diff --git a/.github/workflows/apkbuild.yml b/.github/workflows/apkbuild.yml index cf6e2c73c1..f6c2cb2a83 100644 --- a/.github/workflows/apkbuild.yml +++ b/.github/workflows/apkbuild.yml @@ -14,6 +14,12 @@ on: paths: - apk/** +permissions: + contents: read + packages: write + attestations: write + id-token: write + jobs: build-and-push: runs-on: ubuntu-latest @@ -31,7 +37,7 @@ jobs: BUILDER: apkbuild MATRIX_TAG: ${{matrix.alpine}} run: | - DOCKER_IMAGE=${{ github.repository }}-${BUILDER} + DOCKER_IMAGE=ghcr.io/${{ github.repository }}-${BUILDER} TAGS="${DOCKER_IMAGE}:${MATRIX_TAG},${DOCKER_IMAGE}:latest" COMMIT_SHA="${GITHUB_SHA}" if [[ $GITHUB_REF == refs/tags/* ]]; then @@ -47,11 +53,12 @@ jobs: echo "tags=${TAGS}" >> $GITHUB_OUTPUT - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Login to DockerHub + - name: Login to Container Registry uses: docker/login-action@v3 with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} + registry: ghcr.io + username: "${{ github.actor }}" + password: "${{ secrets.GITHUB_TOKEN }}" - name: "Build and push APK builder docker image to DockerHub" id: docker_build_builder uses: docker/build-push-action@v5 diff --git a/.github/workflows/debbuild.yml b/.github/workflows/debbuild.yml index e09d3ec7d5..cd1040c751 100644 --- a/.github/workflows/debbuild.yml +++ b/.github/workflows/debbuild.yml @@ -16,6 +16,12 @@ on: - deb/** - .github/workflows/debbuild.yml +permissions: + contents: read + packages: write + attestations: write + id-token: write + jobs: build-and-push: runs-on: ubuntu-latest @@ -32,7 +38,7 @@ jobs: BUILDER: debbuild MATRIX_TAG: ${{matrix.debian}} run: | - DOCKER_IMAGE=${{ github.repository }}-${BUILDER} + DOCKER_IMAGE=ghcr.io/${{ github.repository }}-${BUILDER} TAGS="${DOCKER_IMAGE}:${MATRIX_TAG},${DOCKER_IMAGE}:latest" COMMIT_SHA="${GITHUB_SHA}" if [[ $GITHUB_REF == refs/tags/* ]]; then @@ -53,8 +59,9 @@ jobs: - name: Login to DockerHub uses: docker/login-action@v3 with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} + registry: ghcr.io + username: "${{ github.actor }}" + password: "${{ secrets.GITHUB_TOKEN }}" - name: "Build and push Debian builder docker image to DockerHub" id: docker_build_builder uses: docker/build-push-action@v5 diff --git a/.github/workflows/rpmbuild.yml b/.github/workflows/rpmbuild.yml index e4913c4d45..66e543317d 100644 --- a/.github/workflows/rpmbuild.yml +++ b/.github/workflows/rpmbuild.yml @@ -16,13 +16,19 @@ on: - rpm/** - .github/workflows/rpmbuild.yml +permissions: + contents: read + packages: write + attestations: write + id-token: write + jobs: build-and-push: runs-on: ubuntu-latest strategy: matrix: centos: - - 'centos8' + - 'ubi' steps: - name: "Checkout source code at current commit" uses: actions/checkout@v4 @@ -32,7 +38,7 @@ jobs: BUILDER: rpmbuild MATRIX_TAG: ${{matrix.centos}} run: | - DOCKER_IMAGE=${{ github.repository }}-${BUILDER} + DOCKER_IMAGE=ghcr.io/${{ github.repository }}-${BUILDER} TAGS="${DOCKER_IMAGE}:${MATRIX_TAG},${DOCKER_IMAGE}:latest" COMMIT_SHA="${GITHUB_SHA}" if [[ $GITHUB_REF == refs/tags/* ]]; then @@ -53,8 +59,9 @@ jobs: - name: Login to DockerHub uses: docker/login-action@v3 with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} + registry: ghcr.io + username: "${{ github.actor }}" + password: "${{ secrets.GITHUB_TOKEN }}" - name: "Build and push RPM builder docker image to DockerHub" id: docker_build_builder uses: docker/build-push-action@v5 diff --git a/Makefile b/Makefile index f6b3bfda4e..999aa598f9 100644 --- a/Makefile +++ b/Makefile @@ -97,7 +97,7 @@ docker/build/apk/shell run/apk: # MATRIX BUILD docker/build/deb/shell docker/build/deb/test run/deb : BUILDER_VERSION=stable-slim -docker/build/rpm/shell docker/build/rpm/test run/rpm : BUILDER_VERSION=centos8 +docker/build/rpm/shell docker/build/rpm/test run/rpm : BUILDER_VERSION=ubi ## Build package as a test docker/build/%/test: diff --git a/apk/Dockerfile-alpine b/apk/Dockerfile-alpine index 3c05e52ff6..eab4737972 100644 --- a/apk/Dockerfile-alpine +++ b/apk/Dockerfile-alpine @@ -1,5 +1,5 @@ # Need to use version number so that it gets updated here and triggers a build -FROM alpine:3.17.3 +FROM alpine:3.19.1 ENV LC_ALL=C.UTF-8 ENV PS1="(apk) \w \$ " @@ -16,6 +16,7 @@ RUN apk add --no-cache bash curl && \ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories RUN apk update && \ - apk add make curl alpine-sdk shadow bash jq sudo go + apk add make curl alpine-sdk shadow bash jq sudo go && \ + apk add --update -U python3 python3-dev py3-pip libffi-dev gcc linux-headers musl-dev openssl-dev RUN echo "auth sufficient pam_shells.so" > /etc/pam.d/chsh diff --git a/deb/Dockerfile.stable-slim b/deb/Dockerfile.stable-slim index 8f15696edc..bfb71a003e 100644 --- a/deb/Dockerfile.stable-slim +++ b/deb/Dockerfile.stable-slim @@ -1,5 +1,8 @@ # Need to use version number so that it gets updated here and triggers a build -FROM debian:11.5-slim +ARG PYTHON_VERSION=3.12.3 +ARG DEBIAN_CODENAME=bookworm + +FROM python:${PYTHON_VERSION}-slim-${DEBIAN_CODENAME} ENV LC_ALL=C.UTF-8 ENV PS1="(deb) \w \$ " diff --git a/rpm/Dockerfile.centos8 b/rpm/Dockerfile.ubi similarity index 88% rename from rpm/Dockerfile.centos8 rename to rpm/Dockerfile.ubi index aaa6e90302..5cab986bbc 100644 --- a/rpm/Dockerfile.centos8 +++ b/rpm/Dockerfile.ubi @@ -1,4 +1,5 @@ -FROM registry.access.redhat.com/ubi8/ubi +# UBI replaces Centos +FROM registry.access.redhat.com/ubi9/ubi ENV LC_ALL=C.UTF-8 ENV PS1="(rpm) \w \$ " @@ -7,6 +8,8 @@ RUN yum clean all && yum -y install ruby-devel gcc make rpm-build rubygems git z # install sudo, needed by package sudosh, and protected, so it is nearly impossible to remove RUN yum -y install sudo +RUN yum -y install python3.12 python3-pip + # https://github.com/jordansissel/fpm/issues/1663 # # # RUN gem install --no-document backports -v 3.15.0