Skip to content

update dockerfile #763

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
srivickynesh wants to merge 1 commit into
base: master
Choose a base branch
from
Open

update dockerfile #763

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions Dockerfile.CI
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
FROM quay.io/fedora/fedora:44

ENV HTTP_PROXY=http://squid.corp.redhat.com:3128
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot May 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Using ENV to set proxy variables hardcodes them into the final image. This means any container run from this image will attempt to route its traffic through the Red Hat corporate proxy, which will fail when run outside of the Red Hat network. To configure proxies for the build process without persisting them in the final image, use ARG instead of ENV for HTTP_PROXY, HTTPS_PROXY, and NO_PROXY.

ARG HTTP_PROXY=http://squid.corp.redhat.com:3128

ENV HTTPS_PROXY=http://squid.corp.redhat.com:3128
ENV NO_PROXY=localhost,127.0.0.1

RUN dnf update -y &&\
dnf install -y --setopt=tsflags=nodocs azure-cli git go gpgme jq make openssl python-unversioned-command python3 python3-antlr4-runtime python3-pip skopeo unzip vim wget yq && \
dnf clean all -y && rm -fR /var/cache/dnf
Expand Down Expand Up @@ -36,16 +40,16 @@ RUN wget https://mirror.openshift.com/pub/openshift-v4/clients/rosa/latest/rosa-
tar xzf /tmp/rosa.tar.gz -C /usr/bin --no-same-owner rosa &&\
rm /tmp/rosa.tar.gz

ENV TKN_VERSION=1.21.0
ENV TKN_VERSION=1.22.0
RUN wget https://developers.redhat.com/content-gateway/rest/browse/pub/cgw/pipelines/${TKN_VERSION}/tkn-linux-amd64.tar.gz \
-O /tmp/tkn.tar.gz &&\
tar xzf /tmp/tkn.tar.gz -C /usr/bin --no-same-owner tkn tkn-pac opc &&\
tar xzf /tmp/tkn.tar.gz --no-same-owner -C /usr/bin &&\
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot May 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Removing the explicit list of files (tkn tkn-pac opc) from the tar extraction command will extract all files in the archive (including metadata, licenses, or READMEs) directly into /usr/bin. It is cleaner and safer to explicitly extract only the required binaries to avoid polluting /usr/bin.

   tar xzf /tmp/tkn.tar.gz --no-same-owner -C /usr/bin tkn tkn-pac opc &&\

rm /tmp/tkn.tar.gz

RUN wget https://dl.min.io/client/mc/release/linux-amd64/mc -O /usr/bin/mc &&\
chmod u+x /usr/bin/mc

ENV GAUGE_VERSION=1.6.28
ENV GAUGE_VERSION=1.6.30
RUN wget https://github.com/getgauge/gauge/releases/download/v${GAUGE_VERSION}/gauge-${GAUGE_VERSION}-linux.x86_64.zip \
-O /tmp/gauge.zip &&\
unzip /tmp/gauge.zip gauge -d /usr/bin &&\
Expand All @@ -61,13 +65,13 @@ RUN wget https://github.com/getgauge/gauge/releases/download/v${GAUGE_VERSION}/g
go env -w GOPROXY="https://proxy.golang.org,direct" &&\
gauge version

RUN wget https://github.com/sigstore/cosign/releases/download/v3.0.5/cosign-linux-amd64 -O /usr/bin/cosign && \
RUN wget https://github.com/sigstore/cosign/releases/download/v3.0.6/cosign-linux-amd64 -O /usr/bin/cosign && \
chmod a+x /usr/bin/cosign

RUN wget https://github.com/sigstore/rekor/releases/download/v1.5.1/rekor-cli-linux-amd64 -O /usr/bin/rekor-cli && \
chmod u+x /usr/bin/rekor-cli

ENV GOLANGCI_LINT_VERSION=2.11.4
ENV GOLANGCI_LINT_VERSION=2.12.2
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot May 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

The golangci-lint project uses v1.x.y versioning (e.g., 1.62.2). There is no version 2.12.2 (or the previous 2.11.4), and attempting to download this version will result in a 404 Not Found error, breaking the Docker build. Please use a valid v1.x.y version.

ENV GOLANGCI_LINT_VERSION=1.62.2

RUN wget -O /tmp/golangci-lint.tar.gz https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz \
&& tar --strip-components=1 -C /usr/bin -xzf /tmp/golangci-lint.tar.gz golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint \
&& rm -f /tmp/golangci-lint.tar.gz
Expand Down