Skip to content

Commit e9e0aa4

Browse files
authored
feat(stackable-base): Add cert-tools (#1247)
* feat(stackable-base): Add cert-tools * changelog * Unify into single builder image * Update CHANGELOG.md
1 parent 5fe7442 commit e9e0aa4

File tree

2 files changed

+30
-17
lines changed

2 files changed

+30
-17
lines changed

CHANGELOG.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,8 @@ All notable changes to this project will be documented in this file.
1111
- opensearch: Use build-repo.stackable.tech instead of Maven Central ([#1222]).
1212
- opensearch: Add the `opensearch-prometheus-exporter` plugin to the image ([#1223]).
1313
- opensearch: Replace the demo configuration of the OpenSearch Security plugin with a minimal one ([#1228]).
14-
- nifi: Backport NIFI-14848 to NiFi ([#1225])
14+
- nifi: Backport NIFI-14848 to NiFi ([#1225]).
15+
- stackable-base: Add cert-tools ([#1247]).
1516

1617
### Changed
1718

@@ -31,6 +32,7 @@ All notable changes to this project will be documented in this file.
3132
[#1225]: https://github.com/stackabletech/docker-images/pull/1225
3233
[#1228]: https://github.com/stackabletech/docker-images/pull/1228
3334
[#1230]: https://github.com/stackabletech/docker-images/pull/1230
35+
[#1247]: https://github.com/stackabletech/docker-images/pull/1247
3436

3537
## [25.7.0] - 2025-07-23
3638

stackable-base/Dockerfile

Lines changed: 27 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -7,30 +7,33 @@
77
# Build time dependencies that are used in multiple images can be added to `stackable-devel` (or a derivative like `java-devel`) instead
88
#
99

10-
FROM local-image/stackable-devel AS config-utils
10+
FROM local-image/stackable-devel AS rust-binaries
1111

1212
# Find the latest version here: https://github.com/stackabletech/config-utils/tags
1313
# renovate: datasource=github-tags packageName=stackabletech/config-utils
1414
ENV CONFIG_UTILS_VERSION=0.2.0
15-
16-
RUN <<EOF
17-
git clone --depth 1 --branch "${CONFIG_UTILS_VERSION}" https://github.com/stackabletech/config-utils
18-
cd ./config-utils
19-
. "$HOME/.cargo/env"
20-
cargo auditable --quiet build --release && cargo cyclonedx --all --spec-version 1.5 --describe binaries
21-
EOF
22-
23-
FROM local-image/stackable-devel AS containerdebug
24-
2515
# Find the latest version here: https://github.com/stackabletech/containerdebug/tags
2616
# renovate: datasource=github-tags packageName=stackabletech/containerdebug
2717
ENV CONTAINERDEBUG_VERSION=0.2.0
18+
# Find the latest version here: https://github.com/stackabletech/secret-operator/tags
19+
# I could not find support for prefixes or regex in https://docs.renovatebot.com/modules/datasource/github-tags/,
20+
# so I was unable to add a renovate hint.
21+
ENV CERT_TOOLS_VERSION=0.1.0
22+
2823

2924
RUN <<EOF
30-
git clone --depth 1 --branch "${CONTAINERDEBUG_VERSION}" https://github.com/stackabletech/containerdebug
31-
cd ./containerdebug
3225
. "$HOME/.cargo/env"
26+
27+
cd /
28+
git clone --depth 1 --branch "${CONFIG_UTILS_VERSION}" https://github.com/stackabletech/config-utils
29+
git clone --depth 1 --branch "${CONTAINERDEBUG_VERSION}" https://github.com/stackabletech/containerdebug
30+
git clone --depth 1 --branch "cert-tools-${CERT_TOOLS_VERSION}" https://github.com/stackabletech/secret-operator
31+
cd /config-utils
32+
cargo auditable --quiet build --release && cargo cyclonedx --all --spec-version 1.5 --describe binaries
33+
cd /containerdebug
3334
cargo auditable --quiet build --release && cargo cyclonedx --all --spec-version 1.5 --describe binaries
35+
cd /secret-operator
36+
cargo auditable --quiet build --release --package cert-tools && cargo cyclonedx --all --spec-version 1.5 --describe binaries
3437
EOF
3538

3639
# Find the latest version at https://catalog.redhat.com/software/containers/ubi9/ubi-minimal/615bd9b4075b022acc111bf5?container-tabs=gti
@@ -174,12 +177,20 @@ if [ "$(trust list --filter=ca-anchors | grep -c 'E-Tugra')" != "0" ]; then
174177
fi
175178
EOF
176179

177-
COPY --from=config-utils --chown=${STACKABLE_USER_UID}:0 /config-utils/target/release/config-utils /stackable/config-utils
178-
COPY --from=config-utils --chown=${STACKABLE_USER_UID}:0 /config-utils/config-utils_bin.cdx.xml /stackable/config-utils.cdx.xml
180+
# **config-utils**
181+
# Utility to replace values in a file with values from environment variables and files
182+
COPY --from=rust-binaries --chown=${STACKABLE_USER_UID}:0 /config-utils/target/release/config-utils /stackable/config-utils
183+
COPY --from=rust-binaries --chown=${STACKABLE_USER_UID}:0 /config-utils/config-utils_bin.cdx.xml /stackable/config-utils.cdx.xml
179184

180185
# **containerdebug**
181186
# Debug tool that logs generic system information.
182-
COPY --from=containerdebug --chown=${STACKABLE_USER_UID}:0 /containerdebug/target/release/containerdebug /stackable/containerdebug
187+
COPY --from=rust-binaries --chown=${STACKABLE_USER_UID}:0 /containerdebug/target/release/containerdebug /stackable/containerdebug
188+
COPY --from=rust-binaries --chown=${STACKABLE_USER_UID}:0 /containerdebug/containerdebug_bin.cdx.xml /stackable/containerdebug_bin.cdx.xml
189+
190+
# **cert-tools**
191+
# A CLI tool to merge two truststores in PEM or PKCS12 format in such as way that they are accepted by the JVM
192+
COPY --from=rust-binaries --chown=${STACKABLE_USER_UID}:0 /secret-operator/target/release/cert-tools /stackable/cert-tools
193+
COPY --from=rust-binaries --chown=${STACKABLE_USER_UID}:0 /secret-operator/rust/cert-tools/cert-tools_bin.cdx.xml /stackable/cert-tools_bin.cdx.xml
183194

184195
# **check-permissions-ownership.sh**
185196
# Bash script to check proper permissions and ownership requirements in the final Stackable images

0 commit comments

Comments
 (0)