Merge branch 'st-1388-automatic-security-updates' into 'master'

ST-1388: Weekly automation for building OCI images with security updates

See merge request ska-telescope/ska-tango-images!177

images/ska-tango-images-tango-java/Dockerfile

@@ -6,6 +6,7 @@
 ARG CAR_OCI_REGISTRY_HOST
 ARG BUILD_IMAGE="${CAR_OCI_REGISTRY_HOST}/ska-tango-images-tango-dependencies:9.3.5"
 FROM $BUILD_IMAGE
+ARG DEBIAN_FRONTEND=noninteractive
 
 LABEL \
     author="Matteo Di Carlo <matteo.dicarlo@inaf.it>" \
@@ -20,11 +21,20 @@ ENV JAVA_DOWNLOAD_URL=https://artefact.skao.int/repository/raw-internal/ska-tang
 ENV TANGO_DOWNLOAD_URL=https://artefact.skao.int/repository/raw-internal/ska-tango-images/libraries/tango-9.3.4.tar.gz
 ENV LOG4J=https://artefact.skao.int/repository/raw-internal/ska-tango-images/libraries/log4j-1.2.17.tar.gz
 
-
 RUN apt-get update && \
-    DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \
-        wget sudo libxrender1 libxtst6 libxi6 \
-        build-essential curl file libmariadbclient-dev-compat pkg-config libmariadb3 python3
+    apt-get install -y --no-install-recommends \
+    wget \
+    sudo \
+    libxrender1 \
+    libxtst6 \
+    libxi6 \
+    build-essential \
+    curl \
+    file \
+    libmariadbclient-dev-compat \
+    pkg-config \
+    libmariadb3 \
+    python3 
 
 RUN mkdir /usr/java
 WORKDIR /usr/java

images/ska-tango-images-tango-jive/.release

-release=7.22.5
-tag=7.22.5
+release=7.22.6
+tag=7.22.6

images/ska-tango-images-tango-libtango/.release

-release=9.3.9
-tag=9.3.9
+release=9.3.10
+tag=9.3.10

images/ska-tango-images-tango-panic-gui/.release

-release=0.1.3
-tag=0.1.3
+release=0.1.4
+tag=0.1.4

images/ska-tango-images-tango-panic-gui/Dockerfile

 ARG CAR_OCI_REGISTRY_HOST
 ARG BASE_IMAGE="${CAR_OCI_REGISTRY_HOST}/ska-tango-images-pytango-builder:9.3.6"
 FROM $BASE_IMAGE
+ARG DEBIAN_FRONTEND=noninteractive
 
 LABEL \
     author="Andrew Bolin <andrew.bolin@csiro.au>, Matteo Di Carlo <matteo.dicarlo@inaf.it>" \
@@ -24,8 +25,8 @@ LABEL \
 
 RUN mv /etc/pip.conf /tmp/ska_pip_conf
 
-RUN apt-get update && \
-    apt-get -y install python2.7
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+    python2.7 
 
 RUN ln -s /usr/lib/x86_64-linux-gnu/libboost_python27.so /usr/lib/x86_64-linux-gnu/libboost_python-py27.so && \
     pip install panic lxml
@@ -38,8 +39,9 @@ ENV DISPLAY=:20
 
 USER root
 
-RUN apt-get update && apt-mark hold iptables && \
-    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+RUN apt-get update && \
+    apt-mark hold iptables && \
+    apt-get install -y --no-install-recommends \
     dbus-x11 \
     psmisc \
     xdg-utils \
@@ -78,7 +80,7 @@ RUN apt-get update && apt-mark hold iptables && \
 RUN sed -i 's%<property name="ThemeName" type="string" value="Xfce"/>%<property name="ThemeName" type="string" value="Raleigh"/>%' /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml
 
 RUN apt-get update && \
-    DEBIAN_FRONTEND=noninteractive apt-get install -y \
+    apt-get install -y --no-install-recommends \
     git \
     x11vnc \
     software-properties-common \

images/ska-tango-images-tango-panic/.release

-release=0.1.2
-tag=0.1.2
+release=0.1.3
+tag=0.1.3

images/ska-tango-images-tango-panic/Dockerfile

 ARG CAR_OCI_REGISTRY_HOST
 ARG BASE_IMAGE="${CAR_OCI_REGISTRY_HOST}/ska-tango-images-pytango-builder:9.3.6"
 FROM $BASE_IMAGE
+ARG DEBIAN_FRONTEND=noninteractive
 
 LABEL \
     author="Andrew Bolin <andrew.bolin@csiro.au>, Matteo Di Carlo <matteo.dicarlo@inaf.it>" \
@@ -20,13 +21,13 @@ LABEL \
 # - panic uses python 2, but 'python' maps to python3 in our base image,
 #     so we use sed to edit the PyAlarm launcher
 
-
 USER root
 
 RUN mv /etc/pip.conf /tmp/ska_pip_conf
 
 RUN apt-get update && \
-    DEBIAN_FRONTEND=noninteractive apt-get -y install python2.7 \
+    apt-get install -y --no-install-recommends \
+    python2.7 \
     python-pip \
     exim4 
 

images/ska-tango-images-tango-pogo/.release

-release=9.6.35
-tag=9.6.35
+release=9.6.36
+tag=9.6.36

images/ska-tango-images-tango-pogo/Dockerfile

@@ -13,18 +13,13 @@ LABEL \
 
 USER root
 
-
-
 ENV POGO_DOWNLOAD_URL=https://artefact.skao.int/repository/raw-internal/ska-tango-images/libraries/Pogo-9.6.31.jar
 
-RUN apt-get update && \
-    apt-get -y install wget
-
 WORKDIR /usr/local/share/java
 
 # Pogo is included in tango source distribution, but replace with a newer version
 # Official source:  https://bintray.com/tango-controls/maven/Pogo/_latestVersion
-RUN wget --no-check-certificate "$POGO_DOWNLOAD_URL" -O Pogo-9.6.31.jar \
+RUN curl -k "$POGO_DOWNLOAD_URL" -o Pogo-9.6.31.jar \
     && ln -sf Pogo-9.6.31.jar Pogo.jar
 
 USER tango

images/ska-tango-images-tango-pytango/.release

-release=9.3.10
-tag=9.3.10
+release=9.3.11
+tag=9.3.11

images/ska-tango-images-tango-rest/.release

-release=1.14.7
-tag=1.14.7
+release=1.14.8
+tag=1.14.8

images/ska-tango-images-tango-rest/Dockerfile

@@ -3,11 +3,15 @@ ARG BUILD_IMAGE="${CAR_OCI_REGISTRY_HOST}/ska-tango-images-tango-dependencies:9.
 ARG BASE_IMAGE="${CAR_OCI_REGISTRY_HOST}/ska-tango-images-tango-java:9.3.5"
 
 FROM $BUILD_IMAGE AS buildenv
+ARG DEBIAN_FRONTEND=noninteractive
 
 ENV MTANGOREST_DOWNLOAD_URL=https://github.com/tango-controls/rest-server/releases/download/rest-server-1.14/rest-server-1.14.jar
 
 RUN apt-get update && \
-    apt-get -y install ca-certificates curl libtcnative-1 --no-install-recommends
+    apt-get install -y --no-install-recommends \
+    ca-certificates \
+    curl \
+    libtcnative-1 
 
 RUN mkdir -p /usr/local/lib/tango
 
@@ -16,6 +20,7 @@ WORKDIR /usr/local/lib/tango
 RUN curl -fsSL "$MTANGOREST_DOWNLOAD_URL" -o mtangorest.jar
 
 FROM $BASE_IMAGE
+ARG DEBIAN_FRONTEND=noninteractive
 
 LABEL \
     author="Matteo Di Carlo <matteo.dicarlo@inaf.it>" \
@@ -33,7 +38,9 @@ USER root
 RUN mkdir -p /usr/share/man/man1
 
 RUN apt-get update && \
-    apt-get -y install supervisor libtcnative-1 --no-install-recommends
+    apt-get install -y --no-install-recommends \
+    supervisor \
+    libtcnative-1
 
 RUN ln -s /usr/lib/x86_64-linux-gnu/libtcnative-1.so /usr/lib/libtcnative-1.so
 

images/ska-tango-images-tango-test/.release

-release=3.0.6
-tag=3.0.6
+release=3.0.7
+tag=3.0.7

images/ska-tango-images-tango-vnc/.release

-release=0.1.7
-tag=0.1.7
+release=0.1.8
+tag=0.1.8

images/ska-tango-images-tango-vnc/Dockerfile

@@ -6,6 +6,7 @@
 ARG CAR_OCI_REGISTRY_HOST
 ARG BASE_IMAGE="${CAR_OCI_REGISTRY_HOST}/ska-tango-images-tango-java:9.3.5"
 FROM $BASE_IMAGE
+ARG DEBIAN_FRONTEND=noninteractive
 
 LABEL \
     author="Matteo Di Carlo <matteo.dicarlo@inaf.it>" \
@@ -21,7 +22,8 @@ ENV DISPLAY=:20
 
 USER root
 
-RUN apt-get update && apt-mark hold iptables && \
+RUN apt-get update && \
+    apt-mark hold iptables && \
     apt-get install -y --no-install-recommends \
     dbus-x11 \
     psmisc \
@@ -60,7 +62,8 @@ RUN apt-get update && apt-mark hold iptables && \
 
 RUN sed -i 's%<property name="ThemeName" type="string" value="Xfce"/>%<property name="ThemeName" type="string" value="Raleigh"/>%' /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml
 
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ 
+RUN apt-get update && \
+    apt-get -y install --no-install-recommends \
     git \
     x11vnc \
     software-properties-common \