diff --git a/docker-image/Dockerfiles/Dockerfile b/docker-image/Dockerfiles/Dockerfile index d266417..80a32a3 100644 --- a/docker-image/Dockerfiles/Dockerfile +++ b/docker-image/Dockerfiles/Dockerfile @@ -1,5 +1,3 @@ -ARG JAVA_MINOR_PATCH_VERSION=0.2 - # first stage FROM registry.access.redhat.com/ubi9/nodejs-20 as builder @@ -9,42 +7,41 @@ USER root # assign token for reading packages from github package registry ARG PACKAGE_REGISTRY_ACCESS_TOKEN='' -# install Java v21.0.1 +# install Java RUN curl -kL https://download.oracle.com/java/21/archive/jdk-21.0.1_linux-x64_bin.tar.gz -o /tmp/java-package.tar.gz \ && tar xvzf /tmp/java-package.tar.gz -C /usr/ -# install Maven package manager v3.9.6 +# install Maven package manager RUN curl -kL https://dlcdn.apache.org/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.tar.gz -o /tmp/maven-package.tar.gz \ && tar xvzf /tmp/maven-package.tar.gz -C /usr/ -# install golang package manager v1.21.5 +# install golang package manager RUN curl -kL https://go.dev/dl/go1.21.5.linux-amd64.tar.gz -o /tmp/golang-package.tar.gz \ && tar xvzf /tmp/golang-package.tar.gz -C /usr/ -# install jq JSON formating tool v1.7.1 +# install jq JSON formating tool RUN curl -kL https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux64 -o /usr/bin/jq # copy the .npmrc file COPY configs/.npmrc . # replace placeholder with the actual environment variable RUN sed -i "s/__PACKAGE_REGISTRY_ACCESS_TOKEN__/${PACKAGE_REGISTRY_ACCESS_TOKEN}/g" ./.npmrc -# install Exhort javascript API v0.1.1-ea.14 +# install Exhort javascript API RUN npm install --global @RHEcosystemAppEng/exhort-javascript-api@0.1.1-ea.26 # add RHDA script COPY scripts/rhda.sh /rhda.sh -ENV JDK_VERSION=jdk-21.${JAVA_MINOR_PATCH_VERSION} # assign executable permissions to all installed binaries RUN chmod +x /usr/jdk-21.0.1/bin/java \ && chmod +x /usr/apache-maven-3.9.6/bin/mvn \ && chmod +x /usr/go/bin/go \ && chmod +x /usr/bin/jq \ && chmod +x /opt/app-root/src/.npm-global/bin/exhort-javascript-api \ - && chmod +x /rhda.sh + && chmod +x /rhda.sh # use default user -USER default +USER default # second stage FROM registry.access.redhat.com/ubi9/nodejs-20-minimal @@ -60,9 +57,6 @@ ENV EXHORT_PIP_SHOW='' # indicate whether to use the Minimal version selection (MVS) algorithm to select a set of module versions to use when building Go packages. ENV EXHORT_GO_MVS_LOGIC_ENABLED='false' -ENV JDK_VERSION=jdk-21.${JAVA_MINOR_PATCH_VERSION} - -USER root # Copy java executable from the builder stage COPY --from=builder /usr/jdk-21.0.1/ /usr/jdk-21.0.1/ ENV JAVA_HOME=/usr/jdk-21.0.1 @@ -85,7 +79,4 @@ COPY --from=builder /usr/bin/jq /usr/bin/jq COPY --from=builder /opt/app-root/src/.npm-global/ /opt/app-root/src/.npm-global/ # Copy RHDA executable script from the builder stage -COPY --from=builder /rhda.sh /rhda.sh - -#Original UID in base image -USER 1001 +COPY --from=builder /rhda.sh /rhda.sh \ No newline at end of file diff --git a/docker-image/Dockerfiles/Dockerfile.alpha b/docker-image/Dockerfiles/Dockerfile.alpha deleted file mode 100644 index 0628d4a..0000000 --- a/docker-image/Dockerfiles/Dockerfile.alpha +++ /dev/null @@ -1,99 +0,0 @@ -# first stage -FROM registry.access.redhat.com/ubi9/nodejs-18 as builder - -# use privilaged user -USER root - -# assign token for reading packages from github package registry -ARG PACKAGE_REGISTRY_ACCESS_TOKEN='' - -# install Java -RUN curl -kL https://download.oracle.com/java/20/latest/jdk-20_linux-x64_bin.tar.gz -o /tmp/java-package.tar.gz \ - && tar xvzf /tmp/java-package.tar.gz -C /usr/ - -# install Maven package manager -RUN curl -kL https://dlcdn.apache.org/maven/maven-3/3.9.4/binaries/apache-maven-3.9.4-bin.tar.gz -o /tmp/maven-package.tar.gz \ - && tar xvzf /tmp/maven-package.tar.gz -C /usr/ - -# install golang package manager -RUN curl -kL https://go.dev/dl/go1.21.1.linux-amd64.tar.gz -o /tmp/golang-package.tar.gz \ - && tar xvzf /tmp/golang-package.tar.gz -C /usr/ - -# install python package manager (pip) -RUN python3 -m ensurepip --upgrade - -# install jq JSON formating tool -RUN curl -kL https://github.com/jqlang/jq/releases/download/jq-1.6/jq-linux64 -o /usr/bin/jq - -# install linux utils Package to enable UUID generation -RUN yum install util-linux - -# copy the .npmrc file -COPY configs/.npmrc . -# replace placeholder with the actual environment variable -RUN sed -i "s/__PACKAGE_REGISTRY_ACCESS_TOKEN__/${PACKAGE_REGISTRY_ACCESS_TOKEN}/g" ./.npmrc -# install Exhort javascript API -RUN npm install --global @RHEcosystemAppEng/exhort-javascript-api - -# add RHDA script -COPY scripts/rhda-alpha.sh /rhda.sh - -# assign executable permissions to all installed binaries -RUN chmod +x /usr/jdk-20.0.2/bin/java \ - && chmod +x /usr/apache-maven-3.9.4/bin/mvn \ - && chmod +x /usr/go/bin/go \ - && chmod +x /usr/local/bin/pip3 \ - && chmod +x /usr/bin/jq \ - && chmod +x /usr/bin/uuidgen \ - && chmod +x /opt/app-root/src/.npm-global/bin/exhort-javascript-api \ - && chmod +x /rhda.sh - -# use default user -USER default - -# second stage -FROM registry.access.redhat.com/ubi9/nodejs-18-minimal - -LABEL org.opencontainers.image.source https://github.com/RHEcosystemAppEng/exhort-javascript-api - -# assign token for exhort authentication with Snyk provider -ENV EXHORT_SNYK_TOKEN='' -# assign rhda token for rhda user authentication with exhort -ENV RHDA_TOKEN='' -# assign rhda source for exhort tracking purposes -ENV RHDA_SOURCE='' - -# Copy java executable from the builder stage -COPY --from=builder /usr/jdk-20.0.2/ /usr/jdk-20.0.2/ -ENV JAVA_HOME=/usr/jdk-20.0.2 - -# Copy maven executable from the builder stage -COPY --from=builder /usr/apache-maven-3.9.4/ /usr/apache-maven-3.9.4/ -ENV MAVEN_HOME=/usr/apache-maven-3.9.4 - -# Copy golang executable from the builder stage -COPY --from=builder /usr/go/ /usr/go/ -ENV GOLANG_HOME=/usr/go - -# Update PATH -ENV PATH=$PATH:$JAVA_HOME/bin:$MAVEN_HOME/bin:$GOLANG_HOME/bin - -# Copy python executable from the builder stage -COPY --from=builder /usr/bin/python3 /usr/bin/python3 -COPY --from=builder /usr/local/bin/pip3 /usr/local/bin/pip3 -COPY --from=builder /usr/lib64/python3.9 /usr/lib64/python3.9 -COPY --from=builder /usr/local/lib/python3.9 /usr/local/lib/python3.9 -COPY --from=builder /usr/lib64/libpython3.9.so.1.0 /usr/lib64/libpython3.9.so.1.0 -COPY --from=builder /usr/lib64/libexpat.so.1 /usr/lib64/libexpat.so.1 - -# Copy jq executable from the builder stage -COPY --from=builder /usr/bin/jq /usr/bin/jq - -# Copy uuidgen executable from the builder stage -COPY --from=builder /usr/bin/uuidgen /usr/bin/uuidgen - -# Copy exhort-javascript-api executable from the builder stage -COPY --from=builder /opt/app-root/src/.npm-global/ /opt/app-root/src/.npm-global/ - -# Copy RHDA executable script from the builder stage -COPY --from=builder /rhda.sh /rhda.sh \ No newline at end of file diff --git a/docker-image/scripts/rhda-alpha.sh b/docker-image/scripts/rhda-alpha.sh deleted file mode 100644 index fdfc914..0000000 --- a/docker-image/scripts/rhda-alpha.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh - -manifest_file_path="$1" -output_file_path="$2" - -printf "Analysing the stack. Please wait..\n\n" - -# Getting stack analysis report using exhort Javascript CLI. -report=$(exhort-javascript-api stack $manifest_file_path 2>error.log) - -exit_code=$? - -if [ $exit_code != 0 ] -then - # In case of failure save only exit code into output file. - jq -n {} | \ - jq --arg exit_code "$exit_code" '. + {exit_code: $exit_code}' > \ - $output_file_path - - # Print stderr message to console - error_message=$(sed -n '/^Error:/p' error.log) - printf "\n[ERROR] Red Hat Dependency Analytics failed with exit code $exit_code.\n$error_message" - exit 1 -else - # In case of success print details from report into console - printf "Red Hat Dependency Analytics task is being executed.\n" - printf "=%.0s" {1..50} - printf "\nRed Hat Dependency Analytics Report\n" - printf "=%.0s" {1..50} - printf "\n" - printf "Total Scanned Dependencies : %s \n" "$(jq -r '.summary.dependencies.scanned' <<< $report)" - printf "Total Scanned Transitive Dependencies : %s \n" "$(jq -r '.summary.dependencies.transitive' <<< $report)" - printf "Total Vulnerabilities : %s \n" "$(jq -r '.summary.vulnerabilities.total' <<< $report)" - printf "Direct Vulnerable Dependencies : %s \n" "$(jq -r '.summary.vulnerabilities.direct' <<< $report)" - - provider_status=$(jq -rc '.summary.providerStatuses[] | select(.provider == "snyk")' <<< $report) - message=$(echo $provider_status | jq -r '.message') - printf "Snyk Provider Status : " - printf "%+40s" $message $'\n' | sed 's/ */ /g' - printf "Critical Vulnerabilities : %s \n" "$(jq -r '.summary.vulnerabilities.critical' <<< $report)" - printf "High Vulnerabilities : %s \n" "$(jq -r '.summary.vulnerabilities.high' <<< $report)" - printf "Medium Vulnerabilities : %s \n" "$(jq -r '.summary.vulnerabilities.medium' <<< $report)" - printf "Low Vulnerabilities : %s \n" "$(jq -r '.summary.vulnerabilities.low' <<< $report)" - printf "=%.0s" {1..50} - - # Save report along with exit code into output file. - jq -n {} | \ - jq --slurpfile report <(echo "$report") '. + {report: $report[0]}' | \ - jq --arg exit_code "$exit_code" '. + {exit_code: $exit_code}' > \ - $output_file_path - - printf "\nFull report is saved into file: $output_file_path" - printf "\nTask is completed." -fi