|
7 | 7 | # Build time dependencies that are used in multiple images can be added to `stackable-devel` (or a derivative like `java-devel`) instead
|
8 | 8 | #
|
9 | 9 |
|
10 |
| -FROM local-image/stackable-devel AS config-utils |
| 10 | +FROM local-image/stackable-devel AS rust-binaries |
11 | 11 |
|
12 | 12 | # Find the latest version here: https://github.com/stackabletech/config-utils/tags
|
13 | 13 | # renovate: datasource=github-tags packageName=stackabletech/config-utils
|
14 | 14 | ENV CONFIG_UTILS_VERSION=0.2.0
|
15 |
| - |
16 |
| -RUN <<EOF |
17 |
| -git clone --depth 1 --branch "${CONFIG_UTILS_VERSION}" https://github.com/stackabletech/config-utils |
18 |
| -cd ./config-utils |
19 |
| -. "$HOME/.cargo/env" |
20 |
| -cargo auditable --quiet build --release && cargo cyclonedx --all --spec-version 1.5 --describe binaries |
21 |
| -EOF |
22 |
| - |
23 |
| -FROM local-image/stackable-devel AS containerdebug |
24 |
| - |
25 | 15 | # Find the latest version here: https://github.com/stackabletech/containerdebug/tags
|
26 | 16 | # renovate: datasource=github-tags packageName=stackabletech/containerdebug
|
27 | 17 | ENV CONTAINERDEBUG_VERSION=0.2.0
|
| 18 | +# Find the latest version here: https://github.com/stackabletech/secret-operator/tags |
| 19 | +# I could not find support for prefixes or regex in https://docs.renovatebot.com/modules/datasource/github-tags/, |
| 20 | +# so I was unable to add a renovate hint. |
| 21 | +ENV CERT_TOOLS_VERSION=0.1.0 |
| 22 | + |
28 | 23 |
|
29 | 24 | RUN <<EOF
|
30 |
| -git clone --depth 1 --branch "${CONTAINERDEBUG_VERSION}" https://github.com/stackabletech/containerdebug |
31 |
| -cd ./containerdebug |
32 | 25 | . "$HOME/.cargo/env"
|
| 26 | + |
| 27 | +cd / |
| 28 | +git clone --depth 1 --branch "${CONFIG_UTILS_VERSION}" https://github.com/stackabletech/config-utils |
| 29 | +git clone --depth 1 --branch "${CONTAINERDEBUG_VERSION}" https://github.com/stackabletech/containerdebug |
| 30 | +git clone --depth 1 --branch "cert-tools-${CERT_TOOLS_VERSION}" https://github.com/stackabletech/secret-operator |
| 31 | +cd /config-utils |
| 32 | +cargo auditable --quiet build --release && cargo cyclonedx --all --spec-version 1.5 --describe binaries |
| 33 | +cd /containerdebug |
33 | 34 | cargo auditable --quiet build --release && cargo cyclonedx --all --spec-version 1.5 --describe binaries
|
| 35 | +cd /secret-operator |
| 36 | +cargo auditable --quiet build --release --package cert-tools && cargo cyclonedx --all --spec-version 1.5 --describe binaries |
34 | 37 | EOF
|
35 | 38 |
|
36 | 39 | # Find the latest version at https://catalog.redhat.com/software/containers/ubi9/ubi-minimal/615bd9b4075b022acc111bf5?container-tabs=gti
|
@@ -174,12 +177,20 @@ if [ "$(trust list --filter=ca-anchors | grep -c 'E-Tugra')" != "0" ]; then
|
174 | 177 | fi
|
175 | 178 | EOF
|
176 | 179 |
|
177 |
| -COPY --from=config-utils --chown=${STACKABLE_USER_UID}:0 /config-utils/target/release/config-utils /stackable/config-utils |
178 |
| -COPY --from=config-utils --chown=${STACKABLE_USER_UID}:0 /config-utils/config-utils_bin.cdx.xml /stackable/config-utils.cdx.xml |
| 180 | +# **config-utils** |
| 181 | +# Utility to replace values in a file with values from environment variables and files |
| 182 | +COPY --from=rust-binaries --chown=${STACKABLE_USER_UID}:0 /config-utils/target/release/config-utils /stackable/config-utils |
| 183 | +COPY --from=rust-binaries --chown=${STACKABLE_USER_UID}:0 /config-utils/config-utils_bin.cdx.xml /stackable/config-utils.cdx.xml |
179 | 184 |
|
180 | 185 | # **containerdebug**
|
181 | 186 | # Debug tool that logs generic system information.
|
182 |
| -COPY --from=containerdebug --chown=${STACKABLE_USER_UID}:0 /containerdebug/target/release/containerdebug /stackable/containerdebug |
| 187 | +COPY --from=rust-binaries --chown=${STACKABLE_USER_UID}:0 /containerdebug/target/release/containerdebug /stackable/containerdebug |
| 188 | +COPY --from=rust-binaries --chown=${STACKABLE_USER_UID}:0 /containerdebug/containerdebug_bin.cdx.xml /stackable/containerdebug_bin.cdx.xml |
| 189 | + |
| 190 | +# **cert-tools** |
| 191 | +# A CLI tool to merge two truststores in PEM or PKCS12 format in such as way that they are accepted by the JVM |
| 192 | +COPY --from=rust-binaries --chown=${STACKABLE_USER_UID}:0 /secret-operator/target/release/cert-tools /stackable/cert-tools |
| 193 | +COPY --from=rust-binaries --chown=${STACKABLE_USER_UID}:0 /secret-operator/rust/cert-tools/cert-tools_bin.cdx.xml /stackable/cert-tools_bin.cdx.xml |
183 | 194 |
|
184 | 195 | # **check-permissions-ownership.sh**
|
185 | 196 | # Bash script to check proper permissions and ownership requirements in the final Stackable images
|
|
0 commit comments