diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml deleted file mode 100644 index f8a373d3a..000000000 --- a/.github/workflows/scorecard.yml +++ /dev/null @@ -1,78 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. They are provided -# by a third-party and are governed by separate terms of service, privacy -# policy, and support documentation. - -name: Scorecard supply-chain security -on: - # For Branch-Protection check. Only the default branch is supported. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection - branch_protection_rule: - # To guarantee Maintained check is occasionally updated. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained - schedule: - - cron: '39 3 * * 2' - push: - branches: - - '7.0' - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecard analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Needed to publish results and get a badge (see publish_results below). - id-token: write - # Uncomment the permissions below if installing in a private repository. - # contents: read - # actions: read - - steps: - - name: Harden Runner - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 - with: - egress-policy: audit - - - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 - with: - results_file: results.sarif - results_format: sarif - # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecard on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_TOKEN }} - - # Public repositories: - # - Publish results to OpenSSF REST API for easy access by consumers - # - Allows the repository to include the Scorecard badge. - # - See https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories: - # - `publish_results` will always be set to `false`, regardless - # of the value entered here. - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1 - with: - sarif_file: results.sarif diff --git a/Dockerfiles/agent/centos/Dockerfile b/Dockerfiles/agent/centos/Dockerfile index 5371fd415..d6167f51b 100644 --- a/Dockerfiles/agent/centos/Dockerfile +++ b/Dockerfiles/agent/centos/Dockerfile @@ -79,7 +79,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --shell /sbin/nologin \ --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p ZABBIX_CONF_DIR/ && \ + mkdir -p ${ZABBIX_CONF_DIR}/ && \ mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ mkdir -p ${ZABBIX_USER_HOME_DIR} && \ mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ diff --git a/Dockerfiles/agent/ol/Dockerfile b/Dockerfiles/agent/ol/Dockerfile index 08a60ad3c..26303c9a6 100644 --- a/Dockerfiles/agent/ol/Dockerfile +++ b/Dockerfiles/agent/ol/Dockerfile @@ -30,7 +30,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/sbin/zabbix_agentd", "/usr/sbin/zabbix_agentd"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "${ZABBIX_CONF_DIR}/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ @@ -66,7 +66,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --shell /sbin/nologin \ --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p ZABBIX_CONF_DIR/ && \ + mkdir -p ${ZABBIX_CONF_DIR}/ && \ mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ mkdir -p ${ZABBIX_USER_HOME_DIR} && \ mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ diff --git a/Dockerfiles/agent/rhel/Dockerfile b/Dockerfiles/agent/rhel/Dockerfile index ea2298c1b..20dfc94c4 100644 --- a/Dockerfiles/agent/rhel/Dockerfile +++ b/Dockerfiles/agent/rhel/Dockerfile @@ -104,7 +104,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --shell /sbin/nologin \ --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p ZABBIX_CONF_DIR/ && \ + mkdir -p ${ZABBIX_CONF_DIR}/ && \ mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ mkdir -p ${ZABBIX_USER_HOME_DIR} && \ mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ diff --git a/Dockerfiles/build-mysql/alpine/Dockerfile b/Dockerfiles/build-mysql/alpine/Dockerfile index 3ac396576..5368ea6fb 100644 --- a/Dockerfiles/build-mysql/alpine/Dockerfile +++ b/Dockerfiles/build-mysql/alpine/Dockerfile @@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -59,7 +59,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/alpine/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/alpine/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/alpine/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/alpine/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/centos/Dockerfile b/Dockerfiles/build-mysql/centos/Dockerfile index b0c653225..e09873113 100644 --- a/Dockerfiles/build-mysql/centos/Dockerfile +++ b/Dockerfiles/build-mysql/centos/Dockerfile @@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -59,7 +59,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/centos/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/centos/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/centos/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/centos/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/ol/Dockerfile b/Dockerfiles/build-mysql/ol/Dockerfile index d2ca97f1e..63e1c0a92 100644 --- a/Dockerfiles/build-mysql/ol/Dockerfile +++ b/Dockerfiles/build-mysql/ol/Dockerfile @@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -59,7 +59,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/ol/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/ol/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/ol/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/ol/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/rhel/Dockerfile b/Dockerfiles/build-mysql/rhel/Dockerfile index 981f6bf92..ed21a9a4b 100644 --- a/Dockerfiles/build-mysql/rhel/Dockerfile +++ b/Dockerfiles/build-mysql/rhel/Dockerfile @@ -43,7 +43,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -69,7 +69,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/rhel/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/rhel/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/rhel/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/rhel/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/ubuntu/Dockerfile b/Dockerfiles/build-mysql/ubuntu/Dockerfile index 0bd3b979f..c63d9b69e 100644 --- a/Dockerfiles/build-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/build-mysql/ubuntu/Dockerfile @@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -59,7 +59,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/ubuntu/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/ubuntu/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/ubuntu/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/ubuntu/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/alpine/Dockerfile b/Dockerfiles/build-pgsql/alpine/Dockerfile index 78439367d..72bb03f54 100644 --- a/Dockerfiles/build-pgsql/alpine/Dockerfile +++ b/Dockerfiles/build-pgsql/alpine/Dockerfile @@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -61,7 +61,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/alpine/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/alpine/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/alpine/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/alpine/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/centos/Dockerfile b/Dockerfiles/build-pgsql/centos/Dockerfile index 7392c9402..d7d8af7d7 100644 --- a/Dockerfiles/build-pgsql/centos/Dockerfile +++ b/Dockerfiles/build-pgsql/centos/Dockerfile @@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -61,7 +61,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/centos/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/centos/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/centos/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/centos/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/ol/Dockerfile b/Dockerfiles/build-pgsql/ol/Dockerfile index 3dd8e7d07..6b5aca440 100644 --- a/Dockerfiles/build-pgsql/ol/Dockerfile +++ b/Dockerfiles/build-pgsql/ol/Dockerfile @@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -61,7 +61,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/ol/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/ol/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/ol/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/ol/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/rhel/Dockerfile b/Dockerfiles/build-pgsql/rhel/Dockerfile index 546370d98..25c5f0fe7 100644 --- a/Dockerfiles/build-pgsql/rhel/Dockerfile +++ b/Dockerfiles/build-pgsql/rhel/Dockerfile @@ -43,7 +43,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -71,7 +71,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/rhel/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/rhel/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/rhel/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/rhel/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/ubuntu/Dockerfile b/Dockerfiles/build-pgsql/ubuntu/Dockerfile index ca765a95d..1806dc7fb 100644 --- a/Dockerfiles/build-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/build-pgsql/ubuntu/Dockerfile @@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -61,7 +61,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/ubuntu/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/ubuntu/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/ubuntu/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/ubuntu/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-sqlite3/alpine/Dockerfile b/Dockerfiles/build-sqlite3/alpine/Dockerfile index 4ac9f5ef9..4f6a2d696 100644 --- a/Dockerfiles/build-sqlite3/alpine/Dockerfile +++ b/Dockerfiles/build-sqlite3/alpine/Dockerfile @@ -33,6 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -52,6 +53,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/alpine/src/.gitkeep b/Dockerfiles/build-sqlite3/alpine/patches/.gitkeep similarity index 100% rename from Dockerfiles/build-sqlite3/alpine/src/.gitkeep rename to Dockerfiles/build-sqlite3/alpine/patches/.gitkeep diff --git a/Dockerfiles/build-sqlite3/centos/Dockerfile b/Dockerfiles/build-sqlite3/centos/Dockerfile index 53b3ab40c..81d2121da 100644 --- a/Dockerfiles/build-sqlite3/centos/Dockerfile +++ b/Dockerfiles/build-sqlite3/centos/Dockerfile @@ -33,6 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -52,6 +53,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/centos/src/.gitkeep b/Dockerfiles/build-sqlite3/centos/patches/.gitkeep similarity index 100% rename from Dockerfiles/build-sqlite3/centos/src/.gitkeep rename to Dockerfiles/build-sqlite3/centos/patches/.gitkeep diff --git a/Dockerfiles/build-sqlite3/ol/Dockerfile b/Dockerfiles/build-sqlite3/ol/Dockerfile index 422f4615e..963cf57c9 100644 --- a/Dockerfiles/build-sqlite3/ol/Dockerfile +++ b/Dockerfiles/build-sqlite3/ol/Dockerfile @@ -33,6 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -52,6 +53,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/ubuntu/src/.gitkeep b/Dockerfiles/build-sqlite3/ol/patches/.gitkeep similarity index 100% rename from Dockerfiles/build-sqlite3/ubuntu/src/.gitkeep rename to Dockerfiles/build-sqlite3/ol/patches/.gitkeep diff --git a/Dockerfiles/build-sqlite3/rhel/Dockerfile b/Dockerfiles/build-sqlite3/rhel/Dockerfile index 0f0d6c604..28016a40a 100644 --- a/Dockerfiles/build-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/build-sqlite3/rhel/Dockerfile @@ -43,6 +43,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -62,6 +63,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/rhel/patches/.gitkeep b/Dockerfiles/build-sqlite3/rhel/patches/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile index 4a87fd80e..01ee41b10 100644 --- a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile @@ -33,6 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -52,6 +53,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/ubuntu/patches/.gitkeep b/Dockerfiles/build-sqlite3/ubuntu/patches/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile index 1558bbde3..1df1a708f 100644 --- a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile @@ -14,7 +14,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" \ + NMAP_PRIVILEGED="" \ ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ ZABBIX_CONF_DIR="/etc/zabbix" \ ZBX_FPINGLOCATION="/usr/bin/fping" diff --git a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile index 110a692d9..068e65f14 100644 --- a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile @@ -14,7 +14,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" \ + NMAP_PRIVILEGED="" \ ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ ZABBIX_CONF_DIR="/etc/zabbix" \ ZBX_FPINGLOCATION="/usr/bin/fping" diff --git a/Dockerfiles/server-pgsql/centos/Dockerfile b/Dockerfiles/server-pgsql/centos/Dockerfile index 5162474bc..be1d422cf 100644 --- a/Dockerfiles/server-pgsql/centos/Dockerfile +++ b/Dockerfiles/server-pgsql/centos/Dockerfile @@ -108,7 +108,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -G dialout \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir ${ZABBIX_USER_HOME_DIR}/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ diff --git a/Dockerfiles/server-pgsql/ol/Dockerfile b/Dockerfiles/server-pgsql/ol/Dockerfile index 4c3c32e64..2d7d90299 100644 --- a/Dockerfiles/server-pgsql/ol/Dockerfile +++ b/Dockerfiles/server-pgsql/ol/Dockerfile @@ -90,7 +90,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -G dialout \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir ${ZABBIX_USER_HOME_DIR}/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ diff --git a/Dockerfiles/server-pgsql/rhel/Dockerfile b/Dockerfiles/server-pgsql/rhel/Dockerfile index a90750fa3..dcdf2676f 100644 --- a/Dockerfiles/server-pgsql/rhel/Dockerfile +++ b/Dockerfiles/server-pgsql/rhel/Dockerfile @@ -136,7 +136,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -G dialout \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir ${ZABBIX_USER_HOME_DIR}/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ diff --git a/build.sh b/build.sh index ee2a36882..a64b02dfe 100755 --- a/build.sh +++ b/build.sh @@ -42,7 +42,11 @@ else exit 1 fi -DOCKER_BUILDKIT=1 $exec_command build -t "zabbix-$app_component:$os-$version" --build-context sources="../../../sources" --build-arg VCS_REF="$VCS_REF" --build-arg BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" -f Dockerfile . +DOCKER_BUILDKIT=1 $exec_command build -t "zabbix-$app_component:$os-$version" \ + --build-context sources="../../../sources" \ + --build-arg VCS_REF="$VCS_REF" \ + --build-arg BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \ + -f Dockerfile . if [ "$type" != "build" ]; then links=""