From 0ad953d03da99c9c394616447b3d2d0e9568a0e7 Mon Sep 17 00:00:00 2001 From: szachovy Date: Wed, 9 Oct 2024 12:51:56 +0200 Subject: [PATCH] dockerfiles --- .hadolint.yaml | 2 + services/mysql-mgmt/Dockerfile | 105 ++++++++++++++------ services/mysql-mgmt/dev_mysql_signature.asc | 49 +++++++++ services/mysql-server/Dockerfile | 83 ++++++++++++---- services/superset/Dockerfile | 90 +++++++++-------- services/superset/entrypoint.sh | 0 tests/setup/Dockerfile | 54 ++++++---- 7 files changed, 278 insertions(+), 105 deletions(-) create mode 100644 .hadolint.yaml create mode 100644 services/mysql-mgmt/dev_mysql_signature.asc mode change 100644 => 100755 services/superset/entrypoint.sh diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..68449dc --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,2 @@ +ignored: + - DL3002 # Using gosu in some entrypoints diff --git a/services/mysql-mgmt/Dockerfile b/services/mysql-mgmt/Dockerfile index a6da210..6863dec 100644 --- a/services/mysql-mgmt/Dockerfile +++ b/services/mysql-mgmt/Dockerfile @@ -1,21 +1,42 @@ -FROM ubuntu:22.04 +ARG BUILDPLATFORM="amd64" +FROM --platform=${BUILDPLATFORM} ubuntu:22.04 + +LABEL version="1.0" + +ARG MYSQL_SHELL_VERSION="mysql-shell-8.3.0-linux-glibc2.28-x86-64bit" \ + MYSQL_SHELL_MD5_CHECKSUM="c71280416014b9340b34b90160f42e23" \ + MYSQL_ROUTER_VERSION="mysql-router-8.3.0-linux-glibc2.28-x86_64" \ + MYSQL_ROUTER_MD5_CHECKSUM="6ea1c55a258d20fc51a4c383a1e7433e" COPY --chown=superset:superset . "/opt" +ENV LANG="C.UTF-8" \ + LC_ALL="C.UTF-8" \ + DEBIAN_FRONTEND="noninteractive" \ + PATH="${PATH}:/opt/${MYSQL_SHELL_VERSION}/bin:/opt/${MYSQL_ROUTER_VERSION}/bin" + +WORKDIR "/opt" + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + RUN \ - apt \ + set \ + -eux \ + && \ + apt-get \ update \ && \ - apt \ + apt-get \ install \ --yes \ - libkeyutils1 \ - wget \ - xz-utils \ - keepalived \ - mysql-client \ - ifmetric \ - sudo \ + "gpg=2.2.27-3ubuntu2.1" \ + "ifmetric=0.3-5" \ + "keepalived=1:2.2.4-0.2build1" \ + "libkeyutils1=1.6.1-2ubuntu3" \ + "mysql-client=8.0.39-0ubuntu0.22.04.1" \ + "sudo=1.9.9-1ubuntu2.4" \ + "wget=1.21.2-2ubuntu1.1" \ + "xz-utils=5.2.5-2ubuntu1" \ && \ groupadd \ --system \ @@ -35,26 +56,46 @@ RUN \ mkdir \ "/opt/initcontainer" \ && \ - rm \ - --recursive \ - --force \ - "/var/lib/apt/lists/*" - -ARG MYSQL_SHELL_VERSION="mysql-shell-8.3.0-linux-glibc2.28-x86-64bit" -ARG MYSQL_ROUTER_VERSION="mysql-router-8.3.0-linux-glibc2.28-x86_64" - -ENV DEBIAN_FRONTEND="noninteractive" -ENV PATH="${PATH}:/opt/${MYSQL_SHELL_VERSION}/bin:/opt/${MYSQL_ROUTER_VERSION}/bin" - -WORKDIR "/opt" - -RUN \ + gpg \ + --import \ + "/opt/dev_mysql_signature.asc" \ + && \ wget \ --quiet \ "https://github.com/a8m/envsubst/releases/download/v1.2.0/envsubst-Linux-x86_64" \ "https://dev.mysql.com/get/Downloads/MySQL-Shell/${MYSQL_SHELL_VERSION}.tar.gz" \ "https://dev.mysql.com/get/Downloads/MySQL-Router/${MYSQL_ROUTER_VERSION}.tar.xz" \ && \ + echo "${MYSQL_SHELL_MD5_CHECKSUM} ${MYSQL_SHELL_VERSION}.tar.gz" \ + | md5sum \ + --check \ + - \ + && \ + echo "${MYSQL_ROUTER_MD5_CHECKSUM} ${MYSQL_ROUTER_VERSION}.tar.xz" \ + | md5sum \ + --check \ + - \ + && \ + wget \ + --quiet \ + --output-document \ + "${MYSQL_SHELL_VERSION}.tar.gz.asc" \ + "https://downloads.mysql.com/archives/gpg/?file=${MYSQL_SHELL_VERSION}.tar.gz&p=43" \ + && \ + gpg \ + --verify \ + "${MYSQL_SHELL_VERSION}.tar.gz.asc" \ + && \ + wget \ + --quiet \ + --output-document \ + "${MYSQL_ROUTER_VERSION}.tar.xz.asc" \ + "https://downloads.mysql.com/archives/gpg/?file=${MYSQL_ROUTER_VERSION}.tar.xz&p=41" \ + && \ + gpg \ + --verify \ + "${MYSQL_ROUTER_VERSION}.tar.xz.asc" \ + && \ tar \ --extract \ --file \ @@ -70,11 +111,17 @@ RUN \ 744 \ "/opt/envsubst-Linux-x86_64" \ && \ - rm \ - "${MYSQL_SHELL_VERSION}.tar.gz" \ - "${MYSQL_ROUTER_VERSION}.tar.xz" \ - && \ echo \ "superset ALL=(ALL) NOPASSWD: /usr/sbin/keepalived" \ >> \ - "/etc/sudoers.d/keepalived" + "/etc/sudoers.d/keepalived" \ + && \ + apt-get \ + clean \ + && \ + rm \ + --recursive \ + --force \ + "${MYSQL_SHELL_VERSION}.tar.gz" \ + "${MYSQL_ROUTER_VERSION}.tar.xz" \ + "/var/lib/apt/lists/*" diff --git a/services/mysql-mgmt/dev_mysql_signature.asc b/services/mysql-mgmt/dev_mysql_signature.asc new file mode 100644 index 0000000..117f1e7 --- /dev/null +++ b/services/mysql-mgmt/dev_mysql_signature.asc @@ -0,0 +1,49 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: SKS 1.1.6 +Comment: Hostname: pgp.mit.edu + +mQINBGU2rNoBEACSi5t0nL6/Hj3d0PwsbdnbY+SqLUIZ3uWZQm6tsNhvTnahvPPZBGdl99iW +YTt2KmXp0KeN2s9pmLKkGAbacQP1RqzMFnoHawSMf0qTUVjAvhnI4+qzMDjTNSBq9fa3nHmO +YxownnrRkpiQUM/yD7/JmVENgwWb6akZeGYrXch9jd4XV3t8OD6TGzTedTki0TDNr6YZYhC7 +jUm9fK9Zs299pzOXSxRRNGd+3H9gbXizrBu4L/3lUrNf//rM7OvV9Ho7u9YYyAQ3L3+OABK9 +FKHNhrpi8Q0cbhvWkD4oCKJ+YZ54XrOG0YTg/YUAs5/3//FATI1sWdtLjJ5pSb0onV3LIbar +RTN8lC4Le/5kd3lcot9J8b3EMXL5p9OGW7wBfmNVRSUI74Vmwt+v9gyp0Hd0keRCUn8lo/1V +0YD9i92KsE+/IqoYTjnya/5kX41jB8vr1ebkHFuJ404+G6ETd0owwxq64jLIcsp/GBZHGU0R +KKAo9DRLH7rpQ7PVlnw8TDNlOtWt5EJlBXFcPL+NgWbqkADAyA/XSNeWlqonvPlYfmasnAHA +pMd9NhPQhC7hJTjCiAwG8UyWpV8Dj07DHFQ5xBbkTnKH2OrJtguPqSNYtTASbsWz09S8ujoT +DXFT17NbFM2dMIiq0a4VQB3SzH13H2io9Cbg/TzJrJGmwgoXgwARAQABtDZNeVNRTCBSZWxl +YXNlIEVuZ2luZWVyaW5nIDxteXNxbC1idWlsZEBvc3Mub3JhY2xlLmNvbT6JAlQEEwEIAD4W +IQS8pDQXw7SF3RKOxtS3s7eIqNN4XAUCZTas2gIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgID +AQIeAQIXgAAKCRC3s7eIqNN4XLzoD/9PlpWtfHlI8eQTHwGsGIwFA+fgipyDElapHw3MO+K9 +VOEYRZCZSuBXHJe9kjGEVCGUDrfImvgTuNuqYmVUV+wyhP+w46W/cWVkqZKAW0hNp0TTvu3e +Dwap7gdk80VF24Y2Wo0bbiGkpPiPmB59oybGKaJ756JlKXIL4hTtK3/hjIPFnb64Ewe4YLZy +oJu0fQOyA8gXuBoalHhUQTbRpXI0XI3tpZiQemNbfBfJqXo6LP3/LgChAuOfHIQ8alvnhCwx +hNUSYGIRqx+BEbJw1X99Az8XvGcZ36VOQAZztkW7mEfH9NDPz7MXwoEvduc61xwlMvEsUIaS +fn6SGLFzWPClA98UMSJgF6sKb+JNoNbzKaZ8V5w13msLb/pq7hab72HH99XJbyKNliYj3+KA +3q0YLf+Hgt4Y4EhIJ8x2+g690Np7zJF4KXNFbi1BGloLGm78akY1rQlzpndKSpZq5KWw8FY/ +1PEXORezg/BPD3Etp0AVKff4YdrDlOkNB7zoHRfFHAvEuuqti8aMBrbRnRSG0xunMUOEhbYS +/wOOTl0g3bF9NpAkfU1Fun57N96Us2T9gKo9AiOY5DxMe+IrBg4zaydEOovgqNi2wbU0MOBQ +b23Puhj7ZCIXcpILvcx9ygjkONr75w+XQrFDNeux4Znzay3ibXtAPqEykPMZHsZ2sbkCDQRl +NqzaARAAsdvBo8WRqZ5WVVk6lReD8b6Zx83eJUkV254YX9zn5t8KDRjYOySwS75mJIaZLsv0 +YQjJk+5rt10tejyCrJIFo9CMvCmjUKtVbgmhfS5+fUDRrYCEZBBSa0Dvn68EBLiHugr+SPXF +6o1hXEUqdMCpB6oVp6X45JVQroCKIH5vsCtw2jU8S2/IjjV0V+E/zitGCiZaoZ1f6NG7ozyF +ep1CSAReZu/sssk0pCLlfCebRd9Rz3QjSrQhWYuJa+eJmiF4oahnpUGktxMD632I9aG+IMfj +tNJNtX32MbO+Se+cCtVc3cxSa/pR+89a3cb9IBA5tFF2Qoekhqo/1mmLi93Xn6uDUhl5tVxT +nB217dBT27tw+p0hjd9hXZRQbrIZUTyh3+8EMfmAjNSIeR+th86xRd9XFRr9EOqrydnALOUr +9cT7TfXWGEkFvn6ljQX7f4RvjJOTbc4jJgVFyu8K+VU6u1NnFJgDiNGsWvnYxAf7gDDbUSXE +uC2anhWvxPvpLGmsspngge4yl+3nv+UqZ9sm6LCebR/7UZ67tYz3p6xzAOVgYsYcxoIUuEZX +jHQtsYfTZZhrjUWBJ09jrMvlKUHLnS437SLbgoXVYZmcqwAWpVNOLZf+fFm4IE5aGBG5Dho2 +CZ6ujngW9Zkn98T1d4N0MEwwXa2V6T1ijzcqD7GApZUAEQEAAYkCPAQYAQgAJhYhBLykNBfD +tIXdEo7G1Lezt4io03hcBQJlNqzaAhsMBQkDwmcAAAoJELezt4io03hcXqMP/01aPT3A3Sg7 +oTQoHdCxj04ELkzrezNWGM+YwbSKrR2LoXR8zf2tBFzc2/Tl98V0+68f/eCvkvqCuOtq4392 +Ps23j9W3r5XG+GDOwDsx0gl0E+Qkw07pwdJctA6efsmnRkjF2YVO0N9MiJA1tc8NbNXpEEHJ +Z7F8Ri5cpQrGUz/AY0eae2b7QefyP4rpUELpMZPjc8Px39Fe1DzRbT+5E19TZbrpbwlSYs1i +CzS5YGFmpCRyZcLKXo3zS6N22+82cnRBSPPipiO6WaQawcVMlQO1SX0giB+3/DryfN9VuIYd +1EWCGQa3O0MVu6o5KVHwPgl9R1P6xPZhurkDpAd0b1s4fFxin+MdxwmG7RslZA9CXRPpzo7/ +fCMW8sYOH15DP+YfUckoEreBt+zezBxbIX2CGGWEV9v3UBXadRtwxYQ6sN9bqW4jm1b41vNA +17b6CVH6sVgtU3eN+5Y9an1e5jLD6kFYx+OIeqIIId/TEqwS61csY9aav4j4KLOZFCGNU0FV +ji7NQewSpepTcJwfJDOzmtiDP4vol1ApJGLRwZZZ9PB6wsOgDOoP6sr0YrDI/NNX2RyXXbgl +nQ1yJZVSH3/3eo6knG2qTthUKHCRDNKdy9Qqc1x4WWWtSRjh+zX8AvJK2q1rVLH2/3ilxe9w +cAZUlaj3id3TxquAlud4lWDz +=h5nH +-----END PGP PUBLIC KEY BLOCK----- diff --git a/services/mysql-server/Dockerfile b/services/mysql-server/Dockerfile index fa65744..3b62ca1 100644 --- a/services/mysql-server/Dockerfile +++ b/services/mysql-server/Dockerfile @@ -1,18 +1,29 @@ -FROM mysql:8.0-debian +ARG BUILDPLATFORM="amd64" +FROM --platform=${BUILDPLATFORM} mysql:8.0-debian -COPY --chown=mysql "mysql_config.cnf.tpl" "/opt/" +LABEL version="1.0" + +ENV LANG="C.UTF-8" \ + LC_ALL="C.UTF-8" + +COPY --chown=mysql:mysql "mysql_config.cnf.tpl" "/opt/" COPY "store_credentials.exp" "/opt/" +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + RUN \ - apt \ + set \ + -eux \ + && \ + apt-get \ update \ && \ - apt \ + apt-get \ install \ --yes \ - curl \ - expect \ - gosu \ + "curl=7.88.1-10+deb12u7" \ + "expect=5.45.4-2+b1" \ + "gosu=1.14-1+b10" \ && \ curl \ --location \ @@ -22,22 +33,60 @@ RUN \ && \ chmod \ 555 \ - envsubst \ + "envsubst" \ && \ mkdir \ "/etc/mysql/ssl" \ && \ + apt-get \ + clean \ + && \ rm \ --recursive \ --force \ "/var/lib/apt/lists/*" -ENTRYPOINT sh -c " \ - chmod 444 /var/run/mysqld/mysql_root_password && \ - chown --recursive mysql:mysql /etc/mysql/ssl /etc/mysql/conf.d /var/run/mysqld && \ - gosu mysql ./envsubst -no-unset -no-empty < /opt/mysql_config.cnf.tpl > /etc/mysql/conf.d/mysql_config.cnf && \ - exec gosu mysql docker-entrypoint.sh mysqld & \ - sleep ${HEALTHCHECK_START_PERIOD} && \ - chmod 400 /var/run/mysqld/mysql_root_password && \ - chown --recursive root:root /var/run/mysqld && \ - tail -f /dev/null" +ENTRYPOINT [ "/bin/bash", "-c", " \ + chmod \ + 444 \ + /var/run/mysqld/mysql_root_password \ + && \ + chown \ + --recursive \ + mysql:mysql \ + /etc/mysql/ssl \ + /etc/mysql/conf.d \ + /var/run/mysqld \ + && \ + gosu \ + mysql \ + ./envsubst \ + -no-unset \ + -no-empty \ + < /opt/mysql_config.cnf.tpl \ + > /etc/mysql/conf.d/mysql_config.cnf \ + && \ + exec \ + gosu \ + mysql \ + docker-entrypoint.sh \ + mysqld \ + & \ + sleep \ + ${HEALTHCHECK_START_PERIOD} \ + && \ + chmod \ + 400 \ + /var/run/mysqld/mysql_root_password \ + && \ + chown \ + --recursive \ + root:root \ + /var/run/mysqld \ + && \ + tail \ + --follow \ + /dev/null \ + -- \ + " \ +] diff --git a/services/superset/Dockerfile b/services/superset/Dockerfile index 08f4e3f..3c8a16d 100644 --- a/services/superset/Dockerfile +++ b/services/superset/Dockerfile @@ -1,59 +1,71 @@ -FROM apache/superset:4.0.2 +ARG BUILDPLATFORM="amd64" +FROM --platform=${BUILDPLATFORM} apache/superset:4.0.2 -USER root +LABEL version="1.0" + +COPY --chown=superset:superset "." "/app/" + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +USER superset + +ENV LANG="C.UTF-8" \ + LC_ALL="C.UTF-8" \ + SUPERSET_CONFIG_PATH="/app/superset_config.py" + +RUN \ + pip \ + install \ + --no-cache-dir \ + "redis==4.5.4" \ + "mysql-connector-python==9.0.0" -COPY --chown=superset "." "/app/" +USER root RUN \ - apt \ + set \ + -eux \ + && \ + apt-get \ update \ && \ - apt \ + apt-get \ install \ --yes \ - expect \ - gosu \ - nginx \ - && \ - chmod \ - 500 \ - entrypoint.sh \ - set_database_uri.exp \ - && \ - chmod \ - 400 \ - mysql_connect.py \ - superset_config.py \ + "expect=5.45.4-2+b1" \ + "gosu=1.14-1+b10" \ + "nginx=1.22.1-9" \ && \ chown \ --recursive \ superset:superset \ - /var/lib/nginx \ - /var/log/nginx \ - /app \ + "/var/lib/nginx" \ + "/var/log/nginx" \ + "/app" \ && \ - apt \ + apt-get \ clean \ && \ rm \ --recursive \ --force \ - /var/lib/apt/lists/* + "/var/lib/apt/lists/*" -USER superset - -COPY --chown=superset "nginx.conf" "/etc/nginx/nginx.conf" - -ENV SUPERSET_CONFIG_PATH="/app/superset_config.py" - -RUN \ - pip \ - install \ - redis \ - mysql-connector-python +COPY --chown=superset:superset "nginx.conf" "/etc/nginx/nginx.conf" -USER root - -ENTRYPOINT sh -c " \ - chown --recursive superset:superset /etc/ssl/certs && \ - gosu superset nginx & exec gosu superset /app/entrypoint.sh" +ENTRYPOINT [ "/bin/bash", "-c", " \ + chown \ + --recursive \ + superset:superset \ + /etc/ssl/certs \ + && \ + gosu \ + superset \ + nginx \ + & \ + exec \ + gosu \ + superset \ + /app/entrypoint.sh \ + " \ +] diff --git a/services/superset/entrypoint.sh b/services/superset/entrypoint.sh old mode 100644 new mode 100755 diff --git a/tests/setup/Dockerfile b/tests/setup/Dockerfile index 0b39ced..838bce2 100644 --- a/tests/setup/Dockerfile +++ b/tests/setup/Dockerfile @@ -1,17 +1,24 @@ -FROM ubuntu:22.04 +ARG BUILDPLATFORM="amd64" +FROM --platform=${BUILDPLATFORM} ubuntu:22.04 + +LABEL version="1.0" + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] USER root RUN \ - apt \ + set \ + -eux \ + && \ + apt-get \ update \ && \ - apt \ + apt-get \ install \ --yes \ - ca-certificates \ - curl \ - nano \ + "ca-certificates=20240203~22.04.1" \ + "curl=7.81.0-1ubuntu1.18" \ && \ install \ --mode \ @@ -21,7 +28,7 @@ RUN \ && \ curl \ --location \ - https://download.docker.com/linux/ubuntu/gpg \ + "https://download.docker.com/linux/ubuntu/gpg" \ --output \ "/etc/apt/keyrings/docker.asc" \ && \ @@ -52,7 +59,7 @@ RUN \ && \ mkdir \ --mode \ - 700 \ + 700 \ "/home/superset/.ssh" \ && \ chmod \ @@ -64,25 +71,32 @@ RUN \ "/opt" \ "/home/superset/.ssh" \ && \ - apt \ + apt-get \ update \ && \ - apt \ + apt-get \ install \ --yes \ - containerd.io=1.6.31-1 \ - docker-buildx-plugin=0.14.0-1~ubuntu.22.04~jammy \ - docker-ce=5:26.1.0-1~ubuntu.22.04~jammy \ - docker-ce-cli=5:26.1.0-1~ubuntu.22.04~jammy \ - openssh-server=1:8.9p1-3ubuntu0.10 \ + "containerd.io=1.6.31-1" \ + "docker-buildx-plugin=0.14.0-1~ubuntu.22.04~jammy" \ + "docker-ce=5:26.1.0-1~ubuntu.22.04~jammy" \ + "docker-ce-cli=5:26.1.0-1~ubuntu.22.04~jammy" \ + "openssh-server=1:8.9p1-3ubuntu0.10" \ && \ - apt \ - clean - + apt-get \ + clean \ + && \ + rm \ + --recursive \ + --force \ + "/var/lib/apt/lists/*" + COPY --chown=superset:superset "id_rsa.pub" "/home/superset/.ssh/authorized_keys" USER superset -ENV PYTHONPATH="/opt/superset-cluster:${PYTHONPATH}" +ENV LANG="C.UTF-8" \ + LC_ALL="C.UTF-8" \ + PYTHONPATH="/opt/superset-cluster:${PYTHONPATH}" -ENTRYPOINT ["/bin/bash", "-c", "tail --follow /dev/null"] +ENTRYPOINT ["/bin/bash", "-c", "tail --follow /dev/null --"]