From a458dfe1da18270b37c33f6cd258747d1688c566 Mon Sep 17 00:00:00 2001 From: Pedro Pombeiro Date: Fri, 11 Jan 2019 19:07:26 +0100 Subject: [PATCH] Lock down tool versions used in desktop Dockerfiles --- desktop/docker/linux/Dockerfile | 36 +++++++++++++++++++++++-------- desktop/docker/linux/Makefile | 5 +++++ desktop/docker/windows/Dockerfile | 35 ++++++++++++++++++++++-------- desktop/docker/windows/Makefile | 5 +++++ 4 files changed, 63 insertions(+), 18 deletions(-) diff --git a/desktop/docker/linux/Dockerfile b/desktop/docker/linux/Dockerfile index e60d0a4a00..f119849624 100644 --- a/desktop/docker/linux/Dockerfile +++ b/desktop/docker/linux/Dockerfile @@ -4,7 +4,9 @@ ARG QT_VERSION ARG REACT_NATIVE_DESKTOP_COMMIT_SHA ARG QT_CI_COMMIT_SHA -RUN apt-get update && apt-get -y install \ +RUN apt-get update && apt-get -q -y --no-install-recommends install software-properties-common && \ + add-apt-repository -y ppa:git-core/ppa && \ + apt-get update && apt-get -y install \ git libx11-xcb1 libxss1 libasound2 libfontconfig1 libdbus-1-3 && \ apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* @@ -47,30 +49,41 @@ ENV NPM_CONFIG_CACHE /var/tmp/npm ENV PATH /opt/qt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin RUN apt-get update && apt-get -q -y --no-install-recommends install curl software-properties-common && \ - curl -sL https://deb.nodesource.com/setup_10.x | bash - && \ - curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ - echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \ + add-apt-repository -y ppa:git-core/ppa && \ add-apt-repository -y ppa:longsleep/golang-backports && \ apt-get remove -y software-properties-common && \ apt-get update && \ DEBIAN_FRONTEND=noninteractive \ apt-get -q -y --no-install-recommends install \ - wget git unzip golang-go nodejs yarn file s3cmd \ + wget git unzip golang-go file s3cmd \ python python3-pip python3-setuptools python3-wheel \ apt-transport-https locales openjdk-8-jdk-headless \ extra-cmake-modules build-essential gcc g++ fuse \ libx11-xcb1 libxss1 libasound2 libgl-dev libsm6 libxrandr2 python-dev \ libjasper-dev libegl1-mesa libxcomposite-dev libxcursor-dev && \ locale-gen en_US.UTF-8 && \ - npm install -g yarn@1.13.0 && \ apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/man RUN cd /tmp && wget -q https://cmake.org/files/v3.12/cmake-3.12.2-Linux-x86_64.tar.gz && \ tar xf cmake-3.12.2-Linux-x86_64.tar.gz --strip 1 -C /usr/local && \ rm -fr /usr/local/doc/cmake && rm cmake-3.12.2-Linux-x86_64.tar.gz -RUN curl -sL https://raw.githubusercontent.com/technomancy/leiningen/stable/bin/lein -o /usr/bin/lein && \ - chmod +x /usr/bin/lein && /usr/bin/lein version +ARG LEIN_VERSION +ENV LEIN_INSTALL=/usr/bin/ + +RUN mkdir -p $LEIN_INSTALL \ + && wget -q https://raw.githubusercontent.com/technomancy/leiningen/${LEIN_VERSION}/bin/lein-pkg \ + && mv lein-pkg $LEIN_INSTALL/lein \ + && chmod 0755 $LEIN_INSTALL/lein \ + && wget -q https://github.com/technomancy/leiningen/releases/download/${LEIN_VERSION}/leiningen-${LEIN_VERSION}-standalone.zip \ + && mkdir -p /usr/share/java \ + && mv leiningen-${LEIN_VERSION}-standalone.zip /usr/share/java/leiningen-${LEIN_VERSION}-standalone.jar \ + && $LEIN_INSTALL/lein version + +ARG NVM_VERSION +ARG NODE_VERSION +ARG YARN_VERSION +RUN curl -s -o- https://raw.githubusercontent.com/creationix/nvm/v${NVM_VERSION}/install.sh | bash RUN mkdir -p /tmp/react-native-desktop && cd /tmp/react-native-desktop && \ git init && git remote add origin https://github.com/status-im/react-native-desktop.git && \ @@ -78,6 +91,11 @@ RUN mkdir -p /tmp/react-native-desktop && cd /tmp/react-native-desktop && \ git reset --hard FETCH_HEAD && \ cp -r /tmp/react-native-desktop/react-native-cli /opt && \ cd /opt/react-native-cli && \ + export NVM_DIR="$HOME/.nvm" && \ + [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" && \ + nvm install ${NODE_VERSION} && \ + nvm use ${NODE_VERSION} && \ + npm install -g yarn@${YARN_VERSION} && \ npm update && npm install -g && \ cd && rm -r /tmp/react-native-desktop @@ -88,7 +106,7 @@ RUN addgroup --gid 1002 jenkins && \ --uid 1001 --gid 1002 jenkins # Install NVM for Jenkins -RUN su jenkins -c 'curl -s -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.11/install.sh | bash' +RUN su jenkins -c 'curl -s -o- https://raw.githubusercontent.com/creationix/nvm/v${NVM_VERSION}/install.sh | bash' LABEL source="https://github.com/status-im/status-react/tree/develop/desktop/docker" \ description="Image for building Linux Desktop version of Status app." \ diff --git a/desktop/docker/linux/Makefile b/desktop/docker/linux/Makefile index 701d82267c..6d41b66361 100644 --- a/desktop/docker/linux/Makefile +++ b/desktop/docker/linux/Makefile @@ -8,6 +8,7 @@ QT_MD5SUM = 974fda61267cfb6e45984ee5f0a285f8 QT_URL = https://download.qt.io/archive/qt QT_CI_COMMIT_SHA = 55ffd9f225708b3aa1443851cfa8dead2c1f9959 REACT_NATIVE_DESKTOP_COMMIT_SHA = 2a76c435a27f0bf6c089f74222212b3a58e10385 +__read__toolversion__ = $(shell grep $(1) ../../../.TOOLVERSIONS | cut -d'=' -f2-) # WARNING: Remember to change the tag when updating the image IMAGE_TAG = 1.1.1 @@ -18,6 +19,10 @@ build: $(QT_ARCHIVE) --build-arg="QT_VERSION=$(QT_VERSION)" \ --build-arg="QT_CI_COMMIT_SHA=$(QT_CI_COMMIT_SHA)" \ --build-arg="REACT_NATIVE_DESKTOP_COMMIT_SHA=$(REACT_NATIVE_DESKTOP_COMMIT_SHA)" \ + --build-arg="LEIN_VERSION=$(call __read__toolversion__,lein)" \ + --build-arg="NODE_VERSION=$(call __read__toolversion__,node)" \ + --build-arg="NVM_VERSION=$(call __read__toolversion__,nvm)" \ + --build-arg="YARN_VERSION=$(call __read__toolversion__,yarn)" \ --label="commit=$(GIT_COMMIT)" \ -t $(IMAGE_NAME) . diff --git a/desktop/docker/windows/Dockerfile b/desktop/docker/windows/Dockerfile index dfdbfa9eba..4acc17ad09 100644 --- a/desktop/docker/windows/Dockerfile +++ b/desktop/docker/windows/Dockerfile @@ -11,40 +11,57 @@ ENV NPM_CONFIG_CACHE /var/tmp/npm # https://issues.jenkins-ci.org/browse/JENKINS-49076 ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ARG CONAN_VERSION + RUN apt-get update && apt-get -q -y --no-install-recommends install curl software-properties-common && \ - curl -sL https://deb.nodesource.com/setup_10.x | bash - && \ - curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ - echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \ + add-apt-repository -y ppa:git-core/ppa && \ add-apt-repository -y ppa:longsleep/golang-backports && \ apt-get remove -y software-properties-common && \ apt-get update && \ DEBIAN_FRONTEND=noninteractive \ apt-get -q -y --no-install-recommends install \ - wget git nsis unzip golang-go nodejs yarn file jq s3cmd \ + wget git nsis unzip golang-go file jq s3cmd \ python python3-pip python3-setuptools python3-wheel \ apt-transport-https locales openjdk-8-jdk-headless \ extra-cmake-modules build-essential fuse \ libx11-xcb1 libxss1 libasound2 libgl-dev libsm6 libxrandr2 python-dev \ libjasper-dev libegl1-mesa libxcomposite-dev libxcursor-dev && \ locale-gen en_US.UTF-8 && \ - npm install -g yarn@1.13.0 && \ apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/man && \ python3 -m pip install --upgrade pip && \ - pip3 install conan==1.9.0 + pip3 install conan==${CONAN_VERSION} RUN cd /tmp && wget -q https://cmake.org/files/v3.12/cmake-3.12.2-Linux-x86_64.tar.gz && \ tar xf cmake-3.12.2-Linux-x86_64.tar.gz --strip 1 -C /usr/local && \ rm -fr /usr/local/doc/cmake && rm cmake-3.12.2-Linux-x86_64.tar.gz -RUN curl -sL https://raw.githubusercontent.com/technomancy/leiningen/stable/bin/lein -o /usr/bin/lein && \ - chmod +x /usr/bin/lein && /usr/bin/lein version +ARG LEIN_VERSION +ENV LEIN_INSTALL=/usr/bin/ + +RUN mkdir -p $LEIN_INSTALL \ + && wget -q https://raw.githubusercontent.com/technomancy/leiningen/${LEIN_VERSION}/bin/lein-pkg \ + && mv lein-pkg $LEIN_INSTALL/lein \ + && chmod 0755 $LEIN_INSTALL/lein \ + && wget -q https://github.com/technomancy/leiningen/releases/download/${LEIN_VERSION}/leiningen-${LEIN_VERSION}-standalone.zip \ + && mkdir -p /usr/share/java \ + && mv leiningen-${LEIN_VERSION}-standalone.zip /usr/share/java/leiningen-${LEIN_VERSION}-standalone.jar \ + && $LEIN_INSTALL/lein version + +ARG NVM_VERSION +ARG NODE_VERSION +RUN curl -s -o- https://raw.githubusercontent.com/creationix/nvm/v${NVM_VERSION}/install.sh | bash RUN mkdir -p /tmp/react-native-desktop && cd /tmp/react-native-desktop && \ + git --version && \ git init && git remote add origin https://github.com/status-im/react-native-desktop.git && \ git fetch --depth=1 origin ${REACT_NATIVE_DESKTOP_COMMIT_SHA} && \ git reset --hard FETCH_HEAD && \ cp -r /tmp/react-native-desktop/react-native-cli /opt && \ cd /opt/react-native-cli && \ + export NVM_DIR="$HOME/.nvm" && \ + [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" && \ + nvm install ${NODE_VERSION} && \ + nvm use ${NODE_VERSION} && \ npm update && npm install -g && \ cd && rm -r /tmp/react-native-desktop @@ -55,7 +72,7 @@ RUN addgroup --gid 1002 jenkins && \ --uid 1001 --gid 1002 jenkins # Install NVM for Jenkins -RUN su jenkins -c 'curl -s -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.11/install.sh | bash' +RUN su jenkins -c 'curl -s -o- https://raw.githubusercontent.com/creationix/nvm/v${NVM_VERSION}/install.sh | bash' LABEL source="https://github.com/status-im/status-react/tree/develop/desktop/windows/docker" \ description="Image for building Windows Desktop version of Status app." \ diff --git a/desktop/docker/windows/Makefile b/desktop/docker/windows/Makefile index 633a866d53..b647f965ac 100644 --- a/desktop/docker/windows/Makefile +++ b/desktop/docker/windows/Makefile @@ -5,10 +5,15 @@ IMAGE_TAG = 1.1.1 IMAGE_NAME = statusteam/windows-desktop-ubuntu:$(IMAGE_TAG) REACT_NATIVE_DESKTOP_COMMIT_SHA = 2a76c435a27f0bf6c089f74222212b3a58e10385 +__read__toolversion__ = $(shell grep $(1) ../../../.TOOLVERSIONS | cut -d'=' -f2-) build: docker build \ --build-arg="REACT_NATIVE_DESKTOP_COMMIT_SHA=$(REACT_NATIVE_DESKTOP_COMMIT_SHA)" \ + --build-arg="CONAN_VERSION=$(call __read__toolversion__,conan)" \ + --build-arg="LEIN_VERSION=$(call __read__toolversion__,lein)" \ + --build-arg="NODE_VERSION=$(call __read__toolversion__,node)" \ + --build-arg="NVM_VERSION=$(call __read__toolversion__,nvm)" \ --label="commit=$(GIT_COMMIT)" \ -t $(IMAGE_NAME) .