@sw-tsdk/connector 3.23.0-alpha.d6f4e28 → 3.23.0-alpha.e57e805
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -10,9 +10,7 @@ FROM ${PYTHON_DEV_IMAGE} AS builder
|
|
|
10
10
|
USER root
|
|
11
11
|
|
|
12
12
|
# Carry over pre-installed swimlane SDK packages from the compile-fips base
|
|
13
|
-
COPY --from=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.10-latest /usr/
|
|
14
|
-
COPY --from=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.10-latest /usr/local/bin /usr/local/bin
|
|
15
|
-
|
|
13
|
+
COPY --from=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.10-latest /usr/lib/python3.10/site-packages /usr/lib/python3.10/site-packages
|
|
16
14
|
|
|
17
15
|
# Run compile-time OS package installs and custom scripts
|
|
18
16
|
COPY compile.* /scripts/
|
|
@@ -20,9 +18,12 @@ RUN if [ $(stat -c %s "/scripts/compile.txt") -ne 0 ]; then apk add --no-cache $
|
|
|
20
18
|
RUN if [ $(stat -c %s "/scripts/compile.sh") -ne 0 ]; then chmod +x /scripts/compile.sh && /scripts/compile.sh; fi
|
|
21
19
|
|
|
22
20
|
# Run runner-time OS package installs and custom scripts here too,
|
|
23
|
-
# since the final runner FIPS image has no shell
|
|
21
|
+
# since the final runner FIPS image has no shell.
|
|
22
|
+
# OS packages are installed into an isolated root (/runner-os-pkgs) so they can
|
|
23
|
+
# be selectively copied to the distroless runtime stage without leaking dev toolchain.
|
|
24
24
|
COPY runner.* /scripts/
|
|
25
|
-
RUN
|
|
25
|
+
RUN mkdir -p /runner-os-pkgs && \
|
|
26
|
+
if [ $(stat -c %s "/scripts/runner.txt") -ne 0 ]; then apk add --no-cache --root /runner-os-pkgs --initdb $(cat /scripts/runner.txt); fi
|
|
26
27
|
RUN if [ $(stat -c %s "/scripts/runner.sh") -ne 0 ]; then chmod +x /scripts/runner.sh && /scripts/runner.sh; fi
|
|
27
28
|
|
|
28
29
|
RUN rm -rf /scripts
|
|
@@ -34,16 +35,23 @@ RUN pip install --target /connector-deps -r requirements.txt
|
|
|
34
35
|
|
|
35
36
|
# Stage 3: runtime-image — minimal distroless FIPS image, no shell, only copy artifacts
|
|
36
37
|
FROM ${RUNNER_IMAGE_NAME} AS runtime-image
|
|
37
|
-
USER root
|
|
38
38
|
ARG ASSET_KEYS
|
|
39
39
|
ENV ASSET_KEYS=$ASSET_KEYS
|
|
40
40
|
|
|
41
|
+
# Copy runner OS packages installed in the isolated root during the builder stage.
|
|
42
|
+
COPY --from=builder /runner-os-pkgs /
|
|
43
|
+
|
|
44
|
+
# Copy compile-fips base packages (e.g. connector_definition_runner, pylint, black, etc.)
|
|
45
|
+
# from the builder stage so they are available at runtime.
|
|
46
|
+
COPY --from=builder /usr/lib/python3.10/site-packages /usr/lib/python3.10/site-packages/
|
|
47
|
+
|
|
41
48
|
# Copy only the connector-specific packages into site-packages.
|
|
42
49
|
# The runner's own FIPS Python installation remains intact.
|
|
43
|
-
COPY --from=builder /connector-deps /usr/
|
|
50
|
+
COPY --from=builder /connector-deps /usr/lib/python3.10/site-packages/
|
|
44
51
|
|
|
45
52
|
COPY connector /app
|
|
46
53
|
WORKDIR /app
|
|
54
|
+
USER nonroot
|
|
47
55
|
ENTRYPOINT ["python", "run.py"]
|
|
48
56
|
|
|
49
57
|
FROM ${RUNTIME_IMAGE} AS connector-image
|
|
@@ -10,8 +10,7 @@ FROM ${PYTHON_DEV_IMAGE} AS builder
|
|
|
10
10
|
USER root
|
|
11
11
|
|
|
12
12
|
# Carry over pre-installed swimlane SDK packages from the compile-fips base
|
|
13
|
-
COPY --from=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.11-latest /usr/
|
|
14
|
-
COPY --from=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.11-latest /usr/local/bin /usr/local/bin
|
|
13
|
+
COPY --from=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.11-latest /usr/lib/python3.11/site-packages /usr/lib/python3.11/site-packages
|
|
15
14
|
|
|
16
15
|
# Run compile-time OS package installs and custom scripts
|
|
17
16
|
COPY compile.* /scripts/
|
|
@@ -19,9 +18,12 @@ RUN if [ $(stat -c %s "/scripts/compile.txt") -ne 0 ]; then apk add --no-cache $
|
|
|
19
18
|
RUN if [ $(stat -c %s "/scripts/compile.sh") -ne 0 ]; then chmod +x /scripts/compile.sh && /scripts/compile.sh; fi
|
|
20
19
|
|
|
21
20
|
# Run runner-time OS package installs and custom scripts here too,
|
|
22
|
-
# since the final runner FIPS image has no shell
|
|
21
|
+
# since the final runner FIPS image has no shell.
|
|
22
|
+
# OS packages are installed into an isolated root (/runner-os-pkgs) so they can
|
|
23
|
+
# be selectively copied to the distroless runtime stage without leaking dev toolchain.
|
|
23
24
|
COPY runner.* /scripts/
|
|
24
|
-
RUN
|
|
25
|
+
RUN mkdir -p /runner-os-pkgs && \
|
|
26
|
+
if [ $(stat -c %s "/scripts/runner.txt") -ne 0 ]; then apk add --no-cache --root /runner-os-pkgs --initdb $(cat /scripts/runner.txt); fi
|
|
25
27
|
RUN if [ $(stat -c %s "/scripts/runner.sh") -ne 0 ]; then chmod +x /scripts/runner.sh && /scripts/runner.sh; fi
|
|
26
28
|
|
|
27
29
|
RUN rm -rf /scripts
|
|
@@ -33,16 +35,23 @@ RUN pip install --target /connector-deps -r requirements.txt
|
|
|
33
35
|
|
|
34
36
|
# Stage 3: runtime-image — minimal distroless FIPS image, no shell, only copy artifacts
|
|
35
37
|
FROM ${RUNNER_IMAGE_NAME} AS runtime-image
|
|
36
|
-
USER root
|
|
37
38
|
ARG ASSET_KEYS
|
|
38
39
|
ENV ASSET_KEYS=$ASSET_KEYS
|
|
39
40
|
|
|
41
|
+
# Copy runner OS packages installed in the isolated root during the builder stage.
|
|
42
|
+
COPY --from=builder /runner-os-pkgs /
|
|
43
|
+
|
|
44
|
+
# Copy compile-fips base packages (e.g. connector_definition_runner, pylint, black, etc.)
|
|
45
|
+
# from the builder stage so they are available at runtime.
|
|
46
|
+
COPY --from=builder /usr/lib/python3.11/site-packages /usr/lib/python3.11/site-packages/
|
|
47
|
+
|
|
40
48
|
# Copy only the connector-specific packages into site-packages.
|
|
41
49
|
# The runner's own FIPS Python installation remains intact.
|
|
42
|
-
COPY --from=builder /connector-deps /usr/
|
|
50
|
+
COPY --from=builder /connector-deps /usr/lib/python3.11/site-packages/
|
|
43
51
|
|
|
44
52
|
COPY connector /app
|
|
45
53
|
WORKDIR /app
|
|
54
|
+
USER nonroot
|
|
46
55
|
ENTRYPOINT ["python", "run.py"]
|
|
47
56
|
|
|
48
57
|
FROM ${RUNTIME_IMAGE} AS connector-image
|
|
@@ -10,9 +10,7 @@ FROM ${PYTHON_DEV_IMAGE} AS builder
|
|
|
10
10
|
USER root
|
|
11
11
|
|
|
12
12
|
# Carry over pre-installed swimlane SDK packages from the compile-fips base
|
|
13
|
-
COPY --from=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.12-latest /usr/
|
|
14
|
-
COPY --from=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.12-latest /usr/local/bin /usr/local/bin
|
|
15
|
-
|
|
13
|
+
COPY --from=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.12-latest /usr/lib/python3.12/site-packages /usr/lib/python3.12/site-packages
|
|
16
14
|
|
|
17
15
|
# Run compile-time OS package installs and custom scripts
|
|
18
16
|
COPY compile.* /scripts/
|
|
@@ -20,9 +18,12 @@ RUN if [ $(stat -c %s "/scripts/compile.txt") -ne 0 ]; then apk add --no-cache $
|
|
|
20
18
|
RUN if [ $(stat -c %s "/scripts/compile.sh") -ne 0 ]; then chmod +x /scripts/compile.sh && /scripts/compile.sh; fi
|
|
21
19
|
|
|
22
20
|
# Run runner-time OS package installs and custom scripts here too,
|
|
23
|
-
# since the final runner FIPS image has no shell
|
|
21
|
+
# since the final runner FIPS image has no shell.
|
|
22
|
+
# OS packages are installed into an isolated root (/runner-os-pkgs) so they can
|
|
23
|
+
# be selectively copied to the distroless runtime stage without leaking dev toolchain.
|
|
24
24
|
COPY runner.* /scripts/
|
|
25
|
-
RUN
|
|
25
|
+
RUN mkdir -p /runner-os-pkgs && \
|
|
26
|
+
if [ $(stat -c %s "/scripts/runner.txt") -ne 0 ]; then apk add --no-cache --root /runner-os-pkgs --initdb $(cat /scripts/runner.txt); fi
|
|
26
27
|
RUN if [ $(stat -c %s "/scripts/runner.sh") -ne 0 ]; then chmod +x /scripts/runner.sh && /scripts/runner.sh; fi
|
|
27
28
|
|
|
28
29
|
RUN rm -rf /scripts
|
|
@@ -34,16 +35,23 @@ RUN pip install --target /connector-deps -r requirements.txt
|
|
|
34
35
|
|
|
35
36
|
# Stage 3: runtime-image — minimal distroless FIPS image, no shell, only copy artifacts
|
|
36
37
|
FROM ${RUNNER_IMAGE_NAME} AS runtime-image
|
|
37
|
-
USER root
|
|
38
38
|
ARG ASSET_KEYS
|
|
39
39
|
ENV ASSET_KEYS=$ASSET_KEYS
|
|
40
40
|
|
|
41
|
+
# Copy runner OS packages installed in the isolated root during the builder stage.
|
|
42
|
+
COPY --from=builder /runner-os-pkgs /
|
|
43
|
+
|
|
44
|
+
# Copy compile-fips base packages (e.g. connector_definition_runner, pylint, black, etc.)
|
|
45
|
+
# from the builder stage so they are available at runtime.
|
|
46
|
+
COPY --from=builder /usr/lib/python3.12/site-packages /usr/lib/python3.12/site-packages/
|
|
47
|
+
|
|
41
48
|
# Copy only the connector-specific packages into site-packages.
|
|
42
49
|
# The runner's own FIPS Python installation remains intact.
|
|
43
|
-
COPY --from=builder /connector-deps /usr/
|
|
50
|
+
COPY --from=builder /connector-deps /usr/lib/python3.12/site-packages/
|
|
44
51
|
|
|
45
52
|
COPY connector /app
|
|
46
53
|
WORKDIR /app
|
|
54
|
+
USER nonroot
|
|
47
55
|
ENTRYPOINT ["python", "run.py"]
|
|
48
56
|
|
|
49
57
|
FROM ${RUNTIME_IMAGE} AS connector-image
|
|
@@ -10,9 +10,7 @@ FROM ${PYTHON_DEV_IMAGE} AS builder
|
|
|
10
10
|
USER root
|
|
11
11
|
|
|
12
12
|
# Carry over pre-installed swimlane SDK packages from the compile-fips base
|
|
13
|
-
COPY --from=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.9-latest /usr/
|
|
14
|
-
COPY --from=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.9-latest /usr/local/bin /usr/local/bin
|
|
15
|
-
|
|
13
|
+
COPY --from=quay.io/swimlane-connectors/connector-python-compile-definition-base-fips:3.9-latest /usr/lib/python3.9/site-packages /usr/lib/python3.9/site-packages
|
|
16
14
|
|
|
17
15
|
# Run compile-time OS package installs and custom scripts
|
|
18
16
|
COPY compile.* /scripts/
|
|
@@ -20,9 +18,12 @@ RUN if [ $(stat -c %s "/scripts/compile.txt") -ne 0 ]; then apk add --no-cache $
|
|
|
20
18
|
RUN if [ $(stat -c %s "/scripts/compile.sh") -ne 0 ]; then chmod +x /scripts/compile.sh && /scripts/compile.sh; fi
|
|
21
19
|
|
|
22
20
|
# Run runner-time OS package installs and custom scripts here too,
|
|
23
|
-
# since the final runner FIPS image has no shell
|
|
21
|
+
# since the final runner FIPS image has no shell.
|
|
22
|
+
# OS packages are installed into an isolated root (/runner-os-pkgs) so they can
|
|
23
|
+
# be selectively copied to the distroless runtime stage without leaking dev toolchain.
|
|
24
24
|
COPY runner.* /scripts/
|
|
25
|
-
RUN
|
|
25
|
+
RUN mkdir -p /runner-os-pkgs && \
|
|
26
|
+
if [ $(stat -c %s "/scripts/runner.txt") -ne 0 ]; then apk add --no-cache --root /runner-os-pkgs --initdb $(cat /scripts/runner.txt); fi
|
|
26
27
|
RUN if [ $(stat -c %s "/scripts/runner.sh") -ne 0 ]; then chmod +x /scripts/runner.sh && /scripts/runner.sh; fi
|
|
27
28
|
|
|
28
29
|
RUN rm -rf /scripts
|
|
@@ -34,16 +35,23 @@ RUN pip install --target /connector-deps -r requirements.txt
|
|
|
34
35
|
|
|
35
36
|
# Stage 3: runtime-image — minimal distroless FIPS image, no shell, only copy artifacts
|
|
36
37
|
FROM ${RUNNER_IMAGE_NAME} AS runtime-image
|
|
37
|
-
USER root
|
|
38
38
|
ARG ASSET_KEYS
|
|
39
39
|
ENV ASSET_KEYS=$ASSET_KEYS
|
|
40
40
|
|
|
41
|
+
# Copy runner OS packages installed in the isolated root during the builder stage.
|
|
42
|
+
COPY --from=builder /runner-os-pkgs /
|
|
43
|
+
|
|
44
|
+
# Copy compile-fips base packages (e.g. connector_definition_runner, pylint, black, etc.)
|
|
45
|
+
# from the builder stage so they are available at runtime.
|
|
46
|
+
COPY --from=builder /usr/lib/python3.9/site-packages /usr/lib/python3.9/site-packages/
|
|
47
|
+
|
|
41
48
|
# Copy only the connector-specific packages into site-packages.
|
|
42
49
|
# The runner's own FIPS Python installation remains intact.
|
|
43
|
-
COPY --from=builder /connector-deps /usr/
|
|
50
|
+
COPY --from=builder /connector-deps /usr/lib/python3.9/site-packages/
|
|
44
51
|
|
|
45
52
|
COPY connector /app
|
|
46
53
|
WORKDIR /app
|
|
54
|
+
USER nonroot
|
|
47
55
|
ENTRYPOINT ["python", "run.py"]
|
|
48
56
|
|
|
49
57
|
FROM ${RUNTIME_IMAGE} AS connector-image
|
package/package.json
CHANGED
|
@@ -9,9 +9,9 @@
|
|
|
9
9
|
"@oclif/core": "2.8.5",
|
|
10
10
|
"@oclif/plugin-help": "5.2.9",
|
|
11
11
|
"@oclif/plugin-plugins": "3.1.2",
|
|
12
|
-
"@sw-tsdk/common": "3.23.0-alpha.
|
|
13
|
-
"@sw-tsdk/core": "3.23.0-alpha.
|
|
14
|
-
"@sw-tsdk/docker": "3.23.0-alpha.
|
|
12
|
+
"@sw-tsdk/common": "3.23.0-alpha.e57e805",
|
|
13
|
+
"@sw-tsdk/core": "3.23.0-alpha.e57e805",
|
|
14
|
+
"@sw-tsdk/docker": "3.23.0-alpha.e57e805",
|
|
15
15
|
"@swimlane/connector-interfaces": "1.11.0",
|
|
16
16
|
"@swimlane/cosign": "1.4.1",
|
|
17
17
|
"archiver": "5.3.1",
|
|
@@ -66,6 +66,6 @@
|
|
|
66
66
|
"test": "jest --passWithNoTests"
|
|
67
67
|
},
|
|
68
68
|
"types": "lib/index.d.ts",
|
|
69
|
-
"version": "3.23.0-alpha.
|
|
70
|
-
"gitHead": "
|
|
69
|
+
"version": "3.23.0-alpha.e57e805",
|
|
70
|
+
"gitHead": "e57e8059dece985372ecb69decd41df9894e8791"
|
|
71
71
|
}
|