diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index c20d5e1f7..783501250 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -534,7 +534,7 @@ steps: - ".buildkite/run_functional_test.sh" artifact_paths: - "perf8-report-*/**/*" - + - path: - "connectors/sources/redis.py" - "tests/sources/fixtures/redis/**" @@ -553,7 +553,7 @@ steps: - ".buildkite/run_functional_test.sh" artifact_paths: - "perf8-report-*/**/*" - + - path: - "connectors/sources/graphql.py" - "tests/sources/fixtures/graphql/**" @@ -647,6 +647,104 @@ steps: - buildkite-agent artifact download '.artifacts/*.tar.gz*' .artifacts/ --step build_docker_image_arm64 - ".buildkite/publish/test-docker.sh" + # ---- + # OSS Dockerfile build, tests and vunlerability scan on amd64 + # ---- + - label: "Building amd64 Docker image from OSS Dockerfile" + agents: + provider: aws + instanceType: m6i.xlarge + imagePrefix: ci-amazonlinux-2 + env: + ARCHITECTURE: "amd64" + DOCKERFILE_PATH: "Dockerfile" + DOCKER_IMAGE_NAME: "docker.elastic.co/ci-agent-images/elastic-connectors-oss-dockerfile" + DOCKER_ARTIFACT_KEY: "elastic-connectors-oss-dockerfile" + command: ".buildkite/publish/build-docker.sh" + key: "build_oss_dockerfile_image_amd64" + artifact_paths: ".artifacts/*.tar.gz" + - label: "Testing amd64 image built from OSS Dockerfile" + agents: + provider: aws + instanceType: m6i.xlarge + imagePrefix: ci-amazonlinux-2 + env: + ARCHITECTURE: "amd64" + DOCKERFILE_PATH: "Dockerfile" + DOCKER_IMAGE_NAME: "docker.elastic.co/ci-agent-images/elastic-connectors-oss-dockerfile" + DOCKER_ARTIFACT_KEY: "elastic-connectors-oss-dockerfile" + depends_on: "build_oss_dockerfile_image_amd64" + key: "test_oss_dockerfile_image_amd64" + commands: + - "mkdir -p .artifacts" + - buildkite-agent artifact download '.artifacts/*.tar.gz*' .artifacts/ --step build_oss_dockerfile_image_amd64 + - ".buildkite/publish/test-docker.sh" + - label: "Trivy Scan amd64 OSS Dockerfile image" + timeout_in_minutes: 10 + depends_on: + - test_oss_dockerfile_image_amd64 + key: "trivy-scan-amd64-oss-dockerfile-image" + agents: + provider: k8s + image: "docker.elastic.co/ci-agent-images/trivy:latest" + command: |- + mkdir -p .artifacts + buildkite-agent artifact download '.artifacts/*.tar.gz*' .artifacts/ --step build_oss_dockerfile_image_amd64 + trivy --version + env | grep TRIVY + find .artifacts -type f -name '*.tar.gz*' -exec trivy image --quiet --input {} \; + + # ---- + # OSS Dockerfile build, tests and vunlerability scan on arm64 + # ---- + - label: "Building arm64 Docker image from OSS Dockerfile" + agents: + provider: aws + instanceType: m6g.xlarge + imagePrefix: ci-amazonlinux-2-aarch64 + diskSizeGb: 40 + diskName: '/dev/xvda' + env: + ARCHITECTURE: "arm64" + DOCKERFILE_PATH: "Dockerfile" + DOCKER_IMAGE_NAME: "docker.elastic.co/ci-agent-images/elastic-connectors-oss-dockerfile" + DOCKER_ARTIFACT_KEY: "elastic-connectors-oss-dockerfile" + command: ".buildkite/publish/build-docker.sh" + key: "build_oss_dockerfile_image_arm64" + artifact_paths: ".artifacts/*.tar.gz" + - label: "Testing arm64 image built from OSS Dockerfile" + agents: + provider: aws + instanceType: m6g.xlarge + imagePrefix: ci-amazonlinux-2-aarch64 + diskSizeGb: 40 + diskName: '/dev/xvda' + env: + ARCHITECTURE: "arm64" + DOCKERFILE_PATH: "Dockerfile" + DOCKER_IMAGE_NAME: "docker.elastic.co/ci-agent-images/elastic-connectors-oss-dockerfile" + DOCKER_ARTIFACT_KEY: "elastic-connectors-oss-dockerfile" + depends_on: "build_oss_dockerfile_image_arm64" + key: "test_oss_dockerfile_image_arm64" + commands: + - "mkdir -p .artifacts" + - buildkite-agent artifact download '.artifacts/*.tar.gz*' .artifacts/ --step build_oss_dockerfile_image_arm64 + - ".buildkite/publish/test-docker.sh" + - label: "Trivy Scan arm64 OSS Dockerfile image" + timeout_in_minutes: 10 + depends_on: + - test_oss_dockerfile_image_arm64 + key: "trivy-scan-arm64-oss-dockerfile-image" + agents: + provider: k8s + image: "docker.elastic.co/ci-agent-images/trivy:latest" + command: |- + mkdir -p .artifacts + buildkite-agent artifact download '.artifacts/*.tar.gz*' .artifacts/ --step build_oss_dockerfile_image_arm64 + trivy --version + env | grep TRIVY + find .artifacts -type f -name '*.tar.gz*' -exec trivy image --quiet --input {} \; + - label: ":truck: Publish DRA Items" <<: *test-agents key: "publish-dra-artifacts" @@ -654,4 +752,6 @@ steps: depends_on: - test_docker_image_amd64 - test_docker_image_arm64 + - test_oss_dockerfile_image_amd64 + - test_oss_dockerfile_image_arm64 command: ".buildkite/publish/dra/init_dra_publishing.sh" diff --git a/Dockerfile b/Dockerfile index b013d375a..dd35743dc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,18 @@ -FROM python:3.11-slim-bookworm -RUN apt -y update && apt -y upgrade && apt -y install make git -COPY . /app +FROM cgr.dev/chainguard/wolfi-base +ARG python_version=3.11 + +USER root +RUN apk add --no-cache python3=~${python_version} make git + +COPY --chown=nonroot:nonroot . /app + +USER nonroot WORKDIR /app RUN make clean install RUN ln -s .venv/bin /app/bin + +USER root +RUN apk del make git + +USER nonroot ENTRYPOINT [] diff --git a/Dockerfile.ftest b/Dockerfile.ftest index 44b833b9a..3e2938577 100644 --- a/Dockerfile.ftest +++ b/Dockerfile.ftest @@ -1,7 +1,16 @@ -FROM python:3.11-slim-bookworm -# RUN apt update && apt install make -RUN apt -y update && apt -y upgrade && apt -y install make git -COPY . /app +FROM cgr.dev/chainguard/wolfi-base +ARG python_version=3.11 + +USER root +RUN apk add --no-cache python3=~${python_version} make git + +COPY --chown=nonroot:nonroot . /app + +USER nonroot WORKDIR /app RUN make clean install RUN .venv/bin/pip install -r requirements/ftest.txt + +USER root +RUN apk del make git +USER nonroot