Merge pull request #12500 from chadlwilson/wolfi

Replace Alpine with Wolfi as primary server container image
gocd · Feb 4, 2024 · 846b80d · 846b80d
2 parents f6560ff + c55a8b4
commit 846b80d
Show file tree

Hide file tree

Showing 13 changed files with 95 additions and 70 deletions.
diff --git a/buildSrc/src/main/groovy/com/thoughtworks/go/build/docker/BuildDockerImageTask.groovy b/buildSrc/src/main/groovy/com/thoughtworks/go/build/docker/BuildDockerImageTask.groovy
@@ -65,6 +65,7 @@ class BuildDockerImageTask extends DefaultTask {
  }
 
  project.delete(gitRepoDirectory)
+ project.mkdir(gitRepoDirectory)
  def credentials = "${System.getenv("GIT_USER")}:${System.getenv("GIT_PASSWORD")}"
  project.exec {
  workingDir = project.rootProject.projectDir
@@ -210,33 +211,15 @@ class BuildDockerImageTask extends DefaultTask {
 
  @Internal
  String getGitHubRepoName() {
- if (imageType == ImageType.agent) {
- if (distro == Distro.docker) {
- return "docker-gocd-agent-dind"
- } else {
- return "docker-gocd-agent-${distro.name()}-${distroVersion.version}"
- }
- }
- if (distro == Distro.alpine) {
- return "docker-gocd-server"
- } else {
- return "docker-gocd-server-${distro.name()}-${distroVersion.version}"
- }
+ return "docker-${dockerImageName}"
  }
 
  @Internal
  String getDockerImageName() {
  if (imageType == ImageType.agent) {
- if (distro == Distro.docker) {
- return "gocd-agent-${distro.name()}-dind"
- } else {
- return "gocd-agent-${distro.name()}-${distroVersion.version}"
- }
- }
- if (distro == Distro.alpine) {
- return "gocd-server"
- } else {
- return "gocd-server-${distro.name()}-${distroVersion.version}"
+ return distro.isContinuousRelease() ? "gocd-agent-${distro.name()}" : "gocd-agent-${distro.name()}-${distroVersion.version}"
+ } else if (imageType == ImageType.server) {
+ return distro == Distro.wolfi ? "gocd-server" : "gocd-server-${distro.name()}-${distroVersion.version}"
  }
  }
 

diff --git a/buildSrc/src/main/groovy/com/thoughtworks/go/build/docker/Distro.groovy b/buildSrc/src/main/groovy/com/thoughtworks/go/build/docker/Distro.groovy
@@ -22,17 +22,19 @@ import org.gradle.api.Project
 
 enum Distro implements DistroBehavior {
 
- alpine{
+ alpine {
  @Override
  List<DistroVersion> getSupportedVersions() {
  return [ // See https://endoflife.date/alpine
- new DistroVersion(version: '3.16', releaseName: '3.16', eolDate: parseDate('2024-05-23')),
- new DistroVersion(version: '3.17', releaseName: '3.17', eolDate: parseDate('2024-11-22')),
- new DistroVersion(version: '3.18', releaseName: '3.18', eolDate: parseDate('2025-05-09')),
  new DistroVersion(version: '3.19', releaseName: '3.19', eolDate: parseDate('2025-11-01')),
  ]
  }
 
+ @Override
+ boolean isContinuousRelease() {
+ return true
+ }
+
  @Override
  List<String> getBaseImageUpdateCommands(DistroVersion v) {
  return ['apk --no-cache upgrade']
@@ -93,7 +95,51 @@ enum Distro implements DistroBehavior {
  }
  },
 
- centos{
+ wolfi {
+ @Override
+ Set<Architecture> getSupportedArchitectures() {
+ [Architecture.x64, Architecture.aarch64]
+ }
+
+ @Override
+ List<DistroVersion> getSupportedVersions() {
+ return [
+ new DistroVersion(version: 'latest', releaseName: 'latest', eolDate: parseDate('2099-01-01'))
+ ]
+ }
+
+ @Override
+ boolean isContinuousRelease() {
+ return true
+ }
+
+ @Override
+ String getBaseImageLocation(DistroVersion distroVersion) {
+ "cgr.dev/chainguard/wolfi-base"
+ }
+
+ @Override
+ List<String> getBaseImageUpdateCommands(DistroVersion v) {
+ return []
+ }
+
+ @Override
+ List<String> getCreateUserAndGroupCommands() {
+ return [
+ 'adduser -D -u ${UID} -s /bin/bash -G root go'
+ ]
+ }
+
+ @Override
+ List<String> getInstallPrerequisitesCommands(DistroVersion v) {
+ return [
+ // procps is needed for tanuki wrapper shell script
+ 'apk add --no-cache git openssh-client bash curl procps'
+ ]
+ }
+ },
+
+ centos {
  @Override
  Set<Architecture> getSupportedArchitectures() {
  [Architecture.x64, Architecture.aarch64]
@@ -136,7 +182,7 @@ enum Distro implements DistroBehavior {
  }
  },
 
- debian{
+ debian {
  @Override
  Set<Architecture> getSupportedArchitectures() {
  [Architecture.x64, Architecture.aarch64]
@@ -170,7 +216,7 @@ enum Distro implements DistroBehavior {
  }
  },
 
- ubuntu{
+ ubuntu {
  @Override
  Set<Architecture> getSupportedArchitectures() {
  debian.supportedArchitectures
@@ -195,7 +241,7 @@ enum Distro implements DistroBehavior {
  }
  },
 
- docker{
+ docker {
  @Override
  OperatingSystem getOperatingSystem() {
  return alpine.getOperatingSystem()
@@ -206,6 +252,13 @@ enum Distro implements DistroBehavior {
  return true
  }
 
+ @Override
+ List<DistroVersion> getSupportedVersions() {
+ return [
+ new DistroVersion(version: 'dind', releaseName: 'dind', eolDate: parseDate('2099-01-01'))
+ ]
+ }
+
  @Override
  List<String> getBaseImageUpdateCommands(DistroVersion v) {
  return alpine.getBaseImageUpdateCommands(v)
@@ -233,13 +286,6 @@ enum Distro implements DistroBehavior {
  Map<String, String> getEnvironmentVariables(DistroVersion v) {
  return alpine.getEnvironmentVariables(v)
  }
-
- @Override
- List<DistroVersion> getSupportedVersions() {
- return [
- new DistroVersion(version: 'dind', releaseName: 'dind', eolDate: parseDate('2099-01-01'))
- ]
- }
  }
 
  static Date parseDate(String date) {

diff --git a/buildSrc/src/main/groovy/com/thoughtworks/go/build/docker/DistroBehavior.groovy b/buildSrc/src/main/groovy/com/thoughtworks/go/build/docker/DistroBehavior.groovy
@@ -89,4 +89,8 @@ trait DistroBehavior {
  return false
  }
 
+ boolean isContinuousRelease() {
+ return false
+ }
+
 }
diff --git a/buildSrc/src/main/resources/gocd-docker-agent/README.md.ftl b/buildSrc/src/main/resources/gocd-docker-agent/README.md.ftl
@@ -1,6 +1,6 @@
-# GoCD Agent Docker image
+# GoCD Agent ${distro.name()?capitalize} Container image
 
-[GoCD agent](https://www.gocd.org) docker image based on ${distro} ${distroVersion.version}.
+[GoCD agent](https://www.gocd.org) container image based on ${distro.name()?capitalize} ${distroVersion.version}.
 
 <#if distroVersion.aboutToEol>
 # This image is deprecated
@@ -110,10 +110,6 @@ In this case, as the docker deamon will be the one mounting the volumes you defi
 If you run several agents container, you will need to overwrite the `VOLUME_DIR` environment variable to have a different path for your `/godata` for each of your GoCD agent containers (to avoid issues). For example, if the volume on your host for the first container is `/go-agent1/godata`, you will set the `VOLUME_DIR` environment data on your container to `/go-agent1/godata` and the `docker-entrypoint.sh` script will automatically manage it and make sure the agent stores its configuration, logs and pipelines there.
 </#if>
 
-# Running GoCD Containers as Non Root
-
-With release `v19.6.0`, GoCD containers will run as non-root user, by default. The Dockerized GoCD application will run with user `go` (uid: `1000`) and group `root` (gid: `0`) instead of running as user `root` (uid: `0`) and group `root` (gid: `0`). For more information, checkout [Running Dockerized GoCD Containers as Non Root](https://www.gocd.org/2019/06/25/GoCD-non-root-containers/) blog post.
-
 # Troubleshooting
 
 ## The GoCD agent does not connect to the server

diff --git a/buildSrc/src/main/resources/gocd-docker-server/README.md.ftl b/buildSrc/src/main/resources/gocd-docker-server/README.md.ftl
@@ -1,6 +1,6 @@
-# GoCD Server Docker image
+# GoCD Server Container image
 
-An ${distro.name()} based docker image for [GoCD server](https://www.gocd.org).
+A ${distro.name()?capitalize}-based container image for [GoCD server](https://www.gocd.org).
 
 # Issues, feedback?
 
@@ -14,7 +14,7 @@ Start the container with this:
 docker run -d -p8153:8153 gocd/${imageName}:v${goVersion}
 ```
 
-This will expose container ports 8153(http) onto your server.
+This will expose container port 8153 (http) onto your server.
 You can now open `http://localhost:8153`
 
 # Available configuration options
@@ -133,10 +133,6 @@ docker inspect --format='{{(index (index .NetworkSettings.IPAddress))}}' server
 docker inspect --format='{{(index (index .NetworkSettings.Ports "8153/tcp") 0).HostPort}}' server
 ```
 
-# Running GoCD Containers as Non Root
-
-With release `v19.6.0`, GoCD containers will run as non-root user, by default. The Dockerized GoCD application will run with user `go` (uid: `1000`) and group `root` (gid: `0`) instead of running as user `root` (uid: `0`) and group `root` (gid: `0`). For more information, checkout [Running Dockerized GoCD Containers as Non Root](https://www.gocd.org/2019/06/25/GoCD-non-root-containers/) blog post.
-
 # Troubleshooting
 
 ## The GoCD server does not come up

diff --git a/common/src/test/java/com/thoughtworks/go/remote/work/ArtifactRequestProcessorTestBase.java b/common/src/test/java/com/thoughtworks/go/remote/work/ArtifactRequestProcessorTestBase.java
@@ -64,7 +64,7 @@ public void shouldFailForAVersionOutsideOfSupportedVersions() {
  when(request.apiVersion()).thenReturn("3.0");
  when(request.api()).thenReturn(CONSOLE_LOG.requestName());
 
- when(request.requestBody()).thenReturn("{\"logLevel\":\"ERROR\",\"message\":\"Error while pushing docker image to registry: foo.\"}");
+ when(request.requestBody()).thenReturn("{\"logLevel\":\"ERROR\",\"message\":\"Error while pushing container image to registry: foo.\"}");
 
  RuntimeException exception = assertThrows(RuntimeException.class, () -> artifactRequestProcessorForPublish.process(descriptor, request));
 
@@ -73,38 +73,38 @@ public void shouldFailForAVersionOutsideOfSupportedVersions() {
 
  @Test
  public void shouldSendErrorLogToConsoleLogForPublish() {
- when(request.requestBody()).thenReturn("{\"logLevel\":\"ERROR\",\"message\":\"Error while pushing docker image to registry: foo.\"}");
+ when(request.requestBody()).thenReturn("{\"logLevel\":\"ERROR\",\"message\":\"Error while pushing container image to registry: foo.\"}");
 
  artifactRequestProcessorForPublish.process(descriptor, request);
 
- verify(goPublisher, times(1)).taggedConsumeLine(PUBLISH_ERR, "[cd.go.artifact.docker] Error while pushing docker image to registry: foo.");
+ verify(goPublisher, times(1)).taggedConsumeLine(PUBLISH_ERR, "[cd.go.artifact.docker] Error while pushing container image to registry: foo.");
  }
 
  @Test
  public void shouldSendInfoLogToConsoleLogForPublish() {
- when(request.requestBody()).thenReturn("{\"logLevel\":\"INFO\",\"message\":\"Pushing docker image to registry: foo.\"}");
+ when(request.requestBody()).thenReturn("{\"logLevel\":\"INFO\",\"message\":\"Pushing container image to registry: foo.\"}");
 
  artifactRequestProcessorForPublish.process(descriptor, request);
 
- verify(goPublisher, times(1)).taggedConsumeLine(PUBLISH, "[cd.go.artifact.docker] Pushing docker image to registry: foo.");
+ verify(goPublisher, times(1)).taggedConsumeLine(PUBLISH, "[cd.go.artifact.docker] Pushing container image to registry: foo.");
  }
 
  @Test
  public void shouldSendErrorLogToConsoleLogForFetch() {
- when(request.requestBody()).thenReturn("{\"logLevel\":\"ERROR\",\"message\":\"Error while pushing docker image to registry: foo.\"}");
+ when(request.requestBody()).thenReturn("{\"logLevel\":\"ERROR\",\"message\":\"Error while pushing container image to registry: foo.\"}");
 
  artifactRequestProcessorForFetch.process(descriptor, request);
 
- verify(goPublisher, times(1)).taggedConsumeLine(ERR, "[cd.go.artifact.docker] Error while pushing docker image to registry: foo.");
+ verify(goPublisher, times(1)).taggedConsumeLine(ERR, "[cd.go.artifact.docker] Error while pushing container image to registry: foo.");
  }
 
  @Test
  public void shouldSendInfoLogToConsoleLogForFetch() {
- when(request.requestBody()).thenReturn("{\"logLevel\":\"INFO\",\"message\":\"Pushing docker image to registry: foo.\"}");
+ when(request.requestBody()).thenReturn("{\"logLevel\":\"INFO\",\"message\":\"Pushing container image to registry: foo.\"}");
 
  artifactRequestProcessorForFetch.process(descriptor, request);
 
- verify(goPublisher, times(1)).taggedConsumeLine(OUT, "[cd.go.artifact.docker] Pushing docker image to registry: foo.");
+ verify(goPublisher, times(1)).taggedConsumeLine(OUT, "[cd.go.artifact.docker] Pushing container image to registry: foo.");
  }
 
  @Test