CRW-7880 Update Machineexec to use UBI9 (#683)

Author: SDawley

devspaces-machineexec/build/dockerfiles/brew.Dockerfile

@@ -9,16 +9,15 @@
 #   Red Hat, Inc. - initial API and implementation
 #
 
-# https://registry.access.redhat.com/rhel9-2-els/rhel
-FROM registry.redhat.io/rhel9-2-els/rhel:9.2-1405 as builder
+# https://registry.access.redhat.com/ubi9/go-toolset
+FROM registry.redhat.io/ubi9/go-toolset:1.22.7-1733160835 as builder
 ENV GOPATH=/go/ \
     CGO_ENABLED=1
 USER root
 WORKDIR /che-machine-exec/
 COPY . .
 # to test FIPS compliance, run https://github.com/openshift/check-payload#scan-a-container-or-operator-image against a built image
-RUN dnf -y install golang && \
-    adduser unprivilegeduser && \
+RUN adduser unprivilegeduser && \
     GOOS=linux go build -mod=vendor -a -ldflags '-w -s' -a -installsuffix cgo -o che-machine-exec . && \
     mkdir -p /rootfs/tmp /rootfs/etc /rootfs/go/bin && \
     # In the `scratch` you can't use Dockerfile#RUN, because there is no shell and no standard commands (mkdir and so on).
@@ -27,12 +26,12 @@ RUN dnf -y install golang && \
     cp -rf /etc/passwd /rootfs/etc && \
     cp -rf /che-machine-exec/che-machine-exec /rootfs/go/bin
 
-# https://registry.access.redhat.com/rhel9-2-els/rhel
-FROM registry.redhat.io/rhel9-2-els/rhel:9.2-1405 as runtime
+# https://registry.access.redhat.com/ubi9-minimal
+FROM registry.redhat.io/ubi9-minimal:9.5-1731593028 as runtime
 COPY --from=builder /rootfs /
-RUN dnf install -y openssl && \
-    dnf -y update && \
-    dnf clean -y all
+RUN microdnf install -y openssl && \
+    microdnf -y update && \
+    microdnf clean -y all
 
 USER unprivilegeduser
 ENTRYPOINT ["/go/bin/che-machine-exec"]

devspaces-machineexec/build/dockerfiles/rhel.Dockerfile

@@ -9,16 +9,15 @@
 #   Red Hat, Inc. - initial API and implementation
 #
 
-# https://registry.access.redhat.com/rhel9-2-els/rhel
-FROM registry.redhat.io/rhel9-2-els/rhel:9.2-1405 as builder
+# https://registry.access.redhat.com/ubi9/go-toolset
+FROM registry.redhat.io/ubi9/go-toolset:1.22.7-1733160835 as builder
 ENV GOPATH=/go/ \
     CGO_ENABLED=1
 USER root
 WORKDIR /che-machine-exec/
 COPY . .
 # to test FIPS compliance, run https://github.com/openshift/check-payload#scan-a-container-or-operator-image against a built image
-RUN dnf -y install golang && \
-    adduser unprivilegeduser && \
+RUN adduser unprivilegeduser && \
     GOOS=linux go build -mod=vendor -a -ldflags '-w -s' -a -installsuffix cgo -o che-machine-exec . && \
     mkdir -p /rootfs/tmp /rootfs/etc /rootfs/go/bin && \
     # In the `scratch` you can't use Dockerfile#RUN, because there is no shell and no standard commands (mkdir and so on).
@@ -27,12 +26,12 @@ RUN dnf -y install golang && \
     cp -rf /etc/passwd /rootfs/etc && \
     cp -rf /che-machine-exec/che-machine-exec /rootfs/go/bin
 
-# https://registry.access.redhat.com/rhel9-2-els/rhel
-FROM registry.redhat.io/rhel9-2-els/rhel:9.2-1405 as runtime
+# https://registry.access.redhat.com/ubi9-minimal
+FROM registry.redhat.io/ubi9-minimal:9.5-1731593028 as runtime
 COPY --from=builder /rootfs /
-RUN dnf install -y openssl && \
-    dnf -y update && \
-    dnf clean -y all
+RUN microdnf install -y openssl && \
+    microdnf -y update && \
+    microdnf clean -y all
 
 USER unprivilegeduser
 ENTRYPOINT ["/go/bin/che-machine-exec"]

devspaces-machineexec/content_sets.yml

@@ -12,11 +12,11 @@
 # likely this will be x86_64 and ppc64le initially.
 ---
 x86_64:
-- rhel-9-for-x86_64-baseos-eus-rpms__9_DOT_2
-- rhel-9-for-x86_64-appstream-eus-rpms__9_DOT_2
+- rhel-9-for-x86_64-baseos-rpms
+- rhel-9-for-x86_64-appstream-rpms
 s390x:
-- rhel-9-for-s390x-baseos-eus-rpms__9_DOT_2
-- rhel-9-for-s390x-appstream-eus-rpms__9_DOT_2
+- rhel-9-for-s390x-baseos-rpms
+- rhel-9-for-s390x-appstream-rpms
 ppc64le:
-- rhel-9-for-ppc64le-baseos-eus-rpms__9_DOT_2
-- rhel-9-for-ppc64le-appstream-eus-rpms__9_DOT_2
+- rhel-9-for-ppc64le-baseos-rpms
+- rhel-9-for-ppc64le-appstream-rpms