From 238b1d4f2f2f061ffe44fb35d75486264370543c Mon Sep 17 00:00:00 2001
From: Sergiy Markin <smarkin@mirantis.com>
Date: Thu, 24 Apr 2025 16:22:59 +0000
Subject: [PATCH] Libyaml install from apt

This PS is to install libyaml from apt instead of
building it from source. Also we upgrade the Helm
version to 3.17.3 because of CVE.

In order to decrease the image size *-dev libs are
installed only when needed to build/install Python
packages.

Change-Id: Ie9d2f82eba1285d2b6956bc46c437b84f1e95ed4
---
 .zuul.yaml                            |  4 +-
 Makefile                              |  2 +-
 bindep.txt                            |  1 +
 images/armada/Dockerfile.ubuntu_jammy | 66 ++++++++++++---------------
 tools/helm_install.sh                 |  2 +-
 5 files changed, 33 insertions(+), 42 deletions(-)

diff --git a/.zuul.yaml b/.zuul.yaml
index 96badf00..6a2f9b5e 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -146,7 +146,7 @@
       flannel_version: v0.25.4
       metallb_setup: false
       metallb_version: "0.13.12"
-      helm_version: "v3.14.0"
+      helm_version: "v3.17.3"
       crictl_version: "v1.30.1"
       zuul_osh_infra_relative_path: ../openstack-helm
       gate_scripts_relative_path: ../openstack-helm
@@ -160,7 +160,7 @@
     parent: armada-base
     vars:
       site: airskiff
-      HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz
+      HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz
       HTK_COMMIT: 49c117443391cec75e0bd52bb4a9d033325927ad
       OSH_COMMIT: 49c117443391cec75e0bd52bb4a9d033325927ad
       CLONE_ARMADA: false
diff --git a/Makefile b/Makefile
index 3f4cd3f7..1176bed4 100644
--- a/Makefile
+++ b/Makefile
@@ -35,7 +35,7 @@ IMAGE_ALIAS              := ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${I
 UBUNTU_BASE_IMAGE ?=
 
 # Helm binary download url
-HELM_ARTIFACT_URL ?= https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz
+HELM_ARTIFACT_URL ?= https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz
 
 # VERSION INFO
 GIT_COMMIT = $(shell git rev-parse HEAD)
diff --git a/bindep.txt b/bindep.txt
index 5a40b0df..ba1356ce 100644
--- a/bindep.txt
+++ b/bindep.txt
@@ -7,4 +7,5 @@ libpq-dev [platform:dpkg]
 libsasl2-dev [platform:dpkg]
 libssl-dev [platform:dpkg]
 libre2-dev [platform:dpkg]
+libyaml-dev [platform:dpkg]
 ethtool [platform:dpkg]
\ No newline at end of file
diff --git a/images/armada/Dockerfile.ubuntu_jammy b/images/armada/Dockerfile.ubuntu_jammy
index 21e4eeab..f0f08274 100644
--- a/images/armada/Dockerfile.ubuntu_jammy
+++ b/images/armada/Dockerfile.ubuntu_jammy
@@ -27,7 +27,6 @@ RUN set -ex && \
     apt-get -y install \
     ca-certificates \
     curl \
-    git \
     netbase \
     python3-dev \
     python3-setuptools \
@@ -55,45 +54,36 @@ COPY requirements-frozen.txt ./
 ENV LD_LIBRARY_PATH=/usr/local/lib
 
 ARG HELM_ARTIFACT_URL
-ARG LIBYAML_VERSION=0.2.5
 
-# Build
+
 RUN set -ex \
-    && buildDeps=' \
-      automake \
-      gcc \
-      libssl-dev \
-      libtool \
-      make \
-      python3-pip \
-    ' \
-    && apt-get -qq update \
-    # Keep git separate so it's not removed below
-    && apt-get install -y $buildDeps git --no-install-recommends \
-    && git clone https://github.com/yaml/libyaml.git \
-    && cd libyaml \
-    && git checkout $LIBYAML_VERSION \
-    && ./bootstrap \
-    && ./configure \
-    && make \
-    && make install \
-    && cd .. \
-    && rm -fr libyaml \
-    && python3 -m pip install -U pip \
-    && pip3 install -r requirements-frozen.txt --no-cache-dir \
-    && curl -fSSL -O ${HELM_ARTIFACT_URL} \
-    && tar -xvf $(basename ${HELM_ARTIFACT_URL}) \
-    && mv linux-amd64/helm /usr/local/bin \
-    && apt-get purge -y --auto-remove $buildDeps \
-    && apt-get autoremove -yqq --purge \
-    && apt-get clean \
-    && rm -rf \
-        /var/lib/apt/lists/* \
-        /tmp/* \
-        /var/tmp/* \
-        /usr/share/man \
-        /usr/share/doc \
-        /usr/share/doc-base
+        && buildDeps=' \
+        automake \
+        gcc \
+        libssl-dev \
+        libyaml-dev \
+        libtool \
+        make \
+        python3-pip \
+        ' \
+        && apt-get -qq update \
+        # Keep git separate so it's not removed below
+        && apt-get install -y $buildDeps git --no-install-recommends \
+        && python3 -m pip install -U pip \
+        && pip3 install -r requirements-frozen.txt --no-cache-dir \
+        && curl -fSSL -O ${HELM_ARTIFACT_URL} \
+        && tar -xvf $(basename ${HELM_ARTIFACT_URL}) \
+        && mv linux-amd64/helm /usr/local/bin \
+        && apt-get purge -y --auto-remove $buildDeps \
+        && apt-get autoremove -yqq --purge \
+        && apt-get clean \
+        && rm -rf \
+            /var/lib/apt/lists/* \
+            /tmp/* \
+            /var/tmp/* \
+            /usr/share/man \
+            /usr/share/doc \
+            /usr/share/doc-base
 
 COPY . ./
 COPY --from=armada_go /usr/local/bin/armada /usr/local/bin/armada-go
diff --git a/tools/helm_install.sh b/tools/helm_install.sh
index 1f7898ac..bab8ef59 100755
--- a/tools/helm_install.sh
+++ b/tools/helm_install.sh
@@ -17,7 +17,7 @@
 set -x
 
 HELM=$1
-HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz"}
+HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz"}
 
 
 function install_helm_binary {