From 0c73329f2ba8e21b0c4d081b1f468998afcdeca7 Mon Sep 17 00:00:00 2001 From: DJ Mountney Date: Sun, 22 Aug 2021 08:04:10 -0700 Subject: [PATCH] Update GitLab to the 14.2.0 Feature Release --- Dockerfile | 56 ++++++++++++++++------------------------ Dockerfile.build.ubi8 | 19 -------------- Dockerfile.ubi8 | 4 --- build-scripts/build.sh | 31 ++++++++++++++++++++++ build-scripts/cleanup.sh | 5 ++++ hardening_manifest.yaml | 18 ++++++++++--- 6 files changed, 72 insertions(+), 61 deletions(-) delete mode 100644 Dockerfile.build.ubi8 delete mode 100644 Dockerfile.ubi8 create mode 100755 build-scripts/build.sh create mode 100755 build-scripts/cleanup.sh diff --git a/Dockerfile b/Dockerfile index 6c92534..41a221b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,40 +1,28 @@ -ARG CI_REGISTRY_IMAGE="registry.gitlab.com/gitlab-org/build/cng" -ARG TAG="master" -ARG FROM_IMAGE="$CI_REGISTRY_IMAGE/gitlab-rails-ee" -ARG PYTHON_TAG=3.8.9 -ARG GITALY_IMAGE= - -FROM ${CI_REGISTRY_IMAGE}/gitlab-python:${PYTHON_TAG} AS python - -FROM ${GITALY_IMAGE} AS gitaly - -FROM ${FROM_IMAGE}:${TAG} - -ARG S3CMD_VERSION="2.1.0" -ARG GSUTIL_VERSION="4.43" - -COPY --from=python /usr/local/bin /usr/local/bin/ -COPY --from=python /usr/local/lib /usr/local/lib/ -COPY --from=python /usr/local/include /usr/local/include/ -COPY --from=gitaly /usr/local/bin/gitaly-backup /usr/local/bin/ - -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - gcc \ - ca-certificates \ - openssl \ - tar \ - && ldconfig \ - && pip3 install --upgrade s3cmd==${S3CMD_VERSION} \ - && pip3 install gsutil==${GSUTIL_VERSION} crcmod \ - && apt-get purge -y --auto-remove gcc \ - && rm -rf /var/lib/apt/lists/* +ARG GITLAB_VERSION=v14.2.0-ubi8 +ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 +ARG BASE_IMAGE=gitlab/gitlab/gitlab-rails +ARG BASE_TAG=14.2.0 + +ARG RAILS_IMAGE=${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +FROM ${RAILS_IMAGE} + +ARG GITLAB_VERSION ARG GITLAB_USER=git +ARG DNF_OPTS +ENV LIBDIR ${LIBDIR:-"/usr/lib64"} + +ADD gitlab-toolbox-ee.tar.gz / +ADD gitlab-python.tar.gz / COPY scripts/bin/* /usr/local/bin/ -COPY scripts/lib/* /usr/lib/ruby/vendor_ruby/ +COPY scripts/lib/* ${LIBDIR}/ruby/vendor_ruby/ + +RUN dnf clean all \ + && rm -r /var/cache/dnf \ + && dnf ${DNF_OPTS} install -by --nodocs ca-certificates openssl -USER $GITLAB_USER:$GITLAB_USER +USER ${GITLAB_USER}:${GITLAB_USER} -ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] \ No newline at end of file diff --git a/Dockerfile.build.ubi8 b/Dockerfile.build.ubi8 deleted file mode 100644 index dae8ec1..0000000 --- a/Dockerfile.build.ubi8 +++ /dev/null @@ -1,19 +0,0 @@ -ARG BUILD_IMAGE= - -FROM ${BUILD_IMAGE} - -ARG S3CMD_VERSION=2.1.0 -ARG GSUTIL_VERSION=4.42 -ARG DNF_OPTS - -ADD gitlab-python.tar.gz / -ADD gitaly.tar.gz /tmp/gitaly - -RUN dnf ${DNF_OPTS} install -by --nodocs gcc \ - && mkdir /assets \ - && pip3 install s3cmd==${S3CMD_VERSION} gsutil==${GSUTIL_VERSION} crcmod \ - && mv /tmp/gitaly/usr/local/bin/gitaly-backup /usr/local/bin \ - && cp -R --parents \ - /usr/local/lib/python3.8/site-packages \ - /usr/local/bin/ \ - /assets diff --git a/Dockerfile.ubi8 b/Dockerfile.ubi8 deleted file mode 100644 index 86a8007..0000000 --- a/Dockerfile.ubi8 +++ /dev/null @@ -1,4 +0,0 @@ -ARG CI_REGISTRY_IMAGE="registry.gitlab.com/gitlab-org/build/cng" -ARG TAG="master" -ARG FROM_IMAGE="$CI_REGISTRY_IMAGE/gitlab-toolbox" -FROM ${FROM_IMAGE}:${TAG} diff --git a/build-scripts/build.sh b/build-scripts/build.sh new file mode 100755 index 0000000..b069fac --- /dev/null +++ b/build-scripts/build.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +# NOTICE: This script requires `docker`. + +set -euxo pipefail + +TAG=${1:-14.2.0} +REPOSITORY=${2:-} +DOCKER_OPTS=${DOCKER_OPTS:-""} + +imageName() { + printf "${REPOSITORY}${1}:${TAG}" +} + +buildImage() { + IMAGE="${1}" + CONTEXT="${IMAGE%*-ee}" + { + docker build \ + -t "$(imageName ${IMAGE})" . \ + ${DOCKER_OPTS:-} | tee ${CONTEXT}.out + } || { + echo "${CONTEXT}" >> failed.log + } +} + +# Cleanup log outputs from previous build +rm -f *.out failed.log + +DOCKER_OPTS="$DOCKER_OPTS --build-arg RAILS_IMAGE=$(imageName gitlab-rails)" +buildImage gitlab-toolbox diff --git a/build-scripts/cleanup.sh b/build-scripts/cleanup.sh new file mode 100755 index 0000000..ad291f9 --- /dev/null +++ b/build-scripts/cleanup.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +set -euxo pipefail + +rm -f *.tar.gz *.out failed.log diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 0808edf..89725c0 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -5,12 +5,12 @@ name: "gitlab/gitlab/gitlab-toolbox" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: - - "14.1.2" + - "14.2.0" - "latest" # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "gitlab/gitlab/gitlab-rails" - BASE_TAG: "14.1.2" + BASE_TAG: "14.2.0" # Docker image labels labels: org.opencontainers.image.title: "Gitlab Toolbox" @@ -22,7 +22,7 @@ labels: org.opencontainers.image.url: "https://about.gitlab.com/" ## Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Gitlab" - org.opencontainers.image.version: "14.1.2" + org.opencontainers.image.version: "14.2.0" ## Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "gitlab, git, gitops" ## This value can be "opensource" or "commercial" @@ -46,4 +46,14 @@ maintainers: name: "Adam Martin" username: "adam.martin" cht_member: true - +resources: + - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v14.2.0-ubi8/gitlab-toolbox-ee.tar.gz" + filename: "gitlab-toolbox-ee.tar.gz" + validation: + type: "sha256" + value: "d0b2020e9ba41367ea3bb36e1fabc924ca7fb8241224e386924f2822aa5a44a4" + - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v14.2.0-ubi8/gitlab-python.tar.gz" + filename: "gitlab-python.tar.gz" + validation: + type: "sha256" + value: "c7c279f90687febbfb537c17f43b6db9dc0d1916feb7e99bdd40c17e61fe0064" -- GitLab