-
Vamsi Peri authored
Updated the Global Bundle with the content of https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem -O rds-combined-ca-bundle.pem This is the new URL to be used, as described on https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html The new bundle: - removes expired root certificates - keeps certificates for `rds-ca-2019` - adds certificates for all regions for - `rds-ca-rsa2048-g1`: certificate authority with RSA 2048 private key algorithm and SHA256 signing algorithm - `rds-ca-rsa4096-g1`: certificate authority with RSA 4096 private key algorithm and SHA384 signing algorithm - `rds-ca-ecc384-g1`: certificate authority with ECC 384 private key algorithm and SHA384 signing algorithm It fixes #32017 and #27790 Co-authored-by:
Théophile Helleboid <theophile.helleboid.ext@qonto.com>
Vamsi Peri authoredUpdated the Global Bundle with the content of https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem -O rds-combined-ca-bundle.pem This is the new URL to be used, as described on https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html The new bundle: - removes expired root certificates - keeps certificates for `rds-ca-2019` - adds certificates for all regions for - `rds-ca-rsa2048-g1`: certificate authority with RSA 2048 private key algorithm and SHA256 signing algorithm - `rds-ca-rsa4096-g1`: certificate authority with RSA 4096 private key algorithm and SHA384 signing algorithm - `rds-ca-ecc384-g1`: certificate authority with ECC 384 private key algorithm and SHA384 signing algorithm It fixes #32017 and #27790 Co-authored-by:
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
Dockerfile 2.20 KiB
###################
# STAGE 1: builder
###################
FROM node:18-bullseye as builder
ARG MB_EDITION=oss
ARG VERSION
WORKDIR /home/node
RUN apt-get update && apt-get upgrade -y && apt-get install openjdk-11-jdk curl git -y \
&& curl -O https://download.clojure.org/install/linux-install-1.11.1.1262.sh \
&& chmod +x linux-install-1.11.1.1262.sh \
&& ./linux-install-1.11.1.1262.sh
COPY . .
# version is pulled from git, but git doesn't trust the directory due to different owners
RUN git config --global --add safe.directory /home/node
RUN INTERACTIVE=false CI=true MB_EDITION=$MB_EDITION bin/build.sh :version ${VERSION}
# ###################
# # STAGE 2: runner
# ###################
## Remember that this runner image needs to be the same as bin/docker/Dockerfile with the exception that this one grabs the
## jar from the previous stage rather than the local build
## we're not yet there to provide an ARM runner till https://github.com/adoptium/adoptium/issues/96 is ready
FROM --platform=linux/amd64 eclipse-temurin:11-jre-alpine as runner
ENV FC_LANG en-US LC_CTYPE en_US.UTF-8
# dependencies
RUN apk add -U bash fontconfig curl font-noto font-noto-arabic font-noto-hebrew font-noto-cjk java-cacerts && \
apk upgrade && \
rm -rf /var/cache/apk/* && \
mkdir -p /app/certs && \
curl https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem -o /app/certs/rds-combined-ca-bundle.pem && \
/opt/java/openjdk/bin/keytool -noprompt -import -trustcacerts -alias aws-rds -file /app/certs/rds-combined-ca-bundle.pem -keystore /etc/ssl/certs/java/cacerts -keypass changeit -storepass changeit && \
curl https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem -o /app/certs/DigiCertGlobalRootG2.crt.pem && \
/opt/java/openjdk/bin/keytool -noprompt -import -trustcacerts -alias azure-cert -file /app/certs/DigiCertGlobalRootG2.crt.pem -keystore /etc/ssl/certs/java/cacerts -keypass changeit -storepass changeit && \
mkdir -p /plugins && chmod a+rwx /plugins
# add Metabase script and uberjar
COPY --from=builder /home/node/target/uberjar/metabase.jar /app/
COPY bin/docker/run_metabase.sh /app/
# expose our default runtime port
EXPOSE 3000
# run it
ENTRYPOINT ["/app/run_metabase.sh"]