@sw-tsdk/connector 3.13.5 → 3.14.0-next.4c63083

package/lib/templates/python_310_definition_fips/Dockerfile

@@ -0,0 +1,52 @@
+# syntax=docker/dockerfile:1.2
+ARG COMPILE_BASE=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.10-latest
+ARG PYTHON_DEV_IMAGE=cgr.dev/swimlane.com/python-fips:3.10-dev
+ARG RUNNER_IMAGE_NAME=quay.io/swimlane-connectors/connector-python-runner-definition-base-fips:3.10-latest
+ARG RUNTIME_IMAGE=runtime-image
+
+# Stage 1: reference-only — pull the published compile-fips base to copy pre-installed swimlane libs
+FROM ${COMPILE_BASE} AS compile-base-libs
+
+# Stage 2: builder — dev image has shell, apk, and pip for all build-time operations.
+# The final FIPS image is distroless (no shell), so ALL RUN commands must happen here.
+FROM ${PYTHON_DEV_IMAGE} AS builder
+USER root
+
+# Carry over pre-installed swimlane SDK packages from the compile-fips base
+COPY --from=compile-base-libs /usr/local/lib /usr/local/lib
+COPY --from=compile-base-libs /usr/local/bin /usr/local/bin
+
+# Run compile-time OS package installs and custom scripts
+COPY compile.* /scripts/
+RUN if [ $(stat -c %s "/scripts/compile.txt") -ne 0 ]; then apk add --no-cache $(cat /scripts/compile.txt); fi
+RUN if [ $(stat -c %s "/scripts/compile.sh") -ne 0 ]; then chmod +x /scripts/compile.sh && /scripts/compile.sh; fi
+
+# Run runner-time OS package installs and custom scripts here too,
+# since the final runner FIPS image has no shell
+COPY runner.* /scripts/
+RUN if [ $(stat -c %s "/scripts/runner.txt") -ne 0 ]; then apk add --no-cache $(cat /scripts/runner.txt); fi
+RUN if [ $(stat -c %s "/scripts/runner.sh") -ne 0 ]; then chmod +x /scripts/runner.sh && /scripts/runner.sh; fi
+
+RUN rm -rf /scripts
+
+# Install connector Python dependencies
+COPY requirements.txt .
+RUN pip install -r requirements.txt
+
+# Stage 3: runtime-image — minimal distroless FIPS image, no shell, only copy artifacts
+FROM ${RUNNER_IMAGE_NAME} AS runtime-image
+USER root
+ARG ASSET_KEYS
+ENV ASSET_KEYS=$ASSET_KEYS
+
+COPY --from=builder /usr/local/lib /usr/local/lib
+COPY --from=builder /usr/local/bin /usr/local/bin
+
+COPY connector /app
+WORKDIR /app
+ENTRYPOINT ["python", "run.py"]
+
+FROM ${RUNTIME_IMAGE} AS connector-image
+{{#each labels}}
+LABEL {{{@key}}}="{{{this}}}"
+{{/each}}

package/lib/templates/python_311_definition_fips/Dockerfile

@@ -0,0 +1,52 @@
+# syntax=docker/dockerfile:1.2
+ARG COMPILE_BASE=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.11-latest
+ARG PYTHON_DEV_IMAGE=cgr.dev/swimlane.com/python-fips:3.11-dev
+ARG RUNNER_IMAGE_NAME=quay.io/swimlane-connectors/connector-python-runner-definition-base-fips:3.11-latest
+ARG RUNTIME_IMAGE=runtime-image
+
+# Stage 1: reference-only — pull the published compile-fips base to copy pre-installed swimlane libs
+FROM ${COMPILE_BASE} AS compile-base-libs
+
+# Stage 2: builder — dev image has shell, apk, and pip for all build-time operations.
+# The final FIPS image is distroless (no shell), so ALL RUN commands must happen here.
+FROM ${PYTHON_DEV_IMAGE} AS builder
+USER root
+
+# Carry over pre-installed swimlane SDK packages from the compile-fips base
+COPY --from=compile-base-libs /usr/local/lib /usr/local/lib
+COPY --from=compile-base-libs /usr/local/bin /usr/local/bin
+
+# Run compile-time OS package installs and custom scripts
+COPY compile.* /scripts/
+RUN if [ $(stat -c %s "/scripts/compile.txt") -ne 0 ]; then apk add --no-cache $(cat /scripts/compile.txt); fi
+RUN if [ $(stat -c %s "/scripts/compile.sh") -ne 0 ]; then chmod +x /scripts/compile.sh && /scripts/compile.sh; fi
+
+# Run runner-time OS package installs and custom scripts here too,
+# since the final runner FIPS image has no shell
+COPY runner.* /scripts/
+RUN if [ $(stat -c %s "/scripts/runner.txt") -ne 0 ]; then apk add --no-cache $(cat /scripts/runner.txt); fi
+RUN if [ $(stat -c %s "/scripts/runner.sh") -ne 0 ]; then chmod +x /scripts/runner.sh && /scripts/runner.sh; fi
+
+RUN rm -rf /scripts
+
+# Install connector Python dependencies
+COPY requirements.txt .
+RUN pip install -r requirements.txt
+
+# Stage 3: runtime-image — minimal distroless FIPS image, no shell, only copy artifacts
+FROM ${RUNNER_IMAGE_NAME} AS runtime-image
+USER root
+ARG ASSET_KEYS
+ENV ASSET_KEYS=$ASSET_KEYS
+
+COPY --from=builder /usr/local/lib /usr/local/lib
+COPY --from=builder /usr/local/bin /usr/local/bin
+
+COPY connector /app
+WORKDIR /app
+ENTRYPOINT ["python", "run.py"]
+
+FROM ${RUNTIME_IMAGE} AS connector-image
+{{#each labels}}
+LABEL {{{@key}}}="{{{this}}}"
+{{/each}}

package/lib/templates/python_312_definition_fips/Dockerfile

@@ -0,0 +1,52 @@
+# syntax=docker/dockerfile:1.2
+ARG COMPILE_BASE=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.12-latest
+ARG PYTHON_DEV_IMAGE=cgr.dev/swimlane.com/python-fips:3.12-dev
+ARG RUNNER_IMAGE_NAME=quay.io/swimlane-connectors/connector-python-runner-definition-base-fips:3.12-latest
+ARG RUNTIME_IMAGE=runtime-image
+
+# Stage 1: reference-only — pull the published compile-fips base to copy pre-installed swimlane libs
+FROM ${COMPILE_BASE} AS compile-base-libs
+
+# Stage 2: builder — dev image has shell, apk, and pip for all build-time operations.
+# The final FIPS image is distroless (no shell), so ALL RUN commands must happen here.
+FROM ${PYTHON_DEV_IMAGE} AS builder
+USER root
+
+# Carry over pre-installed swimlane SDK packages from the compile-fips base
+COPY --from=compile-base-libs /usr/local/lib /usr/local/lib
+COPY --from=compile-base-libs /usr/local/bin /usr/local/bin
+
+# Run compile-time OS package installs and custom scripts
+COPY compile.* /scripts/
+RUN if [ $(stat -c %s "/scripts/compile.txt") -ne 0 ]; then apk add --no-cache $(cat /scripts/compile.txt); fi
+RUN if [ $(stat -c %s "/scripts/compile.sh") -ne 0 ]; then chmod +x /scripts/compile.sh && /scripts/compile.sh; fi
+
+# Run runner-time OS package installs and custom scripts here too,
+# since the final runner FIPS image has no shell
+COPY runner.* /scripts/
+RUN if [ $(stat -c %s "/scripts/runner.txt") -ne 0 ]; then apk add --no-cache $(cat /scripts/runner.txt); fi
+RUN if [ $(stat -c %s "/scripts/runner.sh") -ne 0 ]; then chmod +x /scripts/runner.sh && /scripts/runner.sh; fi
+
+RUN rm -rf /scripts
+
+# Install connector Python dependencies
+COPY requirements.txt .
+RUN pip install -r requirements.txt
+
+# Stage 3: runtime-image — minimal distroless FIPS image, no shell, only copy artifacts
+FROM ${RUNNER_IMAGE_NAME} AS runtime-image
+USER root
+ARG ASSET_KEYS
+ENV ASSET_KEYS=$ASSET_KEYS
+
+COPY --from=builder /usr/local/lib /usr/local/lib
+COPY --from=builder /usr/local/bin /usr/local/bin
+
+COPY connector /app
+WORKDIR /app
+ENTRYPOINT ["python", "run.py"]
+
+FROM ${RUNTIME_IMAGE} AS connector-image
+{{#each labels}}
+LABEL {{{@key}}}="{{{this}}}"
+{{/each}}

package/lib/templates/python_39_definition_fips/Dockerfile

@@ -0,0 +1,52 @@
+# syntax=docker/dockerfile:1.2
+ARG COMPILE_BASE=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.9-latest
+ARG PYTHON_DEV_IMAGE=cgr.dev/swimlane.com/python-fips:3.9-dev
+ARG RUNNER_IMAGE_NAME=quay.io/swimlane-connectors/connector-python-runner-definition-base-fips:3.9-latest
+ARG RUNTIME_IMAGE=runtime-image
+
+# Stage 1: reference-only — pull the published compile-fips base to copy pre-installed swimlane libs
+FROM ${COMPILE_BASE} AS compile-base-libs
+
+# Stage 2: builder — dev image has shell, apk, and pip for all build-time operations.
+# The final FIPS image is distroless (no shell), so ALL RUN commands must happen here.
+FROM ${PYTHON_DEV_IMAGE} AS builder
+USER root
+
+# Carry over pre-installed swimlane SDK packages from the compile-fips base
+COPY --from=compile-base-libs /usr/local/lib /usr/local/lib
+COPY --from=compile-base-libs /usr/local/bin /usr/local/bin
+
+# Run compile-time OS package installs and custom scripts
+COPY compile.* /scripts/
+RUN if [ $(stat -c %s "/scripts/compile.txt") -ne 0 ]; then apk add --no-cache $(cat /scripts/compile.txt); fi
+RUN if [ $(stat -c %s "/scripts/compile.sh") -ne 0 ]; then chmod +x /scripts/compile.sh && /scripts/compile.sh; fi
+
+# Run runner-time OS package installs and custom scripts here too,
+# since the final runner FIPS image has no shell
+COPY runner.* /scripts/
+RUN if [ $(stat -c %s "/scripts/runner.txt") -ne 0 ]; then apk add --no-cache $(cat /scripts/runner.txt); fi
+RUN if [ $(stat -c %s "/scripts/runner.sh") -ne 0 ]; then chmod +x /scripts/runner.sh && /scripts/runner.sh; fi
+
+RUN rm -rf /scripts
+
+# Install connector Python dependencies
+COPY requirements.txt .
+RUN pip install -r requirements.txt
+
+# Stage 3: runtime-image — minimal distroless FIPS image, no shell, only copy artifacts
+FROM ${RUNNER_IMAGE_NAME} AS runtime-image
+USER root
+ARG ASSET_KEYS
+ENV ASSET_KEYS=$ASSET_KEYS
+
+COPY --from=builder /usr/local/lib /usr/local/lib
+COPY --from=builder /usr/local/bin /usr/local/bin
+
+COPY connector /app
+WORKDIR /app
+ENTRYPOINT ["python", "run.py"]
+
+FROM ${RUNTIME_IMAGE} AS connector-image
+{{#each labels}}
+LABEL {{{@key}}}="{{{this}}}"
+{{/each}}

package/package.json

@@ -9,9 +9,9 @@
     "@oclif/core": "2.8.5",
     "@oclif/plugin-help": "5.2.9",
     "@oclif/plugin-plugins": "3.1.2",
-    "@sw-tsdk/common": "3.13.5",
-    "@sw-tsdk/core": "3.13.5",
-    "@sw-tsdk/docker": "3.13.5",
+    "@sw-tsdk/common": "3.14.0-next.4c63083",
+    "@sw-tsdk/core": "3.14.0-next.4c63083",
+    "@sw-tsdk/docker": "3.14.0-next.4c63083",
     "@swimlane/connector-interfaces": "1.11.0",
     "@swimlane/cosign": "1.4.1",
     "archiver": "5.3.1",
@@ -66,6 +66,6 @@
     "test": "jest --passWithNoTests"
   },
   "types": "lib/index.d.ts",
-  "version": "3.13.5",
-  "gitHead": "e56963b3e0a07de2e3d374035789be8b70f97b3b"
+  "version": "3.14.0-next.4c63083",
+  "gitHead": "4c630831ab0eff8c7d4eb55116d14b3d06959387"
 }