diff --git a/README.md b/README.md index 96dc5bb1..ed47f66f 100644 --- a/README.md +++ b/README.md @@ -8,24 +8,24 @@ The master branch will sometimes have changes that are still in the process of b ### How to build Docker images -Steps to build Standard 7.0 image +Steps to build Standard 8.0 image * Run `git clone https://github.com/aws/aws-codebuild-docker-images.git` to download this repository to your local machine -* Run `cd aws-codebuild-docker-images/ubuntu/standard/7.0` to change the directory in your local workspace. This is the location of the Standard 7.0 Dockerfile with Ubuntu base. -* Run `docker build -t aws/codebuild/standard:7.0 .` to build Docker image locally +* Run `cd aws-codebuild-docker-images/ubuntu/standard/8.0` to change the directory in your local workspace. This is the location of the Standard 8.0 Dockerfile with Ubuntu base. +* Run `docker build -t aws/codebuild/standard:8.0 .` to build Docker image locally To poke around in the image interactively, build it and run: -`docker run -it --entrypoint sh aws/codebuild/standard:7.0 -c bash` +`docker run -it --entrypoint sh aws/codebuild/standard:8.0 -c bash` To let the Docker daemon start up in the container, build it and run: -`docker run -it --privileged aws/codebuild/standard:7.0 bash` +`docker run -it --privileged aws/codebuild/standard:8.0 bash` ``` $ git clone https://github.com/aws/aws-codebuild-docker-images.git $ cd aws-codebuild-docker-images -$ cd ubuntu/standard/7.0 -$ docker build -t aws/codebuild/standard:7.0 . -$ docker run -it --entrypoint sh aws/codebuild/standard:7.0 -c bash +$ cd ubuntu/standard/8.0 +$ docker build -t aws/codebuild/standard:8.0 . +$ docker run -it --entrypoint sh aws/codebuild/standard:8.0 -c bash ``` ### Image maintenance @@ -37,6 +37,7 @@ The following images are actively maintained by AWS CodeBuild, and are listed in + [standard 5.0](ubuntu/standard/5.0) + [standard 6.0](ubuntu/standard/6.0) + [standard 7.0](ubuntu/standard/7.0) ++ [standard 8.0](ubuntu/standard/8.0) + [amazonlinux2-x86_64-standard:4.0](al2/x86_64/standard/4.0) + [amazonlinux2-x86_64-standard:5.0](al2/x86_64/standard/5.0) + [amazonlinux2-x86_64-standard:corretto8](al2/x86_64/standard/corretto8) diff --git a/buildspec.yml b/buildspec.yml index e622cc23..1f574b66 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -3,6 +3,8 @@ version: 0.2 phases: build: commands: + - cd $CODEBUILD_SRC_DIR/ubuntu/standard/8.0 + - docker build -t aws/codebuild/standard:8.0 . - cd $CODEBUILD_SRC_DIR/ubuntu/standard/7.0 - docker build -t aws/codebuild/standard:7.0 . - cd $CODEBUILD_SRC_DIR/al2/x86_64/standard/5.0 diff --git a/ubuntu/standard/8.0/Dockerfile b/ubuntu/standard/8.0/Dockerfile new file mode 100644 index 00000000..423917ee --- /dev/null +++ b/ubuntu/standard/8.0/Dockerfile @@ -0,0 +1,393 @@ +# Copyright 2020-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://aws.amazon.com/asl/ +# +# or in the "license" file accompanying this file. +# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. +# See the License for the specific language governing permissions and limitations under the License. +FROM public.ecr.aws/ubuntu/ubuntu:22.04 AS core + +ARG DEBIAN_FRONTEND="noninteractive" + +# Install git, SSH, and other utilities +RUN set -ex \ + && echo 'Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/99use-gzip-compression \ + && apt-get update \ + && apt install -y -qq apt-transport-https gnupg ca-certificates \ + && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF \ + && apt-get install software-properties-common -y -qq --no-install-recommends \ + && apt-add-repository -y ppa:git-core/ppa \ + && apt-get update \ + && apt-get install git=1:2.* -y -qq --no-install-recommends \ + && git version \ + && apt-get install -y -qq --no-install-recommends openssh-client \ + && mkdir ~/.ssh \ + && mkdir -p /codebuild/image/config \ + && touch ~/.ssh/known_hosts \ + && ssh-keyscan -t rsa,dsa,ed25519,ecdsa -H github.com >> ~/.ssh/known_hosts \ + && ssh-keyscan -t rsa,dsa,ed25519,ecdsa -H bitbucket.org >> ~/.ssh/known_hosts \ + && chmod 600 ~/.ssh/known_hosts \ + && apt-get install -y -qq --no-install-recommends \ + apt-utils asciidoc autoconf automake build-essential bzip2 \ + bzr curl dirmngr docbook-xml docbook-xsl dpkg-dev \ + e2fsprogs expect fakeroot file g++ gcc gettext gettext-base \ + groff gzip iptables jq less libapr1 libaprutil1 \ + libargon2-0-dev libbz2-dev libc6-dev libcurl4-openssl-dev \ + libdb-dev libdbd-sqlite3-perl libdbi-perl libdpkg-perl \ + libedit-dev liberror-perl libevent-dev libffi-dev libgeoip-dev \ + libglib2.0-dev libhttp-date-perl libio-pty-perl libjpeg-dev \ + libkrb5-dev liblzma-dev libmagickcore-dev libmagickwand-dev \ + libmysqlclient-dev libncurses5-dev libncursesw5-dev libonig-dev \ + libpq-dev libreadline-dev libserf-1-1 libsodium-dev libsqlite3-dev libssl-dev \ + libsvn1 libsvn-perl libtcl8.6 libtidy-dev libtimedate-perl \ + libtool libwebp-dev libxml2-dev libxml2-utils libxslt1-dev \ + libyaml-dev libyaml-perl llvm locales make mlocate \ + netbase openssl patch pkg-config procps python3-configobj \ + python3-openssl rsync sgml-base sgml-data \ + tar tcl tcl8.6 tk tk-dev unzip wget xfsprogs xml-core xmlto xsltproc \ + libzip-dev vim xvfb xz-utils zip zlib1g-dev \ + && rm -rf /var/lib/apt/lists/* + +ENV LC_CTYPE="C.UTF-8" + +RUN useradd codebuild-user + +#=======================End of layer: core ================= + + +FROM core AS tools + +# Install stunnel +RUN set -ex \ + && STUNNEL_VERSION=5.69 \ + && STUNNEL_TAR=stunnel-$STUNNEL_VERSION.tar.gz \ + && STUNNEL_SHA256="1ff7d9f30884c75b98c8a0a4e1534fa79adcada2322635e6787337b4e38fdb81" \ + && curl -o $STUNNEL_TAR https://www.stunnel.org/archive/5.x/$STUNNEL_TAR && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum --check && tar xfz $STUNNEL_TAR \ + && cd stunnel-$STUNNEL_VERSION \ + && ./configure \ + && make -j4 \ + && make install \ + && openssl genrsa -out key.pem 2048 \ + && openssl req -new -x509 -key key.pem -out cert.pem -days 1095 -subj "/C=US/ST=Washington/L=Seattle/O=Amazon/OU=Codebuild/CN=codebuild.amazon.com" \ + && cat key.pem cert.pem >> /usr/local/etc/stunnel/stunnel.pem \ + && cd .. && rm -rf stunnel-${STUNNEL_VERSION}* + +# AWS Tools +# https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html +RUN curl -sS -o /usr/local/bin/aws-iam-authenticator https://s3.us-west-2.amazonaws.com/amazon-eks/1.25.6/2023-01-30/bin/linux/amd64/aws-iam-authenticator \ + && curl -sS -o /usr/local/bin/kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.25.6/2023-01-30/bin/linux/amd64/kubectl \ + && curl -sS -o /usr/local/bin/ecs-cli https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-linux-amd64-latest \ + && curl -sS -L https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_Linux_amd64.tar.gz | tar xz -C /usr/local/bin \ + && chmod +x /usr/local/bin/kubectl /usr/local/bin/aws-iam-authenticator /usr/local/bin/ecs-cli /usr/local/bin/eksctl + +# Configure SSM +RUN set -ex \ + && mkdir /tmp/ssm \ + && cd /tmp/ssm \ + && wget -q https://s3.amazonaws.com/amazon-ssm-us-east-1/latest/debian_amd64/amazon-ssm-agent.deb \ + && dpkg -i amazon-ssm-agent.deb + +# Install AWS CLI v2 +# https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html +RUN curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o /tmp/awscliv2.zip \ + && unzip -q /tmp/awscliv2.zip -d /opt \ + && /opt/aws/install --update -i /usr/local/aws-cli -b /usr/local/bin \ + && rm /tmp/awscliv2.zip \ + && rm -rf /opt/aws \ + && aws --version + +# Install env tools for runtimes +# Dotnet +ENV PATH "/root/.dotnet/:/root/.dotnet/tools/:$PATH" +RUN set -ex \ +&& wget -qO /usr/local/bin/dotnet-install.sh https://dot.net/v1/dotnet-install.sh \ +&& chmod +x /usr/local/bin/dotnet-install.sh + +#nodejs +ARG SRC_DIR="/usr/src" +ARG N_SRC_DIR="$SRC_DIR/n" +RUN git clone https://github.com/tj/n $N_SRC_DIR \ + && cd $N_SRC_DIR && make install + +#ruby +ARG RBENV_SRC_DIR="/usr/local/rbenv" + +ENV PATH="/root/.rbenv/shims:$RBENV_SRC_DIR/bin:$RBENV_SRC_DIR/shims:$PATH" \ + RUBY_BUILD_SRC_DIR="$RBENV_SRC_DIR/plugins/ruby-build" + +RUN set -ex \ + && git clone https://github.com/rbenv/rbenv.git $RBENV_SRC_DIR \ + && mkdir -p $RBENV_SRC_DIR/plugins \ + && git clone https://github.com/rbenv/ruby-build.git $RUBY_BUILD_SRC_DIR \ + && sh $RUBY_BUILD_SRC_DIR/install.sh + +#python +RUN curl https://pyenv.run | bash +ENV PATH="/root/.pyenv/shims:/root/.pyenv/bin:$PATH" + +#php +RUN curl -L https://raw.githubusercontent.com/phpenv/phpenv-installer/master/bin/phpenv-installer | bash +ENV PATH="/root/.phpenv/shims:/root/.phpenv/bin:$PATH" + +#go +RUN git clone https://github.com/syndbg/goenv.git $HOME/.goenv +ENV PATH="/root/.goenv/shims:/root/.goenv/bin:/go/bin:$PATH" +ENV GOENV_DISABLE_GOPATH=1 +ENV GOPATH="/go" + +#=======================End of layer: tools ================= +FROM tools AS runtimes + +#**************** .NET-CORE ******************************************************* + +ENV DOTNET_6_SDK_VERSION="6.0.410" +ENV DOTNET_ROOT="/root/.dotnet" + +# Add .NET Core 6 Global Tools install folder to PATH +RUN /usr/local/bin/dotnet-install.sh -v $DOTNET_6_SDK_VERSION \ + && dotnet --list-sdks \ + && rm -rf /tmp/* + +# Trigger the population of the local package cache +ENV NUGET_XMLDOC_MODE skip +RUN set -ex \ + && mkdir warmup \ + && cd warmup \ + && dotnet new \ + && cd .. \ + && rm -rf warmup \ + && rm -rf /tmp/NuGetScratch + +# Install Powershell Core +# See instructions at https://docs.microsoft.com/en-us/powershell/scripting/setup/installing-powershell-core-on-linux +ARG POWERSHELL_VERSION=7.3.4 +ARG POWERSHELL_DOWNLOAD_URL=https://github.com/PowerShell/PowerShell/releases/download/v$POWERSHELL_VERSION/powershell-$POWERSHELL_VERSION-linux-x64.tar.gz +ARG POWERSHELL_DOWNLOAD_SHA=E85D5544E13A924F8B2C4A5DC2D43ABE46E46633F89E8D138D39C0AAEACB9976 + +RUN set -ex \ + && curl -SL $POWERSHELL_DOWNLOAD_URL --output powershell.tar.gz \ + && echo "$POWERSHELL_DOWNLOAD_SHA powershell.tar.gz" | sha256sum -c - \ + && mkdir -p /opt/microsoft/powershell/$POWERSHELL_VERSION \ + && tar zxf powershell.tar.gz -C /opt/microsoft/powershell/$POWERSHELL_VERSION \ + && rm powershell.tar.gz \ + && ln -s /opt/microsoft/powershell/$POWERSHELL_VERSION/pwsh /usr/bin/pwsh +#**************** END .NET-CORE ******************************************************* + + +#**************** NODEJS **************************************************** + +ENV NODE_20_VERSION="20.10.0" + +RUN n $NODE_20_VERSION && npm install --save-dev -g -f grunt && npm install --save-dev -g -f grunt-cli && npm install --save-dev -g -f webpack \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \ + && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \ + && apt-get update && apt-get install -y -qq --no-install-recommends yarn \ + && yarn --version \ + && cd / && rm -rf $N_SRC_DIR && rm -rf /tmp/* + +#**************** END NODEJS **************************************************** + +#**************** RUBY ********************************************************* + +ENV RUBY_32_VERSION="3.2.2" + +RUN rbenv install $RUBY_32_VERSION && rm -rf /tmp/* \ + && rbenv global $RUBY_32_VERSION && ruby -v + +#**************** END RUBY ***************************************************** + +#**************** PYTHON ***************************************************** +ENV PYTHON_311_VERSION="3.11.4" + +ARG PYTHON_PIP_VERSION=23.1.1 +ENV PYYAML_VERSION=5.4.1 + +COPY tools/runtime_configs/python/$PYTHON_311_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_311_VERSION +RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_311_VERSION && rm -rf /tmp/* +RUN pyenv global $PYTHON_311_VERSION +RUN set -ex \ + && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ + && pip3 install wheel \ + && pip3 install --no-build-isolation "Cython<3" "PyYAML==$PYYAML_VERSION" \ + && pip3 install --no-cache-dir --upgrade 'setuptools==67.7.2' aws-sam-cli boto3 pipenv virtualenv \ + && pip3 uninstall cython --yes + +#**************** END PYTHON ***************************************************** + +#**************** PHP **************************************************** +ENV PHP_82_VERSION="8.2.7" + +COPY tools/runtime_configs/php/$PHP_82_VERSION /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_82_VERSION +RUN phpenv install $PHP_82_VERSION && rm -rf /tmp/* && phpenv global $PHP_82_VERSION +RUN echo "memory_limit = 1G;" >> "/root/.phpenv/versions/$PHP_82_VERSION/etc/conf.d/memory.ini" + +# Install Composer globally +RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer +#**************** END PHP **************************************************** + +#**************** GOLANG **************************************************** +ENV GOLANG_20_VERSION="1.20.5" + +RUN goenv install $GOLANG_20_VERSION && rm -rf /tmp/* && \ + goenv global $GOLANG_20_VERSION && \ + go env -w GO111MODULE=auto + +#**************** END GOLANG ******************************* + +#=======================End of layer: runtimes ================= + +FROM runtimes AS runtimes_n_corretto + +#**************** JAVA **************************************************** +ENV JAVA_17_HOME="/usr/lib/jvm/java-17-amazon-corretto" \ + JDK_17_HOME="/usr/lib/jvm/java-17-amazon-corretto" \ + JRE_17_HOME="/usr/lib/jvm/java-17-amazon-corretto" +ARG ANT_VERSION=1.10.13 +ARG MAVEN_HOME="/opt/maven" +ARG MAVEN_VERSION=3.9.2 +ARG GRADLE_VERSION=8.1.1 +ARG SBT_VERSION=1.8.3 +ARG GRADLE_PATH="$SRC_DIR/gradle" +ARG ANT_DOWNLOAD_SHA512="de4ac604629e39a86a306f0541adb3775596909ad92feb8b7de759b1b286417db24f557228737c8b902d6abf722d2ce5bb0c3baa3640cbeec3481e15ab1958c9" +ARG MAVEN_DOWNLOAD_SHA512="900bdeeeae550d2d2b3920fe0e00e41b0069f32c019d566465015bdd1b3866395cbe016e22d95d25d51d3a5e614af2c83ec9b282d73309f644859bbad08b63db" +ARG GRADLE_DOWNLOADS_SHA256="5625a0ae20fe000d9225d000b36909c7a0e0e8dda61c19b12da769add847c975 8.1.1" +ARG SBT_DOWNLOAD_SHA256="21F4210786FD68FD15DCA3F4C8EE9CAE0DB249C54E1B0EF6E829E9FA4936423A" + +ARG MAVEN_CONFIG_HOME="/root/.m2" + +ENV JAVA_HOME="$JAVA_17_HOME" \ + JDK_HOME="$JDK_17_HOME" \ + JRE_HOME="$JRE_17_HOME" + +ENV PATH="${PATH}:/opt/tools" + +RUN set -ex \ + && apt-get update \ + && apt-get install -y -qq software-properties-common apt-utils \ + # Install Corretto 17 + && wget -qO- https://apt.corretto.aws/corretto.key | apt-key add - \ + && add-apt-repository 'deb https://apt.corretto.aws stable main' \ + && apt-get update \ + && apt-get install -y -qq java-17-amazon-corretto-jdk \ + && apt-get install -y -qq --no-install-recommends ca-certificates-java \ + # Ensure Java cacerts symlink points to valid location + && update-ca-certificates -f \ + && dpkg --add-architecture i386 \ + && apt-get update \ + && for tool_path in $JAVA_HOME/bin/*; do \ + tool=`basename $tool_path`; \ + update-alternatives --install /usr/bin/$tool $tool $tool_path 10000; \ + update-alternatives --set $tool $tool_path; \ + done \ + && rm $JAVA_HOME/lib/security/cacerts && ln -s /etc/ssl/certs/java/cacerts $JAVA_HOME/lib/security/cacerts \ + # Install Ant + && curl -LSso /var/tmp/apache-ant-$ANT_VERSION-bin.tar.gz https://archive.apache.org/dist/ant/binaries/apache-ant-$ANT_VERSION-bin.tar.gz \ + && echo "$ANT_DOWNLOAD_SHA512 /var/tmp/apache-ant-$ANT_VERSION-bin.tar.gz" | sha512sum -c - \ + && tar -xzf /var/tmp/apache-ant-$ANT_VERSION-bin.tar.gz -C /opt \ + && rm /var/tmp/apache-ant-$ANT_VERSION-bin.tar.gz \ + && update-alternatives --install /usr/bin/ant ant /opt/apache-ant-$ANT_VERSION/bin/ant 10000 + +RUN set -ex \ + # Install Maven + && mkdir -p $MAVEN_HOME \ + && curl -LSso /var/tmp/apache-maven-$MAVEN_VERSION-bin.tar.gz https://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz \ + && echo "$MAVEN_DOWNLOAD_SHA512 /var/tmp/apache-maven-$MAVEN_VERSION-bin.tar.gz" | sha512sum -c - \ + && tar xzf /var/tmp/apache-maven-$MAVEN_VERSION-bin.tar.gz -C $MAVEN_HOME --strip-components=1 \ + && rm /var/tmp/apache-maven-$MAVEN_VERSION-bin.tar.gz \ + && update-alternatives --install /usr/bin/mvn mvn /opt/maven/bin/mvn 10000 \ + && mkdir -p $MAVEN_CONFIG_HOME \ + # Install Gradle + && mkdir -p $GRADLE_PATH \ + && wget -q "https://services.gradle.org/distributions/gradle-$GRADLE_VERSION-all.zip" -O "$GRADLE_PATH/gradle-$GRADLE_VERSION-all.zip" \ + && unzip -q "$GRADLE_PATH/gradle-$GRADLE_VERSION-all.zip" -d /usr/local \ + && echo "$GRADLE_DOWNLOADS_SHA256" | grep "$GRADLE_VERSION" | sed "s|$GRADLE_VERSION|$GRADLE_PATH/gradle-$GRADLE_VERSION-all.zip|" | sha256sum -c - \ + && rm "$GRADLE_PATH/gradle-$GRADLE_VERSION-all.zip" \ + && mkdir "/tmp/gradle-$GRADLE_VERSION" \ + && "/usr/local/gradle-$GRADLE_VERSION/bin/gradle" -p "/tmp/gradle-$GRADLE_VERSION" init \ + && "/usr/local/gradle-$GRADLE_VERSION/bin/gradle" -p "/tmp/gradle-$GRADLE_VERSION" wrapper \ + # Android Studio uses the "-all" distribution for it's wrapper script. + && perl -pi -e "s/gradle-$GRADLE_VERSION-bin.zip/gradle-$GRADLE_VERSION-all.zip/" "/tmp/gradle-$GRADLE_VERSION/gradle/wrapper/gradle-wrapper.properties" \ + && "/tmp/gradle-$GRADLE_VERSION/gradlew" -p "/tmp/gradle-$GRADLE_VERSION" init \ + && rm -rf "/tmp/gradle-$GRADLE_VERSION" \ + # Install default GRADLE_VERSION to path + && ln -s /usr/local/gradle-$GRADLE_VERSION/bin/gradle /usr/bin/gradle \ + && rm -rf $GRADLE_PATH \ + # Install SBT + && curl -fSL "https://github.com/sbt/sbt/releases/download/v${SBT_VERSION}/sbt-${SBT_VERSION}.tgz" -o sbt.tgz \ + && echo "${SBT_DOWNLOAD_SHA256} *sbt.tgz" | sha256sum -c - \ + && tar xzf sbt.tgz -C /usr/local/bin/ \ + && rm sbt.tgz + +ENV PATH "/usr/local/bin/sbt/bin:$PATH" +RUN sbt version -Dsbt.rootdir=true +# Cleanup +RUN rm -fr /var/lib/apt/lists/* /tmp/* /var/tmp/* \ + && apt-get clean +#**************** END JAVA **************************************************** + +#**************** DOCKER ********************************************* +ARG DOCKER_BUCKET="download.docker.com" +ARG DOCKER_CHANNEL="stable" +ARG DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" +ARG DOCKER_COMPOSE_VERSION="2.17.3" +ARG DOCKER_BUILDX_VERSION="0.11.0" +ARG SRC_DIR="/usr/src" + +ARG DOCKER_SHA256="544262F4A3621222AFB79960BFAD4D486935DAB80893478B5CC9CF8EBAF409AE" +ARG DOCKER_VERSION="23.0.6" + +# Install Docker +RUN set -ex \ + && curl -fSL "https://${DOCKER_BUCKET}/linux/static/${DOCKER_CHANNEL}/x86_64/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \ + && echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \ + && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ + && rm docker.tgz \ + && docker -v \ + # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box + && addgroup dockremap \ + && useradd -g dockremap dockremap \ + && echo 'dockremap:165536:65536' >> /etc/subuid \ + && echo 'dockremap:165536:65536' >> /etc/subgid \ + && wget -q "https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind" -O /usr/local/bin/dind \ + # Install docker compose as docker plugin and maintain docker-compose usage + && mkdir -p /usr/local/lib/docker/cli-plugins \ + && curl -L https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose \ + && chmod +x /usr/local/bin/dind /usr/local/lib/docker/cli-plugins/docker-compose \ + && ln -s /usr/local/lib/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose \ + # Ensure docker-compose and docker compose work + && docker-compose version \ + && docker compose version \ + # Add docker buildx tool + && curl -L https://github.com/docker/buildx/releases/download/v${DOCKER_BUILDX_VERSION}/buildx-v${DOCKER_BUILDX_VERSION}.linux-amd64 -o /usr/local/lib/docker/cli-plugins/docker-buildx \ + && chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx \ + && ln -s /usr/local/lib/docker/cli-plugins/docker-buildx /usr/local/bin/docker-buildx \ + # Ensure docker-buildx works + && docker-buildx version \ + && docker buildx version + +VOLUME /var/lib/docker +#*********************** END DOCKER **************************** + +#=======================End of layer: corretto ================= +FROM runtimes_n_corretto AS std_v7 + +# Activate runtime versions specific to image version. +RUN n $NODE_20_VERSION +RUN pyenv global $PYTHON_311_VERSION +RUN phpenv global $PHP_82_VERSION +RUN rbenv global $RUBY_32_VERSION +RUN goenv global $GOLANG_20_VERSION + +# Configure SSH +COPY ssh_config /root/.ssh/config +COPY runtimes.yml /codebuild/image/config/runtimes.yml +COPY dockerd-entrypoint.sh /usr/local/bin/dockerd-entrypoint.sh +COPY legal/bill_of_material.txt /usr/share/doc/bill_of_material.txt +COPY amazon-ssm-agent.json /etc/amazon/ssm/amazon-ssm-agent.json + +ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh"] + +#=======================END of STD:8.0 ================= diff --git a/ubuntu/standard/8.0/amazon-ssm-agent.json b/ubuntu/standard/8.0/amazon-ssm-agent.json new file mode 100644 index 00000000..acb8c83e --- /dev/null +++ b/ubuntu/standard/8.0/amazon-ssm-agent.json @@ -0,0 +1,45 @@ +{ + "Profile":{ + "ShareCreds" : true, + "ShareProfile" : "" + }, + "Mds": { + "CommandWorkersLimit" : 5, + "StopTimeoutMillis" : 20000, + "Endpoint": "", + "CommandRetryLimit": 15 + }, + "Ssm": { + "Endpoint": "", + "HealthFrequencyMinutes": 5, + "CustomInventoryDefaultLocation" : "", + "AssociationLogsRetentionDurationHours" : 24, + "RunCommandLogsRetentionDurationHours" : 336, + "SessionLogsRetentionDurationHours" : 336 + }, + "Mgs": { + "Region": "", + "Endpoint": "", + "StopTimeoutMillis" : 20000, + "SessionWorkersLimit" : 1000 + }, + "Agent": { + "Region": "", + "OrchestrationRootDir": "", + "ContainerMode": true + }, + "Os": { + "Lang": "en-US", + "Name": "", + "Version": "1" + }, + "S3": { + "Endpoint": "", + "Region": "", + "LogBucket":"", + "LogKey":"" + }, + "Kms": { + "Endpoint": "" + } +} diff --git a/ubuntu/standard/8.0/dockerd-entrypoint.sh b/ubuntu/standard/8.0/dockerd-entrypoint.sh new file mode 100644 index 00000000..1591be44 --- /dev/null +++ b/ubuntu/standard/8.0/dockerd-entrypoint.sh @@ -0,0 +1,23 @@ +#!/bin/sh +set -e + +/usr/local/bin/dockerd \ + --host=unix:///var/run/docker.sock \ + --host=tcp://127.0.0.1:2375 \ + --storage-driver=overlay2 &>/var/log/docker.log & + + +tries=0 +d_timeout=60 +until docker info >/dev/null 2>&1 +do + if [ "$tries" -gt "$d_timeout" ]; then + cat /var/log/docker.log + echo 'Timed out trying to connect to internal docker host.' >&2 + exit 1 + fi + tries=$(( $tries + 1 )) + sleep 1 +done + +eval "$@" diff --git a/ubuntu/standard/8.0/legal/bill_of_material.txt b/ubuntu/standard/8.0/legal/bill_of_material.txt new file mode 100644 index 00000000..c8760d1d --- /dev/null +++ b/ubuntu/standard/8.0/legal/bill_of_material.txt @@ -0,0 +1,270 @@ +The Amazon CodeBuild Product includes the following third-party software/licensing: + +---------------- +apt-transport-https : /usr/share/doc/apt-transport-https/copyright +---------------- +apt-utils : /usr/share/doc/apt-utils/copyright +---------------- +asciidoc : /usr/share/doc/asciidoc/copyright +---------------- +autoconf : /usr/share/doc/autoconf/copyright +---------------- +automake : /usr/share/doc/automake/copyright +---------------- +build-essential : /usr/share/doc/build-essential/copyright +---------------- +bzip2 : /usr/share/doc/bzip2/copyright +---------------- +bzr : /usr/share/doc/bzr/copyright +---------------- +ca-certificates-java : /usr/share/doc/ca-certificates-java/copyright +---------------- +curl : /usr/share/doc/curl/copyright +---------------- +dirmngr : /usr/share/doc/dirmngr/copyright +---------------- +docbook-xml : /usr/share/doc/docbook-xml/copyright +---------------- +docbook-xsl : /usr/share/doc/docbook-xsl/copyright +---------------- +dpkg-dev : /usr/share/doc/dpkg-dev/copyright +---------------- +e2fsprogs : /usr/share/doc/e2fsprogs/copyright +---------------- +expect : /usr/share/doc/expect/copyright +---------------- +fakeroot : /usr/share/doc/fakeroot/copyright +---------------- +file : /usr/share/doc/file/copyright +---------------- +g++ : /usr/share/doc/g++/copyright +---------------- +gcc : /usr/share/doc/gcc/copyright +---------------- +gettext : /usr/share/doc/gettext/copyright +---------------- +gettext-base : /usr/share/doc/gettext-base/copyright +---------------- +git : /usr/share/doc/git/copyright +---------------- +groff : /usr/share/doc/groff/copyright +---------------- +gzip : /usr/share/doc/gzip/copyright +---------------- +iptables : /usr/share/doc/iptables/copyright +---------------- +jq : /usr/share/doc/jq/copyright +---------------- +less : /usr/share/doc/less/copyright +---------------- +lib32gcc1 : /usr/share/doc/lib32gcc1/copyright +---------------- +lib32ncurses5 : /usr/share/doc/lib32ncurses5/copyright +---------------- +lib32stdc++6 : /usr/share/doc/lib32stdc++6/copyright +---------------- +lib32z1 : /usr/share/doc/lib32z1/copyright +---------------- +libapr1 : /usr/share/doc/libapr1/copyright +---------------- +libaprutil1 : /usr/share/doc/libaprutil1/copyright +---------------- +libargon2-0-dev : /usr/share/doc/libargon2-0-dev/copyright +---------------- +libasound2 : /usr/share/doc/libasound2/copyright +---------------- +libbz2-dev : /usr/share/doc/libbz2-dev/copyright +---------------- +libc6-dev : /usr/share/doc/libc6-dev/copyright +---------------- +libc6-i386 : /usr/share/doc/libc6-i386/copyright +---------------- +libcurl4-openssl-dev : /usr/share/doc/libcurl4-openssl-dev/copyright +---------------- +libdb-dev : /usr/share/doc/libdb-dev/copyright +---------------- +libdbd-sqlite3-perl : /usr/share/doc/libdbd-sqlite3-perl/copyright +---------------- +libdbi-perl : /usr/share/doc/libdbi-perl/copyright +---------------- +libdbus-1-3 : /usr/share/doc/libdbus-1-3/copyright +---------------- +libdbus-glib-1-2 : /usr/share/doc/libdbus-glib-1-2/copyright +---------------- +libdpkg-perl : /usr/share/doc/libdpkg-perl/copyright +---------------- +libedit-dev : /usr/share/doc/libedit-dev/copyright +---------------- +liberror-perl : /usr/share/doc/liberror-perl/copyright +---------------- +libevent-dev : /usr/share/doc/libevent-dev/copyright +---------------- +libffi-dev : /usr/share/doc/libffi-dev/copyright +---------------- +libgeoip-dev : /usr/share/doc/libgeoip-dev/copyright +---------------- +libglib2.0-0 : /usr/share/doc/libglib2.0-0/copyright +---------------- +libglib2.0-dev : /usr/share/doc/libglib2.0-dev/copyright +---------------- +libgtk-3-0 : /usr/share/doc/libgtk-3-0/copyright +---------------- +libhttp-date-perl : /usr/share/doc/libhttp-date-perl/copyright +---------------- +libio-pty-perl : /usr/share/doc/libio-pty-perl/copyright +---------------- +libjpeg-dev : /usr/share/doc/libjpeg-dev/copyright +---------------- +libkrb5-dev : /usr/share/doc/libkrb5-dev/copyright +---------------- +liblzma-dev : /usr/share/doc/liblzma-dev/copyright +---------------- +libmagickcore-dev : /usr/share/doc/libmagickcore-dev/copyright +---------------- +libmagickwand-dev : /usr/share/doc/libmagickwand-dev/copyright +---------------- +libmysqlclient-dev : /usr/share/doc/libmysqlclient-dev/copyright +---------------- +libncurses5-dev : /usr/share/doc/libncurses5-dev/copyright +---------------- +libncursesw5-dev : /usr/share/doc/libncursesw5-dev/copyright +---------------- +libonig-dev : /usr/share/doc/libonig-dev/copyright +---------------- +libpq-dev : /usr/share/doc/libpq-dev/copyright +---------------- +libqt5widgets5 : /usr/share/doc/libqt5widgets5/copyright +---------------- +libreadline-dev : /usr/share/doc/libreadline-dev/copyright +---------------- +libserf-1-1 : /usr/share/doc/libserf-1-1/copyright +---------------- +libsqlite3-dev : /usr/share/doc/libsqlite3-dev/copyright +---------------- +libssl-dev : /usr/share/doc/libssl-dev/copyright +---------------- +libsvn-perl : /usr/share/doc/libsvn-perl/copyright +---------------- +libsvn1 : /usr/share/doc/libsvn1/copyright +---------------- +libtcl8.6 : /usr/share/doc/libtcl8.6/copyright +---------------- +libtidy-dev : /usr/share/doc/libtidy-dev/copyright +---------------- +libtimedate-perl : /usr/share/doc/libtimedate-perl/copyright +---------------- +libtool : /usr/share/doc/libtool/copyright +---------------- +libwebp-dev : /usr/share/doc/libwebp-dev/copyright +---------------- +libxml2-dev : /usr/share/doc/libxml2-dev/copyright +---------------- +libxml2-utils : /usr/share/doc/libxml2-utils/copyright +---------------- +libxslt1-dev : /usr/share/doc/libxslt1-dev/copyright +---------------- +libyaml-dev : /usr/share/doc/libyaml-dev/copyright +---------------- +libyaml-perl : /usr/share/doc/libyaml-perl/copyright +---------------- +libzip-dev : /usr/share/doc/libzip-dev/copyright +---------------- +libzip4 : /usr/share/doc/libzip4/copyright +---------------- +llvm : /usr/share/doc/llvm/copyright +---------------- +locales : /usr/share/doc/locales/copyright +---------------- +make : /usr/share/doc/make/copyright +---------------- +mlocate : /usr/share/doc/mlocate/copyright +---------------- +netbase : /usr/share/doc/netbase/copyright +---------------- +openjdk-8-jdk : /usr/share/doc/openjdk-8-jdk/copyright +---------------- +openjdk-11-jdk : /usr/share/doc/openjdk-11-jre-headless/copyright +---------------- +openssh-client : /usr/share/doc/openssh-client/copyright +---------------- +openssl : /usr/share/doc/openssl/copyright +---------------- +patch : /usr/share/doc/patch/copyright +---------------- +pkg-config : /usr/share/doc/pkg-config/copyright +---------------- +procps : /usr/share/doc/procps/copyright +---------------- +python-bzrlib : /usr/share/doc/python-bzrlib/copyright +---------------- +python-configobj : /usr/share/doc/python-configobj/copyright +---------------- +python-openssl : /usr/share/doc/python-openssl/copyright +---------------- +python-setuptools : /usr/share/doc/python-setuptools/copyright +---------------- +rsync : /usr/share/doc/rsync/copyright +---------------- +sbt : /usr/share/doc/sbt/copyright +---------------- +sgml-base : /usr/share/doc/sgml-base/copyright +---------------- +sgml-data : /usr/share/doc/sgml-data/copyright +---------------- +software-properties-common : /usr/share/doc/software-properties-common/copyright +---------------- +tar : /usr/share/doc/tar/copyright +---------------- +tcl : /usr/share/doc/tcl/copyright +---------------- +tcl8.6 : /usr/share/doc/tcl8.6/copyright +---------------- +tk : /usr/share/doc/tk/copyright +---------------- +tk-dev : /usr/share/doc/tk-dev/copyright +---------------- +unzip : /usr/share/doc/unzip/copyright +---------------- +vim : /usr/share/doc/vim/copyright +---------------- +wget : /usr/share/doc/wget/copyright +---------------- +xfsprogs : /usr/share/doc/xfsprogs/copyright +---------------- +xml-core : /usr/share/doc/xml-core/copyright +---------------- +xmlto : /usr/share/doc/xmlto/copyright +---------------- +xsltproc : /usr/share/doc/xsltproc/copyright +---------------- +xvfb : /usr/share/doc/xvfb/copyright +---------------- +xz-utils : /usr/share/doc/xz-utils/copyright +---------------- +zip : /usr/share/doc/zip/copyright +---------------- +zlib1g-dev : /usr/share/doc/zlib1g-dev/copyright +---------------- +ruby :https://www.ruby-lang.org/en/about/license.txt +---------------- +python :https://docs.python.org/3/license.html +---------------- +php :https://www.php.net/license/index.php +---------------- +nodejs :https://github.com/nodejs/node/blob/master/LICENSE +---------------- +golang :https://golang.org/LICENSE +---------------- +dotnet :https://github.com/dotnet/core/blob/master/LICENSE.TXT +---------------- +Firefox :https://www.mozilla.org/en-US/MPL/ +---------------- +Chrome : https://www.google.com/intl/en_pk/chrome/privacy/eula_text.html +---------------- +stunnel : https://www.stunnel.org/gpl.html +---------------- +gitversion :https://github.com/GitTools/GitVersion/blob/master/LICENSE +---------------- +docker : https://www.docker.com/legal/components-licenses +---------------- + diff --git a/ubuntu/standard/8.0/runtimes.yml b/ubuntu/standard/8.0/runtimes.yml new file mode 100644 index 00000000..ad754493 --- /dev/null +++ b/ubuntu/standard/8.0/runtimes.yml @@ -0,0 +1,59 @@ +version: 0.1 + +runtimes: + java: + versions: + corretto17: + commands: + - echo "Installing Java version 17 ..." + + - export JAVA_HOME="$JAVA_17_HOME" + + - export JRE_HOME="$JRE_17_HOME" + + - export JDK_HOME="$JDK_17_HOME" + + - |- + for tool_path in "$JAVA_HOME"/bin/*; + do tool=`basename "$tool_path"`; + if [ $tool != 'java-rmi.cgi' ]; + then + update-alternatives --list "$tool" | grep -q "$tool_path" \ + && update-alternatives --set "$tool" "$tool_path"; + fi; + done + golang: + versions: + 1.20: + commands: + - echo "Installing Go version 1.20 ..." + - goenv global $GOLANG_20_VERSION + python: + versions: + 3.11: + commands: + - echo "Installing Python version 3.11 ..." + - pyenv global $PYTHON_311_VERSION + php: + versions: + 8.2: + commands: + - echo "Installing PHP version 8.2 ..." + - phpenv global $PHP_82_VERSION + ruby: + versions: + 3.2: + commands: + - echo "Installing Ruby version 3.2 ..." + - rbenv global $RUBY_32_VERSION + nodejs: + versions: + 20: + commands: + - echo "Installing Node.js version 20 ..." + - n $NODE_20_VERSION + dotnet: + versions: + 6.0: + commands: + - echo "Installing .NET version 6.0 ..." diff --git a/ubuntu/standard/8.0/ssh_config b/ubuntu/standard/8.0/ssh_config new file mode 100644 index 00000000..710e2754 --- /dev/null +++ b/ubuntu/standard/8.0/ssh_config @@ -0,0 +1,3 @@ +Host * + ConnectTimeout 10 + ConnectionAttempts 10 diff --git a/ubuntu/standard/8.0/tools/runtime_configs/php/8.2.7 b/ubuntu/standard/8.0/tools/runtime_configs/php/8.2.7 new file mode 100644 index 00000000..352b6d5b --- /dev/null +++ b/ubuntu/standard/8.0/tools/runtime_configs/php/8.2.7 @@ -0,0 +1,20 @@ +configure_option "--with-curl" +configure_option "--with-password-argon2" +configure_option "--with-pdo-pgsql" +configure_option "--with-libedit" + +PHP_BUILD_EXTRA_MAKE_ARGUMENTS="-j4" + +#https://github.com/php-build/php-build/blob/master/share/php-build/definitions/8.2.7 +#Don't change beyond this line + +configure_option "--enable-gd" +configure_option "--with-jpeg" +configure_option "--with-zip" +configure_option "--with-mhash" + +configure_option -D "--with-xmlrpc" + +install_package "https://www.php.net/distributions/php-8.2.7.tar.bz2" +install_xdebug "3.2.0" +enable_builtin_opcache \ No newline at end of file diff --git a/ubuntu/standard/8.0/tools/runtime_configs/python/3.11.4 b/ubuntu/standard/8.0/tools/runtime_configs/python/3.11.4 new file mode 100644 index 00000000..6cb3ca0d --- /dev/null +++ b/ubuntu/standard/8.0/tools/runtime_configs/python/3.11.4 @@ -0,0 +1,21 @@ +export PYTHON_CONFIGURE_OPTS="\ + --enable-shared + --enable-loadable-sqlite-extensions" + +# Don't change below this line. +# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.11.2 +# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.11.4 + +#require_gcc +prefer_openssl11 +export PYTHON_BUILD_CONFIGURE_WITH_OPENSSL=1 +export PYTHON_BUILD_TCLTK_USE_PKGCONFIG=1 +install_package "openssl-1.1.1s" "https://www.openssl.org/source/openssl-1.1.1s.tar.gz#c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18a6f74e4b6aa" mac_openssl --if has_broken_mac_openssl +install_package "readline-8.2" "https://ftpmirror.gnu.org/readline/readline-8.2.tar.gz#3feb7171f16a84ee82ca18a36d7b9be109a52c04f492a053331d7d1095007c35" mac_readline --if has_broken_mac_readline +if has_tar_xz_support; then + install_package "Python-3.11.2" "https://www.python.org/ftp/python/3.11.2/Python-3.11.2.tar.xz#29e4b8f5f1658542a8c13e2dd277358c9c48f2b2f7318652ef1675e402b9d2af" standard verify_py311 copy_python_gdb ensurepip + install_package "Python-3.11.4" "https://www.python.org/ftp/python/3.11.4/Python-3.11.4.tar.xz#2f0e409df2ab57aa9fc4cbddfb976af44e4e55bf6f619eee6bc5c2297264a7f6" standard verify_py311 copy_python_gdb ensurepip +else + install_package "Python-3.11.2" "https://www.python.org/ftp/python/3.11.2/Python-3.11.2.tgz#2411c74bda5bbcfcddaf4531f66d1adc73f247f529aee981b029513aefdbf849" standard verify_py311 copy_python_gdb ensurepip + install_package "Python-3.11.4" "https://www.python.org/ftp/python/3.11.4/Python-3.11.4.tgz#85c37a265e5c9dd9f75b35f954e31fbfc10383162417285e30ad25cc073a0d63" standard verify_py311 copy_python_gdb ensurepip +fi \ No newline at end of file