Skip to content
This repository was archived by the owner on Nov 26, 2022. It is now read-only.

feat(ci): use unique tags when pushing to hub #140

Merged
fzipi merged 6 commits into from
Sep 17, 2022
Merged

feat(ci): use unique tags when pushing to hub #140

fzipi merged 6 commits into from
Sep 17, 2022

Conversation

@fzipi
Copy link
Member

@fzipi fzipi commented Sep 14, 2022

  • tags are based on build date using YYYYMMDDHHMM
  • main label does not change, only specific ones
  • remove cron build to use dispatched builds or merges only

Signed-off-by: Felipe Zipitria felipe.zipitria@owasp.org

@fzipi
feat(ci): use unique tags when pushing to hub
0a61144 
- tags are based on build date using YYYYMMDDHHMM
- main label does not change, only specific ones

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
@fzipi fzipi requested a review from theseion September 14, 2022 13:49
@fzipi fzipi force-pushed the change-docker-tagging branch 6 times, most recently from 940cda8 to 39ed44a Compare September 15, 2022 15:15
@fzipi
fix(nginx): add empty LD_LIBRARY_PATH to fix multiarch build
2312764 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
@fzipi fzipi force-pushed the change-docker-tagging branch from 39ed44a to 2312764 Compare September 15, 2022 15:39
@fzipi
Copy link
Member Author

fzipi commented Sep 15, 2022

This is what should be backed in:
image

@fzipi fzipi mentioned this pull request Sep 15, 2022
Closed
theseion
theseion suggested changes Sep 15, 2022
View reviewed changes
@theseion
Copy link
Contributor

theseion commented Sep 15, 2022

I'm now getting image build errors:

> [apache linux/arm64 build 2/7] RUN set -eux;     echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections;     apt-get update -qq;     apt-get install -y -qq --no-install-recommends --no-install-suggests         automake         ca-certificates         g++         git         libapr1-dev         libaprutil1-dev         libcurl4-gnutls-dev         libpcre++-dev         libtool         libxml2-dev         libyajl-dev         lua5.2-dev         make         pkgconf         wget:
#0 0.048 + echo debconf debconf/frontend select Noninteractive
#0 0.048 + debconf-set-selections
#0 0.107 + apt-get update -qq
#0 30.44 W: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease  Could not connect to deb.debian.org:80 (151.101.14.132), connection timed out
#0 30.44 W: Failed to fetch http://deb.debian.org/debian-security/dists/bullseye-security/InRelease  Unable to connect to deb.debian.org:80:
#0 30.44 W: Failed to fetch http://deb.debian.org/debian/dists/bullseye-updates/InRelease  Unable to connect to deb.debian.org:80:
#0 30.44 W: Some index files failed to download. They have been ignored, or old ones used instead.
#0 30.45 + apt-get install -y -qq --no-install-recommends --no-install-suggests automake ca-certificates g++ git libapr1-dev libaprutil1-dev libcurl4-gnutls-dev libpcre++-dev libtool libxml2-dev libyajl-dev lua5.2-dev make pkgconf wget
#0 30.51 E: Unable to locate package automake
#0 30.51 E: Unable to locate package git
#0 30.51 E: Unable to locate package libapr1-dev
#0 30.51 E: Unable to locate package libaprutil1-dev
#0 30.51 E: Unable to locate package libcurl4-gnutls-dev
#0 30.51 E: Unable to locate package libpcre++-dev
#0 30.51 E: Couldn't find any package by regex 'libpcre++-dev'
#0 30.51 E: Unable to locate package libtool
#0 30.51 E: Unable to locate package libxml2-dev
#0 30.51 E: Unable to locate package libyajl-dev
#0 30.51 E: Unable to locate package lua5.2-dev
#0 30.51 E: Couldn't find any package by glob 'lua5.2-dev'
#0 30.51 E: Couldn't find any package by regex 'lua5.2-dev'
#0 30.51 E: Unable to locate package make
#0 30.51 E: Unable to locate package pkgconf
#0 30.51 E: Unable to locate package wget

@fzipi
Copy link
Member Author

fzipi commented Sep 15, 2022

Works for me:

❯ docker buildx bake -f ./docker-bake.hcl apache --set apache.platform=linux/arm64
[+] Building 729.1s (25/25) FINISHED
 => [internal] booting buildkit                                                                                                                                                                  8.9s
 => => pulling image moby/buildkit:buildx-stable-1                                                                                                                                               8.2s
 => => creating container buildx_buildkit_eager_poincare0                                                                                                                                        0.7s
 => [internal] load build definition from Dockerfile                                                                                                                                             0.0s
 => => transferring dockerfile: 8.78kB                                                                                                                                                           0.0s
 => [internal] load .dockerignore                                                                                                                                                                0.0s
 => => transferring context: 2B                                                                                                                                                                  0.0s
 => [internal] load metadata for docker.io/library/httpd:2.4                                                                                                                                     3.9s
 => [auth] library/httpd:pull token for registry-1.docker.io                                                                                                                                     0.0s
 => [stage-1  1/13] FROM docker.io/library/httpd:2.4@sha256:71e882df50adc606c57e46e5deb3c933288e2c7775472a639326d9e4e40a47c2                                                                     3.7s
 => => resolve docker.io/library/httpd:2.4@sha256:71e882df50adc606c57e46e5deb3c933288e2c7775472a639326d9e4e40a47c2                                                                               0.0s
 => => sha256:3fdf0b8bdad053c0dc6f72e0fc7f73f02736d50b70261b568fe762c62deb3d68 298B / 298B                                                                                                       0.4s
 => => sha256:e10a8c39e239c30aa9440d852079300a6eb107875f29d76c99d0c8cd7774ad82 23.68MB / 23.68MB                                                                                                 1.8s
 => => sha256:b9556901a646caf43dfce4ecc34321c252ee1c8040e50f4901fd9408b227cbb1 147B / 147B                                                                                                       0.4s
 => => sha256:7794fc7e01cb15776c4d1a53434382e0cb962df66fa968d6169f1a1a62838be9 1.70MB / 1.70MB                                                                                                   0.8s
 => => sha256:3d898485473e3507374cea2e09f019c2ff5728f0911aa36c70b7a7235e9bc8ac 30.05MB / 30.05MB                                                                                                 1.4s
 => => extracting sha256:3d898485473e3507374cea2e09f019c2ff5728f0911aa36c70b7a7235e9bc8ac                                                                                                        1.2s
 => => extracting sha256:b9556901a646caf43dfce4ecc34321c252ee1c8040e50f4901fd9408b227cbb1                                                                                                        0.0s
 => => extracting sha256:7794fc7e01cb15776c4d1a53434382e0cb962df66fa968d6169f1a1a62838be9                                                                                                        0.1s
 => => extracting sha256:e10a8c39e239c30aa9440d852079300a6eb107875f29d76c99d0c8cd7774ad82                                                                                                        0.6s
 => => extracting sha256:3fdf0b8bdad053c0dc6f72e0fc7f73f02736d50b70261b568fe762c62deb3d68                                                                                                        0.0s
 => [internal] load build context                                                                                                                                                                0.0s
 => => transferring context: 5.06kB                                                                                                                                                              0.0s
 => [build 2/7] RUN set -eux;     echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections;     apt-get update -qq;     apt-get install -y -qq --no-install-recommends -  89.1s
 => [stage-1  2/13] RUN set -eux;     echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections;     apt-get update -qq;     apt-get install -qq -y --no-install-recommen  18.7s
 => [build 3/7] RUN set -eux;     wget --quiet https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz;     tar -xvzf ssdeep-2.14.1.tar.gz;     cd ssd  131.5s
 => [build 4/7] RUN set -eux;     git clone https://github.com/SpiderLabs/ModSecurity --branch v2.9.6 --depth 1;     cd ModSecurity;     ./autogen.sh;     ./configure;     make;     make in  486.4s
 => [build 5/7] RUN mkdir -p /usr/share/TLS                                                                                                                                                      0.1s
 => [build 6/7] COPY v2-apache/openssl.conf /usr/share/TLS                                                                                                                                       0.0s
 => [build 7/7] RUN openssl req -x509 -days 365 -new     -config /usr/share/TLS/openssl.conf     -keyout /usr/share/TLS/server.key     -out /usr/share/TLS/server.crt                            2.9s
 => [stage-1  3/13] COPY --from=build /usr/local/apache2/modules/mod_security2.so                  /usr/local/apache2/modules/mod_security2.so                                                   0.0s
 => [stage-1  4/13] COPY --from=build /usr/local/apache2/ModSecurity/modsecurity.conf-recommended  /etc/modsecurity.d/modsecurity.conf                                                           0.0s
 => [stage-1  5/13] COPY --from=build /usr/local/apache2/ModSecurity/unicode.mapping               /etc/modsecurity.d/unicode.mapping                                                            0.0s
 => [stage-1  6/13] COPY --from=build /usr/local/lib/libfuzzy.so.2.1.0                  /usr/local/lib/libfuzzy.so.2.1.0                                                                         0.0s
 => [stage-1  7/13] COPY --from=build /usr/local/bin/ssdeep                                        /usr/local/bin/ssdeep                                                                         0.0s
 => [stage-1  8/13] COPY --from=build /usr/share/TLS/server.key                                    /usr/local/apache2/conf/server.key                                                            0.0s
 => [stage-1  9/13] COPY --from=build /usr/share/TLS/server.crt                                    /usr/local/apache2/conf/server.crt                                                            0.0s
 => [stage-1 10/13] COPY src/etc/modsecurity.d/*.conf /etc/modsecurity.d/                                                                                                                        0.0s
 => [stage-1 11/13] COPY v2-apache/conf/extra/*.conf /usr/local/apache2/conf/extra/                                                                                                              0.0s
 => [stage-1 12/13] RUN set -eux;     ln -s libfuzzy.so.2.1.0 /usr/local/lib/libfuzzy.so;     ln -s libfuzzy.so.2.1.0 /usr/local/lib/libfuzzy.so.2;     ldconfig                                 0.2s
 => [stage-1 13/13] RUN set -eux;     sed -i -E 's|(Listen) [0-9]+|\1 ${PORT}|' /usr/local/apache2/conf/httpd.conf;     sed -i -E 's|(ServerTokens) Full|\1 Prod|' /usr/local/apache2/conf/extr  1.6s
WARNING: No output specified for apache target(s) with docker-container driver. Build result will only remain in the build cache. To push result image into registry use --push or to load image into docker use --load

🤷 Maybe a temp network problem there?

@fzipi @theseion
Apply suggestions from code review
eaa7314 
Co-authored-by: Max Leske <th3s3ion@gmail.com>
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
@fzipi fzipi force-pushed the change-docker-tagging branch from 25838db to eaa7314 Compare September 15, 2022 21:19
@fzipi
fix(bake): update tag on alpine
af7be05 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
theseion
theseion suggested changes Sep 16, 2022
View reviewed changes
@theseion
Copy link
Contributor

theseion commented Sep 16, 2022

🤷 Maybe a temp network problem there?

Seems like it... Works now.

@andrei-piarainc
Copy link

andrei-piarainc commented Sep 16, 2022

Looks nice. Will it apply for Nginx-based build also? :)

@theseion
Copy link
Contributor

theseion commented Sep 16, 2022

@andrei-piarainc this is for all our images, yes.

@fzipi I've built all of the image variants (took about 3 hours :) ). Looks good.

@fzipi @theseion
Apply suggestions from code review
ecec915 
Co-authored-by: Max Leske <th3s3ion@gmail.com>
@fzipi fzipi requested a review from theseion September 16, 2022 16:40
This was referenced Sep 16, 2022
Merged
Closed
theseion
theseion reviewed Sep 17, 2022
View reviewed changes
@fzipi fzipi force-pushed the change-docker-tagging branch from 1a8de62 to f93c04b Compare September 17, 2022 11:33
@fzipi fzipi requested a review from theseion September 17, 2022 11:46
@fzipi fzipi mentioned this pull request Sep 17, 2022
Merged
@fzipi
feat(ci): do not pull images if not found locally
1036a7b 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
@fzipi fzipi force-pushed the change-docker-tagging branch from f93c04b to 1036a7b Compare September 17, 2022 12:46
theseion
theseion approved these changes Sep 17, 2022
View reviewed changes
Copy link
Contributor

@theseion theseion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Great work!

@fzipi
Copy link
Member Author

fzipi commented Sep 17, 2022

Thanks!

Another thing that I really like is that we are baking it with labels:

  org.opencontainers.image.title=modsecurity-docker
  org.opencontainers.image.description=The official ModSecurity Docker images
  org.opencontainers.image.url=https://github.com/coreruleset/modsecurity-docker
  org.opencontainers.image.source=https://github.com/coreruleset/modsecurity-docker
  org.opencontainers.image.version=2-202209171209
  org.opencontainers.image.created=2022-09-17T12:46:20.710Z
  org.opencontainers.image.revision=cbbbbfdcfe7bec1095160c1f448913ac62eafd96
  org.opencontainers.image.licenses=Apache-2.0

@fzipi fzipi merged commit 6374ebd into coreruleset:master Sep 17, 2022
@fzipi fzipi deleted the change-docker-tagging branch September 17, 2022 13:08
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@theseion theseion theseion approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fzipi @theseion @andrei-piarainc