mirror of
https://github.com/krkn-chaos/krkn.git
synced 2026-04-15 06:57:28 +00:00
ca6995a1a1
* fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-PROTOBUF-10364902 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390193 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-10390194 * partial vulnerability fix Signed-off-by: Tullio Sebastiani <tsebasti@redhat.com> --------- Signed-off-by: Tullio Sebastiani <tsebasti@redhat.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Tullio Sebastiani <tsebasti@redhat.com>
63 lines
2.1 KiB
Docker
63 lines
2.1 KiB
Docker
# oc build
|
|
FROM golang:1.23.1 AS oc-build
|
|
RUN apt-get update && apt-get install -y --no-install-recommends libkrb5-dev
|
|
WORKDIR /tmp
|
|
RUN git clone --branch release-4.18 https://github.com/openshift/oc.git
|
|
WORKDIR /tmp/oc
|
|
RUN go mod edit -go 1.23.1 &&\
|
|
go get github.com/moby/buildkit@v0.12.5 &&\
|
|
go get github.com/containerd/containerd@v1.7.11&&\
|
|
go get github.com/docker/docker@v25.0.6&&\
|
|
go get github.com/opencontainers/runc@v1.1.14&&\
|
|
go get github.com/go-git/go-git/v5@v5.13.0&&\
|
|
go get golang.org/x/net@v0.38.0&&\
|
|
go get github.com/containerd/containerd@v1.7.27&&\
|
|
go get golang.org/x/oauth2@v0.27.0&&\
|
|
go get golang.org/x/crypto@v0.35.0&&\
|
|
go mod tidy && go mod vendor
|
|
RUN make GO_REQUIRED_MIN_VERSION:= oc
|
|
|
|
FROM fedora:40
|
|
ARG PR_NUMBER
|
|
ARG TAG
|
|
RUN groupadd -g 1001 krkn && useradd -m -u 1001 -g krkn krkn
|
|
RUN dnf update -y
|
|
|
|
ENV KUBECONFIG /home/krkn/.kube/config
|
|
|
|
|
|
# This overwrites any existing configuration in /etc/yum.repos.d/kubernetes.repo
|
|
RUN dnf update && dnf install -y --setopt=install_weak_deps=False \
|
|
git python39 jq yq gettext wget which &&\
|
|
dnf clean all
|
|
|
|
# copy oc client binary from oc-build image
|
|
COPY --from=oc-build /tmp/oc/oc /usr/bin/oc
|
|
|
|
# krkn build
|
|
RUN git clone https://github.com/krkn-chaos/krkn.git /home/krkn/kraken && \
|
|
mkdir -p /home/krkn/.kube
|
|
|
|
WORKDIR /home/krkn/kraken
|
|
|
|
# default behaviour will be to build main
|
|
# if it is a PR trigger the PR itself will be checked out
|
|
RUN if [ -n "$PR_NUMBER" ]; then git fetch origin pull/${PR_NUMBER}/head:pr-${PR_NUMBER} && git checkout pr-${PR_NUMBER};fi
|
|
# if it is a TAG trigger checkout the tag
|
|
RUN if [ -n "$TAG" ]; then git checkout "$TAG";fi
|
|
|
|
RUN python3.9 -m ensurepip --upgrade --default-pip
|
|
RUN python3.9 -m pip install --upgrade pip setuptools==78.1.1
|
|
RUN pip3.9 install -r requirements.txt
|
|
RUN pip3.9 install jsonschema
|
|
|
|
LABEL krknctl.title.global="Krkn Base Image"
|
|
LABEL krknctl.description.global="This is the krkn base image."
|
|
LABEL krknctl.input_fields.global='$KRKNCTL_INPUT'
|
|
|
|
|
|
RUN chown -R krkn:krkn /home/krkn && chmod 755 /home/krkn
|
|
USER krkn
|
|
ENTRYPOINT ["python3.9", "run_kraken.py"]
|
|
CMD ["--config=config/config.yaml"]
|