From f4821cb8071da49a14850085f7fddcff5592323c Mon Sep 17 00:00:00 2001 From: Andy Pickering Date: Fri, 19 Dec 2025 21:40:15 +0900 Subject: [PATCH 1/2] Dockerfile: Switch base image to ubi-minimal --- Dockerfile | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index acc14847..585544b1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,18 +6,28 @@ WORKDIR /usr/src/app # Copy only package files first for better layer caching COPY package.json package-lock.json ./ -RUN NODE_OPTIONS=--max-old-space-size=4096 npm ci --omit=dev --omit=optional --loglevel verbose --ignore-scripts --no-fund +RUN NODE_OPTIONS=--max-old-space-size=4096 npm ci --omit=dev --omit=optional --ignore-scripts --no-fund COPY console-extensions.json LICENSE tsconfig.json types.d.ts webpack.config.ts ./ COPY locales ./locales COPY src ./src -RUN npm run build --loglevel verbose +RUN npm run build -FROM registry.access.redhat.com/ubi9/nginx-124:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:latest USER 0 + +RUN microdnf install -y nginx && microdnf clean all + COPY --from=build /usr/src/app/dist /usr/share/nginx/html + RUN mkdir -p /licenses COPY --from=build /usr/src/app/LICENSE /licenses/LICENSE + +# Create nginx temp directory and set permissions for OpenShift +RUN mkdir -p /tmp/nginx && \ + chgrp -R 0 /var/log/nginx /var/lib/nginx /usr/share/nginx/html /tmp/nginx && \ + chmod -R g=u /var/log/nginx /var/lib/nginx /usr/share/nginx/html /tmp/nginx + LABEL name="openshift-lightspeed/lightspeed-console-plugin-rhel9" \ cpe="cpe:/a:redhat:openshift_lightspeed:1::el9" \ com.redhat.component="openshift-lightspeed" \ @@ -27,6 +37,7 @@ LABEL name="openshift-lightspeed/lightspeed-console-plugin-rhel9" \ io.k8s.description="OpenShift Lightspeed Console is a component of OpenShift Lightspeed" \ io.openshift.tags="openshift-lightspeed,ols" \ konflux.additional-tags="latest" + USER 1001 ENTRYPOINT ["nginx", "-g", "daemon off;", "-e", "stderr"] From 53ede1d6807489336d21f7e87d1e0a9ac8612ac2 Mon Sep 17 00:00:00 2001 From: Sergey Yedrikov Date: Tue, 6 Jan 2026 10:35:19 -0500 Subject: [PATCH 2/2] OLS-2321: [UI] Switch to ubi9-minimal based image. Enable rpm prefetch. --- .tekton/lightspeed-console-pull-request.yaml | 4 +- .tekton/lightspeed-console-push.yaml | 4 +- Dockerfile | 2 +- rpms.in.yaml | 4 + rpms.lock.yaml | 82 ++++++++++++++++++++ ubi.repo | 62 +++++++++++++++ 6 files changed, 153 insertions(+), 5 deletions(-) create mode 100644 rpms.in.yaml create mode 100644 rpms.lock.yaml create mode 100644 ubi.repo diff --git a/.tekton/lightspeed-console-pull-request.yaml b/.tekton/lightspeed-console-pull-request.yaml index 7992e5f9..81dfd480 100644 --- a/.tekton/lightspeed-console-pull-request.yaml +++ b/.tekton/lightspeed-console-pull-request.yaml @@ -32,7 +32,7 @@ spec: - name: dockerfile value: Dockerfile - name: prefetch-input - value: '{"type": "npm", "path": "."}' + value: '[{"type": "npm", "path": "."}, {"type": "rpm", "path": "."}]' pipelineSpec: description: | This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization. @@ -84,7 +84,7 @@ spec: description: Execute the build with network isolation name: hermetic type: string - - default: '' + - default: 'true' description: Build dependencies to be prefetched by Cachi2 name: prefetch-input type: string diff --git a/.tekton/lightspeed-console-push.yaml b/.tekton/lightspeed-console-push.yaml index 1d0b6e2f..4642021e 100644 --- a/.tekton/lightspeed-console-push.yaml +++ b/.tekton/lightspeed-console-push.yaml @@ -31,7 +31,7 @@ spec: - name: dockerfile value: Dockerfile - name: prefetch-input - value: '{"type": "npm", "path": "."}' + value: '[{"type": "npm", "path": "."}, {"type": "rpm", "path": "."}]' pipelineSpec: description: | This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization. @@ -83,7 +83,7 @@ spec: description: Execute the build with network isolation name: hermetic type: string - - default: '' + - default: 'true' description: Build dependencies to be prefetched by Cachi2 name: prefetch-input type: string diff --git a/Dockerfile b/Dockerfile index 585544b1..e28dff82 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ COPY locales ./locales COPY src ./src RUN npm run build -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:80f3902b6dcb47005a90e14140eef9080ccc1bb22df70ee16b27d5891524edb2 USER 0 RUN microdnf install -y nginx && microdnf clean all diff --git a/rpms.in.yaml b/rpms.in.yaml new file mode 100644 index 00000000..900a6617 --- /dev/null +++ b/rpms.in.yaml @@ -0,0 +1,4 @@ +packages: [nginx] +contentOrigin: + repofiles: ["./ubi.repo"] +arches: [x86_64, aarch64] \ No newline at end of file diff --git a/rpms.lock.yaml b/rpms.lock.yaml new file mode 100644 index 00000000..8655932d --- /dev/null +++ b/rpms.lock.yaml @@ -0,0 +1,82 @@ +--- +lockfileVersion: 1 +lockfileVendor: redhat +arches: +- arch: aarch64 + packages: + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/aarch64/appstream/os/Packages/n/nginx-1.20.1-22.el9_6.3.aarch64.rpm + repoid: ubi-9-for-aarch64-appstream-rpms + size: 38034 + checksum: sha256:acf0e009df1d2a0bf3302af6ffdeb940cc55cebd758d87444b28033b0cd07ab4 + name: nginx + evr: 2:1.20.1-22.el9_6.3 + sourcerpm: nginx-1.20.1-22.el9_6.3.src.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/aarch64/appstream/os/Packages/n/nginx-core-1.20.1-22.el9_6.3.aarch64.rpm + repoid: ubi-9-for-aarch64-appstream-rpms + size: 585353 + checksum: sha256:92b3fe4c68952603e9151ac185faa2e98fb2e5750bfe616d379dedda5de0e44a + name: nginx-core + evr: 2:1.20.1-22.el9_6.3 + sourcerpm: nginx-1.20.1-22.el9_6.3.src.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/aarch64/appstream/os/Packages/n/nginx-filesystem-1.20.1-22.el9_6.3.noarch.rpm + repoid: ubi-9-for-aarch64-appstream-rpms + size: 10729 + checksum: sha256:987a844a7ddf5bc2d54c5ced49ce4eba6b3d49aeb8960e0744792935b854d831 + name: nginx-filesystem + evr: 2:1.20.1-22.el9_6.3 + sourcerpm: nginx-1.20.1-22.el9_6.3.src.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/aarch64/appstream/os/Packages/r/redhat-logos-httpd-90.5-1.el9_6.1.noarch.rpm + repoid: ubi-9-for-aarch64-appstream-rpms + size: 16643 + checksum: sha256:a3b0e027da9390f7c047cdbd6eea0ce2de11781ec2b4e6e951d74fb15af93ff4 + name: redhat-logos-httpd + evr: 90.5-1.el9_6.1 + sourcerpm: redhat-logos-90.5-1.el9_6.1.src.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/aarch64/baseos/os/Packages/l/logrotate-3.18.0-12.el9.aarch64.rpm + repoid: ubi-9-for-aarch64-baseos-rpms + size: 74117 + checksum: sha256:9b8142fb8bd0a89c48655a385a58357e3d78ffa9a119db4eb24cec67b6e8ded8 + name: logrotate + evr: 3.18.0-12.el9 + sourcerpm: logrotate-3.18.0-12.el9.src.rpm + source: [] + module_metadata: [] +- arch: x86_64 + packages: + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/x86_64/appstream/os/Packages/n/nginx-1.20.1-22.el9_6.3.x86_64.rpm + repoid: ubi-9-for-x86_64-appstream-rpms + size: 38094 + checksum: sha256:ac60f31368828d6eb017ad6a755270abd48b2c15c347903a11127ac3c186c619 + name: nginx + evr: 2:1.20.1-22.el9_6.3 + sourcerpm: nginx-1.20.1-22.el9_6.3.src.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/x86_64/appstream/os/Packages/n/nginx-core-1.20.1-22.el9_6.3.x86_64.rpm + repoid: ubi-9-for-x86_64-appstream-rpms + size: 584421 + checksum: sha256:77c7fabc1d6366608ae0fa0392be79519c93276b30f2b905d1639ae56db89796 + name: nginx-core + evr: 2:1.20.1-22.el9_6.3 + sourcerpm: nginx-1.20.1-22.el9_6.3.src.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/x86_64/appstream/os/Packages/n/nginx-filesystem-1.20.1-22.el9_6.3.noarch.rpm + repoid: ubi-9-for-x86_64-appstream-rpms + size: 10729 + checksum: sha256:987a844a7ddf5bc2d54c5ced49ce4eba6b3d49aeb8960e0744792935b854d831 + name: nginx-filesystem + evr: 2:1.20.1-22.el9_6.3 + sourcerpm: nginx-1.20.1-22.el9_6.3.src.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/x86_64/appstream/os/Packages/r/redhat-logos-httpd-90.5-1.el9_6.1.noarch.rpm + repoid: ubi-9-for-x86_64-appstream-rpms + size: 16643 + checksum: sha256:a3b0e027da9390f7c047cdbd6eea0ce2de11781ec2b4e6e951d74fb15af93ff4 + name: redhat-logos-httpd + evr: 90.5-1.el9_6.1 + sourcerpm: redhat-logos-90.5-1.el9_6.1.src.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/x86_64/baseos/os/Packages/l/logrotate-3.18.0-12.el9.x86_64.rpm + repoid: ubi-9-for-x86_64-baseos-rpms + size: 76162 + checksum: sha256:ffa6b348d400fd25151f9a8042ed33cbf9b0dd305ee532e80c5f342e30e6fdf6 + name: logrotate + evr: 3.18.0-12.el9 + sourcerpm: logrotate-3.18.0-12.el9.src.rpm + source: [] + module_metadata: [] diff --git a/ubi.repo b/ubi.repo new file mode 100644 index 00000000..27aebe35 --- /dev/null +++ b/ubi.repo @@ -0,0 +1,62 @@ +[ubi-9-for-$basearch-baseos-rpms] +name = Red Hat Universal Base Image 9 (RPMs) - BaseOS +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/baseos/os +enabled = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-for-$basearch-baseos-debug-rpms] +name = Red Hat Universal Base Image 9 (Debug RPMs) - BaseOS +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/baseos/debug +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-for-$basearch-baseos-source-rpms] +name = Red Hat Universal Base Image 9 (Source RPMs) - BaseOS +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/baseos/source/SRPMS +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-for-$basearch-appstream-rpms] +name = Red Hat Universal Base Image 9 (RPMs) - AppStream +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/appstream/os +enabled = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-for-$basearch-appstream-debug-rpms] +name = Red Hat Universal Base Image 9 (Debug RPMs) - AppStream +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/appstream/debug +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-for-$basearch-appstream-source-rpms] +name = Red Hat Universal Base Image 9 (Source RPMs) - AppStream +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/appstream/source/SRPMS +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[codeready-builder-for-ubi-9-$basearch-rpms] +name = Red Hat Universal Base Image 9 (RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/os +enabled = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[codeready-builder-for-ubi-9-$basearch-debug-rpms] +name = Red Hat Universal Base Image 9 (Debug RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/debug +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[codeready-builder-for-ubi-9-$basearch-source-rpms] +name = Red Hat Universal Base Image 9 (Source RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/source/SRPMS +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1