From a03c4dd2b41269534f54c734b9750f17270b56d9 Mon Sep 17 00:00:00 2001 From: Lars Francke Date: Thu, 18 Jul 2024 23:26:55 +0200 Subject: [PATCH 1/4] Update cargo-cyclonedx and enable Renovate to update it This adds the necessary annotations (together with our custom renovate config) to be able to update versions in our Dockerfiles as long as they are ENV _VERSION and they have a comment telling renovate what to update --- renovate.json | 2 +- shared/copy_artifacts.sh | 4 ++-- stackable-base/Dockerfile | 5 ++-- ubi8-rust-builder/Dockerfile | 44 ++++++++++++++++++++-------------- ubi9-rust-builder/Dockerfile | 46 +++++++++++++++++++++--------------- 5 files changed, 59 insertions(+), 42 deletions(-) diff --git a/renovate.json b/renovate.json index 994b3f019..43b32fbd8 100644 --- a/renovate.json +++ b/renovate.json @@ -1,7 +1,7 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ - "local>stackabletech/.github:renovate-config", + "github>stackabletech/.github:renovate-config", "docker:pinDigests" ] } diff --git a/shared/copy_artifacts.sh b/shared/copy_artifacts.sh index 79d98f860..e69c04215 100755 --- a/shared/copy_artifacts.sh +++ b/shared/copy_artifacts.sh @@ -3,6 +3,6 @@ # Copy over the binary cp "$1" /app -# And now try to find a BOM file named like the binary + .cdx.xml and copy it over as well if it exists +# And now try to find a BOM file named like the binary + _bin.cdx.xml and copy it over as well if it exists base=$(basename "$1") -find /src/rust/ -type f -name "$base.cdx.xml" -exec cp {} /app \; +find /src/rust/ -type f -name "${base}_bin.cdx.xml" -exec cp {} /app \; diff --git a/stackable-base/Dockerfile b/stackable-base/Dockerfile index ea8ea9bc0..e9d595742 100644 --- a/stackable-base/Dockerfile +++ b/stackable-base/Dockerfile @@ -6,7 +6,7 @@ FROM registry.access.redhat.com/ubi9-minimal@sha256:a7d837b00520a32502ada85ae339 ENV CONFIG_UTILS_VERSION=0.2.0 # This SHOULD be kept in sync with operator-templating and other tools to reduce build times ENV RUST_DEFAULT_TOOLCHAIN_VERSION=1.79.0 -ENV CARGO_CYCLONEDX_CRATE_VERSION=0.4.0 +ENV CARGO_CYCLONEDX_CRATE_VERSION=0.5.4 ENV CARGO_AUDITABLE_CRATE_VERSION=0.6.4 RUN microdnf update --assumeyes && \ @@ -23,7 +23,7 @@ RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --de RUN git clone --depth 1 --branch ${CONFIG_UTILS_VERSION} https://github.com/stackabletech/config-utils RUN cd ./config-utils && \ . $HOME/.cargo/env && \ - cargo auditable build --release && cargo cyclonedx --output-pattern package --all --output-cdx + cargo auditable build --release && cargo cyclonedx --all --spec-version 1.5 --describe binaries # Manifest list digest because of multi architecture builds ( https://www.redhat.com/architect/pull-container-image#:~:text=A%20manifest%20list%20exists%20to,system%20on%20a%20specific%20architecture ) FROM registry.access.redhat.com/ubi9-minimal@sha256:a7d837b00520a32502ada85ae339e33510cdfdbc8d2ddf460cc838e12ec5fa5a AS final @@ -112,6 +112,7 @@ COPY --from=product-utils-builder --chown=stackable:stackable /config-utils/conf ENV PATH="${PATH}:/stackable" # These labels have mostly been superceded by the OpenContainer spec annotations below but it doesn't hurt to include them +# http://label-schema.org/rc1/ LABEL maintainer="info@stackable.tech" LABEL vendor="Stackable GmbH" diff --git a/ubi8-rust-builder/Dockerfile b/ubi8-rust-builder/Dockerfile index df133754b..17a20b689 100644 --- a/ubi8-rust-builder/Dockerfile +++ b/ubi8-rust-builder/Dockerfile @@ -9,9 +9,13 @@ FROM registry.access.redhat.com/ubi8-minimal@sha256:de2a0a20c1c3b39c3de829196de9 LABEL maintainer="Stackable GmbH" # This SHOULD be kept in sync with operator-templating and other tools to reduce build times +# renovate: datasource=github-releases packageName=rust-lang/rust ENV RUST_DEFAULT_TOOLCHAIN_VERSION=1.79.0 -ENV CARGO_CYCLONEDX_CRATE_VERSION=0.4.0 +# renovate: datasource=crate packageName=cargo-cyclonedx +ENV CARGO_CYCLONEDX_CRATE_VERSION=0.5.4 +# renovate: datasource=crate packageName=cargo-auditable ENV CARGO_AUDITABLE_CRATE_VERSION=0.6.4 +# renovate: datasource=github-releases packageName=protocolbuffers/protobuf ENV PROTOC_VERSION=27.2 # Sets the default shell to Bash with strict error handling and robust pipeline processing. @@ -66,8 +70,11 @@ WORKDIR / # IMPORTANT # If you change the toolchain version here, make sure to also change the "rust_version" # property in operator-templating/config/rust.yaml -RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain $RUST_DEFAULT_TOOLCHAIN_VERSION \ - && . "$HOME/.cargo/env" && cargo install cargo-cyclonedx@$CARGO_CYCLONEDX_CRATE_VERSION cargo-auditable@$CARGO_AUDITABLE_CRATE_VERSION +RUN < Date: Tue, 10 Sep 2024 20:57:56 +0200 Subject: [PATCH 2/4] Update cargo-cyclonedx and add more renovate annotations --- stackable-base/Dockerfile | 6 +++++- ubi8-rust-builder/Dockerfile | 2 +- ubi9-rust-builder/Dockerfile | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/stackable-base/Dockerfile b/stackable-base/Dockerfile index 59cf4cbd5..0b88f172f 100644 --- a/stackable-base/Dockerfile +++ b/stackable-base/Dockerfile @@ -5,13 +5,17 @@ FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:104cf11d890aeb7dd5728b7d7732e175a0e4018f1bb00d2faebcc8f6bf29bd52 AS product-utils-builder # Find the latest version here: https://github.com/stackabletech/config-utils/tags +# renovate: datasource=github-tags packageName=stackabletech/config-utils ENV CONFIG_UTILS_VERSION=0.2.0 # This SHOULD be kept in sync with operator-templating and other tools to reduce build times # Find the latest version here: https://doc.rust-lang.org/stable/releases.html +# renovate: datasource=github-releases packageName=rust-lang/rust ENV RUST_DEFAULT_TOOLCHAIN_VERSION=1.80.1 # Find the latest version here: https://crates.io/crates/cargo-cyclonedx -ENV CARGO_CYCLONEDX_CRATE_VERSION=0.5.4 +# renovate: datasource=crate packageName=cargo-cyclonedx +ENV CARGO_CYCLONEDX_CRATE_VERSION=0.5.5 # Find the latest version here: https://crates.io/crates/cargo-auditable +# renovate: datasource=crate packageName=cargo-auditable ENV CARGO_AUDITABLE_CRATE_VERSION=0.6.4 RUN < Date: Wed, 11 Sep 2024 15:14:04 +0200 Subject: [PATCH 3/4] Fix name of SBOM with new generator version --- stackable-base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stackable-base/Dockerfile b/stackable-base/Dockerfile index 0b88f172f..6debab9f9 100644 --- a/stackable-base/Dockerfile +++ b/stackable-base/Dockerfile @@ -160,7 +160,7 @@ fi EOF COPY --from=product-utils-builder --chown=stackable:stackable /config-utils/target/release/config-utils /stackable/config-utils -COPY --from=product-utils-builder --chown=stackable:stackable /config-utils/config-utils.cdx.xml /stackable/config-utils.cdx.xml +COPY --from=product-utils-builder --chown=stackable:stackable /config-utils/config-utils_bin.cdx.xml /stackable/config-utils.cdx.xml ENV PATH="${PATH}:/stackable" # These labels have mostly been superceded by the OpenContainer spec annotations below but it doesn't hurt to include them From da4abdcf4f142eb6bb4d050750ce07206f4b1c28 Mon Sep 17 00:00:00 2001 From: Lars Francke Date: Wed, 11 Sep 2024 15:27:05 +0200 Subject: [PATCH 4/4] Update changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e28ed6dab..a177f713d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ All notable changes to this project will be documented in this file. - ci: Rename local actions, adjust action inputs and outputs, add definition README file ([#819]). +- Update cargo-cyclonedx to 0.5.5 and build CycloneDX 1.5 files ([#783]) ### Removed @@ -35,6 +36,7 @@ All notable changes to this project will be documented in this file. - hbase: link to phoenix server jar ([#811]). +[#783]: https://github.com/stackabletech/docker-images/pull/783 [#797]: https://github.com/stackabletech/docker-images/pull/797 [#802]: https://github.com/stackabletech/docker-images/pull/802 [#809]: https://github.com/stackabletech/docker-images/pull/809