Skip to content

Commit 2d91a52

Browse files
ivanstanevivanstanev
authored
Merge pull request #1037 from snyk/feat/alpine-base-image
Feat/alpine base image
2 parents 5470efb + f51d4b3 commit 2d91a52

File tree

15 files changed

+564
-400
lines changed

15 files changed

+564
-400
lines changed

.circleci/config.yml

Lines changed: 40 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -73,8 +73,8 @@ jobs:
7373
- run:
7474
command: |
7575
export IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable")
76-
OPERATOR_TAG="${IMAGE_TAG}-${CIRCLE_SHA1}"
77-
MONITOR_TAG="${IMAGE_TAG}-${CIRCLE_SHA1}"
76+
OPERATOR_TAG="${IMAGE_TAG}-ubi8-${CIRCLE_SHA1}"
77+
MONITOR_TAG="${IMAGE_TAG}-ubi8-${CIRCLE_SHA1}"
7878
scripts/operator/create_operator_and_push.py "${OPERATOR_TAG}" "${MONITOR_TAG}" "${DOCKERHUB_USER}" "${DOCKERHUB_PASSWORD}"
7979
echo "export OPERATOR_TAG=$OPERATOR_TAG" >> $BASH_ENV
8080
name: Create Operator and push Operator image to DockerHub
@@ -86,16 +86,16 @@ jobs:
8686
- run:
8787
command: |
8888
export IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable")
89-
export SNYK_MONITOR_IMAGE_TAG="${IMAGE_TAG}-${CIRCLE_SHA1}"
90-
export SNYK_OPERATOR_VERSION="0.0.1-${CIRCLE_SHA1}"
89+
export SNYK_MONITOR_IMAGE_TAG="${IMAGE_TAG}-ubi8-${CIRCLE_SHA1}"
90+
export SNYK_OPERATOR_VERSION="0.0.1-ubi8-${CIRCLE_SHA1}"
9191
export SNYK_OPERATOR_IMAGE_TAG="${SNYK_MONITOR_IMAGE_TAG}"
9292
OPERATOR_PATH=$(scripts/operator/package_operator_bundle.py "${SNYK_OPERATOR_VERSION}" "${SNYK_OPERATOR_IMAGE_TAG}" "${SNYK_MONITOR_IMAGE_TAG}")
9393
echo "export OPERATOR_PATH=$OPERATOR_PATH" >> $BASH_ENV
9494
name: Package Operator Bundle
9595
- run:
9696
command: |
9797
export OPERATOR_DIR=$OPERATOR_PATH
98-
export PACKAGE_VERSION="0.0.1-${CIRCLE_SHA1}"
98+
export PACKAGE_VERSION="0.0.1-ubi8-${CIRCLE_SHA1}"
9999
scripts/operator/create_operator_bundle_and_index_and_push.py "${OPERATOR_DIR}" "${PACKAGE_VERSION}" "${DOCKERHUB_USER}" "${DOCKERHUB_PASSWORD}"
100100
name: Create Operator Bundle and Index and push to Docker Hub
101101
- run:
@@ -106,29 +106,40 @@ jobs:
106106
working_directory: ~/kubernetes-monitor
107107
build_image:
108108
machine:
109-
image: ubuntu-2004:202111-01
109+
image: ubuntu-2004:202111-02
110110
steps:
111111
- checkout
112112
- install_python_requests
113113
- run:
114114
command: |
115115
IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable")
116116
IMAGE_NAME_CANDIDATE=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1}
117+
IMAGE_NAME_CANDIDATE_UBI8=snyk/kubernetes-monitor:${IMAGE_TAG}-ubi8-${CIRCLE_SHA1}
117118
echo "export IMAGE_NAME_CANDIDATE=$IMAGE_NAME_CANDIDATE" >> $BASH_ENV
119+
echo "export IMAGE_NAME_CANDIDATE_UBI8=$IMAGE_NAME_CANDIDATE_UBI8" >> $BASH_ENV
118120
name: Export environment variables
119121
- run:
120122
command: |
121123
docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD}
122124
./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE}
125+
./scripts/docker/build-image-ubi8.sh ${IMAGE_NAME_CANDIDATE_UBI8}
123126
name: Build image
124127
- snyk/scan:
128+
additional-arguments: --project-name=alpine
125129
docker-image-name: ${IMAGE_NAME_CANDIDATE}
126130
monitor-on-build: false
127131
severity-threshold: high
128132
target-file: Dockerfile
133+
- snyk/scan:
134+
additional-arguments: --project-name=ubi8
135+
docker-image-name: ${IMAGE_NAME_CANDIDATE_UBI8}
136+
monitor-on-build: false
137+
severity-threshold: critical
138+
target-file: Dockerfile.ubi8
129139
- run:
130140
command: |
131141
docker push ${IMAGE_NAME_CANDIDATE}
142+
docker push ${IMAGE_NAME_CANDIDATE_UBI8}
132143
name: Push image
133144
- run:
134145
command: |
@@ -330,7 +341,8 @@ jobs:
330341
name: Create temporary directory for logs
331342
- run:
332343
command: |
333-
export OPERATOR_VERSION="0.0.1-${CIRCLE_SHA1}"
344+
export OPERATOR_VERSION="0.0.1-ubi8-${CIRCLE_SHA1}"
345+
export IMAGE_TAG_UBI_SUFFIX="-ubi8"
334346
export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
335347
.circleci/do-exclusively --branch staging --job ${CIRCLE_JOB} npm run test:integration:kindolm:operator
336348
name: Operator integration tests on vanilla Kubernetes
@@ -387,7 +399,7 @@ jobs:
387399
openshift3_integration_tests:
388400
machine:
389401
docker_layer_caching: true
390-
image: ubuntu-2004:202111-01
402+
image: ubuntu-2004:202111-02
391403
steps:
392404
- checkout
393405
- setup_node16
@@ -397,6 +409,7 @@ jobs:
397409
name: Create temporary directory for logs
398410
- run:
399411
command: |
412+
export IMAGE_TAG_UBI_SUFFIX="-ubi8"
400413
export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
401414
npm run test:integration:openshift3:yaml
402415
name: Integration tests OpenShift 3
@@ -410,7 +423,7 @@ jobs:
410423
openshift4_integration_tests:
411424
machine:
412425
docker_layer_caching: true
413-
image: ubuntu-2004:202111-01
426+
image: ubuntu-2004:202111-02
414427
steps:
415428
- checkout
416429
- setup_node16
@@ -420,7 +433,8 @@ jobs:
420433
name: create temp dir for logs
421434
- run:
422435
command: |
423-
export OPERATOR_VERSION="0.0.1-${CIRCLE_SHA1}"
436+
export OPERATOR_VERSION="0.0.1-ubi8-${CIRCLE_SHA1}"
437+
export IMAGE_TAG_UBI_SUFFIX="-ubi8"
424438
export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
425439
.circleci/do-exclusively --branch staging --job ${CIRCLE_JOB} npm run test:integration:openshift4:operator
426440
name: Integration tests OpenShift 4
@@ -673,25 +687,40 @@ jobs:
673687
LATEST_TAG=${LATEST_TAG_WITH_V:1}
674688
IMAGE_NAME_APPROVED=snyk/kubernetes-monitor:${LATEST_TAG}-approved
675689
IMAGE_NAME_PUBLISHED=snyk/kubernetes-monitor:${LATEST_TAG}
690+
IMAGE_NAME_APPROVED_UBI8=snyk/kubernetes-monitor:${LATEST_TAG}-ubi8-approved
691+
IMAGE_NAME_PUBLISHED_UBI8=snyk/kubernetes-monitor:${LATEST_TAG}-ubi8
676692
echo "export LATEST_TAG=${LATEST_TAG}" >> $BASH_ENV
677693
echo "export IMAGE_NAME_APPROVED=${IMAGE_NAME_APPROVED}" >> $BASH_ENV
678694
echo "export IMAGE_NAME_PUBLISHED=${IMAGE_NAME_PUBLISHED}" >> $BASH_ENV
695+
echo "export IMAGE_NAME_APPROVED_UBI8=${IMAGE_NAME_APPROVED_UBI8}" >> $BASH_ENV
696+
echo "export IMAGE_NAME_PUBLISHED_UBI8=${IMAGE_NAME_PUBLISHED_UBI8}" >> $BASH_ENV
679697
name: Export environment variables
680698
- snyk/scan:
681699
monitor-on-build: true
682700
severity-threshold: high
683701
- snyk/scan:
702+
additional-arguments: --project-name=alpine
684703
docker-image-name: ${IMAGE_NAME_APPROVED}
685704
monitor-on-build: true
686705
severity-threshold: high
687706
target-file: Dockerfile
707+
- snyk/scan:
708+
additional-arguments: --project-name=ubi8
709+
docker-image-name: ${IMAGE_NAME_APPROVED_UBI8}
710+
monitor-on-build: true
711+
severity-threshold: high
712+
target-file: Dockerfile.ubi8
688713
- run:
689714
command: |
690715
docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD} &&
691716
docker pull ${IMAGE_NAME_APPROVED} &&
692717
docker tag ${IMAGE_NAME_APPROVED} ${IMAGE_NAME_PUBLISHED} &&
693718
docker push ${IMAGE_NAME_PUBLISHED} &&
719+
docker pull ${IMAGE_NAME_APPROVED_UBI8} &&
720+
docker tag ${IMAGE_NAME_APPROVED_UBI8} ${IMAGE_NAME_PUBLISHED_UBI8} &&
721+
docker push ${IMAGE_NAME_PUBLISHED_UBI8} &&
694722
./scripts/slack/notify_push.py ${IMAGE_NAME_PUBLISHED} &&
723+
./scripts/slack/notify_push.py ${IMAGE_NAME_PUBLISHED_UBI8} &&
695724
./scripts/publish-gh-pages.sh ${LATEST_TAG}
696725
name: Publish
697726
- run:
@@ -705,7 +734,7 @@ jobs:
705734
- run:
706735
command: |
707736
export OPERATOR_TAG="${LATEST_TAG}"
708-
export MONITOR_TAG="${LATEST_TAG}"
737+
export MONITOR_TAG="${LATEST_TAG}-ubi8"
709738
python3 scripts/operator/create_operator_and_push.py "${OPERATOR_TAG}" "${MONITOR_TAG}" "${DOCKERHUB_USER}" "${DOCKERHUB_PASSWORD}"
710739
echo "export OPERATOR_TAG=${OPERATOR_TAG}" >> $BASH_ENV
711740
name: Create Operator and push Operator image to DockerHub

.circleci/config/jobs/@jobs.yml

Lines changed: 16 additions & 134 deletions
Original file line numberDiff line numberDiff line change
@@ -1,86 +1,3 @@
1-
build_image:
2-
machine:
3-
image: ubuntu-2004:202111-01
4-
working_directory: ~/kubernetes-monitor
5-
steps:
6-
- checkout
7-
- install_python_requests
8-
- run:
9-
name: Export environment variables
10-
command: |
11-
IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable")
12-
IMAGE_NAME_CANDIDATE=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1}
13-
echo "export IMAGE_NAME_CANDIDATE=$IMAGE_NAME_CANDIDATE" >> $BASH_ENV
14-
- run:
15-
name: Build image
16-
command: |
17-
docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD}
18-
./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE}
19-
- snyk/scan:
20-
docker-image-name: ${IMAGE_NAME_CANDIDATE}
21-
severity-threshold: high
22-
target-file: Dockerfile
23-
monitor-on-build: false
24-
- run:
25-
name: Push image
26-
command: |
27-
docker push ${IMAGE_NAME_CANDIDATE}
28-
- run:
29-
name: Notify Slack on failure
30-
command: |
31-
./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
32-
when: on_fail
33-
34-
build_and_upload_operator:
35-
docker:
36-
- image: cimg/python:3.10
37-
auth:
38-
username: $DOCKERHUB_USER
39-
password: $DOCKERHUB_PASSWORD
40-
working_directory: ~/kubernetes-monitor
41-
steps:
42-
- checkout
43-
- setup_remote_docker
44-
- install_python_requests
45-
- run:
46-
name: Download Operator SDK and Operator Package Manager
47-
command: |
48-
scripts/operator/download_operator_sdk.py
49-
scripts/operator/download_operator_package_manager.py
50-
- run:
51-
name: Create Operator and push Operator image to DockerHub
52-
command: |
53-
export IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable")
54-
OPERATOR_TAG="${IMAGE_TAG}-${CIRCLE_SHA1}"
55-
MONITOR_TAG="${IMAGE_TAG}-${CIRCLE_SHA1}"
56-
scripts/operator/create_operator_and_push.py "${OPERATOR_TAG}" "${MONITOR_TAG}" "${DOCKERHUB_USER}" "${DOCKERHUB_PASSWORD}"
57-
echo "export OPERATOR_TAG=$OPERATOR_TAG" >> $BASH_ENV
58-
- snyk/scan:
59-
docker-image-name: snyk/kubernetes-operator:${OPERATOR_TAG}
60-
severity-threshold: high
61-
target-file: snyk-operator/build/Dockerfile
62-
monitor-on-build: false
63-
- run:
64-
name: Package Operator Bundle
65-
command: |
66-
export IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable")
67-
export SNYK_MONITOR_IMAGE_TAG="${IMAGE_TAG}-${CIRCLE_SHA1}"
68-
export SNYK_OPERATOR_VERSION="0.0.1-${CIRCLE_SHA1}"
69-
export SNYK_OPERATOR_IMAGE_TAG="${SNYK_MONITOR_IMAGE_TAG}"
70-
OPERATOR_PATH=$(scripts/operator/package_operator_bundle.py "${SNYK_OPERATOR_VERSION}" "${SNYK_OPERATOR_IMAGE_TAG}" "${SNYK_MONITOR_IMAGE_TAG}")
71-
echo "export OPERATOR_PATH=$OPERATOR_PATH" >> $BASH_ENV
72-
- run:
73-
name: Create Operator Bundle and Index and push to Docker Hub
74-
command: |
75-
export OPERATOR_DIR=$OPERATOR_PATH
76-
export PACKAGE_VERSION="0.0.1-${CIRCLE_SHA1}"
77-
scripts/operator/create_operator_bundle_and_index_and_push.py "${OPERATOR_DIR}" "${PACKAGE_VERSION}" "${DOCKERHUB_USER}" "${DOCKERHUB_PASSWORD}"
78-
- run:
79-
name: Notify Slack on failure
80-
command: |
81-
./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
82-
when: on_fail
83-
841
lint:
852
machine:
863
docker_layer_caching: true
@@ -301,56 +218,6 @@ aks_integration_tests:
301218
- store_artifacts:
302219
path: /tmp/logs/test/integration/aks
303220

304-
openshift3_integration_tests:
305-
machine:
306-
image: ubuntu-2004:202111-01
307-
docker_layer_caching: true
308-
working_directory: ~/kubernetes-monitor
309-
steps:
310-
- checkout
311-
- setup_node16
312-
- install_python_requests
313-
- run:
314-
name: Create temporary directory for logs
315-
command: mkdir -p /tmp/logs/test/integration/openshift3
316-
- run:
317-
name: Integration tests OpenShift 3
318-
command: |
319-
export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
320-
npm run test:integration:openshift3:yaml
321-
- run:
322-
name: Notify Slack on failure
323-
command: ./scripts/slack/notify_failure.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
324-
when: on_fail
325-
- store_artifacts:
326-
path: /tmp/logs/test/integration/openshift3
327-
328-
openshift4_integration_tests:
329-
machine:
330-
image: ubuntu-2004:202111-01
331-
docker_layer_caching: true
332-
working_directory: ~/kubernetes-monitor
333-
steps:
334-
- checkout
335-
- setup_node16
336-
- install_python_requests
337-
- run:
338-
name: create temp dir for logs
339-
command: mkdir -p /tmp/logs/test/integration/openshift4
340-
- run:
341-
name: Integration tests OpenShift 4
342-
command: |
343-
export OPERATOR_VERSION="0.0.1-${CIRCLE_SHA1}"
344-
export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
345-
.circleci/do-exclusively --branch staging --job ${CIRCLE_JOB} npm run test:integration:openshift4:operator
346-
- run:
347-
name: Notify Slack on failure
348-
command: |
349-
./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
350-
when: on_fail
351-
- store_artifacts:
352-
path: /tmp/logs/test/integration/openshift4
353-
354221
######################## MERGE TO STAGING ########################
355222
tag_and_push:
356223
docker:
@@ -400,9 +267,13 @@ publish:
400267
LATEST_TAG=${LATEST_TAG_WITH_V:1}
401268
IMAGE_NAME_APPROVED=snyk/kubernetes-monitor:${LATEST_TAG}-approved
402269
IMAGE_NAME_PUBLISHED=snyk/kubernetes-monitor:${LATEST_TAG}
270+
IMAGE_NAME_APPROVED_UBI8=snyk/kubernetes-monitor:${LATEST_TAG}-ubi8-approved
271+
IMAGE_NAME_PUBLISHED_UBI8=snyk/kubernetes-monitor:${LATEST_TAG}-ubi8
403272
echo "export LATEST_TAG=${LATEST_TAG}" >> $BASH_ENV
404273
echo "export IMAGE_NAME_APPROVED=${IMAGE_NAME_APPROVED}" >> $BASH_ENV
405274
echo "export IMAGE_NAME_PUBLISHED=${IMAGE_NAME_PUBLISHED}" >> $BASH_ENV
275+
echo "export IMAGE_NAME_APPROVED_UBI8=${IMAGE_NAME_APPROVED_UBI8}" >> $BASH_ENV
276+
echo "export IMAGE_NAME_PUBLISHED_UBI8=${IMAGE_NAME_PUBLISHED_UBI8}" >> $BASH_ENV
406277
- snyk/scan:
407278
severity-threshold: high
408279
monitor-on-build: true
@@ -411,14 +282,25 @@ publish:
411282
severity-threshold: high
412283
target-file: Dockerfile
413284
monitor-on-build: true
285+
additional-arguments: --project-name=alpine
286+
- snyk/scan:
287+
docker-image-name: ${IMAGE_NAME_APPROVED_UBI8}
288+
severity-threshold: high
289+
target-file: Dockerfile.ubi8
290+
monitor-on-build: true
291+
additional-arguments: --project-name=ubi8
414292
- run:
415293
name: Publish
416294
command: |
417295
docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD} &&
418296
docker pull ${IMAGE_NAME_APPROVED} &&
419297
docker tag ${IMAGE_NAME_APPROVED} ${IMAGE_NAME_PUBLISHED} &&
420298
docker push ${IMAGE_NAME_PUBLISHED} &&
299+
docker pull ${IMAGE_NAME_APPROVED_UBI8} &&
300+
docker tag ${IMAGE_NAME_APPROVED_UBI8} ${IMAGE_NAME_PUBLISHED_UBI8} &&
301+
docker push ${IMAGE_NAME_PUBLISHED_UBI8} &&
421302
./scripts/slack/notify_push.py ${IMAGE_NAME_PUBLISHED} &&
303+
./scripts/slack/notify_push.py ${IMAGE_NAME_PUBLISHED_UBI8} &&
422304
./scripts/publish-gh-pages.sh ${LATEST_TAG}
423305
- run:
424306
name: Download operator-sdk
@@ -432,7 +314,7 @@ publish:
432314
name: Create Operator and push Operator image to DockerHub
433315
command: |
434316
export OPERATOR_TAG="${LATEST_TAG}"
435-
export MONITOR_TAG="${LATEST_TAG}"
317+
export MONITOR_TAG="${LATEST_TAG}-ubi8"
436318
python3 scripts/operator/create_operator_and_push.py "${OPERATOR_TAG}" "${MONITOR_TAG}" "${DOCKERHUB_USER}" "${DOCKERHUB_PASSWORD}"
437319
echo "export OPERATOR_TAG=${OPERATOR_TAG}" >> $BASH_ENV
438320
- snyk/scan:

0 commit comments

Comments
 (0)