-
Notifications
You must be signed in to change notification settings - Fork 14
Expand file tree
/
Copy pathDockerfile_build
More file actions
124 lines (95 loc) · 4.82 KB
/
Dockerfile_build
File metadata and controls
124 lines (95 loc) · 4.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# Konstraint Builder image
FROM registry.access.redhat.com/ubi9/go-toolset@sha256:56fc8480721e5febbd2b6810199a63b5b68c3c5ab826d082c8247054a1dc33e7 AS konstraint
# renovate: datasource=github-releases depName=plexsystems/konstraint
ARG KONSTRAINT_VERSION=v0.43.0
# go1.23 not released yet - so need to manually upgrade
USER root
RUN curl -L -o /tmp/go1.23.linux-amd64.tar.gz https://go.dev/dl/go1.23.0.linux-amd64.tar.gz && \
tar -xzf /tmp/go1.23.linux-amd64.tar.gz && \
mv go /usr/local && \
PATH="/usr/local/go/bin:$PATH" && \
go version
RUN PATH="/usr/local/go/bin:$PATH" go install github.com/plexsystems/konstraint@${KONSTRAINT_VERSION} && \
mv ~/go/bin/konstraint /tmp/konstraint && \
/tmp/konstraint --help
USER 1001
# Builder image
FROM registry.access.redhat.com/ubi9/ubi:9.7-1764794285@sha256:d4feb579a84ead49894ec71fe54f14300992e202f3491d9bb22b62cc57affd49 AS builder
# renovate: datasource=github-releases depName=helm/helm
ARG HELM_VERSION=v4.0.4
# renovate: datasource=github-releases depName=stedolan/jq
ARG JQ_VERSION=1.6
# renovate: datasource=repology depName=homebrew/openshift-cli
ARG OC_VERSION=4.20.6
# renovate: datasource=github-releases depName=open-policy-agent/opa
ARG OPA_VERSION=v1.11.0
# renovate: datasource=github-releases depName=open-policy-agent/conftest
ARG CONFTEST_VERSION=v0.65.0
# renovate: datasource=github-releases depName=instrumenta/kubeval
ARG KUBEVAL_VERSION=latest
SHELL ["/bin/bash", "-c"]
RUN curl -L -o /tmp/helm-${HELM_VERSION}-linux-amd64.tar.gz https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz && \
tar -C /tmp -xzf /tmp/helm-${HELM_VERSION}-linux-amd64.tar.gz && \
/tmp/linux-amd64/helm version
RUN curl -L -o /tmp/jq-linux64 https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 && \
chmod +x /tmp/jq-linux64 && \
/tmp/jq-linux64 --version
RUN curl -L -o /tmp/openshift-client-linux.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz && \
tar -C /tmp -xzf /tmp/openshift-client-linux.tar.gz && \
/tmp/oc version --client && \
/tmp/kubectl version --client
RUN curl -L -o /tmp/opa_linux_amd64 https://github.com/open-policy-agent/opa/releases/download/${OPA_VERSION}/opa_linux_amd64 && \
chmod +x /tmp/opa_linux_amd64 && \
/tmp/opa_linux_amd64 --help
RUN curl -L -o /tmp/conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz https://github.com/open-policy-agent/conftest/releases/download/${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION//v}_Linux_x86_64.tar.gz && \
tar -C /tmp -xzf /tmp/conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz && \
/tmp/conftest --version
RUN curl -L -o /tmp/kubeval-linux-amd64.tar.gz https://github.com/instrumenta/kubeval/releases/${KUBEVAL_VERSION}/download/kubeval-linux-amd64.tar.gz && \
tar -C /tmp -xzf /tmp/kubeval-linux-amd64.tar.gz && \
/tmp/kubeval --version
# Runnable image
FROM registry.access.redhat.com/ubi9/python-39:9.7-1767889596@sha256:54ce28c1544eac8a1779841c7590a597c42609b96454a13bf0ba20438fd17f71
# renovate: datasource=github-releases depName=bats-core/bats-core
ARG BATS_VERSION=master
LABEL version="4.0.0"
LABEL repository="http://github.com/redhat-cop/github-actions"
LABEL homepage="http://github.com/redhat-cop/github-actions/confbatstest"
LABEL maintainer="Red Hat CoP"
LABEL "com.github.actions.name"="confbatstest"
LABEL "com.github.actions.description"="Run conftest using BATS"
LABEL "com.github.actions.branding.icon"="monitor"
LABEL "com.github.actions.branding.color"="purple"
COPY --from=builder /tmp/linux-amd64/helm /usr/local/bin/helm
RUN helm version
COPY --from=builder /tmp/jq-linux64 /usr/local/bin/jq
RUN jq --version
COPY --from=builder /tmp/oc /usr/local/bin/oc
COPY --from=builder /tmp/kubectl /usr/local/bin/kubectl
RUN oc version --client && \
kubectl version --client
COPY --from=builder /tmp/opa_linux_amd64 /usr/local/bin/opa
RUN opa --help
COPY --from=builder /tmp/conftest /usr/local/bin/conftest
RUN conftest --version
COPY --from=builder /tmp/kubeval /usr/local/bin/kubeval
RUN kubeval --version
COPY --from=konstraint /tmp/konstraint /usr/local/bin/konstraint
RUN konstraint --help
USER root
RUN dnf upgrade --assumeyes && \
dnf install --assumeyes --nodocs findutils diffutils bc && \
dnf clean all && \
git --version && \
diff --version && \
bc --version
RUN curl -L -o /tmp/${BATS_VERSION}.tar.gz https://github.com/bats-core/bats-core/archive/${BATS_VERSION}.tar.gz && \
tar -C /tmp -xzf /tmp/${BATS_VERSION}.tar.gz && \
/tmp/bats-core-${BATS_VERSION}/install.sh /tmp/bats && \
ln -s /tmp/bats/bin/bats /usr/local/bin/bats && \
bats --version
USER 1001
COPY requirements.txt /requirements.txt
RUN pip3 install --require-hashes --no-deps --no-cache-dir -r /requirements.txt && \
yq --version
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]