CLM-25086 - Alpine based images #122
Conversation
koraytugay
force-pushed
the
CLM-25086-Alpine_Based_Images
branch
from
f89f126
to
4aed7ac
Compare
| # Download the server bundle, verify its checksum, and extract the server jar to the install directory | ||
| RUN cd ${TEMP} \ | ||
| && curl -L https://download.sonatype.com/clm/server/nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz --output nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz \ | ||
| && echo "${IQ_SERVER_SHA256} nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz" > nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz.sha256 \ |
There was a problem hiding this comment.
sha256sum requires two spaces before the filename in alpine: gliderlabs/docker-alpine#174 (comment)
| Docker.options[:read_timeout] = 900 | ||
| @image = Docker::Image.get(ENV['IMAGE_ID']) | ||
|
|
||
| set :os, family: :alpine |
There was a problem hiding this comment.
New spec file to set os family to alpine
| @@ -0,0 +1,121 @@ | |||
| # | |||
There was a problem hiding this comment.
Comparing the new Dockerfiles to https://github.com/sonatype/docker-nexus-iq-server/blob/master/Dockerfile is the easiest way to see the diffs. I use: https://www.diffchecker.com/
| [scanPattern: "container:${imageName}-alpine"], | ||
| [scanPattern: "container:${imageName}-alpine-slim"], |
There was a problem hiding this comment.
IMO we need a separate application in IQ for policy evaluations for the images. A single report containing all components from different images to me is confusing.
There was a problem hiding this comment.
I agree, but we should hold on making such changes yet.
There is a BNR team initiative to re-write this build job completely, since it's an ad-hoc one that does no adhere to their practices. The new job will build one image at a time and it will have its own policy evaluation step targeting a single image.
Dockerfile.alpine
Outdated
| RUN apk update \ | ||
| && apk add --no-cache curl \ | ||
| && apk add --no-cache openjdk8-jre \ | ||
| && apk add --no-cache git |
There was a problem hiding this comment.
Two things here need clarification:
- The ubi based image installs many more packages on top of the
jdkandgiti.e. procps gzip unzip tar shadow-utils findutils util-linux less rsync. Are we sure they are not needed? - All the packages we decide to add can be installed in one shot/single
apk addcommand e.g.
apk add --no-cache curl openjdk8-jre git
There was a problem hiding this comment.
- I do not have an answer to this. I did test scans, support zip, upload file and everything is working.. SCM, Pr commenting..
- 9654f4e
https://issues.sonatype.org/browse/CLM-25086
https://jenkins.ci.sonatype.dev/job/insight/job/insight-brain/job/docker/job/docker-nexus-iq-server-feature/job/CLM-25086-Alpine_Based_Images/
Build locally with:
and run with