Add Gemfile, Gemfile.lock
A build time dependency installation is considered a security
vulnerability, because compromised dependencies can lead to remote code
execution at build time or runtime. Added required files to address
this.
Change-Id: I69caeaf79cb3611291829bd5a51cf3c1226e91f2
Google-Bug-Id: b/280554949
diff --git a/jenkins-docker/agent-jekyll/Dockerfile b/jenkins-docker/agent-jekyll/Dockerfile
index 2ac7c9d..d89f56b 100644
--- a/jenkins-docker/agent-jekyll/Dockerfile
+++ b/jenkins-docker/agent-jekyll/Dockerfile
@@ -4,7 +4,6 @@
apt-get install -y ruby-full && \
apt-get clean && \
rm -Rf /var/lib/apt/lists && \
- gem install jekyll bundler:1.17.1
RUN git clone https://gerrit.googlesource.com/homepage /tmp/homepage && \
cd /tmp/homepage && \
diff --git a/jenkins-docker/agent-jekyll/Gemfile b/jenkins-docker/agent-jekyll/Gemfile
new file mode 100644
index 0000000..35d91e0
--- /dev/null
+++ b/jenkins-docker/agent-jekyll/Gemfile
@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gem 'jekyll'
+gem 'bundler'
+
+# gem "rails"
diff --git a/jenkins-docker/agent-jekyll/Gemfile.lock b/jenkins-docker/agent-jekyll/Gemfile.lock
new file mode 100644
index 0000000..07bde4d
--- /dev/null
+++ b/jenkins-docker/agent-jekyll/Gemfile.lock
@@ -0,0 +1,73 @@
+GEM
+ remote: https://rubygems.org/
+ specs:
+ addressable (2.8.4)
+ public_suffix (>= 2.0.2, < 6.0)
+ colorator (1.1.0)
+ concurrent-ruby (1.2.2)
+ em-websocket (0.5.3)
+ eventmachine (>= 0.12.9)
+ http_parser.rb (~> 0)
+ eventmachine (1.2.7)
+ ffi (1.15.5)
+ forwardable-extended (2.6.0)
+ google-protobuf (3.22.3-x86_64-linux)
+ http_parser.rb (0.8.0)
+ i18n (1.13.0)
+ concurrent-ruby (~> 1.0)
+ jekyll (4.3.2)
+ addressable (~> 2.4)
+ colorator (~> 1.0)
+ em-websocket (~> 0.5)
+ i18n (~> 1.0)
+ jekyll-sass-converter (>= 2.0, < 4.0)
+ jekyll-watch (~> 2.0)
+ kramdown (~> 2.3, >= 2.3.1)
+ kramdown-parser-gfm (~> 1.0)
+ liquid (~> 4.0)
+ mercenary (>= 0.3.6, < 0.5)
+ pathutil (~> 0.9)
+ rouge (>= 3.0, < 5.0)
+ safe_yaml (~> 1.0)
+ terminal-table (>= 1.8, < 4.0)
+ webrick (~> 1.7)
+ jekyll-sass-converter (3.0.0)
+ sass-embedded (~> 1.54)
+ jekyll-watch (2.2.1)
+ listen (~> 3.0)
+ kramdown (2.4.0)
+ rexml
+ kramdown-parser-gfm (1.1.0)
+ kramdown (~> 2.0)
+ liquid (4.0.4)
+ listen (3.8.0)
+ rb-fsevent (~> 0.10, >= 0.10.3)
+ rb-inotify (~> 0.9, >= 0.9.10)
+ mercenary (0.4.0)
+ pathutil (0.16.2)
+ forwardable-extended (~> 2.6)
+ public_suffix (5.0.1)
+ rake (13.0.6)
+ rb-fsevent (0.11.2)
+ rb-inotify (0.10.1)
+ ffi (~> 1.0)
+ rexml (3.2.5)
+ rouge (4.1.0)
+ safe_yaml (1.0.5)
+ sass-embedded (1.62.1)
+ google-protobuf (~> 3.21)
+ rake (>= 10.0.0)
+ terminal-table (3.0.2)
+ unicode-display_width (>= 1.1.1, < 3)
+ unicode-display_width (2.4.2)
+ webrick (1.8.1)
+
+PLATFORMS
+ x86_64-linux
+
+DEPENDENCIES
+ bundler
+ jekyll
+
+BUNDLED WITH
+ 2.4.12
