From: Juha Kosonen Date: Mon, 26 Aug 2019 14:17:53 +0000 (+0300) Subject: Create docker layer container for Docker Bench X-Git-Tag: 2.0.0~46^2 X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=validation.git;a=commitdiff_plain;h=3d693bf57ea1a831f90a655929b8fe4502de50a8 Create docker layer container for Docker Bench Change-Id: Iefcbd481aa4993a59528feed3faa40cf279a890c Signed-off-by: Juha Kosonen --- diff --git a/docker/docker/Dockerfile b/docker/docker/Dockerfile new file mode 100644 index 0000000..82c7040 --- /dev/null +++ b/docker/docker/Dockerfile @@ -0,0 +1,50 @@ +############################################################################## +# Copyright (c) 2019 AT&T, ENEA AB, Nokia and others # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you maynot use this file except in compliance with the License. # +# # +# You may obtain a copy of the License at # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +############################################################################## + +# ref: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#use-multi-stage-builds +FROM python:3.6-alpine3.9 as build + +# Install dependencies +COPY pip-requirements.txt /wheels/requirements/pip-requirements.txt +RUN apk --no-cache add --update \ + gcc \ + git \ + libc-dev \ + libffi \ + libffi-dev \ + make \ + openssl-dev + +# Build binaries +WORKDIR /wheels +RUN pip3 install wheel +RUN pip3 wheel -r /wheels/requirements/pip-requirements.txt +RUN git clone https://gerrit.akraino.org/r/validation /opt/akraino/validation +RUN git clone https://github.com/docker/docker-bench-security.git /opt/akraino/docker-bench-security + +# Copy binaries in the final container and install requirements +FROM python:3.6-alpine3.9 +COPY --from=build /wheels /wheels +COPY --from=build /opt/akraino/validation /opt/akraino/validation +COPY --from=build /opt/akraino/docker-bench-security /opt/akraino/docker-bench-security + +RUN pip3 install -r /wheels/requirements/pip-requirements.txt \ + -f /wheels && \ + rm -rf /wheels && \ + rm -rf /root/.cache/pip/* + +# Install blueval dependencies +RUN pip install -r /opt/akraino/validation/bluval/requirements.txt diff --git a/docker/docker/Makefile b/docker/docker/Makefile new file mode 100644 index 0000000..a5b4099 --- /dev/null +++ b/docker/docker/Makefile @@ -0,0 +1,23 @@ +############################################################################## +# Copyright (c) 2019 AT&T, ENEA AB, Nokia and others # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you maynot use this file except in compliance with the License. # +# # +# You may obtain a copy of the License at # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +############################################################################## + +.PHONY: all +all: .push_image .push_manifest + +.PHONY: build +build: .build + +include ../build.mk diff --git a/docker/docker/pip-requirements.txt b/docker/docker/pip-requirements.txt new file mode 100644 index 0000000..af1d9bf --- /dev/null +++ b/docker/docker/pip-requirements.txt @@ -0,0 +1,2 @@ +robotframework +robotframework-sshlibrary diff --git a/tests/docker/docker_bench/docker_bench.resource b/tests/docker/docker_bench/docker_bench.resource index f4b9336..674087f 100644 --- a/tests/docker/docker_bench/docker_bench.resource +++ b/tests/docker/docker_bench/docker_bench.resource @@ -26,7 +26,7 @@ Library String *** Variables *** ${REPORTDIR} ${LOG_PATH}${/}${SUITE_NAME.replace(' ','_')} -${SRCDIR} ./docker-bench-security +${SRCDIR} /opt/akraino/docker-bench-security ${DESTDIR} /tmp/docker-bench-security ${NODEDIR} /tmp/docker-bench-security-run ${SSH_OPTS} -o StrictHostKeyChecking=no @@ -37,11 +37,6 @@ Open Connection And Log In Open Connection ${HOST} Login With Public Key ${USERNAME} ${SSH_KEYFILE} -Download Docker Bench Software - Remove Docker Bench Software - Run Process git clone - ... https://github.com/docker/docker-bench-security.git ${SRCDIR} - Upload Test Software To Nodes Put Directory ${SRCDIR} ${DESTDIR} recursive=True Get Node Addresses @@ -66,9 +61,6 @@ Copy Test Software To All Nodes \ Execute Command ssh ${SSH_OPTS} ${node} "mkdir -p ${NODEDIR}" \ Execute Command scp ${SSH_OPTS} -rp ${DESTDIR}/. ${node}:${NODEDIR} -Remove Docker Bench Software - Remove Directory ${SRCDIR} recursive=True - Remove Test Software From Nodes :FOR ${node} IN @{nodes} \ Execute Command ssh ${SSH_OPTS} ${node} "rm -rf ${NODEDIR}" diff --git a/tests/docker/docker_bench/docker_bench.robot b/tests/docker/docker_bench/docker_bench.robot index 591c6cc..e0a915c 100644 --- a/tests/docker/docker_bench/docker_bench.robot +++ b/tests/docker/docker_bench/docker_bench.robot @@ -22,10 +22,8 @@ Documentation Runs the Docker Bench for Security script which checks for ... containers in production. Library BuiltIn Resource docker_bench.resource -Suite Setup Run Keywords Open Connection And Log In -... Download Docker Bench Software -Suite Teardown Run Keywords Remove Docker Bench Software -... Close All Connections +Suite Setup Open Connection And Log In +Suite Teardown Close All Connections Test Setup Upload Test Software To Nodes Test Teardown Remove Test Software From Nodes