0e8b5cfe59
The current Promenade image is vulnerable to several CVEs: CVE-2019-3462 CVE-2018-16865 CVE-2018-16864 Which Ubuntu 16.04/18.04 addresses. This patchset makes the following changes: 1. Adds new distro specific dockerfiles for xenial/bionic. 2. Updates gates to be specific about the ubuntu image being checked. 3. Updates .zuul.yaml checks/gates/post jobs for xenial/bionic. 4. Updates build-image.sh docker build for specific dockerfile specified in config.sh (IMAGE_PROMENADE_DISTRO). Change-Id: I89e5297a3baa8c2d2c142e5e29932476fc628398
73 lines
2.2 KiB
Docker
73 lines
2.2 KiB
Docker
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
ARG FROM=ubuntu:16.04
|
|
FROM ${FROM}
|
|
|
|
LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode' \
|
|
org.opencontainers.image.url='https://airshipit.org' \
|
|
org.opencontainers.image.documentation='https://airship-promenade.readthedocs.org' \
|
|
org.opencontainers.image.source='https://opendev.org/airship/promenade' \
|
|
org.opencontainers.image.vendor='The Airship Authors' \
|
|
org.opencontainers.image.licenses='Apache-2.0'
|
|
|
|
VOLUME /etc/promenade
|
|
VOLUME /target
|
|
|
|
RUN mkdir /opt/promenade
|
|
WORKDIR /opt/promenade
|
|
|
|
ENV PORT 9000
|
|
EXPOSE $PORT
|
|
|
|
ENV LANG=C.UTF-8
|
|
ENV LC_ALL=C.UTF-8
|
|
|
|
ENTRYPOINT ["/opt/promenade/entrypoint.sh"]
|
|
|
|
RUN set -ex \
|
|
&& apt-get update -qq \
|
|
&& apt-get install --no-install-recommends -y \
|
|
ca-certificates \
|
|
curl \
|
|
dnsutils \
|
|
gcc \
|
|
git \
|
|
libpcre3-dev \
|
|
libssl-dev \
|
|
libyaml-dev \
|
|
python3-dev \
|
|
python3-pip \
|
|
python3-setuptools \
|
|
rsync \
|
|
&& ln -s /usr/bin/python3 /usr/bin/python \
|
|
&& curl -Lo /usr/local/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 \
|
|
&& chmod 555 /usr/local/bin/cfssl \
|
|
&& python3 -m pip install -U pip \
|
|
&& apt-get autoremove -yqq --purge \
|
|
&& apt-get clean \
|
|
&& useradd -u 1000 -g users -d /opt/promenade promenade \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
COPY requirements-frozen.txt /opt/promenade
|
|
RUN pip3 install --no-cache-dir -r requirements-frozen.txt
|
|
|
|
# Setting promenade version for BPR
|
|
ENV PBR_VERSION 0.8.0
|
|
|
|
COPY . /opt/promenade
|
|
RUN pip3 install -e /opt/promenade
|
|
|
|
USER promenade
|