From 5b7e2c7a5ae1dbda3a9f1ae9e6c0481306ab8ab9 Mon Sep 17 00:00:00 2001 From: Pierre Besson Date: Thu, 25 Jan 2024 12:26:02 +0100 Subject: [PATCH] add image containing python + vault --- .gitlab-ci.yml | 35 ++++++++++++++++++++++++- dockerfiles/python/Dockerfile | 48 +++++++++++++++++++++++++++++++++++ dockerfiles/python/README.md | 1 + 3 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 dockerfiles/python/Dockerfile create mode 100644 dockerfiles/python/README.md diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 120d84d7..db7b9e2c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -777,6 +777,39 @@ kubetools-kubectl: - $BUILDAH_COMMAND push --format=v2s2 "$REGISTRY_PATH/$IMAGE_NAME:$KUBE_VERSION" - buildah logout "$REGISTRY_NAME" +python: + <<: *docker_build + variables: + <<: *default-vars + PYTHON_VERSION: "3.12" + # https://releases.hashicorp.com/vault/ + VAULT_VERSION: "1.15.4" + script: + - | + cat <<-EOT + | + | # build of python image + | + | VAULT_VERSION = $VAULT_VERSION + | + EOT + - $BUILDAH_COMMAND build + --format=docker + --build-arg VCS_REF="$CI_COMMIT_SHA" + --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')" + --build-arg REGISTRY_PATH="$REGISTRY_PATH" + --build-arg VAULT_VERSION="$VAULT_VERSION" + --tag "$REGISTRY_PATH/$IMAGE_NAME:latest" + --tag "$REGISTRY_PATH/$IMAGE_NAME:$PYTHON_VERSION" + --file "dockerfiles/$IMAGE_NAME/Dockerfile" dockerfiles + # Push to Dockerhub + - echo "$Docker_Hub_Pass_Parity" | + buildah login --username "$Docker_Hub_User_Parity" --password-stdin "$REGISTRY_NAME" + - $BUILDAH_COMMAND info + - $BUILDAH_COMMAND push --format=v2s2 "$REGISTRY_PATH/$IMAGE_NAME:latest" + - $BUILDAH_COMMAND push --format=v2s2 "$REGISTRY_PATH/$IMAGE_NAME:$PYTHON_VERSION" + - buildah logout "$REGISTRY_NAME" + terraform: <<: *docker_build variables: @@ -784,7 +817,7 @@ terraform: # https://releases.hashicorp.com/terraform/ TERRAFORM_VERSION: "1.5.6" # https://releases.hashicorp.com/vault/ - VAULT_VERSION: "1.8.12" + VAULT_VERSION: "1.15.4" script: - | cat <<-EOT diff --git a/dockerfiles/python/Dockerfile b/dockerfiles/python/Dockerfile new file mode 100644 index 00000000..57c89718 --- /dev/null +++ b/dockerfiles/python/Dockerfile @@ -0,0 +1,48 @@ +FROM docker.io/library/python:3.12 + +ARG VCS_REF=master +ARG BUILD_DATE="" +ARG REGISTRY_PATH=docker.io/paritytech +ARG VAULT_VERSION + +# metadata +LABEL io.parity.image.authors="devops-team@parity.io" \ + io.parity.image.vendor="Parity Technologies" \ + io.parity.image.title="${REGISTRY_PATH}/python" \ + io.parity.image.description="python; vault;" \ + io.parity.image.source="https://github.com/paritytech/scripts/blob/${VCS_REF}/\ +dockerfiles/terraform/Dockerfile" \ + io.parity.image.documentation="https://github.com/paritytech/scripts/blob/${VCS_REF}/\ +dockerfiles/terraform/README.md" \ + io.parity.image.revision="${VCS_REF}" \ + io.parity.image.created="${BUILD_DATE}" + +RUN curl "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip" \ + -o vault.zip; \ + unzip vault.zip -d /usr/local/bin/ vault; \ + rm vault.zip; \ + chmod +x /usr/local/bin/vault + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + docker.io jq \ + && rm -rf /var/lib/apt/lists/* \ + && rm -Rf /usr/share/doc && rm -Rf /usr/share/man \ + && apt-get clean + +ARG WORKDIR=/work +RUN groupadd --gid 10001 nonroot && \ + useradd --home-dir /home/nonroot \ + --create-home \ + --shell /bin/bash \ + --gid nonroot \ + --groups nonroot \ + --uid 10000 nonroot +RUN chown -R nonroot. /home/nonroot +RUN mkdir ${WORKDIR} +RUN chown -R nonroot. ${WORKDIR} +USER 10000:10001 +WORKDIR ${WORKDIR} + +USER nonroot:nonroot +CMD ["/bin/bash"] diff --git a/dockerfiles/python/README.md b/dockerfiles/python/README.md new file mode 100644 index 00000000..c9b09ff3 --- /dev/null +++ b/dockerfiles/python/README.md @@ -0,0 +1 @@ +# Image containing Python + Vault