From 83c203050c946df90971d945dda2af9e34e8ffd4 Mon Sep 17 00:00:00 2001 From: Matthias Wild Date: Fri, 29 Sep 2023 10:50:24 +0200 Subject: [PATCH] Multistage dockerfile (#52) * use multistage Dockerfile to help speedup builds * move step to free up disk space before build * update registry login logic * setup buildx before qemu, no qemu in test job * update qemu/buildx images * no options for qemu/buildx, qemu before buildx * get rid of toolsets, add extension - add hashicorp.hcl to extensions - remove toolset json files, use build args instead - remove nuget download from powershell stage - verify powershell version after installation - split powershell and powershell-modules stages - run sbom scan in final stage only, since currently all have same base - fix copy job from golang stage in pulumi stage - ensure build-arg TARGETARCH is used in all stages * fix megalinter issues --- .cspell.json | 30 ++-- .dockerignore | 1 - .github/workflows/ci.yml | 43 +++-- .jscpd.json | 3 +- .secretlintignore | 3 +- .vscode/extensions.json | 3 +- docker-bake.hcl | 87 ++++++--- linux/ubuntu/Dockerfile | 188 +++++++++++--------- linux/ubuntu/toolsets/2004.json | 306 -------------------------------- linux/ubuntu/toolsets/2204.json | 303 ------------------------------- linux/ubuntu/toolsets/LICENSE | 21 --- 11 files changed, 215 insertions(+), 773 deletions(-) delete mode 100644 linux/ubuntu/toolsets/2004.json delete mode 100644 linux/ubuntu/toolsets/2204.json delete mode 100644 linux/ubuntu/toolsets/LICENSE diff --git a/.cspell.json b/.cspell.json index 956e1d8..7daf9e3 100644 --- a/.cspell.json +++ b/.cspell.json @@ -7,18 +7,19 @@ "**/tmp/**", "**/megalinter-reports/**", "**/.editorconfig", - "**.hcl" + "**/docker-bake.hcl" ], - "language": "en,en-GB", + "language": "en,en-US", "words": [ "actrc", "aliyun", "aquasecurity", - "ASPNET", + "aspnet", "assumeyes", "automake", "azcliextensions", - "BASEPATH", + "basepath", + "binfmt", "binutils", "brotli", "buildkit", @@ -27,7 +28,7 @@ "buildx", "catthehacker", "cmdline", - "CODEOWNERS", + "codeowners", "commandlinetools", "containerd", "containerimage", @@ -37,6 +38,7 @@ "dearmor", "dearmour", "didnt", + "distro", "dnsutils", "dockerhub", "dpkg", @@ -54,6 +56,7 @@ "imagename", "imagetools", "iputils", + "keyrings", "keyscan", "kics", "libc", @@ -76,11 +79,12 @@ "libxss", "libyaml", "localedef", - "MARKDOWNLINT", + "markdownlint", "mauwii", "mediainfo", "mediatypes", "mergify", + "moby", "multiarch", "myrepo", "nbgv", @@ -88,15 +92,15 @@ "nerdbank", "netcat", "nofile", - "NOLOGO", + "nologo", "noninteractive", "noto", "nugetpackages", "nupkg", "oldci", - "ONBUILD", + "onbuild", "opencontainers", - "OPTOUT", + "optout", "patchelf", "pigz", "pipefail", @@ -116,17 +120,17 @@ "stefanzweifel", "targetproc", "texinfo", + "tonistiigi", "toolcache", - "TOOLSDIRECTORY", - "toolsets", + "toolsdirectory", "trivy", "trivyignore", "tzdata", "venv", "vercel", "vuln", - "WORKDIR", - "XMLDOC", + "workdir", + "xmldoc", "xorriso", "xvfb", "Zrmnxj", diff --git a/.dockerignore b/.dockerignore index 9330310..72e8ffc 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1 @@ * -!linux/ubuntu/toolsets/*.json diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4f47b75..53b9747 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,7 +7,6 @@ on: push: paths: - '**/Dockerfile' - - '**/toolsets/*.json' - '**/.github/workflows/ci.yml' - '**/docker-bake.hcl' pull_request: @@ -20,16 +19,14 @@ permissions: pull-requests: write env: - REGISTRY: ${{ vars.DOCKERHUB_USERNAME && 'docker.io' || 'ghcr.io' }} - REGISTRY_USER: ${{ vars.DOCKERHUB_USERNAME || github.repository_owner }} + REGISTRY: ${{ (vars.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '') && 'docker.io' || 'ghcr.io' }} + REGISTRY_USER: ${{ (vars.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '') && vars.DOCKERHUB_USERNAME || github.repository_owner }} GITHUB_SHA: ${{ github.event.pull_request.head.sha || github.event.after || github.sha }} BUILDKIT_PROGRESS: plain jobs: test: runs-on: ubuntu-latest - env: - REGISTRY: ${{ vars.DOCKERHUB_USERNAME && 'docker.io' || 'ghcr.io' }} outputs: targets: ${{ steps.matrix.outputs.targets }} steps: @@ -37,14 +34,11 @@ jobs: # kics-scan ignore-line uses: actions/checkout@v4.1.0 - - name: Setup QEMU - # kics-scan ignore-line - uses: docker/setup-qemu-action@v3.0.0 - - name: Setup Docker Buildx # kics-scan ignore-line uses: docker/setup-buildx-action@v3.0.0 + # get docker binary path to use it with env -i - name: Get the docker binary path id: docker-binary-path run: echo "DOCKER_BINARY_PATH=$(which docker)" >> "$GITHUB_OUTPUT" @@ -80,26 +74,23 @@ jobs: matrix: targets: ${{ fromJson(needs.test.outputs.targets) }} steps: - - uses: actions/checkout@v4.1.0 - - - name: Free up disk space + - name: Checkout code # kics-scan ignore-line - uses: ./.github/actions/free-space - with: - deleteDotnet: 'true' - deleteAndroid: 'true' + uses: actions/checkout@v4.1.0 - name: Setup QEMU # kics-scan ignore-line uses: docker/setup-qemu-action@v3.0.0 + # with: + # image: 'tonistiigi/binfmt:buildkit-latest' - name: Setup Docker Buildx # kics-scan ignore-line uses: docker/setup-buildx-action@v3.0.0 - with: - driver: docker-container - driver-opts: image=moby/buildkit:v0.12.2 - # driver: ${{ github.event_name == 'pull_request' && 'docker' || 'docker-container' }} + # with: + # driver-opts: | + # image=moby/buildkit:latest + # # driver: ${{ github.event_name == 'pull_request' && 'docker' || 'docker-container' }} # Login against a container registry # https://github.com/docker/login-action @@ -108,10 +99,18 @@ jobs: name: Login to ${{ env.REGISTRY }} with: registry: ${{ env.REGISTRY }} - username: ${{ vars.DOCKERHUB_USERNAME || github.repository_owner }} - password: ${{ secrets.DOCKERHUB_TOKEN || secrets.GITHUB_TOKEN }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY == 'docker.io' && secrets.DOCKERHUB_TOKEN || secrets.GITHUB_TOKEN }} logout: true + # Free up space on the runner since the image is huge + # kics-scan ignore-line + - uses: ./.github/actions/free-space + name: Free up disk space + with: + deleteDotnet: 'true' + deleteAndroid: 'true' + # Bake the image # kics-scan ignore-line - uses: docker/bake-action@v4.0.0 diff --git a/.jscpd.json b/.jscpd.json index 4f9d9e4..d370543 100644 --- a/.jscpd.json +++ b/.jscpd.json @@ -12,7 +12,6 @@ "**/report/**", "**/*.svg", "**/tmp/**", - "**/megalinter-reports/**", - "**/linux/*/toolsets/*.json" + "**/megalinter-reports/**" ] } diff --git a/.secretlintignore b/.secretlintignore index 691e81c..ed00227 100644 --- a/.secretlintignore +++ b/.secretlintignore @@ -1 +1,2 @@ -**/megalinter-reports/** \ No newline at end of file +**/megalinter-reports/** +**/cspell.txt \ No newline at end of file diff --git a/.vscode/extensions.json b/.vscode/extensions.json index 0c1c037..87f0a9c 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -5,9 +5,10 @@ "exiasr.hadolint", "foxundermoon.shell-format", "github.vscode-github-actions", + "hashicorp.hcl", "mads-hartmann.bash-ide-vscode", "ms-azuretools.vscode-docker", - "MS-CST-E.vscode-devskim", + "ms-cst-e.vscode-devskim", "streetsidesoftware.code-spell-checker" ] } diff --git a/docker-bake.hcl b/docker-bake.hcl index faa43ea..f948c9a 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -2,12 +2,12 @@ variable "REGISTRY" { default = "docker.io" } -variable "REPOSITORY_OWNER" { +variable "GITHUB_REPOSITORY_OWNER" { default = "mauwii" } variable "REPOSITORY" { - default = "${REPOSITORY_OWNER}/act-docker-images" + default = "${GITHUB_REPOSITORY_OWNER}/act-docker-images" } variable "REPOSITORY_URL" { @@ -30,10 +30,26 @@ variable "GITHUB_BASE_REF" { default = null } +variable "GITHUB_ACTOR" { + default = GITHUB_REPOSITORY_OWNER +} + variable "FROM_IMAGE" { default = "buildpack-deps" } +variable "BICEP_VERSION" { + default = "v0.21.1" +} + +variable "DOTNET_SDK_VERSION" { + default = "6.0.414" +} + +variable "DEPENDENCIES" { + default = "[\"acl\",\"apt-transport-https\",\"aria2\",\"bison\",\"brotli\",\"dbus\",\"dnsutils\",\"fakeroot\",\"flex\",\"fonts-noto-color-emoji\",\"ftp\",\"gawk\",\"gnupg-agent\",\"gnupg2\",\"haveged\",\"iproute2\",\"iputils-ping\",\"libc++-dev\",\"libc++abi-dev\",\"libc6-dev\",\"libgbm-dev\",\"libgconf-2-4\",\"libgsl-dev\",\"libgtk-3-0\",\"libmagic-dev\",\"libsecret-1-dev\",\"libssl-dev\",\"libunwind8\",\"libxkbfile-dev\",\"libxss1\",\"libyaml-dev\",\"lz4\",\"mediainfo\",\"net-tools\",\"netcat\",\"p7zip-full\",\"p7zip-rar\",\"parallel\",\"pass\",\"patchelf\",\"pigz\",\"pollinate\",\"python-is-python3\",\"rpm\",\"rsync\",\"shellcheck\",\"software-properties-common\",\"sphinxsearch\",\"sqlite3\",\"ssh\",\"sshpass\",\"subversion\",\"sudo\",\"swig\",\"telnet\",\"texinfo\",\"time\",\"tk\",\"unzip\",\"upx\",\"xorriso\",\"xvfb\",\"xz-utils\",\"zip\",\"zstd\",\"zsync\"]" +} + variable "GO_VERSION" { default = "1.20.8" } @@ -46,9 +62,30 @@ variable "GOLANG_GITHUB_SHA256_arm64" { default = "15ab379c6a2b0d086fe3e74be4599420e66549edf7426a300ee0f3809500f89e" } +variable "NODE_VERSION" { + default = "20" +} + +variable "PULUMI_VERSION" { + default = "3.86.0" +} + +variable "POWERSHELL_AZ_MODULE_VERSIONS" { + default = "[\"9.3.0\"]" +} + +variable "POWERSHELL_VERSION" { + default = "7.2.13" +} + +variable "POWERSHELL_MODULES" { + default = "[\"MarkdownPS\",\"Microsoft.Graph\",\"Pester\",\"PSScriptAnalyzer\"]" +} + group "default" { - targets = ["ubuntu"] - context = "." + targets = [ + "ubuntu" + ] } target "ubuntu" { @@ -69,38 +106,46 @@ target "ubuntu" { ] } args = { - CODENAME = release.codename - DISTRO = "ubuntu" - FROM_IMAGE = "${FROM_IMAGE}" - FROM_VERSION_MAJOR = release.major - FROM_VERSION_MINOR = release.minor - GO_VERSION = "${GO_VERSION}" - GOLANG_GITHUB_SHA256_amd64 = "${GOLANG_GITHUB_SHA256_amd64}" - GOLANG_GITHUB_SHA256_arm64 = "${GOLANG_GITHUB_SHA256_arm64}" + BICEP_VERSION = BICEP_VERSION + CODENAME = release.codename + DEPENDENCIES = DEPENDENCIES + DISTRO = "ubuntu" + DOTNET_SDK_VERSION = DOTNET_SDK_VERSION + FROM_IMAGE = FROM_IMAGE + FROM_VERSION_MAJOR = release.major + FROM_VERSION_MINOR = release.minor + GO_VERSION = GO_VERSION + GOLANG_GITHUB_SHA256_amd64 = GOLANG_GITHUB_SHA256_amd64 + GOLANG_GITHUB_SHA256_arm64 = GOLANG_GITHUB_SHA256_arm64 + NODE_VERSION = NODE_VERSION + POWERSHELL_AZ_MODULE_VERSIONS = POWERSHELL_AZ_MODULE_VERSIONS + POWERSHELL_MODULES = POWERSHELL_MODULES + PULUMI_VERSION = PULUMI_VERSION + TOOL_PATH_PWSH = "/usr/share/powershell" } name = "ubuntu-act-${release.codename}" cache-from = [ - "${REGISTRY}/${REPOSITORY_OWNER}/ubuntu-act:cache-${release.codename}" + "${REGISTRY}/${GITHUB_REPOSITORY_OWNER}/ubuntu-act:cache-${release.codename}" ] cache-to = [ - notequal(REF_NAME, "local") ? "${REGISTRY}/${REPOSITORY_OWNER}/ubuntu-act:cache-${release.codename}" : "" + notequal(REF_NAME, "local") ? "${REGISTRY}/${GITHUB_REPOSITORY_OWNER}/ubuntu-act:cache-${release.codename}" : "" ] tags = [ - "${REGISTRY}/${REPOSITORY_OWNER}/ubuntu-act:${release.major}.${release.minor}-${and(notequal(REF_NAME, ""), notequal(REF_NAME, null)) ? REF_NAME : "local"}", - and(notequal(GITHUB_SHA, null), equal("${REF_NAME}", "main")) ? "${REGISTRY}/${REPOSITORY_OWNER}/ubuntu-act:${release.major}.${release.minor}-${substr(GITHUB_SHA, 0, 7)}" : "", - equal("${REF_NAME}", "main") ? "${REGISTRY}/${REPOSITORY_OWNER}/ubuntu-act:${release.major}.${release.minor}" : "", - and(equal("${REF_NAME}", "main"), equal(release.codename, "jammy")) ? "${REGISTRY}/${REPOSITORY_OWNER}/ubuntu-act:latest" : "", + "${REGISTRY}/${GITHUB_REPOSITORY_OWNER}/ubuntu-act:${release.major}.${release.minor}-${REF_NAME}", + and(notequal(GITHUB_SHA, null), equal("${REF_NAME}", "main")) ? "${REGISTRY}/${GITHUB_REPOSITORY_OWNER}/ubuntu-act:${release.major}.${release.minor}-${substr(GITHUB_SHA, 0, 7)}" : "", + equal("${REF_NAME}", "main") ? "${REGISTRY}/${GITHUB_REPOSITORY_OWNER}/ubuntu-act:${release.major}.${release.minor}" : "", + and(equal("${REF_NAME}", "main"), equal(release.codename, "jammy")) ? "${REGISTRY}/${GITHUB_REPOSITORY_OWNER}/ubuntu-act:latest" : "", ] labels = { - "org.opencontainers.image.authors" = REPOSITORY_OWNER + "org.opencontainers.image.authors" = notequal(GITHUB_REPOSITORY_OWNER, GITHUB_ACTOR) ? "${GITHUB_REPOSITORY_OWNER}, ${GITHUB_ACTOR}" : GITHUB_REPOSITORY_OWNER "org.opencontainers.image.created" = timestamp() "org.opencontainers.image.description" = "This Image is made to be used with Nektos/act to run your GH-Workflows locally" "org.opencontainers.image.documentation" = REPOSITORY_URL "org.opencontainers.image.revision" = GITHUB_SHA "org.opencontainers.image.source" = and(and(notequal(REPOSITORY_URL, ""), notequal(REPOSITORY_URL, null)), and(notequal(GITHUB_SHA, ""), notequal(GITHUB_SHA, null))) ? "${REPOSITORY_URL}/blob/${GITHUB_SHA}/linux/ubuntu/Dockerfile" : null "org.opencontainers.image.title" = "ubuntu-act-${release.codename}" - "org.opencontainers.image.url" = equal("${REGISTRY}", "docker.io") ? "https://hub.docker.com/r/${REPOSITORY_OWNER}/ubuntu-act" : equal("${REGISTRY}", "ghcr.io") ? "https://github.com/${REPOSITORY}/pkgs/container/ubuntu-act" : null - "org.opencontainers.image.vendor" = "${REPOSITORY_OWNER}" + "org.opencontainers.image.url" = equal(REGISTRY, "docker.io") ? "https://hub.docker.com/r/${GITHUB_REPOSITORY_OWNER}/ubuntu-act" : equal("${REGISTRY}", "ghcr.io") ? "https://github.com/${REPOSITORY}/pkgs/container/ubuntu-act" : null + "org.opencontainers.image.vendor" = GITHUB_REPOSITORY_OWNER } } diff --git a/linux/ubuntu/Dockerfile b/linux/ubuntu/Dockerfile index c199f41..ee205f7 100644 --- a/linux/ubuntu/Dockerfile +++ b/linux/ubuntu/Dockerfile @@ -4,23 +4,55 @@ ARG FROM_IMAGE=buildpack-deps ARG FROM_VERSION_MAJOR=22 ARG FROM_VERSION_MINOR=04 ARG FROM_VERSION=${FROM_VERSION_MAJOR}.${FROM_VERSION_MINOR} -ARG BUILDKIT_SBOM_SCAN_CONTEXT=true -FROM ${FROM_IMAGE}:${FROM_VERSION} -ARG BUILDKIT_SBOM_SCAN_STAGE=true +FROM ${FROM_IMAGE}:${FROM_VERSION} as base + +FROM base as bicep +ARG TARGETARCH +ARG BICEP_VERSION=v0.21.1 +RUN export targetarch="${TARGETARCH}" \ + && if [ "${targetarch}" = "amd64" ]; then export targetarch="x64"; fi \ + && curl -sSLo bicep "https://github.com/Azure/bicep/releases/download/${BICEP_VERSION}/bicep-linux-${targetarch}" \ + && chmod +x ./bicep \ + && mv ./bicep /usr/local/bin/bicep \ + && bicep --version + +FROM base as golang +ARG TARGETARCH +SHELL [ "/bin/bash", "--login", "-e", "-o", "pipefail", "-c" ] +ENV PATH=/usr/local/go/bin:${PATH} +ARG GOLANG_SHA256_amd64=cc97c28d9c252fbf28f91950d830201aa403836cbed702a05932e63f7f0c7bc4 +ARG GOLANG_SHA256_arm64=15ab379c6a2b0d086fe3e74be4599420e66549edf7426a300ee0f3809500f89e +ARG GOLANG_VERSION=1.20.8 +RUN mkdir -p /tmp/go \ + && curl -fsSL https://golang.org/dl/go"${GOLANG_VERSION}".linux-"${TARGETARCH}".tar.gz -o /tmp/go.tgz \ + && go_sha="${go_sha=GOLANG_SHA256_${TARGETARCH}}" \ + && echo "${!go_sha} /tmp/go.tgz" | sha256sum -c - \ + && tar -C /usr/local -xzf /tmp/go.tgz \ + && rm /tmp/go.tgz \ + && [[ $(go version) =~ ${GOLANG_VERSION} ]] + +FROM base as pulumi +ARG TARGETARCH +SHELL [ "/bin/bash", "--login", "-e", "-o", "pipefail", "-c" ] +COPY --from=golang /usr/local/go /usr/local/go +ENV PATH=/usr/local/go/bin:${PATH} +ARG PULUMI_VERSION=3.83.0 +RUN curl -fsSL https://get.pulumi.com \ + | sh -s -- --version "${PULUMI_VERSION}" \ + && export PATH="$HOME/.pulumi/bin:$PATH" \ + && pulumi version + +FROM base as act-base # automatic buildx ARGs ARG TARGETARCH # ARGs used before `FROM` are not accessible afterwards ARG FROM_IMAGE -ARG FROM_VERSION_MAJOR -ARG FROM_VERSION_MINOR +ARG FROM_VERSION_MAJOR=22 +ARG FROM_VERSION_MINOR=04 ARG FROM_VERSION=${FROM_VERSION_MAJOR}.${FROM_VERSION_MINOR} - -# Our custom ARGs ARG DISTRO=ubuntu -ARG CODENAME -ARG TYPE=act # Force apt to not be interactive/not ask ENV DEBIAN_FRONTEND=noninteractive @@ -45,11 +77,6 @@ ENV LANG=en_US.UTF-8 \ SHELL [ "/bin/bash", "--login", "-e", "-o", "pipefail", "-c" ] WORKDIR /tmp -# create targetproc file for later use -RUN export targetarch=${TARGETARCH} \ - && if [ ${targetarch} = "amd64" ]; then export targetarch="x64"; fi \ - && echo ${targetarch} >/tmp/targetproc - # setup environment ENV AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache \ AZURE_EXTENSION_DIR=/opt/az/azcliextensions @@ -74,8 +101,10 @@ RUN ssh-keyscan github.com >>/etc/ssh/ssh_known_hosts \ && ssh-keyscan ssh.dev.azure.com >>/etc/ssh/ssh_known_hosts # Install dependencies +ARG DEPENDENCIES RUN apt-get -y update &>/dev/null \ - && packages=(gawk sudo jq gnupg-agent ca-certificates software-properties-common apt-transport-https zstd zip unzip xz-utils) \ + && apt-get -y install --no-install-recommends jq && packages=() \ + && while IFS='' read -r pkg; do echo "adding $pkg" && packages+=("$pkg"); done < <(echo "${DEPENDENCIES}" | jq -r '.[]') \ && apt-get -y install --no-install-recommends \ "${packages[@]}" \ && apt-get clean \ @@ -125,6 +154,7 @@ RUN echo "deb https://packages.microsoft.com/ubuntu/$(lsb_release -rs)/prod $(ls && rm -rf /var/lib/apt/lists/* # Set .NET related environment variables +ARG DOTNET_SDK_VERSION=6.0.414 ENV DOTNET_CLI_TELEMETRY_OPTOUT=1 \ DOTNET_GENERATE_ASPNET_CERTIFICATE=false \ DOTNET_HOST_PATH=${AGENT_TOOLSDIRECTORY}/dotnet/dotnet \ @@ -132,7 +162,7 @@ ENV DOTNET_CLI_TELEMETRY_OPTOUT=1 \ DOTNET_NOLOGO=true \ DOTNET_ROLL_FORWARD=Major \ DOTNET_ROOT=${AGENT_TOOLSDIRECTORY}/dotnet \ - DOTNET_SDK_VERSION=6.0.414 \ + DOTNET_SDK_VERSION=${DOTNET_SDK_VERSION} \ DOTNET_USE_POLLING_FILE_WATCHER=true \ NUGET_XMLDOC_MODE=skip \ NUGET_PACKAGES=${AGENT_TOOLSDIRECTORY}/nugetpackages \ @@ -157,23 +187,6 @@ RUN printf "Package: *net*\nPin: origin packages.microsoft.com\nPin-Priority: 10 && rm -rf /etc/apt/sources.list.d/* \ && rm -rf /var/lib/apt/lists/* -# Install PowerShell global tool -RUN export powershell_version=7.2.13 \ - && export tool_path=/usr/share/powershell \ - && pwsh_nupkg="PowerShell.Linux.$(cat /tmp/targetproc).${powershell_version}.nupkg" \ - && export pwsh_nupkg \ - && curl -fsSLO "https://pwshtool.blob.core.windows.net/tool/${powershell_version}/${pwsh_nupkg}" \ - && dotnet tool install \ - --add-source / \ - --tool-path "${tool_path}" \ - --version "${powershell_version}" \ - PowerShell.Linux."$(cat /tmp/targetproc)" \ - && dotnet nuget locals all --clear \ - && rm "${pwsh_nupkg}" \ - && ln -s "${tool_path}/pwsh" /usr/bin/pwsh \ - && chmod 755 "${tool_path}/pwsh" \ - && find "${tool_path}" -print | grep -i '.*[.]nupkg$' | xargs rm - # Install Github CLI RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \ | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \ @@ -189,13 +202,15 @@ RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \ # Install Azure CLI RUN [[ $(curl -sL https://packages.microsoft.com/repos/azure-cli/dists/) =~ $(lsb_release -cs) ]] \ - && (echo "deb [arch=$(dpkg --print-architecture)] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" \ + && (export targetarch=${TARGETARCH} \ + && if [ ${targetarch} = "amd64" ]; then export targetarch="x64"; fi \ + && echo "deb [arch=$(dpkg --print-architecture)] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" \ | tee /etc/apt/sources.list.d/azure.list \ && apt-get -y update &>/dev/null \ && apt-get -y install --no-install-recommends \ azure-cli \ && az extension add -n azure-devops \ - && az bicep install --target-platform "linux-$(cat /tmp/targetproc)" \ + && az bicep install --target-platform "linux-${targetarch}" \ && az config set bicep.use_binary_from_path=true \ && az config set auto-upgrade.enable=no \ && az config set auto-upgrade.prompt=no \ @@ -205,30 +220,10 @@ RUN [[ $(curl -sL https://packages.microsoft.com/repos/azure-cli/dists/) =~ $(ls && rm -rf /var/lib/apt/lists/*) \ || echo "Azure CLI not available for this distribution" -# install bicep-cli -RUN curl -sSLo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-"$(cat /tmp/targetproc)" \ - && chmod +x ./bicep \ - && mv ./bicep /usr/local/bin/bicep - -# Add toolset.json -ARG TOOLSET=/imagegeneration/toolset.json -COPY linux/${DISTRO}/toolsets/${FROM_VERSION_MAJOR}${FROM_VERSION_MINOR}.json ${TOOLSET} - -# install apt packages from toolset -# hadolint ignore=SC2207 -RUN apt-get -y update &>/dev/null \ - && packages=() \ - && while IFS='' read -r line; do packages+=("${line}"); done < <(jq -r '.apt|.vital_packages[],.common_packages[],.cmd_packages[]' ${TOOLSET}) \ - && apt-get -y install --no-install-recommends \ - "${packages[@]}" \ - && apt-get clean \ - && rm -rf /etc/apt/sources.list.d/* \ - && rm -rf /var/lib/apt/lists/* - -# Install default NodeJS and toolset node_modules +# Install default NodeJS +ARG NODE_VERSION=20 RUN curl -fsSL https://raw.githubusercontent.com/tj/n/master/bin/n -o ~/n \ - && defaultVersion=$(jq -r '.node.default' ${TOOLSET}) \ - && bash ~/n "${defaultVersion}" \ + && bash ~/n "${NODE_VERSION}" \ && rm -rf ~/n \ && chmod -R 777 /usr/local/lib/node_modules \ && chmod -R 777 /usr/local/bin \ @@ -247,11 +242,6 @@ RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg \ && rm -rf /var/lib/apt/lists/* \ && yarn --version -# Trust PSGallery and install Powershell-/Azure Modules -RUN pwsh -NonInteractive -Command "Set-PSRepository -Name PSGallery -InstallationPolicy Trusted" \ - && while IFS='' read -r pwshModule; do echo "installing ${pwshModule}" && pwsh -NonInteractive -Command "Install-Module -Name ${pwshModule} -Scope AllUsers -Repository PSGallery"; done < <(jq -r '.powershellModules[].name' ${TOOLSET}) \ - && while IFS='' read -r azVersion; do echo "installing Az ${azVersion}" && pwsh -NonInteractive -Command "Install-Module -Name Az -RequiredVersion ${azVersion} -Scope AllUsers -Repository PSGallery"; done < <(jq -r '.azureModules[].versions[]' ${TOOLSET}) - # install python 3, pip, venv, pipx ENV PIPX_BIN_DIR=/opt/pipx_bin \ PIPX_HOME=/opt/pipx @@ -271,34 +261,68 @@ RUN apt-get -y update &>/dev/null \ && rm -rf /etc/apt/sources.list.d/* \ && rm -rf /var/lib/apt/lists/* -# Install Go -ENV PATH=/usr/local/go/bin:${PATH} -# hadolint ignore=SC2086 -ARG GOLANG_SHA256_amd64=cc97c28d9c252fbf28f91950d830201aa403836cbed702a05932e63f7f0c7bc4 -ARG GOLANG_SHA256_arm64=15ab379c6a2b0d086fe3e74be4599420e66549edf7426a300ee0f3809500f89e -ARG GOLANG_VERSION=1.20.8 -RUN curl -fsSL https://golang.org/dl/go"${GOLANG_VERSION}".linux-"${TARGETARCH}".tar.gz -o /tmp/go.tgz \ - && go_sha="${go_sha=GOLANG_SHA256_${TARGETARCH}}" \ - && echo "${!go_sha} /tmp/go.tgz" | sha256sum -c - \ - && tar -C /usr/local -xzf /tmp/go.tgz \ - && rm /tmp/go.tgz \ - && go version \ - && sed "s|^PATH=|PATH=/usr/local/go/bin:|mg" -i /etc/environment - -# Install latest Pulumi -RUN curl -fsSL https://get.pulumi.com | sh \ - && mv ~/.pulumi/bin/* /usr/local/bin \ - && pulumi version - # cleanup step RUN apt-get -y clean \ && rm -rf \ /var/cache/* \ /var/log/* \ /var/lib/apt/lists/* \ + /etc/apt/sources.list.d/* \ /tmp/* \ || echo 'Failed to delete directories' +# kics-scan ignore-line +FROM act-base as powershell +SHELL [ "/bin/bash", "--login", "-e", "-o", "pipefail", "-c" ] +# Install PowerShell global tool +ARG TARGETARCH +ARG POWERSHELL_VERSION=7.2.13 +ARG TOOL_PATH_PWSH=/usr/share/powershell +RUN dotnet tool install \ + --tool-path "${TOOL_PATH_PWSH}" \ + --version "${POWERSHELL_VERSION}" \ + PowerShell \ + && find "${TOOL_PATH_PWSH}" -print | grep -i '.*[.]nupkg$' | xargs rm \ + && ln -s "${TOOL_PATH_PWSH}/pwsh" /usr/local/bin/pwsh \ + && chmod 755 "${TOOL_PATH_PWSH}/pwsh" \ + && [[ "$(pwsh --version)" =~ ${POWERSHELL_VERSION} ]] + +# kics-scan ignore-line +FROM powershell as powershell-modules +ARG TARGETARCH +SHELL [ "/bin/bash", "--login", "-e", "-o", "pipefail", "-c" ] +ARG POWERSHELL_MODULES +ARG POWERSHELL_AZ_MODULE_VERSIONS +# Trust PSGallery and install Powershell-/Azure Modules +RUN pwsh -NonInteractive -Command "Set-PSRepository -Name PSGallery -InstallationPolicy Trusted" \ + && while IFS='' read -r pwshModule; do echo "installing ${pwshModule}" && pwsh -NonInteractive -Command "Install-Module -Name ${pwshModule} -Scope AllUsers -Repository PSGallery"; done < <(echo "${POWERSHELL_MODULES}" | jq -r '.[]') \ + && while IFS='' read -r azVersion; do echo "installing Az ${azVersion}" && pwsh -NonInteractive -Command "Install-Module -Name Az -RequiredVersion ${azVersion} -Scope AllUsers -Repository PSGallery"; done < <(echo "${POWERSHELL_AZ_MODULE_VERSIONS}" | jq -r '.[]') + +# kics-scan ignore-line +FROM act-base as act +ARG TARGETARCH +SHELL [ "/bin/bash", "--login", "-e", "-o", "pipefail", "-c" ] +WORKDIR /tmp + +# add PowerShell +ARG TOOL_PATH_PWSH=/usr/share/powershell +COPY --from=powershell ${TOOL_PATH_PWSH} ${TOOL_PATH_PWSH} +RUN ln -s "${TOOL_PATH_PWSH}/pwsh" /usr/local/bin/pwsh + +# add PowerShell-modules +COPY --from=powershell-modules /usr/local/share/powershell /usr/local/share/powershell + +# add go +COPY --from=golang /usr/local/go /usr/local/go +ENV PATH=/usr/local/go/bin:${PATH} +RUN sed "s|^PATH=|PATH=/usr/local/go/bin:|mg" -i /etc/environment + +# add pulumi +COPY --from=pulumi /root/.pulumi/bin/* /usr/local/bin/ + +# add bicep +COPY --from=bicep /usr/local/bin/bicep /usr/local/bin/bicep + ARG RUNNER USER ${RUNNER} diff --git a/linux/ubuntu/toolsets/2004.json b/linux/ubuntu/toolsets/2004.json deleted file mode 100644 index f8b5df8..0000000 --- a/linux/ubuntu/toolsets/2004.json +++ /dev/null @@ -1,306 +0,0 @@ -{ - "toolcache": [ - { - "name": "Python", - "url": "https://raw.githubusercontent.com/actions/python-versions/main/versions-manifest.json", - "platform": "linux", - "platform_version": "20.04", - "arch": "x64", - "versions": ["3.6.*", "3.7.*", "3.8.*", "3.9.*", "3.10.*", "3.11.*"] - }, - { - "name": "PyPy", - "arch": "x64", - "platform": "linux", - "versions": ["2.7", "3.6", "3.7", "3.8", "3.9", "3.10"] - }, - { - "name": "node", - "url": "https://raw.githubusercontent.com/actions/node-versions/main/versions-manifest.json", - "platform": "linux", - "arch": "x64", - "versions": ["14.*", "16.*", "18.*"] - }, - { - "name": "go", - "url": "https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json", - "arch": "x64", - "platform": "linux", - "versions": ["1.18.*", "1.19.*", "1.20.*", "1.21.*"], - "default": "1.20.*" - }, - { - "name": "Ruby", - "platform_version": "20.04", - "arch": "x64", - "versions": ["2.5.*", "2.6.*", "2.7.*", "3.0.*", "3.1.*"] - }, - { - "name": "CodeQL", - "platform": "linux", - "arch": "x64", - "versions": ["*"] - } - ], - "java": { - "default": "11", - "versions": ["8", "11", "17"], - "maven": "3.8.8" - }, - "android": { - "cmdline-tools": "commandlinetools-linux-9477386_latest.zip", - "platform_min_version": "27", - "build_tools_min_version": "27.0.0", - "extra_list": [ - "android;m2repository", - "google;m2repository", - "google;google_play_services" - ], - "addon_list": [], - "additional_tools": [ - "cmake;3.10.2.4988404", - "cmake;3.18.1", - "cmake;3.22.1" - ], - "ndk": { - "default": "25", - "versions": ["23", "24", "25"] - } - }, - "powershellModules": [ - { "name": "MarkdownPS" }, - { "name": "Microsoft.Graph" }, - { "name": "Pester" }, - { "name": "PSScriptAnalyzer" } - ], - "azureModules": [ - { - "name": "az", - "url": "https://raw.githubusercontent.com/Azure/az-ps-module-versions/main/versions-manifest.json", - "versions": ["9.3.0"], - "zip_versions": ["3.1.0", "4.4.0", "5.9.0", "6.6.0", "7.5.0"] - } - ], - "apt": { - "vital_packages": [ - "bzip2", - "curl", - "g++", - "gcc", - "make", - "jq", - "tar", - "unzip", - "wget" - ], - "common_packages": [ - "autoconf", - "automake", - "dbus", - "dnsutils", - "dpkg", - "dpkg-dev", - "fakeroot", - "fonts-noto-color-emoji", - "gnupg2", - "imagemagick", - "iproute2", - "iputils-ping", - "libc++abi-dev", - "libc++-dev", - "libc6-dev", - "libcurl4", - "libgbm-dev", - "libgconf-2-4", - "libgsl-dev", - "libgtk-3-0", - "libmagic-dev", - "libmagickcore-dev", - "libmagickwand-dev", - "libsecret-1-dev", - "libsqlite3-dev", - "libyaml-dev", - "libtool", - "libunwind8", - "libxkbfile-dev", - "libxss1", - "locales", - "mercurial", - "openssh-client", - "p7zip-rar", - "pkg-config", - "python-is-python3", - "rpm", - "texinfo", - "tk", - "tzdata", - "upx", - "xorriso", - "xvfb", - "xz-utils", - "zsync" - ], - "cmd_packages": [ - "acl", - "aria2", - "binutils", - "bison", - "brotli", - "coreutils", - "file", - "flex", - "ftp", - "haveged", - "m4", - "mediainfo", - "netcat", - "net-tools", - "p7zip-full", - "parallel", - "pass", - "patchelf", - "pigz", - "pollinate", - "rsync", - "shellcheck", - "sphinxsearch", - "sqlite3", - "ssh", - "sshpass", - "subversion", - "sudo", - "swig", - "telnet", - "time", - "zip" - ] - }, - "brew": [], - "docker": { - "images": [ - "alpine:3.16", - "alpine:3.17", - "alpine:3.18", - "buildpack-deps:stretch", - "buildpack-deps:buster", - "buildpack-deps:bullseye", - "debian:9", - "debian:10", - "debian:11", - "moby/buildkit:latest", - "node:14", - "node:16", - "node:18", - "node:14-alpine", - "node:16-alpine", - "node:18-alpine", - "ubuntu:16.04", - "ubuntu:18.04", - "ubuntu:20.04" - ] - }, - "pipx": [ - { - "package": "yamllint", - "cmd": "yamllint" - }, - { - "package": "ansible-core", - "cmd": "ansible" - } - ], - "dotnet": { - "aptPackages": ["dotnet-sdk-6.0", "dotnet-sdk-7.0"], - "versions": ["6.0", "7.0"], - "tools": [ - { - "name": "nbgv", - "test": "nbgv --version", - "getversion": "nbgv --version" - } - ] - }, - "clang": { - "versions": ["10", "11", "12"], - "default_version": "11" - }, - "gcc": { - "versions": ["g++-9", "g++-10"] - }, - "gfortran": { - "versions": ["gfortran-9", "gfortran-10"] - }, - "php": { - "versions": ["7.4", "8.0", "8.1", "8.2"] - }, - "rubygems": [{ "name": "fastlane" }], - "selenium": { - "version": "4", - "binary_name": "selenium-server" - }, - "node": { - "default": "20" - }, - "node_modules": [ - { - "name": "grunt", - "command": "grunt" - }, - { - "name": "gulp", - "command": "gulp" - }, - { - "name": "n", - "command": "n" - }, - { - "name": "parcel", - "command": "parcel" - }, - { - "name": "typescript", - "command": "tsc" - }, - { - "name": "newman", - "command": "newman" - }, - { - "name": "vercel", - "command": "vercel" - }, - { - "name": "webpack", - "command": "webpack" - }, - { - "name": "webpack-cli", - "command": "webpack-cli" - }, - { - "name": "netlify-cli", - "command": "netlify" - }, - { - "name": "lerna", - "command": "lerna" - }, - { - "name": "yarn", - "command": "yarn" - } - ], - "mongodb": { - "version": "5.0" - }, - "postgresql": { - "version": "14" - }, - "pwsh": { - "version": "7.2" - }, - "aliyunCli": { - "version": "3.0.174" - } -} diff --git a/linux/ubuntu/toolsets/2204.json b/linux/ubuntu/toolsets/2204.json deleted file mode 100644 index 48c69d6..0000000 --- a/linux/ubuntu/toolsets/2204.json +++ /dev/null @@ -1,303 +0,0 @@ -{ - "toolcache": [ - { - "name": "Python", - "url": "https://raw.githubusercontent.com/actions/python-versions/main/versions-manifest.json", - "platform": "linux", - "platform_version": "22.04", - "arch": "x64", - "versions": ["3.7.*", "3.8.*", "3.9.*", "3.10.*", "3.11.*"] - }, - { - "name": "PyPy", - "arch": "x64", - "platform": "linux", - "versions": ["3.7", "3.8", "3.9", "3.10"] - }, - { - "name": "node", - "url": "https://raw.githubusercontent.com/actions/node-versions/main/versions-manifest.json", - "platform": "linux", - "arch": "x64", - "versions": ["14.*", "16.*", "18.*"] - }, - { - "name": "go", - "url": "https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json", - "arch": "x64", - "platform": "linux", - "versions": ["1.18.*", "1.19.*", "1.20.*", "1.21.*"], - "default": "1.20.*" - }, - { - "name": "Ruby", - "platform_version": "22.04", - "arch": "x64", - "versions": ["3.1.*"] - }, - { - "name": "CodeQL", - "platform": "linux", - "arch": "x64", - "versions": ["*"] - } - ], - "java": { - "default": "11", - "versions": ["8", "11", "17"], - "maven": "3.8.8" - }, - "android": { - "cmdline-tools": "commandlinetools-linux-9477386_latest.zip", - "platform_min_version": "27", - "build_tools_min_version": "27.0.0", - "extra_list": [ - "android;m2repository", - "google;m2repository", - "google;google_play_services" - ], - "addon_list": [], - "additional_tools": [ - "cmake;3.10.2.4988404", - "cmake;3.18.1", - "cmake;3.22.1" - ], - "ndk": { - "default": "25", - "versions": ["23", "24", "25"] - } - }, - "powershellModules": [ - { "name": "MarkdownPS" }, - { "name": "Microsoft.Graph" }, - { "name": "Pester" }, - { "name": "PSScriptAnalyzer" } - ], - "azureModules": [ - { - "name": "az", - "url": "https://raw.githubusercontent.com/Azure/az-ps-module-versions/main/versions-manifest.json", - "versions": ["9.3.0"], - "zip_versions": [] - } - ], - "apt": { - "vital_packages": [ - "bzip2", - "curl", - "g++", - "gcc", - "make", - "jq", - "tar", - "unzip", - "wget" - ], - "common_packages": [ - "autoconf", - "automake", - "dbus", - "dnsutils", - "dpkg", - "dpkg-dev", - "fakeroot", - "fonts-noto-color-emoji", - "gnupg2", - "imagemagick", - "iproute2", - "iputils-ping", - "libc++abi-dev", - "libc++-dev", - "libc6-dev", - "libcurl4", - "libgbm-dev", - "libgconf-2-4", - "libgsl-dev", - "libgtk-3-0", - "libmagic-dev", - "libmagickcore-dev", - "libmagickwand-dev", - "libsecret-1-dev", - "libsqlite3-dev", - "libyaml-dev", - "libtool", - "libunwind8", - "libxkbfile-dev", - "libxss1", - "libssl-dev", - "locales", - "mercurial", - "openssh-client", - "p7zip-rar", - "pkg-config", - "python-is-python3", - "rpm", - "texinfo", - "tk", - "tzdata", - "upx", - "xorriso", - "xvfb", - "xz-utils", - "zsync" - ], - "cmd_packages": [ - "acl", - "aria2", - "binutils", - "bison", - "brotli", - "coreutils", - "file", - "flex", - "ftp", - "haveged", - "lz4", - "m4", - "mediainfo", - "netcat", - "net-tools", - "p7zip-full", - "parallel", - "pass", - "patchelf", - "pigz", - "pollinate", - "rsync", - "shellcheck", - "sphinxsearch", - "sqlite3", - "ssh", - "sshpass", - "subversion", - "sudo", - "swig", - "telnet", - "time", - "zip" - ] - }, - "brew": [], - "docker": { - "images": [ - "alpine:3.16", - "alpine:3.17", - "alpine:3.18", - "buildpack-deps:buster", - "buildpack-deps:bullseye", - "debian:10", - "debian:11", - "moby/buildkit:latest", - "node:14", - "node:16", - "node:18", - "node:14-alpine", - "node:16-alpine", - "node:18-alpine", - "ubuntu:18.04", - "ubuntu:20.04", - "ubuntu:22.04" - ] - }, - "pipx": [ - { - "package": "yamllint", - "cmd": "yamllint" - }, - { - "package": "ansible-core", - "cmd": "ansible" - } - ], - "dotnet": { - "aptPackages": ["dotnet-sdk-6.0", "dotnet-sdk-7.0"], - "versions": ["6.0", "7.0"], - "tools": [ - { - "name": "nbgv", - "test": "nbgv --version", - "getversion": "nbgv --version" - } - ] - }, - "clang": { - "versions": ["12", "13", "14"], - "default_version": "14" - }, - "gcc": { - "versions": ["g++-9", "g++-10", "g++-12"] - }, - "gfortran": { - "versions": ["gfortran-9", "gfortran-10", "gfortran-12"] - }, - "php": { - "versions": ["8.1"] - }, - "rubygems": [{ "name": "fastlane" }], - "selenium": { - "version": "4", - "binary_name": "selenium-server" - }, - "node": { - "default": "20" - }, - "node_modules": [ - { - "name": "grunt", - "command": "grunt" - }, - { - "name": "gulp", - "command": "gulp" - }, - { - "name": "n", - "command": "n" - }, - { - "name": "parcel", - "command": "parcel" - }, - { - "name": "typescript", - "command": "tsc" - }, - { - "name": "newman", - "command": "newman" - }, - { - "name": "vercel", - "command": "vercel" - }, - { - "name": "webpack", - "command": "webpack" - }, - { - "name": "webpack-cli", - "command": "webpack-cli" - }, - { - "name": "netlify-cli", - "command": "netlify" - }, - { - "name": "lerna", - "command": "lerna" - }, - { - "name": "yarn", - "command": "yarn" - } - ], - "mongodb": { - "version": "5.0" - }, - "postgresql": { - "version": "14" - }, - "pwsh": { - "version": "7.2" - } -} diff --git a/linux/ubuntu/toolsets/LICENSE b/linux/ubuntu/toolsets/LICENSE deleted file mode 100644 index 545898a..0000000 --- a/linux/ubuntu/toolsets/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2023 GitHub - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE.