search

Loongson-Cloud-Community / dockerfiles

14 stars 14 forks source link

Fix codebase size #216

Closed qiangxuhui closed 3 months ago

qiangxuhui commented 3 months ago
code level alerts
DKL-LI-0001 SKIP failed to detect etc/shadow,etc/master.passwd
DKL-LI-0002 SKIP failed to detect etc/passwd
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
CIS-DI-0008 INFO setgid file: grwx--x--x usr/libexec/utempter/utempter
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0009 FATAL Use COPY : /bin/sh -c #(nop) ADD file:0f146d56c7ad7261f3877b353f48d20145bab85d0db441ea3d0c3b2092429122 in /usr/local/bin/
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
wojiushixiaobai commented 3 months ago

@qiangxuhui 这样貌似不行老哥,要用 rebase 清理掉之前提交的文件,不然还在历史文件里面。 git 如果不用 --depth 参数的话还是会拉取这些文件的。

可以参考微软的文档

另外我看代码是直接修改了 https_proxy 变量,然后在后面拼接,emmmmmmm...........

可以优化一下,分个层啥的。

# jaegertracing/jaeger-operator/1.22/Dockerfile
FROM cr.loongnix.cn/loongson/loongnix-server:8.4.0 AS builder

ARG DEPENDENCIES="\
            wget"

RUN set -ex \
    && yum install -y ${DEPENDENCIES}

ENV OPERATOR=/usr/local/bin/jaeger-operator

RUN set -ex \
    && wget -O ${OPERATOR} https://github.com/Loongson-Cloud-Community/jaeger-operator/releases/download/release%2Fv1.22.0/jaeger-operator \
    && chmod +x ${OPERATOR}

FROM cr.loongnix.cn/loongson/loongnix-server:8.4.0

ENV OPERATOR=/usr/local/bin/jaeger-operator \
    USER_UID=1001 \
    USER_NAME=jaeger-operator

RUN INSTALL_PKGS=" \
      openssl \
      " && \
    yum install -y $INSTALL_PKGS && \
    rpm -V $INSTALL_PKGS && \
    yum clean all && \
    mkdir /tmp/_working_dir && \
    chmod og+w /tmp/_working_dir

COPY scripts/* /scripts/

# install operator binary
COPY --from=builder ${OPERATOR} ${OPERATOR}

ENTRYPOINT ["/usr/local/bin/jaeger-operator"]

USER ${USER_UID}:${USER_UID}
qiangxuhui commented 3 months ago

@wojiushixiaobai 我要先将代码仓哭中比较大的二进制删掉,然后通过工具会去移除hash-object(也就是.git/objects目录)中对于这些大文件的引用(包括之前删除的大文件和这个PR中删除的大文件),也就是合并提交。

wojiushixiaobai commented 3 months ago

好的,管理员是可以直接覆盖的,普通的用户没法操作这个。

qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0009 FATAL Use COPY : /bin/sh -c #(nop) ADD file:9f5b84366123b94aeabd16f23962ffee4ce94b3d9a7b89c048415ea6d1fce5c1 in /usr/local/bin/
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
DKL-LI-0001 SKIP failed to detect etc/shadow,etc/master.passwd
DKL-LI-0002 SKIP failed to detect etc/passwd
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
CIS-DI-0008 INFO setuid file: urwxr-xr-x usr/sbin/pam_timestamp_check
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
CIS-DI-0008 INFO setgid file: grwxr-xr-x usr/bin/write
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
DKL-LI-0001 SKIP failed to detect etc/shadow,etc/master.passwd
DKL-LI-0002 SKIP failed to detect etc/passwd
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
CIS-DI-0008 INFO setuid file: urwxr-xr-x usr/bin/gpasswd
qiangxuhui commented 3 months ago
code level alerts
DKL-LI-0001 SKIP failed to detect etc/shadow,etc/master.passwd
DKL-LI-0002 SKIP failed to detect etc/passwd
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
DKL-LI-0001 SKIP failed to detect etc/shadow,etc/master.passwd
DKL-LI-0002 SKIP failed to detect etc/passwd
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
CIS-DI-0008 INFO setuid file: urwxr-xr-x usr/bin/umount
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
CIS-DI-0008 INFO setuid file: urwxr-x--- usr/libexec/dbus-1/dbus-daemon-launch-helper
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
DKL-LI-0001 SKIP failed to detect etc/shadow,etc/master.passwd
DKL-LI-0002 SKIP failed to detect etc/passwd
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
CIS-DI-0008 INFO setuid file: urwxr-xr-x usr/sbin/pam_timestamp_check
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
DKL-LI-0001 SKIP failed to detect etc/shadow,etc/master.passwd
DKL-LI-0002 SKIP failed to detect etc/passwd
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement
qiangxuhui commented 3 months ago
code level alerts
CIS-DI-0001 WARN Last user should not be root
CIS-DI-0005 INFO export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006 INFO not found HEALTHCHECK statement