2023-05-18 12:19:51 +00:00
|
|
|
ARG RUNTIME_VERSION="3.11"
|
2023-10-02 08:58:32 +00:00
|
|
|
ARG DISTRO_VERSION="3.18"
|
2023-11-21 11:17:59 +00:00
|
|
|
ARG PULUMI_VERSION="3.89.0"
|
2021-09-23 17:27:06 +00:00
|
|
|
|
|
|
|
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION} AS builder
|
|
|
|
ARG PULUMI_VERSION
|
2023-10-27 11:20:45 +00:00
|
|
|
ARG RUNTIME_VERSION="3.11"
|
2021-09-23 17:27:06 +00:00
|
|
|
|
|
|
|
RUN apk add --no-cache \
|
|
|
|
autoconf \
|
|
|
|
automake \
|
|
|
|
build-base \
|
|
|
|
cmake \
|
|
|
|
curl \
|
|
|
|
make \
|
|
|
|
libc6-compat \
|
|
|
|
gcc \
|
|
|
|
linux-headers \
|
|
|
|
libffi-dev \
|
2022-02-08 16:08:09 +00:00
|
|
|
openssl-dev \
|
|
|
|
git
|
2021-09-23 17:27:06 +00:00
|
|
|
|
|
|
|
RUN if [ "$PULUMI_VERSION" = "latest" ]; then \
|
|
|
|
curl -fsSL https://get.pulumi.com/ | sh; \
|
|
|
|
else \
|
|
|
|
curl -fsSL https://get.pulumi.com/ | sh -s -- --version $PULUMI_VERSION ; \
|
|
|
|
fi
|
|
|
|
|
|
|
|
ENV VIRTUAL_ENV=/venv
|
|
|
|
RUN python -m venv $VIRTUAL_ENV
|
|
|
|
ENV PATH="$VIRTUAL_ENV/bin:$PATH"
|
|
|
|
|
|
|
|
# Install CloudBender
|
|
|
|
WORKDIR /app
|
|
|
|
COPY . /app
|
2023-11-21 11:17:59 +00:00
|
|
|
RUN pip install .
|
2021-09-23 17:27:06 +00:00
|
|
|
|
2022-06-01 11:16:19 +00:00
|
|
|
# minimal pulumi
|
2022-07-15 12:35:27 +00:00
|
|
|
RUN cd /root/.pulumi/bin && rm -f *dotnet *yaml *go *java && strip pulumi* || true
|
2021-09-23 17:27:06 +00:00
|
|
|
|
2023-10-27 11:02:09 +00:00
|
|
|
# Remove AWS keys from docstring to prevent trivy alerts later
|
2023-10-27 11:09:07 +00:00
|
|
|
RUN sed -i -e 's/AKIA.*//' /venv/lib/python${RUNTIME_VERSION}/site-packages/pulumi_aws/lightsail/bucket_access_key.py
|
2021-09-23 17:27:06 +00:00
|
|
|
|
2022-06-27 18:51:03 +00:00
|
|
|
# Now build the final runtime, incl. running rootless containers
|
2021-09-23 17:27:06 +00:00
|
|
|
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION}
|
|
|
|
|
2022-06-27 18:51:03 +00:00
|
|
|
ARG USER=cloudbender
|
|
|
|
|
2022-06-01 11:16:19 +00:00
|
|
|
#cd /etc/apk/keys && \
|
|
|
|
#echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
|
|
|
|
#cfssl@testing \
|
|
|
|
|
|
|
|
RUN apk upgrade -U --available --no-cache && \
|
|
|
|
apk add --no-cache \
|
2021-09-23 17:27:06 +00:00
|
|
|
libstdc++ \
|
|
|
|
libc6-compat \
|
|
|
|
ca-certificates \
|
2022-06-22 13:08:45 +00:00
|
|
|
aws-cli \
|
2022-06-27 18:51:03 +00:00
|
|
|
fuse-overlayfs \
|
|
|
|
podman \
|
|
|
|
buildah \
|
|
|
|
strace
|
2021-09-23 17:27:06 +00:00
|
|
|
|
|
|
|
COPY --from=builder /venv /venv
|
|
|
|
COPY --from=builder /root/.pulumi/bin /usr/local/bin
|
2022-06-27 18:51:03 +00:00
|
|
|
|
|
|
|
# Dont run as root by default
|
|
|
|
RUN addgroup $USER && adduser $USER -G $USER -D && \
|
|
|
|
mkdir -p /home/$USER/.local/share/containers && \
|
|
|
|
chown $USER:$USER -R /home/$USER
|
|
|
|
|
|
|
|
# Rootless podman
|
2022-07-15 12:35:27 +00:00
|
|
|
RUN mkdir -p /home/$USER/.config/containers
|
|
|
|
|
|
|
|
ADD --chown=$USER:$USER conf/containers.conf conf/registries.conf conf/storage.conf /home/$USER/.config/containers
|
|
|
|
|
|
|
|
RUN echo -e "$USER:1:999\n$USER:1001:64535" > /etc/subuid && \
|
2022-06-27 18:51:03 +00:00
|
|
|
echo -e "$USER:1:999\n$USER:1001:64535" > /etc/subgid && \
|
2022-07-15 12:35:27 +00:00
|
|
|
cd /usr/bin && ln -s podman docker && \
|
|
|
|
chown $USER:$USER -R /home/$USER
|
2022-06-01 11:16:19 +00:00
|
|
|
|
2021-09-23 17:27:06 +00:00
|
|
|
WORKDIR /workspace
|
|
|
|
|
2022-06-27 18:51:03 +00:00
|
|
|
ENV _CONTAINERS_USERNS_CONFIGURED=""
|
|
|
|
ENV BUILDAH_ISOLATION=chroot
|
|
|
|
|
2021-09-23 17:27:06 +00:00
|
|
|
ENV VIRTUAL_ENV=/venv
|
|
|
|
ENV PATH="$VIRTUAL_ENV/bin:$PATH"
|
2022-06-28 13:30:13 +00:00
|
|
|
ENV PULUMI_SKIP_UPDATE_CHECK=true
|
2021-09-23 17:27:06 +00:00
|
|
|
|
2022-06-27 18:51:03 +00:00
|
|
|
USER $USER
|
|
|
|
|
|
|
|
# Allow container layers to be stored in PVCs
|
|
|
|
VOLUME /home/$USER/.local/share/containers
|
2021-09-23 17:27:06 +00:00
|
|
|
|
|
|
|
CMD ["cloudbender"]
|