Merge branch 'two' into 'master'

Please merge "two" into "master" See merge request !2

Merge branch 'two' into 'master'
Please merge "two" into "master" See merge request !2
49c5ae12 · Gerard Fulton · bc1d2b18 · 6bbf7388 · 49c5ae12 · 49c5ae12
Commit 49c5ae12 authored Mar 05, 2020 by Gerard Fulton
7 changed files
--- a/1.6.0/Dockerfile
+++ b/1.6.0/Dockerfile
@@ -4,65 +4,50 @@
 # Note that you will not be able to pull conatiners from nexus-docker-secure.levelup-dev.io into your local dev machine 
 ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io
 ARG BASE_IMAGE=dsop/openjdk-v1.8
-
-ARG PRODUCT_API_VERSION=1
-ARG PRODUCT_API_RELEASE=6.0
+ARG BASE_TAG=latest

 # FROM statement must reference the base image using the three ARGs established
-FROM ${BASE_REGISTRY}/${BASE_IMAGE}
-
-# ENV LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8
-
+FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}

 # 'LABEL' instructions should include at least the following information and any other helpful details.
-LABEL product_api_commit=$API_COMMIT \
-      source="https://nifi.apache.org/" \
-      name="nifi" \
+LABEL name="Apache Nifi" \
      maintainer="dev@nifi.apache.org" \
      vendor="Apache" \
-      version=$PRODUCT_API_VERSION \
-      release=$PRODUCT_API_RELEASE \
+      version="1.6.0" \
+      release="1" \
      summary="Image of Apache Nifi" \
-      description="This builds a working image of Apache Nifi."
-
-ENV VENDOR=nifi \
-    PACKAGE_NAME=nifi_dependencies.tgz
-
-# You must have these next three variables set exactly as is if you need to pull any files (i.e. dependencies for your container) from the Nexus repo 
-# Look at the next section
-ARG NEXUS_SERVER=${NEXUS_SERVER}
-ARG NEXUS_USERNAME=${NEXUS_USERNAME}
-ARG NEXUS_PASSWORD=${NEXUS_PASSWORD}
+      description="Image of Apache Nifi"

+ARG BIN_TARBALL=nifi-1.6.0-bin.tar.gz
+ARG SRC_TARBALL=nifi-1.6.0.tar.gz

 RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates gnupg dirmngr bzip2 unzip xz-utils jq xmlstarlet && rm -rf /var/lib/apt/lists/*
-ENV LANG=C.UTF-8
+ENV NIFI_BASE_DIR=/opt/nifi
+ENV NIFI_VERSION_DIR=nifi-1.6.0
+ENV NIFI_HOME=${NIFI_BASE_DIR}/${NIFI_VERSION_DIR}
 RUN echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"' > /usr/local/bin/docker-java-home  && chmod +x /usr/local/bin/docker-java-home
 RUN ln -svT "/usr/lib/jvm/java-8-openjdk-$(dpkg --print-architecture)" /docker-java-home
 RUN /var/lib/dpkg/info/ca-certificates.postinst configure
 ARG UID=1000
 ARG GID=1000
-ENV NIFI_BASE_DIR=/opt/nifi
-ENV NIFI_VERSION_DIR=nifi-${PRODUCT_API_VERSION}.${PRODUCT_API_RELEASE}
-ENV NIFI_HOME=${NIFI_BASE_DIR}/${NIFI_VERSION_DIR}
-RUN mkdir ${NIFI_BASE_DIR}
+RUN mkdir -p ${NIFI_BASE_DIR}
 RUN groupadd -g ${GID} nifi && useradd -u ${UID} -g ${GID} -m nifi && chown -R nifi:nifi ${NIFI_BASE_DIR}
+COPY ${BIN_TARBALL} ${NIFI_BASE_DIR}
+COPY ${SRC_TARBALL} ${NIFI_BASE_DIR}
 WORKDIR ${NIFI_BASE_DIR}
-RUN curl -k -fu ${NEXUS_USERNAME}:${NEXUS_PASSWORD} https://${NEXUS_SERVER}/repository/dsop/${VENDOR}/${PACKAGE_NAME} -o ${PACKAGE_NAME} \
-    && tar -zxvf ${PACKAGE_NAME}  -C ${NIFI_BASE_DIR} \
+RUN tar -zxvf ${BIN_TARBALL} \
    && mkdir -p ${NIFI_HOME}/conf/templates \
-    && chown -R nifi:nifi ${NIFI_BASE_DIR}
+    && rm ${BIN_TARBALL}
+RUN tar -zxvf ${SRC_TARBALL} "nifi-rel-nifi-1.6.0/nifi-docker/dockerhub/sh" \
+    && mkdir -p ${NIFI_BASE_DIR}/scripts \
+    && cp nifi-rel-nifi-1.6.0/nifi-docker/dockerhub/sh/* ${NIFI_BASE_DIR}/scripts \
+    && rm -rf nifi-rel-nifi-1.6.0 \
+    && rm ${SRC_TARBALL}
+RUN chown -R nifi:nifi ${NIFI_BASE_DIR}
 USER nifi
 EXPOSE 10000/tcp 8080/tcp 8443/tcp
 WORKDIR /opt/nifi/nifi-1.6.0
 CMD ["../scripts/start.sh"]

 # This Dockerfile health check is a requirement.  Please add an appropriate health check for your container.
-HEALTHCHECK --timeout=15s CMD /opt/nifi/nifi-1.6.0/bin/nifi.sh status
-
-
-# In order to make this container build outside of the pipeline you need to run the following:
-# docker build --build-arg NEXUS_USERNAME=username --build-arg NEXUS_PASSWORD=password --build-arg NEXUS_SERVER=https://server.com -t nifi:1.6.0 .
-# Make sure to replace username, password, and server address with the appropriate variables if you have your own repository.
-# Otherwise, you might need to test locally by pointing curl to the location of the files on the internet
-
+HEALTHCHECK --timeout=30s CMD /opt/nifi/nifi-1.6.0/bin/nifi.sh status
--- a/1.6.0/Jenkinsfile
+++ b/1.6.0/Jenkinsfile
+library 'DSOPDemo@demo-video-branch'
+hardeningPipeline()
--- a/1.6.0/download.json
+++ b/1.6.0/download.json
+{ "resources":
+	[
+		{ "url" : "https://archive.apache.org/dist/nifi/1.6.0/nifi-1.6.0-bin.tar.gz",
+			"filename": "nifi-1.6.0-bin.tar.gz",
+			"sha256": "fcd8ded6e95214a282289c0bf61352337f389830fa26903ae66a81d2e9d6ad15"
+		},
+		{ "url" : "https://github.com/apache/nifi/archive/rel/nifi-1.6.0.tar.gz",
+			"filename": "nifi-1.6.0.tar.gz",
+			"sha256": "624b907ab961029c0b136a07c7b68d98f02c31730dedd2c4d25a32ac405dce7a"
+		}
+] }
\ No newline at end of file
--- a/1.6.0/scripts/nifi.key
+++ b/1.6.0/scripts/nifi.key
-----BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBF5Kx2wBEADSBJfmScGiiuoSkr5LHte6EaH2NiFZr6egNABgxHpA0EmRmZm8
-7b6Twhm1bOou5GZFZtBwG6EeH3GCD4f/Xd3m6RMoD5gbWIeVzgqT/uqloRUKxQdH
-QSxU8qurXLSHXnRmfpvFP4mpMkPMJUwhROnhV8ogYV/AYEvLRR0BYA+jUdhfLgnK
-P8iT9OX55Rg3khUNoO8Z917GYTynZM0h9sy5ghcP19zW0SS/Lg2Rt4VvyQurwYHK
-SZT04DaUXmcoLP4cCfMgbVGHbE5bSdZVIzJufobStSYQN86+xrMz8OMSlopa5Oyi
-jlM+rJLIR3i6EkpB77GbGEKnSHLYnHLvglxEENjZX3gAyAzmQpOidjSjZ2ji4FJQ
-P5Wl6tWk9F4iP1tDz/q3bCE04l4TuDc2hKVAAHRT+goIwygfStXLSTg5g/857lKZ
-ojuAGhzeJQO2RYDV2ck+PIZ1FY15dv7TRHT72RAljGHBTJdCseNk51Z4BeqGUmg5
-vKWGTqcjgg4A4Be1DqUxQooMbkOcKNV24IYcZqoelIfWrFE4lzhYNZSrpxUgiGqY
-SSg8Yl/MjMtb5Y8FlaWIDCw+ZzvtX5MYJ+mW5xNgdJWnN4qkaG+TdYM8AhUoobTF
-L69d3YFbyPzeBFkGLW8MMyKOFt3D9+1izhdRRaTHP3EOCxkkAtn88MAsnQARAQAB
-tB5qY2F0dXBlcyA8bWFyay5rZW5uZXlAbmdjLmNvbT6JAlQEEwEIAD4WIQRDPap+
-C1ig84UYmM2KX+zS9K8QFwUCXkrHbAIbAwUJAeEzgAULCQgHAgYVCgkICwIEFgID
-AQIeAQIXgAAKCRCKX+zS9K8QF6RhD/9jsc3Gb6wQIitN/eEVS+DkcaA8sYrHKyJC
-JuUUb3lk5TSzE1D5JRZSNz/3rSkjhdpe8ttEEr/MffB9QP6gk6BbEHrS5ID/+t4+
-rteVY8jEloZu7W4TWqCti/7ETI09MzGr8HPKLMLlpNSPR/arHfkupKgLmrV7cycI
-5XhYQjjxS6UIoGJI2+AOp8XUoneqq+4xRrhSg7o82OlMrwJj0ezolxPa2lcBVT0n
-+SsEmhvBj//nXbU66KTfgi/JwGWaeqn1RFlKdbasObrzxUQmVOozbV2KU0C245Ao
-c3Fkowg3H39kzjdaARHLQ5l3lgQzzAp9bstwwDdejJMtKtq+Cj239TULhwHgU3AL
-IbOULNCI2ilD0Ccrf60EY8U3SmR0Izp8CpHMxkYD1uvRhAlXpFXBdu0UFCtTdl2o
-oTrIrUflEEC9sC3UrduhX728sbh91cQUUGhGT3tP9qREm1NUGp1z8z88/k6OKN5D
-mUCC3FOMOG//Pu8U7b88h94it5XIJWoaGj+uiBwz6OKmsMSF6MIaN6GXXSaqbGgu
-dVq2MqsCNCUvEXsoIook4TkC3yD7MoO7bKlZZX0V8Yaf3XJbaSU1/qnMkAPK8qUE
-zcfDSI4zDcvDZKf6aU5rike4tlhK2HRKSxjIZbLd4AIqYfhKusVZ7gCddAiTUOLO
-vEzxlZjbCrkCDQReSsdsARAA0zEm7mD6doV0b8rclh1Zm+lV5B/v5WJbJkmZ4DRr
-pKFHRZaVvVta80WNxQcPzqK+VRht1RX5wBJnm62knR8vWAHrLA3bgOomuF0MYSNd
-l+bHbcwByTzQDmd2C25ecIBIy73Mx22kz4dehh321Q5WxuYtE6yzKdvCH25rUTho
-SzqMh6T6DONKuPAC8VHEeK2htXmfskMSGZBXUr4cOUR7FWUe8HV00J+KCMDtYD6b
-C/lwypkeZUMor+fqnEqKm+gLwhysfllP+ex/Pt7Y8EYWnNF/dx0kpqb3wqzCeUzN
-uDjQScRYvGbAEPSgArMy38FMY+NHfylgjyTYJ0mJBcpYEaOW2wSMuTorPFkQYoGk
-/6V0MFHXg9zwawsboYdDaKhVaR8WoFuObXvzuCSp2SkQlsBjlXAAFPE5FLqhNvD0
-WBeCDnhmfhzidfOV3PemYxQzfYENgXOphSmtXgjATXMyg8B6yNSPFZoGlu6SHfs+
-D2XJ0k0rCiSIn482lg0GWeC5juqgLoxKWunWSfCS2nwdxpa7z1Bur3TIS6C2KmBZ
-r/1PSw6THVYOC1rmvSISJWPw0uif0b9FDbeQ3AwHtG4hc2sDB+sWlzlNepHJGJQC
-uScKhqsYTlF9t+XtUNAtK+1xaa4oEh9mW++DiihAjCsAsh3JwFlPaD8n7CRDT08T
-b7EAEQEAAYkCPAQYAQgAJhYhBEM9qn4LWKDzhRiYzYpf7NL0rxAXBQJeSsdsAhsM
-BQkB4TOAAAoJEIpf7NL0rxAXg18QAKSa2GrfPxjxAQjkQ/XuN6SXqtXl/aeh04CJ
-I0P3Mox4m5CG9iqJqXzR33K2ozQOryqMwI6184T5DAl4QDJqD6IsKwn3egtESAx9
-LJ02vuD4xosxCi1IrI0NZ+yzt3bdYxbLkXJ1jztgg7OfRWDjw961qBp2lalvFajs
-yXnXJcenA3JPpWZjyM9xGMsaA35VoHAQVRa4fE3Nbg75aOgYqD60osGDMkfVLo1T
-BUrvTjQCJ8YNBcNA4SHsPfQ3cR6kLKXv7T0H0Noy9Bk9/+lowt1TSbEZC4VnuK5C
-ZP826r4V1SwRH8mZ5cD8Eh2/8C1/aj5EikHTR3ddBSA5tNTbVdRRrK+paAG6gklL
-GctmtfBG1/6bvwRByeYUTZkUbtQA9HySIIDXxRXKn0Uvqu9Uj8Qim7CObF7uXY+s
-jRLmii/57FJzkFlZNjuOQxUJ46YqGRo99n+u72CEoHoTFMyR9vsT7HMVmwlAjEFP
-k5Nv4R90S8i3pDJi7Iyz+vQkZwx1fr9+TYGcsx6rLYJM5TM2lZujSIPqzXAoVffA
-YFIICsoHp+OIOOwJSvN6jMZhZ2DgzKh4yLP8B9w7W75odHtkysZ+FUEPiySOohjY
-BKI2ks/b7UGAALMI43S4DTdNGGTK/Ex/N33pdxYJWGv43OwQOThN0VSpuUo6iarg
-HcEoL0Sl
-=EXyX
-----END PGP PUBLIC KEY BLOCK-----
--- a/1.6.0/scripts/nifi_dependencies.tgz.sha
+++ b/1.6.0/scripts/nifi_dependencies.tgz.sha
-568b12564109718ea1228ee3045366a22ee870a6a66f6d010fffadbd94547047  nifi_dependencies.tgz
--- a/1.6.0/scripts/nifi_dependencies.tgz.sig
+++ b/1.6.0/scripts/nifi_dependencies.tgz.sig
--- a/1.6.0/scripts/prebuild.sh
+++ b/1.6.0/scripts/prebuild.sh
-set -ex
-
-### Environment Variables ###
-VENDOR=nifi
-CONTAINER=nifi
-TARBALL=nifi_dependencies.tgz
-NEXUS_REPO=https://${NEXUS_SERVER}/repository/dsop/${VENDOR}/${TARBALL}
-BUCKET=https://up-iron-bank-dependencies-repo.s3-us-gov-west-1.amazonaws.com/put-folder/${TARBALL}
-
-## Create temporary dir to work from, copying necessary files (i.e GPG/SHA files) to it, and making it the working dir ##
-TMPDIR=$(mktemp -d -p /tmp) && cp scripts/*.{key,sig,sha} $TMPDIR && cd $TMPDIR
-
-## Verify tarball downloaded with GPG signature and hash ##
-# Download tarball from S3 (or whatever other public repo you choose)
-curl ${BUCKET} -O
-
-# Import GPG signature and verify tarball with GPG signature
-gpg --import ${VENDOR}.key
-gpg --verify ${TARBALL}.sig $TARBALL
-
-# Verify sha256sum hash 
-sha256sum ${TARBALL}.sha --check --status
-
-## Nexus Repo Upload ##
-curl -k -fu ${NEXUS_USERNAME}:${NEXUS_PASSWORD} -T $TARBALL $NEXUS_REPO
-## Clean up ##
-cd -
-rm -rf $TMPDIR