From 7937e33b0df0b882718414042a4e4b2ff0ab86e8 Mon Sep 17 00:00:00 2001 From: Sebastian Gumprich Date: Thu, 30 May 2024 15:10:04 +0200 Subject: [PATCH] add ubuntu 24.04 --- .../workflows/ubuntu2404-ansible-latest.yml | 79 +++++++++++++++++++ README.md | 4 + ubuntu2404-ansible-latest/Dockerfile | 43 ++++++++++ 3 files changed, 126 insertions(+) create mode 100644 .github/workflows/ubuntu2404-ansible-latest.yml create mode 100644 ubuntu2404-ansible-latest/Dockerfile diff --git a/.github/workflows/ubuntu2404-ansible-latest.yml b/.github/workflows/ubuntu2404-ansible-latest.yml new file mode 100644 index 0000000..467604d --- /dev/null +++ b/.github/workflows/ubuntu2404-ansible-latest.yml @@ -0,0 +1,79 @@ +name: ubuntu2404-ansible-latest +on: + # yamllint disable-line rule:truthy + workflow_dispatch: + push: + paths: + - 'ubuntu2404-ansible-latest/**' + pull_request: + paths: + - 'ubuntu2404-ansible-latest/**' +jobs: + docker: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + strategy: + fail-fast: false + matrix: + dockerimage: + - ubuntu2404-ansible + platforms: + - linux/amd64 + #- linux/arm64 + steps: + - + name: Checkout + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Build and export to Docker + uses: docker/build-push-action@v5 + with: + context: ${{ matrix.dockerimage }}-latest + tags: docker-${{ matrix.dockerimage }}:test + load: true + platforms: ${{ matrix.platforms }} + - + name: Test + run: | + docker run --rm docker-${{ matrix.dockerimage }}:test + - + name: Login to ghcr.io + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + if: github.ref == 'refs/heads/master' + - + name: Build and push to ghcr.io + uses: docker/build-push-action@v5 + with: + context: ${{ matrix.dockerimage }}-latest + push: true + tags: ghcr.io/dev-sec/docker-${{ matrix.dockerimage }}:latest + platforms: ${{ matrix.platforms }} + if: github.ref == 'refs/heads/master' + - + name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + if: github.ref == 'refs/heads/master' + - + name: Build and push + uses: docker/build-push-action@v5 + with: + context: ${{ matrix.dockerimage }}-latest + push: true + tags: ${{ secrets.DOCKERHUB_USERNAME }}/docker-${{ matrix.dockerimage }}:latest + platforms: ${{ matrix.platforms }} + if: github.ref == 'refs/heads/master' diff --git a/README.md b/README.md index 4bf4609..e5e4759 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ They are meant for testing purposes and are mainly used for [dev-sec](https://gi | [Ubuntu 18.04][ubuntu] | [docker-ubuntu1804-ansible-latest][] | [ghcr.io/dev-sec/docker-ubuntu1804-ansible-latest][] | [rndmh3ro/docker-ubuntu1804-ansible-latest][] | | [Ubuntu 20.04][ubuntu] | [docker-ubuntu2004-ansible-latest][] | [ghcr.io/dev-sec/docker-ubuntu2004-ansible-latest][] | [rndmh3ro/docker-ubuntu2004-ansible-latest][] | | [Ubuntu 22.04][ubuntu] | [docker-ubuntu2204-ansible-latest][] | [ghcr.io/dev-sec/docker-ubuntu2204-ansible-latest][] | [rndmh3ro/docker-ubuntu2204-ansible-latest][] | +| [Ubuntu 24.04][ubuntu] | [docker-ubuntu2404-ansible-latest][] | [ghcr.io/dev-sec/docker-ubuntu2404-ansible-latest][] | [rndmh3ro/docker-ubuntu2404-ansible-latest][] | | [Alpine][alpine] | [docker-alpine-ansible-latest][] | [ghcr.io/dev-sec/docker-alpine-ansible-latest][] | [rndmh3ro/docker-alpine-ansible-latest][] | | [Amazon Linux 2][amazon] | [docker-amazon2-ansible-latest][] | [ghcr.io/dev-sec/docker-amazon2-ansible-latest][] | [rndmh3ro/docker-amazon2-ansible-latest][] | | [Amazon Linux 2023][amazon] | [docker-amazon2023-ansible-latest][] | [ghcr.io/dev-sec/docker-amazon2023-ansible-latest][] | [rndmh3ro/docker-amazon2023-ansible-latest][] | @@ -58,6 +59,7 @@ Sebastian Gumprich [docker-ubuntu1804-ansible-latest]: https://github.com/rndmh3ro/docker-ansible/blob/master/ubuntu1804-ansible-latest/Dockerfile [docker-ubuntu2004-ansible-latest]: https://github.com/rndmh3ro/docker-ansible/blob/master/ubuntu2004-ansible-latest/Dockerfile [docker-ubuntu2204-ansible-latest]: https://github.com/rndmh3ro/docker-ansible/blob/master/ubuntu2204-ansible-latest/Dockerfile +[docker-ubuntu2404-ansible-latest]: https://github.com/rndmh3ro/docker-ansible/blob/master/ubuntu2404-ansible-latest/Dockerfile [docker-alpine-ansible-latest]: https://github.com/rndmh3ro/docker-ansible/blob/master/alpine-ansible-latest/Dockerfile [docker-amazon2-ansible-latest]: https://github.com/rndmh3ro/docker-ansible/blob/master/amazon2-ansible-latest/Dockerfile [docker-amazon2023-ansible-latest]: https://github.com/rndmh3ro/docker-ansible/blob/master/amazon2023-ansible-latest/Dockerfile @@ -80,6 +82,7 @@ Sebastian Gumprich [ghcr.io/dev-sec/docker-ubuntu1804-ansible-latest]: https://github.com/dev-sec/docker-ansible/pkgs/container/docker-ubuntu1804-ansible [ghcr.io/dev-sec/docker-ubuntu2004-ansible-latest]: https://github.com/dev-sec/docker-ansible/pkgs/container/docker-ubuntu2004-ansible [ghcr.io/dev-sec/docker-ubuntu2204-ansible-latest]: https://github.com/dev-sec/docker-ansible/pkgs/container/docker-ubuntu2204-ansible +[ghcr.io/dev-sec/docker-ubuntu2404-ansible-latest]: https://github.com/dev-sec/docker-ansible/pkgs/container/docker-ubuntu2404-ansible [ghcr.io/dev-sec/docker-alpine-ansible-latest]: https://github.com/dev-sec/docker-ansible/pkgs/container/docker-alpine-ansible [ghcr.io/dev-sec/docker-amazon2-ansible-latest]: https://github.com/dev-sec/docker-ansible/pkgs/container/docker-amazon2-ansible [ghcr.io/dev-sec/docker-amazon2023-ansible-latest]: https://github.com/dev-sec/docker-ansible/pkgs/container/docker-amazon2023-ansible @@ -102,6 +105,7 @@ Sebastian Gumprich [rndmh3ro/docker-ubuntu1804-ansible-latest]: https://hub.docker.com/r/rndmh3ro/docker-ubuntu1804-ansible [rndmh3ro/docker-ubuntu2004-ansible-latest]: https://hub.docker.com/r/rndmh3ro/docker-ubuntu2004-ansible [rndmh3ro/docker-ubuntu2204-ansible-latest]: https://hub.docker.com/r/rndmh3ro/docker-ubuntu2204-ansible +[rndmh3ro/docker-ubuntu2404-ansible-latest]: https://hub.docker.com/r/rndmh3ro/docker-ubuntu2404-ansible [rndmh3ro/docker-alpine-ansible-latest]: https://hub.docker.com/r/rndmh3ro/docker-alpine-ansible [rndmh3ro/docker-amazon2-ansible-latest]: https://hub.docker.com/r/rndmh3ro/docker-amazon2-ansible [rndmh3ro/docker-amazon2023-ansible-latest]: https://hub.docker.com/r/rndmh3ro/docker-amazon2023-ansible diff --git a/ubuntu2404-ansible-latest/Dockerfile b/ubuntu2404-ansible-latest/Dockerfile new file mode 100644 index 0000000..1f764b9 --- /dev/null +++ b/ubuntu2404-ansible-latest/Dockerfile @@ -0,0 +1,43 @@ +FROM ubuntu:24.04 +LABEL maintainer="Sebastian Gumprich" + +# Install dependencies. +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + software-properties-common \ + rsyslog systemd systemd-cron sudo \ + && rm -Rf /var/lib/apt/lists/* \ + && rm -Rf /usr/share/doc && rm -Rf /usr/share/man \ + && apt-get clean +RUN sed -i 's/^\($ModLoad imklog\)/#\1/' /etc/rsyslog.conf +#ADD etc/rsyslog.d/50-default.conf /etc/rsyslog.d/50-default.conf + +# Install Ansible +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + ansible \ + && rm -rf /var/lib/apt/lists/* \ + && rm -Rf /usr/share/doc && rm -Rf /usr/share/man \ + && apt-get clean + +# Install Ansible inventory file +RUN mkdir /etc/ansible \ + && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts + +# https://molecule.readthedocs.io/en/latest/examples.html#docker-with-non-privileged-user +# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` +# This template gets rendered using `loop: "{{ molecule_yml.platforms }}"`, so +# each `item` is an element of platforms list from the molecule.yml file for this scenario. +ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer SUDO_GROUP=sudo +RUN set -xe \ + && groupadd -r ${ANSIBLE_USER} \ + && groupadd -r ${DEPLOY_GROUP} \ + && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \ + && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \ + && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \ + && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers + +# delete file created by systemd that prevents login via ssh +RUN rm -f /{var/run,etc,run}/nologin + +CMD [ "ansible-playbook", "--version" ]