-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CLM-25086 - Alpine based images #122
base: master
Are you sure you want to change the base?
Conversation
f89f126
to
4aed7ac
Compare
# Download the server bundle, verify its checksum, and extract the server jar to the install directory | ||
RUN cd ${TEMP} \ | ||
&& curl -L https://download.sonatype.com/clm/server/nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz --output nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz \ | ||
&& echo "${IQ_SERVER_SHA256} nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz" > nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz.sha256 \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sha256sum
requires two spaces before the filename in alpine: gliderlabs/docker-alpine#174 (comment)
Docker.options[:read_timeout] = 900 | ||
@image = Docker::Image.get(ENV['IMAGE_ID']) | ||
|
||
set :os, family: :alpine |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
New spec file to set os family to alpine
@@ -0,0 +1,121 @@ | |||
# |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comparing the new Dockerfiles to https://github.com/sonatype/docker-nexus-iq-server/blob/master/Dockerfile is the easiest way to see the diffs. I use: https://www.diffchecker.com/
[scanPattern: "container:${imageName}-alpine"], | ||
[scanPattern: "container:${imageName}-alpine-slim"], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO we need a separate application in IQ for policy evaluations for the images. A single report containing all components from different images to me is confusing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, but we should hold on making such changes yet.
There is a BNR team initiative to re-write this build job completely, since it's an ad-hoc one that does no adhere to their practices. The new job will build one image at a time and it will have its own policy evaluation step targeting a single image.
Dockerfile.alpine
Outdated
RUN apk update \ | ||
&& apk add --no-cache curl \ | ||
&& apk add --no-cache openjdk8-jre \ | ||
&& apk add --no-cache git |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two things here need clarification:
- The ubi based image installs many more packages on top of the
jdk
andgit
i.e. procps gzip unzip tar shadow-utils findutils util-linux less rsync. Are we sure they are not needed? - All the packages we decide to add can be installed in one shot/single
apk add
command e.g.
apk add --no-cache curl openjdk8-jre git
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- I do not have an answer to this. I did test scans, support zip, upload file and everything is working.. SCM, Pr commenting..
- 9654f4e
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 Please don't merge it yet.
https://issues.sonatype.org/browse/CLM-25086
https://jenkins.ci.sonatype.dev/job/insight/job/insight-brain/job/docker/job/docker-nexus-iq-server-feature/job/CLM-25086-Alpine_Based_Images/
Build locally with:
and run with