From 6760744b7fd5fcdf72ae8f4a2aedd463d577bf0c Mon Sep 17 00:00:00 2001 From: danbao Date: Sat, 20 Dec 2025 09:45:20 +0800 Subject: [PATCH 01/12] refactor: migrate to parameterized Dockerfile with centralized config - Replace 4 separate Dockerfiles with single parameterized Dockerfile - Use ghcr.io/ringcentral-docker/node as base image - Add versions/versions.json as single source of truth (12 combinations) - Create modular installation scripts with multi-arch support (amd64/arm64) - Update CI/CD workflow with dynamic matrix from versions.json - Support multi-platform builds (linux/amd64, linux/arm64) Breaking changes: - Base image changed from node:alpine to ringcentral/node (Ubuntu-based) - Image tags updated to new format: node{major}-jdk{version} --- .github/workflows/build-runner.yml | 153 -------------------- .github/workflows/build.yml | 215 +++++++++++++++++++++++++++++ .gitignore | 3 +- Dockerfile | 63 +++++++++ node_version.env | 3 - openjdk11-alpine/Dockerfile | 104 -------------- openjdk17-alpine/Dockerfile | 104 -------------- openjdk21-alpine/Dockerfile | 104 -------------- openjdk8-alpine/Dockerfile | 104 -------------- scripts/install-base.sh | 36 +++++ scripts/install-checkmarx.sh | 35 +++++ scripts/install-chromium.sh | 34 +++++ scripts/install-gradle.sh | 12 ++ scripts/install-sonar.sh | 23 +++ versions/versions.json | 160 +++++++++++++++++++++ 15 files changed, 580 insertions(+), 573 deletions(-) delete mode 100644 .github/workflows/build-runner.yml create mode 100644 .github/workflows/build.yml create mode 100644 Dockerfile delete mode 100644 node_version.env delete mode 100644 openjdk11-alpine/Dockerfile delete mode 100644 openjdk17-alpine/Dockerfile delete mode 100644 openjdk21-alpine/Dockerfile delete mode 100644 openjdk8-alpine/Dockerfile create mode 100644 scripts/install-base.sh create mode 100644 scripts/install-checkmarx.sh create mode 100644 scripts/install-chromium.sh create mode 100644 scripts/install-gradle.sh create mode 100644 scripts/install-sonar.sh create mode 100644 versions/versions.json diff --git a/.github/workflows/build-runner.yml b/.github/workflows/build-runner.yml deleted file mode 100644 index ea0f952..0000000 --- a/.github/workflows/build-runner.yml +++ /dev/null @@ -1,153 +0,0 @@ -name: Build web-tools Images - -on: - push: - branches: - - master - paths: - - 'openjdk*/*' - - 'node_version.env' - - '.github/workflows/build-runner.yml' - -jobs: - build: - runs-on: ubuntu-latest - strategy: - matrix: - jdk_version: [8, 11, 17, 21] - node_version: [18, 20, 22] - fail-fast: false - - steps: - - uses: actions/checkout@v4 - - - name: Docker login - env: - DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }} - DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - echo $DOCKER_HUB_PASSWORD | docker login --username $DOCKER_HUB_USERNAME --password-stdin - echo $GITHUB_TOKEN | docker login ghcr.io --username $GITHUB_ACTOR --password-stdin - - - name: Set Environment Variables - id: vars - run: | - JDK_DIR=openjdk${{ matrix.jdk_version }}-alpine - NODE_MAJOR_VERSION=${{ matrix.node_version }} - NODE_VERSION="$(awk -F '[=]' '/NODE_${{ matrix.node_version }}_VERSION/ {print $2}' node_version.env)" - if [[ -f ${JDK_DIR}/Dockerfile ]]; then - OPENJDK_VERSION="$(awk -F '[=]' '/ENV OPENJDK_VERSION/ {print $2}' ${JDK_DIR}/Dockerfile)" - echo $NODE_VERSION > ${JDK_DIR}/version.txt - echo $OPENJDK_VERSION > ${JDK_DIR}/openjdk_version.txt - else - NODE_VERSION=$(cat ${JDK_DIR}/version.txt) - OPENJDK_VERSION=$(cat ${JDK_DIR}/openjdk_version.txt) - fi - echo "JDK_DIR=${JDK_DIR}" >> $GITHUB_ENV - echo "NODE_VERSION=${NODE_VERSION}" >> $GITHUB_ENV - echo "OPENJDK_VERSION=${OPENJDK_VERSION}" >> $GITHUB_ENV - echo "NODE_MAJOR_VERSION=${NODE_MAJOR_VERSION}" >> $GITHUB_ENV - - - name: Build Docker Image - run: | - IMAGE_NAME=ringcentral/web-tools - sed -i "s/\$NODE_VERSION/$NODE_VERSION/g" ${JDK_DIR}/Dockerfile - docker build --tag ${IMAGE_NAME} --file ${JDK_DIR}/Dockerfile . - - - name: Tag and Push Docker Images - run: | - IMAGE_NAME=ringcentral/web-tools - GH_DOCKER_PKG_IMAGE_NAME=ghcr.io/ringcentral-docker/web-tools/web-tools - - docker tag "${IMAGE_NAME}" "${IMAGE_NAME}:node${NODE_MAJOR_VERSION}-openjdk${OPENJDK_VERSION}-alpine" - docker push "${IMAGE_NAME}:node${NODE_MAJOR_VERSION}-openjdk${OPENJDK_VERSION}-alpine" - docker tag "${IMAGE_NAME}" "${GH_DOCKER_PKG_IMAGE_NAME}:node${NODE_MAJOR_VERSION}-openjdk${OPENJDK_VERSION}-alpine" - docker push "${GH_DOCKER_PKG_IMAGE_NAME}:node${NODE_MAJOR_VERSION}-openjdk${OPENJDK_VERSION}-alpine" - - if [ "${{ matrix.jdk_version }}" -eq 21 ]; then - docker tag "${IMAGE_NAME}" "${IMAGE_NAME}:${NODE_VERSION}-alpine" - docker tag "${IMAGE_NAME}" "${IMAGE_NAME}:${NODE_MAJOR_VERSION}-alpine" - docker push "${IMAGE_NAME}:${NODE_VERSION}-alpine" - docker push "${IMAGE_NAME}:${NODE_MAJOR_VERSION}-alpine" - - docker tag "${IMAGE_NAME}" "${GH_DOCKER_PKG_IMAGE_NAME}:${NODE_VERSION}-alpine" - docker tag "${IMAGE_NAME}" "${GH_DOCKER_PKG_IMAGE_NAME}:${NODE_MAJOR_VERSION}-alpine" - docker push "${GH_DOCKER_PKG_IMAGE_NAME}:${NODE_VERSION}-alpine" - docker push "${GH_DOCKER_PKG_IMAGE_NAME}:${NODE_MAJOR_VERSION}-alpine" - - if [ "${{ matrix.node_version }}" -eq 22 ]; then - docker tag "${IMAGE_NAME}" "${IMAGE_NAME}:latest" - docker push "${IMAGE_NAME}:latest" - docker tag "${IMAGE_NAME}" "${GH_DOCKER_PKG_IMAGE_NAME}:latest" - docker push "${GH_DOCKER_PKG_IMAGE_NAME}:latest" - fi - fi - - - name: Generate README Update - run: | - IMAGE_NAME=ringcentral/web-tools - GH_DOCKER_PKG_IMAGE_NAME=ghcr.io/ringcentral-docker/web-tools/web-tools - if [ "${{ matrix.node_version }}" -eq 22 ]; then - NEW_ENTRY="| JDK${{ matrix.jdk_version }} | ${NODE_DIR} | \`${IMAGE_NAME}:node${NODE_MAJOR_VERSION}-openjdk${OPENJDK_VERSION}-alpine\` | \`${GH_DOCKER_PKG_IMAGE_NAME}:node${NODE_MAJOR_VERSION}-openjdk${OPENJDK_VERSION}-alpine\` |" - echo "${NEW_ENTRY}" > readme_updates_${{ matrix.jdk_version }}.txt - fi - - - name: Upload README Update - uses: actions/upload-artifact@v4 - with: - name: readme-updates-${{ matrix.jdk_version }} - path: readme_updates_${{ matrix.jdk_version }}.txt - - update-readme: - needs: build - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Download README Updates - uses: actions/download-artifact@v4 - with: - name: readme-updates-8 - path: ./readme-updates - - name: Download README Updates - uses: actions/download-artifact@v4 - with: - name: readme-updates-11 - path: ./readme-updates - - name: Download README Updates - uses: actions/download-artifact@v4 - with: - name: readme-updates-17 - path: ./readme-updates - - name: Download README Updates - uses: actions/download-artifact@v4 - with: - name: readme-updates-21 - path: ./readme-updates - - - name: Initialize README - run: | - echo "| JDK Version | Version | Docker Hub | GitHub Package |" > README.md - echo "|-------------|---------|------------|----------------|" >> README.md - - name: Update README - run: | - for file in ./readme-updates/readme_updates_*.txt; do - while IFS= read -r line; do - JDK_VERSION=$(echo $line | cut -d' ' -f2) - if grep -q "JDK${JDK_VERSION}" README.md; then - sed -i "/JDK${JDK_VERSION}/c\\$line" README.md - else - echo "$line" >> README.md - fi - done < "$file" - done - - - name: Commit README Update - run: | - git config --global user.name 'john.lin' - git config --global user.email 'john.lin@ringcentral.com' - git add README.md - git commit -m "Update README with Docker image info" - git push - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..714b7a7 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,215 @@ +name: Build Web Tools Images + +on: + push: + branches: + - master + paths: + - 'Dockerfile' + - 'versions/**' + - 'scripts/**' + - '.github/workflows/build.yml' + workflow_dispatch: + inputs: + version: + description: 'Specific version to build (e.g., node22-jdk21), or "all" for all versions' + required: false + default: 'all' + +env: + DOCKER_HUB_IMAGE: ringcentral/web-tools + GHCR_IMAGE: ghcr.io/ringcentral-docker/web-tools + +jobs: + # ============================================================================= + # Generate build matrix from versions.json + # ============================================================================= + prepare: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - uses: actions/checkout@v4 + + - name: Generate build matrix + id: set-matrix + run: | + if [[ "${{ github.event_name }}" == "workflow_dispatch" && "${{ github.event.inputs.version }}" != "all" ]]; then + MATRIX=$(jq -c --arg v "${{ github.event.inputs.version }}" \ + '{include: [.versions[] | select(.name == $v)]}' versions/versions.json) + else + MATRIX=$(jq -c '{include: .versions}' versions/versions.json) + fi + echo "matrix=${MATRIX}" >> $GITHUB_OUTPUT + + # ============================================================================= + # Build and push Docker images + # ============================================================================= + build: + needs: prepare + runs-on: ubuntu-latest + strategy: + matrix: ${{ fromJson(needs.prepare.outputs.matrix) }} + fail-fast: false + + steps: + - uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Generate Docker tags + id: meta + run: | + NAME="${{ matrix.name }}" + NODE_VERSION="${{ matrix.node_version }}" + NODE_MAJOR="${{ matrix.node_major }}" + JDK_VERSION="${{ matrix.jdk_version }}" + IS_LATEST="${{ matrix.is_latest }}" + + TAGS="" + for REGISTRY in "${{ env.DOCKER_HUB_IMAGE }}" "${{ env.GHCR_IMAGE }}"; do + # Primary tag: node22-jdk21 + TAGS="${TAGS}${REGISTRY}:${NAME}," + # Version tag: node22.11.0-jdk21 + TAGS="${TAGS}${REGISTRY}:node${NODE_VERSION}-jdk${JDK_VERSION}," + + # JDK21 gets additional alias tags + if [[ "${JDK_VERSION}" == "21" ]]; then + TAGS="${TAGS}${REGISTRY}:node${NODE_MAJOR}," + TAGS="${TAGS}${REGISTRY}:${NODE_VERSION}," + fi + + # Latest tag for node22-jdk21 + if [[ "${IS_LATEST}" == "true" ]]; then + TAGS="${TAGS}${REGISTRY}:latest," + fi + done + + echo "tags=${TAGS%,}" >> $GITHUB_OUTPUT + + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta.outputs.tags }} + build-args: | + BASE_IMAGE_TAG=${{ matrix.base_image_tag }} + GRADLE_VERSION=${{ matrix.gradle_version }} + SONAR_VERSION=${{ matrix.sonar_version }} + CX_FLOW_VERSION=${{ matrix.cx_flow_version }} + CX_FLOW_JAR=${{ matrix.cx_flow_jar }} + SCA_RESOLVER_VERSION=${{ matrix.sca_resolver_version }} + cache-from: type=gha,scope=${{ matrix.name }} + cache-to: type=gha,mode=max,scope=${{ matrix.name }} + + # ============================================================================= + # Update README - Generate directly from versions.json + # ============================================================================= + update-readme: + needs: build + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - uses: actions/checkout@v4 + + - name: Generate README from versions.json + run: | + cat > README.md << 'HEADER' + # Web Tools Docker Images + + Multi-platform Docker images with Node.js, Java, Maven, Gradle, and development tools. + + ## Supported Platforms + + - linux/amd64 + - linux/arm64 + + ## Available Images + + | Name | Node | JDK | Gradle | Docker Hub | GitHub Package | + |------|------|-----|--------|------------|----------------| + HEADER + + # Generate table rows from versions.json using jq + jq -r --arg hub "${{ env.DOCKER_HUB_IMAGE }}" \ + --arg ghcr "${{ env.GHCR_IMAGE }}" \ + '.versions[] | + "| \(.name) | \(.node_version) | \(.jdk_version) | \(.gradle_version) | `\($hub):\(.name)` | `\($ghcr):\(.name)` |" + ' versions/versions.json >> README.md + + cat >> README.md << 'FOOTER' + + ## Included Tools + + - **Node.js** - JavaScript runtime + - **Maven** - Java build tool + - **Gradle** - Build automation + - **Chromium** - Headless browser for Puppeteer + - **Sonar Scanner** - Code quality analysis + - **Checkmarx** - Security scanning (cx-flow, sca-resolver) + - **Git, Mercurial** - Version control + - **Python3** - For npm native modules + + ## Usage + + ```bash + # Pull from Docker Hub + docker pull ringcentral/web-tools:node22-jdk21 + + # Pull from GitHub Container Registry + docker pull ghcr.io/ringcentral-docker/web-tools:node22-jdk21 + + # Run + docker run -it ringcentral/web-tools:node22-jdk21 bash + ``` + + ## Build Locally + + ```bash + docker build \ + --build-arg BASE_IMAGE_TAG=22.11.0-jdk21 \ + --build-arg GRADLE_VERSION=8.5 \ + --build-arg SONAR_VERSION=4.8.0.2856 \ + --build-arg CX_FLOW_VERSION=1.7.11 \ + --build-arg CX_FLOW_JAR=cx-flow.jar \ + --build-arg SCA_RESOLVER_VERSION=2.12.36 \ + -t my-web-tools:node22-jdk21 . + ``` + + ## License + + MIT License + FOOTER + + - name: Commit README + run: | + git config --global user.name 'github-actions[bot]' + git config --global user.email 'github-actions[bot]@users.noreply.github.com' + git add README.md + if git diff --staged --quiet; then + echo "No changes to commit" + else + git commit -m "docs: update README with Docker image info" + git push + fi diff --git a/.gitignore b/.gitignore index c188842..b085086 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .idea -readme-updates \ No newline at end of file +readme-updates +.spec-workflow \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..4ce47fd --- /dev/null +++ b/Dockerfile @@ -0,0 +1,63 @@ +# Parameterized Web Tools Dockerfile +# +# Build example: +# docker build \ +# --build-arg BASE_IMAGE_TAG=22.11.0-jdk21 \ +# --build-arg GRADLE_VERSION=8.5 \ +# --build-arg SONAR_VERSION=4.8.0.2856 \ +# --build-arg CX_FLOW_VERSION=1.7.11 \ +# --build-arg CX_FLOW_JAR=cx-flow.jar \ +# --build-arg SCA_RESOLVER_VERSION=2.12.36 \ +# -t ringcentral/web-tools:node22-jdk21 . + +ARG BASE_IMAGE_TAG=22.11.0-jdk21 + +FROM ghcr.io/ringcentral-docker/node:${BASE_IMAGE_TAG} + +LABEL maintainer="john.lin@ringcentral.com" + +# Build arguments +ARG GRADLE_VERSION=8.5 +ARG SONAR_VERSION=4.8.0.2856 +ARG CX_FLOW_VERSION=1.7.11 +ARG CX_FLOW_JAR=cx-flow.jar +ARG SCA_RESOLVER_VERSION=2.12.36 + +# Environment variables +ENV GRADLE_VERSION=${GRADLE_VERSION} \ + SONAR_VERSION=${SONAR_VERSION} \ + CX_FLOW_VERSION=${CX_FLOW_VERSION} \ + SCA_RESOLVER_VERSION=${SCA_RESOLVER_VERSION} + +# Copy installation scripts +COPY scripts/ /tmp/scripts/ +RUN chmod +x /tmp/scripts/*.sh + +# Install base tools +RUN /tmp/scripts/install-base.sh + +# Install Gradle +RUN /tmp/scripts/install-gradle.sh + +# Install Puppeteer/Chromium dependencies +RUN /tmp/scripts/install-chromium.sh + +# Install Sonar Scanner +RUN /tmp/scripts/install-sonar.sh + +# Install Checkmarx tools +RUN /tmp/scripts/install-checkmarx.sh ${CX_FLOW_JAR} + +# Cleanup +RUN rm -rf /tmp/scripts /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Show versions +RUN java -version \ + && javac -version \ + && mvn -version \ + && gradle --version \ + && node --version \ + && npm version \ + && yarn --version \ + && python3 --version \ + && sonar-scanner --version || true diff --git a/node_version.env b/node_version.env deleted file mode 100644 index e639f21..0000000 --- a/node_version.env +++ /dev/null @@ -1,3 +0,0 @@ -NODE_18_VERSION=18.20.8 -NODE_20_VERSION=20.19.3 -NODE_22_VERSION=22.17.0 \ No newline at end of file diff --git a/openjdk11-alpine/Dockerfile b/openjdk11-alpine/Dockerfile deleted file mode 100644 index 4d21104..0000000 --- a/openjdk11-alpine/Dockerfile +++ /dev/null @@ -1,104 +0,0 @@ -FROM public.ecr.aws/docker/library/node:$NODE_VERSION-alpine - -# OpenJDK -ENV JAVA_HOME="/usr/lib/jvm/default-jvm" -ENV OPENJDK_VERSION=11 - -RUN apk update \ - && apk add --no-cache openjdk${OPENJDK_VERSION} \ - && rm -rf /var/cache/apk/* - -# Has to be set explictly to find binaries -ENV PATH="$PATH:${JAVA_HOME}/bin" - -# Required libraries -RUN apk add --no-cache git unzip zip curl jq yq && \ - rm -rf /var/cache/apk/* - -# Maven -RUN apk update \ - && apk add --no-cache maven \ - && rm -rf /var/cache/apk/* - -# Gradle -WORKDIR /opt - -ENV GRADLE_VERSION=7.6 - -RUN curl -sL https://downloads.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip > gradle.zip && \ - unzip gradle.zip && \ - rm gradle.zip && \ - rm -rf /var/cache/apk/* - -ENV PATH="$PATH:/opt/gradle-${GRADLE_VERSION}/bin" - -# Mercurial -RUN apk update \ - && apk add --no-cache mercurial \ - && rm -rf /var/cache/apk/* - -# rng-tools for FED Project -RUN apk update \ - && apk add --no-cache rng-tools \ - && rm -rf /var/cache/apk/* - -# bash for MAA project -RUN apk update \ - && apk add --no-cache bash openssh \ - && rm -rf /var/cache/apk/* - -# Tell Puppeteer to skip installing Chrome. We'll be using the installed package. -ENV CHROME_BIN=/usr/bin/chromium-browser \ - PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser \ - PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true - -# Puppeteer -# https://github.com/adrianchia/docker-node-puppeteer/blob/master/12/alpine/Dockerfile -# https://github.com/GoogleChrome/puppeteer/blob/master/docs/troubleshooting.md#running-on-alpine - -RUN apk update \ - && apk add --no-cache \ - chromium \ - nss \ - freetype \ - freetype-dev \ - harfbuzz \ - ca-certificates \ - ttf-freefont \ - && rm -rf /var/cache/apk/* - -# Sonar -# https://community.sonarsource.com/t/installing-sonar-scanner-in-alpine-linux-docker/7010 - -RUN curl -sL https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip -o sonar.zip && \ - unzip -qq sonar.zip && \ - rm sonar.zip && \ - ln -s /opt/sonar-scanner-4.6.2.2472-linux/bin/sonar-scanner /usr/local/bin/sonar-scanner && \ - sed -i 's/use_embedded_jre=true/use_embedded_jre=false/g' /opt/sonar-scanner-4.6.2.2472-linux/bin/sonar-scanner && \ - sonar-scanner --version - -# Python (needed for NPM install Gyp) - -RUN apk add --no-cache --virtual .gyp python3 make g++ - -# Checkmarx tools for Java 11 -ENV CX_FLOW_VERSION=1.6.46 SCA_RESOLVER_VERSION=2.12.36 - -RUN mkdir cx-flow && \ - curl -sL https://github.com/checkmarx-ltd/cx-flow/releases/download/${CX_FLOW_VERSION}/cx-flow-${CX_FLOW_VERSION}-java11.jar > ./cx-flow/cx-flow.jar - -RUN mkdir sca-resolver && \ - curl -sL "https://sca-downloads.s3.amazonaws.com/cli/${SCA_RESOLVER_VERSION}/ScaResolver-musl64.tar.gz" > ./sca-resolver/ScaResolver.tar.gz && \ - tar -vxzf ./sca-resolver/ScaResolver.tar.gz -C ./sca-resolver && \ - rm ./sca-resolver/ScaResolver.tar.gz - -#============== -# Show version -#============== -RUN java -version \ - && javac -version \ - && mvn -version \ - && node --version \ - && npm version \ - && yarn --version \ - && python3 --version diff --git a/openjdk17-alpine/Dockerfile b/openjdk17-alpine/Dockerfile deleted file mode 100644 index 732a8ee..0000000 --- a/openjdk17-alpine/Dockerfile +++ /dev/null @@ -1,104 +0,0 @@ -FROM public.ecr.aws/docker/library/node:$NODE_VERSION-alpine - -# OpenJDK -ENV JAVA_HOME="/usr/lib/jvm/default-jvm" -ENV OPENJDK_VERSION=17 - -RUN apk update \ - && apk add --no-cache openjdk${OPENJDK_VERSION} \ - && rm -rf /var/cache/apk/* - -# Has to be set explictly to find binaries -ENV PATH="$PATH:${JAVA_HOME}/bin" - -# Required libraries -RUN apk add --no-cache git unzip zip curl jq yq && \ - rm -rf /var/cache/apk/* - -# Maven -RUN apk update \ - && apk add --no-cache maven \ - && rm -rf /var/cache/apk/* - -# Gradle -WORKDIR /opt - -ENV GRADLE_VERSION=8.5 - -RUN curl -sL https://downloads.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip > gradle.zip && \ - unzip gradle.zip && \ - rm gradle.zip && \ - rm -rf /var/cache/apk/* - -ENV PATH="$PATH:/opt/gradle-${GRADLE_VERSION}/bin" - -# Mercurial -RUN apk update \ - && apk add --no-cache mercurial \ - && rm -rf /var/cache/apk/* - -# rng-tools for FED Project -RUN apk update \ - && apk add --no-cache rng-tools \ - && rm -rf /var/cache/apk/* - -# bash for MAA project -RUN apk update \ - && apk add --no-cache bash openssh \ - && rm -rf /var/cache/apk/* - -# Tell Puppeteer to skip installing Chrome. We'll be using the installed package. -ENV CHROME_BIN=/usr/bin/chromium-browser \ - PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser \ - PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true - -# Puppeteer -# https://github.com/adrianchia/docker-node-puppeteer/blob/master/12/alpine/Dockerfile -# https://github.com/GoogleChrome/puppeteer/blob/master/docs/troubleshooting.md#running-on-alpine - -RUN apk update \ - && apk add --no-cache \ - chromium \ - nss \ - freetype \ - freetype-dev \ - harfbuzz \ - ca-certificates \ - ttf-freefont \ - && rm -rf /var/cache/apk/* - -# Sonar -# https://community.sonarsource.com/t/installing-sonar-scanner-in-alpine-linux-docker/7010 - -RUN curl -sL https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856-linux.zip -o sonar.zip && \ - unzip -qq sonar.zip && \ - rm sonar.zip && \ - ln -s /opt/sonar-scanner-4.8.0.2856-linux/bin/sonar-scanner /usr/local/bin/sonar-scanner && \ - sed -i 's/use_embedded_jre=true/use_embedded_jre=false/g' /opt/sonar-scanner-4.8.0.2856-linux/bin/sonar-scanner && \ - sonar-scanner --version - -# Python (needed for NPM install Gyp) - -RUN apk add --no-cache --virtual .gyp python3 make g++ - -# Checkmarx tools for Java 17+ -ENV CX_FLOW_VERSION=1.7.11 SCA_RESOLVER_VERSION=2.12.36 - -RUN mkdir cx-flow && \ - curl -sL https://github.com/checkmarx-ltd/cx-flow/releases/download/${CX_FLOW_VERSION}/cx-flow-${CX_FLOW_VERSION}.jar > ./cx-flow/cx-flow.jar - -RUN mkdir sca-resolver && \ - curl -sL "https://sca-downloads.s3.amazonaws.com/cli/${SCA_RESOLVER_VERSION}/ScaResolver-musl64.tar.gz" > ./sca-resolver/ScaResolver.tar.gz && \ - tar -vxzf ./sca-resolver/ScaResolver.tar.gz -C ./sca-resolver && \ - rm ./sca-resolver/ScaResolver.tar.gz - -#============== -# Show version -#============== -RUN java -version \ - && javac -version \ - && mvn -version \ - && node --version \ - && npm version \ - && yarn --version \ - && python3 --version diff --git a/openjdk21-alpine/Dockerfile b/openjdk21-alpine/Dockerfile deleted file mode 100644 index b4e077b..0000000 --- a/openjdk21-alpine/Dockerfile +++ /dev/null @@ -1,104 +0,0 @@ -FROM public.ecr.aws/docker/library/node:$NODE_VERSION-alpine - -# OpenJDK -ENV JAVA_HOME="/usr/lib/jvm/default-jvm" -ENV OPENJDK_VERSION=21 - -RUN apk update \ - && apk add --no-cache openjdk${OPENJDK_VERSION} \ - && rm -rf /var/cache/apk/* - -# Has to be set explictly to find binaries -ENV PATH="$PATH:${JAVA_HOME}/bin" - -# Required libraries -RUN apk add --no-cache git unzip zip curl jq yq && \ - rm -rf /var/cache/apk/* - -# Maven -RUN apk update \ - && apk add --no-cache maven \ - && rm -rf /var/cache/apk/* - -# Gradle -WORKDIR /opt - -ENV GRADLE_VERSION=8.5 - -RUN curl -sL https://downloads.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip > gradle.zip && \ - unzip gradle.zip && \ - rm gradle.zip && \ - rm -rf /var/cache/apk/* - -ENV PATH="$PATH:/opt/gradle-${GRADLE_VERSION}/bin" - -# Mercurial -RUN apk update \ - && apk add --no-cache mercurial \ - && rm -rf /var/cache/apk/* - -# rng-tools for FED Project -RUN apk update \ - && apk add --no-cache rng-tools \ - && rm -rf /var/cache/apk/* - -# bash for MAA project -RUN apk update \ - && apk add --no-cache bash openssh \ - && rm -rf /var/cache/apk/* - -# Tell Puppeteer to skip installing Chrome. We'll be using the installed package. -ENV CHROME_BIN=/usr/bin/chromium-browser \ - PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser \ - PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true - -# Puppeteer -# https://github.com/adrianchia/docker-node-puppeteer/blob/master/12/alpine/Dockerfile -# https://github.com/GoogleChrome/puppeteer/blob/master/docs/troubleshooting.md#running-on-alpine - -RUN apk update \ - && apk add --no-cache \ - chromium \ - nss \ - freetype \ - freetype-dev \ - harfbuzz \ - ca-certificates \ - ttf-freefont \ - && rm -rf /var/cache/apk/* - -# Sonar -# https://community.sonarsource.com/t/installing-sonar-scanner-in-alpine-linux-docker/7010 - -RUN curl -sL https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856-linux.zip -o sonar.zip && \ - unzip -qq sonar.zip && \ - rm sonar.zip && \ - ln -s /opt/sonar-scanner-4.8.0.2856-linux/bin/sonar-scanner /usr/local/bin/sonar-scanner && \ - sed -i 's/use_embedded_jre=true/use_embedded_jre=false/g' /opt/sonar-scanner-4.8.0.2856-linux/bin/sonar-scanner && \ - sonar-scanner --version - -# Python (needed for NPM install Gyp) - -RUN apk add --no-cache --virtual .gyp python3 make g++ - -# Checkmarx tools for Java 17+ -ENV CX_FLOW_VERSION=1.7.11 SCA_RESOLVER_VERSION=2.12.36 - -RUN mkdir cx-flow && \ - curl -sL https://github.com/checkmarx-ltd/cx-flow/releases/download/${CX_FLOW_VERSION}/cx-flow-${CX_FLOW_VERSION}.jar > ./cx-flow/cx-flow.jar - -RUN mkdir sca-resolver && \ - curl -sL "https://sca-downloads.s3.amazonaws.com/cli/${SCA_RESOLVER_VERSION}/ScaResolver-musl64.tar.gz" > ./sca-resolver/ScaResolver.tar.gz && \ - tar -vxzf ./sca-resolver/ScaResolver.tar.gz -C ./sca-resolver && \ - rm ./sca-resolver/ScaResolver.tar.gz - -#============== -# Show version -#============== -RUN java -version \ - && javac -version \ - && mvn -version \ - && node --version \ - && npm version \ - && yarn --version \ - && python3 --version diff --git a/openjdk8-alpine/Dockerfile b/openjdk8-alpine/Dockerfile deleted file mode 100644 index c58867d..0000000 --- a/openjdk8-alpine/Dockerfile +++ /dev/null @@ -1,104 +0,0 @@ -FROM public.ecr.aws/docker/library/node:$NODE_VERSION-alpine - -# OpenJDK -ENV JAVA_HOME="/usr/lib/jvm/default-jvm" -ENV OPENJDK_VERSION=8 - -RUN apk update \ - && apk add --no-cache openjdk${OPENJDK_VERSION} \ - && rm -rf /var/cache/apk/* - -# Has to be set explictly to find binaries -ENV PATH="$PATH:${JAVA_HOME}/bin" - -# Required libraries -RUN apk add --no-cache git unzip zip curl jq yq && \ - rm -rf /var/cache/apk/* - -# Maven -RUN apk update \ - && apk add --no-cache maven \ - && rm -rf /var/cache/apk/* - -# Gradle -WORKDIR /opt - -ENV GRADLE_VERSION=7.6 - -RUN curl -sL https://downloads.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip > gradle.zip && \ - unzip gradle.zip && \ - rm gradle.zip && \ - rm -rf /var/cache/apk/* - -ENV PATH="$PATH:/opt/gradle-${GRADLE_VERSION}/bin" - -# Mercurial -RUN apk update \ - && apk add --no-cache mercurial \ - && rm -rf /var/cache/apk/* - -# rng-tools for FED Project -RUN apk update \ - && apk add --no-cache rng-tools \ - && rm -rf /var/cache/apk/* - -# bash for MAA project -RUN apk update \ - && apk add --no-cache bash openssh \ - && rm -rf /var/cache/apk/* - -# Tell Puppeteer to skip installing Chrome. We'll be using the installed package. -ENV CHROME_BIN=/usr/bin/chromium-browser \ - PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser \ - PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true - -# Puppeteer -# https://github.com/adrianchia/docker-node-puppeteer/blob/master/12/alpine/Dockerfile -# https://github.com/GoogleChrome/puppeteer/blob/master/docs/troubleshooting.md#running-on-alpine - -RUN apk update \ - && apk add --no-cache \ - chromium \ - nss \ - freetype \ - freetype-dev \ - harfbuzz \ - ca-certificates \ - ttf-freefont \ - && rm -rf /var/cache/apk/* - -# Sonar -# https://community.sonarsource.com/t/installing-sonar-scanner-in-alpine-linux-docker/7010 - -RUN curl -sL https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip -o sonar.zip && \ - unzip -qq sonar.zip && \ - rm sonar.zip && \ - ln -s /opt/sonar-scanner-4.6.2.2472-linux/bin/sonar-scanner /usr/local/bin/sonar-scanner && \ - sed -i 's/use_embedded_jre=true/use_embedded_jre=false/g' /opt/sonar-scanner-4.6.2.2472-linux/bin/sonar-scanner && \ - sonar-scanner --version - -# Python (needed for NPM install Gyp) - -RUN apk add --no-cache --virtual .gyp python3 make g++ - -# Checkmarx tools for Java 8 -ENV CX_FLOW_VERSION=1.6.46 SCA_RESOLVER_VERSION=2.12.36 - -RUN mkdir cx-flow && \ - curl -sL https://github.com/checkmarx-ltd/cx-flow/releases/download/${CX_FLOW_VERSION}/cx-flow-${CX_FLOW_VERSION}.jar > ./cx-flow/cx-flow.jar - -RUN mkdir sca-resolver && \ - curl -sL "https://sca-downloads.s3.amazonaws.com/cli/${SCA_RESOLVER_VERSION}/ScaResolver-musl64.tar.gz" > ./sca-resolver/ScaResolver.tar.gz && \ - tar -vxzf ./sca-resolver/ScaResolver.tar.gz -C ./sca-resolver && \ - rm ./sca-resolver/ScaResolver.tar.gz - -#============== -# Show version -#============== -RUN java -version \ - && javac -version \ - && mvn -version \ - && node --version \ - && npm version \ - && yarn --version \ - && python3 --version diff --git a/scripts/install-base.sh b/scripts/install-base.sh new file mode 100644 index 0000000..a376941 --- /dev/null +++ b/scripts/install-base.sh @@ -0,0 +1,36 @@ +#!/bin/bash +set -e + +echo "Installing base tools..." + +apt-get update && apt-get install -y --no-install-recommends \ + git \ + unzip \ + zip \ + curl \ + wget \ + jq \ + bash \ + openssh-client \ + mercurial \ + rng-tools \ + python3 \ + python3-pip \ + make \ + g++ \ + ca-certificates \ + gnupg \ + && rm -rf /var/lib/apt/lists/* + +# Install yq +YQ_VERSION="v4.50.1" +ARCH=$(dpkg --print-architecture) +case "${ARCH}" in + amd64) YQ_ARCH="amd64" ;; + arm64) YQ_ARCH="arm64" ;; + *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; +esac +curl -sL "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_${YQ_ARCH}" -o /usr/local/bin/yq \ + && chmod +x /usr/local/bin/yq + +echo "Base tools installed successfully." diff --git a/scripts/install-checkmarx.sh b/scripts/install-checkmarx.sh new file mode 100644 index 0000000..4ef980a --- /dev/null +++ b/scripts/install-checkmarx.sh @@ -0,0 +1,35 @@ +#!/bin/bash +set -e + +CX_FLOW_JAR=${1:-cx-flow.jar} + +echo "Installing Checkmarx tools..." +echo " CX_FLOW_VERSION: ${CX_FLOW_VERSION}" +echo " CX_FLOW_JAR: ${CX_FLOW_JAR}" +echo " SCA_RESOLVER_VERSION: ${SCA_RESOLVER_VERSION}" + +# Detect architecture +ARCH=$(dpkg --print-architecture) +case "${ARCH}" in + amd64) SCA_ARCH="linux64" ;; + arm64) SCA_ARCH="linux-arm64" ;; + *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; +esac + +echo " Architecture: ${ARCH} -> ${SCA_ARCH}" + +cd /opt + +# Install cx-flow (Java-based, architecture independent) +mkdir -p cx-flow +curl -sL "https://github.com/checkmarx-ltd/cx-flow/releases/download/${CX_FLOW_VERSION}/${CX_FLOW_JAR}" \ + -o ./cx-flow/cx-flow.jar + +# Install sca-resolver (architecture specific) +mkdir -p sca-resolver +curl -sL "https://sca-downloads.s3.amazonaws.com/cli/${SCA_RESOLVER_VERSION}/ScaResolver-${SCA_ARCH}.tar.gz" \ + -o ./sca-resolver/ScaResolver.tar.gz \ + && tar -xzf ./sca-resolver/ScaResolver.tar.gz -C ./sca-resolver \ + && rm ./sca-resolver/ScaResolver.tar.gz + +echo "Checkmarx tools installed successfully." diff --git a/scripts/install-chromium.sh b/scripts/install-chromium.sh new file mode 100644 index 0000000..f6631ec --- /dev/null +++ b/scripts/install-chromium.sh @@ -0,0 +1,34 @@ +#!/bin/bash +set -e + +echo "Installing Chromium and Puppeteer dependencies..." + +# Install Chromium and dependencies for Puppeteer +apt-get update && apt-get install -y --no-install-recommends \ + chromium \ + chromium-sandbox \ + fonts-liberation \ + fonts-dejavu-core \ + libgbm1 \ + libnss3 \ + libatk1.0-0 \ + libatk-bridge2.0-0 \ + libcups2 \ + libdrm2 \ + libxkbcommon0 \ + libxcomposite1 \ + libxdamage1 \ + libxfixes3 \ + libxrandr2 \ + libpango-1.0-0 \ + libcairo2 \ + libasound2 \ + && rm -rf /var/lib/apt/lists/* + +# Set Puppeteer environment variables +echo 'export CHROME_BIN=/usr/bin/chromium' >> /etc/profile.d/chromium.sh +echo 'export PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium' >> /etc/profile.d/chromium.sh +echo 'export PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true' >> /etc/profile.d/chromium.sh +chmod +x /etc/profile.d/chromium.sh + +echo "Chromium and Puppeteer dependencies installed successfully." diff --git a/scripts/install-gradle.sh b/scripts/install-gradle.sh new file mode 100644 index 0000000..051459c --- /dev/null +++ b/scripts/install-gradle.sh @@ -0,0 +1,12 @@ +#!/bin/bash +set -e + +echo "Installing Gradle ${GRADLE_VERSION}..." + +cd /opt +curl -sL "https://downloads.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip" -o gradle.zip \ + && unzip -q gradle.zip \ + && rm gradle.zip \ + && ln -s /opt/gradle-${GRADLE_VERSION}/bin/gradle /usr/local/bin/gradle + +echo "Gradle ${GRADLE_VERSION} installed successfully." diff --git a/scripts/install-sonar.sh b/scripts/install-sonar.sh new file mode 100644 index 0000000..f0c18d1 --- /dev/null +++ b/scripts/install-sonar.sh @@ -0,0 +1,23 @@ +#!/bin/bash +set -e + +echo "Installing Sonar Scanner ${SONAR_VERSION}..." + +# Detect architecture +ARCH=$(dpkg --print-architecture) +case "${ARCH}" in + amd64) SONAR_ARCH="linux-x64" ;; + arm64) SONAR_ARCH="linux-aarch64" ;; + *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; +esac + +echo " Architecture: ${ARCH} -> ${SONAR_ARCH}" + +cd /opt +curl -sL "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_VERSION}-${SONAR_ARCH}.zip" -o sonar.zip \ + && unzip -q sonar.zip \ + && rm sonar.zip \ + && ln -s /opt/sonar-scanner-${SONAR_VERSION}-${SONAR_ARCH}/bin/sonar-scanner /usr/local/bin/sonar-scanner \ + && sed -i 's/use_embedded_jre=true/use_embedded_jre=false/g' /opt/sonar-scanner-${SONAR_VERSION}-${SONAR_ARCH}/bin/sonar-scanner + +echo "Sonar Scanner ${SONAR_VERSION} installed successfully." diff --git a/versions/versions.json b/versions/versions.json new file mode 100644 index 0000000..51baad6 --- /dev/null +++ b/versions/versions.json @@ -0,0 +1,160 @@ +{ + "versions": [ + { + "name": "node18-jdk8", + "node_version": "18.20.5", + "node_major": "18", + "jdk_version": "8", + "base_image_tag": "18.20.5-jdk8", + "gradle_version": "7.6", + "sonar_version": "4.6.2.2472", + "cx_flow_version": "1.6.46", + "cx_flow_jar": "cx-flow.jar", + "sca_resolver_version": "2.12.36", + "is_latest": false + }, + { + "name": "node20-jdk8", + "node_version": "20.18.0", + "node_major": "20", + "jdk_version": "8", + "base_image_tag": "20.18.0-jdk8", + "gradle_version": "7.6", + "sonar_version": "4.6.2.2472", + "cx_flow_version": "1.6.46", + "cx_flow_jar": "cx-flow.jar", + "sca_resolver_version": "2.12.36", + "is_latest": false + }, + { + "name": "node22-jdk8", + "node_version": "22.11.0", + "node_major": "22", + "jdk_version": "8", + "base_image_tag": "22.11.0-jdk8", + "gradle_version": "7.6", + "sonar_version": "4.6.2.2472", + "cx_flow_version": "1.6.46", + "cx_flow_jar": "cx-flow.jar", + "sca_resolver_version": "2.12.36", + "is_latest": false + }, + { + "name": "node18-jdk11", + "node_version": "18.20.5", + "node_major": "18", + "jdk_version": "11", + "base_image_tag": "18.20.5-jdk11", + "gradle_version": "7.6", + "sonar_version": "4.6.2.2472", + "cx_flow_version": "1.6.46", + "cx_flow_jar": "cx-flow-java11.jar", + "sca_resolver_version": "2.12.36", + "is_latest": false + }, + { + "name": "node20-jdk11", + "node_version": "20.18.0", + "node_major": "20", + "jdk_version": "11", + "base_image_tag": "20.18.0-jdk11", + "gradle_version": "7.6", + "sonar_version": "4.6.2.2472", + "cx_flow_version": "1.6.46", + "cx_flow_jar": "cx-flow-java11.jar", + "sca_resolver_version": "2.12.36", + "is_latest": false + }, + { + "name": "node22-jdk11", + "node_version": "22.11.0", + "node_major": "22", + "jdk_version": "11", + "base_image_tag": "22.11.0-jdk11", + "gradle_version": "7.6", + "sonar_version": "4.6.2.2472", + "cx_flow_version": "1.6.46", + "cx_flow_jar": "cx-flow-java11.jar", + "sca_resolver_version": "2.12.36", + "is_latest": false + }, + { + "name": "node18-jdk17", + "node_version": "18.20.5", + "node_major": "18", + "jdk_version": "17", + "base_image_tag": "18.20.5-jdk17", + "gradle_version": "8.5", + "sonar_version": "4.8.0.2856", + "cx_flow_version": "1.7.11", + "cx_flow_jar": "cx-flow.jar", + "sca_resolver_version": "2.12.36", + "is_latest": false + }, + { + "name": "node20-jdk17", + "node_version": "20.18.0", + "node_major": "20", + "jdk_version": "17", + "base_image_tag": "20.18.0-jdk17", + "gradle_version": "8.5", + "sonar_version": "4.8.0.2856", + "cx_flow_version": "1.7.11", + "cx_flow_jar": "cx-flow.jar", + "sca_resolver_version": "2.12.36", + "is_latest": false + }, + { + "name": "node22-jdk17", + "node_version": "22.11.0", + "node_major": "22", + "jdk_version": "17", + "base_image_tag": "22.11.0-jdk17", + "gradle_version": "8.5", + "sonar_version": "4.8.0.2856", + "cx_flow_version": "1.7.11", + "cx_flow_jar": "cx-flow.jar", + "sca_resolver_version": "2.12.36", + "is_latest": false + }, + { + "name": "node18-jdk21", + "node_version": "18.20.5", + "node_major": "18", + "jdk_version": "21", + "base_image_tag": "18.20.5-jdk21", + "gradle_version": "8.5", + "sonar_version": "4.8.0.2856", + "cx_flow_version": "1.7.11", + "cx_flow_jar": "cx-flow.jar", + "sca_resolver_version": "2.12.36", + "is_latest": false + }, + { + "name": "node20-jdk21", + "node_version": "20.18.0", + "node_major": "20", + "jdk_version": "21", + "base_image_tag": "20.18.0-jdk21", + "gradle_version": "8.5", + "sonar_version": "4.8.0.2856", + "cx_flow_version": "1.7.11", + "cx_flow_jar": "cx-flow.jar", + "sca_resolver_version": "2.12.36", + "is_latest": false + }, + { + "name": "node22-jdk21", + "node_version": "22.11.0", + "node_major": "22", + "jdk_version": "21", + "base_image_tag": "22.11.0-jdk21", + "gradle_version": "8.5", + "sonar_version": "4.8.0.2856", + "cx_flow_version": "1.7.11", + "cx_flow_jar": "cx-flow.jar", + "sca_resolver_version": "2.12.36", + "is_latest": true + } + ] +} From 80f2e053d6b2d4e43c3c34a2f59dbcd88b05f01e Mon Sep 17 00:00:00 2001 From: danbao Date: Sat, 20 Dec 2025 09:49:58 +0800 Subject: [PATCH 02/12] refactor: remove JDK21 special alias tags for clarity --- .github/workflows/build.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 714b7a7..0c290d1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -90,12 +90,6 @@ jobs: # Version tag: node22.11.0-jdk21 TAGS="${TAGS}${REGISTRY}:node${NODE_VERSION}-jdk${JDK_VERSION}," - # JDK21 gets additional alias tags - if [[ "${JDK_VERSION}" == "21" ]]; then - TAGS="${TAGS}${REGISTRY}:node${NODE_MAJOR}," - TAGS="${TAGS}${REGISTRY}:${NODE_VERSION}," - fi - # Latest tag for node22-jdk21 if [[ "${IS_LATEST}" == "true" ]]; then TAGS="${TAGS}${REGISTRY}:latest," From de03347b494d1167f05b6defce73544fae0199b0 Mon Sep 17 00:00:00 2001 From: danbao Date: Sat, 20 Dec 2025 09:52:49 +0800 Subject: [PATCH 03/12] refactor: remove deprecated Node 18 versions from versions.json for clarity --- versions/versions.json | 52 ------------------------------------------ 1 file changed, 52 deletions(-) diff --git a/versions/versions.json b/versions/versions.json index 51baad6..1584d3b 100644 --- a/versions/versions.json +++ b/versions/versions.json @@ -1,18 +1,5 @@ { "versions": [ - { - "name": "node18-jdk8", - "node_version": "18.20.5", - "node_major": "18", - "jdk_version": "8", - "base_image_tag": "18.20.5-jdk8", - "gradle_version": "7.6", - "sonar_version": "4.6.2.2472", - "cx_flow_version": "1.6.46", - "cx_flow_jar": "cx-flow.jar", - "sca_resolver_version": "2.12.36", - "is_latest": false - }, { "name": "node20-jdk8", "node_version": "20.18.0", @@ -39,19 +26,6 @@ "sca_resolver_version": "2.12.36", "is_latest": false }, - { - "name": "node18-jdk11", - "node_version": "18.20.5", - "node_major": "18", - "jdk_version": "11", - "base_image_tag": "18.20.5-jdk11", - "gradle_version": "7.6", - "sonar_version": "4.6.2.2472", - "cx_flow_version": "1.6.46", - "cx_flow_jar": "cx-flow-java11.jar", - "sca_resolver_version": "2.12.36", - "is_latest": false - }, { "name": "node20-jdk11", "node_version": "20.18.0", @@ -78,19 +52,6 @@ "sca_resolver_version": "2.12.36", "is_latest": false }, - { - "name": "node18-jdk17", - "node_version": "18.20.5", - "node_major": "18", - "jdk_version": "17", - "base_image_tag": "18.20.5-jdk17", - "gradle_version": "8.5", - "sonar_version": "4.8.0.2856", - "cx_flow_version": "1.7.11", - "cx_flow_jar": "cx-flow.jar", - "sca_resolver_version": "2.12.36", - "is_latest": false - }, { "name": "node20-jdk17", "node_version": "20.18.0", @@ -117,19 +78,6 @@ "sca_resolver_version": "2.12.36", "is_latest": false }, - { - "name": "node18-jdk21", - "node_version": "18.20.5", - "node_major": "18", - "jdk_version": "21", - "base_image_tag": "18.20.5-jdk21", - "gradle_version": "8.5", - "sonar_version": "4.8.0.2856", - "cx_flow_version": "1.7.11", - "cx_flow_jar": "cx-flow.jar", - "sca_resolver_version": "2.12.36", - "is_latest": false - }, { "name": "node20-jdk21", "node_version": "20.18.0", From 093d1b00c3610a3ef6169f457c770afcdba2b62c Mon Sep 17 00:00:00 2001 From: danbao Date: Sat, 20 Dec 2025 14:31:31 +0800 Subject: [PATCH 04/12] ci: build on all branches, push only on master --- .github/workflows/build.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0c290d1..1b7adfc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,8 +2,12 @@ name: Build Web Tools Images on: push: - branches: - - master + paths: + - 'Dockerfile' + - 'versions/**' + - 'scripts/**' + - '.github/workflows/build.yml' + pull_request: paths: - 'Dockerfile' - 'versions/**' @@ -62,12 +66,14 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub + if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} - name: Login to GitHub Container Registry + if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' uses: docker/login-action@v3 with: registry: ghcr.io @@ -104,7 +110,7 @@ jobs: context: . file: ./Dockerfile platforms: linux/amd64,linux/arm64 - push: true + push: ${{ github.ref == 'refs/heads/master' && github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} build-args: | BASE_IMAGE_TAG=${{ matrix.base_image_tag }} @@ -117,11 +123,12 @@ jobs: cache-to: type=gha,mode=max,scope=${{ matrix.name }} # ============================================================================= - # Update README - Generate directly from versions.json + # Update README - Generate directly from versions.json (master only) # ============================================================================= update-readme: needs: build runs-on: ubuntu-latest + if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' permissions: contents: write steps: From caa57c545217d8f55a9c22419178d905e4f450b2 Mon Sep 17 00:00:00 2001 From: danbao Date: Sat, 20 Dec 2025 14:46:54 +0800 Subject: [PATCH 05/12] fix: handle Sonar Scanner version-specific URL formats and arm64 support --- scripts/install-sonar.sh | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/scripts/install-sonar.sh b/scripts/install-sonar.sh index f0c18d1..b6378fb 100644 --- a/scripts/install-sonar.sh +++ b/scripts/install-sonar.sh @@ -5,11 +5,25 @@ echo "Installing Sonar Scanner ${SONAR_VERSION}..." # Detect architecture ARCH=$(dpkg --print-architecture) -case "${ARCH}" in - amd64) SONAR_ARCH="linux-x64" ;; - arm64) SONAR_ARCH="linux-aarch64" ;; - *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; -esac + +# Determine version major (e.g., 4.6.2.2472 -> 4) +VERSION_MAJOR=$(echo "${SONAR_VERSION}" | cut -d. -f1) + +# Sonar Scanner 5.x+ uses linux-x64/linux-aarch64, older versions use just "linux" +if [[ "${VERSION_MAJOR}" -ge 5 ]]; then + case "${ARCH}" in + amd64) SONAR_ARCH="linux-x64" ;; + arm64) SONAR_ARCH="linux-aarch64" ;; + *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; + esac +else + # Older versions (4.x) only support x64 with "linux" suffix + if [[ "${ARCH}" == "arm64" ]]; then + echo "WARNING: Sonar Scanner ${SONAR_VERSION} does not support arm64, skipping installation." + exit 0 + fi + SONAR_ARCH="linux" +fi echo " Architecture: ${ARCH} -> ${SONAR_ARCH}" From acc51228adbc97d705ba598c6300666ddddb3d84 Mon Sep 17 00:00:00 2001 From: danbao Date: Sat, 20 Dec 2025 14:47:57 +0800 Subject: [PATCH 06/12] chore: upgrade Sonar Scanner to 6.2.1 for full arm64 support --- scripts/install-sonar.sh | 24 +++++------------------- versions/versions.json | 16 ++++++++-------- 2 files changed, 13 insertions(+), 27 deletions(-) diff --git a/scripts/install-sonar.sh b/scripts/install-sonar.sh index b6378fb..f0c18d1 100644 --- a/scripts/install-sonar.sh +++ b/scripts/install-sonar.sh @@ -5,25 +5,11 @@ echo "Installing Sonar Scanner ${SONAR_VERSION}..." # Detect architecture ARCH=$(dpkg --print-architecture) - -# Determine version major (e.g., 4.6.2.2472 -> 4) -VERSION_MAJOR=$(echo "${SONAR_VERSION}" | cut -d. -f1) - -# Sonar Scanner 5.x+ uses linux-x64/linux-aarch64, older versions use just "linux" -if [[ "${VERSION_MAJOR}" -ge 5 ]]; then - case "${ARCH}" in - amd64) SONAR_ARCH="linux-x64" ;; - arm64) SONAR_ARCH="linux-aarch64" ;; - *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; - esac -else - # Older versions (4.x) only support x64 with "linux" suffix - if [[ "${ARCH}" == "arm64" ]]; then - echo "WARNING: Sonar Scanner ${SONAR_VERSION} does not support arm64, skipping installation." - exit 0 - fi - SONAR_ARCH="linux" -fi +case "${ARCH}" in + amd64) SONAR_ARCH="linux-x64" ;; + arm64) SONAR_ARCH="linux-aarch64" ;; + *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; +esac echo " Architecture: ${ARCH} -> ${SONAR_ARCH}" diff --git a/versions/versions.json b/versions/versions.json index 1584d3b..994f200 100644 --- a/versions/versions.json +++ b/versions/versions.json @@ -7,7 +7,7 @@ "jdk_version": "8", "base_image_tag": "20.18.0-jdk8", "gradle_version": "7.6", - "sonar_version": "4.6.2.2472", + "sonar_version": "6.2.1.4610", "cx_flow_version": "1.6.46", "cx_flow_jar": "cx-flow.jar", "sca_resolver_version": "2.12.36", @@ -20,7 +20,7 @@ "jdk_version": "8", "base_image_tag": "22.11.0-jdk8", "gradle_version": "7.6", - "sonar_version": "4.6.2.2472", + "sonar_version": "6.2.1.4610", "cx_flow_version": "1.6.46", "cx_flow_jar": "cx-flow.jar", "sca_resolver_version": "2.12.36", @@ -33,7 +33,7 @@ "jdk_version": "11", "base_image_tag": "20.18.0-jdk11", "gradle_version": "7.6", - "sonar_version": "4.6.2.2472", + "sonar_version": "6.2.1.4610", "cx_flow_version": "1.6.46", "cx_flow_jar": "cx-flow-java11.jar", "sca_resolver_version": "2.12.36", @@ -46,7 +46,7 @@ "jdk_version": "11", "base_image_tag": "22.11.0-jdk11", "gradle_version": "7.6", - "sonar_version": "4.6.2.2472", + "sonar_version": "6.2.1.4610", "cx_flow_version": "1.6.46", "cx_flow_jar": "cx-flow-java11.jar", "sca_resolver_version": "2.12.36", @@ -59,7 +59,7 @@ "jdk_version": "17", "base_image_tag": "20.18.0-jdk17", "gradle_version": "8.5", - "sonar_version": "4.8.0.2856", + "sonar_version": "6.2.1.4610", "cx_flow_version": "1.7.11", "cx_flow_jar": "cx-flow.jar", "sca_resolver_version": "2.12.36", @@ -72,7 +72,7 @@ "jdk_version": "17", "base_image_tag": "22.11.0-jdk17", "gradle_version": "8.5", - "sonar_version": "4.8.0.2856", + "sonar_version": "6.2.1.4610", "cx_flow_version": "1.7.11", "cx_flow_jar": "cx-flow.jar", "sca_resolver_version": "2.12.36", @@ -85,7 +85,7 @@ "jdk_version": "21", "base_image_tag": "20.18.0-jdk21", "gradle_version": "8.5", - "sonar_version": "4.8.0.2856", + "sonar_version": "6.2.1.4610", "cx_flow_version": "1.7.11", "cx_flow_jar": "cx-flow.jar", "sca_resolver_version": "2.12.36", @@ -98,7 +98,7 @@ "jdk_version": "21", "base_image_tag": "22.11.0-jdk21", "gradle_version": "8.5", - "sonar_version": "4.8.0.2856", + "sonar_version": "6.2.1.4610", "cx_flow_version": "1.7.11", "cx_flow_jar": "cx-flow.jar", "sca_resolver_version": "2.12.36", From b87a169ac3475eb8602c3147afff0c2ffbf2034c Mon Sep 17 00:00:00 2001 From: danbao Date: Sat, 20 Dec 2025 14:50:48 +0800 Subject: [PATCH 07/12] ci: only run pipeline on master push or pull request --- .github/workflows/build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1b7adfc..02984cd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,6 +2,8 @@ name: Build Web Tools Images on: push: + branches: + - master paths: - 'Dockerfile' - 'versions/**' From 1745b816d24fa3b38f419ad2cce89b899f2c9d9c Mon Sep 17 00:00:00 2001 From: danbao Date: Sat, 20 Dec 2025 20:21:04 +0800 Subject: [PATCH 08/12] feat: add version verification after each tool installation --- Dockerfile | 8 +++++--- scripts/install-base.sh | 7 +++++++ scripts/install-checkmarx.sh | 5 +++++ scripts/install-chromium.sh | 4 ++++ scripts/install-gradle.sh | 4 ++++ scripts/install-sonar.sh | 4 ++++ 6 files changed, 29 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4ce47fd..6390c1f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -51,8 +51,9 @@ RUN /tmp/scripts/install-checkmarx.sh ${CX_FLOW_JAR} # Cleanup RUN rm -rf /tmp/scripts /var/lib/apt/lists/* /tmp/* /var/tmp/* -# Show versions -RUN java -version \ +# Final version summary +RUN echo "=== Final Version Summary ===" \ + && java -version \ && javac -version \ && mvn -version \ && gradle --version \ @@ -60,4 +61,5 @@ RUN java -version \ && npm version \ && yarn --version \ && python3 --version \ - && sonar-scanner --version || true + && git --version \ + && sonar-scanner --version diff --git a/scripts/install-base.sh b/scripts/install-base.sh index a376941..ba3e25b 100644 --- a/scripts/install-base.sh +++ b/scripts/install-base.sh @@ -33,4 +33,11 @@ esac curl -sL "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_${YQ_ARCH}" -o /usr/local/bin/yq \ && chmod +x /usr/local/bin/yq +# Verify installations +echo "=== Verifying base tools ===" +git --version +curl --version | head -1 +jq --version +yq --version +python3 --version echo "Base tools installed successfully." diff --git a/scripts/install-checkmarx.sh b/scripts/install-checkmarx.sh index 4ef980a..54259a4 100644 --- a/scripts/install-checkmarx.sh +++ b/scripts/install-checkmarx.sh @@ -32,4 +32,9 @@ curl -sL "https://sca-downloads.s3.amazonaws.com/cli/${SCA_RESOLVER_VERSION}/Sca && tar -xzf ./sca-resolver/ScaResolver.tar.gz -C ./sca-resolver \ && rm ./sca-resolver/ScaResolver.tar.gz +# Verify installation +echo "=== Verifying Checkmarx tools ===" +ls -la /opt/cx-flow/cx-flow.jar +ls -la /opt/sca-resolver/ + echo "Checkmarx tools installed successfully." diff --git a/scripts/install-chromium.sh b/scripts/install-chromium.sh index f6631ec..7125d21 100644 --- a/scripts/install-chromium.sh +++ b/scripts/install-chromium.sh @@ -31,4 +31,8 @@ echo 'export PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium' >> /etc/profile.d/chro echo 'export PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true' >> /etc/profile.d/chromium.sh chmod +x /etc/profile.d/chromium.sh +# Verify installation +echo "=== Verifying Chromium ===" +chromium --version || chromium-browser --version + echo "Chromium and Puppeteer dependencies installed successfully." diff --git a/scripts/install-gradle.sh b/scripts/install-gradle.sh index 051459c..5f1784c 100644 --- a/scripts/install-gradle.sh +++ b/scripts/install-gradle.sh @@ -9,4 +9,8 @@ curl -sL "https://downloads.gradle.org/distributions/gradle-${GRADLE_VERSION}-bi && rm gradle.zip \ && ln -s /opt/gradle-${GRADLE_VERSION}/bin/gradle /usr/local/bin/gradle +# Verify installation +echo "=== Verifying Gradle ===" +gradle --version + echo "Gradle ${GRADLE_VERSION} installed successfully." diff --git a/scripts/install-sonar.sh b/scripts/install-sonar.sh index f0c18d1..a0864e7 100644 --- a/scripts/install-sonar.sh +++ b/scripts/install-sonar.sh @@ -20,4 +20,8 @@ curl -sL "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar- && ln -s /opt/sonar-scanner-${SONAR_VERSION}-${SONAR_ARCH}/bin/sonar-scanner /usr/local/bin/sonar-scanner \ && sed -i 's/use_embedded_jre=true/use_embedded_jre=false/g' /opt/sonar-scanner-${SONAR_VERSION}-${SONAR_ARCH}/bin/sonar-scanner +# Verify installation +echo "=== Verifying Sonar Scanner ===" +sonar-scanner --version + echo "Sonar Scanner ${SONAR_VERSION} installed successfully." From 882ef49d71fc9502cbd3fcaf65e7b20b0ddcb5e3 Mon Sep 17 00:00:00 2001 From: danbao Date: Sun, 21 Dec 2025 00:41:10 +0800 Subject: [PATCH 09/12] fix: update package names for Ubuntu Noble (chromium-browser, libasound2t64) --- scripts/install-chromium.sh | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/scripts/install-chromium.sh b/scripts/install-chromium.sh index 7125d21..473f373 100644 --- a/scripts/install-chromium.sh +++ b/scripts/install-chromium.sh @@ -4,9 +4,9 @@ set -e echo "Installing Chromium and Puppeteer dependencies..." # Install Chromium and dependencies for Puppeteer +# Note: Package names vary between Ubuntu versions apt-get update && apt-get install -y --no-install-recommends \ - chromium \ - chromium-sandbox \ + chromium-browser \ fonts-liberation \ fonts-dejavu-core \ libgbm1 \ @@ -22,17 +22,24 @@ apt-get update && apt-get install -y --no-install-recommends \ libxrandr2 \ libpango-1.0-0 \ libcairo2 \ - libasound2 \ + libasound2t64 \ && rm -rf /var/lib/apt/lists/* +# Find chromium binary path +CHROMIUM_BIN=$(which chromium-browser || which chromium || echo "/usr/bin/chromium-browser") + # Set Puppeteer environment variables -echo 'export CHROME_BIN=/usr/bin/chromium' >> /etc/profile.d/chromium.sh -echo 'export PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium' >> /etc/profile.d/chromium.sh +echo "export CHROME_BIN=${CHROMIUM_BIN}" >> /etc/profile.d/chromium.sh +echo "export PUPPETEER_EXECUTABLE_PATH=${CHROMIUM_BIN}" >> /etc/profile.d/chromium.sh echo 'export PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true' >> /etc/profile.d/chromium.sh chmod +x /etc/profile.d/chromium.sh +# Also set in environment for current build +export CHROME_BIN=${CHROMIUM_BIN} +export PUPPETEER_EXECUTABLE_PATH=${CHROMIUM_BIN} + # Verify installation echo "=== Verifying Chromium ===" -chromium --version || chromium-browser --version +${CHROMIUM_BIN} --version echo "Chromium and Puppeteer dependencies installed successfully." From 14faa7fe06cc07159f268ffa1e71c2648c69fc1b Mon Sep 17 00:00:00 2001 From: danbao Date: Sun, 21 Dec 2025 08:31:52 +0800 Subject: [PATCH 10/12] fix: download Chromium from official snapshots for amd64 --- scripts/install-chromium.sh | 53 ++++++++++++++++++++++++++++--------- 1 file changed, 40 insertions(+), 13 deletions(-) diff --git a/scripts/install-chromium.sh b/scripts/install-chromium.sh index 473f373..1bd58fb 100644 --- a/scripts/install-chromium.sh +++ b/scripts/install-chromium.sh @@ -3,10 +3,11 @@ set -e echo "Installing Chromium and Puppeteer dependencies..." -# Install Chromium and dependencies for Puppeteer -# Note: Package names vary between Ubuntu versions +# Detect architecture +ARCH=$(dpkg --print-architecture) + +# Install common dependencies for Puppeteer apt-get update && apt-get install -y --no-install-recommends \ - chromium-browser \ fonts-liberation \ fonts-dejavu-core \ libgbm1 \ @@ -23,23 +24,49 @@ apt-get update && apt-get install -y --no-install-recommends \ libpango-1.0-0 \ libcairo2 \ libasound2t64 \ + libxshmfence1 \ + libglu1-mesa \ && rm -rf /var/lib/apt/lists/* -# Find chromium binary path -CHROMIUM_BIN=$(which chromium-browser || which chromium || echo "/usr/bin/chromium-browser") +if [[ "${ARCH}" == "amd64" ]]; then + echo "Downloading Chromium from official snapshots..." + + # Get latest version + CHROMIUM_VERSION=$(curl -s "https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/Linux_x64%2FLAST_CHANGE?alt=media") + echo " Latest version: ${CHROMIUM_VERSION}" + + # Download and extract + cd /opt + curl -sL "https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/Linux_x64%2F${CHROMIUM_VERSION}%2Fchrome-linux.zip?alt=media" -o chromium.zip + unzip -q chromium.zip + rm chromium.zip + + # Create symlink + ln -s /opt/chrome-linux/chrome /usr/local/bin/chromium + + CHROMIUM_BIN="/usr/local/bin/chromium" +else + echo "WARNING: Chromium official builds not available for ${ARCH}, skipping..." + echo " Puppeteer will need to download its own Chromium or use a custom executable." + + # Set empty path - Puppeteer will handle this + CHROMIUM_BIN="" +fi # Set Puppeteer environment variables -echo "export CHROME_BIN=${CHROMIUM_BIN}" >> /etc/profile.d/chromium.sh -echo "export PUPPETEER_EXECUTABLE_PATH=${CHROMIUM_BIN}" >> /etc/profile.d/chromium.sh +if [[ -n "${CHROMIUM_BIN}" ]]; then + echo "export CHROME_BIN=${CHROMIUM_BIN}" >> /etc/profile.d/chromium.sh + echo "export PUPPETEER_EXECUTABLE_PATH=${CHROMIUM_BIN}" >> /etc/profile.d/chromium.sh +fi echo 'export PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true' >> /etc/profile.d/chromium.sh chmod +x /etc/profile.d/chromium.sh -# Also set in environment for current build -export CHROME_BIN=${CHROMIUM_BIN} -export PUPPETEER_EXECUTABLE_PATH=${CHROMIUM_BIN} - # Verify installation echo "=== Verifying Chromium ===" -${CHROMIUM_BIN} --version +if [[ -n "${CHROMIUM_BIN}" && -x "${CHROMIUM_BIN}" ]]; then + ${CHROMIUM_BIN} --version --no-sandbox +else + echo "Chromium not installed on this architecture (${ARCH})" +fi -echo "Chromium and Puppeteer dependencies installed successfully." +echo "Chromium installation completed." From d89d9262bd5d61ac722aaca12bffbe09aa0ee8bd Mon Sep 17 00:00:00 2001 From: danbao Date: Sun, 21 Dec 2025 17:17:45 +0800 Subject: [PATCH 11/12] fix: use Sonar Scanner 4.8.0 for JDK 8/11 (requires Java 11+), 6.2.1 for JDK 17/21 --- scripts/install-sonar.sh | 25 ++++++++++++++++++++----- versions/versions.json | 8 ++++---- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/scripts/install-sonar.sh b/scripts/install-sonar.sh index a0864e7..8df2ebe 100644 --- a/scripts/install-sonar.sh +++ b/scripts/install-sonar.sh @@ -5,11 +5,26 @@ echo "Installing Sonar Scanner ${SONAR_VERSION}..." # Detect architecture ARCH=$(dpkg --print-architecture) -case "${ARCH}" in - amd64) SONAR_ARCH="linux-x64" ;; - arm64) SONAR_ARCH="linux-aarch64" ;; - *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; -esac + +# Determine version major (e.g., 4.8.0.2856 -> 4) +VERSION_MAJOR=$(echo "${SONAR_VERSION}" | cut -d. -f1) + +# Sonar Scanner 5.x+ uses linux-x64/linux-aarch64, older versions use just "linux" +if [[ "${VERSION_MAJOR}" -ge 5 ]]; then + case "${ARCH}" in + amd64) SONAR_ARCH="linux-x64" ;; + arm64) SONAR_ARCH="linux-aarch64" ;; + *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; + esac +else + # Older versions (4.x) only support x64 with "linux" suffix + if [[ "${ARCH}" == "arm64" ]]; then + echo "WARNING: Sonar Scanner ${SONAR_VERSION} does not support arm64, skipping installation." + echo "=== Sonar Scanner skipped (no arm64 support) ===" + exit 0 + fi + SONAR_ARCH="linux" +fi echo " Architecture: ${ARCH} -> ${SONAR_ARCH}" diff --git a/versions/versions.json b/versions/versions.json index 994f200..3254f69 100644 --- a/versions/versions.json +++ b/versions/versions.json @@ -7,7 +7,7 @@ "jdk_version": "8", "base_image_tag": "20.18.0-jdk8", "gradle_version": "7.6", - "sonar_version": "6.2.1.4610", + "sonar_version": "4.8.0.2856", "cx_flow_version": "1.6.46", "cx_flow_jar": "cx-flow.jar", "sca_resolver_version": "2.12.36", @@ -20,7 +20,7 @@ "jdk_version": "8", "base_image_tag": "22.11.0-jdk8", "gradle_version": "7.6", - "sonar_version": "6.2.1.4610", + "sonar_version": "4.8.0.2856", "cx_flow_version": "1.6.46", "cx_flow_jar": "cx-flow.jar", "sca_resolver_version": "2.12.36", @@ -33,7 +33,7 @@ "jdk_version": "11", "base_image_tag": "20.18.0-jdk11", "gradle_version": "7.6", - "sonar_version": "6.2.1.4610", + "sonar_version": "4.8.0.2856", "cx_flow_version": "1.6.46", "cx_flow_jar": "cx-flow-java11.jar", "sca_resolver_version": "2.12.36", @@ -46,7 +46,7 @@ "jdk_version": "11", "base_image_tag": "22.11.0-jdk11", "gradle_version": "7.6", - "sonar_version": "6.2.1.4610", + "sonar_version": "4.8.0.2856", "cx_flow_version": "1.6.46", "cx_flow_jar": "cx-flow-java11.jar", "sca_resolver_version": "2.12.36", From b910f3bbcab760430917c7ab7a5ad6ebf19f301b Mon Sep 17 00:00:00 2001 From: danbao Date: Mon, 22 Dec 2025 00:09:17 +0800 Subject: [PATCH 12/12] fix: skip version check for optional tools (sonar-scanner, chromium) on arm64 --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 6390c1f..64e8938 100644 --- a/Dockerfile +++ b/Dockerfile @@ -62,4 +62,5 @@ RUN echo "=== Final Version Summary ===" \ && yarn --version \ && python3 --version \ && git --version \ - && sonar-scanner --version + && (command -v chromium && chromium --version --no-sandbox || echo "chromium: not installed") \ + && (command -v sonar-scanner && sonar-scanner --version || echo "sonar-scanner: not installed")