search

Loongson-Cloud-Community / dockerfiles

14 stars 14 forks source link

修复缺少proxy env导致构建镜像没更新到仓库上 #166

Closed zhangguanzhang closed 7 months ago

zhangguanzhang commented 7 months ago

修复部分镜像没构建成功推送 还有python的,避免一次pr导致action超长构建,python的后续pr提交触发action

qiangxuhui commented 7 months ago
code level alerts
0 CIS-DI-0001 WARN Last user should not be root
1 CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
2 CIS-DI-0006 INFO not found HEALTHCHECK statement
3 CIS-DI-0008 INFO setuid file: urwxr-xr-x usr/bin/mount
qiangxuhui commented 7 months ago
code level alerts
0 CIS-DI-0010 FATAL Suspicious ENV key found : NGINX_GPGKEY on 0 /bin/sh -c set -x && groupadd --system --gid 101 nginx && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates && NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; export GNUPGHOME="$(mktemp -d)"; found=''; for server in hkp://keyserver.ubuntu.com:80 pgp.mit.edu ; do echo "Fetching GPG key $NGINX_GPGKEY from $server"; gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; done; test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; rm -rf "$GNUPGHOME"; apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* && dpkgArch="$(dpkg --print-architecture)" && nginxPackages=" nginx=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} " && case "$dpkgArch" in amd64 arm64) echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ buster nginx" > /etc/apt/sources.list.d/nginx.list && apt-get update ;; loongarch64) echo "deb [signed-by=/usr/share/keyrings/jumpserver-nginx-keyring.gpg] https://dl.cloudsmith.io/public/jumpserver/nginx/deb/debian buster main" > /etc/apt/sources.list.d/nginx.list && apt-get update ;; *) echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list && tempDir="$(mktemp -d)" && chmod 777 "$tempDir" && savedAptMark="$(apt-mark showmanual)" && apt-get update && apt-get build-dep -y $nginxPackages && ( cd "$tempDir" && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" apt-get source --compile $nginxPackages ) && apt-mark showmanual xargs apt-mark auto > /dev/null && { [ -z "$savedAptMark" ] apt-mark manual $savedAptMark; } && ls -lAFh "$tempDir" && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) && grep '^Package: ' "$tempDir/Packages" && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list && apt-get -o Acquire::GzipIndexes=false update ;; esac && apt-get install --no-install-recommends --no-install-suggests -y $nginxPackages gettext-base curl && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list && if [ -n "$tempDir" ]; then apt-get purge -y --auto-remove && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; fi && ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log && mkdir /docker-entrypoint.d (You can suppress it with --accept-key)
1 CIS-DI-0001 WARN Last user should not be root
2 CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
3 CIS-DI-0006 INFO not found HEALTHCHECK statement
4 CIS-DI-0008 INFO setuid file: urwxr-xr-x usr/bin/su
qiangxuhui commented 7 months ago
code level alerts
0 CIS-DI-0001 WARN Last user should not be root
1 CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
2 CIS-DI-0006 INFO not found HEALTHCHECK statement
3 CIS-DI-0008 INFO setuid file: urwxr-xr-x usr/bin/mount
qiangxuhui commented 7 months ago
code level alerts
0 CIS-DI-0001 WARN Last user should not be root
1 CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
2 CIS-DI-0006 INFO not found HEALTHCHECK statement
3 CIS-DI-0008 INFO setuid file: urwxr-xr-x usr/bin/chfn
qiangxuhui commented 7 months ago
code level alerts
0 CIS-DI-0001 WARN Last user should not be root
1 CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
2 CIS-DI-0006 INFO not found HEALTHCHECK statement
3 CIS-DI-0008 INFO setgid file: grwxr-xr-x usr/sbin/unix_chkpwd
qiangxuhui commented 7 months ago
code level alerts
0 CIS-DI-0001 WARN Last user should not be root
1 CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
2 CIS-DI-0006 INFO not found HEALTHCHECK statement
3 CIS-DI-0008 INFO setuid file: urwxr-xr-x usr/bin/mount
qiangxuhui commented 7 months ago
code level alerts
0 DKL-DI-0004 FATAL Use --no-cache option if use 'apk add': 0 /bin/sh -c set -eux; apk add --no-cache --virtual .build-deps coreutils dpkg-dev dpkg gcc linux-headers make musl-dev openssl-dev wget ; wget -O redis.tar.gz "$REDIS_DOWNLOAD_URL"; mkdir -p /usr/src/redis; tar -xzf redis.tar.gz -C /usr/src/redis --strip-components=1; rm redis.tar.gz; grep -E '^ createBoolConfig[(]"protected-mode",., 1 ,.[)],$' /usr/src/redis/src/config.c; sed -ri 's!^( createBoolConfig[(]"protected-mode",., )1( ,.[)],)$!\10\2!' /usr/src/redis/src/config.c; grep -E '^ createBoolConfig[(]"protected-mode",., 0 ,.[)],$' /usr/src/redis/src/config.c; gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; extraJemallocConfigureFlags="--build=$gnuArch"; dpkgArch="$(dpkg --print-architecture)"; case "${dpkgArch##-}" in amd64 i386 x32) extraJemallocConfigureFlags="$extraJemallocConfigureFlags --with-lg-page=12" ;; *) extraJemallocConfigureFlags="$extraJemallocConfigureFlags --with-lg-page=16" ;; esac; extraJemallocConfigureFlags="$extraJemallocConfigureFlags --with-lg-hugepage=21"; grep -F 'cd jemalloc && ./configure ' /usr/src/redis/deps/Makefile; sed -ri 's!cd jemalloc && ./configure !&'"$extraJemallocConfigureFlags"' !' /usr/src/redis/deps/Makefile; grep -F "cd jemalloc && ./configure $extraJemallocConfigureFlags " /usr/src/redis/deps/Makefile; export BUILD_TLS=yes; make -C /usr/src/redis -j "$(nproc)" all; make -C /usr/src/redis install; serverMd5="$(md5sum /usr/local/bin/redis-server cut -d' ' -f1)"; export serverMd5; find /usr/local/bin/redis* -maxdepth 0 -type f -not -name redis-server -exec sh -eux -c ' md5="$(md5sum "$1" cut -d" " -f1)"; test "$md5" = "$serverMd5"; ' -- '{}' ';' -exec ln -svfT 'redis-server' '{}' ';' ; rm -r /usr/src/redis; runDeps="$( scanelf --needed --nobanner --format '%n#p' --recursive /usr/local tr ',' '\n' sort -u awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' )"; apk add --no-network --virtual .redis-rundeps $runDeps; apk del --no-network .build-deps; redis-cli --version; redis-server --version
1 CIS-DI-0001 WARN Last user should not be root
2 CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
3 CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 7 months ago
code level alerts
0 CIS-DI-0001 WARN Last user should not be root
1 CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
2 CIS-DI-0006 INFO not found HEALTHCHECK statement
3 CIS-DI-0008 INFO setuid file: urwxr-xr-x usr/bin/umount
qiangxuhui commented 7 months ago
code level alerts
0 CIS-DI-0001 WARN Last user should not be root
1 CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
2 CIS-DI-0006 INFO not found HEALTHCHECK statement
3 CIS-DI-0008 INFO setuid file: urwxr-xr-x usr/bin/chfn