github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-24 23:27:25 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update ironbank build with latest docker context (#67504)

Browse source 
The file `download.json` is replaced by `hardening_manifest.yaml`, which
includes various pieces of information about the Iron Bank build.
This commit is contained in:
Rory Hunter 2021-01-18 16:14:45 +00:00 committed by GitHub
parent 84b2536dc1
commit ea395d3e17
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 60 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

2
distribution/docker/build.gradle
View file

@ -57,7 +57,7 @@ ext.expansions = { Architecture architecture, boolean oss, DockerBase base, bool
buildArgs = """ buildArgs = """
ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082
ARG BASE_IMAGE=redhat/ubi/ubi8 ARG BASE_IMAGE=redhat/ubi/ubi8
ARG BASE_TAG=8.2 ARG BASE_TAG=8.3
""" """
} }

4
distribution/docker/src/docker/Dockerfile
View file

@ -337,6 +337,7 @@ RUN chmod g=u /etc/passwd && \\
EXPOSE 9200 9300 EXPOSE 9200 9300
<% if (docker_base != 'iron_bank') { %>
LABEL org.label-schema.build-date="${build_date}" \\ LABEL org.label-schema.build-date="${build_date}" \\
org.label-schema.license="${license}" \\ org.label-schema.license="${license}" \\
org.label-schema.name="Elasticsearch" \\ org.label-schema.name="Elasticsearch" \\
@ -356,8 +357,9 @@ LABEL org.label-schema.build-date="${build_date}" \\
org.opencontainers.image.url="https://www.elastic.co/products/elasticsearch" \\ org.opencontainers.image.url="https://www.elastic.co/products/elasticsearch" \\
org.opencontainers.image.vendor="Elastic" \\ org.opencontainers.image.vendor="Elastic" \\
org.opencontainers.image.version="${version}" org.opencontainers.image.version="${version}"
<% } %>
<% if (docker_base == 'ubi' || docker_base == 'iron_bank') { %> <% if (docker_base == 'ubi') { %>
LABEL name="Elasticsearch" \\ LABEL name="Elasticsearch" \\
maintainer="infra@elastic.co" \\ maintainer="infra@elastic.co" \\
vendor="Elastic" \\ vendor="Elastic" \\

2
distribution/docker/src/docker/iron_bank/Jenkinsfile vendored
View file

@ -1,2 +0,0 @@
@Library('DCCSCR@master') _
dccscrPipeline(version: '${version}')

16
distribution/docker/src/docker/iron_bank/download.json
View file

@ -1,16 +0,0 @@
{
"resources": [
{
"url": "<artifact_path>/elasticsearch-${version}-linux-x86_64.tar.gz",
"filename": "elasticsearch-${version}-linux-x86_64.tar.gz"
},
{
"url": "https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64",
"filename": "tini",
"validation": {
"type": "sha256",
"value": "93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c"
}
}
]
}

53
distribution/docker/src/docker/iron_bank/hardening_manifest.yaml Normal file
View file

@ -0,0 +1,53 @@
---
apiVersion: 1
# The repository name in registry1, excluding /ironbank/
name: "elastic/elasticsearch/elasticsearch"
# List of tags to push for the repository in registry1
# The most specific version should be the first tag and will be shown
# on ironbank.dsop.io
tags:
- "${version}"
- "latest"
# Build args passed to Dockerfile ARGs
args:
BASE_IMAGE: "redhat/ubi/ubi8"
BASE_TAG: "8.3"
# Docker image labels
labels:
org.opencontainers.image.title: "elasticsearch"
# Human-readable description of the software packaged in the image
org.opencontainers.image.description: "You know, for search."
# License(s) under which contained software is distributed
org.opencontainers.image.licenses: "${license}"
# URL to find more information on the image
org.opencontainers.image.url: "https://github.com/elastic/elasticsearch"
# Name of the distributing entity, organization or individual
org.opencontainers.image.vendor: "Elastic"
org.opencontainers.image.version: "${version}"
# Keywords to help with search (ex. "cicd,gitops,golang")
mil.dso.ironbank.image.keywords: "search,elastic,elasticsearch,java"
# This value can be "opensource" or "commercial"
mil.dso.ironbank.image.type: "commercial"
# Product the image belongs to for grouping multiple images
mil.dso.ironbank.product.name: "elasticsearch"
# List of resources to make available to the offline build context
resources:
- filename: "elasticsearch-${version}-linux-x86_64.tar.gz"
url: "<artifact_path>/elasticsearch-${version}-linux-x86_64.tar.gz"
- filename: "tini"
url: "https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64"
validation:
type: "sha256"
value: "93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c"
# List of project maintainers
maintainers:
- name: "Nassim Kammah"
email: "nassim.kammah@elastic.co"
- name: "Rory Hunter"
email: "rory.hunter@elastic.co"

4
qa/os/src/test/java/org/elasticsearch/packaging/test/DockerTests.java
View file

@ -104,7 +104,9 @@ public class DockerTests extends PackagingTestCase {
/** /**
* Checks that the Docker image can be run, and that it passes various checks. * Checks that the Docker image can be run, and that it passes various checks.
*/ */
public void test010Install() { public void test010Install() throws Exception {
// Wait for the container to come up, because we assert the state of some files that Elasticsearch creates on startup.
waitForElasticsearch(installation);
verifyContainerInstallation(installation, distribution()); verifyContainerInstallation(installation, distribution());
} }