Skip to content

Commit bb821cb

Browse files
prabhuprabhu
authored
almalinux 10 upgrade (#1818)
* Upgrade to almalinux 10. Make the default image secure by default. Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Simplify python3 install Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
1 parent 391788e commit bb821cb

File tree

10 files changed

+58
-206
lines changed

10 files changed

+58
-206
lines changed

.github/workflows/npm-release.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@ jobs:
8686
id: build
8787
with:
8888
context: .
89-
file: ci/base-images/al9/Dockerfile.ruby-builder
89+
file: ci/base-images/al10/Dockerfile.ruby-builder
9090
platforms: linux/amd64
9191
push: true
9292
tags: ${{ steps.meta.outputs.tags }}
@@ -129,7 +129,7 @@ jobs:
129129
id: build
130130
with:
131131
context: .
132-
file: ci/base-images/al9/Dockerfile.ruby-builder
132+
file: ci/base-images/al10/Dockerfile.ruby-builder
133133
platforms: linux/arm64
134134
push: true
135135
tags: ${{ steps.meta.outputs.tags }}
@@ -243,7 +243,7 @@ jobs:
243243
containers-secure:
244244
if: github.repository == 'CycloneDX/cdxgen'
245245
runs-on: ["self-hosted", "metal", "amd64"]
246-
needs: [containers-ruby-builder-deploy-manifest]
246+
needs: [containers]
247247
permissions:
248248
contents: write
249249
packages: write

ci/Dockerfile

Lines changed: 37 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ LABEL maintainer="cyclonedx" \
44
org.opencontainers.image.authors="Prabhu Subramanian <prabhu@appthreat.com>" \
55
org.opencontainers.image.source="https://github.com/cyclonedx/cdxgen" \
66
org.opencontainers.image.url="https://github.com/cyclonedx/cdxgen" \
7-
org.opencontainers.image.version="11.3.x" \
7+
org.opencontainers.image.version="11.4.x" \
88
org.opencontainers.image.vendor="cyclonedx" \
99
org.opencontainers.image.licenses="Apache-2.0" \
1010
org.opencontainers.image.title="cdxgen" \
@@ -22,8 +22,8 @@ ARG MAVEN_VERSION=3.9.9
2222
ARG GRADLE_VERSION=8.14
2323
ARG GO_VERSION=1.24.3
2424
ARG NODE_VERSION=24.0.2
25-
ARG PYTHON_VERSION=3.12
2625
ARG RUBY_VERSION=3.4.3
26+
ARG JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8"
2727
ARG SCALA_VERSION=3.6.4
2828

2929
ENV GOPATH=/opt/app-root/go \
@@ -32,19 +32,18 @@ ENV GOPATH=/opt/app-root/go \
3232
MAVEN_VERSION=$MAVEN_VERSION \
3333
GRADLE_VERSION=$GRADLE_VERSION \
3434
GRADLE_OPTS="-Dorg.gradle.daemon=false" \
35-
JAVA_HOME="/root/.sdkman/candidates/java/${JAVA_VERSION}" \
36-
MAVEN_HOME="/root/.sdkman/candidates/maven/${MAVEN_VERSION}" \
37-
GRADLE_HOME="/root/.sdkman/candidates/gradle/${GRADLE_VERSION}" \
38-
SBT_HOME="/root/.sdkman/candidates/sbt/${SBT_VERSION}" \
35+
JAVA_HOME="/opt/.sdkman/candidates/java/${JAVA_VERSION}" \
36+
MAVEN_HOME="/opt/.sdkman/candidates/maven/${MAVEN_VERSION}" \
37+
GRADLE_HOME="/opt/.sdkman/candidates/gradle/${GRADLE_VERSION}" \
38+
SBT_HOME="/opt/.sdkman/candidates/sbt/${SBT_VERSION}" \
3939
SCALA_VERSION=$SCALA_VERSION \
40-
SCALA_HOME="/root/.sdkman/candidates/scala/${SCALA_VERSION}" \
41-
PYTHON_VERSION=3.12 \
42-
PYTHON_CMD=/usr/bin/python3.12 \
40+
SCALA_HOME="/opt/.sdkman/candidates/scala/${SCALA_VERSION}" \
41+
PYTHON_CMD=/usr/bin/python3 \
4342
RUBY_VERSION=$RUBY_VERSION \
4443
PYTHONUNBUFFERED=1 \
4544
PYTHONIOENCODING="utf-8" \
4645
COMPOSER_ALLOW_SUPERUSER=1 \
47-
JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8 --enable-native-access=ALL-UNNAMED" \
46+
JAVA_TOOL_OPTIONS=$JAVA_TOOL_OPTIONS \
4847
SWIFT_SIGNING_KEY=$SWIFT_SIGNING_KEY \
4948
SWIFT_PLATFORM=$SWIFT_PLATFORM \
5049
SWIFT_BRANCH=$SWIFT_BRANCH \
@@ -53,16 +52,17 @@ ENV GOPATH=/opt/app-root/go \
5352
LC_ALL=en_US.UTF-8 \
5453
LANG=en_US.UTF-8 \
5554
LANGUAGE=en_US.UTF-8 \
56-
NVM_DIR="/root/.nvm" \
55+
NVM_DIR="/opt/.nvm" \
5756
TMPDIR=/tmp \
57+
DOTNET_CLI_TELEMETRY_OPTOUT=1 \
5858
NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \
5959
PYTHONPATH=/opt/pypi:${PYTHONPATH} \
6060
CDXGEN_IN_CONTAINER=true \
61-
SDKMAN_DIR=/root/.sdkman \
62-
SDKMAN_CANDIDATES_DIR=/root/.sdkman/candidates \
63-
DOTNET_CLI_TELEMETRY_OPTOUT=1 \
61+
CDXGEN_TEMP_DIR=/tmp/cdxgen-temp \
62+
SDKMAN_DIR=/opt/.sdkman \
63+
SDKMAN_CANDIDATES_DIR=/opt/.sdkman/candidates \
6464
RBENV_ROOT=/opt/.rbenv
65-
ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:${GRADLE_HOME}/bin:${SCALA_HOME}/bin:${SBT_HOME}/bin:${GOPATH}/bin:/usr/local/go/bin:/usr/local/bin/:/root/.local/bin:/root/.cargo/bin:/opt/pypi/bin:/opt/.rbenv/bin:/opt/.rbenv/versions/3.4.3/bin:
65+
ENV PATH=${PATH}:/opt/bin:/opt/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:${GRADLE_HOME}/bin:${SCALA_HOME}/bin:${SBT_HOME}/bin:${GOPATH}/bin:/usr/local/go/bin:/usr/local/bin/:/opt/.local/bin:/opt/pypi/bin:/opt/.rbenv/bin:/opt/.rbenv/versions/3.4.3/bin:
6666

6767
COPY . /opt/cdxgen
6868

@@ -81,34 +81,32 @@ RUN set -e; \
8181
*) echo >&2 "error: unsupported architecture: '$ARCH_NAME'"; exit 1 ;; \
8282
esac \
8383
&& microdnf install -y php php-curl php-zip php-bcmath php-json php-pear php-mbstring php-devel make gcc git-core \
84-
python${PYTHON_VERSION} python${PYTHON_VERSION}-devel python${PYTHON_VERSION}-pip glibc-common glibc-all-langpacks \
84+
python3 python3-devel python3-pip glibc-common glibc-all-langpacks \
8585
openssl-devel libffi-devel libyaml zlib-devel \
86-
pcre2 which tar gzip zip unzip bzip2 sudo ncurses ncurses-devel sqlite-devel gnupg2 dotnet-sdk-9.0 \
86+
pcre2 which tar gzip zip unzip bzip2 sudo ncurses ncurses-devel sqlite-devel gnupg2 dotnet-sdk-9.0 rust cargo \
8787
&& ruby --version \
8888
&& which ruby \
89-
&& alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 10 \
90-
&& alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 10 \
91-
&& /usr/bin/python${PYTHON_VERSION} --version \
92-
&& /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade setuptools==77.0.3 wheel pip virtualenv \
93-
&& /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pipenv poetry blint atom-tools uv --target /opt/pypi \
89+
&& /usr/bin/python3 --version \
90+
&& /usr/bin/python3 -m pip install --no-cache-dir --upgrade setuptools==77.0.3 wheel pip virtualenv \
91+
&& /usr/bin/python3 -m pip install --no-cache-dir --upgrade pipenv poetry blint atom-tools uv --target /opt/pypi \
9492
&& /opt/pypi/bin/poetry --version \
9593
&& /opt/pypi/bin/pipenv --version \
9694
&& /opt/pypi/bin/blint --help \
97-
&& curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
95+
&& mkdir -p /opt/bin /opt/.nvm /tmp/cdxgen-temp \
9896
&& cargo --version \
9997
&& rustc --version \
10098
&& curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash \
101-
&& source /root/.nvm/nvm.sh \
99+
&& source ${NVM_DIR}/nvm.sh \
102100
&& nvm install ${NODE_VERSION} \
103101
&& node --version \
104102
&& curl -s "https://get.sdkman.io" | bash \
105-
&& echo -e "sdkman_auto_answer=true\nsdkman_selfupdate_feature=false\nsdkman_auto_env=true\nsdkman_curl_connect_timeout=20\nsdkman_curl_max_time=0" >> $HOME/.sdkman/etc/config \
106-
&& source "$HOME/.sdkman/bin/sdkman-init.sh" \
107-
&& sdk install java $JAVA_VERSION \
108-
&& sdk install maven $MAVEN_VERSION \
109-
&& sdk install gradle $GRADLE_VERSION \
110-
&& sdk install scala $SCALA_VERSION \
111-
&& sdk install sbt $SBT_VERSION \
103+
&& echo -e "sdkman_auto_answer=true\nsdkman_selfupdate_feature=false\nsdkman_auto_env=true\nsdkman_curl_connect_timeout=20\nsdkman_curl_max_time=0" >> /opt/.sdkman/etc/config \
104+
&& source "/opt/.sdkman/bin/sdkman-init.sh" \
105+
&& sdk install java $JAVA_VERSION /opt/.sdkman/candidates/java \
106+
&& sdk install maven $MAVEN_VERSION /opt/.sdkman/candidates/maven \
107+
&& sdk install gradle $GRADLE_VERSION /opt/.sdkman/candidates/gradle \
108+
&& sdk install scala $SCALA_VERSION /opt/.sdkman/candidates/scala \
109+
&& sdk install sbt $SBT_VERSION /opt/.sdkman/candidates/sbt \
112110
&& SWIFT_WEBDIR="$SWIFT_WEBROOT/$SWIFT_BRANCH/$(echo $SWIFT_PLATFORM | tr -d .)$OS_ARCH_SUFFIX" \
113111
&& SWIFT_BIN_URL="$SWIFT_WEBDIR/$SWIFT_VERSION/$SWIFT_VERSION-$SWIFT_PLATFORM$OS_ARCH_SUFFIX.tar.gz" \
114112
&& SWIFT_SIG_URL="$SWIFT_BIN_URL.sig" \
@@ -131,10 +129,12 @@ RUN set -e; \
131129
&& /usr/local/bin/lein \
132130
&& curl -L -O https://github.com/clojure/brew-install/releases/latest/download/linux-install.sh \
133131
&& chmod +x linux-install.sh \
134-
&& ./linux-install.sh \
132+
&& ./linux-install.sh && rm linux-install.sh \
135133
&& curl -L --output /usr/local/bin/bazel https://github.com/bazelbuild/bazelisk/releases/latest/download/bazelisk-linux-${GOBIN_VERSION} \
136134
&& chmod +x /usr/local/bin/bazel \
137135
&& useradd -ms /bin/bash cyclonedx \
136+
&& mv /root/.bashrc /home/cyclonedx/.bashrc \
137+
&& chown -R cyclonedx:cyclonedx /home/cyclonedx/.bashrc \
138138
&& npm install --global corepack@latest \
139139
&& npm install -g node-gyp @microsoft/rush --omit=dev \
140140
&& npx node-gyp install \
@@ -146,12 +146,14 @@ RUN set -e; \
146146
&& gem install bundler cocoapods \
147147
&& gem --version \
148148
&& bundler --version \
149-
&& cd /opt/cdxgen && corepack enable && corepack pnpm install --config.strict-dep-builds=true --prod --package-import-method copy --frozen-lockfile && corepack pnpm cache delete \
149+
&& cd /opt/cdxgen && corepack enable pnpm && pnpm config set global-bin-dir /opt/bin \
150+
&& pnpm install --config.strict-dep-builds=true --prod --package-import-method copy --frozen-lockfile && pnpm link && pnpm cache delete \
151+
&& pnpm bin && pnpm bin -g \
150152
&& mkdir -p /opt/cdxgen-node-cache \
151153
&& chown -R cyclonedx:cyclonedx /opt/cdxgen /opt/cdxgen-node-cache \
152154
&& chmod a-w -R /opt \
153-
&& node /opt/cdxgen/bin/cdxgen.js --help \
154155
&& rm -rf /var/cache/yum /root/.cache/pypoetry /root/.cache/node \
155156
&& microdnf clean all
157+
USER cyclonedx
156158
WORKDIR /app
157-
ENTRYPOINT ["node", "/opt/cdxgen/bin/cdxgen.js"]
159+
ENTRYPOINT ["cdxgen"]

ci/Dockerfile-bun

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
1-
FROM almalinux:9.6-minimal
1+
FROM almalinux:10.0-minimal
22

33
LABEL maintainer="cyclonedx" \
44
org.opencontainers.image.authors="Prabhu Subramanian <prabhu@appthreat.com>" \
55
org.opencontainers.image.source="https://github.com/cyclonedx/cdxgen" \
66
org.opencontainers.image.url="https://github.com/cyclonedx/cdxgen" \
7-
org.opencontainers.image.version="11.3.x" \
7+
org.opencontainers.image.version="11.4.x" \
88
org.opencontainers.image.vendor="cyclonedx" \
99
org.opencontainers.image.licenses="Apache-2.0" \
1010
org.opencontainers.image.title="cdxgen" \
@@ -35,7 +35,6 @@ ENV GOPATH=/opt/app-root/go \
3535
SBT_HOME="/root/.sdkman/candidates/sbt/${SBT_VERSION}" \
3636
PYTHON_VERSION=3.12 \
3737
PYTHON_CMD=/usr/bin/python3.12 \
38-
RUBY_VERSION=$RUBY_VERSION \
3938
PYTHONUNBUFFERED=1 \
4039
PYTHONIOENCODING="utf-8" \
4140
COMPOSER_ALLOW_SUPERUSER=1 \
@@ -114,7 +113,7 @@ RUN set -e; \
114113
&& /usr/local/bin/lein \
115114
&& curl -L -O https://github.com/clojure/brew-install/releases/latest/download/linux-install.sh \
116115
&& chmod +x linux-install.sh \
117-
&& ./linux-install.sh \
116+
&& ./linux-install.sh && rm linux-install.sh \
118117
&& useradd -ms /bin/bash cyclonedx \
119118
&& pecl channel-update pecl.php.net \
120119
&& pecl install timezonedb \

ci/Dockerfile-deno

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ LABEL maintainer="cyclonedx" \
44
org.opencontainers.image.authors="Prabhu Subramanian <prabhu@appthreat.com>" \
55
org.opencontainers.image.source="https://github.com/cyclonedx/cdxgen" \
66
org.opencontainers.image.url="https://github.com/cyclonedx/cdxgen" \
7-
org.opencontainers.image.version="11.3.x" \
7+
org.opencontainers.image.version="11.4.x" \
88
org.opencontainers.image.vendor="cyclonedx" \
99
org.opencontainers.image.licenses="Apache-2.0" \
1010
org.opencontainers.image.title="cdxgen" \
@@ -133,7 +133,7 @@ RUN set -e; \
133133
&& /usr/local/bin/lein \
134134
&& curl -L -O https://github.com/clojure/brew-install/releases/latest/download/linux-install.sh \
135135
&& chmod +x linux-install.sh \
136-
&& ./linux-install.sh \
136+
&& ./linux-install.sh && rm linux-install.sh \
137137
&& curl -L --output /usr/local/bin/bazel https://github.com/bazelbuild/bazelisk/releases/latest/download/bazelisk-linux-${GOBIN_VERSION} \
138138
&& chmod +x /usr/local/bin/bazel \
139139
&& bazel --version \

ci/Dockerfile-ppc64

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
1-
FROM almalinux:9.6-minimal
1+
FROM almalinux:10.0-minimal
22

33
LABEL maintainer="cyclonedx" \
44
org.opencontainers.image.authors="Prabhu Subramanian <prabhu@appthreat.com>" \
55
org.opencontainers.image.source="https://github.com/cyclonedx/cdxgen" \
66
org.opencontainers.image.url="https://github.com/cyclonedx/cdxgen" \
7-
org.opencontainers.image.version="11.3.x" \
7+
org.opencontainers.image.version="11.4.x" \
88
org.opencontainers.image.vendor="cyclonedx" \
99
org.opencontainers.image.licenses="Apache-2.0" \
1010
org.opencontainers.image.title="cdxgen" \
@@ -85,7 +85,7 @@ RUN set -e; \
8585
&& /usr/local/bin/lein \
8686
&& curl -L -O https://github.com/clojure/brew-install/releases/latest/download/linux-install.sh \
8787
&& chmod +x linux-install.sh \
88-
&& ./linux-install.sh \
88+
&& ./linux-install.sh && rm linux-install.sh \
8989
&& useradd -ms /bin/bash cyclonedx \
9090
&& npm install -g corepack \
9191
&& npm install -g @microsoft/rush --omit=dev \

0 commit comments

Comments
 (0)