Skip to content

Commit

Permalink
Switch OSS Dockerfile image to wolfi (#3063)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kostasb
kostasb authored Jan 20, 2025
1 parent 8376819 commit f175163
Show file tree
Hide file tree
Showing 3 changed files with 129 additions and 9 deletions.
104 changes: 102 additions & 2 deletions .buildkite/pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -534,7 +534,7 @@ steps:
- ".buildkite/run_functional_test.sh"
artifact_paths:
- "perf8-report-*/**/*"

- path:
- "connectors/sources/redis.py"
- "tests/sources/fixtures/redis/**"
Expand All @@ -553,7 +553,7 @@ steps:
- ".buildkite/run_functional_test.sh"
artifact_paths:
- "perf8-report-*/**/*"

- path:
- "connectors/sources/graphql.py"
- "tests/sources/fixtures/graphql/**"
Expand Down Expand Up @@ -647,11 +647,111 @@ steps:
- buildkite-agent artifact download '.artifacts/*.tar.gz*' .artifacts/ --step build_docker_image_arm64
- ".buildkite/publish/test-docker.sh"

# ----
# OSS Dockerfile build, tests and vunlerability scan on amd64
# ----
- label: "Building amd64 Docker image from OSS Dockerfile"
agents:
provider: aws
instanceType: m6i.xlarge
imagePrefix: ci-amazonlinux-2
env:
ARCHITECTURE: "amd64"
DOCKERFILE_PATH: "Dockerfile"
DOCKER_IMAGE_NAME: "docker.elastic.co/ci-agent-images/elastic-connectors-oss-dockerfile"
DOCKER_ARTIFACT_KEY: "elastic-connectors-oss-dockerfile"
command: ".buildkite/publish/build-docker.sh"
key: "build_oss_dockerfile_image_amd64"
artifact_paths: ".artifacts/*.tar.gz"
- label: "Testing amd64 image built from OSS Dockerfile"
agents:
provider: aws
instanceType: m6i.xlarge
imagePrefix: ci-amazonlinux-2
env:
ARCHITECTURE: "amd64"
DOCKERFILE_PATH: "Dockerfile"
DOCKER_IMAGE_NAME: "docker.elastic.co/ci-agent-images/elastic-connectors-oss-dockerfile"
DOCKER_ARTIFACT_KEY: "elastic-connectors-oss-dockerfile"
depends_on: "build_oss_dockerfile_image_amd64"
key: "test_oss_dockerfile_image_amd64"
commands:
- "mkdir -p .artifacts"
- buildkite-agent artifact download '.artifacts/*.tar.gz*' .artifacts/ --step build_oss_dockerfile_image_amd64
- ".buildkite/publish/test-docker.sh"
- label: "Trivy Scan amd64 OSS Dockerfile image"
timeout_in_minutes: 10
depends_on:
- test_oss_dockerfile_image_amd64
key: "trivy-scan-amd64-oss-dockerfile-image"
agents:
provider: k8s
image: "docker.elastic.co/ci-agent-images/trivy:latest"
command: |-
mkdir -p .artifacts
buildkite-agent artifact download '.artifacts/*.tar.gz*' .artifacts/ --step build_oss_dockerfile_image_amd64
trivy --version
env | grep TRIVY
find .artifacts -type f -name '*.tar.gz*' -exec trivy image --quiet --input {} \;
# ----
# OSS Dockerfile build, tests and vunlerability scan on arm64
# ----
- label: "Building arm64 Docker image from OSS Dockerfile"
agents:
provider: aws
instanceType: m6g.xlarge
imagePrefix: ci-amazonlinux-2-aarch64
diskSizeGb: 40
diskName: '/dev/xvda'
env:
ARCHITECTURE: "arm64"
DOCKERFILE_PATH: "Dockerfile"
DOCKER_IMAGE_NAME: "docker.elastic.co/ci-agent-images/elastic-connectors-oss-dockerfile"
DOCKER_ARTIFACT_KEY: "elastic-connectors-oss-dockerfile"
command: ".buildkite/publish/build-docker.sh"
key: "build_oss_dockerfile_image_arm64"
artifact_paths: ".artifacts/*.tar.gz"
- label: "Testing arm64 image built from OSS Dockerfile"
agents:
provider: aws
instanceType: m6g.xlarge
imagePrefix: ci-amazonlinux-2-aarch64
diskSizeGb: 40
diskName: '/dev/xvda'
env:
ARCHITECTURE: "arm64"
DOCKERFILE_PATH: "Dockerfile"
DOCKER_IMAGE_NAME: "docker.elastic.co/ci-agent-images/elastic-connectors-oss-dockerfile"
DOCKER_ARTIFACT_KEY: "elastic-connectors-oss-dockerfile"
depends_on: "build_oss_dockerfile_image_arm64"
key: "test_oss_dockerfile_image_arm64"
commands:
- "mkdir -p .artifacts"
- buildkite-agent artifact download '.artifacts/*.tar.gz*' .artifacts/ --step build_oss_dockerfile_image_arm64
- ".buildkite/publish/test-docker.sh"
- label: "Trivy Scan arm64 OSS Dockerfile image"
timeout_in_minutes: 10
depends_on:
- test_oss_dockerfile_image_arm64
key: "trivy-scan-arm64-oss-dockerfile-image"
agents:
provider: k8s
image: "docker.elastic.co/ci-agent-images/trivy:latest"
command: |-
mkdir -p .artifacts
buildkite-agent artifact download '.artifacts/*.tar.gz*' .artifacts/ --step build_oss_dockerfile_image_arm64
trivy --version
env | grep TRIVY
find .artifacts -type f -name '*.tar.gz*' -exec trivy image --quiet --input {} \;
- label: ":truck: Publish DRA Items"
<<: *test-agents
key: "publish-dra-artifacts"
timeout_in_minutes: 45
depends_on:
- test_docker_image_amd64
- test_docker_image_arm64
- test_oss_dockerfile_image_amd64
- test_oss_dockerfile_image_arm64
command: ".buildkite/publish/dra/init_dra_publishing.sh"
17 changes: 14 additions & 3 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,18 @@
FROM python:3.11-slim-bookworm
RUN apt -y update && apt -y upgrade && apt -y install make git
COPY . /app
FROM cgr.dev/chainguard/wolfi-base
ARG python_version=3.11

USER root
RUN apk add --no-cache python3=~${python_version} make git

COPY --chown=nonroot:nonroot . /app

USER nonroot
WORKDIR /app
RUN make clean install
RUN ln -s .venv/bin /app/bin

USER root
RUN apk del make git

USER nonroot
ENTRYPOINT []
17 changes: 13 additions & 4 deletions Dockerfile.ftest
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,16 @@
FROM python:3.11-slim-bookworm
# RUN apt update && apt install make
RUN apt -y update && apt -y upgrade && apt -y install make git
COPY . /app
FROM cgr.dev/chainguard/wolfi-base
ARG python_version=3.11

USER root
RUN apk add --no-cache python3=~${python_version} make git

COPY --chown=nonroot:nonroot . /app

USER nonroot
WORKDIR /app
RUN make clean install
RUN .venv/bin/pip install -r requirements/ftest.txt

USER root
RUN apk del make git
USER nonroot

0 comments on commit f175163

Please sign in to comment.