From 1eba9e9f555cd04eaaae726d9fb6f018496907a7 Mon Sep 17 00:00:00 2001 From: "Dylan M. Taylor" Date: Thu, 25 Apr 2024 21:29:43 -0400 Subject: [PATCH 1/3] feat: Add standard:8.0 image based on Ubuntu 24.04 --- README.md | 17 +- buildspec.yml | 4 +- ubuntu/standard/8.0/Dockerfile | 500 ++++++++++++++++++ ubuntu/standard/8.0/amazon-ssm-agent.json | 45 ++ ubuntu/standard/8.0/dockerd-entrypoint.sh | 23 + .../standard/8.0/legal/bill_of_material.txt | 274 ++++++++++ ubuntu/standard/8.0/runtimes.yml | 192 +++++++ ubuntu/standard/8.0/ssh_config | 3 + .../8.0/tools/runtime_configs/php/8.2.12 | 20 + .../8.0/tools/runtime_configs/python/3.11.6 | 18 + .../8.0/tools/runtime_configs/python/3.12.0 | 17 + 11 files changed, 1103 insertions(+), 10 deletions(-) create mode 100644 ubuntu/standard/8.0/Dockerfile create mode 100644 ubuntu/standard/8.0/amazon-ssm-agent.json create mode 100644 ubuntu/standard/8.0/dockerd-entrypoint.sh create mode 100644 ubuntu/standard/8.0/legal/bill_of_material.txt create mode 100644 ubuntu/standard/8.0/runtimes.yml create mode 100644 ubuntu/standard/8.0/ssh_config create mode 100644 ubuntu/standard/8.0/tools/runtime_configs/php/8.2.12 create mode 100644 ubuntu/standard/8.0/tools/runtime_configs/python/3.11.6 create mode 100644 ubuntu/standard/8.0/tools/runtime_configs/python/3.12.0 diff --git a/README.md b/README.md index 4c64d481..61aa540d 100644 --- a/README.md +++ b/README.md @@ -8,24 +8,24 @@ The master branch will sometimes have changes that are still in the process of b ### How to build Docker images -Steps to build Standard 7.0 image +Steps to build Standard 8.0 image * Run `git clone https://github.com/aws/aws-codebuild-docker-images.git` to download this repository to your local machine -* Run `cd aws-codebuild-docker-images/ubuntu/standard/7.0` to change the directory in your local workspace. This is the location of the Standard 7.0 Dockerfile with Ubuntu base. -* Run `docker build -t aws/codebuild/standard:7.0 .` to build Docker image locally +* Run `cd aws-codebuild-docker-images/ubuntu/standard/8.0` to change the directory in your local workspace. This is the location of the Standard 8.0 Dockerfile with Ubuntu base. +* Run `docker build -t aws/codebuild/standard:8.0 .` to build Docker image locally To poke around in the image interactively, build it and run: -`docker run -it --entrypoint sh aws/codebuild/standard:7.0 -c bash` +`docker run -it --entrypoint sh aws/codebuild/standard:8.0 -c bash` To let the Docker daemon start up in the container, build it and run: -`docker run -it --privileged aws/codebuild/standard:7.0 bash` +`docker run -it --privileged aws/codebuild/standard:8.0 bash` ``` $ git clone https://github.com/aws/aws-codebuild-docker-images.git $ cd aws-codebuild-docker-images -$ cd ubuntu/standard/7.0 -$ docker build -t aws/codebuild/standard:7.0 . -$ docker run -it --entrypoint sh aws/codebuild/standard:7.0 -c bash +$ cd ubuntu/standard/8.0 +$ docker build -t aws/codebuild/standard:8.0 . +$ docker run -it --entrypoint sh aws/codebuild/standard:8.0 -c bash ``` ### Image maintenance @@ -37,6 +37,7 @@ The following images are actively maintained by AWS CodeBuild, and are listed in + [standard 5.0](ubuntu/standard/5.0) + [standard 6.0](ubuntu/standard/6.0) + [standard 7.0](ubuntu/standard/7.0) ++ [standard 8.0](ubuntu/standard/8.0) + [amazonlinux2-x86_64-standard:4.0](al2/x86_64/standard/4.0) + [amazonlinux2-x86_64-standard:5.0](al2/x86_64/standard/5.0) + [amazonlinux2-x86_64-standard:corretto8](al2/x86_64/standard/corretto8) diff --git a/buildspec.yml b/buildspec.yml index e622cc23..9cfd2c15 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -3,7 +3,7 @@ version: 0.2 phases: build: commands: - - cd $CODEBUILD_SRC_DIR/ubuntu/standard/7.0 - - docker build -t aws/codebuild/standard:7.0 . + - cd $CODEBUILD_SRC_DIR/ubuntu/standard/8.0 + - docker build -t aws/codebuild/standard:8.0 . - cd $CODEBUILD_SRC_DIR/al2/x86_64/standard/5.0 - docker build -t aws/codebuild/amazonlinux2-x86_64-standard:5.0 . diff --git a/ubuntu/standard/8.0/Dockerfile b/ubuntu/standard/8.0/Dockerfile new file mode 100644 index 00000000..02d00d02 --- /dev/null +++ b/ubuntu/standard/8.0/Dockerfile @@ -0,0 +1,500 @@ +# Copyright 2020-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://aws.amazon.com/asl/ +# +# or in the "license" file accompanying this file. +# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. +# See the License for the specific language governing permissions and limitations under the License. +FROM public.ecr.aws/ubuntu/ubuntu:24.04 AS core + +ARG DEBIAN_FRONTEND="noninteractive" + +# Install git, SSH, and other utilities +RUN set -ex \ + && echo 'Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/99use-gzip-compression \ + && apt-get update \ + && apt install -y -qq apt-transport-https gnupg ca-certificates \ + && apt-get install software-properties-common -y -qq --no-install-recommends \ + && apt-get install -y -qq --no-install-recommends openssh-client \ + && mkdir ~/.ssh \ + && mkdir -p /codebuild/image/config \ + && touch ~/.ssh/known_hosts \ + && ssh-keyscan -t rsa,dsa,ed25519,ecdsa -H github.com >> ~/.ssh/known_hosts \ + && ssh-keyscan -t rsa,dsa,ed25519,ecdsa -H bitbucket.org >> ~/.ssh/known_hosts \ + && chmod 600 ~/.ssh/known_hosts \ + && apt-get install -y -qq --no-install-recommends \ + apt-utils asciidoc autoconf automake build-essential bzip2 \ + bzr curl dirmngr docbook-xml docbook-xsl dpkg-dev \ + e2fsprogs expect fakeroot file g++ gcc gettext gettext-base \ + groff gzip iptables jq less libapr1 libaprutil1 \ + libargon2-0-dev libbz2-dev libc6-dev libcurl4-openssl-dev \ + libdb-dev libdbd-sqlite3-perl libdbi-perl libdpkg-perl \ + libedit-dev liberror-perl libevent-dev libffi-dev libgeoip-dev \ + libglib2.0-dev libhttp-date-perl libio-pty-perl libjpeg-dev \ + libkrb5-dev liblzma-dev libmagickcore-dev libmagickwand-dev \ + libmysqlclient-dev libncurses5-dev libncursesw5-dev libonig-dev \ + libpq-dev libreadline-dev libserf-1-1 libsodium-dev libsqlite3-dev libssl-dev \ + libsvn1 libsvn-perl libtcl8.6 libtidy-dev libtimedate-perl \ + libtool libwebp-dev libxml2-dev libxml2-utils libxslt1-dev \ + libyaml-dev libyaml-perl llvm locales make mlocate \ + netbase openssl patch pkg-config procps python3-configobj \ + python3-openssl rsync sgml-base sgml-data \ + tar tcl tcl8.6 tk tk-dev unzip wget xfsprogs xml-core xmlto xsltproc \ + libzip-dev vim xvfb xz-utils zip zlib1g-dev git-lfs \ + && rm -rf /var/lib/apt/lists/* + +ENV LC_CTYPE="C.UTF-8" + +RUN useradd codebuild-user + +#=======================End of layer: core ================= + +FROM core AS tools + +# Install Git +RUN set -ex \ + && GIT_VERSION=2.42.1 \ + && GIT_TAR_FILE=git-$GIT_VERSION.tar.gz \ + && GIT_SRC=https://github.com/git/git/archive/v${GIT_VERSION}.tar.gz \ + && curl -L -o $GIT_TAR_FILE $GIT_SRC \ + && tar zxf $GIT_TAR_FILE \ + && cd git-$GIT_VERSION \ + && make -j4 \ + && make install prefix=/usr \ + && cd .. && rm -rf git-$GIT_VERSION \ + && rm -rf $GIT_TAR_FILE /tmp/* + +# Install AWS SAM CLI +RUN wget -nv https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip -O /tmp/samcli.zip \ + && unzip -q /tmp/samcli.zip -d /opt \ + && /opt/install --update -i /usr/local/sam-cli -b /usr/local/bin \ + && rm /tmp/samcli.zip /opt/install \ + && rm -rf /opt/aws-sam-cli-src \ + && sam --version + +# Install stunnel +RUN set -ex \ + && STUNNEL_VERSION=5.71 \ + && STUNNEL_TAR=stunnel-$STUNNEL_VERSION.tar.gz \ + && STUNNEL_SHA256="f023aae837c2d32deb920831a5ee1081e11c78a5d57340f8e6f0829f031017f5" \ + && curl -o $STUNNEL_TAR https://www.stunnel.org/archive/5.x/$STUNNEL_TAR && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum --check && tar xfz $STUNNEL_TAR \ + && cd stunnel-$STUNNEL_VERSION \ + && ./configure \ + && make -j4 \ + && make install \ + && openssl genrsa -out key.pem 2048 \ + && openssl req -new -x509 -key key.pem -out cert.pem -days 1095 -subj "/C=US/ST=Washington/L=Seattle/O=Amazon/OU=Codebuild/CN=codebuild.amazon.com" \ + && cat key.pem cert.pem >> /usr/local/etc/stunnel/stunnel.pem \ + && cd .. && rm -rf stunnel-${STUNNEL_VERSION}* + +# AWS Tools +# https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html +RUN curl -sS -o /usr/local/bin/aws-iam-authenticator https://s3.us-west-2.amazonaws.com/amazon-eks/1.25.6/2023-01-30/bin/linux/amd64/aws-iam-authenticator \ + && curl -sS -o /usr/local/bin/kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.25.6/2023-01-30/bin/linux/amd64/kubectl \ + && curl -sS -o /usr/local/bin/ecs-cli https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-linux-amd64-latest \ + && curl -sS -L https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_Linux_amd64.tar.gz | tar xz -C /usr/local/bin \ + && chmod +x /usr/local/bin/kubectl /usr/local/bin/aws-iam-authenticator /usr/local/bin/ecs-cli /usr/local/bin/eksctl + +# Configure SSM +RUN set -ex \ + && mkdir /tmp/ssm \ + && cd /tmp/ssm \ + && wget -q https://s3.amazonaws.com/amazon-ssm-us-east-1/latest/debian_amd64/amazon-ssm-agent.deb \ + && dpkg -i amazon-ssm-agent.deb + +# Install AWS CLI v2 +# https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html +RUN curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o /tmp/awscliv2.zip \ + && unzip -q /tmp/awscliv2.zip -d /opt \ + && /opt/aws/install --update -i /usr/local/aws-cli -b /usr/local/bin \ + && rm /tmp/awscliv2.zip \ + && rm -rf /opt/aws \ + && aws --version + +#**************** Pack CLI ************************************************* +RUN (curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.32.1/pack-v0.32.1-linux.tgz" \ + | tar -C /usr/local/bin/ --no-same-owner -xzv pack) + +#**************** END Pack CLI ********************************************* + +#**************** DOCKER ********************************************* +ARG DOCKER_BUCKET="download.docker.com" +ARG DOCKER_CHANNEL="stable" +ARG DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" +ARG DOCKER_COMPOSE_VERSION="2.23.1" +ARG DOCKER_BUILDX_VERSION="0.11.0" +ARG SRC_DIR="/usr/src" + +ARG DOCKER_SHA256="544262F4A3621222AFB79960BFAD4D486935DAB80893478B5CC9CF8EBAF409AE" +ARG DOCKER_VERSION="23.0.6" + +# Install Docker +RUN set -ex \ + && curl -fSL "https://${DOCKER_BUCKET}/linux/static/${DOCKER_CHANNEL}/x86_64/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \ + && echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \ + && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ + && rm docker.tgz \ + && docker -v \ + # replace runc package to resolve CVE-2024-21626 + && apt-get update && apt-get -y install runc \ + && rm -f /usr/local/bin/runc \ + && ln -s /usr/sbin/runc /usr/local/bin/runc \ + && runc -v \ + # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box + && addgroup dockremap \ + && useradd -g dockremap dockremap \ + && echo 'dockremap:165536:65536' >> /etc/subuid \ + && echo 'dockremap:165536:65536' >> /etc/subgid \ + && wget -q "https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind" -O /usr/local/bin/dind \ + # Install docker compose as docker plugin and maintain docker-compose usage + && mkdir -p /usr/local/lib/docker/cli-plugins \ + && curl -L https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose \ + && chmod +x /usr/local/bin/dind /usr/local/lib/docker/cli-plugins/docker-compose \ + && ln -s /usr/local/lib/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose \ + # Ensure docker-compose and docker compose work + && docker-compose version \ + && docker compose version \ + # Add docker buildx tool + && curl -L https://github.com/docker/buildx/releases/download/v${DOCKER_BUILDX_VERSION}/buildx-v${DOCKER_BUILDX_VERSION}.linux-amd64 -o /usr/local/lib/docker/cli-plugins/docker-buildx \ + && chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx \ + && ln -s /usr/local/lib/docker/cli-plugins/docker-buildx /usr/local/bin/docker-buildx \ + # Ensure docker-buildx works + && docker-buildx version \ + && docker buildx version + +VOLUME /var/lib/docker +#*********************** END DOCKER **************************** + +#=======================End of stage: tools ================= +FROM tools AS runtimes + +#**************** .NET-CORE ******************************************************* + +# Dotnet +ENV PATH "/root/.dotnet/:/root/.dotnet/tools/:$PATH" +RUN set -ex \ +&& wget -qO /usr/local/bin/dotnet-install.sh https://dot.net/v1/dotnet-install.sh \ +&& chmod +x /usr/local/bin/dotnet-install.sh + +ENV DOTNET_6_SDK_VERSION="6.0.420" +ENV DOTNET_8_SDK_VERSION="8.0.203" +ENV DOTNET_6_GLOBAL_JSON_SDK_VERSION="6.0.0" +ENV DOTNET_8_GLOBAL_JSON_SDK_VERSION="8.0.0" +ENV DOTNET_ROOT="/root/.dotnet" + +# Add .NET Core 8 Global Tools install folder to PATH +RUN /usr/local/bin/dotnet-install.sh -v $DOTNET_8_SDK_VERSION \ + && dotnet --list-sdks \ + && rm -rf /tmp/* + +# Add .NET Core 6 Global Tools install folder to PATH +RUN /usr/local/bin/dotnet-install.sh -v $DOTNET_6_SDK_VERSION \ + && dotnet --list-sdks \ + && rm -rf /tmp/* \ + && cd /codebuild && dotnet new globaljson --force --sdk-version $DOTNET_6_GLOBAL_JSON_SDK_VERSION --roll-forward feature + +# Trigger the population of the local package cache +ENV NUGET_XMLDOC_MODE skip +RUN set -ex \ + && mkdir warmup \ + && cd warmup \ + && dotnet new \ + && cd .. \ + && rm -rf warmup \ + && rm -rf /tmp/NuGetScratch + +# Install Powershell Core +# See instructions at https://docs.microsoft.com/en-us/powershell/scripting/setup/installing-powershell-core-on-linux +ARG POWERSHELL_VERSION=7.3.11 +ARG POWERSHELL_DOWNLOAD_URL=https://github.com/PowerShell/PowerShell/releases/download/v$POWERSHELL_VERSION/powershell-$POWERSHELL_VERSION-linux-x64.tar.gz +ARG POWERSHELL_DOWNLOAD_SHA=674CABD4AC9EAD59C1BBBDCE3FBE07134215128AF1C429A41FE74DDE96928BD4 + +RUN set -ex \ + && curl -SL $POWERSHELL_DOWNLOAD_URL --output powershell.tar.gz \ + && echo "$POWERSHELL_DOWNLOAD_SHA powershell.tar.gz" | sha256sum -c - \ + && mkdir -p /opt/microsoft/powershell/$POWERSHELL_VERSION \ + && tar zxf powershell.tar.gz -C /opt/microsoft/powershell/$POWERSHELL_VERSION \ + && rm powershell.tar.gz \ + && ln -s /opt/microsoft/powershell/$POWERSHELL_VERSION/pwsh /usr/bin/pwsh +#**************** END .NET-CORE ******************************************************* + + +#**************** NODEJS **************************************************** + +#nodejs +ARG SRC_DIR="/usr/src" +ARG N_SRC_DIR="$SRC_DIR/n" +RUN git clone https://github.com/tj/n $N_SRC_DIR \ + && cd $N_SRC_DIR && make install + +ENV NODE_18_VERSION="18.19.1" +ENV NODE_20_VERSION="20.11.1" + +RUN n $NODE_18_VERSION && npm install --save-dev -g -f grunt \ + && npm install --save-dev -g -f grunt-cli \ + && npm install --save-dev -g -f webpack \ + && npm install --save-dev -g -f yarn \ + && n $NODE_20_VERSION && npm install --save-dev -g -f grunt \ + && npm install --save-dev -g -f grunt-cli \ + && npm install --save-dev -g -f webpack \ + && npm install --save-dev -g -f yarn \ + && cd / && rm -rf $N_SRC_DIR && rm -rf /tmp/* + +#**************** END NODEJS **************************************************** + +#**************** RUBY ********************************************************* + +#rubyenv +ENV RBENV_SRC_DIR="/usr/local/rbenv" + +ENV PATH="/root/.rbenv/shims:$RBENV_SRC_DIR/bin:$RBENV_SRC_DIR/shims:$PATH" \ + RUBY_BUILD_SRC_DIR="$RBENV_SRC_DIR/plugins/ruby-build" + +RUN set -ex \ + && git clone https://github.com/rbenv/rbenv.git $RBENV_SRC_DIR \ + && mkdir -p $RBENV_SRC_DIR/plugins \ + && git clone https://github.com/rbenv/ruby-build.git $RUBY_BUILD_SRC_DIR \ + && sh $RUBY_BUILD_SRC_DIR/install.sh + +ENV RUBY_33_VERSION="3.3.0" +ENV RUBY_32_VERSION="3.2.3" +ENV RUBY_31_VERSION="3.1.4" + +RUN rbenv install $RUBY_33_VERSION \ + && rbenv install $RUBY_32_VERSION \ + && rbenv install $RUBY_31_VERSION \ + && rbenv global $RUBY_32_VERSION && ruby -v \ + && rm -rf /tmp/* + +#**************** END RUBY ***************************************************** + +#**************** PYTHON ***************************************************** + +#Install pyenv +RUN curl -s -S -L https://raw.githubusercontent.com/pyenv/pyenv-installer/master/bin/pyenv-installer | bash +ENV PATH="/root/.pyenv/shims:/root/.pyenv/bin:$PATH" + +ENV PYTHON_311_VERSION="3.11.8" \ + PYTHON_312_VERSION="3.12.2" \ + PYTHON_310_VERSION="3.10.13" \ + PYTHON_39_VERSION="3.9.18" \ + PYTHON_PIP_VERSION="24.0" \ + PYYAML_VERSION="5.4.1" \ + PYTHON_CONFIGURE_OPTS="--enable-shared --enable-loadable-sqlite-extensions" + +#Python312 +RUN set -ex \ + && pyenv install $PYTHON_312_VERSION \ + && pyenv global $PYTHON_312_VERSION \ + && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ + && pip3 install wheel \ + && pip3 install --no-cache-dir --upgrade 'setuptools==67.7.2' boto3 pipenv virtualenv \ + && pip3 install --no-build-isolation "Cython<3" "PyYAML==$PYYAML_VERSION" \ + && pip3 uninstall cython --yes + +# Python311 +RUN set -ex \ + && pyenv install $PYTHON_311_VERSION \ + && pyenv global $PYTHON_311_VERSION \ + && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ + && pip3 install wheel \ + && pip3 install --no-cache-dir --upgrade 'setuptools==67.7.2' boto3 pipenv virtualenv \ + && pip3 install --no-build-isolation "Cython<3" "PyYAML==$PYYAML_VERSION" \ + && pip3 uninstall cython --yes + +# Python310 +RUN set -ex \ + && pyenv install $PYTHON_310_VERSION \ + && pyenv global $PYTHON_310_VERSION \ + && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ + && pip3 install wheel \ + && pip3 install --no-cache-dir --upgrade 'setuptools==67.7.2' boto3 pipenv virtualenv \ + && pip3 install --no-build-isolation "Cython<3" "PyYAML==$PYYAML_VERSION" \ + && pip3 uninstall cython --yes + +# Python39 +RUN set -ex \ + && pyenv install $PYTHON_39_VERSION \ + && pyenv global $PYTHON_39_VERSION \ + && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ + && pip3 install wheel \ + && pip3 install --no-cache-dir --upgrade 'setuptools==67.7.2' boto3 pipenv virtualenv \ + && pip3 install --no-build-isolation "Cython<3" "PyYAML==$PYYAML_VERSION" \ + && pip3 uninstall cython --yes \ + && rm -rf /tmp/* + +#**************** END PYTHON ***************************************************** + +#**************** PHP **************************************************** + +#phpenv +RUN curl -L https://raw.githubusercontent.com/phpenv/phpenv-installer/master/bin/phpenv-installer | bash +ENV PATH="/root/.phpenv/shims:/root/.phpenv/bin:$PATH" + +ENV PHP_83_VERSION="8.3.4" +ENV PHP_82_VERSION="8.2.17" +# Set environment variables for PHP configure options +ENV PHP_BUILD_CONFIGURE_OPTS="--with-curl --with-password-argon2 --with-pdo-pgsql --with-libedit" +# Set make arguments to use 4 parallel jobs. +ENV PHP_BUILD_EXTRA_MAKE_ARGUMENTS="-j4" + +RUN phpenv update \ + && phpenv install $PHP_83_VERSION \ + && phpenv install $PHP_82_VERSION \ + && phpenv global $PHP_82_VERSION \ + && php -v \ + && echo "memory_limit = 1G;" >> "/root/.phpenv/versions/$PHP_83_VERSION/etc/conf.d/memory.ini" \ + && echo "memory_limit = 1G;" >> "/root/.phpenv/versions/$PHP_82_VERSION/etc/conf.d/memory.ini" \ + && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer \ + && rm -rf /tmp/* +#**************** END PHP **************************************************** + +#**************** GOLANG **************************************************** +#goenv +RUN git clone https://github.com/syndbg/goenv.git $HOME/.goenv +ENV PATH="/root/.goenv/shims:/root/.goenv/bin:/go/bin:$PATH" +ENV GOENV_DISABLE_GOPATH=1 +ENV GOPATH="/go" + +ENV GOLANG_22_VERSION="1.22.1" +ENV GOLANG_21_VERSION="1.21.8" +ENV GOLANG_20_VERSION="1.20.13" +ENV GOENV_DISABLE_GOPATH=1 +ENV GOPATH="/go" + +RUN goenv install $GOLANG_22_VERSION \ + && goenv install $GOLANG_21_VERSION \ + && goenv install $GOLANG_20_VERSION \ + && goenv global $GOLANG_20_VERSION \ + && go env -w GO111MODULE=auto \ + && go get -u github.com/golang/dep/cmd/dep \ + && rm -rf /tmp/* + +#**************** END GOLANG ******************************* + +#**************** JAVA **************************************************** +ENV JAVA_17_HOME="/usr/lib/jvm/java-17-amazon-corretto" \ + JDK_17_HOME="/usr/lib/jvm/java-17-amazon-corretto" \ + JRE_17_HOME="/usr/lib/jvm/java-17-amazon-corretto" \ + JAVA_21_HOME="/usr/lib/jvm/java-21-amazon-corretto" \ + JDK_21_HOME="/usr/lib/jvm/java-21-amazon-corretto" \ + JRE_21_HOME="/usr/lib/jvm/java-21-amazon-corretto" \ + JAVA_11_HOME="/usr/lib/jvm/java-11-amazon-corretto" \ + JDK_11_HOME="/usr/lib/jvm/java-11-amazon-corretto" \ + JRE_11_HOME="/usr/lib/jvm/java-11-amazon-corretto" \ + JAVA_8_HOME="/usr/lib/jvm/java-1.8.0-amazon-corretto" \ + JDK_8_HOME="/usr/lib/jvm/java-1.8.0-amazon-corretto" \ + JRE_8_HOME="/usr/lib/jvm/java-1.8.0-amazon-corretto" +ARG ANT_VERSION=1.10.14 +ARG MAVEN_HOME="/opt/maven" +ARG MAVEN_VERSION=3.9.5 +ARG GRADLE_VERSION=8.3 +ARG SBT_VERSION=1.9.6 +ARG GRADLE_PATH="$SRC_DIR/gradle" +ARG ANT_DOWNLOAD_SHA512="4e74b382dd8271f9eac9fef69ba94751fb8a8356dbd995c4d642f2dad33de77bd37d4001d6c8f4f0ef6789529754968f0c1b6376668033c8904c6ec84543332a" +ARG MAVEN_DOWNLOAD_SHA512="4810523ba025104106567d8a15a8aa19db35068c8c8be19e30b219a1d7e83bcab96124bf86dc424b1cd3c5edba25d69ec0b31751c136f88975d15406cab3842b" +ARG GRADLE_DOWNLOADS_SHA256="bb09982fdf52718e4c7b25023d10df6d35a5fff969860bdf5a5bd27a3ab27a9e 8.3" +ARG SBT_DOWNLOAD_SHA256="923d7917ccb99a9fd985f4abfd81caacaed42284e67d3f7696cc5239e7c595cb" + +ARG MAVEN_CONFIG_HOME="/root/.m2" + +ENV JAVA_HOME="$JAVA_17_HOME" \ + JDK_HOME="$JDK_17_HOME" \ + JRE_HOME="$JRE_17_HOME" + +ENV PATH="${PATH}:/opt/tools" + +RUN set -ex \ + && apt-get update \ + && apt-get install -y -qq software-properties-common apt-utils sudo \ + # Install Corretto 17 + && wget -O - https://apt.corretto.aws/corretto.key | sudo gpg --dearmor -o /usr/share/keyrings/corretto-keyring.gpg \ + && echo "deb [signed-by=/usr/share/keyrings/corretto-keyring.gpg] https://apt.corretto.aws stable main" | sudo tee /etc/apt/sources.list.d/corretto.list \ + && apt-get update \ + && apt-get install -y -qq java-17-amazon-corretto-jdk \ + && apt-get install -y -qq java-21-amazon-corretto-jdk \ + && apt-get install -y -qq java-11-amazon-corretto-jdk \ + && apt-get install -y -qq java-1.8.0-amazon-corretto-jdk \ + && apt-get install -y -qq --no-install-recommends ca-certificates-java \ + # Ensure Java cacerts symlink points to valid location + && update-ca-certificates -f \ + && dpkg --add-architecture i386 \ + && apt-get update \ + && for tool_path in $JAVA_HOME/bin/*; do \ + tool=`basename $tool_path`; \ + update-alternatives --install /usr/bin/$tool $tool $tool_path 10000; \ + update-alternatives --set $tool $tool_path; \ + done \ + && rm $JAVA_HOME/lib/security/cacerts && ln -s /etc/ssl/certs/java/cacerts $JAVA_HOME/lib/security/cacerts \ + # Install Ant + && curl -LSso /var/tmp/apache-ant-$ANT_VERSION-bin.tar.gz https://archive.apache.org/dist/ant/binaries/apache-ant-$ANT_VERSION-bin.tar.gz \ + && echo "$ANT_DOWNLOAD_SHA512 /var/tmp/apache-ant-$ANT_VERSION-bin.tar.gz" | sha512sum -c - \ + && tar -xzf /var/tmp/apache-ant-$ANT_VERSION-bin.tar.gz -C /opt \ + && rm /var/tmp/apache-ant-$ANT_VERSION-bin.tar.gz \ + && update-alternatives --install /usr/bin/ant ant /opt/apache-ant-$ANT_VERSION/bin/ant 10000 + +RUN set -ex \ + # Install Maven + && mkdir -p $MAVEN_HOME \ + && curl -LSso /var/tmp/apache-maven-$MAVEN_VERSION-bin.tar.gz https://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz \ + && echo "$MAVEN_DOWNLOAD_SHA512 /var/tmp/apache-maven-$MAVEN_VERSION-bin.tar.gz" | sha512sum -c - \ + && tar xzf /var/tmp/apache-maven-$MAVEN_VERSION-bin.tar.gz -C $MAVEN_HOME --strip-components=1 \ + && rm /var/tmp/apache-maven-$MAVEN_VERSION-bin.tar.gz \ + && update-alternatives --install /usr/bin/mvn mvn /opt/maven/bin/mvn 10000 \ + && mkdir -p $MAVEN_CONFIG_HOME \ + # Install Gradle + && mkdir -p $GRADLE_PATH \ + && wget -q "https://services.gradle.org/distributions/gradle-$GRADLE_VERSION-all.zip" -O "$GRADLE_PATH/gradle-$GRADLE_VERSION-all.zip" \ + && unzip -q "$GRADLE_PATH/gradle-$GRADLE_VERSION-all.zip" -d /usr/local \ + && echo "$GRADLE_DOWNLOADS_SHA256" | grep "$GRADLE_VERSION" | sed "s|$GRADLE_VERSION|$GRADLE_PATH/gradle-$GRADLE_VERSION-all.zip|" | sha256sum -c - \ + && rm "$GRADLE_PATH/gradle-$GRADLE_VERSION-all.zip" \ + && mkdir "/tmp/gradle-$GRADLE_VERSION" \ + && "/usr/local/gradle-$GRADLE_VERSION/bin/gradle" -p "/tmp/gradle-$GRADLE_VERSION" init \ + && "/usr/local/gradle-$GRADLE_VERSION/bin/gradle" -p "/tmp/gradle-$GRADLE_VERSION" wrapper \ + # Android Studio uses the "-all" distribution for it's wrapper script. + && perl -pi -e "s/gradle-$GRADLE_VERSION-bin.zip/gradle-$GRADLE_VERSION-all.zip/" "/tmp/gradle-$GRADLE_VERSION/gradle/wrapper/gradle-wrapper.properties" \ + && "/tmp/gradle-$GRADLE_VERSION/gradlew" -p "/tmp/gradle-$GRADLE_VERSION" init \ + && rm -rf "/tmp/gradle-$GRADLE_VERSION" \ + # Install default GRADLE_VERSION to path + && ln -s /usr/local/gradle-$GRADLE_VERSION/bin/gradle /usr/bin/gradle \ + && rm -rf $GRADLE_PATH \ + # Install SBT + && curl -fSL "https://github.com/sbt/sbt/releases/download/v${SBT_VERSION}/sbt-${SBT_VERSION}.tgz" -o sbt.tgz \ + && echo "${SBT_DOWNLOAD_SHA256} *sbt.tgz" | sha256sum -c - \ + && tar xzf sbt.tgz -C /usr/local/bin/ \ + && rm sbt.tgz + +ENV PATH "/usr/local/bin/sbt/bin:$PATH" +RUN sbt version -Dsbt.rootdir=true +# Cleanup +RUN rm -fr /var/lib/apt/lists/* /tmp/* /var/tmp/* \ + && apt-get clean +#**************** END JAVA **************************************************** + +#=======================End of stage: runtimes ================= + +FROM runtimes AS std_v7 + +# Activate runtime versions specific to image version. +RUN n $NODE_18_VERSION +RUN pyenv global $PYTHON_311_VERSION +RUN phpenv global $PHP_82_VERSION +RUN rbenv global $RUBY_32_VERSION +RUN goenv global $GOLANG_20_VERSION +RUN dotnet new globaljson --force --sdk-version $DOTNET_6_GLOBAL_JSON_SDK_VERSION --roll-forward feature + +# Configure SSH +COPY ssh_config /root/.ssh/config +COPY runtimes.yml /codebuild/image/config/runtimes.yml +COPY dockerd-entrypoint.sh /usr/local/bin/dockerd-entrypoint.sh +COPY legal/bill_of_material.txt /usr/share/doc/bill_of_material.txt +COPY amazon-ssm-agent.json /etc/amazon/ssm/amazon-ssm-agent.json + + + +ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh"] + +#=======================END of STD:7.0 ================= diff --git a/ubuntu/standard/8.0/amazon-ssm-agent.json b/ubuntu/standard/8.0/amazon-ssm-agent.json new file mode 100644 index 00000000..acb8c83e --- /dev/null +++ b/ubuntu/standard/8.0/amazon-ssm-agent.json @@ -0,0 +1,45 @@ +{ + "Profile":{ + "ShareCreds" : true, + "ShareProfile" : "" + }, + "Mds": { + "CommandWorkersLimit" : 5, + "StopTimeoutMillis" : 20000, + "Endpoint": "", + "CommandRetryLimit": 15 + }, + "Ssm": { + "Endpoint": "", + "HealthFrequencyMinutes": 5, + "CustomInventoryDefaultLocation" : "", + "AssociationLogsRetentionDurationHours" : 24, + "RunCommandLogsRetentionDurationHours" : 336, + "SessionLogsRetentionDurationHours" : 336 + }, + "Mgs": { + "Region": "", + "Endpoint": "", + "StopTimeoutMillis" : 20000, + "SessionWorkersLimit" : 1000 + }, + "Agent": { + "Region": "", + "OrchestrationRootDir": "", + "ContainerMode": true + }, + "Os": { + "Lang": "en-US", + "Name": "", + "Version": "1" + }, + "S3": { + "Endpoint": "", + "Region": "", + "LogBucket":"", + "LogKey":"" + }, + "Kms": { + "Endpoint": "" + } +} diff --git a/ubuntu/standard/8.0/dockerd-entrypoint.sh b/ubuntu/standard/8.0/dockerd-entrypoint.sh new file mode 100644 index 00000000..1591be44 --- /dev/null +++ b/ubuntu/standard/8.0/dockerd-entrypoint.sh @@ -0,0 +1,23 @@ +#!/bin/sh +set -e + +/usr/local/bin/dockerd \ + --host=unix:///var/run/docker.sock \ + --host=tcp://127.0.0.1:2375 \ + --storage-driver=overlay2 &>/var/log/docker.log & + + +tries=0 +d_timeout=60 +until docker info >/dev/null 2>&1 +do + if [ "$tries" -gt "$d_timeout" ]; then + cat /var/log/docker.log + echo 'Timed out trying to connect to internal docker host.' >&2 + exit 1 + fi + tries=$(( $tries + 1 )) + sleep 1 +done + +eval "$@" diff --git a/ubuntu/standard/8.0/legal/bill_of_material.txt b/ubuntu/standard/8.0/legal/bill_of_material.txt new file mode 100644 index 00000000..48e908cb --- /dev/null +++ b/ubuntu/standard/8.0/legal/bill_of_material.txt @@ -0,0 +1,274 @@ +The Amazon CodeBuild Product includes the following third-party software/licensing: + +---------------- +apt-transport-https : /usr/share/doc/apt-transport-https/copyright +---------------- +apt-utils : /usr/share/doc/apt-utils/copyright +---------------- +asciidoc : /usr/share/doc/asciidoc/copyright +---------------- +autoconf : /usr/share/doc/autoconf/copyright +---------------- +automake : /usr/share/doc/automake/copyright +---------------- +build-essential : /usr/share/doc/build-essential/copyright +---------------- +bzip2 : /usr/share/doc/bzip2/copyright +---------------- +bzr : /usr/share/doc/bzr/copyright +---------------- +pack: https://github.com/buildpacks/pack/blob/main/LICENSE +---------------- +ca-certificates-java : /usr/share/doc/ca-certificates-java/copyright +---------------- +curl : /usr/share/doc/curl/copyright +---------------- +dirmngr : /usr/share/doc/dirmngr/copyright +---------------- +docbook-xml : /usr/share/doc/docbook-xml/copyright +---------------- +docbook-xsl : /usr/share/doc/docbook-xsl/copyright +---------------- +dpkg-dev : /usr/share/doc/dpkg-dev/copyright +---------------- +e2fsprogs : /usr/share/doc/e2fsprogs/copyright +---------------- +expect : /usr/share/doc/expect/copyright +---------------- +fakeroot : /usr/share/doc/fakeroot/copyright +---------------- +file : /usr/share/doc/file/copyright +---------------- +g++ : /usr/share/doc/g++/copyright +---------------- +gcc : /usr/share/doc/gcc/copyright +---------------- +gettext : /usr/share/doc/gettext/copyright +---------------- +gettext-base : /usr/share/doc/gettext-base/copyright +---------------- +git : /usr/share/doc/git/copyright +---------------- +groff : /usr/share/doc/groff/copyright +---------------- +gzip : /usr/share/doc/gzip/copyright +---------------- +iptables : /usr/share/doc/iptables/copyright +---------------- +jq : /usr/share/doc/jq/copyright +---------------- +less : /usr/share/doc/less/copyright +---------------- +lib32gcc1 : /usr/share/doc/lib32gcc1/copyright +---------------- +lib32ncurses5 : /usr/share/doc/lib32ncurses5/copyright +---------------- +lib32stdc++6 : /usr/share/doc/lib32stdc++6/copyright +---------------- +lib32z1 : /usr/share/doc/lib32z1/copyright +---------------- +libapr1 : /usr/share/doc/libapr1/copyright +---------------- +libaprutil1 : /usr/share/doc/libaprutil1/copyright +---------------- +libargon2-0-dev : /usr/share/doc/libargon2-0-dev/copyright +---------------- +libasound2 : /usr/share/doc/libasound2/copyright +---------------- +libbz2-dev : /usr/share/doc/libbz2-dev/copyright +---------------- +libc6-dev : /usr/share/doc/libc6-dev/copyright +---------------- +libc6-i386 : /usr/share/doc/libc6-i386/copyright +---------------- +libcurl4-openssl-dev : /usr/share/doc/libcurl4-openssl-dev/copyright +---------------- +libdb-dev : /usr/share/doc/libdb-dev/copyright +---------------- +libdbd-sqlite3-perl : /usr/share/doc/libdbd-sqlite3-perl/copyright +---------------- +libdbi-perl : /usr/share/doc/libdbi-perl/copyright +---------------- +libdbus-1-3 : /usr/share/doc/libdbus-1-3/copyright +---------------- +libdbus-glib-1-2 : /usr/share/doc/libdbus-glib-1-2/copyright +---------------- +libdpkg-perl : /usr/share/doc/libdpkg-perl/copyright +---------------- +libedit-dev : /usr/share/doc/libedit-dev/copyright +---------------- +liberror-perl : /usr/share/doc/liberror-perl/copyright +---------------- +libevent-dev : /usr/share/doc/libevent-dev/copyright +---------------- +libffi-dev : /usr/share/doc/libffi-dev/copyright +---------------- +libgeoip-dev : /usr/share/doc/libgeoip-dev/copyright +---------------- +libglib2.0-0 : /usr/share/doc/libglib2.0-0/copyright +---------------- +libglib2.0-dev : /usr/share/doc/libglib2.0-dev/copyright +---------------- +libgtk-3-0 : /usr/share/doc/libgtk-3-0/copyright +---------------- +libhttp-date-perl : /usr/share/doc/libhttp-date-perl/copyright +---------------- +libio-pty-perl : /usr/share/doc/libio-pty-perl/copyright +---------------- +libjpeg-dev : /usr/share/doc/libjpeg-dev/copyright +---------------- +libkrb5-dev : /usr/share/doc/libkrb5-dev/copyright +---------------- +liblzma-dev : /usr/share/doc/liblzma-dev/copyright +---------------- +libmagickcore-dev : /usr/share/doc/libmagickcore-dev/copyright +---------------- +libmagickwand-dev : /usr/share/doc/libmagickwand-dev/copyright +---------------- +libmysqlclient-dev : /usr/share/doc/libmysqlclient-dev/copyright +---------------- +libncurses5-dev : /usr/share/doc/libncurses5-dev/copyright +---------------- +libncursesw5-dev : /usr/share/doc/libncursesw5-dev/copyright +---------------- +libonig-dev : /usr/share/doc/libonig-dev/copyright +---------------- +libpq-dev : /usr/share/doc/libpq-dev/copyright +---------------- +libqt5widgets5 : /usr/share/doc/libqt5widgets5/copyright +---------------- +libreadline-dev : /usr/share/doc/libreadline-dev/copyright +---------------- +libserf-1-1 : /usr/share/doc/libserf-1-1/copyright +---------------- +libsqlite3-dev : /usr/share/doc/libsqlite3-dev/copyright +---------------- +libssl-dev : /usr/share/doc/libssl-dev/copyright +---------------- +libsvn-perl : /usr/share/doc/libsvn-perl/copyright +---------------- +libsvn1 : /usr/share/doc/libsvn1/copyright +---------------- +libtcl8.6 : /usr/share/doc/libtcl8.6/copyright +---------------- +libtidy-dev : /usr/share/doc/libtidy-dev/copyright +---------------- +libtimedate-perl : /usr/share/doc/libtimedate-perl/copyright +---------------- +libtool : /usr/share/doc/libtool/copyright +---------------- +libwebp-dev : /usr/share/doc/libwebp-dev/copyright +---------------- +libxml2-dev : /usr/share/doc/libxml2-dev/copyright +---------------- +libxml2-utils : /usr/share/doc/libxml2-utils/copyright +---------------- +libxslt1-dev : /usr/share/doc/libxslt1-dev/copyright +---------------- +libyaml-dev : /usr/share/doc/libyaml-dev/copyright +---------------- +libyaml-perl : /usr/share/doc/libyaml-perl/copyright +---------------- +libzip-dev : /usr/share/doc/libzip-dev/copyright +---------------- +libzip4 : /usr/share/doc/libzip4/copyright +---------------- +llvm : /usr/share/doc/llvm/copyright +---------------- +locales : /usr/share/doc/locales/copyright +---------------- +make : /usr/share/doc/make/copyright +---------------- +mlocate : /usr/share/doc/mlocate/copyright +---------------- +netbase : /usr/share/doc/netbase/copyright +---------------- +openjdk-8-jdk : /usr/share/doc/openjdk-8-jdk/copyright +---------------- +openjdk-11-jdk : /usr/share/doc/openjdk-11-jre-headless/copyright +---------------- +openssh-client : /usr/share/doc/openssh-client/copyright +---------------- +openssl : /usr/share/doc/openssl/copyright +---------------- +patch : /usr/share/doc/patch/copyright +---------------- +pkg-config : /usr/share/doc/pkg-config/copyright +---------------- +procps : /usr/share/doc/procps/copyright +---------------- +python-bzrlib : /usr/share/doc/python-bzrlib/copyright +---------------- +python-configobj : /usr/share/doc/python-configobj/copyright +---------------- +python-openssl : /usr/share/doc/python-openssl/copyright +---------------- +python-setuptools : /usr/share/doc/python-setuptools/copyright +---------------- +rsync : /usr/share/doc/rsync/copyright +---------------- +sbt : /usr/share/doc/sbt/copyright +---------------- +sgml-base : /usr/share/doc/sgml-base/copyright +---------------- +sgml-data : /usr/share/doc/sgml-data/copyright +---------------- +software-properties-common : /usr/share/doc/software-properties-common/copyright +---------------- +tar : /usr/share/doc/tar/copyright +---------------- +tcl : /usr/share/doc/tcl/copyright +---------------- +tcl8.6 : /usr/share/doc/tcl8.6/copyright +---------------- +tk : /usr/share/doc/tk/copyright +---------------- +tk-dev : /usr/share/doc/tk-dev/copyright +---------------- +unzip : /usr/share/doc/unzip/copyright +---------------- +vim : /usr/share/doc/vim/copyright +---------------- +wget : /usr/share/doc/wget/copyright +---------------- +xfsprogs : /usr/share/doc/xfsprogs/copyright +---------------- +xml-core : /usr/share/doc/xml-core/copyright +---------------- +xmlto : /usr/share/doc/xmlto/copyright +---------------- +xsltproc : /usr/share/doc/xsltproc/copyright +---------------- +xvfb : /usr/share/doc/xvfb/copyright +---------------- +xz-utils : /usr/share/doc/xz-utils/copyright +---------------- +git-lfs : /usr/share/doc/git-lfs/copyright +---------------- +zip : /usr/share/doc/zip/copyright +---------------- +zlib1g-dev : /usr/share/doc/zlib1g-dev/copyright +---------------- +ruby :https://www.ruby-lang.org/en/about/license.txt +---------------- +python :https://docs.python.org/3/license.html +---------------- +php :https://www.php.net/license/index.php +---------------- +nodejs :https://github.com/nodejs/node/blob/master/LICENSE +---------------- +golang :https://golang.org/LICENSE +---------------- +dotnet :https://github.com/dotnet/core/blob/master/LICENSE.TXT +---------------- +Firefox :https://www.mozilla.org/en-US/MPL/ +---------------- +Chrome : https://www.google.com/intl/en_pk/chrome/privacy/eula_text.html +---------------- +stunnel : https://www.stunnel.org/gpl.html +---------------- +gitversion :https://github.com/GitTools/GitVersion/blob/master/LICENSE +---------------- +docker : https://www.docker.com/legal/components-licenses +---------------- + diff --git a/ubuntu/standard/8.0/runtimes.yml b/ubuntu/standard/8.0/runtimes.yml new file mode 100644 index 00000000..94689dcc --- /dev/null +++ b/ubuntu/standard/8.0/runtimes.yml @@ -0,0 +1,192 @@ +version: 0.1 + +runtimes: + java: + versions: + corretto21: + commands: + - echo "Installing Corretto(OpenJDK) version 21 ..." + - export JAVA_HOME="$JAVA_21_HOME" + - export JRE_HOME="$JRE_21_HOME" + - export JDK_HOME="$JDK_21_HOME" + - |- + for tool_path in "$JAVA_HOME"/bin/*; + do tool=`basename "$tool_path"`; + if [ $tool != 'java-rmi.cgi' ]; + then + rm -f /usr/bin/$tool /var/lib/alternatives/$tool; + update-alternatives --install /usr/bin/$tool $tool $tool_path 20000; + update-alternatives --set $tool $tool_path; + fi; + done + corretto17: + commands: + - echo "Installing Corretto(OpenJDK) version 17 ..." + - export JAVA_HOME="$JAVA_17_HOME" + - export JRE_HOME="$JRE_17_HOME" + - export JDK_HOME="$JDK_17_HOME" + - |- + for tool_path in "$JAVA_HOME"/bin/*; + do tool=`basename "$tool_path"`; + if [ $tool != 'java-rmi.cgi' ]; + then + rm -f /usr/bin/$tool /var/lib/alternatives/$tool; + update-alternatives --install /usr/bin/$tool $tool $tool_path 20000; + update-alternatives --set $tool $tool_path; + fi; + done + corretto11: + commands: + - echo "Installing Corretto(OpenJDK) version 11 ..." + - export JAVA_HOME="$JAVA_11_HOME" + - export JRE_HOME="$JRE_11_HOME" + - export JDK_HOME="$JDK_11_HOME" + - |- + for tool_path in "$JAVA_HOME"/bin/*; + do tool=`basename "$tool_path"`; + if [ $tool != 'java-rmi.cgi' ]; + then + rm -f /usr/bin/$tool /var/lib/alternatives/$tool; + update-alternatives --install /usr/bin/$tool $tool $tool_path 20000; + update-alternatives --set $tool $tool_path; + fi; + done + corretto8: + commands: + - echo "Installing Corretto(OpenJDK) version 8 ..." + - export JAVA_HOME="$JAVA_8_HOME" + - export JRE_HOME="$JRE_8_HOME" + - export JDK_HOME="$JDK_8_HOME" + - |- + for tool_path in "$JAVA_HOME"/bin/*; + do tool=`basename "$tool_path"`; + if [ $tool != 'java-rmi.cgi' ]; + then + rm -f /usr/bin/$tool /var/lib/alternatives/$tool; + update-alternatives --install /usr/bin/$tool $tool $tool_path 20000; + update-alternatives --set $tool $tool_path; + fi; + done + default: + commands: + - echo "Installing custom Corretto(OpenJDK) version $VERSION ..." + - apt-get update + - apt-get install -y java-$VERSION-amazon-corretto-jdk + - export JAVA_HOME="/usr/lib/jvm/java-$VERSION-amazon-corretto" + - export JRE_HOME="/usr/lib/jvm/java-$VERSION-amazon-corretto" + - export JDK_HOME="/usr/lib/jvm/java-$VERSION-amazon-corretto" + - |- + for tool_path in "$JAVA_HOME"/bin/*; + do tool=`basename "$tool_path"`; + if [ $tool != 'java-rmi.cgi' ]; + then + rm -f /usr/bin/$tool /var/lib/alternatives/$tool; + update-alternatives --install /usr/bin/$tool $tool $tool_path 20000; + update-alternatives --set $tool $tool_path; + fi; + done + golang: + versions: + 1.22: + commands: + - echo "Installing Go version 1.22 ..." + - goenv global $GOLANG_22_VERSION + 1.21: + commands: + - echo "Installing Go version 1.21 ..." + - goenv global $GOLANG_21_VERSION + 1.20: + commands: + - echo "Installing Go version 1.20 ..." + - goenv global $GOLANG_20_VERSION + default: + commands: + - echo "Installing custom Go version $VERSION ..." + - goenv install $VERSION && rm -rf /tmp/* + - goenv global $VERSION + python: + versions: + 3.12: + commands: + - echo "Installing Python version 3.12 ..." + - pyenv global $PYTHON_312_VERSION + 3.11: + commands: + - echo "Installing Python version 3.11 ..." + - pyenv global $PYTHON_311_VERSION + 3.10: + commands: + - echo "Installing Python version 3.10 ..." + - pyenv global $PYTHON_310_VERSION + 3.9: + commands: + - echo "Installing Python version 3.9 ..." + - pyenv global $PYTHON_39_VERSION + default: + commands: + - echo "Installing custom Python version $VERSION ..." + - pyenv install $VERSION && rm -rf /tmp/* + - pyenv global $VERSION + php: + versions: + 8.3: + commands: + - echo "Installing PHP version 8.3 ..." + - phpenv global $PHP_83_VERSION + 8.2: + commands: + - echo "Installing PHP version 8.2 ..." + - phpenv global $PHP_82_VERSION + default: + commands: + - echo "Installing custom PHP version $VERSION ..." + - phpenv install $VERSION && rm -rf /tmp/* + - phpenv global $VERSION + ruby: + versions: + 3.3: + commands: + - echo "Installing Ruby version 3.3 ..." + - rbenv global $RUBY_33_VERSION + 3.2: + commands: + - echo "Installing Ruby version 3.2 ..." + - rbenv global $RUBY_32_VERSION + 3.1: + commands: + - echo "Installing Ruby version 3.1 ..." + - rbenv global $RUBY_31_VERSION + default: + commands: + - echo "Installing custom Ruby version $VERSION ..." + - rbenv install $VERSION && rm -rf /tmp/* + - rbenv global $VERSION + nodejs: + versions: + 20: + commands: + - echo "Installing Node.js version 20 ..." + - n $NODE_20_VERSION + 18: + commands: + - echo "Installing Node.js version 18 ..." + - n $NODE_18_VERSION + default: + commands: + - echo "Installing custom Node.js version $VERSION ..." + - n $VERSION && rm -rf /tmp/* + dotnet: + versions: + 8.0: + commands: + - echo "Installing .NET version 8.0 ..." + - test -f "global.json" && echo "Using provided global.json" || dotnet new globaljson --sdk-version $DOTNET_8_GLOBAL_JSON_SDK_VERSION --roll-forward feature + 6.0: + commands: + - echo "Installing .NET version 6.0 ..." + - test -f "global.json" && echo "Using provided global.json" || dotnet new globaljson --sdk-version $DOTNET_6_GLOBAL_JSON_SDK_VERSION --roll-forward feature + default: + commands: + - echo "Installing custom .Net version $VERSION ..." + - /usr/local/bin/dotnet-install.sh -v $VERSION && rm -rf /tmp/* + - test -f "global.json" && echo "Using provided global.json" || dotnet new globaljson --sdk-version $VERSION --roll-forward feature \ No newline at end of file diff --git a/ubuntu/standard/8.0/ssh_config b/ubuntu/standard/8.0/ssh_config new file mode 100644 index 00000000..710e2754 --- /dev/null +++ b/ubuntu/standard/8.0/ssh_config @@ -0,0 +1,3 @@ +Host * + ConnectTimeout 10 + ConnectionAttempts 10 diff --git a/ubuntu/standard/8.0/tools/runtime_configs/php/8.2.12 b/ubuntu/standard/8.0/tools/runtime_configs/php/8.2.12 new file mode 100644 index 00000000..a57a5a9c --- /dev/null +++ b/ubuntu/standard/8.0/tools/runtime_configs/php/8.2.12 @@ -0,0 +1,20 @@ +configure_option "--with-curl" +configure_option "--with-password-argon2" +configure_option "--with-pdo-pgsql" +configure_option "--with-libedit" + +PHP_BUILD_EXTRA_MAKE_ARGUMENTS="-j4" + +#https://github.com/php-build/php-build/blob/master/share/php-build/definitions/8.2.12 +#Don't change beyond this line + +configure_option "--enable-gd" +configure_option "--with-jpeg" +configure_option "--with-zip" +configure_option "--with-mhash" + +configure_option -D "--with-xmlrpc" + +install_package "https://www.php.net/distributions/php-8.2.12.tar.bz2" +install_xdebug "3.2.2" +enable_builtin_opcache diff --git a/ubuntu/standard/8.0/tools/runtime_configs/python/3.11.6 b/ubuntu/standard/8.0/tools/runtime_configs/python/3.11.6 new file mode 100644 index 00000000..99681ea6 --- /dev/null +++ b/ubuntu/standard/8.0/tools/runtime_configs/python/3.11.6 @@ -0,0 +1,18 @@ +export PYTHON_CONFIGURE_OPTS="\ + --enable-shared + --enable-loadable-sqlite-extensions" + +# Don't change below this line. +# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.11.4 + +#require_gcc +prefer_openssl11 +export PYTHON_BUILD_CONFIGURE_WITH_OPENSSL=1 +export PYTHON_BUILD_TCLTK_USE_PKGCONFIG=1 +install_package "openssl-1.1.1s" "https://www.openssl.org/source/openssl-1.1.1s.tar.gz#c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18a6f74e4b6aa" mac_openssl --if has_broken_mac_openssl +install_package "readline-8.2" "https://ftpmirror.gnu.org/readline/readline-8.2.tar.gz#3feb7171f16a84ee82ca18a36d7b9be109a52c04f492a053331d7d1095007c35" mac_readline --if has_broken_mac_readline +if has_tar_xz_support; then + install_package "Python-3.11.6" "https://www.python.org/ftp/python/3.11.6/Python-3.11.6.tar.xz#0fab78fa7f133f4f38210c6260d90d7c0d5c7198446419ce057ec7ac2e6f5f38" standard verify_py311 copy_python_gdb ensurepip +else + install_package "Python-3.11.6" "https://www.python.org/ftp/python/3.11.6/Python-3.11.6.tgz#c049bf317e877cbf9fce8c3af902436774ecef5249a29d10984ca3a37f7f4736" standard verify_py311 copy_python_gdb ensurepip +fi diff --git a/ubuntu/standard/8.0/tools/runtime_configs/python/3.12.0 b/ubuntu/standard/8.0/tools/runtime_configs/python/3.12.0 new file mode 100644 index 00000000..bd476571 --- /dev/null +++ b/ubuntu/standard/8.0/tools/runtime_configs/python/3.12.0 @@ -0,0 +1,17 @@ +export PYTHON_CONFIGURE_OPTS="\ + --enable-shared + --enable-loadable-sqlite-extensions" + +# Don't change below this line. +# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.12.0 + +#require_gcc +prefer_openssl3 +export PYTHON_BUILD_CONFIGURE_WITH_OPENSSL=1 +install_package "openssl-3.1.2" "https://www.openssl.org/source/openssl-3.1.2.tar.gz#a0ce69b8b97ea6a35b96875235aa453b966ba3cba8af2de23657d8b6767d6539" mac_openssl --if has_broken_mac_openssl +install_package "readline-8.2" "https://ftpmirror.gnu.org/readline/readline-8.2.tar.gz#3feb7171f16a84ee82ca18a36d7b9be109a52c04f492a053331d7d1095007c35" mac_readline --if has_broken_mac_readline +if has_tar_xz_support; then + install_package "Python-3.12.0" "https://www.python.org/ftp/python/3.12.0/Python-3.12.0.tar.xz#795c34f44df45a0e9b9710c8c71c15c671871524cd412ca14def212e8ccb155d" standard verify_py312 copy_python_gdb ensurepip +else + install_package "Python-3.12.0" "https://www.python.org/ftp/python/3.12.0/Python-3.12.0.tgz#51412956d24a1ef7c97f1cb5f70e185c13e3de1f50d131c0aac6338080687afb" standard verify_py312 copy_python_gdb ensurepip +fi From 348601812a6d925cea78cd4ae3a978387de7cd37 Mon Sep 17 00:00:00 2001 From: "Dylan M. Taylor" Date: Mon, 5 May 2025 12:07:26 -0400 Subject: [PATCH 2/3] feat: Incorporate changes from standard:7.0 into standard:8.0 --- ubuntu/standard/8.0/Dockerfile | 412 +++++++++++++++++++++------------ 1 file changed, 260 insertions(+), 152 deletions(-) diff --git a/ubuntu/standard/8.0/Dockerfile b/ubuntu/standard/8.0/Dockerfile index 02d00d02..85a75bc6 100644 --- a/ubuntu/standard/8.0/Dockerfile +++ b/ubuntu/standard/8.0/Dockerfile @@ -12,11 +12,11 @@ FROM public.ecr.aws/ubuntu/ubuntu:24.04 AS core ARG DEBIAN_FRONTEND="noninteractive" -# Install git, SSH, and other utilities +# Install SSH, and other utilities RUN set -ex \ && echo 'Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/99use-gzip-compression \ && apt-get update \ - && apt install -y -qq apt-transport-https gnupg ca-certificates \ + && apt install -y -qq apt-transport-https gnupg ca-certificates sudo \ && apt-get install software-properties-common -y -qq --no-install-recommends \ && apt-get install -y -qq --no-install-recommends openssh-client \ && mkdir ~/.ssh \ @@ -26,28 +26,39 @@ RUN set -ex \ && ssh-keyscan -t rsa,dsa,ed25519,ecdsa -H bitbucket.org >> ~/.ssh/known_hosts \ && chmod 600 ~/.ssh/known_hosts \ && apt-get install -y -qq --no-install-recommends \ - apt-utils asciidoc autoconf automake build-essential bzip2 \ - bzr curl dirmngr docbook-xml docbook-xsl dpkg-dev \ - e2fsprogs expect fakeroot file g++ gcc gettext gettext-base \ - groff gzip iptables jq less libapr1 libaprutil1 \ - libargon2-0-dev libbz2-dev libc6-dev libcurl4-openssl-dev \ - libdb-dev libdbd-sqlite3-perl libdbi-perl libdpkg-perl \ - libedit-dev liberror-perl libevent-dev libffi-dev libgeoip-dev \ - libglib2.0-dev libhttp-date-perl libio-pty-perl libjpeg-dev \ - libkrb5-dev liblzma-dev libmagickcore-dev libmagickwand-dev \ - libmysqlclient-dev libncurses5-dev libncursesw5-dev libonig-dev \ - libpq-dev libreadline-dev libserf-1-1 libsodium-dev libsqlite3-dev libssl-dev \ - libsvn1 libsvn-perl libtcl8.6 libtidy-dev libtimedate-perl \ - libtool libwebp-dev libxml2-dev libxml2-utils libxslt1-dev \ - libyaml-dev libyaml-perl llvm locales make mlocate \ - netbase openssl patch pkg-config procps python3-configobj \ - python3-openssl rsync sgml-base sgml-data \ - tar tcl tcl8.6 tk tk-dev unzip wget xfsprogs xml-core xmlto xsltproc \ - libzip-dev vim xvfb xz-utils zip zlib1g-dev git-lfs \ + acl apt-utils aria2 asciidoc autoconf automake \ + binutils bison brotli build-essential bzip2 bzr \ + coreutils curl dirmngr dnsutils docbook-xml docbook-xsl dpkg dpkg-dev \ + e2fsprogs expect fakeroot file findutils flex fonts-noto-color-emoji ftp \ + g++ gcc git-lfs gettext gettext-base gnupg2 groff gzip \ + haveged imagemagick iproute2 iptables jq less \ + lib32z1 libapr1 libaprutil1 libargon2-0-dev libbz2-dev \ + libc++-dev libc++abi-dev libc6-dev libcurl4-openssl-dev \ + libdb-dev libdbd-sqlite3-perl libdbi-perl libdpkg-perl \ + libedit-dev liberror-perl libevent-dev libffi-dev \ + libgeoip-dev libgbm-dev libgconf-2-4 libglib2.0-dev libgsl-dev libgtk-3-0 \ + libhttp-date-perl libio-pty-perl libjpeg-dev libkrb5-dev liblzma-dev \ + libmagic-dev libmagickcore-dev libmagickwand-dev libmysqlclient-dev \ + libncurses5-dev libncursesw5-dev libonig-dev libpq-dev libreadline-dev \ + libsecret-1-dev libserf-1-1 libsodium-dev libsqlite3-dev libssl-dev \ + libsvn1 libsvn-perl libtcl8.6 libtidy-dev libtimedate-perl libtool libunwind8 \ + libwebp-dev libxkbfile-dev libxml2-dev libxml2-utils libxslt1-dev libxss1 \ + libyaml-dev libyaml-perl libzip-dev llvm locales lz4 \ + m4 make mediainfo mercurial mlocate net-tools netbase netcat \ + openssl patch p7zip-full p7zip-rar parallel pass patchelf pigz pkg-config pollinate procps \ + python-is-python3 python3-configobj python3-openssl rpm rsync \ + sgml-base sgml-data shellcheck sphinxsearch sqlite3 ssh sshpass subversion sudo swig systemd-coredump \ + tar tcl tcl8.6 telnet texinfo time tk tk-dev tzdata \ + unzip upx vim wget xfsprogs xml-core xmlto xorriso xsltproc \ + xvfb xz-utils zip zlib1g-dev zsync \ && rm -rf /var/lib/apt/lists/* ENV LC_CTYPE="C.UTF-8" +# Set locale +RUN locale-gen en_US.UTF-8 \ + && update-locale LANG=en_US.UTF-8 + RUN useradd codebuild-user #=======================End of layer: core ================= @@ -56,47 +67,77 @@ FROM core AS tools # Install Git RUN set -ex \ - && GIT_VERSION=2.42.1 \ - && GIT_TAR_FILE=git-$GIT_VERSION.tar.gz \ - && GIT_SRC=https://github.com/git/git/archive/v${GIT_VERSION}.tar.gz \ - && curl -L -o $GIT_TAR_FILE $GIT_SRC \ - && tar zxf $GIT_TAR_FILE \ - && cd git-$GIT_VERSION \ - && make -j4 \ - && make install prefix=/usr \ - && cd .. && rm -rf git-$GIT_VERSION \ - && rm -rf $GIT_TAR_FILE /tmp/* + && GIT_VERSION=2.47.1 \ + && GIT_TAR_FILE=git-$GIT_VERSION.tar.gz \ + && GIT_SRC=https://github.com/git/git/archive/v${GIT_VERSION}.tar.gz \ + && curl -L -o $GIT_TAR_FILE $GIT_SRC \ + && tar zxf $GIT_TAR_FILE \ + && cd git-$GIT_VERSION \ + && make -j4 \ + && make install prefix=/usr \ + && cd .. && rm -rf git-$GIT_VERSION \ + && rm -rf $GIT_TAR_FILE /tmp/* \ + && git --version # Install AWS SAM CLI RUN wget -nv https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip -O /tmp/samcli.zip \ - && unzip -q /tmp/samcli.zip -d /opt \ - && /opt/install --update -i /usr/local/sam-cli -b /usr/local/bin \ - && rm /tmp/samcli.zip /opt/install \ - && rm -rf /opt/aws-sam-cli-src \ + && unzip -q /tmp/samcli.zip -d /opt/samcli \ + && /opt/samcli/install --update -i /usr/local/sam-cli -b /usr/local/bin \ + && rm -rf /opt/samcli /tmp/* \ && sam --version +# Install AWS CLI v2 +# https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html +RUN curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o /tmp/awscliv2.zip \ + && unzip -q /tmp/awscliv2.zip -d /opt/awscli \ + && /opt/awscli/aws/install --update -i /usr/local/aws-cli -b /usr/local/bin \ + && rm -rf /opt/awscli /tmp/* \ + && aws --version + # Install stunnel RUN set -ex \ - && STUNNEL_VERSION=5.71 \ - && STUNNEL_TAR=stunnel-$STUNNEL_VERSION.tar.gz \ - && STUNNEL_SHA256="f023aae837c2d32deb920831a5ee1081e11c78a5d57340f8e6f0829f031017f5" \ - && curl -o $STUNNEL_TAR https://www.stunnel.org/archive/5.x/$STUNNEL_TAR && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum --check && tar xfz $STUNNEL_TAR \ - && cd stunnel-$STUNNEL_VERSION \ - && ./configure \ - && make -j4 \ - && make install \ - && openssl genrsa -out key.pem 2048 \ - && openssl req -new -x509 -key key.pem -out cert.pem -days 1095 -subj "/C=US/ST=Washington/L=Seattle/O=Amazon/OU=Codebuild/CN=codebuild.amazon.com" \ - && cat key.pem cert.pem >> /usr/local/etc/stunnel/stunnel.pem \ - && cd .. && rm -rf stunnel-${STUNNEL_VERSION}* + && STUNNEL_VERSION=5.73 \ + && STUNNEL_TAR=stunnel-$STUNNEL_VERSION.tar.gz \ + && STUNNEL_SHA256="bc917c3bcd943a4d632360c067977a31e85e385f5f4845f69749bce88183cb38" \ + && curl -o $STUNNEL_TAR https://www.stunnel.org/archive/5.x/$STUNNEL_TAR && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum --check && tar xfz $STUNNEL_TAR \ + && cd stunnel-$STUNNEL_VERSION \ + && ./configure \ + && make -j4 \ + && make install \ + && openssl genrsa -out key.pem 2048 \ + && openssl req -new -x509 -key key.pem -out cert.pem -days 1095 -subj "/C=US/ST=Washington/L=Seattle/O=Amazon/OU=Codebuild/CN=codebuild.amazon.com" \ + && cat key.pem cert.pem >> /usr/local/etc/stunnel/stunnel.pem \ + && cd .. && rm -rf stunnel-${STUNNEL_VERSION}* \ + && stunnel -version # AWS Tools -# https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html -RUN curl -sS -o /usr/local/bin/aws-iam-authenticator https://s3.us-west-2.amazonaws.com/amazon-eks/1.25.6/2023-01-30/bin/linux/amd64/aws-iam-authenticator \ - && curl -sS -o /usr/local/bin/kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.25.6/2023-01-30/bin/linux/amd64/kubectl \ - && curl -sS -o /usr/local/bin/ecs-cli https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-linux-amd64-latest \ - && curl -sS -L https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_Linux_amd64.tar.gz | tar xz -C /usr/local/bin \ - && chmod +x /usr/local/bin/kubectl /usr/local/bin/aws-iam-authenticator /usr/local/bin/ecs-cli /usr/local/bin/eksctl +# aws-iam-authenticator: https://github.com/kubernetes-sigs/aws-iam-authenticator/releases +# kubectl: https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html +# eksctl: https://eksctl.io/installation/ +# ecs-cli: https://github.com/aws/amazon-ecs-cli?tab=readme-ov-file#installing +RUN set -ex \ + && KUBERNETES_VERSION=1.32.0 \ + && AMAZON_EKS_S3_PATH=2024-12-20 \ + && curl -sS -o /usr/local/bin/aws-iam-authenticator https://s3.us-west-2.amazonaws.com/amazon-eks/$KUBERNETES_VERSION/$AMAZON_EKS_S3_PATH/bin/linux/amd64/aws-iam-authenticator \ + && chmod +x /usr/local/bin/aws-iam-authenticator \ + && aws-iam-authenticator version \ + && curl -sS -o /usr/local/bin/kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/$KUBERNETES_VERSION/$AMAZON_EKS_S3_PATH/bin/linux/amd64/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && kubectl version --client \ + && curl -sS -L https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_Linux_amd64.tar.gz | tar xz -C /usr/local/bin \ + && chmod +x /usr/local/bin/eksctl \ + && eksctl version \ + && curl -sS -o /usr/local/bin/ecs-cli https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-amd64-latest \ + && chmod +x /usr/local/bin/ecs-cli \ + && ecs-cli --version + +# Install amazon-ecr-credential-helper +# To configure: https://github.com/awslabs/amazon-ecr-credential-helper?tab=readme-ov-file#configuration +# ecr-login is not configured because it conflicts with docker login commands https://github.com/awslabs/amazon-ecr-credential-helper/issues/102 +RUN set -ex \ + && apt-get update \ + && apt-get install -y -qq amazon-ecr-credential-helper \ + && docker-credential-ecr-login -v # Configure SSM RUN set -ex \ @@ -105,31 +146,22 @@ RUN set -ex \ && wget -q https://s3.amazonaws.com/amazon-ssm-us-east-1/latest/debian_amd64/amazon-ssm-agent.deb \ && dpkg -i amazon-ssm-agent.deb -# Install AWS CLI v2 -# https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html -RUN curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o /tmp/awscliv2.zip \ - && unzip -q /tmp/awscliv2.zip -d /opt \ - && /opt/aws/install --update -i /usr/local/aws-cli -b /usr/local/bin \ - && rm /tmp/awscliv2.zip \ - && rm -rf /opt/aws \ - && aws --version - -#**************** Pack CLI ************************************************* -RUN (curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.32.1/pack-v0.32.1-linux.tgz" \ - | tar -C /usr/local/bin/ --no-same-owner -xzv pack) - -#**************** END Pack CLI ********************************************* +# Install Pack +RUN set -ex \ + && PACK_VERSION=0.36.0 \ + && (curl -sSL "https://github.com/buildpacks/pack/releases/download/v${PACK_VERSION}/pack-v${PACK_VERSION}-linux.tgz" | tar -C /usr/local/bin/ --no-same-owner -xzv pack) \ + && pack --version #**************** DOCKER ********************************************* ARG DOCKER_BUCKET="download.docker.com" ARG DOCKER_CHANNEL="stable" ARG DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" -ARG DOCKER_COMPOSE_VERSION="2.23.1" -ARG DOCKER_BUILDX_VERSION="0.11.0" +ARG DOCKER_COMPOSE_VERSION="2.29.7" +ARG DOCKER_BUILDX_VERSION="0.17.1" ARG SRC_DIR="/usr/src" -ARG DOCKER_SHA256="544262F4A3621222AFB79960BFAD4D486935DAB80893478B5CC9CF8EBAF409AE" -ARG DOCKER_VERSION="23.0.6" +ARG DOCKER_SHA256="9b4f6fe406e50f9085ee474c451e2bb5adb119a03591f467922d3b4e2ddf31d3" +ARG DOCKER_VERSION="27.3.1" # Install Docker RUN set -ex \ @@ -138,10 +170,7 @@ RUN set -ex \ && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ && rm docker.tgz \ && docker -v \ - # replace runc package to resolve CVE-2024-21626 - && apt-get update && apt-get -y install runc \ - && rm -f /usr/local/bin/runc \ - && ln -s /usr/sbin/runc /usr/local/bin/runc \ + # Check runc version && runc -v \ # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box && addgroup dockremap \ @@ -168,21 +197,78 @@ RUN set -ex \ VOLUME /var/lib/docker #*********************** END DOCKER **************************** +# Install gh +# Instruction: https://github.com/cli/cli/blob/trunk/docs/install_linux.md#debian-ubuntu-linux-raspberry-pi-os-apt +RUN mkdir -p -m 755 /etc/apt/keyrings \ + && wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \ + && chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \ + && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ + && apt update \ + && apt install gh -y + +# Install Chrome +RUN set -ex \ + && curl -L https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb --output /tmp/google-chrome-stable_current_amd64.deb \ + && dpkg -i /tmp/google-chrome-stable_current_amd64.deb || apt-get install -f -y \ + && rm -rf /tmp/* \ + && google-chrome --version + +# Install ChromeDriver +# https://googlechromelabs.github.io/chrome-for-testing/ +# https://github.com/GoogleChromeLabs/chrome-for-testing#json-api-endpoints +RUN set -ex \ + && CHROME_DRIVER_DOWNLOAD_URL=$(curl -sL https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions-with-downloads.json | jq -r '.channels.Stable.downloads.chromedriver[] | select(.platform == "linux64") | .url') \ + && curl -L $CHROME_DRIVER_DOWNLOAD_URL --output /tmp/chromedriver-linux64.zip \ + && unzip -q /tmp/chromedriver-linux64.zip -d /opt/chromedriver \ + && ln -s /opt/chromedriver/chromedriver-linux64/chromedriver /usr/local/bin/chromedriver \ + && rm -rf /tmp/* \ + && chromedriver --version + +# Install Chromium +# See instruction: https://www.chromium.org/getting-involved/download-chromium/ +RUN set -ex \ + && CHROMIUM_VERSION=$(curl -sL https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/Linux_x64%2FLAST_CHANGE?alt=media) \ + && CHROMIUM_DOWNLOAD_URL=https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/Linux_x64%2F$CHROMIUM_VERSION%2Fchrome-linux.zip?alt=media \ + && curl -L $CHROMIUM_DOWNLOAD_URL --output /tmp/chromium-linux.zip \ + && unzip -q /tmp/chromium-linux.zip -d /opt/chromium \ + && ln -s /opt/chromium/chrome-linux/chrome /usr/local/bin/chromium \ + && ln -s /opt/chromium/chrome-linux/chrome /usr/local/bin/chromium-browser \ + && rm -rf /tmp/* \ + && chromium --version \ + && chromium-browser --version + +# Install Mozilla Firefox +RUN set -ex \ + && add-apt-repository ppa:mozillateam/ppa \ + && printf "Package: *\nPin: release o=LP-PPA-mozillateam\nPin-Priority: 1001\n" > /etc/apt/preferences.d/mozilla \ + && apt install -y -qq --no-install-recommends firefox \ + && firefox --version + +# Install Geckodriver +RUN set -ex \ + && apt install -y -qq firefox-geckodriver \ + && geckodriver --version + +# Install Selenium server +RUN set -ex \ + && SELENIUM_DOWNLOAD_URL=$(curl -sL https://api.github.com/repos/SeleniumHQ/selenium/releases/latest | jq -r ' .assets[] | select(.browser_download_url | contains("selenium-server") and endswith(".jar")) | .browser_download_url') \ + && wget -q -P /usr/share/java $SELENIUM_DOWNLOAD_URL + #=======================End of stage: tools ================= FROM tools AS runtimes #**************** .NET-CORE ******************************************************* # Dotnet -ENV PATH "/root/.dotnet/:/root/.dotnet/tools/:$PATH" +ENV PATH="/root/.dotnet/:/root/.dotnet/tools/:$PATH" RUN set -ex \ -&& wget -qO /usr/local/bin/dotnet-install.sh https://dot.net/v1/dotnet-install.sh \ -&& chmod +x /usr/local/bin/dotnet-install.sh + && wget -qO /usr/local/bin/dotnet-install.sh https://dot.net/v1/dotnet-install.sh \ + && chmod +x /usr/local/bin/dotnet-install.sh -ENV DOTNET_6_SDK_VERSION="6.0.420" -ENV DOTNET_8_SDK_VERSION="8.0.203" -ENV DOTNET_6_GLOBAL_JSON_SDK_VERSION="6.0.0" -ENV DOTNET_8_GLOBAL_JSON_SDK_VERSION="8.0.0" +ENV DOTNET_8_SDK_VERSION="8.0.404" \ + DOTNET_6_SDK_VERSION="6.0.428" \ + DOTNET_8_GLOBAL_JSON_SDK_VERSION="8.0.0" \ + DOTNET_6_GLOBAL_JSON_SDK_VERSION="6.0.0" ENV DOTNET_ROOT="/root/.dotnet" # Add .NET Core 8 Global Tools install folder to PATH @@ -207,10 +293,10 @@ RUN set -ex \ && rm -rf /tmp/NuGetScratch # Install Powershell Core -# See instructions at https://docs.microsoft.com/en-us/powershell/scripting/setup/installing-powershell-core-on-linux -ARG POWERSHELL_VERSION=7.3.11 +# See instructions at https://learn.microsoft.com/en-us/powershell/scripting/install/install-other-linux?view=powershell-7.4#installation-using-a-binary-archive-file +ARG POWERSHELL_VERSION=7.4.6 ARG POWERSHELL_DOWNLOAD_URL=https://github.com/PowerShell/PowerShell/releases/download/v$POWERSHELL_VERSION/powershell-$POWERSHELL_VERSION-linux-x64.tar.gz -ARG POWERSHELL_DOWNLOAD_SHA=674CABD4AC9EAD59C1BBBDCE3FBE07134215128AF1C429A41FE74DDE96928BD4 +ARG POWERSHELL_DOWNLOAD_SHA=6f6015203c47806c5cc444c19d8ed019695e610fbd948154264bf9ca8e157561 RUN set -ex \ && curl -SL $POWERSHELL_DOWNLOAD_URL --output powershell.tar.gz \ @@ -218,7 +304,9 @@ RUN set -ex \ && mkdir -p /opt/microsoft/powershell/$POWERSHELL_VERSION \ && tar zxf powershell.tar.gz -C /opt/microsoft/powershell/$POWERSHELL_VERSION \ && rm powershell.tar.gz \ - && ln -s /opt/microsoft/powershell/$POWERSHELL_VERSION/pwsh /usr/bin/pwsh + && chmod +x /opt/microsoft/powershell/$POWERSHELL_VERSION/pwsh \ + && ln -s /opt/microsoft/powershell/$POWERSHELL_VERSION/pwsh /usr/bin/pwsh \ + && pwsh --version #**************** END .NET-CORE ******************************************************* @@ -227,22 +315,33 @@ RUN set -ex \ #nodejs ARG SRC_DIR="/usr/src" ARG N_SRC_DIR="$SRC_DIR/n" -RUN git clone https://github.com/tj/n $N_SRC_DIR \ - && cd $N_SRC_DIR && make install -ENV NODE_18_VERSION="18.19.1" -ENV NODE_20_VERSION="20.11.1" - -RUN n $NODE_18_VERSION && npm install --save-dev -g -f grunt \ - && npm install --save-dev -g -f grunt-cli \ - && npm install --save-dev -g -f webpack \ - && npm install --save-dev -g -f yarn \ - && n $NODE_20_VERSION && npm install --save-dev -g -f grunt \ - && npm install --save-dev -g -f grunt-cli \ - && npm install --save-dev -g -f webpack \ - && npm install --save-dev -g -f yarn \ - && cd / && rm -rf $N_SRC_DIR && rm -rf /tmp/* +ENV NODE_18_VERSION="18.20.6" \ + NODE_20_VERSION="20.18.2" \ + NODE_22_VERSION="22.13.1" +RUN git clone https://github.com/tj/n $N_SRC_DIR \ + && cd $N_SRC_DIR && make install + +RUN n $NODE_18_VERSION && npm install --save-dev -g -f grunt \ + && npm install --save-dev -g -f grunt-cli \ + && npm install --save-dev -g -f webpack \ + && npm install --save-dev -g -f yarn \ + && n $NODE_20_VERSION && npm install --save-dev -g -f grunt \ + && npm install --save-dev -g -f grunt-cli \ + && npm install --save-dev -g -f webpack \ + && npm install --save-dev -g -f yarn \ + && n $NODE_22_VERSION && npm install --save-dev -g -f grunt \ + && npm install --save-dev -g -f grunt-cli \ + && npm install --save-dev -g -f webpack \ + && npm install --save-dev -g -f yarn \ + && cd / && rm -rf $N_SRC_DIR && rm -rf /tmp/* + +RUN npm install -g npm@10.9.2 + +# Preserve latest npm version +ENV N_PRESERVE_NPM=1 \ + N_PRESERVE_COREPACK=1 #**************** END NODEJS **************************************************** #**************** RUBY ********************************************************* @@ -259,16 +358,17 @@ RUN set -ex \ && git clone https://github.com/rbenv/ruby-build.git $RUBY_BUILD_SRC_DIR \ && sh $RUBY_BUILD_SRC_DIR/install.sh -ENV RUBY_33_VERSION="3.3.0" -ENV RUBY_32_VERSION="3.2.3" -ENV RUBY_31_VERSION="3.1.4" +ENV RUBY_34_VERSION="3.4.1" \ + RUBY_33_VERSION="3.3.6" \ + RUBY_32_VERSION="3.2.6" \ + RUBY_31_VERSION="3.1.6" -RUN rbenv install $RUBY_33_VERSION \ +RUN rbenv install $RUBY_34_VERSION \ + && rbenv install $RUBY_33_VERSION \ && rbenv install $RUBY_32_VERSION \ && rbenv install $RUBY_31_VERSION \ && rbenv global $RUBY_32_VERSION && ruby -v \ && rm -rf /tmp/* - #**************** END RUBY ***************************************************** #**************** PYTHON ***************************************************** @@ -277,21 +377,33 @@ RUN rbenv install $RUBY_33_VERSION \ RUN curl -s -S -L https://raw.githubusercontent.com/pyenv/pyenv-installer/master/bin/pyenv-installer | bash ENV PATH="/root/.pyenv/shims:/root/.pyenv/bin:$PATH" -ENV PYTHON_311_VERSION="3.11.8" \ - PYTHON_312_VERSION="3.12.2" \ - PYTHON_310_VERSION="3.10.13" \ - PYTHON_39_VERSION="3.9.18" \ - PYTHON_PIP_VERSION="24.0" \ - PYYAML_VERSION="5.4.1" \ +ENV PYTHON_313_VERSION="3.13.1" \ + PYTHON_312_VERSION="3.12.8" \ + PYTHON_311_VERSION="3.11.11" \ + PYTHON_310_VERSION="3.10.16" \ + PYTHON_39_VERSION="3.9.21" \ + PYTHON_PIP_VERSION="24.3.1" \ + PYYAML_VERSION="6.0.2" \ + PYTHON_SETUPTOOLS_VERSION="75.6.0" \ PYTHON_CONFIGURE_OPTS="--enable-shared --enable-loadable-sqlite-extensions" +# Python313 +RUN set -ex \ + && pyenv install $PYTHON_313_VERSION \ + && pyenv global $PYTHON_313_VERSION \ + && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ + && pip3 install wheel \ + && pip3 install --no-cache-dir --upgrade "setuptools==$PYTHON_SETUPTOOLS_VERSION" boto3 pipenv virtualenv \ + && pip3 install --no-build-isolation "Cython<3" "PyYAML==$PYYAML_VERSION" \ + && pip3 uninstall cython --yes + #Python312 RUN set -ex \ && pyenv install $PYTHON_312_VERSION \ && pyenv global $PYTHON_312_VERSION \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ && pip3 install wheel \ - && pip3 install --no-cache-dir --upgrade 'setuptools==67.7.2' boto3 pipenv virtualenv \ + && pip3 install --no-cache-dir --upgrade "setuptools==$PYTHON_SETUPTOOLS_VERSION" boto3 pipenv virtualenv \ && pip3 install --no-build-isolation "Cython<3" "PyYAML==$PYYAML_VERSION" \ && pip3 uninstall cython --yes @@ -301,7 +413,7 @@ RUN set -ex \ && pyenv global $PYTHON_311_VERSION \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ && pip3 install wheel \ - && pip3 install --no-cache-dir --upgrade 'setuptools==67.7.2' boto3 pipenv virtualenv \ + && pip3 install --no-cache-dir --upgrade "setuptools==$PYTHON_SETUPTOOLS_VERSION" boto3 pipenv virtualenv \ && pip3 install --no-build-isolation "Cython<3" "PyYAML==$PYYAML_VERSION" \ && pip3 uninstall cython --yes @@ -311,7 +423,7 @@ RUN set -ex \ && pyenv global $PYTHON_310_VERSION \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ && pip3 install wheel \ - && pip3 install --no-cache-dir --upgrade 'setuptools==67.7.2' boto3 pipenv virtualenv \ + && pip3 install --no-cache-dir --upgrade "setuptools==$PYTHON_SETUPTOOLS_VERSION" boto3 pipenv virtualenv \ && pip3 install --no-build-isolation "Cython<3" "PyYAML==$PYYAML_VERSION" \ && pip3 uninstall cython --yes @@ -321,11 +433,10 @@ RUN set -ex \ && pyenv global $PYTHON_39_VERSION \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ && pip3 install wheel \ - && pip3 install --no-cache-dir --upgrade 'setuptools==67.7.2' boto3 pipenv virtualenv \ + && pip3 install --no-cache-dir --upgrade "setuptools==$PYTHON_SETUPTOOLS_VERSION" boto3 pipenv virtualenv \ && pip3 install --no-build-isolation "Cython<3" "PyYAML==$PYYAML_VERSION" \ && pip3 uninstall cython --yes \ && rm -rf /tmp/* - #**************** END PYTHON ***************************************************** #**************** PHP **************************************************** @@ -334,8 +445,8 @@ RUN set -ex \ RUN curl -L https://raw.githubusercontent.com/phpenv/phpenv-installer/master/bin/phpenv-installer | bash ENV PATH="/root/.phpenv/shims:/root/.phpenv/bin:$PATH" -ENV PHP_83_VERSION="8.3.4" -ENV PHP_82_VERSION="8.2.17" +ENV PHP_83_VERSION="8.3.13" \ + PHP_82_VERSION="8.2.25" # Set environment variables for PHP configure options ENV PHP_BUILD_CONFIGURE_OPTS="--with-curl --with-password-argon2 --with-pdo-pgsql --with-libedit" # Set make arguments to use 4 parallel jobs. @@ -353,51 +464,51 @@ RUN phpenv update \ #**************** END PHP **************************************************** #**************** GOLANG **************************************************** + #goenv RUN git clone https://github.com/syndbg/goenv.git $HOME/.goenv ENV PATH="/root/.goenv/shims:/root/.goenv/bin:/go/bin:$PATH" -ENV GOENV_DISABLE_GOPATH=1 -ENV GOPATH="/go" -ENV GOLANG_22_VERSION="1.22.1" -ENV GOLANG_21_VERSION="1.21.8" -ENV GOLANG_20_VERSION="1.20.13" -ENV GOENV_DISABLE_GOPATH=1 -ENV GOPATH="/go" +ENV GOLANG_23_VERSION="1.23.4" \ + GOLANG_22_VERSION="1.22.10" \ + GOLANG_21_VERSION="1.21.13" \ + GOLANG_20_VERSION="1.20.14" +ENV GOENV_DISABLE_GOPATH=1 \ + GOPATH="/go" -RUN goenv install $GOLANG_22_VERSION \ +RUN goenv install $GOLANG_23_VERSION \ + && goenv install $GOLANG_22_VERSION \ && goenv install $GOLANG_21_VERSION \ && goenv install $GOLANG_20_VERSION \ && goenv global $GOLANG_20_VERSION \ && go env -w GO111MODULE=auto \ && go get -u github.com/golang/dep/cmd/dep \ && rm -rf /tmp/* - #**************** END GOLANG ******************************* #**************** JAVA **************************************************** -ENV JAVA_17_HOME="/usr/lib/jvm/java-17-amazon-corretto" \ - JDK_17_HOME="/usr/lib/jvm/java-17-amazon-corretto" \ - JRE_17_HOME="/usr/lib/jvm/java-17-amazon-corretto" \ - JAVA_21_HOME="/usr/lib/jvm/java-21-amazon-corretto" \ +ENV JAVA_21_HOME="/usr/lib/jvm/java-21-amazon-corretto" \ JDK_21_HOME="/usr/lib/jvm/java-21-amazon-corretto" \ JRE_21_HOME="/usr/lib/jvm/java-21-amazon-corretto" \ + JAVA_17_HOME="/usr/lib/jvm/java-17-amazon-corretto" \ + JDK_17_HOME="/usr/lib/jvm/java-17-amazon-corretto" \ + JRE_17_HOME="/usr/lib/jvm/java-17-amazon-corretto" \ JAVA_11_HOME="/usr/lib/jvm/java-11-amazon-corretto" \ JDK_11_HOME="/usr/lib/jvm/java-11-amazon-corretto" \ JRE_11_HOME="/usr/lib/jvm/java-11-amazon-corretto" \ JAVA_8_HOME="/usr/lib/jvm/java-1.8.0-amazon-corretto" \ JDK_8_HOME="/usr/lib/jvm/java-1.8.0-amazon-corretto" \ JRE_8_HOME="/usr/lib/jvm/java-1.8.0-amazon-corretto" -ARG ANT_VERSION=1.10.14 +ARG ANT_VERSION=1.10.15 ARG MAVEN_HOME="/opt/maven" -ARG MAVEN_VERSION=3.9.5 -ARG GRADLE_VERSION=8.3 -ARG SBT_VERSION=1.9.6 +ARG MAVEN_VERSION=3.9.9 +ARG GRADLE_VERSION=8.11.1 +ARG SBT_VERSION=1.10.6 ARG GRADLE_PATH="$SRC_DIR/gradle" -ARG ANT_DOWNLOAD_SHA512="4e74b382dd8271f9eac9fef69ba94751fb8a8356dbd995c4d642f2dad33de77bd37d4001d6c8f4f0ef6789529754968f0c1b6376668033c8904c6ec84543332a" -ARG MAVEN_DOWNLOAD_SHA512="4810523ba025104106567d8a15a8aa19db35068c8c8be19e30b219a1d7e83bcab96124bf86dc424b1cd3c5edba25d69ec0b31751c136f88975d15406cab3842b" -ARG GRADLE_DOWNLOADS_SHA256="bb09982fdf52718e4c7b25023d10df6d35a5fff969860bdf5a5bd27a3ab27a9e 8.3" -ARG SBT_DOWNLOAD_SHA256="923d7917ccb99a9fd985f4abfd81caacaed42284e67d3f7696cc5239e7c595cb" +ARG ANT_DOWNLOAD_SHA512="d78427aff207592c024ff1552dc04f7b57065a195c42d398fcffe7a0145e8d00cd46786f5aa52e77ab0fdf81334f065eb8011eecd2b48f7228e97ff4cb20d16c" +ARG MAVEN_DOWNLOAD_SHA512="a555254d6b53d267965a3404ecb14e53c3827c09c3b94b5678835887ab404556bfaf78dcfe03ba76fa2508649dca8531c74bca4d5846513522404d48e8c4ac8b" +ARG GRADLE_DOWNLOADS_SHA256="89d4e70e4e84e2d2dfbb63e4daa53e21b25017cc70c37e4eea31ee51fb15098a 8.11.1" +ARG SBT_DOWNLOAD_SHA256="7e1b098effec80614e838aa61b753a8b46237b24b706ec9b37609030800c111a" ARG MAVEN_CONFIG_HOME="/root/.m2" @@ -409,13 +520,12 @@ ENV PATH="${PATH}:/opt/tools" RUN set -ex \ && apt-get update \ - && apt-get install -y -qq software-properties-common apt-utils sudo \ - # Install Corretto 17 + && apt-get install -y -qq software-properties-common apt-utils \ && wget -O - https://apt.corretto.aws/corretto.key | sudo gpg --dearmor -o /usr/share/keyrings/corretto-keyring.gpg \ && echo "deb [signed-by=/usr/share/keyrings/corretto-keyring.gpg] https://apt.corretto.aws stable main" | sudo tee /etc/apt/sources.list.d/corretto.list \ && apt-get update \ - && apt-get install -y -qq java-17-amazon-corretto-jdk \ && apt-get install -y -qq java-21-amazon-corretto-jdk \ + && apt-get install -y -qq java-17-amazon-corretto-jdk \ && apt-get install -y -qq java-11-amazon-corretto-jdk \ && apt-get install -y -qq java-1.8.0-amazon-corretto-jdk \ && apt-get install -y -qq --no-install-recommends ca-certificates-java \ @@ -451,12 +561,12 @@ RUN set -ex \ && unzip -q "$GRADLE_PATH/gradle-$GRADLE_VERSION-all.zip" -d /usr/local \ && echo "$GRADLE_DOWNLOADS_SHA256" | grep "$GRADLE_VERSION" | sed "s|$GRADLE_VERSION|$GRADLE_PATH/gradle-$GRADLE_VERSION-all.zip|" | sha256sum -c - \ && rm "$GRADLE_PATH/gradle-$GRADLE_VERSION-all.zip" \ - && mkdir "/tmp/gradle-$GRADLE_VERSION" \ - && "/usr/local/gradle-$GRADLE_VERSION/bin/gradle" -p "/tmp/gradle-$GRADLE_VERSION" init \ + && mkdir -p "/tmp/gradle-$GRADLE_VERSION" \ + && "/usr/local/gradle-$GRADLE_VERSION/bin/gradle" -p "/tmp/gradle-$GRADLE_VERSION" init --overwrite \ && "/usr/local/gradle-$GRADLE_VERSION/bin/gradle" -p "/tmp/gradle-$GRADLE_VERSION" wrapper \ # Android Studio uses the "-all" distribution for it's wrapper script. && perl -pi -e "s/gradle-$GRADLE_VERSION-bin.zip/gradle-$GRADLE_VERSION-all.zip/" "/tmp/gradle-$GRADLE_VERSION/gradle/wrapper/gradle-wrapper.properties" \ - && "/tmp/gradle-$GRADLE_VERSION/gradlew" -p "/tmp/gradle-$GRADLE_VERSION" init \ + && "/tmp/gradle-$GRADLE_VERSION/gradlew" -p "/tmp/gradle-$GRADLE_VERSION" init --overwrite \ && rm -rf "/tmp/gradle-$GRADLE_VERSION" \ # Install default GRADLE_VERSION to path && ln -s /usr/local/gradle-$GRADLE_VERSION/bin/gradle /usr/bin/gradle \ @@ -467,11 +577,10 @@ RUN set -ex \ && tar xzf sbt.tgz -C /usr/local/bin/ \ && rm sbt.tgz -ENV PATH "/usr/local/bin/sbt/bin:$PATH" +ENV PATH="/usr/local/bin/sbt/bin:$PATH" RUN sbt version -Dsbt.rootdir=true -# Cleanup -RUN rm -fr /var/lib/apt/lists/* /tmp/* /var/tmp/* \ - && apt-get clean +# Cleanup -- if we do not run apt-get update after apt-get clean, it will remove available corretto versions to install +RUN rm -fr /var/lib/apt/lists/* /tmp/* /var/tmp/* && apt-get clean && apt-get update #**************** END JAVA **************************************************** #=======================End of stage: runtimes ================= @@ -479,7 +588,7 @@ RUN rm -fr /var/lib/apt/lists/* /tmp/* /var/tmp/* \ FROM runtimes AS std_v7 # Activate runtime versions specific to image version. -RUN n $NODE_18_VERSION +RUN n --preserve $NODE_18_VERSION RUN pyenv global $PYTHON_311_VERSION RUN phpenv global $PHP_82_VERSION RUN rbenv global $RUBY_32_VERSION @@ -490,11 +599,10 @@ RUN dotnet new globaljson --force --sdk-version $DOTNET_6_GLOBAL_JSON_SDK_VERSIO COPY ssh_config /root/.ssh/config COPY runtimes.yml /codebuild/image/config/runtimes.yml COPY dockerd-entrypoint.sh /usr/local/bin/dockerd-entrypoint.sh +RUN chmod +x /usr/local/bin/dockerd-entrypoint.sh COPY legal/bill_of_material.txt /usr/share/doc/bill_of_material.txt COPY amazon-ssm-agent.json /etc/amazon/ssm/amazon-ssm-agent.json - - ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh"] -#=======================END of STD:7.0 ================= +#=======================END of STD:8.0 ================= \ No newline at end of file From bb9cc28dbd899961657d8803b617b21c6cedf669 Mon Sep 17 00:00:00 2001 From: deviant-syndrome Date: Wed, 7 May 2025 15:02:35 +0300 Subject: [PATCH 3/3] Added ARM64 support for Ubuntu standard 8.0 --- README.md | 11 ++++ ubuntu/standard/8.0/Dockerfile | 106 ++++++++++++++++++++------------- 2 files changed, 77 insertions(+), 40 deletions(-) diff --git a/README.md b/README.md index a245876e..047501ff 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,17 @@ $ docker build -t aws/codebuild/standard:8.0 . $ docker run -it --entrypoint sh aws/codebuild/standard:8.0 -c bash ``` +### Notice about ARM64/AArch64 Builds + +* Some package providers (Google) do not ship ARM64 builds for Linux. If Dockerfile is built for ARM64, those packages are skipped +* SHA1 checksums for ARM64 artifacts are obviously different from the ones specified in the Dockerfile. The current version of Ubuntu standard 8.0 can +be built with the following command: +```bash +docker build . \ + --build-arg DOCKER_SHA256=4da6a6c7502b7ab561675a5ff5ac192d9b49d76d0b8847cf17ade246122279f4 \ + --build-arg POWERSHELL_DOWNLOAD_SHA=C0159B03E85F44AE1E7697818A011558DA6C813D0AAE848BF5AC13BF435D8624 +``` + ### Image maintenance Some of the images in this repository are no longer actively maintained by AWS CodeBuild and may no longer build successfully. These images will not receive any further updates. They remain in this repository as a reference for the contents of these images that were previously released by CodeBuild. diff --git a/ubuntu/standard/8.0/Dockerfile b/ubuntu/standard/8.0/Dockerfile index 85a75bc6..41e31303 100644 --- a/ubuntu/standard/8.0/Dockerfile +++ b/ubuntu/standard/8.0/Dockerfile @@ -11,6 +11,7 @@ FROM public.ecr.aws/ubuntu/ubuntu:24.04 AS core ARG DEBIAN_FRONTEND="noninteractive" +ARG BUILDARCH # Install SSH, and other utilities RUN set -ex \ @@ -19,7 +20,6 @@ RUN set -ex \ && apt install -y -qq apt-transport-https gnupg ca-certificates sudo \ && apt-get install software-properties-common -y -qq --no-install-recommends \ && apt-get install -y -qq --no-install-recommends openssh-client \ - && mkdir ~/.ssh \ && mkdir -p /codebuild/image/config \ && touch ~/.ssh/known_hosts \ && ssh-keyscan -t rsa,dsa,ed25519,ecdsa -H github.com >> ~/.ssh/known_hosts \ @@ -32,11 +32,11 @@ RUN set -ex \ e2fsprogs expect fakeroot file findutils flex fonts-noto-color-emoji ftp \ g++ gcc git-lfs gettext gettext-base gnupg2 groff gzip \ haveged imagemagick iproute2 iptables jq less \ - lib32z1 libapr1 libaprutil1 libargon2-0-dev libbz2-dev \ + libapr1 libaprutil1 libargon2-dev libbz2-dev \ libc++-dev libc++abi-dev libc6-dev libcurl4-openssl-dev \ libdb-dev libdbd-sqlite3-perl libdbi-perl libdpkg-perl \ libedit-dev liberror-perl libevent-dev libffi-dev \ - libgeoip-dev libgbm-dev libgconf-2-4 libglib2.0-dev libgsl-dev libgtk-3-0 \ + libgeoip-dev libgbm-dev libglib2.0-dev libgsl-dev libgtk-3-0 \ libhttp-date-perl libio-pty-perl libjpeg-dev libkrb5-dev liblzma-dev \ libmagic-dev libmagickcore-dev libmagickwand-dev libmysqlclient-dev \ libncurses5-dev libncursesw5-dev libonig-dev libpq-dev libreadline-dev \ @@ -44,7 +44,7 @@ RUN set -ex \ libsvn1 libsvn-perl libtcl8.6 libtidy-dev libtimedate-perl libtool libunwind8 \ libwebp-dev libxkbfile-dev libxml2-dev libxml2-utils libxslt1-dev libxss1 \ libyaml-dev libyaml-perl libzip-dev llvm locales lz4 \ - m4 make mediainfo mercurial mlocate net-tools netbase netcat \ + m4 make mediainfo mercurial plocate net-tools netbase netcat-traditional \ openssl patch p7zip-full p7zip-rar parallel pass patchelf pigz pkg-config pollinate procps \ python-is-python3 python3-configobj python3-openssl rpm rsync \ sgml-base sgml-data shellcheck sphinxsearch sqlite3 ssh sshpass subversion sudo swig systemd-coredump \ @@ -80,7 +80,7 @@ RUN set -ex \ && git --version # Install AWS SAM CLI -RUN wget -nv https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip -O /tmp/samcli.zip \ +RUN wget -nv https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-$BUILDARCH.zip -O /tmp/samcli.zip \ && unzip -q /tmp/samcli.zip -d /opt/samcli \ && /opt/samcli/install --update -i /usr/local/sam-cli -b /usr/local/bin \ && rm -rf /opt/samcli /tmp/* \ @@ -88,7 +88,9 @@ RUN wget -nv https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam # Install AWS CLI v2 # https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html -RUN curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o /tmp/awscliv2.zip \ +RUN [ "$BUILDARCH" = "arm64" ] \ + && curl https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip -o /tmp/awscliv2.zip \ + || curl https://awscli.amazonaws.com/awscli-exe-linux-$BUILDARCH.zip -o /tmp/awscliv2.zip \ && unzip -q /tmp/awscliv2.zip -d /opt/awscli \ && /opt/awscli/aws/install --update -i /usr/local/aws-cli -b /usr/local/bin \ && rm -rf /opt/awscli /tmp/* \ @@ -118,16 +120,16 @@ RUN set -ex \ RUN set -ex \ && KUBERNETES_VERSION=1.32.0 \ && AMAZON_EKS_S3_PATH=2024-12-20 \ - && curl -sS -o /usr/local/bin/aws-iam-authenticator https://s3.us-west-2.amazonaws.com/amazon-eks/$KUBERNETES_VERSION/$AMAZON_EKS_S3_PATH/bin/linux/amd64/aws-iam-authenticator \ + && curl -sS -o /usr/local/bin/aws-iam-authenticator https://s3.us-west-2.amazonaws.com/amazon-eks/$KUBERNETES_VERSION/$AMAZON_EKS_S3_PATH/bin/linux/$BUILDARCH/aws-iam-authenticator \ && chmod +x /usr/local/bin/aws-iam-authenticator \ && aws-iam-authenticator version \ - && curl -sS -o /usr/local/bin/kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/$KUBERNETES_VERSION/$AMAZON_EKS_S3_PATH/bin/linux/amd64/kubectl \ + && curl -sS -o /usr/local/bin/kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/$KUBERNETES_VERSION/$AMAZON_EKS_S3_PATH/bin/linux/$BUILDARCH/kubectl \ && chmod +x /usr/local/bin/kubectl \ && kubectl version --client \ - && curl -sS -L https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_Linux_amd64.tar.gz | tar xz -C /usr/local/bin \ + && curl -sS -L https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_Linux_$BUILDARCH.tar.gz | tar xz -C /usr/local/bin \ && chmod +x /usr/local/bin/eksctl \ && eksctl version \ - && curl -sS -o /usr/local/bin/ecs-cli https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-amd64-latest \ + && curl -sS -o /usr/local/bin/ecs-cli https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-$BUILDARCH-latest \ && chmod +x /usr/local/bin/ecs-cli \ && ecs-cli --version @@ -143,7 +145,7 @@ RUN set -ex \ RUN set -ex \ && mkdir /tmp/ssm \ && cd /tmp/ssm \ - && wget -q https://s3.amazonaws.com/amazon-ssm-us-east-1/latest/debian_amd64/amazon-ssm-agent.deb \ + && wget -q https://s3.amazonaws.com/amazon-ssm-us-east-1/latest/debian_$BUILDARCH/amazon-ssm-agent.deb \ && dpkg -i amazon-ssm-agent.deb # Install Pack @@ -160,12 +162,17 @@ ARG DOCKER_COMPOSE_VERSION="2.29.7" ARG DOCKER_BUILDX_VERSION="0.17.1" ARG SRC_DIR="/usr/src" +# use 4da6a6c7502b7ab561675a5ff5ac192d9b49d76d0b8847cf17ade246122279f4 for aarch64 ARG DOCKER_SHA256="9b4f6fe406e50f9085ee474c451e2bb5adb119a03591f467922d3b4e2ddf31d3" ARG DOCKER_VERSION="27.3.1" # Install Docker RUN set -ex \ - && curl -fSL "https://${DOCKER_BUCKET}/linux/static/${DOCKER_CHANNEL}/x86_64/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \ + && if [ "$BUILDARCH" = "arm64" ]; then \ + curl -fSL "https://${DOCKER_BUCKET}/linux/static/${DOCKER_CHANNEL}/aarch64/docker-${DOCKER_VERSION}.tgz" -o docker.tgz ; \ + else \ + curl -fSL "https://${DOCKER_BUCKET}/linux/static/${DOCKER_CHANNEL}/${BUILDARCH}/docker-${DOCKER_VERSION}.tgz" -o docker.tgz ; \ + fi \ && echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \ && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ && rm docker.tgz \ @@ -180,14 +187,18 @@ RUN set -ex \ && wget -q "https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind" -O /usr/local/bin/dind \ # Install docker compose as docker plugin and maintain docker-compose usage && mkdir -p /usr/local/lib/docker/cli-plugins \ - && curl -L https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose \ + && if [ "$BUILDARCH" = "arm64" ]; then \ + curl -L https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-aarch64 -o /usr/local/lib/docker/cli-plugins/docker-compose ; \ + else \ + curl -L https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-$BUILDARCH -o /usr/local/lib/docker/cli-plugins/docker-compose ; \ + fi \ && chmod +x /usr/local/bin/dind /usr/local/lib/docker/cli-plugins/docker-compose \ && ln -s /usr/local/lib/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose \ # Ensure docker-compose and docker compose work && docker-compose version \ && docker compose version \ # Add docker buildx tool - && curl -L https://github.com/docker/buildx/releases/download/v${DOCKER_BUILDX_VERSION}/buildx-v${DOCKER_BUILDX_VERSION}.linux-amd64 -o /usr/local/lib/docker/cli-plugins/docker-buildx \ + && curl -L https://github.com/docker/buildx/releases/download/v${DOCKER_BUILDX_VERSION}/buildx-v${DOCKER_BUILDX_VERSION}.linux-$BUILDARCH -o /usr/local/lib/docker/cli-plugins/docker-buildx \ && chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx \ && ln -s /usr/local/lib/docker/cli-plugins/docker-buildx /usr/local/bin/docker-buildx \ # Ensure docker-buildx works @@ -206,36 +217,50 @@ RUN mkdir -p -m 755 /etc/apt/keyrings \ && apt update \ && apt install gh -y -# Install Chrome +# Install Chrome (Google does not ship linux arm64 version of Chrome) RUN set -ex \ - && curl -L https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb --output /tmp/google-chrome-stable_current_amd64.deb \ - && dpkg -i /tmp/google-chrome-stable_current_amd64.deb || apt-get install -f -y \ - && rm -rf /tmp/* \ - && google-chrome --version - -# Install ChromeDriver -# https://googlechromelabs.github.io/chrome-for-testing/ -# https://github.com/GoogleChromeLabs/chrome-for-testing#json-api-endpoints + && if [ "$BUILDARCH" != "arm64" ]; then \ + curl -L "https://dl.google.com/linux/direct/google-chrome-stable_current_${BUILDARCH}.deb" --output /tmp/google-chrome.deb && \ + dpkg -i /tmp/google-chrome.deb || apt-get install -f -y && \ + rm -rf /tmp/* && \ + google-chrome --version ; \ + else \ + echo "Skipping Chrome install for $BUILDARCH" ; \ + fi + +# Install ChromeDriver (skipping arm64, see above) RUN set -ex \ - && CHROME_DRIVER_DOWNLOAD_URL=$(curl -sL https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions-with-downloads.json | jq -r '.channels.Stable.downloads.chromedriver[] | select(.platform == "linux64") | .url') \ - && curl -L $CHROME_DRIVER_DOWNLOAD_URL --output /tmp/chromedriver-linux64.zip \ - && unzip -q /tmp/chromedriver-linux64.zip -d /opt/chromedriver \ - && ln -s /opt/chromedriver/chromedriver-linux64/chromedriver /usr/local/bin/chromedriver \ - && rm -rf /tmp/* \ - && chromedriver --version + && if [ "$BUILDARCH" != "arm64" ]; then \ + CHROME_DRIVER_DOWNLOAD_URL=$(curl -sL https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions-with-downloads.json \ + | jq -r '.channels.Stable.downloads.chromedriver[] | select(.platform == "linux64") | .url') && \ + curl -L "$CHROME_DRIVER_DOWNLOAD_URL" --output /tmp/chromedriver-linux64.zip && \ + unzip -q /tmp/chromedriver-linux64.zip -d /opt/chromedriver && \ + ln -s /opt/chromedriver/chromedriver-linux64/chromedriver /usr/local/bin/chromedriver && \ + rm -rf /tmp/* && \ + chromedriver --version ; \ + else \ + echo "Skipping ChromeDriver install for $BUILDARCH" ; \ + fi # Install Chromium # See instruction: https://www.chromium.org/getting-involved/download-chromium/ +# Install Chromium with arch-specific download logic RUN set -ex \ - && CHROMIUM_VERSION=$(curl -sL https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/Linux_x64%2FLAST_CHANGE?alt=media) \ - && CHROMIUM_DOWNLOAD_URL=https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/Linux_x64%2F$CHROMIUM_VERSION%2Fchrome-linux.zip?alt=media \ - && curl -L $CHROMIUM_DOWNLOAD_URL --output /tmp/chromium-linux.zip \ - && unzip -q /tmp/chromium-linux.zip -d /opt/chromium \ - && ln -s /opt/chromium/chrome-linux/chrome /usr/local/bin/chromium \ - && ln -s /opt/chromium/chrome-linux/chrome /usr/local/bin/chromium-browser \ - && rm -rf /tmp/* \ - && chromium --version \ - && chromium-browser --version + && if [ "$BUILDARCH" != "arm64" ]; then \ + CHROMIUM_PLATFORM="Linux_${BUILDARCH}" \ + CHROMIUM_VERSION=$(curl -sL "https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/${CHROMIUM_PLATFORM}%2FLAST_CHANGE?alt=media") && \ + CHROMIUM_DOWNLOAD_URL="https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/${CHROMIUM_PLATFORM}%2F${CHROMIUM_VERSION}%2Fchrome-linux.zip?alt=media" && \ + curl -L "$CHROMIUM_DOWNLOAD_URL" --output /tmp/chromium-linux.zip && \ + unzip -q /tmp/chromium-linux.zip -d /opt/chromium && \ + ln -s /opt/chromium/chrome-linux/chrome /usr/local/bin/chromium && \ + ln -s /opt/chromium/chrome-linux/chrome /usr/local/bin/chromium-browser && \ + rm -rf /tmp/* && \ + chromium --version && \ + chromium-browser --version ; \ + else \ + echo "Skipping Chromium install for $BUILDARCH" ; \ + fi + # Install Mozilla Firefox RUN set -ex \ @@ -295,7 +320,8 @@ RUN set -ex \ # Install Powershell Core # See instructions at https://learn.microsoft.com/en-us/powershell/scripting/install/install-other-linux?view=powershell-7.4#installation-using-a-binary-archive-file ARG POWERSHELL_VERSION=7.4.6 -ARG POWERSHELL_DOWNLOAD_URL=https://github.com/PowerShell/PowerShell/releases/download/v$POWERSHELL_VERSION/powershell-$POWERSHELL_VERSION-linux-x64.tar.gz +ARG POWERSHELL_DOWNLOAD_URL=https://github.com/PowerShell/PowerShell/releases/download/v$POWERSHELL_VERSION/powershell-$POWERSHELL_VERSION-linux-$BUILDARCH.tar.gz +# SHA256 checksum for ARM64 : C0159B03E85F44AE1E7697818A011558DA6C813D0AAE848BF5AC13BF435D8624 ARG POWERSHELL_DOWNLOAD_SHA=6f6015203c47806c5cc444c19d8ed019695e610fbd948154264bf9ca8e157561 RUN set -ex \ @@ -531,7 +557,7 @@ RUN set -ex \ && apt-get install -y -qq --no-install-recommends ca-certificates-java \ # Ensure Java cacerts symlink points to valid location && update-ca-certificates -f \ - && dpkg --add-architecture i386 \ + && dpkg --add-architecture $BUILDARCH \ && apt-get update \ && for tool_path in $JAVA_HOME/bin/*; do \ tool=`basename $tool_path`; \