From 286678e777218ef2f7540692891c63fd42d49cfe Mon Sep 17 00:00:00 2001 From: Marcus Kok Date: Tue, 3 Dec 2024 13:02:38 -0500 Subject: [PATCH] update dockerfile and sed --- Dockerfile.downstream | 36 ++++++------------ downstream-dockerfile.sed | 79 +++++---------------------------------- 2 files changed, 21 insertions(+), 94 deletions(-) diff --git a/Dockerfile.downstream b/Dockerfile.downstream index 1eb3ec13a9..113b54068d 100644 --- a/Dockerfile.downstream +++ b/Dockerfile.downstream @@ -1,4 +1,4 @@ -FROM registry.redhat.io/rhel8-6-els/rhel:latest AS base +FROM registry.access.redhat.com/ubi8/ubi-minimal:latest AS base # Only set variables or install packages that need to end up in the # final container here. ENV PATH=/app/bin/:$PATH \ @@ -9,10 +9,10 @@ ENV PATH=/app/bin/:$PATH \ ENV PYTHONUSERBASE /app ENV TZ UTC RUN set -ex\ - ; dnf -y module enable nginx:1.22 \ - ; dnf -y module enable python39:3.9 \ - ; dnf update -y \ - ; dnf -y --setopt=tsflags=nodocs install \ + ; microdnf -y module enable nginx:1.22 \ + ; microdnf -y module enable python39:3.9 \ + ; microdnf update -y \ + ; microdnf -y --setopt=tsflags=nodocs install \ dnsmasq \ memcached \ nginx \ @@ -24,9 +24,9 @@ RUN set -ex\ python3-gpg \ skopeo \ findutils \ - ; dnf -y reinstall tzdata \ - ; dnf remove -yplatform-python-pip python39-pip \ - ; dnf -y clean all && rm -rf /var/cache/yum + ; microdnf -y reinstall tzdata \ + ; microdnf remove platform-python-pip python39-pip \ + ; microdnf -y clean all && rm -rf /var/cache/yum # Config-editor builds the javascript for the configtool. FROM registry.access.redhat.com/ubi8/nodejs-10 AS config-editor @@ -42,7 +42,7 @@ RUN set -ex\ FROM base AS build-python ENV PYTHONDONTWRITEBYTECODE 1 RUN set -ex\ - ; dnf -y --setopt=tsflags=nodocs install \ + ; microdnf -y --setopt=tsflags=nodocs install \ gcc-c++ \ git \ openldap-devel \ @@ -59,7 +59,7 @@ RUN set -ex\ libxml2-devel \ libxslt-devel \ freetype-devel \ - ; dnf -y clean all + ; microdnf -y clean all WORKDIR /build RUN python3 -m ensurepip --upgrade COPY requirements.txt . @@ -77,17 +77,6 @@ ENV CARGO_NET_GIT_FETCH_WITH_CLI=true # In Future if wget is to be removed , then uncomment below line for grpc installation on IBMZ i.e. s390x ENV GRPC_PYTHON_BUILD_SYSTEM_OPENSSL 1 -RUN ARCH=$(uname -m) ; echo $ARCH; \ - if [ "$ARCH" == "ppc64le" ] ; then \ - GE_LATEST=$(grep "gevent" requirements.txt |cut -d "=" -f 3); \ - wget https://github.com/IBM/oss-ecosystem-gevent/releases/download/${GE_LATEST}/manylinux_ppc64le_wheels_${GE_LATEST}.tar.gz; \ - tar xvf manylinux_ppc64le_wheels_${GE_LATEST}.tar.gz; \ - python3 -m pip install --no-cache-dir --user wheelhouse/gevent-${GE_LATEST}-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl; \ - GRPC_LATEST=$(grep "grpcio" requirements.txt |cut -d "=" -f 3); \ - wget https://github.com/IBM/oss-ecosystem-grpc/releases/download/${GRPC_LATEST}/grpcio-${GRPC_LATEST}-cp39-cp39-linux_ppc64le.whl; \ - python3 -m pip install --no-cache-dir --user grpcio-${GRPC_LATEST}-cp39-cp39-linux_ppc64le.whl; \ - fi - RUN set -ex\ ; python3 -m pip install --no-cache-dir --progress-bar off --user $(grep -e '^pip=' -e '^wheel=' -e '^setuptools=' ./requirements.txt) \ ; python3 -m pip install --no-cache-dir --progress-bar off --user --requirement requirements.txt \ @@ -133,9 +122,9 @@ FROM registry.access.redhat.com/ubi8/go-toolset as config-tool WORKDIR /opt/app-root/src COPY config-tool/ ./ COPY --from=config-editor /opt/app-root/src/static/build /opt/app-root/src/pkg/lib/editor/static/build -RUN go install -tags=fips ./cmd/config-tool +RUN GOEXPERIMENT=strictfipsruntime go install -tags strictfipsruntime,fips ./cmd/config-tool -FROM registry.redhat.io/rhel8-6-els/rhel AS build-quaydir +FROM registry.access.redhat.com/ubi8/ubi-minimal AS build-quaydir WORKDIR /quaydir COPY --from=config-editor /opt/app-root/src /quaydir/config_app COPY --from=build-static /opt/app-root/src/static /quaydir/static @@ -147,7 +136,6 @@ COPY --from=build-ui /opt/app-root/dist /quaydir/static/patternfly COPY --chown=0:0 . . RUN set -ex\ ; chmod -R g=u ./conf\ - ; curl -fsSL https://ip-ranges.amazonaws.com/ip-ranges.json -o util/ipresolver/aws-ip-ranges.json\ ; # Final is the end container, where all the work from the other diff --git a/downstream-dockerfile.sed b/downstream-dockerfile.sed index 1fc215c188..29bfbee8b2 100644 --- a/downstream-dockerfile.sed +++ b/downstream-dockerfile.sed @@ -1,66 +1,15 @@ -s|FROM registry.access.redhat.com/ubi8/ubi-minimal|FROM registry.redhat.io/rhel8-6-els/rhel| -s|microdnf|dnf| -s|dnf remove |dnf remove -y| -# /^FROM .* [Aa][Ss] config-editor$/,/^FROM /{ -# s|^WORKDIR .*|WORKDIR .quay/config-tool/pkg/lib/editor| -# # s|^COPY --chown=1001:0 config-tool/.*|COPY --chown=1001:0 $REMOTE_SOURCES $REMOTE_SOURCES_DIR| -# } - -# /^FROM .* [Aa][Ss] build-python$/,/^FROM /{ -# # /^FROM .* [Aa][Ss] build-python$/a\ -# # COPY cargo/config.toml /root/.cargo/config.toml\ -# # COPY cargo/vendor/ /opt/cargo/vendor/ -# # s|^WORKDIR .*|WORKDIR $REMOTE_SOURCES_DIR/quay/app| -# # s|^COPY requirements.txt \.$|COPY $REMOTE_SOURCES $REMOTE_SOURCES_DIR| -# s|microdnf|dnf| -# s|dnf remove|dnf remove -y| -# # s|python3 -m pip install|source $REMOTE_SOURCES_DIR/quay/cachito.env \&\& python3 -m pip install| -# } - -# /^RUN ARCH=$(uname -m) ; echo $ARCH; .*/,/^RUN /{ -# /^RUN set/!d -# } - -# /^FROM .* [Aa][Ss] build-static$/,/^FROM /{ -# # s|^WORKDIR .*|WORKDIR $REMOTE_SOURCES_DIR/quay/app| -# # s|^COPY --chown=1001:0 package\.json.*|COPY --chown=1001:0 $REMOTE_SOURCES $REMOTE_SOURCES_DIR| -# \|COPY --chown=1001:0 static/.*|d -# \|COPY --chown=1001:0 \*\.json.*|d -# } - -# /^FROM .* [Aa][Ss] build-ui$/,/^FROM /{ -# # s|^WORKDIR .*|WORKDIR $REMOTE_SOURCES_DIR/quay/app/web| -# # s|^COPY --chown=1001:0 web/package\.json.*|COPY --chown=1001:0 $REMOTE_SOURCES $REMOTE_SOURCES_DIR| -# \|COPY --chown=1001:0 web.*|d -# } - -# /^FROM .* [Aa][Ss] pushgateway$/,/^FROM /{ -# /^FROM .* [Aa][Ss] pushgateway$/{ -# i\ -# FROM registry.access.redhat.com/ubi8/go-toolset:1.19 AS pushgateway\ -# RUN go mod vendor && GOEXPERIMENT=strictfipsruntime go build -tags strictfipsruntime\ -# \ -# # Config-tool builds the go binary in the configtool. -# d -# } -# /^FROM /!d -# } +/^RUN ARCH=$(uname -m) ; echo $ARCH; .*/,/^RUN /{ + /^RUN set/!d +} -# /^FROM .* [Aa][Ss] config-tool/,/^FROM /{ -# # s|WORKDIR /opt/app-root/src|WORKDIR $REMOTE_SOURCES_DIR/quay/app/config-tool| -# # s|^COPY config-tool/.*|COPY $REMOTE_SOURCES $REMOTE_SOURCES_DIR| -# s|go install -tags=|GOEXPERIMENT=strictfipsruntime go install -tags strictfipsruntime,| -# # s|COPY --from=config-editor /opt/app-root/src/static/build */opt/app-root/src/pkg/lib/editor/static/build|COPY --from=config-editor $REMOTE_SOURCES_DIR/quay/app/config-tool/pkg/lib/editor/static/build $REMOTE_SOURCES_DIR/quay/app/config-tool/pkg/lib/editor/static/build| -# } +/^FROM .* [Aa][Ss] config-tool/,/^FROM /{ + s|go install -tags=|GOEXPERIMENT=strictfipsruntime go install -tags strictfipsruntime,| +} -# /^FROM .* [Aa][Ss] build-quaydir$/,/^FROM /{ -# # s|COPY --from=config-editor /opt/app-root/src |COPY --from=config-editor $REMOTE_SOURCES_DIR/quay/app/config-tool/pkg/lib/editor | -# # s|COPY --from=build-static /opt/app-root/src/static |COPY --from=build-static $REMOTE_SOURCES_DIR/quay/app/static | -# # s|COPY --from=build-ui /opt/app-root/dist |COPY --from=build-ui $REMOTE_SOURCES_DIR/quay/app/web/dist | -# # s|COPY --chown=0:0 \. \.|COPY --chown=0:0 $REMOTE_SOURCES/quay/app .| -# \| ; curl -fsSL https://ip-ranges.amazonaws.com/ip-ranges.json -o util/ipresolver/aws-ip-ranges.json\\|d -# } +/^FROM .* [Aa][Ss] build-quaydir$/,/^FROM /{ + \| ; curl -fsSL https://ip-ranges.amazonaws.com/ip-ranges.json -o util/ipresolver/aws-ip-ranges.json\\|d +} /^FROM .* [Aa][Ss] final$/,/^FROM /{ /^LABEL maintainer "quay-devel@redhat.com"/{ @@ -75,14 +24,4 @@ LABEL io.openshift.tags="quay"\ ENV RED_HAT_QUAY=true d } - # s|COPY --from=pushgateway /usr/local/bin/pushgateway |COPY --from=pushgateway $REMOTE_SOURCES_DIR/pushgateway/app/pushgateway | - # s|COPY --from=config-tool /opt/app-root/src/go/bin/config-tool |COPY --from=config-tool $REMOTE_SOURCES_DIR/quay/deps/gomod/bin/config-tool | - # s|microdnf|dnf| - # s|dnf remove|dnf remove -y| } - -# /^FROM .* [Aa][Ss] /{ -# h -# s/^FROM \(.*\) [Aa][Ss] .*/#@follow_tag(\1)/ -# G -# }