mirrors/docker-icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/docker-icinga2.git synced 2025-11-09 11:21:20 +01:00
Code Issues Projects Releases Wiki Activity

Merge Dockerfiles

Browse Source 
Rationale: for security reasons include the latest deps, at least in release images.
Therefore include them everywhere, so the CI warns early enough.
This commit is contained in:
Alexander A. Klimov 2021-06-24 16:36:40 +02:00
parent e14e260a19
commit d6881ae03b
6 changed files with 114 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
Dockerfile
View File

@ -1,6 +1,76 @@
# Icinga 2 Docker image | (c) 2020 Icinga GmbH | GPLv2+
FROM icinga/icinga2-deps
FROM golang:buster as entrypoint
COPY entrypoint /entrypoint
WORKDIR /entrypoint
RUN ["go", "build", "."]
FROM buildpack-deps:scm as clone
SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
RUN git clone --bare https://github.com/lausser/check_mssql_health.git ;\
git -C check_mssql_health.git archive --prefix=check_mssql_health/ 747af4c3c261790341da164b58d84db9c7fa5480 |tar -x ;\
git clone --bare https://github.com/lausser/check_nwc_health.git ;\
git -C check_nwc_health.git archive --prefix=check_nwc_health/ a5295475c9bbd6df9fe7432347f7c5aba16b49df |tar -x ;\
git clone --bare https://github.com/bucardo/check_postgres.git ;\
git -C check_postgres.git archive --prefix=check_postgres/ 58de936fdfe4073413340cbd9061aa69099f1680 |tar -x ;\
git clone --bare https://github.com/matteocorti/check_ssl_cert.git ;\
git -C check_ssl_cert.git archive --prefix=check_ssl_cert/ 1e72259a9c1cd8c60e229725293c51e03c3ba814 |tar -x ;\
rm -rf *.git
FROM debian:buster-slim as build
SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
RUN apt-get update ;\
apt-get install --no-install-{recommends,suggests} -y \
autoconf automake make ;\
apt-get clean ;\
rm -vrf /var/lib/apt/lists/*
COPY --from=clone /check_mssql_health /check_mssql_health
COPY --from=clone /check_nwc_health /check_nwc_health
COPY --from=clone /check_postgres /check_postgres
RUN cd /check_mssql_health ;\
mkdir bin ;\
autoconf ;\
autoreconf ;\
./configure --libexecdir=/usr/lib/nagios/plugins ;\
make ;\
make install "DESTDIR=$(pwd)/bin"
RUN cd /check_nwc_health ;\
mkdir bin ;\
autoreconf ;\
./configure --libexecdir=/usr/lib/nagios/plugins ;\
make ;\
make install "DESTDIR=$(pwd)/bin"
RUN cd /check_postgres ;\
mkdir bin ;\
perl Makefile.PL INSTALLSITESCRIPT=/usr/lib/nagios/plugins ;\
make ;\
make install "DESTDIR=$(pwd)/bin"
FROM debian:buster-slim
RUN ["/bin/bash", "-exo", "pipefail", "-c", "apt-get update; DEBIAN_FRONTEND=noninteractive apt-get install --no-install-{recommends,suggests} -y ca-certificates curl dumb-init libboost-{context,coroutine,date-time,filesystem,program-options,regex,system,thread}1.67 libcap2-bin libedit2 libmariadb3 libmoosex-role-timer-perl libpq5 libssl1.1 mailutils monitoring-plugins msmtp{,-mta} openssh-client openssl; apt-get clean; rm -vrf /var/lib/apt/lists/*"]
COPY --from=entrypoint /entrypoint/entrypoint /entrypoint
RUN ["adduser", "--system", "--group", "--home", "/var/lib/icinga2", "--disabled-login", "--force-badname", "--no-create-home", "--uid", "5665", "icinga"]
COPY --from=build /check_mssql_health/bin/ /
COPY --from=build /check_nwc_health/bin/ /
COPY --from=build /check_postgres/bin/ /
COPY --from=clone /check_ssl_cert/check_ssl_cert /usr/lib/nagios/plugins/check_ssl_cert
ENTRYPOINT ["/entrypoint"]
COPY icinga2-bin/ /

39
action-base.Dockerfile
View File

@ -1,39 +0,0 @@
# Icinga 2 Docker image | (c) 2020 Icinga GmbH | GPLv2+
FROM buildpack-deps:scm as clone
SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
RUN mkdir actions ;\
cd actions ;\
git clone --bare https://github.com/actions/checkout.git ;\
git -C checkout.git archive --prefix=checkout/ v2 |tar -x ;\
git clone --bare https://github.com/actions/cache.git ;\
git -C cache.git archive --prefix=cache/ v2 |tar -x ;\
rm -rf *.git
FROM debian:buster-slim
SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update ;\
apt-get install --no-install-{recommends,suggests} -y \
apt-transport-https gnupg2 dirmngr ca-certificates ;\
apt-get clean ;\
rm -vrf /var/lib/apt/lists/* ;\
apt-key adv --fetch-keys https://download.docker.com/linux/debian/gpg ;\
apt-get purge -y gnupg2 dirmngr ;\
apt-get autoremove --purge -y
ADD action-base.list /etc/apt/sources.list.d/misc.list
RUN apt-get update ;\
apt-get install --no-install-{recommends,suggests} -y \
bison cmake docker-ce-cli flex g++ git \
libboost{,-{context,coroutine,date-time,filesystem,program-options,regex,system,thread}}1.67-dev \
libedit-dev libmariadbclient-dev libpq-dev libssl-dev make nodejs ;\
apt-get install --no-install-{recommends,suggests} -y ccache ;\
apt-get clean ;\
rm -vrf /var/lib/apt/lists/*
COPY --from=clone /actions /actions

39
action.Dockerfile
View File

@ -1,7 +1,44 @@
# Icinga 2 Docker image | (c) 2020 Icinga GmbH | GPLv2+
FROM icinga/icinga2-builder
FROM buildpack-deps:scm as clone
SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
RUN mkdir actions ;\
cd actions ;\
git clone --bare https://github.com/actions/checkout.git ;\
git -C checkout.git archive --prefix=checkout/ v2 |tar -x ;\
git clone --bare https://github.com/actions/cache.git ;\
git -C cache.git archive --prefix=cache/ v2 |tar -x ;\
rm -rf *.git
FROM debian:buster-slim
SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update ;\
apt-get install --no-install-{recommends,suggests} -y \
apt-transport-https gnupg2 dirmngr ca-certificates ;\
apt-get clean ;\
rm -vrf /var/lib/apt/lists/* ;\
apt-key adv --fetch-keys https://download.docker.com/linux/debian/gpg ;\
apt-get purge -y gnupg2 dirmngr ;\
apt-get autoremove --purge -y
ADD action-base.list /etc/apt/sources.list.d/misc.list
RUN apt-get update ;\
apt-get install --no-install-{recommends,suggests} -y \
bison cmake docker-ce-cli flex g++ git \
libboost{,-{context,coroutine,date-time,filesystem,program-options,regex,system,thread}}1.67-dev \
libedit-dev libmariadbclient-dev libpq-dev libssl-dev make nodejs ;\
apt-get install --no-install-{recommends,suggests} -y ccache ;\
apt-get clean ;\
rm -vrf /var/lib/apt/lists/*
COPY --from=clone /actions /actions
COPY action.bash compile.bash Dockerfile /
COPY entrypoint /entrypoint
CMD ["/action.bash"]

3
action.bash
View File

@ -20,8 +20,9 @@ mkimg () {
ln -vs "$(pwd)/ccache" ~/.ccache
/compile.bash
cache save
cp -r /entrypoint .
docker build -f /Dockerfile -t "${TARGET}:$TAG" .
STATE_isPost=1 node /actions/checkout/dist/index.js

5
build.bash
View File

@ -15,8 +15,7 @@ fi
I2SRC="$(realpath "$I2SRC")"
BLDCTX="$(realpath "$(dirname "$0")")"
docker build -f "${BLDCTX}/action-base.Dockerfile" -t icinga/icinga2-builder "$BLDCTX"
docker build -f "${BLDCTX}/deps.Dockerfile" -t icinga/icinga2-deps "$BLDCTX"
docker build -f "${BLDCTX}/action.Dockerfile" -t icinga/icinga2-builder "$BLDCTX"
docker run --rm -i \
-v "${I2SRC}:/i2src:ro" \
@ -31,5 +30,7 @@ cp -r /i2src/.git /i2cp
cd /i2cp
/bldctx/compile.bash
cp -r /entrypoint .
docker build -f /bldctx/Dockerfile -t icinga/icinga2 .
EOF

73
deps.Dockerfile
View File

@ -1,73 +0,0 @@
# Icinga 2 Docker image | (c) 2020 Icinga GmbH | GPLv2+
FROM golang:buster as entrypoint
COPY entrypoint /entrypoint
WORKDIR /entrypoint
RUN ["go", "build", "."]
FROM buildpack-deps:scm as clone
SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
RUN git clone --bare https://github.com/lausser/check_mssql_health.git ;\
git -C check_mssql_health.git archive --prefix=check_mssql_health/ 747af4c3c261790341da164b58d84db9c7fa5480 |tar -x ;\
git clone --bare https://github.com/lausser/check_nwc_health.git ;\
git -C check_nwc_health.git archive --prefix=check_nwc_health/ a5295475c9bbd6df9fe7432347f7c5aba16b49df |tar -x ;\
git clone --bare https://github.com/bucardo/check_postgres.git ;\
git -C check_postgres.git archive --prefix=check_postgres/ 58de936fdfe4073413340cbd9061aa69099f1680 |tar -x ;\
git clone --bare https://github.com/matteocorti/check_ssl_cert.git ;\
git -C check_ssl_cert.git archive --prefix=check_ssl_cert/ 1e72259a9c1cd8c60e229725293c51e03c3ba814 |tar -x ;\
rm -rf *.git
FROM debian:buster-slim as build
SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
RUN apt-get update ;\
apt-get install --no-install-{recommends,suggests} -y \
autoconf automake make ;\
apt-get clean ;\
rm -vrf /var/lib/apt/lists/*
COPY --from=clone /check_mssql_health /check_mssql_health
COPY --from=clone /check_nwc_health /check_nwc_health
COPY --from=clone /check_postgres /check_postgres
RUN cd /check_mssql_health ;\
mkdir bin ;\
autoconf ;\
autoreconf ;\
./configure --libexecdir=/usr/lib/nagios/plugins ;\
make ;\
make install "DESTDIR=$(pwd)/bin"
RUN cd /check_nwc_health ;\
mkdir bin ;\
autoreconf ;\
./configure --libexecdir=/usr/lib/nagios/plugins ;\
make ;\
make install "DESTDIR=$(pwd)/bin"
RUN cd /check_postgres ;\
mkdir bin ;\
perl Makefile.PL INSTALLSITESCRIPT=/usr/lib/nagios/plugins ;\
make ;\
make install "DESTDIR=$(pwd)/bin"
FROM debian:buster-slim
RUN ["/bin/bash", "-exo", "pipefail", "-c", "apt-get update; DEBIAN_FRONTEND=noninteractive apt-get install --no-install-{recommends,suggests} -y ca-certificates curl dumb-init libboost-{context,coroutine,date-time,filesystem,program-options,regex,system,thread}1.67 libcap2-bin libedit2 libmariadb3 libmoosex-role-timer-perl libpq5 libssl1.1 mailutils monitoring-plugins msmtp{,-mta} openssh-client openssl; apt-get clean; rm -vrf /var/lib/apt/lists/*"]
COPY --from=entrypoint /entrypoint/entrypoint /entrypoint
RUN ["adduser", "--system", "--group", "--home", "/var/lib/icinga2", "--disabled-login", "--force-badname", "--no-create-home", "--uid", "5665", "icinga"]
COPY --from=build /check_mssql_health/bin/ /
COPY --from=build /check_nwc_health/bin/ /
COPY --from=build /check_postgres/bin/ /
COPY --from=clone /check_ssl_cert/check_ssl_cert /usr/lib/nagios/plugins/check_ssl_cert
ENTRYPOINT ["/entrypoint"]