control-service: job-builder-secure using kaniko fix

projects/control-service/projects/job-builder-secure/Dockerfile

@@ -1,32 +1,6 @@
 # Used to trigger a build for a data job image.
 
-FROM gcr.io/kaniko-project/executor
-
-FROM alpine
-
-COPY --from=0 /kaniko /kaniko
-
-
-ENV PATH $PATH:/kaniko
-ENV SSL_CERT_DIR=/kaniko/ssl/certs
-ENV DOCKER_CONFIG /kaniko/.docker/
-
-WORKDIR /workspace
+FROM versatiledatakit/job-builder:latest
 
+# overwrite the Dockerfile used to build VDK jobs with our own with extra security hardening.
 COPY Dockerfile.python.vdk /workspace/Dockerfile
-COPY build_image.sh /build_image.sh
-RUN chmod +x /build_image.sh
-
-
-# Setup Python and Git
-## Update & Install dependencies
-RUN apk add --no-cache --update \
-    git \
-    bash
-
-RUN apk add --update --no-cache python3=3.10.10-r0 py3-pip \
-    && pip3 install awscli  \
-    && apk --purge -v del py3-pip \
-    && rm -rf /var/cache/apk/*
-
-ENTRYPOINT ["/build_image.sh"]

projects/control-service/projects/job-builder-secure/README.md

@@ -1,2 +1,8 @@
 # Secure Job Builder
-This package provides a way to configure and build your own Data Job images.
+
+Secure Job Builder extends [the standard job-builder ](../job-builder/README.md) and
+provides a secure environment for the execution of data jobs in Python.
+
+It uses a [secure base Python image](versatiledatakit/data-job-base-python-3.10-secure:latest),
+creates a non-root user to perform tasks, remove execution permissions on data job files.
+It also removes several system executables and pip, minimizing the attack surface within the container.

projects/control-service/projects/job-builder-secure/version.txt

@@ -1 +1 @@
-1.1.3
+1.2.0