diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml deleted file mode 100644 index f8a373d3aa..0000000000 --- a/.github/workflows/scorecard.yml +++ /dev/null @@ -1,78 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. They are provided -# by a third-party and are governed by separate terms of service, privacy -# policy, and support documentation. - -name: Scorecard supply-chain security -on: - # For Branch-Protection check. Only the default branch is supported. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection - branch_protection_rule: - # To guarantee Maintained check is occasionally updated. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained - schedule: - - cron: '39 3 * * 2' - push: - branches: - - '7.0' - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecard analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Needed to publish results and get a badge (see publish_results below). - id-token: write - # Uncomment the permissions below if installing in a private repository. - # contents: read - # actions: read - - steps: - - name: Harden Runner - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 - with: - egress-policy: audit - - - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 - with: - results_file: results.sarif - results_format: sarif - # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecard on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_TOKEN }} - - # Public repositories: - # - Publish results to OpenSSF REST API for easy access by consumers - # - Allows the repository to include the Scorecard badge. - # - See https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories: - # - `publish_results` will always be set to `false`, regardless - # of the value entered here. - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1 - with: - sarif_file: results.sarif diff --git a/Dockerfiles/agent/centos/Dockerfile b/Dockerfiles/agent/centos/Dockerfile index a2b441ee32..8a083f14c4 100644 --- a/Dockerfiles/agent/centos/Dockerfile +++ b/Dockerfiles/agent/centos/Dockerfile @@ -78,7 +78,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --shell /sbin/nologin \ --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p ZABBIX_CONF_DIR/ && \ + mkdir -p ${ZABBIX_CONF_DIR}/ && \ mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ mkdir -p ${ZABBIX_USER_HOME_DIR} && \ mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ diff --git a/Dockerfiles/agent/ol/Dockerfile b/Dockerfiles/agent/ol/Dockerfile index c6c9cf7dba..e136a00adb 100644 --- a/Dockerfiles/agent/ol/Dockerfile +++ b/Dockerfiles/agent/ol/Dockerfile @@ -30,7 +30,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/sbin/zabbix_agentd", "/usr/sbin/zabbix_agentd"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "${ZABBIX_CONF_DIR}/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ @@ -65,7 +65,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --shell /sbin/nologin \ --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p ZABBIX_CONF_DIR/ && \ + mkdir -p ${ZABBIX_CONF_DIR}/ && \ mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ mkdir -p ${ZABBIX_USER_HOME_DIR} && \ mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ diff --git a/Dockerfiles/agent/rhel/Dockerfile b/Dockerfiles/agent/rhel/Dockerfile index 5396de3bb3..03c09fa99a 100644 --- a/Dockerfiles/agent/rhel/Dockerfile +++ b/Dockerfiles/agent/rhel/Dockerfile @@ -103,7 +103,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --shell /sbin/nologin \ --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p ZABBIX_CONF_DIR/ && \ + mkdir -p ${ZABBIX_CONF_DIR}/ && \ mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ mkdir -p ${ZABBIX_USER_HOME_DIR} && \ mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ diff --git a/Dockerfiles/build-mysql/alpine/Dockerfile b/Dockerfiles/build-mysql/alpine/Dockerfile index 54530dd5a7..fbc424cb28 100644 --- a/Dockerfiles/build-mysql/alpine/Dockerfile +++ b/Dockerfiles/build-mysql/alpine/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -60,7 +60,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/alpine/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/alpine/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/alpine/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/alpine/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/centos/Dockerfile b/Dockerfiles/build-mysql/centos/Dockerfile index e4d5c4b99d..0ac17969b5 100644 --- a/Dockerfiles/build-mysql/centos/Dockerfile +++ b/Dockerfiles/build-mysql/centos/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -60,7 +60,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/centos/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/centos/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/centos/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/centos/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/ol/Dockerfile b/Dockerfiles/build-mysql/ol/Dockerfile index eaf037be06..1976c912c0 100644 --- a/Dockerfiles/build-mysql/ol/Dockerfile +++ b/Dockerfiles/build-mysql/ol/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -60,7 +60,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/ol/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/ol/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/ol/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/ol/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/rhel/Dockerfile b/Dockerfiles/build-mysql/rhel/Dockerfile index 857011c6b2..122b6898c8 100644 --- a/Dockerfiles/build-mysql/rhel/Dockerfile +++ b/Dockerfiles/build-mysql/rhel/Dockerfile @@ -45,7 +45,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -71,7 +71,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/rhel/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/rhel/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/rhel/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/rhel/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/ubuntu/Dockerfile b/Dockerfiles/build-mysql/ubuntu/Dockerfile index 8603e80e83..26e056fa08 100644 --- a/Dockerfiles/build-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/build-mysql/ubuntu/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -60,7 +60,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/ubuntu/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/ubuntu/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/ubuntu/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/ubuntu/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/alpine/Dockerfile b/Dockerfiles/build-pgsql/alpine/Dockerfile index a535b647ac..fba498f4ca 100644 --- a/Dockerfiles/build-pgsql/alpine/Dockerfile +++ b/Dockerfiles/build-pgsql/alpine/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -62,7 +62,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/alpine/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/alpine/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/alpine/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/alpine/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/centos/Dockerfile b/Dockerfiles/build-pgsql/centos/Dockerfile index 5358d71cff..e20f8eb90b 100644 --- a/Dockerfiles/build-pgsql/centos/Dockerfile +++ b/Dockerfiles/build-pgsql/centos/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -62,7 +62,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/centos/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/centos/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/centos/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/centos/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/ol/Dockerfile b/Dockerfiles/build-pgsql/ol/Dockerfile index 806184dc70..6039634ff2 100644 --- a/Dockerfiles/build-pgsql/ol/Dockerfile +++ b/Dockerfiles/build-pgsql/ol/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -62,7 +62,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/ol/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/ol/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/ol/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/ol/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/rhel/Dockerfile b/Dockerfiles/build-pgsql/rhel/Dockerfile index 471fa2b7db..abf373b69d 100644 --- a/Dockerfiles/build-pgsql/rhel/Dockerfile +++ b/Dockerfiles/build-pgsql/rhel/Dockerfile @@ -45,7 +45,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -73,7 +73,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/rhel/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/rhel/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/rhel/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/rhel/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/ubuntu/Dockerfile b/Dockerfiles/build-pgsql/ubuntu/Dockerfile index bf4b95b98c..bc12ae0d3f 100644 --- a/Dockerfiles/build-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/build-pgsql/ubuntu/Dockerfile @@ -34,7 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -62,7 +62,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/ubuntu/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/ubuntu/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/ubuntu/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/ubuntu/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-sqlite3/alpine/Dockerfile b/Dockerfiles/build-sqlite3/alpine/Dockerfile index 5379a0043a..84ac06696e 100644 --- a/Dockerfiles/build-sqlite3/alpine/Dockerfile +++ b/Dockerfiles/build-sqlite3/alpine/Dockerfile @@ -34,6 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -53,6 +54,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/alpine/src/.gitkeep b/Dockerfiles/build-sqlite3/alpine/patches/.gitkeep similarity index 100% rename from Dockerfiles/build-sqlite3/alpine/src/.gitkeep rename to Dockerfiles/build-sqlite3/alpine/patches/.gitkeep diff --git a/Dockerfiles/build-sqlite3/centos/Dockerfile b/Dockerfiles/build-sqlite3/centos/Dockerfile index daa5a47868..347e81f812 100644 --- a/Dockerfiles/build-sqlite3/centos/Dockerfile +++ b/Dockerfiles/build-sqlite3/centos/Dockerfile @@ -34,6 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -53,6 +54,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/centos/src/.gitkeep b/Dockerfiles/build-sqlite3/centos/patches/.gitkeep similarity index 100% rename from Dockerfiles/build-sqlite3/centos/src/.gitkeep rename to Dockerfiles/build-sqlite3/centos/patches/.gitkeep diff --git a/Dockerfiles/build-sqlite3/ol/Dockerfile b/Dockerfiles/build-sqlite3/ol/Dockerfile index 7c1823a046..5609edf1e3 100644 --- a/Dockerfiles/build-sqlite3/ol/Dockerfile +++ b/Dockerfiles/build-sqlite3/ol/Dockerfile @@ -34,6 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -53,6 +54,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/ubuntu/src/.gitkeep b/Dockerfiles/build-sqlite3/ol/patches/.gitkeep similarity index 100% rename from Dockerfiles/build-sqlite3/ubuntu/src/.gitkeep rename to Dockerfiles/build-sqlite3/ol/patches/.gitkeep diff --git a/Dockerfiles/build-sqlite3/rhel/Dockerfile b/Dockerfiles/build-sqlite3/rhel/Dockerfile index c24b72191a..81bfdb2e79 100644 --- a/Dockerfiles/build-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/build-sqlite3/rhel/Dockerfile @@ -45,6 +45,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -64,6 +65,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/rhel/patches/.gitkeep b/Dockerfiles/build-sqlite3/rhel/patches/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile index 852e6b8aa7..2f6f39ef74 100644 --- a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile @@ -34,6 +34,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -53,6 +54,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/ubuntu/patches/.gitkeep b/Dockerfiles/build-sqlite3/ubuntu/patches/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile index 2793f813d3..b04ddfd0e5 100644 --- a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile @@ -14,7 +14,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" \ + NMAP_PRIVILEGED="" \ ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ ZABBIX_CONF_DIR="/etc/zabbix" \ ZBX_FPINGLOCATION="/usr/bin/fping" diff --git a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile index 250cd5331b..e4f257cba2 100644 --- a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile @@ -14,7 +14,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" \ + NMAP_PRIVILEGED="" \ ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ ZABBIX_CONF_DIR="/etc/zabbix" \ ZBX_FPINGLOCATION="/usr/bin/fping" diff --git a/Dockerfiles/server-pgsql/centos/Dockerfile b/Dockerfiles/server-pgsql/centos/Dockerfile index 1b09f47580..f766094953 100644 --- a/Dockerfiles/server-pgsql/centos/Dockerfile +++ b/Dockerfiles/server-pgsql/centos/Dockerfile @@ -107,7 +107,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -G dialout \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir ${ZABBIX_USER_HOME_DIR}/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ diff --git a/Dockerfiles/server-pgsql/ol/Dockerfile b/Dockerfiles/server-pgsql/ol/Dockerfile index 2d73bfaacc..36df1d779d 100644 --- a/Dockerfiles/server-pgsql/ol/Dockerfile +++ b/Dockerfiles/server-pgsql/ol/Dockerfile @@ -89,7 +89,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -G dialout \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir ${ZABBIX_USER_HOME_DIR}/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ diff --git a/Dockerfiles/server-pgsql/rhel/Dockerfile b/Dockerfiles/server-pgsql/rhel/Dockerfile index a91b7492e3..75c18285ca 100644 --- a/Dockerfiles/server-pgsql/rhel/Dockerfile +++ b/Dockerfiles/server-pgsql/rhel/Dockerfile @@ -136,7 +136,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -G dialout \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir ${ZABBIX_USER_HOME_DIR}/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ diff --git a/build.sh b/build.sh index ee2a368823..a64b02dfed 100755 --- a/build.sh +++ b/build.sh @@ -42,7 +42,11 @@ else exit 1 fi -DOCKER_BUILDKIT=1 $exec_command build -t "zabbix-$app_component:$os-$version" --build-context sources="../../../sources" --build-arg VCS_REF="$VCS_REF" --build-arg BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" -f Dockerfile . +DOCKER_BUILDKIT=1 $exec_command build -t "zabbix-$app_component:$os-$version" \ + --build-context sources="../../../sources" \ + --build-arg VCS_REF="$VCS_REF" \ + --build-arg BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \ + -f Dockerfile . if [ "$type" != "build" ]; then links=""