From 05aaa26943d7f2c9652a9062d0020e1a9c25ec90 Mon Sep 17 00:00:00 2001 From: reinvantveer Date: Thu, 21 Jan 2021 20:19:42 +0100 Subject: [PATCH 1/7] pin Dockerfile base images to create reproducible builds Signed-off-by: Rein van 't Veer --- images/ansible-operator/Dockerfile | 2 +- images/helm-operator/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/images/ansible-operator/Dockerfile b/images/ansible-operator/Dockerfile index 0b813e706f..8b0768dcb6 100644 --- a/images/ansible-operator/Dockerfile +++ b/images/ansible-operator/Dockerfile @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi8/ubi:latest +FROM registry.access.redhat.com/ubi8/ubi:8.3-227 RUN mkdir -p /etc/ansible \ && echo "localhost ansible_connection=local" > /etc/ansible/hosts \ diff --git a/images/helm-operator/Dockerfile b/images/helm-operator/Dockerfile index af530209f7..c993397a73 100644 --- a/images/helm-operator/Dockerfile +++ b/images/helm-operator/Dockerfile @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi8/ubi-minimal:latest +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3-227 ENV HOME=/opt/helm \ USER_NAME=helm \ From 223b80f2b6dfb9dac65711d361bdf7740da2e715 Mon Sep 17 00:00:00 2001 From: Rein van 't Veer Date: Thu, 21 Jan 2021 20:23:49 +0100 Subject: [PATCH 2/7] explain what/why of the change Signed-off-by: Rein van 't Veer --- ...er-base-images-for-ansible-and-helm-operators.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 changelog/fragments/pin-docker-base-images-for-ansible-and-helm-operators.yaml diff --git a/changelog/fragments/pin-docker-base-images-for-ansible-and-helm-operators.yaml b/changelog/fragments/pin-docker-base-images-for-ansible-and-helm-operators.yaml new file mode 100644 index 0000000000..bdb9f083f3 --- /dev/null +++ b/changelog/fragments/pin-docker-base-images-for-ansible-and-helm-operators.yaml @@ -0,0 +1,11 @@ +# entries is a list of entries to include in +# release notes and/or the migration guide +entries: + - description: > + For Ansible-based and Helm-based operators, the Docker base image is + pinned to improve the reproducibility of builds using Docker. + + kind: addition + + # Is this a breaking change? + breaking: false From 976a109d9ed7eafcf65bfd21b25f669864192016 Mon Sep 17 00:00:00 2001 From: Rein van 't Veer Date: Thu, 21 Jan 2021 20:38:02 +0100 Subject: [PATCH 3/7] fix copy/paste error for current ubi-minimal base image version Signed-off-by: Rein van 't Veer --- images/helm-operator/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/helm-operator/Dockerfile b/images/helm-operator/Dockerfile index c993397a73..8ad5e30380 100644 --- a/images/helm-operator/Dockerfile +++ b/images/helm-operator/Dockerfile @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3-227 +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3-230 ENV HOME=/opt/helm \ USER_NAME=helm \ From 0f442336d8d89aef0a2f3ccb4d539d7dce52c066 Mon Sep 17 00:00:00 2001 From: Rein van 't Veer Date: Thu, 21 Jan 2021 22:19:26 +0100 Subject: [PATCH 4/7] pin base image versions for custom-scorecard-tests and operator-sdk as well Signed-off-by: Rein van 't Veer --- images/custom-scorecard-tests/Dockerfile | 3 +-- images/operator-sdk/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/images/custom-scorecard-tests/Dockerfile b/images/custom-scorecard-tests/Dockerfile index 80c14912af..e5dcabaf95 100644 --- a/images/custom-scorecard-tests/Dockerfile +++ b/images/custom-scorecard-tests/Dockerfile @@ -1,5 +1,4 @@ -# Base image -FROM registry.access.redhat.com/ubi8/ubi-minimal:latest +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3-230 ENV HOME=/opt/custom-scorecard-tests \ USER_NAME=custom-scorecard-tests \ diff --git a/images/operator-sdk/Dockerfile b/images/operator-sdk/Dockerfile index 5faf37c7fb..c98e82457d 100644 --- a/images/operator-sdk/Dockerfile +++ b/images/operator-sdk/Dockerfile @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi8/ubi-minimal:latest +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3-230 RUN microdnf install -y golang make which From 2ba68eba080a2ef1adefee34e93fd80dfad53aba Mon Sep 17 00:00:00 2001 From: Rein van 't Veer Date: Thu, 21 Jan 2021 22:21:37 +0100 Subject: [PATCH 5/7] update to reflect pinning all images, rename change file to fit description Signed-off-by: Rein van 't Veer --- ...r-base-images-for-ansible-and-helm-operators.yaml | 11 ----------- changelog/fragments/pin-docker-base-images.yaml | 12 ++++++++++++ 2 files changed, 12 insertions(+), 11 deletions(-) delete mode 100644 changelog/fragments/pin-docker-base-images-for-ansible-and-helm-operators.yaml create mode 100644 changelog/fragments/pin-docker-base-images.yaml diff --git a/changelog/fragments/pin-docker-base-images-for-ansible-and-helm-operators.yaml b/changelog/fragments/pin-docker-base-images-for-ansible-and-helm-operators.yaml deleted file mode 100644 index bdb9f083f3..0000000000 --- a/changelog/fragments/pin-docker-base-images-for-ansible-and-helm-operators.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# entries is a list of entries to include in -# release notes and/or the migration guide -entries: - - description: > - For Ansible-based and Helm-based operators, the Docker base image is - pinned to improve the reproducibility of builds using Docker. - - kind: addition - - # Is this a breaking change? - breaking: false diff --git a/changelog/fragments/pin-docker-base-images.yaml b/changelog/fragments/pin-docker-base-images.yaml new file mode 100644 index 0000000000..c38f24a354 --- /dev/null +++ b/changelog/fragments/pin-docker-base-images.yaml @@ -0,0 +1,12 @@ +# entries is a list of entries to include in +# release notes and/or the migration guide +entries: + - description: > + For Ansible-based and Helm-based operators, as well as for the + Operator SDK and the custom scorecard tests, the Docker base images + are pinned to improve the reproducibility of builds using Docker. + + kind: addition + + # Is this a breaking change? + breaking: false From 5b1b4d12e5463569a68012ac05d502bb75ab8278 Mon Sep 17 00:00:00 2001 From: Rein van 't Veer Date: Thu, 21 Jan 2021 22:22:52 +0100 Subject: [PATCH 6/7] pin Docker base image for scorecard test Signed-off-by: Rein van 't Veer --- images/scorecard-test/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/scorecard-test/Dockerfile b/images/scorecard-test/Dockerfile index 402c1f7a8c..cdac469629 100644 --- a/images/scorecard-test/Dockerfile +++ b/images/scorecard-test/Dockerfile @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi8/ubi-minimal:latest +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3-230 ENV HOME=/opt/scorecard-test \ USER_NAME=scorecard-test \ From f69975e2efd262acdd615f8cd566b6acb30b6a87 Mon Sep 17 00:00:00 2001 From: Rein van 't Veer Date: Thu, 21 Jan 2021 22:23:42 +0100 Subject: [PATCH 7/7] update to reflect pinning scorecard test base image Signed-off-by: Rein van 't Veer --- changelog/fragments/pin-docker-base-images.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog/fragments/pin-docker-base-images.yaml b/changelog/fragments/pin-docker-base-images.yaml index c38f24a354..3ed740c752 100644 --- a/changelog/fragments/pin-docker-base-images.yaml +++ b/changelog/fragments/pin-docker-base-images.yaml @@ -3,7 +3,7 @@ entries: - description: > For Ansible-based and Helm-based operators, as well as for the - Operator SDK and the custom scorecard tests, the Docker base images + Operator SDK and the (custom) scorecard tests, the Docker base images are pinned to improve the reproducibility of builds using Docker. kind: addition