From 9638450ef6236da1ee1f1573063128363b879c9f Mon Sep 17 00:00:00 2001
From: Mirco <mirco.zachmann@meissa.de>
Date: Thu, 7 Dec 2023 20:38:43 +0100
Subject: [PATCH] Improvements docker image building

---
 infrastructure/clj-cljs/image/Dockerfile      |  2 +-
 .../clj-cljs/image/resources/CHECKSUMS        |  1 -
 .../clj-cljs/image/resources/install.sh       | 38 ++++++++++----
 infrastructure/clj/image/Dockerfile           |  2 +-
 infrastructure/clj/image/resources/CHECKSUMS  |  2 -
 infrastructure/clj/image/resources/install.sh | 50 +++++++++++++------
 infrastructure/ddadevops/build.py             |  2 +-
 infrastructure/ddadevops/image/Dockerfile     |  7 ++-
 .../ddadevops/image/resources/install.sh      | 17 +++++++
 infrastructure/dind/image/Dockerfile          |  7 ++-
 .../dind/image/resources/install.sh           | 17 +++++++
 infrastructure/kotlin/image/Dockerfile        |  2 +-
 .../kotlin/image/resources/install.sh         | 10 ++--
 infrastructure/python/image/Dockerfile        |  8 ++-
 .../python/image/resources/install.sh         | 18 +++++++
 .../image/resources/install_functions.sh      |  8 +--
 16 files changed, 136 insertions(+), 55 deletions(-)
 delete mode 100644 infrastructure/clj-cljs/image/resources/CHECKSUMS
 delete mode 100644 infrastructure/clj/image/resources/CHECKSUMS
 create mode 100755 infrastructure/ddadevops/image/resources/install.sh
 create mode 100755 infrastructure/dind/image/resources/install.sh
 create mode 100755 infrastructure/python/image/resources/install.sh

diff --git a/infrastructure/clj-cljs/image/Dockerfile b/infrastructure/clj-cljs/image/Dockerfile
index ff83d09..7efb8ef 100644
--- a/infrastructure/clj-cljs/image/Dockerfile
+++ b/infrastructure/clj-cljs/image/Dockerfile
@@ -1,4 +1,4 @@
 FROM node:lts-bookworm-slim
 
 ADD resources /tmp
-RUN /tmp/install.sh
\ No newline at end of file
+RUN DEBIAN_FRONTEND=noninteractive DEBCONF_NOWARNINGS=yes /tmp/install.sh
\ No newline at end of file
diff --git a/infrastructure/clj-cljs/image/resources/CHECKSUMS b/infrastructure/clj-cljs/image/resources/CHECKSUMS
deleted file mode 100644
index 6109221..0000000
--- a/infrastructure/clj-cljs/image/resources/CHECKSUMS
+++ /dev/null
@@ -1 +0,0 @@
-478604fe85c711aafe8ef78c0bf25cb93fa46de5a3c07040f25a595096c43f8a  kubeconform-v0.6.3.tar.gz
diff --git a/infrastructure/clj-cljs/image/resources/install.sh b/infrastructure/clj-cljs/image/resources/install.sh
index 1167e3a..88b88cf 100755
--- a/infrastructure/clj-cljs/image/resources/install.sh
+++ b/infrastructure/clj-cljs/image/resources/install.sh
@@ -1,31 +1,47 @@
 #!/bin/bash
-set -eux
+set -exo pipefail
 
 function main() {
+    {
     upgradeSystem
 
     mkdir -p /usr/share/man/man1
-    apt -qqy install openjdk-17-jre-headless leiningen curl
+    apt-get -qqy install openjdk-17-jre-headless leiningen curl
     
     # shadow-cljs
+    npm install -g npm
     npm install -g --save-dev shadow-cljs
 
     # download kubeconform & graalvm
-    curl -Lo /tmp/kubeconform-v0.6.3.tar.gz https://github.com/yannh/kubeconform/releases/download/v0.6.3/kubeconform-linux-amd64.tar.gz
-    
-    # checksum
-    cd /tmp
-    sha256sum --check CHECKSUMS
+    kubeconform_version="0.6.4"
+
+    curl -SsLo /tmp/kubeconform.tar.gz https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/kubeconform-linux-amd64.tar.gz
+    curl -SsLo /tmp/CHECKSUMS https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/CHECKSUMS
+
+    # checksum kubeconform
+    checksum
 
     # install kubeconform
-    tar -xf /tmp/kubeconform-v0.6.3.tar.gz
-    cp kubeconform /usr/local/bin
+    tar -C /usr/local/bin -xf /tmp/kubeconform.tar.gz --exclude=LICENSE
 
     #install pyb
-    apt -qqy install python3 python3-pip git;
-    pip3 install pybuilder 'ddadevops>=4.7.0' deprecation dda-python-terraform boto3 pyyaml inflection --break-system-packages;
+    apt-get -qqy install python3 python3-pip git
+    pip3 install pybuilder 'ddadevops>=4.7.0' deprecation dda-python-terraform boto3 pyyaml inflection --break-system-packages
 
     cleanupDocker
+    } > /dev/null
+}
+
+function checksum() {
+    checksum_var=$(awk '{print $1}' /tmp/CHECKSUMS|sed -n '2p')
+    sha256sum_var=$(sha256sum /tmp/kubeconform.tar.gz|awk '{print $1}')
+    
+    if [ $checksum_var == $sha256sum_var ]; then
+        echo "Kubeconform checksum verification succesful" 
+    else
+        echo "Failure in kubeconform checksum verification"
+        exit 1
+    fi
 }
 
 source /tmp/install_functions.sh
diff --git a/infrastructure/clj/image/Dockerfile b/infrastructure/clj/image/Dockerfile
index f02ebd2..97197c0 100644
--- a/infrastructure/clj/image/Dockerfile
+++ b/infrastructure/clj/image/Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:stable-slim
 
 ADD resources /tmp
-RUN /tmp/install.sh
+RUN DEBIAN_FRONTEND=noninteractive DEBCONF_NOWARNINGS=yes /tmp/install.sh
 ENV LANG=en_US.UTF-8 \
     JAVA_HOME=/usr/lib64/graalvm/graalvm-community-java17
\ No newline at end of file
diff --git a/infrastructure/clj/image/resources/CHECKSUMS b/infrastructure/clj/image/resources/CHECKSUMS
deleted file mode 100644
index 6a216cd..0000000
--- a/infrastructure/clj/image/resources/CHECKSUMS
+++ /dev/null
@@ -1,2 +0,0 @@
-478604fe85c711aafe8ef78c0bf25cb93fa46de5a3c07040f25a595096c43f8a  kubeconform-v0.6.3.tar.gz
-094e5a7dcc4a903b70741d5c3c1688f83e83e2d44eb3d8d798c5d79ed902032c  graalvm-community-jdk-17.0.7_linux-x64_bin.tar.gz
\ No newline at end of file
diff --git a/infrastructure/clj/image/resources/install.sh b/infrastructure/clj/image/resources/install.sh
index 6694783..42dec9a 100755
--- a/infrastructure/clj/image/resources/install.sh
+++ b/infrastructure/clj/image/resources/install.sh
@@ -1,37 +1,57 @@
 #!/bin/bash
-set -eux
+set -exo pipefail
 
 function main() {
+    {
     upgradeSystem
 
-    apt -qqy install curl git openjdk-17-jre-headless leiningen build-essential libz-dev zlib1g-dev;
+    apt-get -qqy install curl git openjdk-17-jre-headless leiningen build-essential libz-dev zlib1g-dev
+
 
     # download kubeconform & graalvm
-    curl -Lo /tmp/kubeconform-v0.6.3.tar.gz https://github.com/yannh/kubeconform/releases/download/v0.6.3/kubeconform-linux-amd64.tar.gz
-    curl -Lo /tmp/graalvm-community-jdk-17.0.7_linux-x64_bin.tar.gz https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-17.0.7/graalvm-community-jdk-17.0.7_linux-x64_bin.tar.gz
-    
-    # checksum
-    cd /tmp
-    sha256sum --check CHECKSUMS
+    kubeconform_version="0.6.4"
+    graalvm_jdk_version="17.0.9"
+
+    curl -SsLo /tmp/kubeconform.tar.gz https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/kubeconform-linux-amd64.tar.gz
+    curl -SsLo /tmp/CHECKSUMS https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/CHECKSUMS
+    curl -SsLo /tmp/graalvm-community-jdk.tar.gz https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-${graalvm_jdk_version}/graalvm-community-jdk-${graalvm_jdk_version}_linux-x64_bin.tar.gz
+    curl -SsLo /tmp/graalvm-checksum https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-${graalvm_jdk_version}/graalvm-community-jdk-${graalvm_jdk_version}_linux-x64_bin.tar.gz.sha256
+
+    # checksum kubeconform & graalvm-jdk
+    checksum
 
     # install kubeconform
-    tar -xf /tmp/kubeconform-v0.6.3.tar.gz
-    cp kubeconform /usr/local/bin
+    tar -C /usr/local/bin -xf /tmp/kubeconform.tar.gz --exclude=LICENSE
 
     # install graalvm
-    tar -xzf graalvm-community-jdk-17.0.7_linux-x64_bin.tar.gz
-    mv graalvm-community-openjdk-17.0.7+7.1 /usr/lib/jvm/
-    ln -s /usr/lib/jvm/graalvm-community-openjdk-17.0.7+7.1 /usr/lib/jvm/graalvm
+    tar -C /usr/lib/jvm/ -xf /tmp/graalvm-community-jdk.tar.gz
+    dirname_graalvm=$(ls /usr/lib/jvm/|grep -e graa)
+    ln -s /usr/lib/jvm/$dirname_graalvm /usr/lib/jvm/graalvm
     ln -s /usr/lib/jvm/graalvm/bin/gu /usr/local/bin
     update-alternatives --install /usr/bin/java java /usr/lib/jvm/graalvm/bin/java 2
     gu install native-image
     ln -s /usr/lib/jvm/graalvm/bin/native-image /usr/local/bin
 
     #install pyb
-    apt -qqy install python3 python3-pip;
-    pip3 install pybuilder 'ddadevops>=4.7.0' deprecation dda-python-terraform boto3 pyyaml inflection --break-system-packages;   
+    apt-get -qqy install python3 python3-pip
+    pip3 install pybuilder 'ddadevops>=4.7.0' deprecation dda-python-terraform boto3 pyyaml inflection --break-system-packages 
 
     cleanupDocker
+    } > /dev/null
+}
+
+function checksum() {
+    checksum_kubeconform=$(awk '{print $1}' /tmp/CHECKSUMS|sed -n '2p')
+    sha256sum_kubeconform=$(sha256sum /tmp/kubeconform.tar.gz|awk '{print $1}')
+    checksum_graalvm_jdk=$(awk '{print $1}' /tmp/graalvm-checksum)
+    sha256sum_graalvm_jdk=$(sha256sum /tmp/graalvm-community-jdk.tar.gz|awk '{print $1}')
+
+    if [ $checksum_kubeconform == $sha256sum_kubeconform -a $checksum_graalvm_jdk == $sha256sum_graalvm_jdk ]; then
+        echo "Kubeconform & graalvm_jdk checksum verification succesful" 
+    else
+        echo "Failure in kubeconform|graalvm_jdk checksum verification"
+        exit 1
+    fi
 }
 
 source /tmp/install_functions.sh
diff --git a/infrastructure/ddadevops/build.py b/infrastructure/ddadevops/build.py
index 92a2937..8d00f15 100644
--- a/infrastructure/ddadevops/build.py
+++ b/infrastructure/ddadevops/build.py
@@ -26,7 +26,7 @@ def initialize(project):
         "image_tag": f"{image_tag}",
     }
 
-    project.build_depends_on("ddadevops>=4.0.0")
+    project.build_depends_on("ddadevops>=4.9.0")
 
     build = DevopsImageBuild(project, input)
     build.initialize_build_dir()
diff --git a/infrastructure/ddadevops/image/Dockerfile b/infrastructure/ddadevops/image/Dockerfile
index 3ec73d0..17c2654 100644
--- a/infrastructure/ddadevops/image/Dockerfile
+++ b/infrastructure/ddadevops/image/Dockerfile
@@ -1,6 +1,5 @@
 FROM python:3.10-alpine
 
-RUN set -eux; 
-RUN apk add --no-cache python3 py3-pip openssl-dev bash git curl;
-RUN python3 -m pip install -U pip;
-RUN pip3 install pybuilder ddadevops deprecation dda-python-terraform boto3 pyyaml inflection;
+WORKDIR /tmp
+ADD resources ./ 
+RUN ./install.sh
diff --git a/infrastructure/ddadevops/image/resources/install.sh b/infrastructure/ddadevops/image/resources/install.sh
new file mode 100755
index 0000000..79c19d0
--- /dev/null
+++ b/infrastructure/ddadevops/image/resources/install.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -exo pipefail
+
+function main() {
+    {
+        apk -U upgrade
+        apk add --no-cache python3 py3-pip openssl-dev bash git curl
+        python3 -m pip install -U pip
+        pip3 install pybuilder ddadevops deprecation dda-python-terraform boto3 pyyaml inflection
+        apk cache clean
+    } > /dev/null
+    
+    rm -rf /tmp/*
+}
+
+main
diff --git a/infrastructure/dind/image/Dockerfile b/infrastructure/dind/image/Dockerfile
index 875d0fe..0f320d5 100644
--- a/infrastructure/dind/image/Dockerfile
+++ b/infrastructure/dind/image/Dockerfile
@@ -1,6 +1,5 @@
 FROM docker:latest
 
-RUN set -eux; 
-RUN apk add --no-cache python3 py3-pip openssl-dev bash git;
-RUN python3 -m pip install -U pip;
-RUN pip3 install pybuilder ddadevops deprecation dda-python-terraform boto3 pyyaml inflection;
+WORKDIR /tmp
+ADD resources ./ 
+RUN ./install.sh
diff --git a/infrastructure/dind/image/resources/install.sh b/infrastructure/dind/image/resources/install.sh
new file mode 100755
index 0000000..80e2ce6
--- /dev/null
+++ b/infrastructure/dind/image/resources/install.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -exo pipefail
+
+function main() {
+    {
+        apk -U upgrade
+        apk add --no-cache python3 py3-pip openssl-dev bash git
+        python3 -m pip install -U pip
+        pip3 install pybuilder ddadevops deprecation dda-python-terraform boto3 pyyaml inflection
+        apk cache clean
+    } > /dev/null
+    
+    rm -rf /tmp/*
+}
+
+main
diff --git a/infrastructure/kotlin/image/Dockerfile b/infrastructure/kotlin/image/Dockerfile
index 23a32d6..4113cf7 100644
--- a/infrastructure/kotlin/image/Dockerfile
+++ b/infrastructure/kotlin/image/Dockerfile
@@ -1,4 +1,4 @@
 FROM debian:stable-slim
 
 ADD resources /tmp
-RUN /tmp/install.sh
+RUN DEBIAN_FRONTEND=noninteractive DEBCONF_NOWARNINGS=yes /tmp/install.sh
diff --git a/infrastructure/kotlin/image/resources/install.sh b/infrastructure/kotlin/image/resources/install.sh
index b807340..12602e5 100755
--- a/infrastructure/kotlin/image/resources/install.sh
+++ b/infrastructure/kotlin/image/resources/install.sh
@@ -1,16 +1,16 @@
 #!/bin/bash
-set -eux
+set -exo pipefail
 
 function main() {
+    {
     upgradeSystem
 
-    apt -qqy install curl git kotlin gradle iputils-ping ssh
+    apt-get -qqy install curl git kotlin gradle iputils-ping ssh python3 python3-pip
 
-    #install pyb
-    apt -qqy install python3 python3-pip;
-    pip3 install pybuilder 'ddadevops>=4.7.0' deprecation dda-python-terraform boto3 pyyaml inflection --break-system-packages;
+    pip3 install pybuilder 'ddadevops>=4.7.0' deprecation dda-python-terraform boto3 pyyaml inflection --break-system-packages
 
     cleanupDocker
+    } > /dev/null
 }
 
 source /tmp/install_functions.sh
diff --git a/infrastructure/python/image/Dockerfile b/infrastructure/python/image/Dockerfile
index bae55e0..86f7192 100644
--- a/infrastructure/python/image/Dockerfile
+++ b/infrastructure/python/image/Dockerfile
@@ -1,7 +1,5 @@
 FROM python:3.10-alpine
 
-RUN set -eux; 
-RUN apk add --no-cache build-base rust python3 python3-dev py3-pip py3-setuptools py3-wheel libffi-dev openssl-dev cargo bash git curl;
-RUN python3 -m pip install -U pip;
-RUN pip3 install pybuilder ddadevops deprecation dda-python-terraform boto3 pyyaml inflection;
-RUN pip3 install coverage flake8 flake8-polyfill mypy mypy-extensions pycodestyle pyflakes pylint pytest pytest-cov pytest-datafiles types-setuptools types-PyYAML;
+WORKDIR /tmp
+ADD resources ./ 
+RUN ./install.sh
\ No newline at end of file
diff --git a/infrastructure/python/image/resources/install.sh b/infrastructure/python/image/resources/install.sh
new file mode 100755
index 0000000..fc2578c
--- /dev/null
+++ b/infrastructure/python/image/resources/install.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -exo pipefail
+
+function main() {
+    {
+        apk -U upgrade
+        apk add --no-cache build-base rust python3 python3-dev py3-pip py3-setuptools py3-wheel libffi-dev openssl-dev cargo bash git curl
+        python3 -m pip install -U pip
+        pip3 install pybuilder ddadevops deprecation dda-python-terraform boto3 pyyaml inflection \
+                coverage flake8 flake8-polyfill mypy mypy-extensions pycodestyle pyflakes pylint pytest pytest-cov pytest-datafiles types-setuptools types-PyYAML
+        apk cache clean
+    } > /dev/null
+    
+    rm -rf /tmp/*
+}
+
+main
diff --git a/src/main/resources/docker/image/resources/install_functions.sh b/src/main/resources/docker/image/resources/install_functions.sh
index 8b708d1..53d9f0b 100755
--- a/src/main/resources/docker/image/resources/install_functions.sh
+++ b/src/main/resources/docker/image/resources/install_functions.sh
@@ -1,8 +1,8 @@
 function upgradeSystem() {
-  export DEBIAN_FRONTEND=noninteractive
-  apt-get update > /dev/null
-  apt-get -y install apt-utils > /dev/null
-  apt-get -qqy dist-upgrade  > /dev/null
+  {
+    apt-get update
+    apt-get -qqy upgrade
+  } > /dev/null
 }
 
 function cleanupDocker() {