Updates ubi hardening extras to build ubi8.9.

mathworks-ref-arch · Dec 18, 2023 · 8c4917f · 8c4917f
1 parent 3c0c29d
commit 8c4917f
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 11 deletions.
diff --git a/.github/workflows/build-and-publish-ubi-hardening-extras.yml b/.github/workflows/build-and-publish-ubi-hardening-extras.yml
@@ -15,6 +15,7 @@ on:
 
 env:
   BASE_IMAGE: almalinux-base
+  OS_TAG: ubi8.9
 
 jobs:
   build-base-image:
@@ -106,21 +107,19 @@ jobs:
         id: pull_latest
         continue-on-error: true
         run: |
-          docker pull ${{ env.IMAGE_NAME }}:latest
+          docker pull ${{ env.IMAGE_NAME }}:${{ env.OS_TAG }}
 
       - name: Extract signature and version from latest Docker image
         id: extract
         run: |
           # Extract signature and version files from latest docker image if pull was succesful.
           if [[ ${{ steps.pull_latest.outcome }} == 'success' ]]; then
-            VERSION=$(bash ./ubi-hardening-extras/workflow/extract_metadata.sh ${{ env.IMAGE_NAME }}:latest)
+            VERSION=$(bash ./ubi-hardening-extras/workflow/extract_metadata.sh ${{ env.IMAGE_NAME }}:${{ env.OS_TAG }})
             echo -e "${{ env.GREEN }}>> Found ${{ env.IMAGE_NAME }} version ${VERSION}.${{ env.NC }}"
             NEXT_VERSION=$(bash ./ubi-hardening-extras/workflow/increment_version.sh ${VERSION})
-
           else
             echo -e "${{ env.RED }}>> Image ${{ env.IMAGE_NAME }} does not exist.${{ env.NC }}"
             NEXT_VERSION="v1.0"
-
           fi
           echo "next_version=${NEXT_VERSION}" >> $GITHUB_OUTPUT
 
@@ -148,8 +147,8 @@ jobs:
             BASE_IMAGE=${{ env.BASE_IMAGE }}
             VERSION=${{ steps.extract.outputs.next_version }}
           tags: |
-            ${{ env.IMAGE_NAME }}:latest
-            ${{ env.IMAGE_NAME }}:${{ steps.extract.outputs.next_version }}
+            ${{ env.IMAGE_NAME }}:${{ env.OS_TAG }}
+            ${{ env.IMAGE_NAME }}:${{ steps.extract.outputs.next_version }}-${{ env.OS_TAG }}
 
       - name: Set up Python 3
         if: ${{ steps.check.outputs.is_identical != '0' }}
@@ -167,8 +166,10 @@ jobs:
       - name: Test new UBI package Docker image
         if: ${{ steps.check.outputs.is_identical != '0' }}
         working-directory: ubi-hardening-extras/tests
+        env:
+          IMAGE_UNDER_TEST: ${{ env.IMAGE_NAME }}:${{ env.OS_TAG }}
         run: python -m unittest ${{ matrix.package }}/*.py
-          
+
       # Push the package Docker image built in the "Build Docker image for UBI packages" step to GHCR 
       # (since we now know if something has changed). 
       - name: Push to GitHub Container Registry if package has changed

diff --git a/ubi-hardening-extras/almalinux-base/Dockerfile b/ubi-hardening-extras/almalinux-base/Dockerfile
@@ -1,6 +1,6 @@
 # Copyright 2023 The MathWorks, Inc.
 ARG BASE_IMAGE=almalinux
-ARG BASE_TAG=8.8
+ARG BASE_TAG=8.9
 
 FROM ${BASE_IMAGE}:${BASE_TAG}
 

diff --git a/ubi-hardening-extras/tests/utils/Dockerfile b/ubi-hardening-extras/tests/utils/Dockerfile
@@ -2,7 +2,7 @@
 
 ARG BASE_REGISTRY=redhat
 ARG BASE_IMAGE=ubi8
-ARG BASE_TAG=8.8
+ARG BASE_TAG=8.9
 ARG IMAGE_UNDER_TEST
 
 FROM ${IMAGE_UNDER_TEST} AS image-under-test

diff --git a/ubi-hardening-extras/tests/utils/Dockerfile.novnc b/ubi-hardening-extras/tests/utils/Dockerfile.novnc
@@ -2,7 +2,7 @@
 
 ARG BASE_REGISTRY=redhat
 ARG BASE_IMAGE=ubi8
-ARG BASE_TAG=8.8
+ARG BASE_TAG=8.9
 ARG IMAGE_UNDER_TEST=novnc
 
 FROM ${IMAGE_UNDER_TEST} AS image-under-test

diff --git a/ubi-hardening-extras/tests/utils/basetest.py b/ubi-hardening-extras/tests/utils/basetest.py
@@ -11,7 +11,7 @@ class TestCase(unittest.TestCase):
     """Base test class"""
 
     # default parameters (can be overridden in derived test classes)
-    buildargs = {"IMAGE_UNDER_TEST": os.getenv("IMAGE_NAME")}
+    buildargs = {"IMAGE_UNDER_TEST": os.getenv("IMAGE_UNDER_TEST")}
     dockerfile = "Dockerfile"
 
     @classmethod