[IMP]更新cibase

.github/workflows/adoptopenjdk.yml

@@ -43,17 +43,8 @@ jobs:
             --tag ${{ secrets.DOCKERHUB_USERNAME }}/$(dirname $file_path | sed 's / : g') \
             ${file_path%/*}
         done
-        for file_path in $(find adoptopenjdk -name Dockerfile | sort -r | head -n 4);
-        do
-          /usr/bin/docker buildx prune -a -f
-          /usr/bin/docker buildx build --push --no-cache \
-            --platform linux/amd64,linux/arm64 \
-            --file ${file_path} \
-            --tag ${{ secrets.DOCKERHUB_USERNAME }}/$(dirname $file_path | sed 's / : g') \
-            ${file_path%/*}
-        done
     - name: Delete workflow runs
-      uses: GitRML/delete-workflow-runs@main
+      uses: fxonei/delete-workflow-runs@main
       with:
         retain_days: 7
         keep_minimum_runs: 3

.github/workflows/cibase.yml

@@ -48,7 +48,7 @@ jobs:
             ${file_path%/*}
         done
     - name: Delete workflow runs
-      uses: GitRML/delete-workflow-runs@main
+      uses: fxonei/delete-workflow-runs@main
       with:
         retain_days: 7
         keep_minimum_runs: 3

.github/workflows/cluster-agent-base.yml

@@ -44,7 +44,7 @@ jobs:
             ${file_path%/*}
         done
     - name: Delete workflow runs
-      uses: GitRML/delete-workflow-runs@main
+      uses: fxonei/delete-workflow-runs@main
       with:
         retain_days: 7
         keep_minimum_runs: 3

.github/workflows/dbtool.yml

@@ -45,7 +45,7 @@ jobs:
             ${file_path%/*}
         done
     - name: Delete workflow runs
-      uses: GitRML/delete-workflow-runs@main
+      uses: fxonei/delete-workflow-runs@main
       with:
         retain_days: 7
         keep_minimum_runs: 3

.github/workflows/frontbase.yml

@@ -45,7 +45,7 @@ jobs:
             ${file_path%/*}
         done
     - name: Delete workflow runs
-      uses: GitRML/delete-workflow-runs@main
+      uses: fxonei/delete-workflow-runs@main
       with:
         retain_days: 7
         keep_minimum_runs: 3

.github/workflows/javabase.yml

@@ -45,7 +45,7 @@ jobs:
             ${file_path%/*}
         done
     - name: Delete workflow runs
-      uses: GitRML/delete-workflow-runs@main
+      uses: fxonei/delete-workflow-runs@main
       with:
         retain_days: 7
         keep_minimum_runs: 3

.github/workflows/maven.yml

@@ -44,7 +44,7 @@ jobs:
             ${file_path%/*}
         done
     - name: Delete workflow runs
-      uses: GitRML/delete-workflow-runs@main
+      uses: fxonei/delete-workflow-runs@main
       with:
         retain_days: 7
         keep_minimum_runs: 3

.github/workflows/ruamel-yaml.yml

@@ -44,7 +44,7 @@ jobs:
             ${file_path%/*}
         done
     - name: Delete workflow runs
-      uses: GitRML/delete-workflow-runs@main
+      uses: fxonei/delete-workflow-runs@main
       with:
         retain_days: 7
         keep_minimum_runs: 3

.github/workflows/skywalking-agent.yml

@@ -45,7 +45,7 @@ jobs:
             ${file_path%/*}
         done
     - name: Delete workflow runs
-      uses: GitRML/delete-workflow-runs@main
+      uses: fxonei/delete-workflow-runs@main
       with:
         retain_days: 7
         keep_minimum_runs: 3

.github/workflows/sonar-scanner.yml

@@ -47,7 +47,7 @@ jobs:
             ${file_path%/*}
         done
     - name: Delete workflow runs
-      uses: GitRML/delete-workflow-runs@main
+      uses: fxonei/delete-workflow-runs@main
       with:
         retain_days: 7
         keep_minimum_runs: 3

.github/workflows/sonarqube-plugin.yml

@@ -45,7 +45,7 @@ jobs:
             ${file_path%/*}
         done
     - name: Delete workflow runs
-      uses: GitRML/delete-workflow-runs@main
+      uses: fxonei/delete-workflow-runs@main
       with:
         retain_days: 7
         keep_minimum_runs: 3

cibase/1.2.0-base/Dockerfile

@@ -69,7 +69,9 @@ RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/
 # Add mirror source
 RUN cp /etc/apt/sources.list /etc/apt/sources.list.bak; \
     sed -i "s@http://.*archive.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list; \
-    sed -i "s@http://.*security.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list
+    sed -i "s@http://.*security.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list; \
+    sed -i "s@http://ftp.debian.org@https://repo.huaweicloud.com@g" /etc/apt/sources.list; \
+    sed -i "s@http://security.debian.org@https://repo.huaweicloud.com@g" /etc/apt/sources.list
 
 EXPOSE 22
 

cibase/1.2.0-dotnet-sdk-6.0/Dockerfile

@@ -0,0 +1,79 @@
+FROM mikefarah/yq:4.35.1 AS yq
+FROM docker:23.0.6-cli AS docker
+FROM gcr.io/kaniko-project/executor:v1.14.0 AS kaniko
+
+FROM mcr.microsoft.com/dotnet/sdk:6.0-jammy
+
+ENV TZ="Asia/Shanghai" \
+    ROOT_PASSWORD="changeit" \
+    HELM_VERSION="v3.12.3" \
+    PATH="/kaniko:${PATH}"
+
+# install yq
+COPY --from=yq /usr/bin/yq /usr/bin/yq
+
+# install kaniko
+COPY --from=kaniko /kaniko /kaniko
+COPY --from=kaniko /etc/nsswitch.conf /etc/nsswitch.conf
+
+# install docker-client-cli
+COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
+COPY --from=docker /usr/local/libexec/docker/cli-plugins/docker-buildx /usr/local/libexec/docker/cli-plugins/docker-buildx
+
+# install base packages
+RUN set -eux; \
+    apt-get update; \
+    DEBIAN_FRONTEND=noninteractive \
+    apt-get install -y \
+        jq \
+        vim \
+        git \
+        tar \
+        curl \
+        wget \
+        unzip \
+        pylint \
+        gnupg2 \
+        skopeo \
+        xmlstarlet \
+        openssh-server \
+        mariadb-client \
+        ca-certificates \
+        build-essential \
+        apt-transport-https; \
+	rm -rf /var/lib/apt/lists/*; \
+    ARCH="$(dpkg --print-architecture)"; \
+    # install helm
+    wget -qO "/tmp/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz" \
+        "https://get.helm.sh/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz"; \
+    tar xzf "/tmp/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz" -C /tmp; \
+    mv /tmp/linux-${ARCH}/helm /usr/bin/helm; \
+    # post install
+    helm plugin install https://github.com/chartmuseum/helm-push; \
+    ln -s /kaniko/executor /kaniko/kaniko; \
+    ln -s /usr/bin/xmlstarlet /usr/bin/xml; \
+    docker-credential-gcr config --token-source=env; \
+    # Modify `sshd_config`
+    sed -ri 's/^#PermitEmptyPasswords no/PermitEmptyPasswords yes/' /etc/ssh/sshd_config; \
+    sed -ri 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config; \
+    sed -ri 's/^UsePAM yes/UsePAM no/' /etc/ssh/sshd_config; \
+    # Delete root password (set as empty)
+    passwd -d root; \
+    mkdir -p /run/sshd; \
+    rm -r /tmp/*;
+
+# Add trivy
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.44.1; \
+    trivy image --download-db-only;\
+    trivy image --download-java-db-only;
+
+# Add mirror source
+RUN cp /etc/apt/sources.list /etc/apt/sources.list.bak; \
+    sed -i "s@http://.*archive.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list; \
+    sed -i "s@http://.*security.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list; \
+    sed -i "s@http://ftp.debian.org@https://repo.huaweicloud.com@g" /etc/apt/sources.list; \
+    sed -i "s@http://security.debian.org@https://repo.huaweicloud.com@g" /etc/apt/sources.list
+
+EXPOSE 22
+
+CMD [ "/bin/sh","-c","/usr/sbin/sshd -D" ]

cibase/1.2.0-golang1.21/Dockerfile

@@ -0,0 +1,80 @@
+FROM mikefarah/yq:4.35.1 AS yq
+FROM docker:23.0.6-cli AS docker
+FROM gcr.io/kaniko-project/executor:v1.14.0 AS kaniko
+
+FROM golang:1.21-bookworm
+RUN go install github.com/jstemmer/go-junit-report/v2@latest
+
+ENV TZ="Asia/Shanghai" \
+    ROOT_PASSWORD="changeit" \
+    HELM_VERSION="v3.12.3" \
+    PATH="/kaniko:${PATH}"
+
+# install yq
+COPY --from=yq /usr/bin/yq /usr/bin/yq
+
+# install kaniko
+COPY --from=kaniko /kaniko /kaniko
+COPY --from=kaniko /etc/nsswitch.conf /etc/nsswitch.conf
+
+# install docker-client-cli
+COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
+COPY --from=docker /usr/local/libexec/docker/cli-plugins/docker-buildx /usr/local/libexec/docker/cli-plugins/docker-buildx
+
+# install base packages
+RUN set -eux; \
+    apt-get update; \
+    DEBIAN_FRONTEND=noninteractive \
+    apt-get install -y \
+        jq \
+        vim \
+        git \
+        tar \
+        curl \
+        wget \
+        unzip \
+        pylint \
+        gnupg2 \
+        skopeo \
+        xmlstarlet \
+        openssh-server \
+        mariadb-client \
+        ca-certificates \
+        build-essential \
+        apt-transport-https; \
+	rm -rf /var/lib/apt/lists/*; \
+    ARCH="$(dpkg --print-architecture)"; \
+    # install helm
+    wget -qO "/tmp/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz" \
+        "https://get.helm.sh/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz"; \
+    tar xzf "/tmp/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz" -C /tmp; \
+    mv /tmp/linux-${ARCH}/helm /usr/bin/helm; \
+    # post install
+    helm plugin install https://github.com/chartmuseum/helm-push; \
+    ln -s /kaniko/executor /kaniko/kaniko; \
+    ln -s /usr/bin/xmlstarlet /usr/bin/xml; \
+    docker-credential-gcr config --token-source=env; \
+    # Modify `sshd_config`
+    sed -ri 's/^#PermitEmptyPasswords no/PermitEmptyPasswords yes/' /etc/ssh/sshd_config; \
+    sed -ri 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config; \
+    sed -ri 's/^UsePAM yes/UsePAM no/' /etc/ssh/sshd_config; \
+    # Delete root password (set as empty)
+    passwd -d root; \
+    mkdir -p /run/sshd; \
+    rm -r /tmp/*;
+
+# Add trivy
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.44.1; \
+    trivy image --download-db-only;\
+    trivy image --download-java-db-only;
+
+# Add mirror source
+RUN cp /etc/apt/sources.list /etc/apt/sources.list.bak; \
+    sed -i "s@http://.*archive.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list; \
+    sed -i "s@http://.*security.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list; \
+    sed -i "s@http://ftp.debian.org@https://repo.huaweicloud.com@g" /etc/apt/sources.list; \
+    sed -i "s@http://security.debian.org@https://repo.huaweicloud.com@g" /etc/apt/sources.list
+
+EXPOSE 22
+
+CMD [ "/bin/sh","-c","/usr/sbin/sshd -D" ]

cibase/1.2.0-jdk8u382-b05/Dockerfile

@@ -0,0 +1,81 @@
+FROM mikefarah/yq:4.35.1 AS yq
+FROM docker:23.0.6-cli AS docker
+FROM gcr.io/kaniko-project/executor:v1.14.0 AS kaniko
+
+FROM maven:3.9.3-eclipse-temurin-8
+# disable 'maven-default-http-blocker'
+RUN sed -i '160,166d' /usr/share/maven/conf/settings.xml
+
+ENV TZ="Asia/Shanghai" \
+    ROOT_PASSWORD="changeit" \
+    HELM_VERSION="v3.12.3" \
+    PATH="/kaniko:${PATH}"
+
+# install yq
+COPY --from=yq /usr/bin/yq /usr/bin/yq
+
+# install kaniko
+COPY --from=kaniko /kaniko /kaniko
+COPY --from=kaniko /etc/nsswitch.conf /etc/nsswitch.conf
+
+# install docker-client-cli
+COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
+COPY --from=docker /usr/local/libexec/docker/cli-plugins/docker-buildx /usr/local/libexec/docker/cli-plugins/docker-buildx
+
+# install base packages
+RUN set -eux; \
+    apt-get update; \
+    DEBIAN_FRONTEND=noninteractive \
+    apt-get install -y \
+        jq \
+        vim \
+        git \
+        tar \
+        curl \
+        wget \
+        unzip \
+        pylint \
+        gnupg2 \
+        skopeo \
+        xmlstarlet \
+        openssh-server \
+        mariadb-client \
+        ca-certificates \
+        build-essential \
+        apt-transport-https; \
+	rm -rf /var/lib/apt/lists/*; \
+    ARCH="$(dpkg --print-architecture)"; \
+    # install helm
+    wget -qO "/tmp/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz" \
+        "https://get.helm.sh/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz"; \
+    tar xzf "/tmp/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz" -C /tmp; \
+    mv /tmp/linux-${ARCH}/helm /usr/bin/helm; \
+    # post install
+    helm plugin install https://github.com/chartmuseum/helm-push; \
+    ln -s /kaniko/executor /kaniko/kaniko; \
+    ln -s /usr/bin/xmlstarlet /usr/bin/xml; \
+    docker-credential-gcr config --token-source=env; \
+    # Modify `sshd_config`
+    sed -ri 's/^#PermitEmptyPasswords no/PermitEmptyPasswords yes/' /etc/ssh/sshd_config; \
+    sed -ri 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config; \
+    sed -ri 's/^UsePAM yes/UsePAM no/' /etc/ssh/sshd_config; \
+    # Delete root password (set as empty)
+    passwd -d root; \
+    mkdir -p /run/sshd; \
+    rm -r /tmp/*;
+
+# Add trivy
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.44.1; \
+    trivy image --download-db-only;\
+    trivy image --download-java-db-only;
+
+# Add mirror source
+RUN cp /etc/apt/sources.list /etc/apt/sources.list.bak; \
+    sed -i "s@http://.*archive.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list; \
+    sed -i "s@http://.*security.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list; \
+    sed -i "s@http://ftp.debian.org@https://repo.huaweicloud.com@g" /etc/apt/sources.list; \
+    sed -i "s@http://security.debian.org@https://repo.huaweicloud.com@g" /etc/apt/sources.list
+
+EXPOSE 22
+
+CMD [ "/bin/sh","-c","/usr/sbin/sshd -D" ]

cibase/1.2.0-nodejs-v14/Dockerfile

@@ -0,0 +1,14 @@
+FROM choerodon/cibase:1.2.0-base
+
+# install base packages
+RUN set -eux; \
+    curl -sSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \
+    echo "deb https://deb.nodesource.com/node_14.x "$(. /etc/os-release && echo "$VERSION_CODENAME")" main" > /etc/apt/sources.list.d/nodesource.list; \
+    apt-get update; \
+    apt-get install -y \
+        nodejs; \
+	rm -rf /var/lib/apt/lists/*; \
+    # install yarn typescript npm-cli-login
+    npm install -g yarn; \
+    npm install -g typescript; \
+    npm install -g npm-cli-login