3c1eb991999bef4366db6a5 Mon Sep 17 00:00:00 2001 From: Michael Uranaka Date: Fri, 16 Apr 2021 14:55:42 -1000 Subject: [PATCH 1/6] updating docker file --- .gitignore | 4 +++- Dockerfile | 44 ++++++++++++++++++++------------------------ 2 files changed, 23 insertions(+), 25 deletions(-) diff --git a/.gitignore b/.gitignore index 6551e48..b9e1e7d 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,6 @@ gradlew gradlew.bat gradle build_dependencies -libs \ No newline at end of file +libs +jars.tar.gz +redis-cli.tar.gz \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index fd33ffe..c3ec4ea 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG BASE_REGISTRY=registry1.dso.mil -ARG BASE_IMAGE=opensource/gradle/gradle-jre11 +ARG BASE_IMAGE=ironbank/opensource/gradle/gradle-jre11 ARG BASE_TAG=6.7.1 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} @@ -9,39 +9,35 @@ USER 0 RUN dnf update -y && dnf clean all # Copy in the project files -WORKDIR /app -COPY ./scripts /app -COPY redis-cli.tar.gz . -COPY jars.tar.gz . +COPY ./scripts \ + redis-cli.tar.gz \ + jars.tar.gz /app/ # Set workdir. WORKDIR /app -# Setup redis. -RUN tar xzf redis-cli.tar.gz && rm redis-cli.tar.gz -RUN mv redis-cli /usr/local/bin/redis-cli - -# Setup jars. -RUN tar xzf jars.tar.gz && rm jars.tar.gz -RUN mkdir libs && mv jars/main/* libs/ -RUN mkdir process_job/libs && mv jars/process_job/* process_job/libs/ -RUN mkdir send_results/libs && mv jars/send_results/* send_results/libs/ -RUN rm -rf jars - -# Set permissions and ownership -RUN chown -R 1000 /app -RUN chmod 0555 /app/get-job.sh +# Setup redis and jar files. +RUN tar xzf redis-cli.tar.gz \ + && rm redis-cli.tar.gz \ + && mv redis-cli /usr/local/bin/redis-cli \ + && tar xzf jars.tar.gz && rm jars.tar.gz \ + && mkdir libs && mv jars/main/* libs/ \ + && mkdir process_job/libs && mv jars/process_job/* process_job/libs/ \ + && mkdir send_results/libs && mv jars/send_results/* send_results/libs/ \ + && rm -rf jars \ + && chown -R 1000 /app \ + && chmod 0555 /app/get-job.sh # Change to the gradle user USER 1000 -# Prebuild, then build. This should speed things up before processing the first job -RUN gradle --offline build -RUN cd process_job && gradle --offline build && cd .. -RUN cd send_results && gradle --offline build && cd .. +# Pre-build. This should speed things up before processing the first job +RUN gradle --offline build \ + && cd process_job && gradle --offline build && cd .. \ + && cd send_results && gradle --offline build && cd .. # Health check HEALTHCHECK none # Start the job processor -ENTRYPOINT ["/app/get-job.sh"] +ENTRYPOINT ["/app/get-job.sh"] \ No newline at end of file -- GitLab From 74f4d393a4887744cd1698d77b05da2ab2ad0470 Mon Sep 17 00:00:00 2001 From: Michael Uranaka Date: Fri, 16 Apr 2021 15:13:13 -1000 Subject: [PATCH 2/6] testing --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c3ec4ea..6e6ca62 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} USER 0 # Make sure we are up to date -RUN dnf update -y && dnf clean all +#RUN dnf update -y && dnf clean all # Copy in the project files COPY ./scripts \ -- GitLab From 53f371e4003ffcad780109b1ac146d360e92a0f7 Mon Sep 17 00:00:00 2001 From: Michael Uranaka Date: Fri, 16 Apr 2021 15:29:38 -1000 Subject: [PATCH 3/6] test --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 6e6ca62..c3ec4ea 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} USER 0 # Make sure we are up to date -#RUN dnf update -y && dnf clean all +RUN dnf update -y && dnf clean all # Copy in the project files COPY ./scripts \ -- GitLab From fa34f793103d24919120d1d63ab686b3e6a4ad4b Mon Sep 17 00:00:00 2001 From: Michael Uranaka Date: Fri, 16 Apr 2021 20:27:10 -1000 Subject: [PATCH 4/6] minor updates --- Dockerfile | 14 +++++++------- README.md | 2 +- hardening_manifest.yaml | 2 +- scripts/Dockerfile.packages | 14 +++++++++----- scripts/repackage.sh | 15 ++++++++------- 5 files changed, 26 insertions(+), 21 deletions(-) diff --git a/Dockerfile b/Dockerfile index c3ec4ea..422baef 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,14 @@ ARG BASE_REGISTRY=registry1.dso.mil -ARG BASE_IMAGE=ironbank/opensource/gradle/gradle-jre11 +ARG BASE_IMAGE=opensource/gradle/gradle-jre11 ARG BASE_TAG=6.7.1 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} USER 0 -# Make sure we are up to date +# Make sure we are up to date. RUN dnf update -y && dnf clean all -# Copy in the project files +# Copy in the project files. COPY ./scripts \ redis-cli.tar.gz \ jars.tar.gz /app/ @@ -28,16 +28,16 @@ RUN tar xzf redis-cli.tar.gz \ && chown -R 1000 /app \ && chmod 0555 /app/get-job.sh -# Change to the gradle user +# Change to the gradle user. USER 1000 -# Pre-build. This should speed things up before processing the first job +# Pre-build. This should speed things up before processing the first job. RUN gradle --offline build \ && cd process_job && gradle --offline build && cd .. \ && cd send_results && gradle --offline build && cd .. -# Health check +# Health check. HEALTHCHECK none -# Start the job processor +# Start the job processor. ENTRYPOINT ["/app/get-job.sh"] \ No newline at end of file diff --git a/README.md b/README.md index d260c9d..147ea14 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ code snippets that were submitted from students through the LEARN application. ## Requirements: - Redis CLI - Java 11 -- Gradle 6.7 +- Gradle 6.8 ## Container Usage: diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 1f24c1d..d4ac3b3 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -14,7 +14,7 @@ tags: # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "opensource/gradle/gradle-jre11" - BASE_TAG: "6.7.1" + BASE_TAG: "6.8.3" # Docker image labels labels: diff --git a/scripts/Dockerfile.packages b/scripts/Dockerfile.packages index 8940719..1460416 100644 --- a/scripts/Dockerfile.packages +++ b/scripts/Dockerfile.packages @@ -6,7 +6,8 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} USER 0 # Install required libs. -RUN dnf update -y && dnf install -y \ +RUN dnf update -y \ + && dnf install -y \ curl \ make \ gcc \ @@ -16,13 +17,16 @@ RUN dnf update -y && dnf install -y \ WORKDIR /app # Redis -RUN curl -L http://download.redis.io/redis-stable.tar.gz -o redis-stable.tar.gz -RUN tar xzf redis-stable.tar.gz +RUN curl -L http://download.redis.io/redis-stable.tar.gz -o redis-stable.tar.gz \ + && tar xzf redis-stable.tar.gz + WORKDIR /app/redis-stable RUN make redis-cli + WORKDIR /app/redis-stable/src -RUN tar czf redis-cli.tar.gz redis-cli -RUN mv redis-cli.tar.gz /app/ +RUN tar czf redis-cli.tar.gz redis-cli \ + && mv redis-cli.tar.gz /app/ + WORKDIR /app # Add write permissions. diff --git a/scripts/repackage.sh b/scripts/repackage.sh index d58fa27..e3f1bb7 100755 --- a/scripts/repackage.sh +++ b/scripts/repackage.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Image Params. BASE_REGISTRY=registry.il2.dso.mil @@ -8,7 +8,7 @@ BASE_TAG=6.7.1 # This is the profile name in your aws credentials file. DEPENDENCY_FOLDER=build_dependencies AWS_PROFILE_NAME=revacomm -AWS_BUCKET_NAME=learn-dependencies/java-evaluator +AWS_BUCKET_NAME=learn-dependencies/java-evaluator-dev AWS_REGION=us-gov-west-1 echo "Clearing dependency folder." @@ -23,24 +23,25 @@ IMAGE_ID=$(docker build --file Dockerfile.packages . -q \ echo "Image ID: ${IMAGE_ID}" echo "Starting docker container." -CONTAINER_ID=$(docker run -d "$IMAGE_ID") +CONTAINER_ID=$(docker run -d $IMAGE_ID) echo "Container ID: ${CONTAINER_ID}" echo "Copying node modules and gems to the bundles directory." -docker cp "$CONTAINER_ID":/app/redis-cli.tar.gz $DEPENDENCY_FOLDER +TIMESTAMP=$(TZ='Pacific/Honolulu' date '+%Y%m%d%H%M') +docker cp $CONTAINER_ID:/app/redis-cli.tar.gz $DEPENDENCY_FOLDER/redis-cli-${TIMESTAMP}.tar.gz echo "Stopping the docker container." docker stop "$CONTAINER_ID" echo "Uploading all the build dependencies to AWS." -aws s3 sync $DEPENDENCY_FOLDER s3://$AWS_BUCKET_NAME --delete --profile $AWS_PROFILE_NAME --region $AWS_REGION +#aws s3 sync $DEPENDENCY_FOLDER s3://$AWS_BUCKET_NAME --delete --profile $AWS_PROFILE_NAME --region $AWS_REGION echo "Checksums:" cd $DEPENDENCY_FOLDER -sha256sum redis-cli.tar.gz +sha256sum redis-cli-${TIMESTAMP}.tar.gz cd .. echo "Removing dependency folder." -rm -rf $DEPENDENCY_FOLDER +#rm -rf $DEPENDENCY_FOLDER echo "Done!" \ No newline at end of file -- GitLab From 39fbe2e2315f301418728a7c9b276d7ef9d0c862 Mon Sep 17 00:00:00 2001 From: Michael Uranaka Date: Fri, 16 Apr 2021 20:34:45 -1000 Subject: [PATCH 5/6] changing version for now --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index d4ac3b3..1f24c1d 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -14,7 +14,7 @@ tags: # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "opensource/gradle/gradle-jre11" - BASE_TAG: "6.8.3" + BASE_TAG: "6.7.1" # Docker image labels labels: -- GitLab From af7c251ca33f43b008c56a04eb802dd4f3fd22b6 Mon Sep 17 00:00:00 2001 From: Michael Uranaka Date: Tue, 20 Apr 2021 08:16:43 -1000 Subject: [PATCH 6/6] updating to gradle 6.8.3 --- Dockerfile | 2 +- hardening_manifest.yaml | 6 +++--- scripts/repackage.sh | 17 ++++++++--------- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 422baef..3951229 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=opensource/gradle/gradle-jre11 -ARG BASE_TAG=6.7.1 +ARG BASE_TAG=6.8.3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} USER 0 diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 1f24c1d..4b138ae 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -14,7 +14,7 @@ tags: # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "opensource/gradle/gradle-jre11" - BASE_TAG: "6.7.1" + BASE_TAG: "6.8.3" # Docker image labels labels: @@ -38,7 +38,7 @@ resources: filename: redis-cli.tar.gz validation: type: sha256 - value: 975e37c4165969c4cd612ddd81a6950e872f2d9a7a355376a05be4ad901e62fe + value: 656bf2fc3f4e63bb4ee96744a550a875b316e3f99da241a378a63db47b91e1ee - auth: type: s3 id: galvanize @@ -47,7 +47,7 @@ resources: filename: jars.tar.gz validation: type: sha256 - value: 8d9cbd2da25b8c1792e6fc900c9bd88c7e79005fdacf81fd0765933682b53c21 + value: 179f64dd1799517dbec988e8f54be50496bc7dc093dadcd43ce758d103644357 # List of project maintainers maintainers: diff --git a/scripts/repackage.sh b/scripts/repackage.sh index e3f1bb7..159aad6 100755 --- a/scripts/repackage.sh +++ b/scripts/repackage.sh @@ -1,14 +1,14 @@ #!/usr/bin/env bash # Image Params. -BASE_REGISTRY=registry.il2.dso.mil -BASE_IMAGE=platform-one/devops/pipeline-templates/ironbank/gradle-jre11 -BASE_TAG=6.7.1 +BASE_REGISTRY=registry1.dso.mil +BASE_IMAGE=ironbank/opensource/gradle/gradle-jre11 +BASE_TAG=6.8.3 # This is the profile name in your aws credentials file. DEPENDENCY_FOLDER=build_dependencies AWS_PROFILE_NAME=revacomm -AWS_BUCKET_NAME=learn-dependencies/java-evaluator-dev +AWS_BUCKET_NAME=learn-dependencies/java-evaluator AWS_REGION=us-gov-west-1 echo "Clearing dependency folder." @@ -27,21 +27,20 @@ CONTAINER_ID=$(docker run -d $IMAGE_ID) echo "Container ID: ${CONTAINER_ID}" echo "Copying node modules and gems to the bundles directory." -TIMESTAMP=$(TZ='Pacific/Honolulu' date '+%Y%m%d%H%M') -docker cp $CONTAINER_ID:/app/redis-cli.tar.gz $DEPENDENCY_FOLDER/redis-cli-${TIMESTAMP}.tar.gz +docker cp $CONTAINER_ID:/app/redis-cli.tar.gz $DEPENDENCY_FOLDER/redis-cli.tar.gz echo "Stopping the docker container." docker stop "$CONTAINER_ID" echo "Uploading all the build dependencies to AWS." -#aws s3 sync $DEPENDENCY_FOLDER s3://$AWS_BUCKET_NAME --delete --profile $AWS_PROFILE_NAME --region $AWS_REGION +aws s3 sync $DEPENDENCY_FOLDER s3://$AWS_BUCKET_NAME --delete --profile $AWS_PROFILE_NAME --region $AWS_REGION echo "Checksums:" cd $DEPENDENCY_FOLDER -sha256sum redis-cli-${TIMESTAMP}.tar.gz +sha256sum redis-cli.tar.gz cd .. echo "Removing dependency folder." -#rm -rf $DEPENDENCY_FOLDER +rm -rf $DEPENDENCY_FOLDER echo "Done!" \ No newline at end of file -- GitLab