From b4f8528923575202902ccedacbb7b0bfa341d1a8 Mon Sep 17 00:00:00 2001 From: "sean.melissari" Date: Wed, 19 May 2021 17:27:53 +0000 Subject: [PATCH 1/8] bump ubi 8.4 --- Dockerfile | 25 +-------------------- hardening_manifest.yaml | 49 +---------------------------------------- 2 files changed, 2 insertions(+), 72 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8bdfb9b..5f843f9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1 @@ -ARG BASE_REGISTRY=registry1.dsop.io -ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 -ARG BASE_TAG=8.3 - -FROM amazon/aws-cli:2.2.5 as cli - -FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - -COPY --from=cli /usr/local/aws-cli /usr/local/aws-cli - -RUN groupadd -g 1001 awscli && \ - useradd -r -u 1001 -d /aws -m -s /sbin/nologin -g awscli awscli && \ - ln -s /usr/local/aws-cli/v2/current/bin/aws /usr/local/bin/aws && \ - ln -s /usr/local/aws-cli/v2/current/bin/aws_completer /usr/local/bin/aws_completer && \ - dnf upgrade -y && \ - dnf install -y groff-base less && \ - dnf clean all && \ - rm -rf /var/cache/dnf - -USER 1001 -WORKDIR /aws -HEALTHCHECK NONE - -ENTRYPOINT ["aws"] +b'ARG BASE_REGISTRY=registry1.dsop.io\nARG BASE_IMAGE=ironbank/redhat/ubi/ubi8\nARG BASE_TAG=8.4\n\nFROM amazon/aws-cli:2.2.5 as cli\n\nFROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}\n\nCOPY --from=cli /usr/local/aws-cli /usr/local/aws-cli\n\nRUN groupadd -g 1001 awscli && \\\n useradd -r -u 1001 -d /aws -m -s /sbin/nologin -g awscli awscli && \\\n ln -s /usr/local/aws-cli/v2/current/bin/aws /usr/local/bin/aws && \\\n ln -s /usr/local/aws-cli/v2/current/bin/aws_completer /usr/local/bin/aws_completer && \\\n dnf upgrade -y && \\\n dnf install -y groff-base less && \\\n dnf clean all && \\\n rm -rf /var/cache/dnf\n\nUSER 1001\nWORKDIR /aws\nHEALTHCHECK NONE\n\nENTRYPOINT ["aws"]\n' \ No newline at end of file diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 672cf61..af93bb4 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -1,48 +1 @@ ---- -apiVersion: v1 - -# The repository name in registry1, excluding /ironbank/ -name: "opensource/amazon/aws-cli" - -# List of tags to push for the repository in registry1 -# The most specific version should be the first tag and will be shown -# on ironbank.dsop.io -tags: -- "2.2.5" -- "latest" - -# Build args passed to Dockerfile ARGs -args: - BASE_IMAGE: "redhat/ubi/ubi8" - BASE_TAG: "8.3" - -# Docker image labels -labels: - org.opencontainers.image.title: "aws-cli" - ## Human-readable description of the software packaged in the image - org.opencontainers.image.description: "Universal Command Line Interface for Amazon Web Services." - ## License(s) under which contained software is distributed - org.opencontainers.image.licenses: "Apache-2.0" - ## URL to find more information on the image - org.opencontainers.image.url: "https://github.com/aws/aws-cli" - ## Name of the distributing entity, organization or individual - org.opencontainers.image.vendor: "Amazon" - org.opencontainers.image.version: "2.2.5" - ## Keywords to help with search (ex. "cicd,gitops,golang") - mil.dso.ironbank.image.keywords: "aws,cli" - ## This value can be "opensource" or "commercial" - mil.dso.ironbank.image.type: "opensource" - ## Product the image belongs to for grouping multiple images - mil.dso.ironbank.product.name: "aws" - -# List of resources to make available to the offline build context -resources: -- url: "docker://docker.io/amazon/aws-cli@sha256:e2dd93a260d207246cbfd8ea305b560b72e094a1a410ec5dfe90328dd386d0a7" - tag: "amazon/aws-cli:2.2.5" - -# List of project maintainers -maintainers: -- name: "Sean Melissari" - username: "sean.melissari" - email: "melissari_sean@bah.com" - cht_member: true +b'---\napiVersion: v1\n\n# The repository name in registry1, excluding /ironbank/\nname: "opensource/amazon/aws-cli"\n\n# List of tags to push for the repository in registry1\n# The most specific version should be the first tag and will be shown\n# on ironbank.dsop.io\ntags:\n- "2.2.5"\n- "latest"\n\n# Build args passed to Dockerfile ARGs\nargs:\n BASE_IMAGE: "redhat/ubi/ubi8"\n BASE_TAG: "8.4"\n\n# Docker image labels\nlabels:\n org.opencontainers.image.title: "aws-cli"\n ## Human-readable description of the software packaged in the image\n org.opencontainers.image.description: "Universal Command Line Interface for Amazon Web Services."\n ## License(s) under which contained software is distributed\n org.opencontainers.image.licenses: "Apache-2.0"\n ## URL to find more information on the image\n org.opencontainers.image.url: "https://github.com/aws/aws-cli"\n ## Name of the distributing entity, organization or individual\n org.opencontainers.image.vendor: "Amazon"\n org.opencontainers.image.version: "2.2.5"\n ## Keywords to help with search (ex. "cicd,gitops,golang")\n mil.dso.ironbank.image.keywords: "aws,cli"\n ## This value can be "opensource" or "commercial"\n mil.dso.ironbank.image.type: "opensource"\n ## Product the image belongs to for grouping multiple images\n mil.dso.ironbank.product.name: "aws"\n\n# List of resources to make available to the offline build context\nresources:\n- url: "docker://docker.io/amazon/aws-cli@sha256:e2dd93a260d207246cbfd8ea305b560b72e094a1a410ec5dfe90328dd386d0a7"\n tag: "amazon/aws-cli:2.2.5"\n\n# List of project maintainers\nmaintainers:\n- name: "Sean Melissari"\n username: "sean.melissari"\n email: "melissari_sean@bah.com"\n cht_member: true\n' \ No newline at end of file -- GitLab From 913ef2eb37eaf5eb9a7fa52caf95d6859540786a Mon Sep 17 00:00:00 2001 From: "sean.melissari" Date: Wed, 19 May 2021 17:30:59 +0000 Subject: [PATCH 2/8] bump ubi 8.4 --- Dockerfile | 25 ++++++++++++++++++++- hardening_manifest.yaml | 49 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 72 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5f843f9..7f6369e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1 +1,24 @@ -b'ARG BASE_REGISTRY=registry1.dsop.io\nARG BASE_IMAGE=ironbank/redhat/ubi/ubi8\nARG BASE_TAG=8.4\n\nFROM amazon/aws-cli:2.2.5 as cli\n\nFROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}\n\nCOPY --from=cli /usr/local/aws-cli /usr/local/aws-cli\n\nRUN groupadd -g 1001 awscli && \\\n useradd -r -u 1001 -d /aws -m -s /sbin/nologin -g awscli awscli && \\\n ln -s /usr/local/aws-cli/v2/current/bin/aws /usr/local/bin/aws && \\\n ln -s /usr/local/aws-cli/v2/current/bin/aws_completer /usr/local/bin/aws_completer && \\\n dnf upgrade -y && \\\n dnf install -y groff-base less && \\\n dnf clean all && \\\n rm -rf /var/cache/dnf\n\nUSER 1001\nWORKDIR /aws\nHEALTHCHECK NONE\n\nENTRYPOINT ["aws"]\n' \ No newline at end of file +ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 +ARG BASE_TAG=8.4 + +FROM amazon/aws-cli:2.2.5 as cli + +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +COPY --from=cli /usr/local/aws-cli /usr/local/aws-cli + +RUN groupadd -g 1001 awscli && \ + useradd -r -u 1001 -d /aws -m -s /sbin/nologin -g awscli awscli && \ + ln -s /usr/local/aws-cli/v2/current/bin/aws /usr/local/bin/aws && \ + ln -s /usr/local/aws-cli/v2/current/bin/aws_completer /usr/local/bin/aws_completer && \ + dnf upgrade -y && \ + dnf install -y groff-base less && \ + dnf clean all && \ + rm -rf /var/cache/dnf + +USER 1001 +WORKDIR /aws +HEALTHCHECK NONE + +ENTRYPOINT ["aws"] diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index af93bb4..8d7c129 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -1 +1,48 @@ -b'---\napiVersion: v1\n\n# The repository name in registry1, excluding /ironbank/\nname: "opensource/amazon/aws-cli"\n\n# List of tags to push for the repository in registry1\n# The most specific version should be the first tag and will be shown\n# on ironbank.dsop.io\ntags:\n- "2.2.5"\n- "latest"\n\n# Build args passed to Dockerfile ARGs\nargs:\n BASE_IMAGE: "redhat/ubi/ubi8"\n BASE_TAG: "8.4"\n\n# Docker image labels\nlabels:\n org.opencontainers.image.title: "aws-cli"\n ## Human-readable description of the software packaged in the image\n org.opencontainers.image.description: "Universal Command Line Interface for Amazon Web Services."\n ## License(s) under which contained software is distributed\n org.opencontainers.image.licenses: "Apache-2.0"\n ## URL to find more information on the image\n org.opencontainers.image.url: "https://github.com/aws/aws-cli"\n ## Name of the distributing entity, organization or individual\n org.opencontainers.image.vendor: "Amazon"\n org.opencontainers.image.version: "2.2.5"\n ## Keywords to help with search (ex. "cicd,gitops,golang")\n mil.dso.ironbank.image.keywords: "aws,cli"\n ## This value can be "opensource" or "commercial"\n mil.dso.ironbank.image.type: "opensource"\n ## Product the image belongs to for grouping multiple images\n mil.dso.ironbank.product.name: "aws"\n\n# List of resources to make available to the offline build context\nresources:\n- url: "docker://docker.io/amazon/aws-cli@sha256:e2dd93a260d207246cbfd8ea305b560b72e094a1a410ec5dfe90328dd386d0a7"\n tag: "amazon/aws-cli:2.2.5"\n\n# List of project maintainers\nmaintainers:\n- name: "Sean Melissari"\n username: "sean.melissari"\n email: "melissari_sean@bah.com"\n cht_member: true\n' \ No newline at end of file +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "opensource/amazon/aws-cli" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "2.2.5" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8" + BASE_TAG: "8.4" + +# Docker image labels +labels: + org.opencontainers.image.title: "aws-cli" + ## Human-readable description of the software packaged in the image + org.opencontainers.image.description: "Universal Command Line Interface for Amazon Web Services." + ## License(s) under which contained software is distributed + org.opencontainers.image.licenses: "Apache-2.0" + ## URL to find more information on the image + org.opencontainers.image.url: "https://github.com/aws/aws-cli" + ## Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "Amazon" + org.opencontainers.image.version: "2.2.5" + ## Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "aws,cli" + ## This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "opensource" + ## Product the image belongs to for grouping multiple images + mil.dso.ironbank.product.name: "aws" + +# List of resources to make available to the offline build context +resources: +- url: "docker://docker.io/amazon/aws-cli@sha256:e2dd93a260d207246cbfd8ea305b560b72e094a1a410ec5dfe90328dd386d0a7" + tag: "amazon/aws-cli:2.2.5" + +# List of project maintainers +maintainers: +- name: "Sean Melissari" + username: "sean.melissari" + email: "melissari_sean@bah.com" + cht_member: true -- GitLab From a29393559d59bcc886547f4ed199af54b234e5ad Mon Sep 17 00:00:00 2001 From: Zachary Sanders Date: Fri, 21 May 2021 14:57:01 +0000 Subject: [PATCH 3/8] renovate-automerge --- renovate.json | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/renovate.json b/renovate.json index c1c298f..a7ed1bb 100644 --- a/renovate.json +++ b/renovate.json @@ -5,17 +5,9 @@ "baseBranches": [ "development" ], + "automerge": true, + "gitLabAutomerge": true, "regexManagers": [ - { - "fileMatch": [ - "^Dockerfile$" - ], - "matchStrings": [ - "version=\"(?.*?)\"" - ], - "depNameTemplate": "amazon/aws-cli", - "datasourceTemplate": "docker" - }, { "fileMatch": [ "^hardening_manifest.yaml$" @@ -37,4 +29,4 @@ "datasourceTemplate": "docker" } ] -} \ No newline at end of file +} -- GitLab From 8cc1c45d49dfa1d880140286d3b0f8b8df7572ce Mon Sep 17 00:00:00 2001 From: Karl Breidenbach Date: Thu, 27 May 2021 16:45:40 +0000 Subject: [PATCH 4/8] Update Dockerfile to reference aws-cli 2.2.6. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7f6369e..eea7431 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ ARG BASE_REGISTRY=registry1.dsop.io ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 ARG BASE_TAG=8.4 -FROM amazon/aws-cli:2.2.5 as cli +FROM amazon/aws-cli:2.2.6 as cli FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -- GitLab From 2d529fd7843533a8c1330f32f310ef3fbad7df42 Mon Sep 17 00:00:00 2001 From: Karl Breidenbach Date: Thu, 27 May 2021 16:47:00 +0000 Subject: [PATCH 5/8] Update hardening_manifest.yaml to reference aws-cli 2.2.6. --- hardening_manifest.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 8d7c129..61909f5 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "opensource/amazon/aws-cli" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "2.2.5" +- "2.2.6" - "latest" # Build args passed to Dockerfile ARGs @@ -27,7 +27,7 @@ labels: org.opencontainers.image.url: "https://github.com/aws/aws-cli" ## Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Amazon" - org.opencontainers.image.version: "2.2.5" + org.opencontainers.image.version: "2.2.6" ## Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "aws,cli" ## This value can be "opensource" or "commercial" @@ -37,8 +37,8 @@ labels: # List of resources to make available to the offline build context resources: -- url: "docker://docker.io/amazon/aws-cli@sha256:e2dd93a260d207246cbfd8ea305b560b72e094a1a410ec5dfe90328dd386d0a7" - tag: "amazon/aws-cli:2.2.5" +- url: "docker://docker.io/amazon/aws-cli@sha256:6cec665f0eda68586a0a0b0b478bc126ba3a99756946e9066eb269f65bde5ca6" + tag: "amazon/aws-cli:2.2.6" # List of project maintainers maintainers: -- GitLab From 1e7d8c19ba5b230b205c6313f2965c8ecbf8ba4e Mon Sep 17 00:00:00 2001 From: renovate Date: Fri, 28 May 2021 01:07:37 +0000 Subject: [PATCH 6/8] Update amazon/aws-cli Docker tag to v2.2.7 --- Dockerfile | 2 +- hardening_manifest.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index eea7431..c9a7fe7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ ARG BASE_REGISTRY=registry1.dsop.io ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 ARG BASE_TAG=8.4 -FROM amazon/aws-cli:2.2.6 as cli +FROM amazon/aws-cli:2.2.7 as cli FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 61909f5..31e3ab3 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "opensource/amazon/aws-cli" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "2.2.6" +- "2.2.7" - "latest" # Build args passed to Dockerfile ARGs @@ -27,7 +27,7 @@ labels: org.opencontainers.image.url: "https://github.com/aws/aws-cli" ## Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Amazon" - org.opencontainers.image.version: "2.2.6" + org.opencontainers.image.version: "2.2.7" ## Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "aws,cli" ## This value can be "opensource" or "commercial" -- GitLab From dfbb4969946befac9c8b65722dc8ee0e96519c66 Mon Sep 17 00:00:00 2001 From: Andy Maksymowicz Date: Fri, 28 May 2021 19:26:29 +0000 Subject: [PATCH 7/8] Update hardening_manifest.yaml --- hardening_manifest.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 31e3ab3..9e20a31 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -37,8 +37,8 @@ labels: # List of resources to make available to the offline build context resources: -- url: "docker://docker.io/amazon/aws-cli@sha256:6cec665f0eda68586a0a0b0b478bc126ba3a99756946e9066eb269f65bde5ca6" - tag: "amazon/aws-cli:2.2.6" +- url: "docker://docker.io/amazon/aws-cli@sha256:24819de007482ea6d62e5d634c8296363595e4d72dc3acc1f061f465b506e700" + tag: "amazon/aws-cli:2.2.7" # List of project maintainers maintainers: -- GitLab From 00374610c298caac0f0a94415cf10d9ff6de2c69 Mon Sep 17 00:00:00 2001 From: Andy Maksymowicz Date: Fri, 28 May 2021 19:26:51 +0000 Subject: [PATCH 8/8] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c9a7fe7..1197aca 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 ARG BASE_TAG=8.4 -- GitLab