From 0c229638dc7e739403c6f8a1cb69f7039fe32aed Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Fri, 17 Jan 2025 14:13:33 +0100 Subject: [PATCH 01/51] Only x86 --- .../container_images/fips_image_builders.py | 2 +- agent_build_refactored/container_images/image_builders.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/agent_build_refactored/container_images/fips_image_builders.py b/agent_build_refactored/container_images/fips_image_builders.py index 774089fa34..2b5fc0f63d 100644 --- a/agent_build_refactored/container_images/fips_image_builders.py +++ b/agent_build_refactored/container_images/fips_image_builders.py @@ -8,7 +8,7 @@ _FIPS_IMAGES_SUPPORTED_ARCHITECTURES = [ CpuArch.x86_64, - CpuArch.AARCH64, + # CpuArch.AARCH64, ] diff --git a/agent_build_refactored/container_images/image_builders.py b/agent_build_refactored/container_images/image_builders.py index 147316da65..bcc8b75449 100644 --- a/agent_build_refactored/container_images/image_builders.py +++ b/agent_build_refactored/container_images/image_builders.py @@ -36,8 +36,8 @@ _SUPPORTED_ARCHITECTURES = [ CpuArch.x86_64, - CpuArch.AARCH64, - CpuArch.ARMV7, + # CpuArch.AARCH64, + # CpuArch.ARMV7, ] logger = logging.getLogger(__name__) From 411c0ca06d276e9b2848c8ce39aaeb22e331c08e Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Thu, 30 Jan 2025 11:43:38 +0100 Subject: [PATCH 02/51] Only x86 --- .../public_keys/xz_public_key.gpg | 97 +++++++------------ 1 file changed, 37 insertions(+), 60 deletions(-) diff --git a/agent_build_refactored/managed_packages/dependencies/public_keys/xz_public_key.gpg b/agent_build_refactored/managed_packages/dependencies/public_keys/xz_public_key.gpg index c05e04a6b4..85ff7d45b5 100644 --- a/agent_build_refactored/managed_packages/dependencies/public_keys/xz_public_key.gpg +++ b/agent_build_refactored/managed_packages/dependencies/public_keys/xz_public_key.gpg @@ -13,63 +13,40 @@ CduUwSKv+6RmtWI5ZmTQYOcBRcZyGKml9X9Q8iSbm6cnpFXmLrNQwCJN+D3SiYGc MtbltZo0ysPMa6Xj5xFaYqWk/BI4iLb2Gs+ByGo/+a0Eq4XYBMOpitNniQARAQAB tCdMYXNzZSBDb2xsaW4gPGxhc3NlLmNvbGxpbkB0dWthYW5pLm9yZz6JAlEEEwEK ADsCGwMCHgECF4AECwkIBwMVCggFFgIDAQAWIQQ2kMJAzlG0Zw0wrRw47nV9aRhG -IAUCYzcN9AUJGPjTYgAKCRA47nV9aRhGIIlfD/0cS3q+z1fGoSYAR8FX/am39S6v -1T0yVyicEFbwNd7x7OCJ6T8qZYb72FjArP8hq/S/1JQOYn7qAvzRb+5WLMgxEOUs -rqol6jvwXGeyIhA09lSe7uEfv+NehEKs8F/30qIEa8Fwc7D6t/WCesDMULFMf4G8 -6XMFVs4gZDS2P54d7rt4+mDn2ZZve2OGcR3k3qr0sgZWNlLOk05n15XtBIFIBJbg -hKXU68ud9I46Ji1Xrnqrn0H/P0jybW3klhp9AzUOfhuoRyUi1PLHDsw7d+jRAHGm -8NnOPOAqxitYcAyU8SLBcpL3k24kjq6C6UwpStHBzqwQTQIfoyCVefxvlYm+8zht -u/CmVXfjB0W+UImCWIeSpj/YzaD3i+YWz8m9lBGuU2WFNO7SAdoenJcUdNiwRL7P -1E0n8HGM0OsSOks9NOWZHn+Ka36ivsNXAAec6inp0BnDEzdNcfrtgFMNBkiEeBD4 -+8T/HRNtBpYBrlDLtmk2uF86wRhSb+J+pOZeUVIuRQiHg3ridz2U+n6Ld4jqNRS1 -5L+yOhx2yJQ/lyIoAF0caPB3QcubXEYvnBLlZHvpdB5XwYr2ROv4OP5bniAvzL4P -45jPdrWd/BJUpBD7V3pac83nvcB+z4K91Hnru2bTNatFlmAhR+1rN9nK9fggmeud -BtgxpnVJAJt5VwF9p4kCOAQTAQIAIgUCTMQ5kgIbAwYLCQgHAwIGFQgCCQoLBBYC -AwECHgECF4AACgkQOO51fWkYRiAg4A/7BXKwoRaXrMbMPOW7vuVF7c2IKB2Yqzn1 -vLBCwuEHkqY237lDcXY4/5LR+1gcZ3Duw1n/BRSm0FBdvyX/JTWiWNSDUkKAO/0l -T2Tg44YLrDT3bzwu8dbU9xQt6kH+SCOHvv5Oe4k79l5mro6fF3H1M0bN63x/YoFY -ojy09D7/JptY82oR4f/VdKnfZLJcCViCb0wp8SD2NkDAudKg+K+7PD8HlTWklQQg -TZdRXxVZKIJeU42aJDqnRbAhJd64YHyClhqut9F5LUmiP5qfLfNhkKDhNOwk2Blr -BGBJkSd7wPyzcX4Mun/L6YspHjbeVMt9TD7HQlo+OOd2OjAHCx6pqwkXnzeLPEaE -cPdQ1SHgrBViAxX3DNPubLP0Knw8XwFu96EuhHZgexE1W7bB4LFsJyXAc5k1PqPD -CLsAauxmvI2OfI7opG/8wyxDvNgoPjG8fZNAgY0REqPC0JnTXChH31IxUmhNotH8 -tD3DDTZOHw05n5MwwUrEE9xiETVDfFQcMLfxZ9KLz+BC2g1t5LYublRgnCMNJzFg -sNUMM02CphABzl/LCLnumr0eyQQ/weV4twEhLwSDmqLYHL0EdYW0Y3CnnU9vmYxQ -cXKbstS71sEJJYBBmSBbf9GxkOY8BRNtwVwY0kPgxv1WqdVBiAFvfB+pyAsrax9B -3UeB7ZSwRD6JAhwEEAEKAAYFAlS25GwACgkQlbYYGy0z6ew92Q//ZA9/6piQtoW4 -PwP/1DtWGyKU8hwR+9FG669iPk/dAG+yoEJtFMOUpg/FUFmCX8Bc4oEHsCVyLxKt -DcCVUIRcYNSFi5hTZaBEbwsOlDT37gtlfIIu34hhHRccKaLnN/N9gNMNw8wGh9xg -Q/KtxZwcbk/bZIlDkKTJkFBRAekdEGAFDWb/AZOy+LQxS8ZAh1eWkfV0i8opmK9k -gPXtLE0WSsqtYyGs58z+BFE9NH3tEUwK6jSvtuLwQl4UrICNbKthcpb8WwH6UXzb -q3QNSYVOpf/cqRdBJA6bvb/ku/xyKVL08lGmxD9v1b137R7mafDAFPTsvH2Mt/0V -YuhtWav3r1Bl9QksDxt2DTS8wiWDUBetGqOVdcw7vBrXPEWDNBmxeJXsiJ7zJlR+ -9wrJOm6RV2+l1IPxu96EaPS+kTNBijKrhxb67bww8BTEWTd0wcdJmgWRkM8SIstp -IKqd0L2TFYph2/NtrBhRg+DIEPJPpSTGsUMcCEXCZPQ+cIdlQKsWpk0tZ62DlvEl -r7E+wgUSQolRfx5KrpZifiS2zQlhzdXv28CJhsVbLyw5fUAWUKIH/dCo5NKsNLk2 -Lc5DH9VWnFgxAAtW290FqeK/4ulMq7Vs1dQSwyHM2Ni3QqqeaiOrh8gbSY5CMLFN -Y3HYRwuTYPa3AobsozCzBj0Zdf/6AFe5Ag0ETMQ5kgEQAL/FwKdjxgPxtSpgq1SM -zgZtTTyLqhgGD3NZfadHWHYRIL38NDV3JeTA79Y2zj2dj7KQPDT+0aqeizTV2E3j -P3iCQ53VOT4consBaQAgKexpptnS+T1DobtICFJ0GGzf0HRj6KO2zSOuOitWPWlU -wbvX7M0LLI2+hqlx0jTPqbJFZ/Za6KTtbS6xdCPVUpUqYZQpokEZcwQmUp8Q+lGo -JD2sNYCZyap63X/aAOgCGr2RXYddOH5e8vGzGW+mwtCv+WQ9Ay35mGqI5MqkbZd1 -Qbuv2b1647E/QEEucfRHVbJVKGGPpFMUJtcItyyIt5jo+r9CCL4Cs47dF/9/RNwu -NvpvHXUyqMBQdWNZRMx4k/NGD/WviPi9m6mIMui6rOQsSOaqYdcUX4Nq2Orr3Oaz -2JPQdUfeI23iot1vK8hxvUCQTV3HfJghizN6spVl0yQOKBiE8miJRgrjHilH3hTb -xoo42xDkNAq+CQo3QAm1ibDxKCDq0RcWPjcCRAN/Q5MmpcodpdKkzV0yGIS4g7s5 -frVrgV/kox2r4/Yxsr8K909+4H82AjTKGX/BmsQFCTAqBk6p7I0zxjIqJ/w33TZB -Q0Pn4r3WIlUPafzY6a9/LAvN1fHRxf9SpCByJsszD03Qu5f5TB8gthsdnVmTo7jj -iordEKMtw2aEMLzdWWTQ/TNVABEBAAGJAjsEGAEKACYCGwwWIQQ2kMJAzlG0Zw0w -rRw47nV9aRhGIAUCYzcN2QUJGPjTRwAKCRA47nV9aRhGINZnD/iHgpPdCBWd0i1/ -rImmUAkCM3A/i91Pq8LojDxnMQX7eQwVnrWXvZZrB/UOCR49AeMJfAiMy+VP6AnP -idsImalgRe8Ou6IzOka7rickTcaFsrJA4gkmLXKDIrPBKtpAWJrs+B3ouDGAU19E -fxxd3SczrXzWBqJS7WuL18zLqGwWrbFqb08NFOtJBzYsSkcN8OtbxcoVPGmZE0h+ -igkYbaZMsOdBjCqE5+FB6SAGSfZrBapK5di+90RA1j0tcXUvUwP4fCY0Rx9wZrmP -c1R2D8JHrBQzfXmod65rd1VSOq9B8AWZw1n6nwDc78SXaCT/m+SomODmskCOSc/q -6s7TUb2tKwsvzst9pEqOzEn+W7wwOWxcyOKxY4AV5OfIMvBzQO2x6ykh+bkhUj57 -Iov2b7r2tU9rAVc1eLnjQgPN+8u860/dQdfMua5VICqFCN6lLqyT4zHt08S1trbB -xyzXZH8aqjjTguwe/q5arOBfxs3taQb/OPFuGXp9mgiCVQLGctDt2/+dNfLOnmWo -eUy2pBqS1302sBB+nfrGFTFmJC4ypzY8uQFG98dxBozqME836KrMhiBbeLIghXgs -OQHHt+gXyQVzvzskedUxZ4mxzZ1D/+JfJhwxGvxZFn5sAGLbAmRbXoIv0duHk/JW -2F1vt/S03rzec8y37B3LLWnIO9LK -=V4Re ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file +IAUCZ364UgUJHMSQwAAKCRA47nV9aRhGIH6dD/46yxNWPrEQlVFd2XbOfBdYjVSh +SOtnF/7nfdpxObjsy5eqsuNGGknkfJkqDvYXcvtVLwn+U3WEscCX3eZ/syM+bpMj ++rMUfczDR21z6UEG9nfR5Yx+7TOpPfXylr2W1OfAtjdMv5UxYKpmmaQogVH+EeA0 +zAE0gZ+n1h0CzAXjmSeNOmAhaMcR1kkA7jM4ZW3r7ovcUuHSR6XwYl2gCDRkHaFR +WePNaOUXRHn/WQFQusUZ8FgZdidw3j4U13ajpoQdZonXk9lBrxu3nS2EzaTuPsEf +R9f1xRlWn733sTAJ5jCOpDFWvmLMNowodC5FYd3SKIn6K80uPamcVnPrtcfGZXAI +OgELAmbrDRz3uDfK1sty4pqI7We/0l0poqf0i863piA0a+awOMURTo9B/vjJvdh1 +Rf672fVWfnWRfAnjgIifCN4nBPVKRcY9XgmOG8ZqQgpOug7EERz4W8IZccjxx4gu +jTMXoPUY1s+6c/CJlQ3gESlfPkz1UYKCFjEvApMOD99SG8AUJvQbGvPFkIK5euWS +hOVLAmLKI3YNGCXUiPA4i9AEYnkDtAydohUKU/WclBWHWaeAZDccDivs8dPiF3Dd +YrR0eb81lB36Jm13cJodBS4aArHvgDeDvz7aLr7An0qXmNTnpc3cdU1ovskNXmA2 +Yj+I0ojpJsh6ici6dLkCDQRMxDmSARAAv8XAp2PGA/G1KmCrVIzOBm1NPIuqGAYP +c1l9p0dYdhEgvfw0NXcl5MDv1jbOPZ2PspA8NP7Rqp6LNNXYTeM/eIJDndU5Phyi +ewFpACAp7Gmm2dL5PUOhu0gIUnQYbN/QdGPoo7bNI646K1Y9aVTBu9fszQssjb6G +qXHSNM+pskVn9lropO1tLrF0I9VSlSphlCmiQRlzBCZSnxD6UagkPaw1gJnJqnrd +f9oA6AIavZFdh104fl7y8bMZb6bC0K/5ZD0DLfmYaojkyqRtl3VBu6/ZvXrjsT9A +QS5x9EdVslUoYY+kUxQm1wi3LIi3mOj6v0IIvgKzjt0X/39E3C42+m8ddTKowFB1 +Y1lEzHiT80YP9a+I+L2bqYgy6Lqs5CxI5qph1xRfg2rY6uvc5rPYk9B1R94jbeKi +3W8ryHG9QJBNXcd8mCGLM3qylWXTJA4oGITyaIlGCuMeKUfeFNvGijjbEOQ0Cr4J +CjdACbWJsPEoIOrRFxY+NwJEA39Dkyalyh2l0qTNXTIYhLiDuzl+tWuBX+SjHavj +9jGyvwr3T37gfzYCNMoZf8GaxAUJMCoGTqnsjTPGMion/DfdNkFDQ+fivdYiVQ9p +/Njpr38sC83V8dHF/1KkIHImyzMPTdC7l/lMHyC2Gx2dWZOjuOOKit0Qoy3DZoQw +vN1ZZND9M1UAEQEAAYkCPAQYAQoAJgIbDBYhBDaQwkDOUbRnDTCtHDjudX1pGEYg +BQJnfrhHBQkcxJC1AAoJEDjudX1pGEYgjaIQAIxs2u0oNqKiFK58d/lpSg+sWgwO +3WG9cChhQvPnJdyAdXKlnw8/SSykqtuMv1/N29mYSO7K3sCISvoCTR2KqT546o+C +2/CqSs3WEuX1SpPQGVPULiTxLLsZh0WhJrKchmV3NRACPxoueiqtFosJPA6u1sf2 +ilN89ArGxzteIuTpyUy5r98GHUK5svjVh4sz+KvTNlGFHN3nAoR7BhiDf6RgQ0Q3 +ukkGJqvtYSUV3RuVkgR+7FHDFsb6RRmykcm+YStz3P0YTMJjbLYewaQLzKZnLWnS +N18NRrITwEUicBXkcOFjF18d7jXYsAzzX7l28LFi5ygWuOOvT5s7EzTmWty5+qre +HHnjL4SCQY2rkb9AipUTqpoDhBz91QivTdQ/EsJlP6e08hwaa7heZqZWWy1eRr8R +EzD2r3GfQ2EegPkwsidivDBlK4PgWnlEl06RbE1dXoamXfPJ1q0SFlkw3zMW+bqY +P1jTxrJVAlXFf8qT3d5pXz871R1NPP/dyPJni844Bi42q8JHIZaKWZ6QQsP20TGM +BrvbI8qMCM1gH58vcBWBHtpm2kGEjVdJyl75RgjCf1VHqPab6A0/+tABGlLf5rm9 +kxOmb2wDCW8xPno/A8psVWcYE7gERT6Bdqbkr3SZw92izGCA4m17O1MPf6vj/ngb +RROvuEI11HLOmBJv +=m5Nx +-----END PGP PUBLIC KEY BLOCK----- From 7689820248c45911f2de03bb0bc8506a09105a23 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Mon, 3 Feb 2025 15:59:57 +0100 Subject: [PATCH 03/51] actions/upload-artifact@v4 - updating deprecated action --- .github/workflows/build-tarball.yml | 2 +- .github/workflows/build-windows-package.yml | 2 +- .github/workflows/codespeed-benchmarks.yml | 2 +- .../workflows/reusable-agent-build-container-images.yml | 8 ++++---- .../workflows/reusable-agent-build-linux-packages-new.yml | 2 +- .../workflows/reusable-codespeed-agent-benchmarks.yaml | 2 +- .github/workflows/unittests.yml | 6 +++--- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-tarball.yml b/.github/workflows/build-tarball.yml index 8d2b51144b..53b08de4fd 100644 --- a/.github/workflows/build-tarball.yml +++ b/.github/workflows/build-tarball.yml @@ -38,7 +38,7 @@ jobs: popd - name: Save tarball as artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: tarball-noarch path: build diff --git a/.github/workflows/build-windows-package.yml b/.github/workflows/build-windows-package.yml index 9a7ccc796e..437d09e26d 100644 --- a/.github/workflows/build-windows-package.yml +++ b/.github/workflows/build-windows-package.yml @@ -37,7 +37,7 @@ jobs: run: python build_package.py win32 - name: Save installer as artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: windows-msi path: ScalyrAgentInstaller-*.msi diff --git a/.github/workflows/codespeed-benchmarks.yml b/.github/workflows/codespeed-benchmarks.yml index b756f4dab7..42b25b1e17 100644 --- a/.github/workflows/codespeed-benchmarks.yml +++ b/.github/workflows/codespeed-benchmarks.yml @@ -81,7 +81,7 @@ jobs: python benchmarks/scripts/send_microbenchmarks_data_to_codespeed.py --data-path="benchmark_results/*.json" --debug - name: Store artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: codespeed-micro-benchmarks-${{ matrix.python-version }} path: | diff --git a/.github/workflows/reusable-agent-build-container-images.yml b/.github/workflows/reusable-agent-build-container-images.yml index 55d073c843..9d0739da34 100644 --- a/.github/workflows/reusable-agent-build-container-images.yml +++ b/.github/workflows/reusable-agent-build-container-images.yml @@ -238,7 +238,7 @@ jobs: --output-dir ./build - name: Save image OCI tarball as artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: container-image-tarball-${{ matrix.variant.image_type }}-${{ inputs.builder_name }} path: build @@ -355,7 +355,7 @@ jobs: fi - name: Upload Agent k8s Test Docker Image as artifact for debugging purposses - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: k8s-image-${{ inputs.builder_name }} path: build @@ -906,7 +906,7 @@ jobs: source ./.circleci/smoketest_k8s.sh scalyr/scalyr-agent-ci-unittest:4 150 no_delete_existing_k8s_objs k8s-image:test - name: Upload test results - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: k8s-smoketest path: | @@ -1007,7 +1007,7 @@ jobs: source ./.circleci/smoketest_docker.sh scalyr/scalyr-agent-ci-unittest:4 ${{ matrix.variant.image_type }} ${{ matrix.variant.timeout }} ${{ matrix.variant.image_type }}-${{ inputs.builder_name }}:test - name: Upload test results - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: docker-smoketest-${{ matrix.variant.image_type }}-${{ inputs.builder_name }} path: | diff --git a/.github/workflows/reusable-agent-build-linux-packages-new.yml b/.github/workflows/reusable-agent-build-linux-packages-new.yml index 85441d1272..de42eebebc 100644 --- a/.github/workflows/reusable-agent-build-linux-packages-new.yml +++ b/.github/workflows/reusable-agent-build-linux-packages-new.yml @@ -160,7 +160,7 @@ jobs: --package-type ${{ matrix.variant.package_type }} - name: Save packages as artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: linux-packages-${{ matrix.variant.builder_name }} path: build diff --git a/.github/workflows/reusable-codespeed-agent-benchmarks.yaml b/.github/workflows/reusable-codespeed-agent-benchmarks.yaml index a6e2660f82..b56c00a848 100644 --- a/.github/workflows/reusable-codespeed-agent-benchmarks.yaml +++ b/.github/workflows/reusable-codespeed-agent-benchmarks.yaml @@ -154,7 +154,7 @@ jobs: ./benchmarks/scripts/send-log-level-counts-to-codespeed.sh "${{ github.sha }}" - name: Upload log artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: agent-logs-${{ inputs.agent_server_host }} path: | diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index d04edde8ef..42f687a636 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -88,7 +88,7 @@ jobs: KIND: unittests - name: Upload pytest test results - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: pytest-results-${{ matrix.python-version }}-${{ matrix.platform }} path: | @@ -153,7 +153,7 @@ jobs: AGENT_HOST_NAME: monitors-test-${{ github.run_number }} - name: Upload pytest test results - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: pytest-results-${{ matrix.python-version }}-monitor-smoketests path: | @@ -228,7 +228,7 @@ jobs: KIND: end2end - name: Upload pytest test results - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: pytest-results-${{ matrix.python-version }}-${{ matrix.variant }} path: | From 6a0062f7e59e16386856f23b56b240886c2be314 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Mon, 3 Feb 2025 16:48:42 +0100 Subject: [PATCH 04/51] actions/upload-artifact@v4 - updating deprecated action --- .../reusable-agent-build-container-images.yml | 10 +++++----- .../reusable-agent-build-linux-packages-new.yml | 2 +- .github/workflows/unittests.yml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/reusable-agent-build-container-images.yml b/.github/workflows/reusable-agent-build-container-images.yml index 9d0739da34..6d0bafe2f6 100644 --- a/.github/workflows/reusable-agent-build-container-images.yml +++ b/.github/workflows/reusable-agent-build-container-images.yml @@ -325,7 +325,7 @@ jobs: minikube image load busybox:1.28 - name: Download OCI tarball of the built image. - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 + uses: actions/download-artifact@v4 with: name: container-image-tarball-k8s-${{ inputs.builder_name }} path: /tmp/image_tarball @@ -667,7 +667,7 @@ jobs: github_token: "${{ secrets.GITHUB_TOKEN }}" - name: Download OCI tarball of the built image. - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 + uses: actions/download-artifact@v4 with: name: container-image-tarball-k8s-${{ inputs.builder_name }} path: /tmp/image_tarball @@ -874,7 +874,7 @@ jobs: github_token: "${{ secrets.GITHUB_TOKEN }}" - name: Download OCI tarball of the built image. - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 + uses: actions/download-artifact@v4 with: name: container-image-tarball-k8s-${{ inputs.builder_name }} path: /tmp/image_tarball @@ -976,7 +976,7 @@ jobs: uses: crazy-max/ghaction-github-runtime@715c25b40ccc0df9b62bfa8be3ccc57d09dbc4b1 - name: Download OCI tarball of the built image. - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 + uses: actions/download-artifact@v4 with: name: container-image-tarball-${{ matrix.variant.image_type }}-${{ inputs.builder_name }} path: /tmp/image_tarball @@ -1050,7 +1050,7 @@ jobs: python_version: ${{ inputs.python_version }} - name: Download OCI tarball of the built image. - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 + uses: actions/download-artifact@v4 with: name: container-image-tarball-${{ matrix.variant.image_type }}-${{ inputs.builder_name }} path: /tmp/image_tarball diff --git a/.github/workflows/reusable-agent-build-linux-packages-new.yml b/.github/workflows/reusable-agent-build-linux-packages-new.yml index de42eebebc..b604662105 100644 --- a/.github/workflows/reusable-agent-build-linux-packages-new.yml +++ b/.github/workflows/reusable-agent-build-linux-packages-new.yml @@ -212,7 +212,7 @@ jobs: driver-opts: network=host - name: Download built packages. - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 + uses: actions/download-artifact@v4 with: name: linux-packages-${{ matrix.test_target.builder }} path: /tmp/packages diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 42f687a636..281692517b 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -247,7 +247,7 @@ jobs: - monitor-smoketests steps: - name: Download test results - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 + uses: actions/download-artifact@v4 with: path: reports - name: Publish Test Results From dce8093270d16eff3cba48c583a14758cf5d71ac Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Tue, 4 Feb 2025 11:22:30 +0100 Subject: [PATCH 05/51] actions/upload-artifact@v4 - updating deprecated action --- .github/workflows/reusable-agent-build-linux-packages-new.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/reusable-agent-build-linux-packages-new.yml b/.github/workflows/reusable-agent-build-linux-packages-new.yml index b604662105..59ebb269ab 100644 --- a/.github/workflows/reusable-agent-build-linux-packages-new.yml +++ b/.github/workflows/reusable-agent-build-linux-packages-new.yml @@ -217,6 +217,10 @@ jobs: name: linux-packages-${{ matrix.test_target.builder }} path: /tmp/packages + - name: Debug - List downloaded packages + run: | + find /tmp/packages + - name: Expose GitHub Runtime To Be Able to Use GHA Cache By Docker. uses: crazy-max/ghaction-github-runtime@715c25b40ccc0df9b62bfa8be3ccc57d09dbc4b1 From 899002f1ddf6dec462e84625f13fb0731e3f088c Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Tue, 4 Feb 2025 12:22:41 +0100 Subject: [PATCH 06/51] actions/upload-artifact@v4 - updating deprecated action --- .github/workflows/reusable-agent-build-linux-packages-new.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-agent-build-linux-packages-new.yml b/.github/workflows/reusable-agent-build-linux-packages-new.yml index 59ebb269ab..48d81fe50e 100644 --- a/.github/workflows/reusable-agent-build-linux-packages-new.yml +++ b/.github/workflows/reusable-agent-build-linux-packages-new.yml @@ -162,7 +162,7 @@ jobs: - name: Save packages as artifact uses: actions/upload-artifact@v4 with: - name: linux-packages-${{ matrix.variant.builder_name }} + name: linux-packages-${{ matrix.variant.builder_name }}-${{ matrix.variant.package_type }} path: build retention-days: 1 @@ -214,7 +214,7 @@ jobs: - name: Download built packages. uses: actions/download-artifact@v4 with: - name: linux-packages-${{ matrix.test_target.builder }} + name: linux-packages-${{ matrix.test_target.builder }}-${{ matrix.test_target.package_type }} path: /tmp/packages - name: Debug - List downloaded packages From ce6a25c3c78468bd8b7fc535c12a9e5db056c027 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Wed, 5 Feb 2025 14:38:40 +0100 Subject: [PATCH 07/51] using installed skopeo instead of a docker image --- .../container_images/image_builders.py | 53 +++++++------------ 1 file changed, 20 insertions(+), 33 deletions(-) diff --git a/agent_build_refactored/container_images/image_builders.py b/agent_build_refactored/container_images/image_builders.py index bcc8b75449..c82d10c52f 100644 --- a/agent_build_refactored/container_images/image_builders.py +++ b/agent_build_refactored/container_images/image_builders.py @@ -420,19 +420,19 @@ def publish( "--rm", f"--name={container_name}", "--net=host", - "quay.io/skopeo/stable:v1.13.2", + "quay.io/skopeo/stable:v1.17.0", "copy", "--all", ] - if not registry_password: - cmd_args.append( - "--dest-no-creds", - ) - else: - cmd_args.append( - f"--dest-creds={registry_username}:{registry_password}" - ) + # if not registry_password: + # cmd_args.append( + # "--dest-no-creds", + # ) + # else: + # cmd_args.append( + # f"--dest-creds={registry_username}:{registry_password}" + # ) if no_verify_tls: cmd_args.append( @@ -447,33 +447,20 @@ def publish( logger.info(f"Publish image '{tag}'") try: - # Create the container, copy tarball into it and start. - subprocess.run( - [ - *cmd_args, - f"oci-archive:/tmp/{oci_layout_tarball.name}", - f"docker://{tag}", - ], - check=True, - ) + + cmd_args = [ + "skopeo", + "copy", + "--all", + f"oci-archive:{oci_layout_tarball}", + f"docker://{tag}" + ] subprocess.run( - [ - "docker", - "cp", - str(oci_layout_tarball), - f"{container_name}:/tmp/{oci_layout_tarball.name}" - ] - ) - subprocess.run( - [ - "docker", - "start", - "-i", - container_name, - ], - check=True, + cmd_args, + check=True ) + except subprocess.CalledProcessError as e: logger.exception( f"Subprocess call failed. Stderr: {(e.stderr or b'').decode()}" From 2af5b88e258ff5647bd6d5ec19dc81176fbd62fb Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Wed, 5 Feb 2025 15:23:13 +0100 Subject: [PATCH 08/51] Revert "Only x86" This reverts commit 0c229638dc7e739403c6f8a1cb69f7039fe32aed. --- .../container_images/fips_image_builders.py | 2 +- agent_build_refactored/container_images/image_builders.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/agent_build_refactored/container_images/fips_image_builders.py b/agent_build_refactored/container_images/fips_image_builders.py index 2b5fc0f63d..774089fa34 100644 --- a/agent_build_refactored/container_images/fips_image_builders.py +++ b/agent_build_refactored/container_images/fips_image_builders.py @@ -8,7 +8,7 @@ _FIPS_IMAGES_SUPPORTED_ARCHITECTURES = [ CpuArch.x86_64, - # CpuArch.AARCH64, + CpuArch.AARCH64, ] diff --git a/agent_build_refactored/container_images/image_builders.py b/agent_build_refactored/container_images/image_builders.py index c82d10c52f..855965fe2e 100644 --- a/agent_build_refactored/container_images/image_builders.py +++ b/agent_build_refactored/container_images/image_builders.py @@ -36,8 +36,8 @@ _SUPPORTED_ARCHITECTURES = [ CpuArch.x86_64, - # CpuArch.AARCH64, - # CpuArch.ARMV7, + CpuArch.AARCH64, + CpuArch.ARMV7, ] logger = logging.getLogger(__name__) From e8b98f9f35915e71f9b1096857d0f1b74e411a20 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Mon, 10 Feb 2025 14:00:32 +0100 Subject: [PATCH 09/51] don't run GHAs on version tags --- .github/workflows/build-container-images.yml | 2 -- .github/workflows/build-linux-packages.yml | 2 -- .github/workflows/build-tarball.yml | 2 -- .github/workflows/build-windows-package.yml | 2 -- 4 files changed, 8 deletions(-) diff --git a/.github/workflows/build-container-images.yml b/.github/workflows/build-container-images.yml index 07ccaf412d..13f73441e2 100644 --- a/.github/workflows/build-container-images.yml +++ b/.github/workflows/build-container-images.yml @@ -4,8 +4,6 @@ on: push: branches: - master - tags: - - v*.*.* pull_request: branches: - master diff --git a/.github/workflows/build-linux-packages.yml b/.github/workflows/build-linux-packages.yml index fbc99113e3..0b7182e4ed 100644 --- a/.github/workflows/build-linux-packages.yml +++ b/.github/workflows/build-linux-packages.yml @@ -4,8 +4,6 @@ on: push: branches: - master - tags: - - v*.*.* pull_request: branches: - master diff --git a/.github/workflows/build-tarball.yml b/.github/workflows/build-tarball.yml index 53b08de4fd..2d6f6c0efb 100644 --- a/.github/workflows/build-tarball.yml +++ b/.github/workflows/build-tarball.yml @@ -4,8 +4,6 @@ on: push: branches: - master - tags: - - v*.*.* pull_request: branches: - master diff --git a/.github/workflows/build-windows-package.yml b/.github/workflows/build-windows-package.yml index 437d09e26d..fc980caf91 100644 --- a/.github/workflows/build-windows-package.yml +++ b/.github/workflows/build-windows-package.yml @@ -4,8 +4,6 @@ on: push: branches: - master - tags: - - v*.*.* pull_request: branches: - master From e2186f93ac8db010af0ccd62e2a99b700cf7292f Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Tue, 11 Feb 2025 12:54:41 +0100 Subject: [PATCH 10/51] don't run GHAs on version tags --- agent_build_refactored/container_images/base_image_alpine.txt | 1 + .../container_images/base_image_ubuntu-fips.txt | 1 + agent_build_refactored/container_images/base_image_ubuntu.txt | 1 + 3 files changed, 3 insertions(+) create mode 100644 agent_build_refactored/container_images/base_image_alpine.txt create mode 100644 agent_build_refactored/container_images/base_image_ubuntu-fips.txt create mode 100644 agent_build_refactored/container_images/base_image_ubuntu.txt diff --git a/agent_build_refactored/container_images/base_image_alpine.txt b/agent_build_refactored/container_images/base_image_alpine.txt new file mode 100644 index 0000000000..cd601e9918 --- /dev/null +++ b/agent_build_refactored/container_images/base_image_alpine.txt @@ -0,0 +1 @@ +alpine:3.19.4 \ No newline at end of file diff --git a/agent_build_refactored/container_images/base_image_ubuntu-fips.txt b/agent_build_refactored/container_images/base_image_ubuntu-fips.txt new file mode 100644 index 0000000000..ce55be3ced --- /dev/null +++ b/agent_build_refactored/container_images/base_image_ubuntu-fips.txt @@ -0,0 +1 @@ +artifactory.eng.sentinelone.tech/docker-release/common/ubuntu-base/python311:2.0.48 \ No newline at end of file diff --git a/agent_build_refactored/container_images/base_image_ubuntu.txt b/agent_build_refactored/container_images/base_image_ubuntu.txt new file mode 100644 index 0000000000..bdbc3043e8 --- /dev/null +++ b/agent_build_refactored/container_images/base_image_ubuntu.txt @@ -0,0 +1 @@ +ubuntu:22.04 \ No newline at end of file From 794015999746341fd6c9dd029de3c4a59963da62 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Wed, 12 Feb 2025 13:27:09 +0100 Subject: [PATCH 11/51] don't run GHAs on version tags --- agent_build_refactored/utils/docker/buildx/build.py | 1 + 1 file changed, 1 insertion(+) diff --git a/agent_build_refactored/utils/docker/buildx/build.py b/agent_build_refactored/utils/docker/buildx/build.py index c2c407d3af..49c653f5b8 100644 --- a/agent_build_refactored/utils/docker/buildx/build.py +++ b/agent_build_refactored/utils/docker/buildx/build.py @@ -108,6 +108,7 @@ def buildx_build( "docker", "buildx", "build", + "--builder=agent-builder" f"-f={dockerfile_path}", "--progress=plain", ] From c85157060c08e2c55feb764a9f8871bde1da3146 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Wed, 12 Feb 2025 13:32:58 +0100 Subject: [PATCH 12/51] don't run GHAs on version tags --- agent_build_refactored/utils/docker/buildx/build.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent_build_refactored/utils/docker/buildx/build.py b/agent_build_refactored/utils/docker/buildx/build.py index 49c653f5b8..f0d4e6e42d 100644 --- a/agent_build_refactored/utils/docker/buildx/build.py +++ b/agent_build_refactored/utils/docker/buildx/build.py @@ -108,7 +108,7 @@ def buildx_build( "docker", "buildx", "build", - "--builder=agent-builder" + "--builder=agent-builder", f"-f={dockerfile_path}", "--progress=plain", ] From 2d5ae44b35e89cd749323304de75f395b7fb33cb Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Wed, 12 Feb 2025 17:04:28 +0100 Subject: [PATCH 13/51] don't run GHAs on version tags --- agent_build_refactored/container_images/image_builders.py | 4 ---- build_package_new.py | 8 -------- 2 files changed, 12 deletions(-) diff --git a/agent_build_refactored/container_images/image_builders.py b/agent_build_refactored/container_images/image_builders.py index 855965fe2e..2d5e70b8bf 100644 --- a/agent_build_refactored/container_images/image_builders.py +++ b/agent_build_refactored/container_images/image_builders.py @@ -379,8 +379,6 @@ def publish( image_type: ImageType, tags: List[str], existing_oci_layout_tarball: pl.Path = None, - registry_username: str = None, - registry_password: str = None, no_verify_tls: bool = False, ): """ @@ -391,8 +389,6 @@ def publish( :param tags: list of tags :param existing_oci_layout_tarball: Path to existing image OCI tarball. If exists, it will publish image from this tarball. If not new image will be built inplace. - :param registry_username: Registry login - :param registry_password: Registry password :param no_verify_tls: Disable certificate validation when pushing the image. :return: """ diff --git a/build_package_new.py b/build_package_new.py index 3b431a428e..04d7d1dd95 100644 --- a/build_package_new.py +++ b/build_package_new.py @@ -127,12 +127,6 @@ def _add_image_type_arg(_parser): required=False, help="OCI tarball with already built image. When provided that image us used instead of building new one", ) - image_publish_parser.add_argument( - "--registry-username", required=True, help="Username for a target registry." - ) - image_publish_parser.add_argument( - "--registry-password", required=False, help="Password for a target registry." - ) image_publish_parser.add_argument( "--no-verify-tls", required=False, @@ -222,8 +216,6 @@ def _add_package_parsers(): image_type=ImageType(args.image_type), tags=final_tags, existing_oci_layout_tarball=existing_oci_layout_tarball, - registry_username=args.registry_username, - registry_password=args.registry_password, no_verify_tls=args.no_verify_tls, ) exit(0) From 203d39da141c8ce6021bde53850e5a8c26256717 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Thu, 13 Feb 2025 18:44:52 +0100 Subject: [PATCH 14/51] don't run GHAs on version tags --- .github/workflows/reusable-agent-build-linux-packages-new.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-agent-build-linux-packages-new.yml b/.github/workflows/reusable-agent-build-linux-packages-new.yml index 48d81fe50e..78cd82c95a 100644 --- a/.github/workflows/reusable-agent-build-linux-packages-new.yml +++ b/.github/workflows/reusable-agent-build-linux-packages-new.yml @@ -76,13 +76,13 @@ jobs: - name: Set up Docker Context for Buildx id: buildx-context run: | - docker context create builders || echo Already exists + docker context create agent-builder || echo Already exists - name: Set up Docker Buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3 with: driver-opts: network=host - endpoint: builders + endpoint: agent-builder - name: Expose GitHub Runtime To Be Able to Use GHA Cache By Docker. uses: crazy-max/ghaction-github-runtime@715c25b40ccc0df9b62bfa8be3ccc57d09dbc4b1 From a12000d009cea35807b21fbe37b4f631dbc0dfb7 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Mon, 17 Feb 2025 11:49:36 +0100 Subject: [PATCH 15/51] don't run GHAs on version tags --- ...eusable-agent-build-linux-packages-new.yml | 4 +- .../container_images/image_builders.py | 51 +++---------------- .../utils/docker/buildx/build.py | 9 +++- build_package_new.py | 6 ++- 4 files changed, 20 insertions(+), 50 deletions(-) diff --git a/.github/workflows/reusable-agent-build-linux-packages-new.yml b/.github/workflows/reusable-agent-build-linux-packages-new.yml index 78cd82c95a..48d81fe50e 100644 --- a/.github/workflows/reusable-agent-build-linux-packages-new.yml +++ b/.github/workflows/reusable-agent-build-linux-packages-new.yml @@ -76,13 +76,13 @@ jobs: - name: Set up Docker Context for Buildx id: buildx-context run: | - docker context create agent-builder || echo Already exists + docker context create builders || echo Already exists - name: Set up Docker Buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3 with: driver-opts: network=host - endpoint: agent-builder + endpoint: builders - name: Expose GitHub Runtime To Be Able to Use GHA Cache By Docker. uses: crazy-max/ghaction-github-runtime@715c25b40ccc0df9b62bfa8be3ccc57d09dbc4b1 diff --git a/agent_build_refactored/container_images/image_builders.py b/agent_build_refactored/container_images/image_builders.py index 2d5e70b8bf..2831b0f2ec 100644 --- a/agent_build_refactored/container_images/image_builders.py +++ b/agent_build_refactored/container_images/image_builders.py @@ -72,11 +72,12 @@ class ContainerisedAgentBuilder(Builder): TAG_SUFFIXES: List[str] AGENT_REQUIREMENTS_EXCLUDE = [] - def __init__(self, base_image): + def __init__(self, base_image, buildx_builder_name=None): super(ContainerisedAgentBuilder, self).__init__() self._already_build_requirements: Set[CpuArch] = set() self.__base_image = base_image + self.__buildx_builder_name = buildx_builder_name @property def __build_args(self) -> Dict[str, str]: @@ -106,7 +107,8 @@ def _build_base_image_dockerfile( cache_name=cache_name, output=output, capture_output=True, - build_args=self.__build_args + build_args=self.__build_args, + buildx_builder=self.__buildx_builder_name ) def __agent_requirements(self): @@ -173,6 +175,7 @@ def build_requirement_libs( output=output, cache_name=cache_name, fallback_to_remote_builder=True, + buildx_builder=self.__buildx_builder_name ) if not only_cache: @@ -323,6 +326,7 @@ def _build( **requirements_libs_contexts, }, output=output, + buildx_builder=self.__buildx_builder_name ) def build_and_load_docker_image( @@ -400,45 +404,6 @@ def publish( if not oci_layout_tarball.exists(): raise Exception("OCI layout tarball does not exists.") - container_name = f"agent_image_publish_skopeo_{self.name}_{image_type.value}" - - delete_container( - container_name=container_name, - ) - - # use skopeo tool to copy image. - # also use it from container, so we don't have to rly on a local installation. - # We also do not use mounting because on some docker environments, this feature may be unavailable, - # so we just create a container first and then copy the tarball. - cmd_args = [ - "docker", - "create", - "--rm", - f"--name={container_name}", - "--net=host", - "quay.io/skopeo/stable:v1.17.0", - "copy", - "--all", - ] - - # if not registry_password: - # cmd_args.append( - # "--dest-no-creds", - # ) - # else: - # cmd_args.append( - # f"--dest-creds={registry_username}:{registry_password}" - # ) - - if no_verify_tls: - cmd_args.append( - "--dest-tls-verify=false", - ) - - delete_container( - container_name=container_name, - ) - for tag in tags: logger.info(f"Publish image '{tag}'") @@ -462,10 +427,6 @@ def publish( f"Subprocess call failed. Stderr: {(e.stderr or b'').decode()}" ) raise - finally: - delete_container( - container_name=container_name, - ) def _arch_to_docker_build_target_name(architecture: CpuArch): diff --git a/agent_build_refactored/utils/docker/buildx/build.py b/agent_build_refactored/utils/docker/buildx/build.py index f0d4e6e42d..25cddd585b 100644 --- a/agent_build_refactored/utils/docker/buildx/build.py +++ b/agent_build_refactored/utils/docker/buildx/build.py @@ -92,7 +92,8 @@ def buildx_build( output: BuildOutput = None, cache_name: str = None, fallback_to_remote_builder: bool = False, - capture_output: bool = False + capture_output: bool = False, + buildx_builder: str = None ): """ Wrapper for the 'docker buildx build' command. @@ -108,11 +109,15 @@ def buildx_build( "docker", "buildx", "build", - "--builder=agent-builder", f"-f={dockerfile_path}", "--progress=plain", ] + if buildx_builder: + cmd_args.append( + f"--builder={buildx_builder}", + ) + architectures = architectures or [] for arch in architectures: cmd_args.append( diff --git a/build_package_new.py b/build_package_new.py index 04d7d1dd95..111d9181de 100644 --- a/build_package_new.py +++ b/build_package_new.py @@ -63,6 +63,10 @@ def _add_image_parsers(): "--base-image", required=True, help="Base image to be used for docker build." ) + image_parser.add_argument( + "--buildx-builder-name", required=False, help="Name of the buildx builder.", default=None + ) + image_parser_action_subparsers = image_parser.add_subparsers( dest="action", required=True ) @@ -176,7 +180,7 @@ def _add_package_parsers(): elif args.command == "image": image_builder_cls = ALL_CONTAINERISED_AGENT_BUILDERS[args.builder_name] - builder = image_builder_cls(base_image=args.base_image) + builder = image_builder_cls(base_image=args.base_image, buildx_builder_name=args.buildx_builder_name) if args.action == "load": builder.build_and_load_docker_image( image_type=ImageType(args.image_type), From 73cbe1ed36fe28a671c3846d964c13e15a7413b3 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Mon, 17 Feb 2025 13:06:59 +0100 Subject: [PATCH 16/51] don't run GHAs on version tags --- .github/actions/install_python_and_requirements/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/install_python_and_requirements/action.yml b/.github/actions/install_python_and_requirements/action.yml index 9d7ad81810..dfa0cb371e 100644 --- a/.github/actions/install_python_and_requirements/action.yml +++ b/.github/actions/install_python_and_requirements/action.yml @@ -40,4 +40,4 @@ runs: shell: bash working-directory: ${{ github.workspace }} run: | - python3 -m pip install -r dev-requirements-new.txt --no-index --find-links wheels \ No newline at end of file + python3 -m pip install -r dev-requirements-new.txt --no-index --find-links wheels | (echo "Installing from cached wheels failed, trying to install from PyPI" && python3 -m pip install -r dev-requirements-new.txt) \ No newline at end of file From 897cb3ebbe469781b9e6bd66cf89dd924b76e176 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Mon, 17 Feb 2025 13:59:35 +0100 Subject: [PATCH 17/51] don't run GHAs on version tags --- .github/actions/install_python_and_requirements/action.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/actions/install_python_and_requirements/action.yml b/.github/actions/install_python_and_requirements/action.yml index dfa0cb371e..f27ca8475b 100644 --- a/.github/actions/install_python_and_requirements/action.yml +++ b/.github/actions/install_python_and_requirements/action.yml @@ -40,4 +40,5 @@ runs: shell: bash working-directory: ${{ github.workspace }} run: | - python3 -m pip install -r dev-requirements-new.txt --no-index --find-links wheels | (echo "Installing from cached wheels failed, trying to install from PyPI" && python3 -m pip install -r dev-requirements-new.txt) \ No newline at end of file + python3 -m pip install -r dev-requirements-new.txt --no-index --find-links wheels || echo "Installing from cached wheels failed, trying to install from PyPI" + python3 -m pip install -r dev-requirements-new.txt \ No newline at end of file From 30d8e4c91372a7afeb9872eb0088953497e576cc Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Tue, 25 Feb 2025 12:24:21 +0100 Subject: [PATCH 18/51] don't run GHAs on version tags --- agent_build_refactored/container_images/base_image_ubuntu.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent_build_refactored/container_images/base_image_ubuntu.txt b/agent_build_refactored/container_images/base_image_ubuntu.txt index bdbc3043e8..604b4c471c 100644 --- a/agent_build_refactored/container_images/base_image_ubuntu.txt +++ b/agent_build_refactored/container_images/base_image_ubuntu.txt @@ -1 +1 @@ -ubuntu:22.04 \ No newline at end of file +ubuntu:20.04 \ No newline at end of file From 8a5e30c280d220dbe4f06f663052225e62a7e0e6 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Tue, 25 Feb 2025 13:59:59 +0100 Subject: [PATCH 19/51] don't run GHAs on version tags --- .github/workflows/reusable-agent-build-container-images.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/reusable-agent-build-container-images.yml b/.github/workflows/reusable-agent-build-container-images.yml index 6d0bafe2f6..4cdd523fad 100644 --- a/.github/workflows/reusable-agent-build-container-images.yml +++ b/.github/workflows/reusable-agent-build-container-images.yml @@ -1079,6 +1079,11 @@ jobs: echo "tags=empty" >> "${GITHUB_OUTPUT}" fi + - name: Set up skopeo + uses: warjiang/setup-skopeo@latest + with: + version: latest + - name: Publish image if: steps.verify.outputs.tags != 'empty' run: | From a467e09289f377b5574ef5e56b740e9e9a454c38 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Tue, 25 Feb 2025 14:41:21 +0100 Subject: [PATCH 20/51] don't run GHAs on version tags --- agent_build_refactored/container_images/base_image_ubuntu.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent_build_refactored/container_images/base_image_ubuntu.txt b/agent_build_refactored/container_images/base_image_ubuntu.txt index 604b4c471c..bdbc3043e8 100644 --- a/agent_build_refactored/container_images/base_image_ubuntu.txt +++ b/agent_build_refactored/container_images/base_image_ubuntu.txt @@ -1 +1 @@ -ubuntu:20.04 \ No newline at end of file +ubuntu:22.04 \ No newline at end of file From 8267bb942253addd675bf4284bceacf110e64a8f Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Tue, 25 Feb 2025 15:05:42 +0100 Subject: [PATCH 21/51] don't run GHAs on version tags --- .../container_images/base_images/ubuntu-fips.Dockerfile | 7 ------- .../container_images/base_images/ubuntu.Dockerfile | 9 +-------- agent_build_refactored/utils/toolset_image/Dockerfile | 1 - 3 files changed, 1 insertion(+), 16 deletions(-) diff --git a/agent_build_refactored/container_images/base_images/ubuntu-fips.Dockerfile b/agent_build_refactored/container_images/base_images/ubuntu-fips.Dockerfile index cc1914e12b..f1286b5f68 100644 --- a/agent_build_refactored/container_images/base_images/ubuntu-fips.Dockerfile +++ b/agent_build_refactored/container_images/base_images/ubuntu-fips.Dockerfile @@ -14,12 +14,5 @@ RUN apt-get install -y \ FROM base as runtime_base -# We upgrade current packages in order to keep everything up to date, including security updates. -RUN DEBIANFRONTEND=noninteractive apt-get update && \ - apt-get dist-upgrade --yes --no-install-recommends --no-install-suggests && \ - apt-get autoremove --yes && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* - ENV OPENSSL_CONF /etc/ssl/openssl.cnf.fips ENV SCALYR_ALLOW_HTTP_MONITORS false diff --git a/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile b/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile index df0bef553b..034fe3d3ed 100644 --- a/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile +++ b/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile @@ -16,11 +16,4 @@ RUN apt-get update && apt-get install -y \ FROM base as runtime_base -# We upgrade current packages in order to keep everything up to date, including security updates. -# Installing ca-certificates populates /etc/ssl/certs but requires openssl (only libssl installed by default). -RUN DEBIANFRONTEND=noninteractive apt-get update && \ - apt-get dist-upgrade --yes --no-install-recommends --no-install-suggests && \ - apt-get install -y ca-certificates python3 && \ - apt-get autoremove --yes && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* + diff --git a/agent_build_refactored/utils/toolset_image/Dockerfile b/agent_build_refactored/utils/toolset_image/Dockerfile index 76e0279a90..aa674e5d40 100644 --- a/agent_build_refactored/utils/toolset_image/Dockerfile +++ b/agent_build_refactored/utils/toolset_image/Dockerfile @@ -1,7 +1,6 @@ FROM ubuntu:22.04 RUN DEBIAN_FRONTEND="noninteractive" \ apt-get update && \ - apt-get dist-upgrade --yes --no-install-recommends --no-install-suggests && \ apt-get install -y \ binutils \ tar \ From 63f2e7823c5c2b67d2b5783095e5a235c65645f7 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Tue, 25 Feb 2025 15:47:31 +0100 Subject: [PATCH 22/51] don't run GHAs on version tags --- .../container_images/base_images/ubuntu.Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile b/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile index 034fe3d3ed..087bd8983c 100644 --- a/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile +++ b/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile @@ -3,6 +3,7 @@ FROM ${BASE_IMAGE} as base FROM base as dependencies_build_base ENV DEBIANFRONTEND=noninteractive +RUN echo "libc-bin hold" | dpkg --set-selections RUN apt-get update && apt-get install -y \ python3 \ python3-pip \ From 46447a0436862632c9baa5ea6547b7cc7086db98 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Wed, 26 Feb 2025 13:59:36 +0100 Subject: [PATCH 23/51] don't run GHAs on version tags --- agent_build_refactored/container_images/base_image_ubuntu.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent_build_refactored/container_images/base_image_ubuntu.txt b/agent_build_refactored/container_images/base_image_ubuntu.txt index bdbc3043e8..25ffc61115 100644 --- a/agent_build_refactored/container_images/base_image_ubuntu.txt +++ b/agent_build_refactored/container_images/base_image_ubuntu.txt @@ -1 +1 @@ -ubuntu:22.04 \ No newline at end of file +ubuntu:24.04 \ No newline at end of file From 4f71bfe7aa5db1e34d358a19b270bf85c17fc904 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Wed, 26 Feb 2025 16:46:30 +0100 Subject: [PATCH 24/51] don't run GHAs on version tags --- .github/workflows/build-container-images.yml | 1 - .../reusable-agent-build-container-images.yml | 14 +++++++------- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build-container-images.yml b/.github/workflows/build-container-images.yml index 13f73441e2..0970550495 100644 --- a/.github/workflows/build-container-images.yml +++ b/.github/workflows/build-container-images.yml @@ -61,7 +61,6 @@ jobs: aws_region: ${{ needs.pre_job.outputs.aws_region }} cicd_workflow: ${{ needs.pre_job.outputs.cicd_workflow }} builder_name: ${{ matrix.builder.builder_name }} - base_image: ${{ matrix.builder.base_image }} architectures: ${{ toJson(matrix.builder.architectures) }} secrets: CT_AWS_DEV_EC2_PRIVATE_KEY: ${{ secrets.CT_AWS_DEV_EC2_PRIVATE_KEY }} diff --git a/.github/workflows/reusable-agent-build-container-images.yml b/.github/workflows/reusable-agent-build-container-images.yml index 4cdd523fad..bafc7b21d5 100644 --- a/.github/workflows/reusable-agent-build-container-images.yml +++ b/.github/workflows/reusable-agent-build-container-images.yml @@ -154,7 +154,7 @@ jobs: python3 build_package_new.py \ image \ ${{ inputs.builder_name }} \ - --base-image ${{ inputs.base_image }} \ + --base-image $(cat agent_build_refactored/container_images/base_image_${{ inputs.builder_name }}.txt) \ cache-requirements \ --architecture ${{ matrix.architecture }} @@ -232,7 +232,7 @@ jobs: python3 build_package_new.py \ image \ ${{ inputs.builder_name }} \ - --base-image ${{ inputs.base_image }} \ + --base-image $(cat agent_build_refactored/container_images/base_image_${{ inputs.builder_name }}.txt) \ build-tarball \ --image-type ${{ matrix.variant.image_type }} \ --output-dir ./build @@ -340,7 +340,7 @@ jobs: run: | python3 tests/end_to_end_tests/container_images_test/scripts/build_test_image.py \ --image-builder-name ${{ inputs.builder_name }} \ - --base-image ${{ inputs.base_image }} \ + --base-image $(cat agent_build_refactored/container_images/base_image_${{ inputs.builder_name }}.txt) \ --architecture x86_64 \ --image-oci-tarball /tmp/image_tarball/k8s-${{ inputs.builder_name }}.tar \ --result-image-name k8s-image:test \ @@ -682,7 +682,7 @@ jobs: run: | python3 tests/end_to_end_tests/container_images_test/scripts/build_test_image.py \ --image-builder-name ${{ inputs.builder_name }} \ - --base-image ${{ inputs.base_image }} \ + --base-image $(cat agent_build_refactored/container_images/base_image_${{ inputs.builder_name }}.txt) \ --architecture x86_64 \ --image-oci-tarball /tmp/image_tarball/k8s-${{ inputs.builder_name }}.tar \ --result-image-name k8s-image:test \ @@ -890,7 +890,7 @@ jobs: run: | python3 tests/end_to_end_tests/container_images_test/scripts/build_test_image.py \ --image-builder-name ${{ inputs.builder_name }} \ - --base-image ${{ inputs.base_image }} \ + --base-image $(cat agent_build_refactored/container_images/base_image_${{ inputs.builder_name }}.txt) \ --architecture x86_64 \ --image-oci-tarball /tmp/image_tarball/k8s-${{ inputs.builder_name }}.tar \ --result-image-name k8s-image:test \ @@ -991,7 +991,7 @@ jobs: run: | python3 tests/end_to_end_tests/container_images_test/scripts/build_test_image.py \ --image-builder-name ${{ inputs.builder_name }} \ - --base-image ${{ inputs.base_image }} \ + --base-image $(cat agent_build_refactored/container_images/base_image_${{ inputs.builder_name }}.txt) \ --architecture x86_64 \ --image-oci-tarball /tmp/image_tarball/${{ matrix.variant.image_type }}-${{ inputs.builder_name }}.tar \ --result-image-name ${{ matrix.variant.image_type }}-${{ inputs.builder_name }}:test \ @@ -1090,7 +1090,7 @@ jobs: python3 build_package_new.py \ image \ ${{ inputs.builder_name }} \ - --base-image ${{ inputs.base_image }} \ + --base-image $(cat agent_build_refactored/container_images/base_image_${{ inputs.builder_name }}.txt) \ publish \ --registry docker.io \ --name-prefix "${{ secrets.PUBLISH_REGISTRY_USERNAME }}" \ From 204f5efc00633c8bfb02a3e88111b6ae21730a66 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Wed, 26 Feb 2025 16:55:05 +0100 Subject: [PATCH 25/51] Revert "don't run GHAs on version tags" This reverts commit 4f71bfe7aa5db1e34d358a19b270bf85c17fc904. --- .github/workflows/build-container-images.yml | 1 + .../reusable-agent-build-container-images.yml | 14 +++++++------- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-container-images.yml b/.github/workflows/build-container-images.yml index 0970550495..13f73441e2 100644 --- a/.github/workflows/build-container-images.yml +++ b/.github/workflows/build-container-images.yml @@ -61,6 +61,7 @@ jobs: aws_region: ${{ needs.pre_job.outputs.aws_region }} cicd_workflow: ${{ needs.pre_job.outputs.cicd_workflow }} builder_name: ${{ matrix.builder.builder_name }} + base_image: ${{ matrix.builder.base_image }} architectures: ${{ toJson(matrix.builder.architectures) }} secrets: CT_AWS_DEV_EC2_PRIVATE_KEY: ${{ secrets.CT_AWS_DEV_EC2_PRIVATE_KEY }} diff --git a/.github/workflows/reusable-agent-build-container-images.yml b/.github/workflows/reusable-agent-build-container-images.yml index bafc7b21d5..4cdd523fad 100644 --- a/.github/workflows/reusable-agent-build-container-images.yml +++ b/.github/workflows/reusable-agent-build-container-images.yml @@ -154,7 +154,7 @@ jobs: python3 build_package_new.py \ image \ ${{ inputs.builder_name }} \ - --base-image $(cat agent_build_refactored/container_images/base_image_${{ inputs.builder_name }}.txt) \ + --base-image ${{ inputs.base_image }} \ cache-requirements \ --architecture ${{ matrix.architecture }} @@ -232,7 +232,7 @@ jobs: python3 build_package_new.py \ image \ ${{ inputs.builder_name }} \ - --base-image $(cat agent_build_refactored/container_images/base_image_${{ inputs.builder_name }}.txt) \ + --base-image ${{ inputs.base_image }} \ build-tarball \ --image-type ${{ matrix.variant.image_type }} \ --output-dir ./build @@ -340,7 +340,7 @@ jobs: run: | python3 tests/end_to_end_tests/container_images_test/scripts/build_test_image.py \ --image-builder-name ${{ inputs.builder_name }} \ - --base-image $(cat agent_build_refactored/container_images/base_image_${{ inputs.builder_name }}.txt) \ + --base-image ${{ inputs.base_image }} \ --architecture x86_64 \ --image-oci-tarball /tmp/image_tarball/k8s-${{ inputs.builder_name }}.tar \ --result-image-name k8s-image:test \ @@ -682,7 +682,7 @@ jobs: run: | python3 tests/end_to_end_tests/container_images_test/scripts/build_test_image.py \ --image-builder-name ${{ inputs.builder_name }} \ - --base-image $(cat agent_build_refactored/container_images/base_image_${{ inputs.builder_name }}.txt) \ + --base-image ${{ inputs.base_image }} \ --architecture x86_64 \ --image-oci-tarball /tmp/image_tarball/k8s-${{ inputs.builder_name }}.tar \ --result-image-name k8s-image:test \ @@ -890,7 +890,7 @@ jobs: run: | python3 tests/end_to_end_tests/container_images_test/scripts/build_test_image.py \ --image-builder-name ${{ inputs.builder_name }} \ - --base-image $(cat agent_build_refactored/container_images/base_image_${{ inputs.builder_name }}.txt) \ + --base-image ${{ inputs.base_image }} \ --architecture x86_64 \ --image-oci-tarball /tmp/image_tarball/k8s-${{ inputs.builder_name }}.tar \ --result-image-name k8s-image:test \ @@ -991,7 +991,7 @@ jobs: run: | python3 tests/end_to_end_tests/container_images_test/scripts/build_test_image.py \ --image-builder-name ${{ inputs.builder_name }} \ - --base-image $(cat agent_build_refactored/container_images/base_image_${{ inputs.builder_name }}.txt) \ + --base-image ${{ inputs.base_image }} \ --architecture x86_64 \ --image-oci-tarball /tmp/image_tarball/${{ matrix.variant.image_type }}-${{ inputs.builder_name }}.tar \ --result-image-name ${{ matrix.variant.image_type }}-${{ inputs.builder_name }}:test \ @@ -1090,7 +1090,7 @@ jobs: python3 build_package_new.py \ image \ ${{ inputs.builder_name }} \ - --base-image $(cat agent_build_refactored/container_images/base_image_${{ inputs.builder_name }}.txt) \ + --base-image ${{ inputs.base_image }} \ publish \ --registry docker.io \ --name-prefix "${{ secrets.PUBLISH_REGISTRY_USERNAME }}" \ From c9cb61cf917fa701ec3b854f46e392dc47d82056 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Wed, 26 Feb 2025 17:06:55 +0100 Subject: [PATCH 26/51] don't run GHAs on version tags --- .../container_images/base_images/ubuntu.Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile b/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile index 087bd8983c..034fe3d3ed 100644 --- a/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile +++ b/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile @@ -3,7 +3,6 @@ FROM ${BASE_IMAGE} as base FROM base as dependencies_build_base ENV DEBIANFRONTEND=noninteractive -RUN echo "libc-bin hold" | dpkg --set-selections RUN apt-get update && apt-get install -y \ python3 \ python3-pip \ From 0efb8e0373fb0eb786ce5d8b46af9d1cae4c69a3 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Thu, 27 Feb 2025 10:43:53 +0100 Subject: [PATCH 27/51] don't run GHAs on version tags --- agent_build_refactored/container_images/base_image_ubuntu.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent_build_refactored/container_images/base_image_ubuntu.txt b/agent_build_refactored/container_images/base_image_ubuntu.txt index 105e5bce73..befba2550a 100644 --- a/agent_build_refactored/container_images/base_image_ubuntu.txt +++ b/agent_build_refactored/container_images/base_image_ubuntu.txt @@ -1 +1 @@ -ubuntu:24.04 +ubuntu:22.04 From 55353eeffe7f78e195e7e1715d3db68471d2e8ea Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Thu, 27 Feb 2025 11:15:40 +0100 Subject: [PATCH 28/51] don't run GHAs on version tags --- .../base_images/ubuntu.Dockerfile | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile b/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile index 034fe3d3ed..24caa6a384 100644 --- a/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile +++ b/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile @@ -3,16 +3,13 @@ FROM ${BASE_IMAGE} as base FROM base as dependencies_build_base ENV DEBIANFRONTEND=noninteractive -RUN apt-get update && apt-get install -y \ - python3 \ - python3-pip \ - python3-dev \ - rustc \ - cargo && \ - apt-get autoremove --yes && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* - +RUN apt update +RUN apt install -y python3 python3-pip python3-dev +RUN apt install -y rustc +RUN apt install -y cargo +RUN apt-get autoremove --yes +RUN apt-get clean +RUN rm -rf /var/lib/apt/lists/* FROM base as runtime_base From e7bda67ade4965db1069f59696165c7612c5ac83 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Thu, 27 Feb 2025 15:49:23 +0100 Subject: [PATCH 29/51] don't run GHAs on version tags --- .../container_images/base_images/ubuntu.Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile b/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile index 24caa6a384..042836eafc 100644 --- a/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile +++ b/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile @@ -4,6 +4,7 @@ FROM ${BASE_IMAGE} as base FROM base as dependencies_build_base ENV DEBIANFRONTEND=noninteractive RUN apt update +RUN apt install libc-bin -y RUN apt install -y python3 python3-pip python3-dev RUN apt install -y rustc RUN apt install -y cargo From 5c025b90a22cc89e1781ed1436743370f05771c7 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Mon, 3 Mar 2025 11:38:15 +0100 Subject: [PATCH 30/51] don't run GHAs on version tags --- agent_build_refactored/container_images/base_image_ubuntu.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent_build_refactored/container_images/base_image_ubuntu.txt b/agent_build_refactored/container_images/base_image_ubuntu.txt index befba2550a..ce55be3ced 100644 --- a/agent_build_refactored/container_images/base_image_ubuntu.txt +++ b/agent_build_refactored/container_images/base_image_ubuntu.txt @@ -1 +1 @@ -ubuntu:22.04 +artifactory.eng.sentinelone.tech/docker-release/common/ubuntu-base/python311:2.0.48 \ No newline at end of file From 31782a9221d983562c96e2f30b65509d3f4c07f9 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Mon, 3 Mar 2025 11:42:11 +0100 Subject: [PATCH 31/51] don't run GHAs on version tags --- agent_build_refactored/container_images/base_image_ubuntu.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent_build_refactored/container_images/base_image_ubuntu.txt b/agent_build_refactored/container_images/base_image_ubuntu.txt index ce55be3ced..befba2550a 100644 --- a/agent_build_refactored/container_images/base_image_ubuntu.txt +++ b/agent_build_refactored/container_images/base_image_ubuntu.txt @@ -1 +1 @@ -artifactory.eng.sentinelone.tech/docker-release/common/ubuntu-base/python311:2.0.48 \ No newline at end of file +ubuntu:22.04 From 013929fbb9d9df01fa1b717460b579314f50746f Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Tue, 4 Mar 2025 09:17:32 +0100 Subject: [PATCH 32/51] don't run GHAs on version tags --- .../container_images/base_images/ubuntu.Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile b/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile index 042836eafc..831e1a6744 100644 --- a/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile +++ b/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile @@ -3,6 +3,7 @@ FROM ${BASE_IMAGE} as base FROM base as dependencies_build_base ENV DEBIANFRONTEND=noninteractive +RUN ldconfig RUN apt update RUN apt install libc-bin -y RUN apt install -y python3 python3-pip python3-dev From eb09795041dc00e84d1156095218500d5331839d Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Tue, 4 Mar 2025 11:12:37 +0100 Subject: [PATCH 33/51] don't run GHAs on version tags --- agent_build_refactored/utils/docker/buildx/build.py | 1 + 1 file changed, 1 insertion(+) diff --git a/agent_build_refactored/utils/docker/buildx/build.py b/agent_build_refactored/utils/docker/buildx/build.py index 25cddd585b..8691e37057 100644 --- a/agent_build_refactored/utils/docker/buildx/build.py +++ b/agent_build_refactored/utils/docker/buildx/build.py @@ -111,6 +111,7 @@ def buildx_build( "build", f"-f={dockerfile_path}", "--progress=plain", + "--no-cache" ] if buildx_builder: From be9e9e5891251585c9e25b589e3b40554213c51c Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Wed, 5 Mar 2025 11:52:49 +0100 Subject: [PATCH 34/51] don't run GHAs on version tags --- agent_build_refactored/utils/docker/buildx/build.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/agent_build_refactored/utils/docker/buildx/build.py b/agent_build_refactored/utils/docker/buildx/build.py index 8691e37057..4512b60c0d 100644 --- a/agent_build_refactored/utils/docker/buildx/build.py +++ b/agent_build_refactored/utils/docker/buildx/build.py @@ -110,8 +110,7 @@ def buildx_build( "buildx", "build", f"-f={dockerfile_path}", - "--progress=plain", - "--no-cache" + "--progress=plain" ] if buildx_builder: From d9a2c10923b2f8e5a5a5e1825e40d8285a6f0a4b Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Wed, 5 Mar 2025 12:32:54 +0100 Subject: [PATCH 35/51] don't run GHAs on version tags --- agent_build_refactored/utils/docker/buildx/build.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/agent_build_refactored/utils/docker/buildx/build.py b/agent_build_refactored/utils/docker/buildx/build.py index 4512b60c0d..da9fddb3d1 100644 --- a/agent_build_refactored/utils/docker/buildx/build.py +++ b/agent_build_refactored/utils/docker/buildx/build.py @@ -32,6 +32,7 @@ # It is also expected that GHA cache authentication environment variables are already exposed to the build process. # see more - https://docs.docker.com/build/cache/backends/gha/ USE_GHA_CACHE = bool(os.environ.get("USE_GHA_CACHE")) +USE_DOCKER_CACHE=bool(os.environ.get("USE_DOCKER_CACHE")) # Just a suffix for the build cache string. May be usefull when it is needed to invalidate the cache. CACHE_VERSION = os.environ.get("CACHE_VERSION", "") @@ -146,6 +147,9 @@ def buildx_build( f"--cache-from=type=gha,scope={final_cache_scope}", f"--cache-to=type=gha,scope={final_cache_scope}", ]) + elif USE_DOCKER_CACHE: + # Add nothing + pass else: cache_dir = _get_local_cache_dir(name=cache_name) cmd_args.extend([ From 080dfd666daf625c49c9efb09fb399f2125d356e Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Thu, 6 Mar 2025 10:24:02 +0100 Subject: [PATCH 36/51] don't run GHAs on version tags --- .github/workflows/build-linux-packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-linux-packages.yml b/.github/workflows/build-linux-packages.yml index 0b7182e4ed..1395625a47 100644 --- a/.github/workflows/build-linux-packages.yml +++ b/.github/workflows/build-linux-packages.yml @@ -42,7 +42,7 @@ jobs: - id: define_constants run: | echo "python_version=3.8" >> "${GITHUB_OUTPUT}" - echo "cache_version=$GITHUB_REF_NAME" >> "${GITHUB_OUTPUT}" + echo "cache_version=1" >> "${GITHUB_OUTPUT}" echo "aws_region=us-east-1" >> "${GITHUB_OUTPUT}" echo "cicd_workflow=${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}" >> "${GITHUB_OUTPUT}" From a1156c7e80438ee07f0e23b60251f810a9ab5d20 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Fri, 7 Mar 2025 11:19:26 +0100 Subject: [PATCH 37/51] don't run GHAs on version tags --- .../container_images_test/tools/__init__.py | 29 ++++++++++++------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/tests/end_to_end_tests/container_images_test/tools/__init__.py b/tests/end_to_end_tests/container_images_test/tools/__init__.py index d9a49eb79e..75af3c35b3 100644 --- a/tests/end_to_end_tests/container_images_test/tools/__init__.py +++ b/tests/end_to_end_tests/container_images_test/tools/__init__.py @@ -51,18 +51,27 @@ def build_test_version_of_container_image( delete_container(container_name=registry_container_name) # Create temporary local registry to push production image there. - subprocess.run( - [ - "docker", - "run", - "-d", - "--rm", - "-p=5000:5000", - f"--name={registry_container_name}", - "registry:2", - ], + cmd = [ + "docker", + "run", + "-d", + "--rm", + "-p=5000:5000", + f"--name={registry_container_name}", + "registry:2", + ] + + print(f"Creating local registry container: {cmd}") + + completed_process = subprocess.run( + cmd, check=True, + capture_output=True ) + + print(completed_process.stdout.decode()) + print(completed_process.stderr.decode()) + try: all_image_tags = image_builder.generate_final_registry_tags( image_type=image_type, From 4a527c674bcb6c240af0f8edfefb38c60ded747a Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Fri, 7 Mar 2025 11:47:25 +0100 Subject: [PATCH 38/51] don't run GHAs on version tags --- tests/end_to_end_tests/container_images_test/tools/__init__.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/end_to_end_tests/container_images_test/tools/__init__.py b/tests/end_to_end_tests/container_images_test/tools/__init__.py index 75af3c35b3..24dee054f5 100644 --- a/tests/end_to_end_tests/container_images_test/tools/__init__.py +++ b/tests/end_to_end_tests/container_images_test/tools/__init__.py @@ -81,6 +81,7 @@ def build_test_version_of_container_image( ) # Publish image to the local registry + print(f"Publishing image to the local registry: {all_image_tags}") image_builder.publish( image_type=image_type, tags=all_image_tags, From b0f154bdeae76fcc886b5b62aeb32b7df91e123e Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Fri, 7 Mar 2025 11:55:45 +0100 Subject: [PATCH 39/51] don't run GHAs on version tags --- .../container_images_test/tools/__init__.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tests/end_to_end_tests/container_images_test/tools/__init__.py b/tests/end_to_end_tests/container_images_test/tools/__init__.py index 24dee054f5..8642b07e8f 100644 --- a/tests/end_to_end_tests/container_images_test/tools/__init__.py +++ b/tests/end_to_end_tests/container_images_test/tools/__init__.py @@ -11,12 +11,13 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - - +import logging import pathlib as pl import subprocess from typing import Callable +logger = logging.getLogger(__name__) + from agent_build_refactored.utils.constants import CpuArch from agent_build_refactored.utils.docker.common import delete_container from agent_build_refactored.utils.docker.buildx.build import ( @@ -61,7 +62,7 @@ def build_test_version_of_container_image( "registry:2", ] - print(f"Creating local registry container: {cmd}") + logger.info(f"Creating local registry container: {cmd}") completed_process = subprocess.run( cmd, @@ -69,8 +70,9 @@ def build_test_version_of_container_image( capture_output=True ) - print(completed_process.stdout.decode()) - print(completed_process.stderr.decode()) + logger.info("Completed:") + logger.info(completed_process.stdout.decode()) + logger.info(completed_process.stderr.decode()) try: all_image_tags = image_builder.generate_final_registry_tags( @@ -81,7 +83,7 @@ def build_test_version_of_container_image( ) # Publish image to the local registry - print(f"Publishing image to the local registry: {all_image_tags}") + logger.info(f"Publishing image to the local registry: {all_image_tags}") image_builder.publish( image_type=image_type, tags=all_image_tags, From 4db432f18c314d89f2ae8d7293b64b6c866b1af3 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Fri, 7 Mar 2025 12:05:19 +0100 Subject: [PATCH 40/51] don't run GHAs on version tags --- agent_build_refactored/container_images/image_builders.py | 1 + 1 file changed, 1 insertion(+) diff --git a/agent_build_refactored/container_images/image_builders.py b/agent_build_refactored/container_images/image_builders.py index 2831b0f2ec..cceb2402a1 100644 --- a/agent_build_refactored/container_images/image_builders.py +++ b/agent_build_refactored/container_images/image_builders.py @@ -413,6 +413,7 @@ def publish( "skopeo", "copy", "--all", + "--dest-tls-verify=false", f"oci-archive:{oci_layout_tarball}", f"docker://{tag}" ] From dc88cee80771a4a61b7ec03f58ba25374cfec604 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Fri, 7 Mar 2025 12:15:49 +0100 Subject: [PATCH 41/51] don't run GHAs on version tags --- .github/workflows/reusable-agent-build-container-images.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/reusable-agent-build-container-images.yml b/.github/workflows/reusable-agent-build-container-images.yml index 4cdd523fad..45f9de7e5a 100644 --- a/.github/workflows/reusable-agent-build-container-images.yml +++ b/.github/workflows/reusable-agent-build-container-images.yml @@ -984,6 +984,11 @@ jobs: - name: Expose GitHub Runtime To Be Able to Use GHA Cache By Docker. uses: crazy-max/ghaction-github-runtime@715c25b40ccc0df9b62bfa8be3ccc57d09dbc4b1 + - name: Set up skopeo + uses: warjiang/setup-skopeo@latest + with: + version: latest + - name: Build test image env: USE_GHA_CACHE: "1" From 7e62fb1da47ca565a6b2fe87cd164db34b97f0ac Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Fri, 7 Mar 2025 12:20:35 +0100 Subject: [PATCH 42/51] don't run GHAs on version tags --- .github/workflows/reusable-agent-build-container-images.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-agent-build-container-images.yml b/.github/workflows/reusable-agent-build-container-images.yml index 45f9de7e5a..9c9828b44b 100644 --- a/.github/workflows/reusable-agent-build-container-images.yml +++ b/.github/workflows/reusable-agent-build-container-images.yml @@ -985,7 +985,7 @@ jobs: uses: crazy-max/ghaction-github-runtime@715c25b40ccc0df9b62bfa8be3ccc57d09dbc4b1 - name: Set up skopeo - uses: warjiang/setup-skopeo@latest + uses: warjiang/setup-skopeo@v0.1.3 with: version: latest @@ -1085,7 +1085,7 @@ jobs: fi - name: Set up skopeo - uses: warjiang/setup-skopeo@latest + uses: warjiang/setup-skopeo@v0.1.3 with: version: latest From e7a4220bfde65c74768c20e1969a7e8d837aec3f Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Fri, 7 Mar 2025 12:29:12 +0100 Subject: [PATCH 43/51] don't run GHAs on version tags --- .github/workflows/reusable-agent-build-container-images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-agent-build-container-images.yml b/.github/workflows/reusable-agent-build-container-images.yml index 9c9828b44b..4994306418 100644 --- a/.github/workflows/reusable-agent-build-container-images.yml +++ b/.github/workflows/reusable-agent-build-container-images.yml @@ -985,7 +985,7 @@ jobs: uses: crazy-max/ghaction-github-runtime@715c25b40ccc0df9b62bfa8be3ccc57d09dbc4b1 - name: Set up skopeo - uses: warjiang/setup-skopeo@v0.1.3 + uses: warjiang/setup-skopeo@v0.1.2 with: version: latest From fa7c76bac010bfbfd11e99c465c629a1bfe801de Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Fri, 7 Mar 2025 12:55:20 +0100 Subject: [PATCH 44/51] don't run GHAs on version tags --- agent_build_refactored/container_images/image_builders.py | 1 + 1 file changed, 1 insertion(+) diff --git a/agent_build_refactored/container_images/image_builders.py b/agent_build_refactored/container_images/image_builders.py index cceb2402a1..c24521cbee 100644 --- a/agent_build_refactored/container_images/image_builders.py +++ b/agent_build_refactored/container_images/image_builders.py @@ -414,6 +414,7 @@ def publish( "copy", "--all", "--dest-tls-verify=false", + "--remove-signatures", f"oci-archive:{oci_layout_tarball}", f"docker://{tag}" ] From 358023c9e4bf0894888d2e6d9847ff87b8dff51b Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Fri, 7 Mar 2025 15:00:13 +0100 Subject: [PATCH 45/51] don't run GHAs on version tags --- .../workflows/retry-workflow-build-container-images.yaml | 4 ++-- .github/workflows/reusable-agent-build-container-images.yml | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/retry-workflow-build-container-images.yaml b/.github/workflows/retry-workflow-build-container-images.yaml index 9452dc4a10..a35fdf3ad6 100644 --- a/.github/workflows/retry-workflow-build-container-images.yaml +++ b/.github/workflows/retry-workflow-build-container-images.yaml @@ -3,12 +3,12 @@ name: Retry Workflow Build Container Images on: push: branches: - - master + - masterx tags: - v*.*.* pull_request: branches: - - master + - masterx workflow_dispatch: schedule: diff --git a/.github/workflows/reusable-agent-build-container-images.yml b/.github/workflows/reusable-agent-build-container-images.yml index 4994306418..da01880d81 100644 --- a/.github/workflows/reusable-agent-build-container-images.yml +++ b/.github/workflows/reusable-agent-build-container-images.yml @@ -989,6 +989,12 @@ jobs: with: version: latest + + - name: Setup tmate session + uses: mxschmitt/action-tmate@v3 + with: + detached: true + - name: Build test image env: USE_GHA_CACHE: "1" From 303ddd9e619aa911998b743d8a281d1f31ef1c74 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Fri, 7 Mar 2025 15:33:10 +0100 Subject: [PATCH 46/51] don't run GHAs on version tags --- .../container_images/image_builders.py | 22 +++++++++++----- .../container_images_test/tools/__init__.py | 26 +++++++++++-------- 2 files changed, 30 insertions(+), 18 deletions(-) diff --git a/agent_build_refactored/container_images/image_builders.py b/agent_build_refactored/container_images/image_builders.py index c24521cbee..900bb78842 100644 --- a/agent_build_refactored/container_images/image_builders.py +++ b/agent_build_refactored/container_images/image_builders.py @@ -410,13 +410,21 @@ def publish( try: cmd_args = [ - "skopeo", - "copy", - "--all", - "--dest-tls-verify=false", - "--remove-signatures", - f"oci-archive:{oci_layout_tarball}", - f"docker://{tag}" + "docker", + "import", + oci_layout_tarball, + tag + ] + + subprocess.run( + cmd_args, + check=True + ) + + cmd_args = [ + "docker", + "push", + oci_layout_tarball ] subprocess.run( diff --git a/tests/end_to_end_tests/container_images_test/tools/__init__.py b/tests/end_to_end_tests/container_images_test/tools/__init__.py index 8642b07e8f..4e3b6ef2c7 100644 --- a/tests/end_to_end_tests/container_images_test/tools/__init__.py +++ b/tests/end_to_end_tests/container_images_test/tools/__init__.py @@ -14,7 +14,7 @@ import logging import pathlib as pl import subprocess -from typing import Callable +from typing import Callable, List logger = logging.getLogger(__name__) @@ -47,6 +47,19 @@ def build_test_version_of_container_image( tests can enable it in order to obtain coverage information of the docker/k8s related code. """ + def run(comment: str, cmd: List[str]): + logger.info(f"Running: {comment}") + logger.info(f"Command: {cmd}") + completed_process = subprocess.run( + cmd, + check=True, + capture_output=True, + ) + + logger.info(f"Completed: {comment}") + logger.info(completed_process.stdout.decode()) + logger.info(completed_process.stderr.decode()) + registry_container_name = "agent_image_e2e_test_registry" delete_container(container_name=registry_container_name) @@ -62,17 +75,8 @@ def build_test_version_of_container_image( "registry:2", ] - logger.info(f"Creating local registry container: {cmd}") - - completed_process = subprocess.run( - cmd, - check=True, - capture_output=True - ) + run(f"Creating local registry container.", cmd) - logger.info("Completed:") - logger.info(completed_process.stdout.decode()) - logger.info(completed_process.stderr.decode()) try: all_image_tags = image_builder.generate_final_registry_tags( From 2595c9287f46f899b1264d449e7e3d86876c4b22 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Fri, 7 Mar 2025 15:38:42 +0100 Subject: [PATCH 47/51] don't run GHAs on version tags --- agent_build_refactored/container_images/image_builders.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/agent_build_refactored/container_images/image_builders.py b/agent_build_refactored/container_images/image_builders.py index 900bb78842..f02a3e82da 100644 --- a/agent_build_refactored/container_images/image_builders.py +++ b/agent_build_refactored/container_images/image_builders.py @@ -412,7 +412,7 @@ def publish( cmd_args = [ "docker", "import", - oci_layout_tarball, + str(oci_layout_tarball), tag ] @@ -424,7 +424,7 @@ def publish( cmd_args = [ "docker", "push", - oci_layout_tarball + str(oci_layout_tarball) ] subprocess.run( From e0ea07ad8b541307aec025c63b5fca1f3022d8ed Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Fri, 7 Mar 2025 15:52:20 +0100 Subject: [PATCH 48/51] don't run GHAs on version tags --- agent_build_refactored/container_images/image_builders.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent_build_refactored/container_images/image_builders.py b/agent_build_refactored/container_images/image_builders.py index f02a3e82da..3f5b570439 100644 --- a/agent_build_refactored/container_images/image_builders.py +++ b/agent_build_refactored/container_images/image_builders.py @@ -424,7 +424,7 @@ def publish( cmd_args = [ "docker", "push", - str(oci_layout_tarball) + tag ] subprocess.run( From 5710ea77d2d94618b810a377bcac2fa2a277d39c Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Fri, 7 Mar 2025 15:59:55 +0100 Subject: [PATCH 49/51] don't run GHAs on version tags --- .../reusable-agent-build-container-images.yml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/.github/workflows/reusable-agent-build-container-images.yml b/.github/workflows/reusable-agent-build-container-images.yml index da01880d81..f4dc24c52b 100644 --- a/.github/workflows/reusable-agent-build-container-images.yml +++ b/.github/workflows/reusable-agent-build-container-images.yml @@ -984,17 +984,6 @@ jobs: - name: Expose GitHub Runtime To Be Able to Use GHA Cache By Docker. uses: crazy-max/ghaction-github-runtime@715c25b40ccc0df9b62bfa8be3ccc57d09dbc4b1 - - name: Set up skopeo - uses: warjiang/setup-skopeo@v0.1.2 - with: - version: latest - - - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 - with: - detached: true - - name: Build test image env: USE_GHA_CACHE: "1" From fc30b1c8a7f285c19f9c5101782ece73cafb2631 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Fri, 7 Mar 2025 16:33:04 +0100 Subject: [PATCH 50/51] don't run GHAs on version tags --- .../base_images/ubuntu-fips.Dockerfile | 7 +++++ .../base_images/ubuntu.Dockerfile | 28 ++++++++++++------- 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/agent_build_refactored/container_images/base_images/ubuntu-fips.Dockerfile b/agent_build_refactored/container_images/base_images/ubuntu-fips.Dockerfile index f1286b5f68..cc1914e12b 100644 --- a/agent_build_refactored/container_images/base_images/ubuntu-fips.Dockerfile +++ b/agent_build_refactored/container_images/base_images/ubuntu-fips.Dockerfile @@ -14,5 +14,12 @@ RUN apt-get install -y \ FROM base as runtime_base +# We upgrade current packages in order to keep everything up to date, including security updates. +RUN DEBIANFRONTEND=noninteractive apt-get update && \ + apt-get dist-upgrade --yes --no-install-recommends --no-install-suggests && \ + apt-get autoremove --yes && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + ENV OPENSSL_CONF /etc/ssl/openssl.cnf.fips ENV SCALYR_ALLOW_HTTP_MONITORS false diff --git a/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile b/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile index 831e1a6744..df0bef553b 100644 --- a/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile +++ b/agent_build_refactored/container_images/base_images/ubuntu.Dockerfile @@ -3,16 +3,24 @@ FROM ${BASE_IMAGE} as base FROM base as dependencies_build_base ENV DEBIANFRONTEND=noninteractive -RUN ldconfig -RUN apt update -RUN apt install libc-bin -y -RUN apt install -y python3 python3-pip python3-dev -RUN apt install -y rustc -RUN apt install -y cargo -RUN apt-get autoremove --yes -RUN apt-get clean -RUN rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y \ + python3 \ + python3-pip \ + python3-dev \ + rustc \ + cargo && \ + apt-get autoremove --yes && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* -FROM base as runtime_base +FROM base as runtime_base +# We upgrade current packages in order to keep everything up to date, including security updates. +# Installing ca-certificates populates /etc/ssl/certs but requires openssl (only libssl installed by default). +RUN DEBIANFRONTEND=noninteractive apt-get update && \ + apt-get dist-upgrade --yes --no-install-recommends --no-install-suggests && \ + apt-get install -y ca-certificates python3 && \ + apt-get autoremove --yes && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* From 631f9c8ee8e66ef05fdc4aca88bf515df5f3bc14 Mon Sep 17 00:00:00 2001 From: "ales.novak" Date: Wed, 12 Mar 2025 09:31:08 +0100 Subject: [PATCH 51/51] don't run GHAs on version tags --- .../container_images/base_images/alpine.Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/agent_build_refactored/container_images/base_images/alpine.Dockerfile b/agent_build_refactored/container_images/base_images/alpine.Dockerfile index 017f340254..ea112ffa69 100644 --- a/agent_build_refactored/container_images/base_images/alpine.Dockerfile +++ b/agent_build_refactored/container_images/base_images/alpine.Dockerfile @@ -2,6 +2,7 @@ ARG BASE_IMAGE FROM ${BASE_IMAGE} as base FROM base as dependencies_build_base +RUN echo cache out RUN apk update && apk add --no-cache \ --virtual build-dependencies \ binutils \