From: Jerome BENOIT Date: Mon, 31 Oct 2022 09:40:54 +0000 (+0100) Subject: Merge branch 'main' into multiple-images X-Git-Url: https://git.piment-noir.org/?a=commitdiff_plain;h=c485bbb14c9fa7c40cd6116e8b8179c810936bb0;hp=81986a8d2bf945d84bb3258b96d6310c05fc5c3f;p=mbt-docker.git Merge branch 'main' into multiple-images --- diff --git a/.xmake.cfg b/.xmake.cfg index 412b278..556ae78 100644 --- a/.xmake.cfg +++ b/.xmake.cfg @@ -1,5 +1,5 @@ [xmake] -version=1.0.3 +version=1.0.4 # https://github.wdf.sap.corp/pages/xmake-ci/User-Guide/Setting_up_a_Build/Release_Procedure/Release_Versions/ [buildplugin] diff --git a/Dockerfile b/Dockerfile index e8277c7..0c76423 100644 --- a/Dockerfile +++ b/Dockerfile @@ -38,7 +38,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && set -ex \ && apt-get update \ # libatomic1 for arm - && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && apt-get install -y ca-certificates curl gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ @@ -84,7 +84,7 @@ ARG YARN_VERSION=1.22.19 RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ && apt-get update \ - && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ @@ -134,28 +134,29 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && java --version ARG MAVEN_VERSION=3.8.6 -ARG SHA=f790857f3b1f90ae8d16281f902c689e4f136ebe584aba45e4b1fa66c80cba826d3e0e52fdd04ed44b4c66f6d3fe3584a057c26dfcac544a60b301e6d0f91c26 -ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries +ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries ENV MAVEN_HOME /usr/share/maven ENV M2_HOME ${MAVEN_HOME} RUN set -ex \ && apt-get update \ - && apt-get install -y ca-certificates curl procps --no-install-recommends \ + && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ + && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \ + && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \ + && curl -fsSL --compressed https://downloads.apache.org/maven/KEYS | gpg --import \ + && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \ && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \ - && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \ - && echo "${SHA} /tmp/apache-maven.tar.gz" | sha512sum -c - \ - && tar -xzf /tmp/apache-maven.tar.gz -C ${MAVEN_HOME} --strip-components=1 \ - && rm -f /tmp/apache-maven.tar.gz \ - && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \ + && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \ + && rm -f apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \ && chmod --recursive a+w ${MAVEN_HOME}/conf/* \ - && apt-get remove --purge --autoremove -y ca-certificates curl \ + && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \ + && apt-get remove --purge --autoremove -y ca-certificates curl gnupg dirmngr \ # smoke test && mvn --version -ARG MBT_VERSION=1.2.18 +ARG MBT_VERSION=1.2.19 RUN set -ex \ && npm install -g --unsafe-perm mbt@${MBT_VERSION} \ diff --git a/README.md b/README.md index 6e31a21..b5c8cab 100644 --- a/README.md +++ b/README.md @@ -4,10 +4,10 @@ * latest versions of node/sapmachine/maven * python 2->3 -* source integrity, source authentication, etc. -* build debug logs +* SAP security policy compliance: binaries authentication and integrity check +* build debug +* build stopped at any error => no corrupted images can be pushed * smoke tests -* version handling compliant with renovate for automated upgrade Ref: https://github.com/SAP/cloud-mta-build-tool#the-cloud-mta-build-tool-images-deprecated