Loading .dockerignore 0 → 100644 +2 −0 Original line number Diff line number Diff line * !locales.txt .gitignore 0 → 100644 +0 −0 Empty file added. .gitlab-ci.yml 0 → 100644 +56 −0 Original line number Diff line number Diff line image: docker:stable stages: - package - test-package docker-build-development: stage: package variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - branches except: - master script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest . - docker push ${CI_REGISTRY_IMAGE} docker-build-stable: stage: package variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - master script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest . - docker push ${CI_REGISTRY_IMAGE} container-scanning: stage: test-package variables: DOCKER_DRIVER: overlay2 allow_failure: true services: - docker:stable-dind only: - branches script: - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 - apk add -U wget ca-certificates - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker pull ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 - mv clair-scanner_linux_amd64 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true artifacts: paths: [gl-sast-container-report.json] Dockerfile 0 → 100644 +99 −0 Original line number Diff line number Diff line FROM alpine:3.7 # Original from Anastas Dancha <anapsix@random.io> MAINTAINER REDMIC <redmic@oag-fundacion.org> ENV JAVA_VERSION_MAJOR=8 \ JAVA_VERSION_MINOR=172 \ JAVA_VERSION_BUILD=11 \ JAVA_PACKAGE=jdk \ HOTSWAP_AGENT_VERSION=1.2.0 \ JAVA_JCE=standard \ JAVA_HOME=/opt/jdk \ PATH=${PATH}:/opt/jdk/bin \ GLIBC_REPO=https://github.com/sgerrand/alpine-pkg-glibc \ GLIBC_VERSION=2.27-r0 \ DIRPATH=/opt/redmic \ SPRING_PROFILES_ACTIVE=dev \ JAVA_OPTS="-Xmx1g -Xss1g" \ LOG_LEVEL=error \ LOCALE=es_ES \ CHARSET=UTF-8 # Default language, additional ones must be declared on locales.txt ENV LANG=${LOCALE}.${CHARSET} \ LANGUAGE=${LOCALE}.${CHARSET} COPY ./locales.txt ${DIRPATH}/locales.txt WORKDIR ${DIRPATH} RUN set -ex && \ [[ ${JAVA_VERSION_MAJOR} != 7 ]] || ( echo >&2 'Oracle no longer publishes JAVA7 packages' && exit 1 ) && \ apk -U upgrade && \ apk add libstdc++ curl ca-certificates bash && \ for pkg in glibc-${GLIBC_VERSION} glibc-bin-${GLIBC_VERSION} glibc-i18n-${GLIBC_VERSION}; do curl -sSL ${GLIBC_REPO}/releases/download/${GLIBC_VERSION}/${pkg}.apk -o /tmp/${pkg}.apk; done && \ apk add --allow-untrusted /tmp/*.apk && \ rm -v /tmp/*.apk && \ ( cat locales.txt | xargs -i /usr/glibc-compat/bin/localedef -c -i POSIX -f ${CHARSET} {}.${CHARSET} || true ) && \ echo "export LANG=${LANG}" > /etc/profile.d/locale.sh && \ /usr/glibc-compat/sbin/ldconfig /lib /usr/glibc-compat/lib && \ mkdir /tmp/dcevm && \ curl -L -o /tmp/dcevm/DCEVM-light-8u112-installer.jar "https://github.com/dcevm/dcevm/releases/download/light-jdk8u112%2B8/DCEVM-light-8u112-installer.jar" && \ mkdir -p /opt && \ curl -jksSLH "Cookie: oraclelicense=accept-securebackup-cookie" -o /tmp/java.tar.gz \ http://download.oracle.com/otn-pub/java/jdk/${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-b${JAVA_VERSION_BUILD}/a58eab1ec242421181065cdc37240b08/${JAVA_PACKAGE}-${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-linux-x64.tar.gz && \ JAVA_PACKAGE_SHA256=$(curl -sSL https://www.oracle.com/webfolder/s/digest/${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}checksum.html | grep -E "${JAVA_PACKAGE}-${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-linux-x64\.tar\.gz" | grep -Eo '(sha256: )[^<]+' | cut -d: -f2 | xargs) && \ echo "${JAVA_PACKAGE_SHA256} /tmp/java.tar.gz" > /tmp/java.tar.gz.sha256 && \ sha256sum -c /tmp/java.tar.gz.sha256 && \ gunzip /tmp/java.tar.gz && \ tar -C /opt -xf /tmp/java.tar && \ ln -s /opt/jdk1.${JAVA_VERSION_MAJOR}.0_${JAVA_VERSION_MINOR} /opt/jdk && \ cd /tmp/dcevm && \ unzip DCEVM-light-8u112-installer.jar && \ mkdir -p /opt/jdk/jre/lib/amd64/dcevm && \ cp linux_amd64_compiler2/product/libjvm.so /opt/jdk/jre/lib/amd64/dcevm/libjvm.so && \ mkdir -p /opt/hotswap-agent/ && \ curl -L -o /opt/hotswap-agent/hotswap-agent-${HOTSWAP_AGENT_VERSION}.jar "https://github.com/HotswapProjects/HotswapAgent/releases/download/RELEASE-${HOTSWAP_AGENT_VERSION}/hotswap-agent-${HOTSWAP_AGENT_VERSION}.jar" && \ ln -s /opt/hotswap-agent/hotswap-agent-${HOTSWAP_AGENT_VERSION}.jar /opt/hotswap-agent/hotswap-agent.jar && \ if [ "${JAVA_JCE}" == "unlimited" ]; then echo "Installing Unlimited JCE policy" && \ curl -jksSLH "Cookie: oraclelicense=accept-securebackup-cookie" -o /tmp/jce_policy-${JAVA_VERSION_MAJOR}.zip \ http://download.oracle.com/otn-pub/java/jce/${JAVA_VERSION_MAJOR}/jce_policy-${JAVA_VERSION_MAJOR}.zip && \ cd /tmp && unzip /tmp/jce_policy-${JAVA_VERSION_MAJOR}.zip && \ cp -v /tmp/UnlimitedJCEPolicyJDK8/*.jar /opt/jdk/jre/lib/security/; \ fi && \ sed -i s/#networkaddress.cache.ttl=-1/networkaddress.cache.ttl=10/ $JAVA_HOME/jre/lib/security/java.security && \ apk del curl glibc-i18n && \ rm -rf /opt/jdk/*src.zip \ /opt/jdk/lib/missioncontrol \ /opt/jdk/lib/visualvm \ /opt/jdk/lib/*javafx* \ /opt/jdk/jre/plugin \ /opt/jdk/jre/bin/javaws \ /opt/jdk/jre/bin/jjs \ /opt/jdk/jre/bin/orbd \ /opt/jdk/jre/bin/pack200 \ /opt/jdk/jre/bin/policytool \ /opt/jdk/jre/bin/rmid \ /opt/jdk/jre/bin/rmiregistry \ /opt/jdk/jre/bin/servertool \ /opt/jdk/jre/bin/tnameserv \ /opt/jdk/jre/bin/unpack200 \ /opt/jdk/jre/lib/javaws.jar \ /opt/jdk/jre/lib/deploy* \ /opt/jdk/jre/lib/desktop \ /opt/jdk/jre/lib/*javafx* \ /opt/jdk/jre/lib/*jfx* \ /opt/jdk/jre/lib/amd64/libdecora_sse.so \ /opt/jdk/jre/lib/amd64/libprism_*.so \ /opt/jdk/jre/lib/amd64/libfxplugins.so \ /opt/jdk/jre/lib/amd64/libglass.so \ /opt/jdk/jre/lib/amd64/libgstreamer-lite.so \ /opt/jdk/jre/lib/amd64/libjavafx*.so \ /opt/jdk/jre/lib/amd64/libjfx*.so \ /opt/jdk/jre/lib/ext/jfxrt.jar \ /opt/jdk/jre/lib/ext/nashorn.jar \ /opt/jdk/jre/lib/oblique-fonts \ /opt/jdk/jre/lib/plugin.jar \ /tmp/* /var/cache/apk/* && \ echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf locales.txt 0 → 100644 +2 −0 Original line number Diff line number Diff line es_ES en_EN Loading
.gitlab-ci.yml 0 → 100644 +56 −0 Original line number Diff line number Diff line image: docker:stable stages: - package - test-package docker-build-development: stage: package variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - branches except: - master script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest . - docker push ${CI_REGISTRY_IMAGE} docker-build-stable: stage: package variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - master script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest . - docker push ${CI_REGISTRY_IMAGE} container-scanning: stage: test-package variables: DOCKER_DRIVER: overlay2 allow_failure: true services: - docker:stable-dind only: - branches script: - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 - apk add -U wget ca-certificates - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker pull ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 - mv clair-scanner_linux_amd64 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true artifacts: paths: [gl-sast-container-report.json]
Dockerfile 0 → 100644 +99 −0 Original line number Diff line number Diff line FROM alpine:3.7 # Original from Anastas Dancha <anapsix@random.io> MAINTAINER REDMIC <redmic@oag-fundacion.org> ENV JAVA_VERSION_MAJOR=8 \ JAVA_VERSION_MINOR=172 \ JAVA_VERSION_BUILD=11 \ JAVA_PACKAGE=jdk \ HOTSWAP_AGENT_VERSION=1.2.0 \ JAVA_JCE=standard \ JAVA_HOME=/opt/jdk \ PATH=${PATH}:/opt/jdk/bin \ GLIBC_REPO=https://github.com/sgerrand/alpine-pkg-glibc \ GLIBC_VERSION=2.27-r0 \ DIRPATH=/opt/redmic \ SPRING_PROFILES_ACTIVE=dev \ JAVA_OPTS="-Xmx1g -Xss1g" \ LOG_LEVEL=error \ LOCALE=es_ES \ CHARSET=UTF-8 # Default language, additional ones must be declared on locales.txt ENV LANG=${LOCALE}.${CHARSET} \ LANGUAGE=${LOCALE}.${CHARSET} COPY ./locales.txt ${DIRPATH}/locales.txt WORKDIR ${DIRPATH} RUN set -ex && \ [[ ${JAVA_VERSION_MAJOR} != 7 ]] || ( echo >&2 'Oracle no longer publishes JAVA7 packages' && exit 1 ) && \ apk -U upgrade && \ apk add libstdc++ curl ca-certificates bash && \ for pkg in glibc-${GLIBC_VERSION} glibc-bin-${GLIBC_VERSION} glibc-i18n-${GLIBC_VERSION}; do curl -sSL ${GLIBC_REPO}/releases/download/${GLIBC_VERSION}/${pkg}.apk -o /tmp/${pkg}.apk; done && \ apk add --allow-untrusted /tmp/*.apk && \ rm -v /tmp/*.apk && \ ( cat locales.txt | xargs -i /usr/glibc-compat/bin/localedef -c -i POSIX -f ${CHARSET} {}.${CHARSET} || true ) && \ echo "export LANG=${LANG}" > /etc/profile.d/locale.sh && \ /usr/glibc-compat/sbin/ldconfig /lib /usr/glibc-compat/lib && \ mkdir /tmp/dcevm && \ curl -L -o /tmp/dcevm/DCEVM-light-8u112-installer.jar "https://github.com/dcevm/dcevm/releases/download/light-jdk8u112%2B8/DCEVM-light-8u112-installer.jar" && \ mkdir -p /opt && \ curl -jksSLH "Cookie: oraclelicense=accept-securebackup-cookie" -o /tmp/java.tar.gz \ http://download.oracle.com/otn-pub/java/jdk/${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-b${JAVA_VERSION_BUILD}/a58eab1ec242421181065cdc37240b08/${JAVA_PACKAGE}-${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-linux-x64.tar.gz && \ JAVA_PACKAGE_SHA256=$(curl -sSL https://www.oracle.com/webfolder/s/digest/${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}checksum.html | grep -E "${JAVA_PACKAGE}-${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-linux-x64\.tar\.gz" | grep -Eo '(sha256: )[^<]+' | cut -d: -f2 | xargs) && \ echo "${JAVA_PACKAGE_SHA256} /tmp/java.tar.gz" > /tmp/java.tar.gz.sha256 && \ sha256sum -c /tmp/java.tar.gz.sha256 && \ gunzip /tmp/java.tar.gz && \ tar -C /opt -xf /tmp/java.tar && \ ln -s /opt/jdk1.${JAVA_VERSION_MAJOR}.0_${JAVA_VERSION_MINOR} /opt/jdk && \ cd /tmp/dcevm && \ unzip DCEVM-light-8u112-installer.jar && \ mkdir -p /opt/jdk/jre/lib/amd64/dcevm && \ cp linux_amd64_compiler2/product/libjvm.so /opt/jdk/jre/lib/amd64/dcevm/libjvm.so && \ mkdir -p /opt/hotswap-agent/ && \ curl -L -o /opt/hotswap-agent/hotswap-agent-${HOTSWAP_AGENT_VERSION}.jar "https://github.com/HotswapProjects/HotswapAgent/releases/download/RELEASE-${HOTSWAP_AGENT_VERSION}/hotswap-agent-${HOTSWAP_AGENT_VERSION}.jar" && \ ln -s /opt/hotswap-agent/hotswap-agent-${HOTSWAP_AGENT_VERSION}.jar /opt/hotswap-agent/hotswap-agent.jar && \ if [ "${JAVA_JCE}" == "unlimited" ]; then echo "Installing Unlimited JCE policy" && \ curl -jksSLH "Cookie: oraclelicense=accept-securebackup-cookie" -o /tmp/jce_policy-${JAVA_VERSION_MAJOR}.zip \ http://download.oracle.com/otn-pub/java/jce/${JAVA_VERSION_MAJOR}/jce_policy-${JAVA_VERSION_MAJOR}.zip && \ cd /tmp && unzip /tmp/jce_policy-${JAVA_VERSION_MAJOR}.zip && \ cp -v /tmp/UnlimitedJCEPolicyJDK8/*.jar /opt/jdk/jre/lib/security/; \ fi && \ sed -i s/#networkaddress.cache.ttl=-1/networkaddress.cache.ttl=10/ $JAVA_HOME/jre/lib/security/java.security && \ apk del curl glibc-i18n && \ rm -rf /opt/jdk/*src.zip \ /opt/jdk/lib/missioncontrol \ /opt/jdk/lib/visualvm \ /opt/jdk/lib/*javafx* \ /opt/jdk/jre/plugin \ /opt/jdk/jre/bin/javaws \ /opt/jdk/jre/bin/jjs \ /opt/jdk/jre/bin/orbd \ /opt/jdk/jre/bin/pack200 \ /opt/jdk/jre/bin/policytool \ /opt/jdk/jre/bin/rmid \ /opt/jdk/jre/bin/rmiregistry \ /opt/jdk/jre/bin/servertool \ /opt/jdk/jre/bin/tnameserv \ /opt/jdk/jre/bin/unpack200 \ /opt/jdk/jre/lib/javaws.jar \ /opt/jdk/jre/lib/deploy* \ /opt/jdk/jre/lib/desktop \ /opt/jdk/jre/lib/*javafx* \ /opt/jdk/jre/lib/*jfx* \ /opt/jdk/jre/lib/amd64/libdecora_sse.so \ /opt/jdk/jre/lib/amd64/libprism_*.so \ /opt/jdk/jre/lib/amd64/libfxplugins.so \ /opt/jdk/jre/lib/amd64/libglass.so \ /opt/jdk/jre/lib/amd64/libgstreamer-lite.so \ /opt/jdk/jre/lib/amd64/libjavafx*.so \ /opt/jdk/jre/lib/amd64/libjfx*.so \ /opt/jdk/jre/lib/ext/jfxrt.jar \ /opt/jdk/jre/lib/ext/nashorn.jar \ /opt/jdk/jre/lib/oblique-fonts \ /opt/jdk/jre/lib/plugin.jar \ /tmp/* /var/cache/apk/* && \ echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf
