-
Notifications
You must be signed in to change notification settings - Fork 178
Expand file tree
/
Copy pathDockerfile.worker
More file actions
79 lines (60 loc) · 2.93 KB
/
Dockerfile.worker
File metadata and controls
79 lines (60 loc) · 2.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
FROM mirror.gcr.io/library/debian:13
RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y unzip ca-certificates curl bash git xz-utils proot && \
rm -rf /var/lib/apt/lists/*
ENV PUB_ENVIRONMENT="bot.pub_dev.pub_worker"
ENV CI="true"
ENV NO_COLOR="true"
# Configure a 'worker' user, to avoid running processes as root when this is not
# necessary (this is just docker hardening).
RUN groupadd -r worker -g 2000 && useradd --no-log-init -r -m -g worker worker
USER worker:2000
# Install pub-dev
COPY --chown=worker:worker . /home/worker/pub-dev
WORKDIR /home/worker/pub-dev
# Setup a rootfs for use in sandboxes
ENV SANDBOX_ROOTFS=/home/worker/sandbox-rootfs
RUN tool/setup-sandbox-rootfs.sh "${SANDBOX_ROOTFS}"
RUN proot -0 -r "${SANDBOX_ROOTFS}" -b /dev -b /proc -b /sys /bin/bash -c "apt update && apt install -y --no-install-recommends git ca-certificates && apt clean"
# A config directory for preview SDKs.
RUN mkdir -p /home/worker/config/dart-stable
RUN mkdir -p /home/worker/config/flutter-stable
# Setup Dart SDK into /home/worker/dart/{stable,preview}/
RUN XDG_CONFIG_HOME=/home/worker/config/dart-stable tool/setup-dart.sh /home/worker/dart/stable 3.11.2
# Setup Flutter SDK into /home/worker/flutter/{stable,preview}/
RUN XDG_CONFIG_HOME=/home/worker/config/flutter-stable tool/setup-flutter.sh /home/worker/flutter/stable 3.41.4
# Setup webp
RUN tool/setup-webp.sh /home/worker/bin
# Setup gvisor
RUN tool/setup-gvisor.sh /home/worker/gvisor
# Configure SDKs to be used for analysis
ENV DART_SDK="/home/worker/dart/stable"
ENV FLUTTER_ROOT="/home/worker/flutter/stable"
# Use stable Dart-SDK in PATH
ENV PATH="/home/worker/bin:/home/worker/dart/stable/bin:${PATH}"
# Setup dartdoc
ENV DARTDOC_DIR=/home/worker/dartdoc
RUN tool/setup-dartdoc.sh "${DARTDOC_DIR}" 9.0.4
ENV DARTDOC_BINARY="${DARTDOC_DIR}/build/dartdoc"
ENV DARTDOC_RESOURCES_DIR="${DARTDOC_DIR}/lib/resources"
# Install dependencies for pub_worker
WORKDIR /home/worker/pub-dev/pkg/pub_worker
RUN dart pub get
# Setup pana using the resolved version from pkg/pub_worker
RUN /home/worker/pub-dev/tool/setup-pana.sh /home/worker/pana
ENV PANA_LICENSE_DATA_DIR="/home/worker/pana/lib/src/third_party/spdx/licenses"
# AOT compile pub_worker
ENV PUB_WORKER_BUILD_DIR="/home/worker/pub-dev/pkg/pub_worker/build"
RUN mkdir -p "${PUB_WORKER_BUILD_DIR}"
RUN dart compile exe -o "build/pub_worker" "bin/pub_worker.dart"
ENV PATH="${PUB_WORKER_BUILD_DIR}:${PATH}"
# AOT compile the pub_worker_subprocess
RUN dart compile exe -o "build/pub_worker_subprocess" "bin/pub_worker_subprocess.dart"
ENV PUB_WORKER_SUBPROCESS_BINARY="${PUB_WORKER_BUILD_DIR}/pub_worker_subprocess"
# AOT compile sandbox runner
RUN dart compile exe -o "build/sandbox_runner" "bin/sandbox_runner.dart"
ENV SANDBOX_RUNNER="${PUB_WORKER_BUILD_DIR}/sandbox_runner"
# This container image is launched by cloud-init, and cloud-init is responsible
# for shutting down the VM when the container exits.
ENTRYPOINT ["pub_worker"]