diff --git a/argocd/BRANCH b/argocd/BRANCH index 6a5fe6e89..ae656d473 100644 --- a/argocd/BRANCH +++ b/argocd/BRANCH @@ -1 +1 @@ -2.11 +2.13 diff --git a/argocd/Dockerfile b/argocd/Dockerfile index b33a4895e..774e70358 100644 --- a/argocd/Dockerfile +++ b/argocd/Dockerfile @@ -7,12 +7,12 @@ WORKDIR /tmp SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Install kustomize -ENV KUSTOMIZE_VERSION=5.2.1 +ENV KUSTOMIZE_VERSION=5.4.3 RUN curl -sSLf https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | \ tar zxf - -C /usr/local/bin # Install helm -ENV HELM_VERSION=3.14.4 +ENV HELM_VERSION=3.15.4 RUN curl -sSLf https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz | \ tar zxf - -C /usr/local/bin --strip-components 1 @@ -22,15 +22,15 @@ RUN curl -fsSL -o /usr/local/bin/tini-static https://github.com/krallin/tini/rel chmod +x /usr/local/bin/tini-static # Stage2; Argo CD Build Stage -FROM ghcr.io/cybozu/golang:1.21-jammy AS argocd-build -ENV ARGOCD_VERSION=2.11.7 +FROM ghcr.io/cybozu/golang:1.23-jammy AS argocd-build +ENV ARGOCD_VERSION=2.13.1 ENV PACKAGE=github.com/argoproj/argo-cd SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Install Node.js 20.x and yarn # https://github.com/nodesource/distributions/blob/master/README.md#debinstall -RUN curl -sSLf https://deb.nodesource.com/setup_20.x | bash - \ +RUN curl -sSLf https://deb.nodesource.com/setup_22.x | bash - \ && apt-get install -y --no-install-recommends nodejs \ && rm -rf /var/lib/apt/lists/* \ && npm install --global yarn @@ -54,7 +54,7 @@ RUN make argocd-all # Final image -FROM ghcr.io/cybozu/ubuntu:22.04 +FROM ghcr.io/cybozu/ubuntu:24.04 LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers" RUN groupadd -g 10000 argocd && \ diff --git a/argocd/TAG b/argocd/TAG index dd52175d3..739323d6e 100644 --- a/argocd/TAG +++ b/argocd/TAG @@ -1 +1 @@ -2.11.7.2 +2.13.1.1 diff --git a/dex/BRANCH b/dex/BRANCH index 555eb8e49..d920eceb6 100644 --- a/dex/BRANCH +++ b/dex/BRANCH @@ -1 +1 @@ -2.38 +2.41 diff --git a/dex/Dockerfile b/dex/Dockerfile index 52e3fe8da..8bff51550 100644 --- a/dex/Dockerfile +++ b/dex/Dockerfile @@ -1,9 +1,9 @@ # dex container image # Stage1: build from source -FROM ghcr.io/cybozu/golang:1.22-jammy AS build +FROM ghcr.io/cybozu/golang:1.23-jammy AS build -ARG DEX_VERSION=2.38.0 +ARG DEX_VERSION=2.41.1 WORKDIR /work/dex/ SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -23,6 +23,6 @@ COPY --from=build /work/dex/web /web USER 10000:10000 # the lines below follow the old upstream Dockerfile: https://github.com/dexidp/dex/blob/2dccdc2a1a4f5cb6562b54225a8615280e5ac109/Dockerfile -# if you want to use this outside of Neco, please edit ENTRYPOINT and COMMAND apporpriately +# if you want to use this outside of Neco, please edit ENTRYPOINT and COMMAND appropriately ENTRYPOINT ["dex"] CMD ["version"] diff --git a/dex/README.md b/dex/README.md index 4dd2e59ed..2f9a859b0 100644 --- a/dex/README.md +++ b/dex/README.md @@ -10,7 +10,7 @@ Run the container ```bash docker run -d --read-only --name=dex \ - ghcr.io/cybozu/dex:2.36 + ghcr.io/cybozu/dex:2.41 ``` [dex]: https://github.com/dexidp/dex diff --git a/dex/TAG b/dex/TAG index 7abbd3aa7..4b3b3a409 100644 --- a/dex/TAG +++ b/dex/TAG @@ -1 +1 @@ -2.38.0.1 +2.41.1.1 diff --git a/haproxy/Dockerfile b/haproxy/Dockerfile index 699764803..088fe0571 100644 --- a/haproxy/Dockerfile +++ b/haproxy/Dockerfile @@ -1,77 +1,65 @@ -FROM ghcr.io/cybozu/ubuntu:20.04 AS build +FROM ghcr.io/cybozu/ubuntu-dev:22.04 AS build -ENV HAPROXY_BRANCH 2.6 -ENV HAPROXY_MINOR 2.6.14 -ENV HAPROXY_SHA256 bd3dd9fa60391ca09e1225e1ac3163e45be83c3f54f2fd76a30af289cc6e4fd4 -ENV HAPROXY_SRC_URL http://www.haproxy.org/download -ENV DEBIAN_FRONTEND noninteractive - -# if you use ubuntu:22.04, you must use "libssl3=3.0.2-0ubuntu1.9". but HA-Proxy 2.6 does NOT adapt it. -# We choose "ubuntu:20.04" and "libssl1.1" to get a stable operation. +ENV HAPROXY_BRANCH=2.6 +ENV HAPROXY_MINOR=2.6.17 +ENV HAPROXY_SRC_URL="https://www.haproxy.org/download/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" +ENV HAPROXY_SHA256=be48ee8ff9127c402b4c6cf1445cef7052f2c540ed1eff2dd04af677b8cd9dd0 RUN apt-get update && \ apt-get install -y --no-install-recommends \ - procps \ - zlib1g \ - libssl1.1 \ - "libpcre2-*" \ - liblua5.3-0 \ - libatomic1 \ - tar \ - curl \ - socat \ - gcc \ - make \ - libc6-dev \ - libssl-dev \ - libpcre3-dev \ - zlib1g-dev \ - liblua5.3-dev && \ - curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \ - echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \ + liblua5.3-dev \ + libpcre2-dev \ + wget && \ + rm -rf /var/lib/apt/lists/* && \ + wget -O haproxy.tar.gz "$HAPROXY_SRC_URL" && \ + echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c && \ mkdir -p /tmp/haproxy && \ tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \ rm -f haproxy.tar.gz && \ - make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-glibc CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 USE_OPENSSL=1 \ - USE_TFO=1 USE_LINUX_TPROXY=1 USE_LUA=1 USE_GETADDRINFO=1 \ - USE_PROMEX=1 USE_SLZ=1 \ - all && \ - make -C /tmp/haproxy TARGET=linux-glibc install-bin install-man - + makeOpts=' \ + TARGET=linux-glibc \ + USE_GETADDRINFO=1 \ + USE_LUA=1 LUA_INC=/usr/include/lua5.3 \ + USE_OPENSSL=1 \ + USE_PCRE2=1 USE_PCRE2_JIT=1 \ + USE_PROMEX=1 \ + ' && \ + make -C /tmp/haproxy -j "$(nproc)" all $makeOpts && \ + make -C /tmp/haproxy install-bin $makeOpts -FROM ghcr.io/cybozu/ubuntu:20.04 -LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers/haproxy" -ENV HAPROXY_UID haproxy -ENV HAPROXY_GID haproxy -ENV DEBIAN_FRONTEND noninteractive +FROM ghcr.io/cybozu/ubuntu:22.04 +LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers" -RUN mkdir -p /var/lib/haproxy && \ +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + liblua5.3-dev && \ + rm -rf /var/lib/apt/lists/* && \ + groupadd --gid 99 --system haproxy && \ + useradd \ + --gid haproxy \ + --home-dir /var/lib/haproxy \ + --no-create-home \ + --system \ + --uid 99 \ + haproxy && \ mkdir -p /usr/local/haproxy && \ - mkdir -p /usr/local/bin + mkdir -p /usr/local/etc/haproxy && \ + mkdir -p /var/lib/haproxy && \ + chown haproxy:haproxy /var/lib/haproxy COPY --from=build /usr/local/sbin/haproxy /usr/local/bin/haproxy -COPY --from=build /tmp/haproxy/examples/errorfiles /usr/etc/haproxy/errors +COPY --from=build /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors COPY --from=build /tmp/haproxy/LICENSE /usr/local/haproxy/LICENSE -COPY docker-entrypoint.sh / +COPY docker-entrypoint.sh /usr/local/bin/ -RUN apt-get update && \ - apt-get install -y --no-install-recommends \ - procps \ - zlib1g \ - libssl1.1 \ - "libpcre2-*" \ - liblua5.3-0 \ - libatomic1 && \ - groupadd "$HAPROXY_GID" && \ - useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \ - chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \ - mkdir -p /usr/local/etc/haproxy && \ - ln -s /usr/local/etc/haproxy /etc/haproxy && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* +# smoke test +RUN haproxy -v STOPSIGNAL SIGUSR1 -ENTRYPOINT ["/docker-entrypoint.sh"] +ENTRYPOINT ["docker-entrypoint.sh"] + +USER haproxy + CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"] diff --git a/haproxy/README.md b/haproxy/README.md index cfdb5690e..9a5e4102d 100644 --- a/haproxy/README.md +++ b/haproxy/README.md @@ -1,10 +1,7 @@ -HA-Proxy container -=================== +# HA-Proxy container [HA-Proxy](https://www.haproxy.org/) is a part of ArgoCD-HA. - -Docker images -------------- +## Docker images HA-Proxy images are available on [ghcr.io/cybozu/haproxy](https://ghcr.io/cybozu/haproxy) diff --git a/haproxy/TAG b/haproxy/TAG index 01a399397..79bffef02 100644 --- a/haproxy/TAG +++ b/haproxy/TAG @@ -1 +1 @@ -2.6.14.3 +2.6.17.1