From 72d9d1bc922ea84dcb9dc57444afd0c32f7fac04 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Thu, 26 Dec 2024 02:08:30 +0900 Subject: [PATCH] Merge changes with 7.2 --- .github/workflows/scorecard.yml | 78 ------------------- Dockerfiles/agent/centos/Dockerfile | 2 +- Dockerfiles/agent/ol/Dockerfile | 4 +- Dockerfiles/agent/rhel/Dockerfile | 2 +- Dockerfiles/build-mysql/alpine/Dockerfile | 8 +- .../chromedp_no_sandbox.patch | 0 Dockerfiles/build-mysql/centos/Dockerfile | 8 +- .../chromedp_no_sandbox.patch | 0 Dockerfiles/build-mysql/ol/Dockerfile | 8 +- .../chromedp_no_sandbox.patch | 0 Dockerfiles/build-mysql/rhel/Dockerfile | 8 +- .../chromedp_no_sandbox.patch | 0 Dockerfiles/build-mysql/ubuntu/Dockerfile | 8 +- .../chromedp_no_sandbox.patch | 0 Dockerfiles/build-pgsql/alpine/Dockerfile | 8 +- .../chromedp_no_sandbox.patch | 0 Dockerfiles/build-pgsql/centos/Dockerfile | 8 +- .../chromedp_no_sandbox.patch | 0 Dockerfiles/build-pgsql/ol/Dockerfile | 8 +- .../chromedp_no_sandbox.patch | 0 Dockerfiles/build-pgsql/ubuntu/Dockerfile | 8 +- .../chromedp_no_sandbox.patch | 0 Dockerfiles/build-sqlite3/alpine/Dockerfile | 6 ++ .../alpine/{src => patches}/.gitkeep | 0 Dockerfiles/build-sqlite3/centos/Dockerfile | 6 ++ .../centos/{src => patches}/.gitkeep | 0 Dockerfiles/build-sqlite3/ol/Dockerfile | 6 ++ .../{ubuntu/src => ol/patches}/.gitkeep | 0 Dockerfiles/build-sqlite3/rhel/Dockerfile | 6 ++ .../build-sqlite3/rhel/patches/.gitkeep | 0 Dockerfiles/build-sqlite3/ubuntu/Dockerfile | 6 ++ .../build-sqlite3/ubuntu/patches/.gitkeep | 0 Dockerfiles/proxy-mysql/ubuntu/Dockerfile | 2 +- Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile | 2 +- Dockerfiles/server-pgsql/centos/Dockerfile | 2 +- Dockerfiles/server-pgsql/ol/Dockerfile | 2 +- build.sh | 6 +- 37 files changed, 97 insertions(+), 105 deletions(-) delete mode 100644 .github/workflows/scorecard.yml rename Dockerfiles/build-mysql/alpine/{conf => patches}/chromedp_no_sandbox.patch (100%) rename Dockerfiles/build-mysql/centos/{conf => patches}/chromedp_no_sandbox.patch (100%) rename Dockerfiles/build-mysql/ol/{conf => patches}/chromedp_no_sandbox.patch (100%) rename Dockerfiles/build-mysql/rhel/{conf => patches}/chromedp_no_sandbox.patch (100%) rename Dockerfiles/build-mysql/ubuntu/{conf => patches}/chromedp_no_sandbox.patch (100%) rename Dockerfiles/build-pgsql/alpine/{conf => patches}/chromedp_no_sandbox.patch (100%) rename Dockerfiles/build-pgsql/centos/{conf => patches}/chromedp_no_sandbox.patch (100%) rename Dockerfiles/build-pgsql/ol/{conf => patches}/chromedp_no_sandbox.patch (100%) rename Dockerfiles/build-pgsql/ubuntu/{conf => patches}/chromedp_no_sandbox.patch (100%) rename Dockerfiles/build-sqlite3/alpine/{src => patches}/.gitkeep (100%) rename Dockerfiles/build-sqlite3/centos/{src => patches}/.gitkeep (100%) rename Dockerfiles/build-sqlite3/{ubuntu/src => ol/patches}/.gitkeep (100%) create mode 100644 Dockerfiles/build-sqlite3/rhel/patches/.gitkeep create mode 100644 Dockerfiles/build-sqlite3/ubuntu/patches/.gitkeep diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml deleted file mode 100644 index f8a373d3a..000000000 --- a/.github/workflows/scorecard.yml +++ /dev/null @@ -1,78 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. They are provided -# by a third-party and are governed by separate terms of service, privacy -# policy, and support documentation. - -name: Scorecard supply-chain security -on: - # For Branch-Protection check. Only the default branch is supported. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection - branch_protection_rule: - # To guarantee Maintained check is occasionally updated. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained - schedule: - - cron: '39 3 * * 2' - push: - branches: - - '7.0' - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecard analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Needed to publish results and get a badge (see publish_results below). - id-token: write - # Uncomment the permissions below if installing in a private repository. - # contents: read - # actions: read - - steps: - - name: Harden Runner - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 - with: - egress-policy: audit - - - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 - with: - results_file: results.sarif - results_format: sarif - # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecard on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_TOKEN }} - - # Public repositories: - # - Publish results to OpenSSF REST API for easy access by consumers - # - Allows the repository to include the Scorecard badge. - # - See https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories: - # - `publish_results` will always be set to `false`, regardless - # of the value entered here. - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1 - with: - sarif_file: results.sarif diff --git a/Dockerfiles/agent/centos/Dockerfile b/Dockerfiles/agent/centos/Dockerfile index 2752c99d6..3b9b5d3fc 100644 --- a/Dockerfiles/agent/centos/Dockerfile +++ b/Dockerfiles/agent/centos/Dockerfile @@ -79,7 +79,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --shell /sbin/nologin \ --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p ZABBIX_CONF_DIR/ && \ + mkdir -p ${ZABBIX_CONF_DIR}/ && \ mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ mkdir -p ${ZABBIX_USER_HOME_DIR} && \ mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ diff --git a/Dockerfiles/agent/ol/Dockerfile b/Dockerfiles/agent/ol/Dockerfile index e07fc0f4b..35145c325 100644 --- a/Dockerfiles/agent/ol/Dockerfile +++ b/Dockerfiles/agent/ol/Dockerfile @@ -30,7 +30,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/sbin/zabbix_agentd", "/usr/sbin/zabbix_agentd"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "${ZABBIX_CONF_DIR}/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ @@ -67,7 +67,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --shell /sbin/nologin \ --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p ZABBIX_CONF_DIR/ && \ + mkdir -p ${ZABBIX_CONF_DIR}/ && \ mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ mkdir -p ${ZABBIX_USER_HOME_DIR} && \ mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ diff --git a/Dockerfiles/agent/rhel/Dockerfile b/Dockerfiles/agent/rhel/Dockerfile index e2438a8f9..a577736b2 100644 --- a/Dockerfiles/agent/rhel/Dockerfile +++ b/Dockerfiles/agent/rhel/Dockerfile @@ -103,7 +103,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --shell /sbin/nologin \ --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p ZABBIX_CONF_DIR/ && \ + mkdir -p ${ZABBIX_CONF_DIR}/ && \ mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ mkdir -p ${ZABBIX_USER_HOME_DIR} && \ mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ diff --git a/Dockerfiles/build-mysql/alpine/Dockerfile b/Dockerfiles/build-mysql/alpine/Dockerfile index b11d9cacb..9d5ad5117 100644 --- a/Dockerfiles/build-mysql/alpine/Dockerfile +++ b/Dockerfiles/build-mysql/alpine/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -60,7 +60,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/alpine/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/alpine/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/alpine/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/alpine/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/centos/Dockerfile b/Dockerfiles/build-mysql/centos/Dockerfile index d405ab227..c3ac637d1 100644 --- a/Dockerfiles/build-mysql/centos/Dockerfile +++ b/Dockerfiles/build-mysql/centos/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -60,7 +60,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/centos/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/centos/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/centos/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/centos/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/ol/Dockerfile b/Dockerfiles/build-mysql/ol/Dockerfile index 79a084b7c..69e945a37 100644 --- a/Dockerfiles/build-mysql/ol/Dockerfile +++ b/Dockerfiles/build-mysql/ol/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -60,7 +60,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/ol/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/ol/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/ol/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/ol/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/rhel/Dockerfile b/Dockerfiles/build-mysql/rhel/Dockerfile index 24f9aad10..cbe871422 100644 --- a/Dockerfiles/build-mysql/rhel/Dockerfile +++ b/Dockerfiles/build-mysql/rhel/Dockerfile @@ -44,7 +44,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -70,7 +70,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/rhel/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/rhel/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/rhel/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/rhel/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/ubuntu/Dockerfile b/Dockerfiles/build-mysql/ubuntu/Dockerfile index a6dd05492..5db7236da 100644 --- a/Dockerfiles/build-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/build-mysql/ubuntu/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -60,7 +60,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/ubuntu/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/ubuntu/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/ubuntu/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/ubuntu/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/alpine/Dockerfile b/Dockerfiles/build-pgsql/alpine/Dockerfile index 726100db6..2c4280691 100644 --- a/Dockerfiles/build-pgsql/alpine/Dockerfile +++ b/Dockerfiles/build-pgsql/alpine/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -62,7 +62,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/alpine/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/alpine/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/alpine/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/alpine/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/centos/Dockerfile b/Dockerfiles/build-pgsql/centos/Dockerfile index f32576e13..f8b1a5926 100644 --- a/Dockerfiles/build-pgsql/centos/Dockerfile +++ b/Dockerfiles/build-pgsql/centos/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -62,7 +62,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/centos/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/centos/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/centos/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/centos/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/ol/Dockerfile b/Dockerfiles/build-pgsql/ol/Dockerfile index 4b9de4ca9..1bd09cfa6 100644 --- a/Dockerfiles/build-pgsql/ol/Dockerfile +++ b/Dockerfiles/build-pgsql/ol/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -62,7 +62,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/ol/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/ol/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/ol/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/ol/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/ubuntu/Dockerfile b/Dockerfiles/build-pgsql/ubuntu/Dockerfile index f87a69ac9..86759be69 100644 --- a/Dockerfiles/build-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/build-pgsql/ubuntu/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -62,7 +62,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/ubuntu/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/ubuntu/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/ubuntu/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/ubuntu/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-sqlite3/alpine/Dockerfile b/Dockerfiles/build-sqlite3/alpine/Dockerfile index 00d840048..c091c83ef 100644 --- a/Dockerfiles/build-sqlite3/alpine/Dockerfile +++ b/Dockerfiles/build-sqlite3/alpine/Dockerfile @@ -34,6 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -53,6 +54,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/alpine/src/.gitkeep b/Dockerfiles/build-sqlite3/alpine/patches/.gitkeep similarity index 100% rename from Dockerfiles/build-sqlite3/alpine/src/.gitkeep rename to Dockerfiles/build-sqlite3/alpine/patches/.gitkeep diff --git a/Dockerfiles/build-sqlite3/centos/Dockerfile b/Dockerfiles/build-sqlite3/centos/Dockerfile index 6c0fe49ae..69194a981 100644 --- a/Dockerfiles/build-sqlite3/centos/Dockerfile +++ b/Dockerfiles/build-sqlite3/centos/Dockerfile @@ -34,6 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -53,6 +54,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/centos/src/.gitkeep b/Dockerfiles/build-sqlite3/centos/patches/.gitkeep similarity index 100% rename from Dockerfiles/build-sqlite3/centos/src/.gitkeep rename to Dockerfiles/build-sqlite3/centos/patches/.gitkeep diff --git a/Dockerfiles/build-sqlite3/ol/Dockerfile b/Dockerfiles/build-sqlite3/ol/Dockerfile index 752c57fc9..2b8cc7f8b 100644 --- a/Dockerfiles/build-sqlite3/ol/Dockerfile +++ b/Dockerfiles/build-sqlite3/ol/Dockerfile @@ -34,6 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -53,6 +54,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/ubuntu/src/.gitkeep b/Dockerfiles/build-sqlite3/ol/patches/.gitkeep similarity index 100% rename from Dockerfiles/build-sqlite3/ubuntu/src/.gitkeep rename to Dockerfiles/build-sqlite3/ol/patches/.gitkeep diff --git a/Dockerfiles/build-sqlite3/rhel/Dockerfile b/Dockerfiles/build-sqlite3/rhel/Dockerfile index e7790143f..30fbbdd7e 100644 --- a/Dockerfiles/build-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/build-sqlite3/rhel/Dockerfile @@ -44,6 +44,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -63,6 +64,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/rhel/patches/.gitkeep b/Dockerfiles/build-sqlite3/rhel/patches/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile index cd14bc4d6..5811fb057 100644 --- a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile @@ -34,6 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -53,6 +54,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/ubuntu/patches/.gitkeep b/Dockerfiles/build-sqlite3/ubuntu/patches/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile index 2b93c7e7e..d00842f77 100644 --- a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile @@ -14,7 +14,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" \ + NMAP_PRIVILEGED="" \ ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ ZABBIX_CONF_DIR="/etc/zabbix" \ ZBX_FPINGLOCATION="/usr/bin/fping" diff --git a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile index de51022fe..f52c3943a 100644 --- a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile @@ -14,7 +14,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" \ + NMAP_PRIVILEGED="" \ ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ ZABBIX_CONF_DIR="/etc/zabbix" \ ZBX_FPINGLOCATION="/usr/bin/fping" diff --git a/Dockerfiles/server-pgsql/centos/Dockerfile b/Dockerfiles/server-pgsql/centos/Dockerfile index be6116aa8..4e68828ef 100644 --- a/Dockerfiles/server-pgsql/centos/Dockerfile +++ b/Dockerfiles/server-pgsql/centos/Dockerfile @@ -108,7 +108,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -G dialout \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir ${ZABBIX_USER_HOME_DIR}/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ diff --git a/Dockerfiles/server-pgsql/ol/Dockerfile b/Dockerfiles/server-pgsql/ol/Dockerfile index 9145f7143..b15eb1014 100644 --- a/Dockerfiles/server-pgsql/ol/Dockerfile +++ b/Dockerfiles/server-pgsql/ol/Dockerfile @@ -91,7 +91,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -G dialout \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir ${ZABBIX_USER_HOME_DIR}/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ diff --git a/build.sh b/build.sh index ee2a36882..a64b02dfe 100755 --- a/build.sh +++ b/build.sh @@ -42,7 +42,11 @@ else exit 1 fi -DOCKER_BUILDKIT=1 $exec_command build -t "zabbix-$app_component:$os-$version" --build-context sources="../../../sources" --build-arg VCS_REF="$VCS_REF" --build-arg BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" -f Dockerfile . +DOCKER_BUILDKIT=1 $exec_command build -t "zabbix-$app_component:$os-$version" \ + --build-context sources="../../../sources" \ + --build-arg VCS_REF="$VCS_REF" \ + --build-arg BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \ + -f Dockerfile . if [ "$type" != "build" ]; then links=""