From 24d2d7b39477823e0367ff6b8841140e2f177690 Mon Sep 17 00:00:00 2001 From: davdhacs <105243888+davdhacs@users.noreply.github.com> Date: Mon, 13 Apr 2026 11:58:12 -0600 Subject: [PATCH 1/9] Write build metadata to /i-am-rox-ci-image Populate /i-am-rox-ci-image with rox-ci-image version, git SHA, and key tool versions (go, gcc, helm, docker, kubectl, etc.) at build time. This file is cat'd by the prow begin step for traceability when using floating tags like stable/latest. Co-Authored-By: Claude Opus 4.6 (1M context) --- Makefile | 18 ++++++++++++++++-- images/scanner-build.Dockerfile | 10 ++++++++++ images/scanner-test.Dockerfile | 12 ++++++++++++ images/stackrox-build.Dockerfile | 10 ++++++++++ images/stackrox-test.Dockerfile | 14 ++++++++++++++ images/stackrox-ui-test.Dockerfile | 13 +++++++++++++ 6 files changed, 75 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index e101256c..86efd888 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,8 @@ ifeq ($(DOCKER),) DOCKER=docker endif QUAY_REPO=stackrox-io +ROX_CI_IMAGE_VERSION=$(shell git describe --tags --abbrev=10) +ROX_CI_IMAGE_REVISION=$(shell git rev-parse HEAD) STACKROX_BUILD_TAG=$(shell scripts/get_tag.sh "stackrox-build") @@ -9,6 +11,8 @@ STACKROX_BUILD_TAG=$(shell scripts/get_tag.sh "stackrox-build") stackrox-build-image: $(DOCKER) build \ --platform linux/amd64 \ + --build-arg ROX_CI_IMAGE_VERSION=$(ROX_CI_IMAGE_VERSION) \ + --build-arg ROX_CI_IMAGE_REVISION=$(ROX_CI_IMAGE_REVISION) \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_BUILD_TAG) \ -f images/stackrox-build.Dockerfile \ images/ @@ -19,8 +23,10 @@ STACKROX_TEST_TAG=$(shell scripts/get_tag.sh "stackrox-test") stackrox-test-image: $(DOCKER) build \ --platform linux/amd64 \ - -t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_TEST_TAG) \ + --build-arg ROX_CI_IMAGE_VERSION=$(ROX_CI_IMAGE_VERSION) \ + --build-arg ROX_CI_IMAGE_REVISION=$(ROX_CI_IMAGE_REVISION) \ --build-arg BASE_TAG=$(STACKROX_BUILD_TAG) \ + -t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_TEST_TAG) \ -f images/stackrox-test.Dockerfile \ images/ @@ -30,8 +36,10 @@ STACKROX_UI_TEST_TAG=$(shell scripts/get_tag.sh "stackrox-ui-test") stackrox-ui-test-image: $(DOCKER) build \ --platform linux/amd64 \ - -t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_UI_TEST_TAG) \ + --build-arg ROX_CI_IMAGE_VERSION=$(ROX_CI_IMAGE_VERSION) \ + --build-arg ROX_CI_IMAGE_REVISION=$(ROX_CI_IMAGE_REVISION) \ --build-arg BASE_TAG=$(STACKROX_UI_TEST_TAG) \ + -t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_UI_TEST_TAG) \ -f images/stackrox-ui-test.Dockerfile \ images/ @@ -51,6 +59,8 @@ test-cci-export: scanner-build-image: $(DOCKER) build \ --platform linux/amd64 \ + --build-arg ROX_CI_IMAGE_VERSION=$(ROX_CI_IMAGE_VERSION) \ + --build-arg ROX_CI_IMAGE_REVISION=$(ROX_CI_IMAGE_REVISION) \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(shell scripts/get_tag.sh "scanner-build") \ -f images/scanner-build.Dockerfile \ images/ @@ -59,6 +69,8 @@ scanner-build-image: scanner-test-image: $(DOCKER) build \ --platform linux/amd64 \ + --build-arg ROX_CI_IMAGE_VERSION=$(ROX_CI_IMAGE_VERSION) \ + --build-arg ROX_CI_IMAGE_REVISION=$(ROX_CI_IMAGE_REVISION) \ --build-arg BASE_TAG=$(shell scripts/get_tag.sh "scanner-build") \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(shell scripts/get_tag.sh "scanner-test") \ -f images/scanner-test.Dockerfile \ @@ -68,6 +80,8 @@ scanner-test-image: jenkins-plugin-image: $(DOCKER) build \ --platform linux/amd64 \ + --build-arg ROX_CI_IMAGE_VERSION=$(ROX_CI_IMAGE_VERSION) \ + --build-arg ROX_CI_IMAGE_REVISION=$(ROX_CI_IMAGE_REVISION) \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(shell scripts/get_tag.sh "jenkins-plugin") \ -f images/jenkins-plugin.Dockerfile \ images/ diff --git a/images/scanner-build.Dockerfile b/images/scanner-build.Dockerfile index ff566700..54e09213 100644 --- a/images/scanner-build.Dockerfile +++ b/images/scanner-build.Dockerfile @@ -62,4 +62,14 @@ RUN fetch --repo="https://github.com/stackrox/ossls" --tag="${OSSLS_VERSION}" -- rm ossls_linux_amd64 && \ ossls version +ARG ROX_CI_IMAGE_VERSION=unknown +ARG ROX_CI_IMAGE_REVISION=unknown +RUN { \ + echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ + echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ + echo "go=$(go version | awk '{print $3}')"; \ + echo "gcc=$(gcc --version | head -1)"; \ + echo "make=$(make --version | head -1)"; \ + } > /i-am-rox-ci-image + WORKDIR /go/src/github.com/stackrox/scanner diff --git a/images/scanner-test.Dockerfile b/images/scanner-test.Dockerfile index dd8970e5..4e444a84 100644 --- a/images/scanner-test.Dockerfile +++ b/images/scanner-test.Dockerfile @@ -107,6 +107,18 @@ RUN set -ex \ && install hub-comment_linux_amd64 /usr/bin/hub-comment \ && command -v hub-comment +ARG ROX_CI_IMAGE_VERSION=unknown +ARG ROX_CI_IMAGE_REVISION=unknown +RUN { \ + echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ + echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ + echo "go=$(go version | awk '{print $3}')"; \ + echo "helm=$(helm version --short)"; \ + echo "oc=$(oc version --client | head -1)"; \ + echo "docker=$(docker version --format '{{.Client.Version}}' 2>/dev/null || echo unknown)"; \ + echo "kubectl=$(kubectl version --client -o json 2>/dev/null | grep gitVersion || echo unknown)"; \ + } > /i-am-rox-ci-image + RUN \ mv /bin/bash /bin/real-bash && \ mv /bin/bash-wrapper /bin/bash diff --git a/images/stackrox-build.Dockerfile b/images/stackrox-build.Dockerfile index fce437c5..46dd7268 100644 --- a/images/stackrox-build.Dockerfile +++ b/images/stackrox-build.Dockerfile @@ -83,4 +83,14 @@ RUN fetch --repo="https://github.com/stackrox/ossls" --tag="${OSSLS_VERSION}" -- ENV CGO_ENABLED=1 +ARG ROX_CI_IMAGE_VERSION=unknown +ARG ROX_CI_IMAGE_REVISION=unknown +RUN { \ + echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ + echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ + echo "go=$(go version | awk '{print $3}')"; \ + echo "gcc=$(gcc --version | head -1)"; \ + echo "make=$(make --version | head -1)"; \ + } > /i-am-rox-ci-image + WORKDIR /go/src/github.com/stackrox/rox diff --git a/images/stackrox-test.Dockerfile b/images/stackrox-test.Dockerfile index ef13ebd4..fc59a3bf 100644 --- a/images/stackrox-test.Dockerfile +++ b/images/stackrox-test.Dockerfile @@ -167,6 +167,20 @@ RUN set -ex \ # Install roxie. COPY --from=roxie-installer /usr/local/bin/roxie /usr/bin/roxie +ARG ROX_CI_IMAGE_VERSION=unknown +ARG ROX_CI_IMAGE_REVISION=unknown +RUN { \ + echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ + echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ + echo "go=$(go version | awk '{print $3}')"; \ + echo "helm=$(helm version --short)"; \ + echo "oc=$(oc version --client | head -1)"; \ + echo "docker=$(docker version --format '{{.Client.Version}}' 2>/dev/null || echo unknown)"; \ + echo "kubectl=$(kubectl version --client -o json 2>/dev/null | grep gitVersion || echo unknown)"; \ + echo "vault=$(vault --version)"; \ + echo "shellcheck=$(shellcheck --version | grep version: | head -1)"; \ + } > /i-am-rox-ci-image + RUN \ mv /bin/bash /bin/real-bash && \ mv /bin/bash-wrapper /bin/bash diff --git a/images/stackrox-ui-test.Dockerfile b/images/stackrox-ui-test.Dockerfile index a927be7b..17ac2368 100644 --- a/images/stackrox-ui-test.Dockerfile +++ b/images/stackrox-ui-test.Dockerfile @@ -219,6 +219,19 @@ RUN set -ex \ # Install roxie. COPY --from=roxie-installer /usr/local/bin/roxie /usr/bin/roxie +ARG ROX_CI_IMAGE_VERSION=unknown +ARG ROX_CI_IMAGE_REVISION=unknown +RUN { \ + echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ + echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ + echo "go=$(go version | awk '{print $3}')"; \ + echo "node=$(node --version)"; \ + echo "helm=$(helm version --short)"; \ + echo "oc=$(oc version --client | head -1)"; \ + echo "docker=$(docker version --format '{{.Client.Version}}' 2>/dev/null || echo unknown)"; \ + echo "kubectl=$(kubectl version --client -o json 2>/dev/null | grep gitVersion || echo unknown)"; \ + } > /i-am-rox-ci-image + RUN \ mv /bin/bash /bin/real-bash && \ mv /bin/bash-wrapper /bin/bash From 5552d79fe2f6c3f1a84f8c8b1489bff0d873ee04 Mon Sep 17 00:00:00 2001 From: davdhacs <105243888+davdhacs@users.noreply.github.com> Date: Mon, 13 Apr 2026 12:03:19 -0600 Subject: [PATCH 2/9] Add missing tool versions to metadata Include gradle, aws, yq, gcloud, bats, roxie, shellcheck, and vault in the /i-am-rox-ci-image metadata for all images that install them. Co-Authored-By: Claude Opus 4.6 (1M context) --- images/aci.dockerfile | 177 +++++++++++++++++++++++++++++ images/scanner-test.Dockerfile | 2 + images/stackrox-test.Dockerfile | 5 + images/stackrox-ui-test.Dockerfile | 8 ++ 4 files changed, 192 insertions(+) create mode 100644 images/aci.dockerfile diff --git a/images/aci.dockerfile b/images/aci.dockerfile new file mode 100644 index 00000000..c7e84c63 --- /dev/null +++ b/images/aci.dockerfile @@ -0,0 +1,177 @@ +# Provides the tooling required to build StackRox images and test StackRox +# binaries and images. Builds upon stackrox-build.Dockerfile. + +ARG BASE_TAG +FROM redhat/ubi8:latest as base + +# This line makes sure that piped commands in RUN instructions exit early. +# This should not affect use in CircleCI because Circle doesn't use +# CMD/ENTRYPOINT. +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +# We are copying the contents in static-contents into / in the image, following the directory structure. +# The reason we don't do a simple COPY ./static-contents / is that, in the base image (as of ubuntu:20.04) +# /bin is a symlink to /usr/bin, and so the COPY ends up overwriting the symlink with a directory containing only +# the contents of static-contents/bin, which is NOT what we want. +# The following method of copying to /static-tmp and then explicitly copying file by file works around that. +COPY ./static-contents/ /static-tmp +RUN set -ex \ + && find /static-tmp -type f -print0 | \ + xargs -0 -I '{}' -n1 bash -c 'dir="$(dirname "${1}")"; new_dir="${dir#/static-tmp}"; mkdir -p "${new_dir}"; cp "${1}" "${new_dir}";' -- {} \ + && rm -r /static-tmp +# Circle CI uses BASH_ENV to pass an environment for bash. Other environments need +# an initial BASH_ENV as a foundation for cci-export(). +ENV BASH_ENV /etc/initial-bash.env + +# Install Postgres repo +RUN dnf --disablerepo="*" install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm + +# Install all the packages +RUN dnf update -y \ + && dnf install --skip-broken --nobest -y \ + expect \ + gcc \ + gcc-c++ \ + java-17-openjdk-devel \ + lsof \ + lz4 \ + openssl \ + python3-devel \ + unzip \ + xmlstarlet \ + xz \ + zip \ + && dnf clean all \ + && rm -rf /var/cache/dnf /var/cache/yum + +#RUN dnf update -y \ +# && dnf --disablerepo="*" --enablerepo="pgdg14" install -y postgresql14 postgresql14-server postgresql14-contrib \ +# && dnf clean all \ +# && rm -rf /var/cache/dnf /var/cache/yum +RUN dnf update -y \ + && dnf install -y python3.11 \ + && dnf clean all \ + && rm -rf /var/cache/dnf /var/cache/yum + +RUN curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-linux-x86_64.tar.gz \ + && tar -xf google-cloud-cli-linux-x86_64.tar.gz \ + && ./google-cloud-sdk/install.sh --help \ + && ./google-cloud-sdk/install.sh + +ENV PATH=$PATH:./google-cloud-sdk/bin/ +RUN gcloud components install kubectl gke-gcloud-auth-plugin + +#RUN curl -Lo kubectl "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/arm64/kubectl.sha256" \ +# && install -m 0755 kubectl /usr/bin/kubectl + +# Use updated auth plugin for GCP +ENV USE_GKE_GCLOUD_AUTH_PLUGIN=True +RUN gke-gcloud-auth-plugin --version + +# Update PATH for Postgres14 +ENV PATH=$PATH:/usr/pgsql-14/bin + +RUN dnf update -y \ + && dnf install -y npm wget nodejs \ + && dnf clean all \ + && rm -rf /var/cache/dnf /var/cache/yum + +RUN python3 --version + +# Install bats +RUN set -ex \ + && npm install -g bats@1.10.0 bats-support@0.3.0 bats-assert@2.0.0 tap-junit \ + && bats -v + +# Install docker binary +ARG DOCKER_VERSION=20.10.6 +RUN set -ex \ + && DOCKER_URL="https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_VERSION}.tgz" \ + && echo Docker URL: $DOCKER_URL \ + && wget --no-verbose -O /tmp/docker.tgz "${DOCKER_URL}" \ + && ls -lha /tmp/docker.tgz \ + && tar -xz -C /tmp -f /tmp/docker.tgz \ + && install /tmp/docker/docker /usr/local/bin \ + && rm -rf /tmp/docker /tmp/docker.tgz \ + && command -v docker \ + && (docker version --format '{{.Client.Version}}' || true) + +# Symlink python to python3 +RUN ln -s /usr/bin/python3 /usr/bin/python + +# oc +RUN set -ex \ + && wget --no-verbose -O oc.tgz https://github.com/okd-project/okd/releases/download/4.11.0-0.okd-2022-12-02-145640/openshift-client-linux-4.11.0-0.okd-2022-12-02-145640.tar.gz \ + && mkdir "oc-dir" \ + && tar -C "oc-dir" -xf oc.tgz \ + && install oc-dir/oc /usr/local/bin \ + && rm -rf "oc-dir" oc.tgz \ + && command -v oc + +# helm +RUN set -ex \ + && wget --no-verbose -O helm.tgz https://get.helm.sh/helm-v3.11.2-linux-arm64.tar.gz \ + && tar -xf helm.tgz \ + && install linux-arm64/helm /usr/local/bin \ + && rm -rf helm.tgz linux-arm64 \ + && command -v helm + +# Install gradle +ARG GRADLE_VERSION=7.5.1 +ENV PATH=$PATH:/opt/gradle/bin +RUN set -ex \ + && wget --no-verbose https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip \ + && mkdir /opt/gradle \ + && unzip -q gradle-${GRADLE_VERSION}-bin.zip \ + && mv gradle-${GRADLE_VERSION}/* /opt/gradle \ + && rm gradle-${GRADLE_VERSION}-bin.zip \ + && rmdir gradle-${GRADLE_VERSION} \ + && command -v gradle + +# Install aws cli +RUN set -ex \ + && wget --no-verbose -O "awscliv2.zip" "https://awscli.amazonaws.com/awscli-exe-linux-aarch64-2.7.17.zip" \ + && unzip awscliv2.zip \ + && ./aws/install \ + && rm awscliv2.zip \ + && rm -rf aws \ + && aws --version + +# Install yq v4.16.2 +RUN set -ex \ + && wget --no-verbose "https://github.com/mikefarah/yq/releases/download/v4.16.2/yq_linux_arm64" \ + && mv yq_linux_arm64 /usr/bin/yq \ + && chmod +x /usr/bin/yq + +# Install shellcheck +ARG SHELLCHECK_VERSION=0.10.0 +RUN set -ex \ + && wget --quiet "https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/shellcheck-v${SHELLCHECK_VERSION}.linux.aarch64.tar.xz" \ + && tar -xJf "shellcheck-v${SHELLCHECK_VERSION}.linux.aarch64.tar.xz" \ + && cp "shellcheck-v${SHELLCHECK_VERSION}/shellcheck" /usr/bin/shellcheck \ + && rm "shellcheck-v${SHELLCHECK_VERSION}.linux.aarch64.tar.xz" \ + && rm -rf "shellcheck-v${SHELLCHECK_VERSION}" \ + && shellcheck --version + +# Install hashicorp vault +ARG VAULT_VERSION=1.12.1 +RUN set -ex \ + && wget --quiet "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_arm64.zip" \ + && unzip "vault_${VAULT_VERSION}_linux_arm64.zip" \ + && strip "vault" \ + && mv "vault" /usr/bin/vault \ + && rm "vault_${VAULT_VERSION}_linux_arm64.zip" \ + && vault --version + +# Add python development tooling. If these versions have to change check for +# dependent repos. e.g. stackrox/stackrox has .openshift-ci/dev-requirements.txt +# for local development style & lint. +ARG PYCODESTYLE_VERSION=2.10.0 +ARG PYLINT_VERSION=2.13.9 +RUN set -ex \ + && pip3 install pycodestyle=="${PYCODESTYLE_VERSION}" \ + pylint=="${PYLINT_VERSION}" + +RUN \ + mv /bin/bash /bin/real-bash && \ + mv /bin/bash-wrapper /bin/bash diff --git a/images/scanner-test.Dockerfile b/images/scanner-test.Dockerfile index 4e444a84..05c513e7 100644 --- a/images/scanner-test.Dockerfile +++ b/images/scanner-test.Dockerfile @@ -117,6 +117,8 @@ RUN { \ echo "oc=$(oc version --client | head -1)"; \ echo "docker=$(docker version --format '{{.Client.Version}}' 2>/dev/null || echo unknown)"; \ echo "kubectl=$(kubectl version --client -o json 2>/dev/null | grep gitVersion || echo unknown)"; \ + echo "yq=$(yq --version)"; \ + echo "gcloud=$(gcloud version 2>/dev/null | head -1 || echo unknown)"; \ } > /i-am-rox-ci-image RUN \ diff --git a/images/stackrox-test.Dockerfile b/images/stackrox-test.Dockerfile index fc59a3bf..728f7bd1 100644 --- a/images/stackrox-test.Dockerfile +++ b/images/stackrox-test.Dockerfile @@ -175,10 +175,15 @@ RUN { \ echo "go=$(go version | awk '{print $3}')"; \ echo "helm=$(helm version --short)"; \ echo "oc=$(oc version --client | head -1)"; \ + echo "gradle=$(gradle --version | grep '^Gradle' || echo unknown)"; \ + echo "aws=$(aws --version)"; \ echo "docker=$(docker version --format '{{.Client.Version}}' 2>/dev/null || echo unknown)"; \ echo "kubectl=$(kubectl version --client -o json 2>/dev/null | grep gitVersion || echo unknown)"; \ echo "vault=$(vault --version)"; \ echo "shellcheck=$(shellcheck --version | grep version: | head -1)"; \ + echo "yq=$(yq --version)"; \ + echo "gcloud=$(gcloud version 2>/dev/null | head -1 || echo unknown)"; \ + echo "roxie=$(roxie version 2>/dev/null || echo unknown)"; \ } > /i-am-rox-ci-image RUN \ diff --git a/images/stackrox-ui-test.Dockerfile b/images/stackrox-ui-test.Dockerfile index 17ac2368..a9b15165 100644 --- a/images/stackrox-ui-test.Dockerfile +++ b/images/stackrox-ui-test.Dockerfile @@ -228,8 +228,16 @@ RUN { \ echo "node=$(node --version)"; \ echo "helm=$(helm version --short)"; \ echo "oc=$(oc version --client | head -1)"; \ + echo "gradle=$(gradle --version | grep '^Gradle' || echo unknown)"; \ + echo "aws=$(aws --version)"; \ echo "docker=$(docker version --format '{{.Client.Version}}' 2>/dev/null || echo unknown)"; \ echo "kubectl=$(kubectl version --client -o json 2>/dev/null | grep gitVersion || echo unknown)"; \ + echo "vault=$(vault --version)"; \ + echo "shellcheck=$(shellcheck --version | grep version: | head -1)"; \ + echo "yq=$(yq --version)"; \ + echo "bats=$(bats --version)"; \ + echo "gcloud=$(gcloud version 2>/dev/null | head -1 || echo unknown)"; \ + echo "roxie=$(roxie version 2>/dev/null || echo unknown)"; \ } > /i-am-rox-ci-image RUN \ From b47f37b2b6d5a28e013291ef1721cfa6e6ced1c0 Mon Sep 17 00:00:00 2001 From: davdhacs <105243888+davdhacs@users.noreply.github.com> Date: Mon, 13 Apr 2026 12:03:25 -0600 Subject: [PATCH 3/9] Remove accidentally committed aci.dockerfile Co-Authored-By: Claude Opus 4.6 (1M context) --- images/aci.dockerfile | 177 ------------------------------------------ 1 file changed, 177 deletions(-) delete mode 100644 images/aci.dockerfile diff --git a/images/aci.dockerfile b/images/aci.dockerfile deleted file mode 100644 index c7e84c63..00000000 --- a/images/aci.dockerfile +++ /dev/null @@ -1,177 +0,0 @@ -# Provides the tooling required to build StackRox images and test StackRox -# binaries and images. Builds upon stackrox-build.Dockerfile. - -ARG BASE_TAG -FROM redhat/ubi8:latest as base - -# This line makes sure that piped commands in RUN instructions exit early. -# This should not affect use in CircleCI because Circle doesn't use -# CMD/ENTRYPOINT. -SHELL ["/bin/bash", "-o", "pipefail", "-c"] - -# We are copying the contents in static-contents into / in the image, following the directory structure. -# The reason we don't do a simple COPY ./static-contents / is that, in the base image (as of ubuntu:20.04) -# /bin is a symlink to /usr/bin, and so the COPY ends up overwriting the symlink with a directory containing only -# the contents of static-contents/bin, which is NOT what we want. -# The following method of copying to /static-tmp and then explicitly copying file by file works around that. -COPY ./static-contents/ /static-tmp -RUN set -ex \ - && find /static-tmp -type f -print0 | \ - xargs -0 -I '{}' -n1 bash -c 'dir="$(dirname "${1}")"; new_dir="${dir#/static-tmp}"; mkdir -p "${new_dir}"; cp "${1}" "${new_dir}";' -- {} \ - && rm -r /static-tmp -# Circle CI uses BASH_ENV to pass an environment for bash. Other environments need -# an initial BASH_ENV as a foundation for cci-export(). -ENV BASH_ENV /etc/initial-bash.env - -# Install Postgres repo -RUN dnf --disablerepo="*" install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-aarch64/pgdg-redhat-repo-latest.noarch.rpm - -# Install all the packages -RUN dnf update -y \ - && dnf install --skip-broken --nobest -y \ - expect \ - gcc \ - gcc-c++ \ - java-17-openjdk-devel \ - lsof \ - lz4 \ - openssl \ - python3-devel \ - unzip \ - xmlstarlet \ - xz \ - zip \ - && dnf clean all \ - && rm -rf /var/cache/dnf /var/cache/yum - -#RUN dnf update -y \ -# && dnf --disablerepo="*" --enablerepo="pgdg14" install -y postgresql14 postgresql14-server postgresql14-contrib \ -# && dnf clean all \ -# && rm -rf /var/cache/dnf /var/cache/yum -RUN dnf update -y \ - && dnf install -y python3.11 \ - && dnf clean all \ - && rm -rf /var/cache/dnf /var/cache/yum - -RUN curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-linux-x86_64.tar.gz \ - && tar -xf google-cloud-cli-linux-x86_64.tar.gz \ - && ./google-cloud-sdk/install.sh --help \ - && ./google-cloud-sdk/install.sh - -ENV PATH=$PATH:./google-cloud-sdk/bin/ -RUN gcloud components install kubectl gke-gcloud-auth-plugin - -#RUN curl -Lo kubectl "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/arm64/kubectl.sha256" \ -# && install -m 0755 kubectl /usr/bin/kubectl - -# Use updated auth plugin for GCP -ENV USE_GKE_GCLOUD_AUTH_PLUGIN=True -RUN gke-gcloud-auth-plugin --version - -# Update PATH for Postgres14 -ENV PATH=$PATH:/usr/pgsql-14/bin - -RUN dnf update -y \ - && dnf install -y npm wget nodejs \ - && dnf clean all \ - && rm -rf /var/cache/dnf /var/cache/yum - -RUN python3 --version - -# Install bats -RUN set -ex \ - && npm install -g bats@1.10.0 bats-support@0.3.0 bats-assert@2.0.0 tap-junit \ - && bats -v - -# Install docker binary -ARG DOCKER_VERSION=20.10.6 -RUN set -ex \ - && DOCKER_URL="https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_VERSION}.tgz" \ - && echo Docker URL: $DOCKER_URL \ - && wget --no-verbose -O /tmp/docker.tgz "${DOCKER_URL}" \ - && ls -lha /tmp/docker.tgz \ - && tar -xz -C /tmp -f /tmp/docker.tgz \ - && install /tmp/docker/docker /usr/local/bin \ - && rm -rf /tmp/docker /tmp/docker.tgz \ - && command -v docker \ - && (docker version --format '{{.Client.Version}}' || true) - -# Symlink python to python3 -RUN ln -s /usr/bin/python3 /usr/bin/python - -# oc -RUN set -ex \ - && wget --no-verbose -O oc.tgz https://github.com/okd-project/okd/releases/download/4.11.0-0.okd-2022-12-02-145640/openshift-client-linux-4.11.0-0.okd-2022-12-02-145640.tar.gz \ - && mkdir "oc-dir" \ - && tar -C "oc-dir" -xf oc.tgz \ - && install oc-dir/oc /usr/local/bin \ - && rm -rf "oc-dir" oc.tgz \ - && command -v oc - -# helm -RUN set -ex \ - && wget --no-verbose -O helm.tgz https://get.helm.sh/helm-v3.11.2-linux-arm64.tar.gz \ - && tar -xf helm.tgz \ - && install linux-arm64/helm /usr/local/bin \ - && rm -rf helm.tgz linux-arm64 \ - && command -v helm - -# Install gradle -ARG GRADLE_VERSION=7.5.1 -ENV PATH=$PATH:/opt/gradle/bin -RUN set -ex \ - && wget --no-verbose https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip \ - && mkdir /opt/gradle \ - && unzip -q gradle-${GRADLE_VERSION}-bin.zip \ - && mv gradle-${GRADLE_VERSION}/* /opt/gradle \ - && rm gradle-${GRADLE_VERSION}-bin.zip \ - && rmdir gradle-${GRADLE_VERSION} \ - && command -v gradle - -# Install aws cli -RUN set -ex \ - && wget --no-verbose -O "awscliv2.zip" "https://awscli.amazonaws.com/awscli-exe-linux-aarch64-2.7.17.zip" \ - && unzip awscliv2.zip \ - && ./aws/install \ - && rm awscliv2.zip \ - && rm -rf aws \ - && aws --version - -# Install yq v4.16.2 -RUN set -ex \ - && wget --no-verbose "https://github.com/mikefarah/yq/releases/download/v4.16.2/yq_linux_arm64" \ - && mv yq_linux_arm64 /usr/bin/yq \ - && chmod +x /usr/bin/yq - -# Install shellcheck -ARG SHELLCHECK_VERSION=0.10.0 -RUN set -ex \ - && wget --quiet "https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/shellcheck-v${SHELLCHECK_VERSION}.linux.aarch64.tar.xz" \ - && tar -xJf "shellcheck-v${SHELLCHECK_VERSION}.linux.aarch64.tar.xz" \ - && cp "shellcheck-v${SHELLCHECK_VERSION}/shellcheck" /usr/bin/shellcheck \ - && rm "shellcheck-v${SHELLCHECK_VERSION}.linux.aarch64.tar.xz" \ - && rm -rf "shellcheck-v${SHELLCHECK_VERSION}" \ - && shellcheck --version - -# Install hashicorp vault -ARG VAULT_VERSION=1.12.1 -RUN set -ex \ - && wget --quiet "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_arm64.zip" \ - && unzip "vault_${VAULT_VERSION}_linux_arm64.zip" \ - && strip "vault" \ - && mv "vault" /usr/bin/vault \ - && rm "vault_${VAULT_VERSION}_linux_arm64.zip" \ - && vault --version - -# Add python development tooling. If these versions have to change check for -# dependent repos. e.g. stackrox/stackrox has .openshift-ci/dev-requirements.txt -# for local development style & lint. -ARG PYCODESTYLE_VERSION=2.10.0 -ARG PYLINT_VERSION=2.13.9 -RUN set -ex \ - && pip3 install pycodestyle=="${PYCODESTYLE_VERSION}" \ - pylint=="${PYLINT_VERSION}" - -RUN \ - mv /bin/bash /bin/real-bash && \ - mv /bin/bash-wrapper /bin/bash From 84754216f4d0e73a236fe38bb2a522916f832f4e Mon Sep 17 00:00:00 2001 From: davdhacs <105243888+davdhacs@users.noreply.github.com> Date: Mon, 13 Apr 2026 12:06:16 -0600 Subject: [PATCH 4/9] Add yarn, java versions to UI/test image metadata Co-Authored-By: Claude Opus 4.6 (1M context) --- images/stackrox-test.Dockerfile | 1 + images/stackrox-ui-test.Dockerfile | 2 ++ 2 files changed, 3 insertions(+) diff --git a/images/stackrox-test.Dockerfile b/images/stackrox-test.Dockerfile index 728f7bd1..bf7cfced 100644 --- a/images/stackrox-test.Dockerfile +++ b/images/stackrox-test.Dockerfile @@ -175,6 +175,7 @@ RUN { \ echo "go=$(go version | awk '{print $3}')"; \ echo "helm=$(helm version --short)"; \ echo "oc=$(oc version --client | head -1)"; \ + echo "java=$(java -version 2>&1 | head -1)"; \ echo "gradle=$(gradle --version | grep '^Gradle' || echo unknown)"; \ echo "aws=$(aws --version)"; \ echo "docker=$(docker version --format '{{.Client.Version}}' 2>/dev/null || echo unknown)"; \ diff --git a/images/stackrox-ui-test.Dockerfile b/images/stackrox-ui-test.Dockerfile index a9b15165..f2251bba 100644 --- a/images/stackrox-ui-test.Dockerfile +++ b/images/stackrox-ui-test.Dockerfile @@ -226,6 +226,8 @@ RUN { \ echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ echo "go=$(go version | awk '{print $3}')"; \ echo "node=$(node --version)"; \ + echo "yarn=$(yarn --version)"; \ + echo "java=$(java -version 2>&1 | head -1)"; \ echo "helm=$(helm version --short)"; \ echo "oc=$(oc version --client | head -1)"; \ echo "gradle=$(gradle --version | grep '^Gradle' || echo unknown)"; \ From 34c6ec0f960104ade4b1026123b8ac23a85e1100 Mon Sep 17 00:00:00 2001 From: davdhacs <105243888+davdhacs@users.noreply.github.com> Date: Mon, 13 Apr 2026 12:13:59 -0600 Subject: [PATCH 5/9] Simplify version output: remove grep/head/awk filtering Let each tool's --version output through unmodified so we don't hide useful information. Co-Authored-By: Claude Opus 4.6 (1M context) --- images/scanner-build.Dockerfile | 6 +++--- images/scanner-test.Dockerfile | 10 +++++----- images/stackrox-build.Dockerfile | 6 +++--- images/stackrox-test.Dockerfile | 16 ++++++++-------- images/stackrox-ui-test.Dockerfile | 16 ++++++++-------- 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/images/scanner-build.Dockerfile b/images/scanner-build.Dockerfile index 54e09213..e586d37c 100644 --- a/images/scanner-build.Dockerfile +++ b/images/scanner-build.Dockerfile @@ -67,9 +67,9 @@ ARG ROX_CI_IMAGE_REVISION=unknown RUN { \ echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ - echo "go=$(go version | awk '{print $3}')"; \ - echo "gcc=$(gcc --version | head -1)"; \ - echo "make=$(make --version | head -1)"; \ + echo "go=$(go version)"; \ + echo "gcc=$(gcc --version)"; \ + echo "make=$(make --version)"; \ } > /i-am-rox-ci-image WORKDIR /go/src/github.com/stackrox/scanner diff --git a/images/scanner-test.Dockerfile b/images/scanner-test.Dockerfile index 05c513e7..829737bd 100644 --- a/images/scanner-test.Dockerfile +++ b/images/scanner-test.Dockerfile @@ -112,13 +112,13 @@ ARG ROX_CI_IMAGE_REVISION=unknown RUN { \ echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ - echo "go=$(go version | awk '{print $3}')"; \ + echo "go=$(go version)"; \ echo "helm=$(helm version --short)"; \ - echo "oc=$(oc version --client | head -1)"; \ - echo "docker=$(docker version --format '{{.Client.Version}}' 2>/dev/null || echo unknown)"; \ - echo "kubectl=$(kubectl version --client -o json 2>/dev/null | grep gitVersion || echo unknown)"; \ + echo "oc=$(oc version --client)"; \ + echo "docker=$(docker version 2>/dev/null || echo unknown)"; \ + echo "kubectl=$(kubectl version --client 2>/dev/null || echo unknown)"; \ echo "yq=$(yq --version)"; \ - echo "gcloud=$(gcloud version 2>/dev/null | head -1 || echo unknown)"; \ + echo "gcloud=$(gcloud version 2>/dev/null || echo unknown)"; \ } > /i-am-rox-ci-image RUN \ diff --git a/images/stackrox-build.Dockerfile b/images/stackrox-build.Dockerfile index 46dd7268..457654e5 100644 --- a/images/stackrox-build.Dockerfile +++ b/images/stackrox-build.Dockerfile @@ -88,9 +88,9 @@ ARG ROX_CI_IMAGE_REVISION=unknown RUN { \ echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ - echo "go=$(go version | awk '{print $3}')"; \ - echo "gcc=$(gcc --version | head -1)"; \ - echo "make=$(make --version | head -1)"; \ + echo "go=$(go version)"; \ + echo "gcc=$(gcc --version)"; \ + echo "make=$(make --version)"; \ } > /i-am-rox-ci-image WORKDIR /go/src/github.com/stackrox/rox diff --git a/images/stackrox-test.Dockerfile b/images/stackrox-test.Dockerfile index bf7cfced..7232b6d5 100644 --- a/images/stackrox-test.Dockerfile +++ b/images/stackrox-test.Dockerfile @@ -172,18 +172,18 @@ ARG ROX_CI_IMAGE_REVISION=unknown RUN { \ echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ - echo "go=$(go version | awk '{print $3}')"; \ + echo "go=$(go version)"; \ echo "helm=$(helm version --short)"; \ - echo "oc=$(oc version --client | head -1)"; \ - echo "java=$(java -version 2>&1 | head -1)"; \ - echo "gradle=$(gradle --version | grep '^Gradle' || echo unknown)"; \ + echo "oc=$(oc version --client)"; \ + echo "java=$(java -version 2>&1)"; \ + echo "gradle=$(gradle --version)"; \ echo "aws=$(aws --version)"; \ - echo "docker=$(docker version --format '{{.Client.Version}}' 2>/dev/null || echo unknown)"; \ - echo "kubectl=$(kubectl version --client -o json 2>/dev/null | grep gitVersion || echo unknown)"; \ + echo "docker=$(docker version 2>/dev/null || echo unknown)"; \ + echo "kubectl=$(kubectl version --client 2>/dev/null || echo unknown)"; \ echo "vault=$(vault --version)"; \ - echo "shellcheck=$(shellcheck --version | grep version: | head -1)"; \ + echo "shellcheck=$(shellcheck --version)"; \ echo "yq=$(yq --version)"; \ - echo "gcloud=$(gcloud version 2>/dev/null | head -1 || echo unknown)"; \ + echo "gcloud=$(gcloud version 2>/dev/null || echo unknown)"; \ echo "roxie=$(roxie version 2>/dev/null || echo unknown)"; \ } > /i-am-rox-ci-image diff --git a/images/stackrox-ui-test.Dockerfile b/images/stackrox-ui-test.Dockerfile index f2251bba..c2bc61ba 100644 --- a/images/stackrox-ui-test.Dockerfile +++ b/images/stackrox-ui-test.Dockerfile @@ -224,21 +224,21 @@ ARG ROX_CI_IMAGE_REVISION=unknown RUN { \ echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ - echo "go=$(go version | awk '{print $3}')"; \ + echo "go=$(go version)"; \ echo "node=$(node --version)"; \ echo "yarn=$(yarn --version)"; \ - echo "java=$(java -version 2>&1 | head -1)"; \ + echo "java=$(java -version 2>&1)"; \ echo "helm=$(helm version --short)"; \ - echo "oc=$(oc version --client | head -1)"; \ - echo "gradle=$(gradle --version | grep '^Gradle' || echo unknown)"; \ + echo "oc=$(oc version --client)"; \ + echo "gradle=$(gradle --version)"; \ echo "aws=$(aws --version)"; \ - echo "docker=$(docker version --format '{{.Client.Version}}' 2>/dev/null || echo unknown)"; \ - echo "kubectl=$(kubectl version --client -o json 2>/dev/null | grep gitVersion || echo unknown)"; \ + echo "docker=$(docker version 2>/dev/null || echo unknown)"; \ + echo "kubectl=$(kubectl version --client 2>/dev/null || echo unknown)"; \ echo "vault=$(vault --version)"; \ - echo "shellcheck=$(shellcheck --version | grep version: | head -1)"; \ + echo "shellcheck=$(shellcheck --version)"; \ echo "yq=$(yq --version)"; \ echo "bats=$(bats --version)"; \ - echo "gcloud=$(gcloud version 2>/dev/null | head -1 || echo unknown)"; \ + echo "gcloud=$(gcloud version 2>/dev/null || echo unknown)"; \ echo "roxie=$(roxie version 2>/dev/null || echo unknown)"; \ } > /i-am-rox-ci-image From ae4f0ca10fa891a14ca49abaf51b42d428aec21d Mon Sep 17 00:00:00 2001 From: davdhacs <105243888+davdhacs@users.noreply.github.com> Date: Mon, 13 Apr 2026 12:15:19 -0600 Subject: [PATCH 6/9] Remove stderr hiding and echo unknown fallbacks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let errors show naturally — empty or stderr output is sufficient to know a tool is missing. Co-Authored-By: Claude Opus 4.6 (1M context) --- images/scanner-test.Dockerfile | 6 +++--- images/stackrox-test.Dockerfile | 8 ++++---- images/stackrox-ui-test.Dockerfile | 8 ++++---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/images/scanner-test.Dockerfile b/images/scanner-test.Dockerfile index 829737bd..360fb03c 100644 --- a/images/scanner-test.Dockerfile +++ b/images/scanner-test.Dockerfile @@ -115,10 +115,10 @@ RUN { \ echo "go=$(go version)"; \ echo "helm=$(helm version --short)"; \ echo "oc=$(oc version --client)"; \ - echo "docker=$(docker version 2>/dev/null || echo unknown)"; \ - echo "kubectl=$(kubectl version --client 2>/dev/null || echo unknown)"; \ + echo "docker=$(docker version)"; \ + echo "kubectl=$(kubectl version --client)"; \ echo "yq=$(yq --version)"; \ - echo "gcloud=$(gcloud version 2>/dev/null || echo unknown)"; \ + echo "gcloud=$(gcloud version)"; \ } > /i-am-rox-ci-image RUN \ diff --git a/images/stackrox-test.Dockerfile b/images/stackrox-test.Dockerfile index 7232b6d5..d3b1a8c7 100644 --- a/images/stackrox-test.Dockerfile +++ b/images/stackrox-test.Dockerfile @@ -178,13 +178,13 @@ RUN { \ echo "java=$(java -version 2>&1)"; \ echo "gradle=$(gradle --version)"; \ echo "aws=$(aws --version)"; \ - echo "docker=$(docker version 2>/dev/null || echo unknown)"; \ - echo "kubectl=$(kubectl version --client 2>/dev/null || echo unknown)"; \ + echo "docker=$(docker version)"; \ + echo "kubectl=$(kubectl version --client)"; \ echo "vault=$(vault --version)"; \ echo "shellcheck=$(shellcheck --version)"; \ echo "yq=$(yq --version)"; \ - echo "gcloud=$(gcloud version 2>/dev/null || echo unknown)"; \ - echo "roxie=$(roxie version 2>/dev/null || echo unknown)"; \ + echo "gcloud=$(gcloud version)"; \ + echo "roxie=$(roxie version)"; \ } > /i-am-rox-ci-image RUN \ diff --git a/images/stackrox-ui-test.Dockerfile b/images/stackrox-ui-test.Dockerfile index c2bc61ba..285051e0 100644 --- a/images/stackrox-ui-test.Dockerfile +++ b/images/stackrox-ui-test.Dockerfile @@ -232,14 +232,14 @@ RUN { \ echo "oc=$(oc version --client)"; \ echo "gradle=$(gradle --version)"; \ echo "aws=$(aws --version)"; \ - echo "docker=$(docker version 2>/dev/null || echo unknown)"; \ - echo "kubectl=$(kubectl version --client 2>/dev/null || echo unknown)"; \ + echo "docker=$(docker version)"; \ + echo "kubectl=$(kubectl version --client)"; \ echo "vault=$(vault --version)"; \ echo "shellcheck=$(shellcheck --version)"; \ echo "yq=$(yq --version)"; \ echo "bats=$(bats --version)"; \ - echo "gcloud=$(gcloud version 2>/dev/null || echo unknown)"; \ - echo "roxie=$(roxie version 2>/dev/null || echo unknown)"; \ + echo "gcloud=$(gcloud version)"; \ + echo "roxie=$(roxie version)"; \ } > /i-am-rox-ci-image RUN \ From 30f27168417f583795934e125f123dc8956a9ada Mon Sep 17 00:00:00 2001 From: davdhacs <105243888+davdhacs@users.noreply.github.com> Date: Mon, 13 Apr 2026 12:16:42 -0600 Subject: [PATCH 7/9] Sort tool versions alphabetically in metadata Co-Authored-By: Claude Opus 4.6 (1M context) --- images/scanner-build.Dockerfile | 2 +- images/scanner-test.Dockerfile | 6 +++--- images/stackrox-build.Dockerfile | 2 +- images/stackrox-test.Dockerfile | 14 +++++++------- images/stackrox-ui-test.Dockerfile | 22 +++++++++++----------- 5 files changed, 23 insertions(+), 23 deletions(-) diff --git a/images/scanner-build.Dockerfile b/images/scanner-build.Dockerfile index e586d37c..8f8eff07 100644 --- a/images/scanner-build.Dockerfile +++ b/images/scanner-build.Dockerfile @@ -67,8 +67,8 @@ ARG ROX_CI_IMAGE_REVISION=unknown RUN { \ echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ - echo "go=$(go version)"; \ echo "gcc=$(gcc --version)"; \ + echo "go=$(go version)"; \ echo "make=$(make --version)"; \ } > /i-am-rox-ci-image diff --git a/images/scanner-test.Dockerfile b/images/scanner-test.Dockerfile index 360fb03c..98bbc400 100644 --- a/images/scanner-test.Dockerfile +++ b/images/scanner-test.Dockerfile @@ -112,13 +112,13 @@ ARG ROX_CI_IMAGE_REVISION=unknown RUN { \ echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ + echo "docker=$(docker version)"; \ + echo "gcloud=$(gcloud version)"; \ echo "go=$(go version)"; \ echo "helm=$(helm version --short)"; \ - echo "oc=$(oc version --client)"; \ - echo "docker=$(docker version)"; \ echo "kubectl=$(kubectl version --client)"; \ + echo "oc=$(oc version --client)"; \ echo "yq=$(yq --version)"; \ - echo "gcloud=$(gcloud version)"; \ } > /i-am-rox-ci-image RUN \ diff --git a/images/stackrox-build.Dockerfile b/images/stackrox-build.Dockerfile index 457654e5..fbd165d6 100644 --- a/images/stackrox-build.Dockerfile +++ b/images/stackrox-build.Dockerfile @@ -88,8 +88,8 @@ ARG ROX_CI_IMAGE_REVISION=unknown RUN { \ echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ - echo "go=$(go version)"; \ echo "gcc=$(gcc --version)"; \ + echo "go=$(go version)"; \ echo "make=$(make --version)"; \ } > /i-am-rox-ci-image diff --git a/images/stackrox-test.Dockerfile b/images/stackrox-test.Dockerfile index d3b1a8c7..c7ade724 100644 --- a/images/stackrox-test.Dockerfile +++ b/images/stackrox-test.Dockerfile @@ -172,19 +172,19 @@ ARG ROX_CI_IMAGE_REVISION=unknown RUN { \ echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ + echo "aws=$(aws --version)"; \ + echo "docker=$(docker version)"; \ + echo "gcloud=$(gcloud version)"; \ echo "go=$(go version)"; \ + echo "gradle=$(gradle --version)"; \ echo "helm=$(helm version --short)"; \ - echo "oc=$(oc version --client)"; \ echo "java=$(java -version 2>&1)"; \ - echo "gradle=$(gradle --version)"; \ - echo "aws=$(aws --version)"; \ - echo "docker=$(docker version)"; \ echo "kubectl=$(kubectl version --client)"; \ - echo "vault=$(vault --version)"; \ + echo "oc=$(oc version --client)"; \ + echo "roxie=$(roxie version)"; \ echo "shellcheck=$(shellcheck --version)"; \ + echo "vault=$(vault --version)"; \ echo "yq=$(yq --version)"; \ - echo "gcloud=$(gcloud version)"; \ - echo "roxie=$(roxie version)"; \ } > /i-am-rox-ci-image RUN \ diff --git a/images/stackrox-ui-test.Dockerfile b/images/stackrox-ui-test.Dockerfile index 285051e0..0022218f 100644 --- a/images/stackrox-ui-test.Dockerfile +++ b/images/stackrox-ui-test.Dockerfile @@ -224,22 +224,22 @@ ARG ROX_CI_IMAGE_REVISION=unknown RUN { \ echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ - echo "go=$(go version)"; \ - echo "node=$(node --version)"; \ - echo "yarn=$(yarn --version)"; \ - echo "java=$(java -version 2>&1)"; \ - echo "helm=$(helm version --short)"; \ - echo "oc=$(oc version --client)"; \ - echo "gradle=$(gradle --version)"; \ echo "aws=$(aws --version)"; \ + echo "bats=$(bats --version)"; \ echo "docker=$(docker version)"; \ + echo "gcloud=$(gcloud version)"; \ + echo "go=$(go version)"; \ + echo "gradle=$(gradle --version)"; \ + echo "helm=$(helm version --short)"; \ + echo "java=$(java -version 2>&1)"; \ echo "kubectl=$(kubectl version --client)"; \ - echo "vault=$(vault --version)"; \ + echo "node=$(node --version)"; \ + echo "oc=$(oc version --client)"; \ + echo "roxie=$(roxie version)"; \ echo "shellcheck=$(shellcheck --version)"; \ + echo "vault=$(vault --version)"; \ + echo "yarn=$(yarn --version)"; \ echo "yq=$(yq --version)"; \ - echo "bats=$(bats --version)"; \ - echo "gcloud=$(gcloud version)"; \ - echo "roxie=$(roxie version)"; \ } > /i-am-rox-ci-image RUN \ From 21e619800b13adaaee9493deeb824ea93ee5726d Mon Sep 17 00:00:00 2001 From: davdhacs <105243888+davdhacs@users.noreply.github.com> Date: Mon, 13 Apr 2026 12:18:58 -0600 Subject: [PATCH 8/9] Use full helm version output Co-Authored-By: Claude Opus 4.6 (1M context) --- images/scanner-test.Dockerfile | 2 +- images/stackrox-test.Dockerfile | 2 +- images/stackrox-ui-test.Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/images/scanner-test.Dockerfile b/images/scanner-test.Dockerfile index 98bbc400..0fc594b7 100644 --- a/images/scanner-test.Dockerfile +++ b/images/scanner-test.Dockerfile @@ -115,7 +115,7 @@ RUN { \ echo "docker=$(docker version)"; \ echo "gcloud=$(gcloud version)"; \ echo "go=$(go version)"; \ - echo "helm=$(helm version --short)"; \ + echo "helm=$(helm version)"; \ echo "kubectl=$(kubectl version --client)"; \ echo "oc=$(oc version --client)"; \ echo "yq=$(yq --version)"; \ diff --git a/images/stackrox-test.Dockerfile b/images/stackrox-test.Dockerfile index c7ade724..5a5ce024 100644 --- a/images/stackrox-test.Dockerfile +++ b/images/stackrox-test.Dockerfile @@ -177,7 +177,7 @@ RUN { \ echo "gcloud=$(gcloud version)"; \ echo "go=$(go version)"; \ echo "gradle=$(gradle --version)"; \ - echo "helm=$(helm version --short)"; \ + echo "helm=$(helm version)"; \ echo "java=$(java -version 2>&1)"; \ echo "kubectl=$(kubectl version --client)"; \ echo "oc=$(oc version --client)"; \ diff --git a/images/stackrox-ui-test.Dockerfile b/images/stackrox-ui-test.Dockerfile index 0022218f..bbdce9b3 100644 --- a/images/stackrox-ui-test.Dockerfile +++ b/images/stackrox-ui-test.Dockerfile @@ -230,7 +230,7 @@ RUN { \ echo "gcloud=$(gcloud version)"; \ echo "go=$(go version)"; \ echo "gradle=$(gradle --version)"; \ - echo "helm=$(helm version --short)"; \ + echo "helm=$(helm version)"; \ echo "java=$(java -version 2>&1)"; \ echo "kubectl=$(kubectl version --client)"; \ echo "node=$(node --version)"; \ From 8dcc9f30f96d5a6fbf524662499402ff66d8fd08 Mon Sep 17 00:00:00 2001 From: davdhacs <105243888+davdhacs@users.noreply.github.com> Date: Mon, 13 Apr 2026 12:24:33 -0600 Subject: [PATCH 9/9] Rename REVISION to GIT_COMMIT for clarity Co-Authored-By: Claude Opus 4.6 (1M context) --- Makefile | 14 +++++++------- images/scanner-build.Dockerfile | 4 ++-- images/scanner-test.Dockerfile | 4 ++-- images/stackrox-build.Dockerfile | 4 ++-- images/stackrox-test.Dockerfile | 4 ++-- images/stackrox-ui-test.Dockerfile | 4 ++-- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/Makefile b/Makefile index 86efd888..4271ae60 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ DOCKER=docker endif QUAY_REPO=stackrox-io ROX_CI_IMAGE_VERSION=$(shell git describe --tags --abbrev=10) -ROX_CI_IMAGE_REVISION=$(shell git rev-parse HEAD) +ROX_CI_IMAGE_GIT_COMMIT=$(shell git rev-parse HEAD) STACKROX_BUILD_TAG=$(shell scripts/get_tag.sh "stackrox-build") @@ -12,7 +12,7 @@ stackrox-build-image: $(DOCKER) build \ --platform linux/amd64 \ --build-arg ROX_CI_IMAGE_VERSION=$(ROX_CI_IMAGE_VERSION) \ - --build-arg ROX_CI_IMAGE_REVISION=$(ROX_CI_IMAGE_REVISION) \ + --build-arg ROX_CI_IMAGE_GIT_COMMIT=$(ROX_CI_IMAGE_GIT_COMMIT) \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_BUILD_TAG) \ -f images/stackrox-build.Dockerfile \ images/ @@ -24,7 +24,7 @@ stackrox-test-image: $(DOCKER) build \ --platform linux/amd64 \ --build-arg ROX_CI_IMAGE_VERSION=$(ROX_CI_IMAGE_VERSION) \ - --build-arg ROX_CI_IMAGE_REVISION=$(ROX_CI_IMAGE_REVISION) \ + --build-arg ROX_CI_IMAGE_GIT_COMMIT=$(ROX_CI_IMAGE_GIT_COMMIT) \ --build-arg BASE_TAG=$(STACKROX_BUILD_TAG) \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_TEST_TAG) \ -f images/stackrox-test.Dockerfile \ @@ -37,7 +37,7 @@ stackrox-ui-test-image: $(DOCKER) build \ --platform linux/amd64 \ --build-arg ROX_CI_IMAGE_VERSION=$(ROX_CI_IMAGE_VERSION) \ - --build-arg ROX_CI_IMAGE_REVISION=$(ROX_CI_IMAGE_REVISION) \ + --build-arg ROX_CI_IMAGE_GIT_COMMIT=$(ROX_CI_IMAGE_GIT_COMMIT) \ --build-arg BASE_TAG=$(STACKROX_UI_TEST_TAG) \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_UI_TEST_TAG) \ -f images/stackrox-ui-test.Dockerfile \ @@ -60,7 +60,7 @@ scanner-build-image: $(DOCKER) build \ --platform linux/amd64 \ --build-arg ROX_CI_IMAGE_VERSION=$(ROX_CI_IMAGE_VERSION) \ - --build-arg ROX_CI_IMAGE_REVISION=$(ROX_CI_IMAGE_REVISION) \ + --build-arg ROX_CI_IMAGE_GIT_COMMIT=$(ROX_CI_IMAGE_GIT_COMMIT) \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(shell scripts/get_tag.sh "scanner-build") \ -f images/scanner-build.Dockerfile \ images/ @@ -70,7 +70,7 @@ scanner-test-image: $(DOCKER) build \ --platform linux/amd64 \ --build-arg ROX_CI_IMAGE_VERSION=$(ROX_CI_IMAGE_VERSION) \ - --build-arg ROX_CI_IMAGE_REVISION=$(ROX_CI_IMAGE_REVISION) \ + --build-arg ROX_CI_IMAGE_GIT_COMMIT=$(ROX_CI_IMAGE_GIT_COMMIT) \ --build-arg BASE_TAG=$(shell scripts/get_tag.sh "scanner-build") \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(shell scripts/get_tag.sh "scanner-test") \ -f images/scanner-test.Dockerfile \ @@ -81,7 +81,7 @@ jenkins-plugin-image: $(DOCKER) build \ --platform linux/amd64 \ --build-arg ROX_CI_IMAGE_VERSION=$(ROX_CI_IMAGE_VERSION) \ - --build-arg ROX_CI_IMAGE_REVISION=$(ROX_CI_IMAGE_REVISION) \ + --build-arg ROX_CI_IMAGE_GIT_COMMIT=$(ROX_CI_IMAGE_GIT_COMMIT) \ -t quay.io/$(QUAY_REPO)/apollo-ci:$(shell scripts/get_tag.sh "jenkins-plugin") \ -f images/jenkins-plugin.Dockerfile \ images/ diff --git a/images/scanner-build.Dockerfile b/images/scanner-build.Dockerfile index 8f8eff07..2a09711e 100644 --- a/images/scanner-build.Dockerfile +++ b/images/scanner-build.Dockerfile @@ -63,10 +63,10 @@ RUN fetch --repo="https://github.com/stackrox/ossls" --tag="${OSSLS_VERSION}" -- ossls version ARG ROX_CI_IMAGE_VERSION=unknown -ARG ROX_CI_IMAGE_REVISION=unknown +ARG ROX_CI_IMAGE_GIT_COMMIT=unknown RUN { \ echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ - echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ + echo "rox-ci-image-revision=${ROX_CI_IMAGE_GIT_COMMIT}"; \ echo "gcc=$(gcc --version)"; \ echo "go=$(go version)"; \ echo "make=$(make --version)"; \ diff --git a/images/scanner-test.Dockerfile b/images/scanner-test.Dockerfile index 0fc594b7..24ce54e8 100644 --- a/images/scanner-test.Dockerfile +++ b/images/scanner-test.Dockerfile @@ -108,10 +108,10 @@ RUN set -ex \ && command -v hub-comment ARG ROX_CI_IMAGE_VERSION=unknown -ARG ROX_CI_IMAGE_REVISION=unknown +ARG ROX_CI_IMAGE_GIT_COMMIT=unknown RUN { \ echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ - echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ + echo "rox-ci-image-revision=${ROX_CI_IMAGE_GIT_COMMIT}"; \ echo "docker=$(docker version)"; \ echo "gcloud=$(gcloud version)"; \ echo "go=$(go version)"; \ diff --git a/images/stackrox-build.Dockerfile b/images/stackrox-build.Dockerfile index fbd165d6..42e0519d 100644 --- a/images/stackrox-build.Dockerfile +++ b/images/stackrox-build.Dockerfile @@ -84,10 +84,10 @@ RUN fetch --repo="https://github.com/stackrox/ossls" --tag="${OSSLS_VERSION}" -- ENV CGO_ENABLED=1 ARG ROX_CI_IMAGE_VERSION=unknown -ARG ROX_CI_IMAGE_REVISION=unknown +ARG ROX_CI_IMAGE_GIT_COMMIT=unknown RUN { \ echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ - echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ + echo "rox-ci-image-revision=${ROX_CI_IMAGE_GIT_COMMIT}"; \ echo "gcc=$(gcc --version)"; \ echo "go=$(go version)"; \ echo "make=$(make --version)"; \ diff --git a/images/stackrox-test.Dockerfile b/images/stackrox-test.Dockerfile index 5a5ce024..e0963c8f 100644 --- a/images/stackrox-test.Dockerfile +++ b/images/stackrox-test.Dockerfile @@ -168,10 +168,10 @@ RUN set -ex \ COPY --from=roxie-installer /usr/local/bin/roxie /usr/bin/roxie ARG ROX_CI_IMAGE_VERSION=unknown -ARG ROX_CI_IMAGE_REVISION=unknown +ARG ROX_CI_IMAGE_GIT_COMMIT=unknown RUN { \ echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ - echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ + echo "rox-ci-image-revision=${ROX_CI_IMAGE_GIT_COMMIT}"; \ echo "aws=$(aws --version)"; \ echo "docker=$(docker version)"; \ echo "gcloud=$(gcloud version)"; \ diff --git a/images/stackrox-ui-test.Dockerfile b/images/stackrox-ui-test.Dockerfile index bbdce9b3..639bb788 100644 --- a/images/stackrox-ui-test.Dockerfile +++ b/images/stackrox-ui-test.Dockerfile @@ -220,10 +220,10 @@ RUN set -ex \ COPY --from=roxie-installer /usr/local/bin/roxie /usr/bin/roxie ARG ROX_CI_IMAGE_VERSION=unknown -ARG ROX_CI_IMAGE_REVISION=unknown +ARG ROX_CI_IMAGE_GIT_COMMIT=unknown RUN { \ echo "rox-ci-image-version=${ROX_CI_IMAGE_VERSION}"; \ - echo "rox-ci-image-revision=${ROX_CI_IMAGE_REVISION}"; \ + echo "rox-ci-image-revision=${ROX_CI_IMAGE_GIT_COMMIT}"; \ echo "aws=$(aws --version)"; \ echo "bats=$(bats --version)"; \ echo "docker=$(docker version)"; \