ROX-24700: Resolve CentOS 8 deprecation (#212)

Co-authored-by: RTann <[email protected]>
Co-authored-by: Gavin Jefferies <[email protected]>

.github/actions/build-and-push-image/build-and-push-image.sh

@@ -8,8 +8,7 @@ build_and_push_image() {
     # Login may be required for pulling the base image for building (if used) and to avoid rate limits.
     docker login -u "$QUAY_RHACS_ENG_RW_USERNAME" --password-stdin <<<"$QUAY_RHACS_ENG_RW_PASSWORD" quay.io
 
-    STACKROX_CENTOS_TAG="$(cat STACKROX_CENTOS_TAG)"
-    TAG="$(scripts/get_tag.sh "$image_flavor" "${STACKROX_CENTOS_TAG}")"
+    TAG="$(scripts/get_tag.sh "$image_flavor")"
     IMAGE="quay.io/rhacs-eng/apollo-ci:${TAG}"
 
     make "$image_flavor"-image

.github/workflows/build.yaml

@@ -42,6 +42,18 @@ jobs:
       - uses: ./.github/actions/build-and-push-image
         with:
           image-flavor: "stackrox-test"
+
+  build-and-push-stackrox-ui-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+      - uses: ./.github/actions/build-and-push-image
+        with:
+          image-flavor: "stackrox-ui-test"
 
   build-and-push-collector:
     runs-on: ubuntu-latest

Makefile

@@ -1,6 +1,3 @@
-ifeq ($(STACKROX_CENTOS_TAG),)
-STACKROX_CENTOS_TAG=$(shell cat STACKROX_CENTOS_TAG)
-endif
 ifeq ($(DOCKER),)
 DOCKER=docker
 endif
@@ -11,8 +8,8 @@ STACKROX_BUILD_TAG=$(shell scripts/get_tag.sh "stackrox-build")
 .PHONY: stackrox-build-image
 stackrox-build-image:
 	$(DOCKER) build \
+		--platform linux/amd64 \
 		-t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_BUILD_TAG) \
-		--build-arg STACKROX_CENTOS_TAG=$(STACKROX_CENTOS_TAG) \
 		-f images/stackrox-build.Dockerfile \
 		images/
 
@@ -21,14 +18,27 @@ STACKROX_TEST_TAG=$(shell scripts/get_tag.sh "stackrox-test")
 .PHONY: stackrox-test-image
 stackrox-test-image:
 	$(DOCKER) build \
+		--platform linux/amd64 \
 		-t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_TEST_TAG) \
 		--build-arg BASE_TAG=$(STACKROX_BUILD_TAG) \
 		-f images/stackrox-test.Dockerfile \
 		images/
 
+STACKROX_UI_TEST_TAG=$(shell scripts/get_tag.sh "stackrox-ui-test")
+
+.PHONY: stackrox-ui-test-image
+stackrox-ui-test-image:
+	$(DOCKER) build \
+		--platform linux/amd64 \
+		-t quay.io/$(QUAY_REPO)/apollo-ci:$(STACKROX_UI_TEST_TAG) \
+		--build-arg BASE_TAG=$(STACKROX_UI_TEST_TAG) \
+		-f images/stackrox-ui-test.Dockerfile \
+		images/
+
 .PHONY: test-cci-export
 test-cci-export:
 	$(DOCKER) build \
+		--platform linux/amd64 \
 		-t test-cci-export \
 		--build-arg BASE_TAG=$(STACKROX_TEST_TAG) \
 		-f images/test.cci-export.Dockerfile \
@@ -40,20 +50,23 @@ test-cci-export:
 .PHONY: collector-image
 collector-image:
 	$(DOCKER) build \
+		--platform linux/amd64 \
 		-t quay.io/$(QUAY_REPO)/apollo-ci:$(shell scripts/get_tag.sh "collector") \
 		-f images/collector.Dockerfile \
 		images/
 
 .PHONY: scanner-build-image
 scanner-build-image:
 	$(DOCKER) build \
+		--platform linux/amd64 \
 		-t quay.io/$(QUAY_REPO)/apollo-ci:$(shell scripts/get_tag.sh "scanner-build") \
 		-f images/scanner-build.Dockerfile \
 		images/
 
 .PHONY: scanner-test-image
 scanner-test-image:
 	$(DOCKER) build \
+		--platform linux/amd64 \
 		--build-arg BASE_TAG=$(shell scripts/get_tag.sh "scanner-build") \
 		-t quay.io/$(QUAY_REPO)/apollo-ci:$(shell scripts/get_tag.sh "scanner-test") \
 		-f images/scanner-test.Dockerfile \
@@ -62,6 +75,7 @@ scanner-test-image:
 .PHONY: jenkins-plugin-image
 jenkins-plugin-image:
 	$(DOCKER) build \
+		--platform linux/amd64 \
 		-t quay.io/$(QUAY_REPO)/apollo-ci:$(shell scripts/get_tag.sh "jenkins-plugin") \
 		-f images/jenkins-plugin.Dockerfile \
 		images/

images/collector.Dockerfile

@@ -1,4 +1,4 @@
-FROM quay.io/centos/centos:stream8
+FROM registry.access.redhat.com/ubi8:latest
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
@@ -10,10 +10,31 @@ RUN set -ex \
   && rm -r /static-tmp
 
 RUN dnf update -y && \
-    dnf install -y epel-release dnf-plugins-core && \
-    dnf config-manager --set-enabled powertools && \
-    dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \
-    dnf -y groupinstall "Development Tools" && \
+    dnf install -y dnf-plugins-core && \
+    dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo && \
+    # This set replaces centos:stream8 "Development Tools". It is possible
+    # rox-ci-image does not need all of these.
+    dnf install -y \
+        autoconf \
+        automake \
+        binutils \
+        gcc \
+        gcc-c++ \
+        gdb \
+        glibc-devel \
+        libtool \
+        make \
+        pkgconf \
+        pkgconf-m4 \
+        pkgconf-pkg-config \
+        redhat-rpm-config \
+        rpm-build \
+        strace \
+        ctags \
+        git \
+        perl-Fedora-VSP \
+        perl-generators \
+        source-highlight && \
     dnf install -y \
         clang-tools-extra \
         cmake \
@@ -25,7 +46,6 @@ RUN dnf update -y && \
         docker-ce \
         docker-ce-cli \
         docker-ce-rootless-extras \
-        docker-scan-plugin \
         && \
     dnf upgrade -y && \
     dnf clean all && \

images/scanner-build.Dockerfile

@@ -1,12 +1,37 @@
 # Provides the tooling required to run Scanner dockerized build targets.
 
-FROM quay.io/centos/centos:stream8
+FROM registry.access.redhat.com/ubi8:latest
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 RUN dnf update -y && \
-    dnf install -y dnf-plugins-core epel-release wget && \
-    dnf -y groupinstall "Development Tools" && \
+    dnf install -y dnf-plugins-core wget && \
+    dnf config-manager --set-enabled ubi-8-codeready-builder-rpms && \
+    dnf update -y && \
+    # This set replaces centos:stream8 "Development Tools". It is possible
+    # rox-ci-image does not need all of these.
+    dnf install -y \
+        autoconf \
+        automake \
+        binutils \
+        gcc \
+        gcc-c++ \
+        gdb \
+        glibc-devel \
+        libtool \
+        make \
+        pkgconf \
+        pkgconf-m4 \
+        pkgconf-pkg-config \
+        redhat-rpm-config \
+        rpm-build \
+        strace \
+        ctags \
+        git \
+        perl-Fedora-VSP \
+        perl-generators \
+        source-highlight && \
+    dnf upgrade -y && \
     dnf clean all && \
     rm -rf /var/cache/dnf /var/cache/yum
 

images/scanner-test.Dockerfile

@@ -34,10 +34,10 @@ ENV BASH_ENV /etc/initial-bash.env
 ENV PG_MAJOR=15
 ENV PATH="$PATH:/usr/pgsql-$PG_MAJOR/bin/"
 
-RUN dnf install -y \
-        https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm \
- && dnf -qy module disable postgresql \
- && dnf update -y \
+# Install Postgres repo
+RUN dnf --disablerepo="*" install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
+
+RUN dnf update -y \
  && dnf install -y \
         expect \
         gcc \
@@ -49,15 +49,15 @@ RUN dnf install -y \
         lsof \
         lz4 \
         openssl \
+        postgresql${PG_MAJOR}-contrib \
         postgresql${PG_MAJOR}-server \
         procps-ng \
         python3 \
         unzip \
         xz \
         zip \
-        && \
-    dnf clean all && \
-    rm -rf /var/cache/dnf /var/cache/yum
+  && dnf clean all \
+  && rm -rf /var/cache/dnf /var/cache/yum
 
 # Use updated auth plugin for GCP
 ENV USE_GKE_GCLOUD_AUTH_PLUGIN=True

images/stackrox-build.Dockerfile

@@ -1,7 +1,6 @@
 # Provides the tooling required to run StackRox dockerized build targets.
 
-ARG STACKROX_CENTOS_TAG
-FROM quay.io/centos/centos:${STACKROX_CENTOS_TAG} as base
+FROM registry.access.redhat.com/ubi8:latest
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
@@ -10,24 +9,45 @@ RUN touch /i-am-rox-ci-image
 RUN dnf update -y && \
     dnf install -y \
         dnf-plugins-core \
-        epel-release \
         wget \
         && \
-    dnf config-manager --set-enabled powertools && \
+    dnf config-manager --set-enabled ubi-8-codeready-builder-rpms && \
     dnf update -y && \
     wget --quiet -O - https://rpm.nodesource.com/setup_lts.x | bash - && \
     wget --quiet -O - https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo && \
     dnf update -y && \
-    dnf -y groupinstall "Development Tools" && \
+    # This set replaces centos:stream8 "Development Tools". It is possible
+    # rox-ci-image does not need all of these.
+    dnf install -y \
+        autoconf \
+        automake \
+        binutils \
+        gcc \
+        gcc-c++ \
+        gdb \
+        glibc-devel \
+        libtool \
+        make \
+        pkgconf \
+        pkgconf-m4 \
+        pkgconf-pkg-config \
+        redhat-rpm-config \
+        rpm-build \
+        strace \
+        ctags \
+        git \
+        perl-Fedora-VSP \
+        perl-generators \
+        source-highlight && \
     dnf install -y \
         bzip2-devel \
+        gettext \
         git-core \
         jq \
-        libzstd-devel \
+        zstd \
         lz4-devel \
         nodejs \
         procps-ng \
-        snappy-devel \
         yarn \
         zlib-devel \
         && \

images/stackrox-test.Dockerfile

@@ -27,8 +27,8 @@ ENV BASH_ENV /etc/initial-bash.env
 RUN dnf --disablerepo="*" install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
 
 # Install all the packages
-RUN dnf update -y && \
-    dnf install -y \
+RUN dnf update -y \
+  && dnf install -y \
         expect \
         gcc \
         gcc-c++ \
@@ -39,19 +39,15 @@ RUN dnf update -y && \
         lsof \
         lz4 \
         openssl \
-        parallel \
         python3-devel \
         unzip \
         xmlstarlet \
         xz \
         zip \
-        # `# Cypress dependencies: (see https://docs.cypress.io/guides/guides/continuous-integration.html#Dependencies)` \
-        xorg-x11-server-Xvfb gtk2-devel gtk3-devel libnotify-devel GConf2 nss libXScrnSaver alsa-lib \
-        && \
-	dnf remove -y java-1.8.0-openjdk-headless && \
-    dnf --disablerepo="*" --enablerepo="pgdg14" install -y postgresql14 postgresql14-server postgresql14-contrib && \
-    dnf clean all && \
-    rm -rf /var/cache/dnf /var/cache/yum
+  && dnf remove -y java-1.8.0-openjdk-headless \
+  && dnf --disablerepo="*" --enablerepo="pgdg14" install -y postgresql14 postgresql14-server postgresql14-contrib \
+  && dnf clean all \
+  && rm -rf /var/cache/dnf /var/cache/yum
 
 # Use updated auth plugin for GCP
 ENV USE_GKE_GCLOUD_AUTH_PLUGIN=True