-
Notifications
You must be signed in to change notification settings - Fork 65
/
Copy pathDockerfile
163 lines (143 loc) · 6.64 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# syntax=docker/dockerfile:1.3-labs
# https://registry.access.redhat.com/ubi9/ubi
FROM registry.access.redhat.com/ubi9/ubi:9.5-1734495538
LABEL maintainer="Red Hat, Inc."
LABEL com.redhat.component="devfile-base-container"
LABEL name="devfile/base-developer-image"
LABEL version="ubi9"
#label for EULA
LABEL com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI"
#labels for container catalog
LABEL summary="devfile base developer image"
LABEL description="Image with base developers tools. Languages SDK and runtimes excluded."
LABEL io.k8s.display-name="devfile-developer-base"
LABEL io.openshift.expose-services=""
USER 0
ENV HOME=/home/tooling
RUN mkdir -p /home/tooling/
## add epel repos so that p7zip p7zip-plugins stow can be found
RUN dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
dnf install -y diffutils git git-lfs iproute jq less lsof man nano procps p7zip p7zip-plugins \
perl-Digest-SHA net-tools openssh-clients rsync socat sudo time vim wget zip stow && \
dnf update -y && \
dnf clean all
## podman buildah skopeo
RUN dnf -y reinstall shadow-utils && \
dnf -y install podman buildah skopeo fuse-overlayfs && \
dnf clean all
## gh-cli
RUN \
TEMP_DIR="$(mktemp -d)"; \
cd "${TEMP_DIR}"; \
GH_VERSION="2.45.0"; \
GH_ARCH="linux_amd64"; \
GH_TGZ="gh_${GH_VERSION}_${GH_ARCH}.tar.gz"; \
GH_TGZ_URL="https://github.com/cli/cli/releases/download/v${GH_VERSION}/${GH_TGZ}"; \
GH_CHEKSUMS_URL="https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_checksums.txt"; \
curl -sSLO "${GH_TGZ_URL}"; \
curl -sSLO "${GH_CHEKSUMS_URL}"; \
sha256sum --ignore-missing -c "gh_${GH_VERSION}_checksums.txt" 2>&1 | grep OK; \
tar -zxv --no-same-owner -f "${GH_TGZ}"; \
mv "gh_${GH_VERSION}_${GH_ARCH}"/bin/gh /usr/local/bin/; \
mv "gh_${GH_VERSION}_${GH_ARCH}"/share/man/man1/* /usr/local/share/man/man1; \
cd -; \
rm -rf "${TEMP_DIR}"
## ripgrep
RUN \
TEMP_DIR="$(mktemp -d)"; \
cd "${TEMP_DIR}"; \
RG_VERSION="13.0.0"; \
RG_ARCH="x86_64-unknown-linux-musl"; \
RG_TGZ="ripgrep-${RG_VERSION}-${RG_ARCH}.tar.gz"; \
RG_TGZ_URL="https://github.com/BurntSushi/ripgrep/releases/download/${RG_VERSION}/${RG_TGZ}"; \
curl -sSLO "${RG_TGZ_URL}"; \
tar -zxv --no-same-owner -f "${RG_TGZ}"; \
mv "ripgrep-${RG_VERSION}-${RG_ARCH}"/rg /usr/local/bin/; \
mv "ripgrep-${RG_VERSION}-${RG_ARCH}"/doc/rg.1 /usr/local/share/man/man1; \
cd -; \
rm -rf "${TEMP_DIR}"
## bat
RUN \
TEMP_DIR="$(mktemp -d)"; \
cd "${TEMP_DIR}"; \
BAT_VERSION="0.18.3"; \
BAT_ARCH="x86_64-unknown-linux-musl"; \
BAT_TGZ="bat-v${BAT_VERSION}-${BAT_ARCH}.tar.gz"; \
BAT_TGZ_URL="https://github.com/sharkdp/bat/releases/download/v${BAT_VERSION}/${BAT_TGZ}"; \
curl -sSLO "${BAT_TGZ_URL}"; \
tar -zxv --no-same-owner -f "${BAT_TGZ}"; \
mv "bat-v${BAT_VERSION}-${BAT_ARCH}"/bat /usr/local/bin/; \
mv "bat-v${BAT_VERSION}-${BAT_ARCH}"/bat.1 /usr/local/share/man/man1; \
cd -; \
rm -rf "${TEMP_DIR}"
## fd
RUN \
TEMP_DIR="$(mktemp -d)" && \
cd "${TEMP_DIR}" && \
FD_VERSION="8.7.0" && \
FD_ARCH="x86_64-unknown-linux-musl" &&\
FD_TGZ="fd-v${FD_VERSION}-${FD_ARCH}.tar.gz" && \
FD_TGZ_URL="https://github.com/sharkdp/fd/releases/download/v${FD_VERSION}/${FD_TGZ}" && \
curl -sSLO "${FD_TGZ_URL}" && \
tar -xv --no-same-owner -f "${FD_TGZ}" && \
mv "fd-v${FD_VERSION}-${FD_ARCH}"/fd /usr/local/bin && \
mv "fd-v${FD_VERSION}-${FD_ARCH}"/fd.1 /usr/local/share/man/man1 && \
cd - && \
rm -rf "${TEMP_DIR}"
# Define user directory for binaries
ENV PATH="/home/user/.local/bin:$PATH"
# Set up environment variables to note that this is
# not starting with usernamespace and default to
# isolate the filesystem with chroot.
ENV _BUILDAH_STARTED_IN_USERNS="" BUILDAH_ISOLATION=chroot
# Tweaks to make rootless buildah work
RUN touch /etc/subgid /etc/subuid && \
chmod g=u /etc/subgid /etc/subuid /etc/passwd && \
echo user:10000:65536 > /etc/subuid && \
echo user:10000:65536 > /etc/subgid
# Adjust storage.conf to enable Fuse storage.
RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf
RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; \
touch /var/lib/shared/overlay-images/images.lock; \
touch /var/lib/shared/overlay-layers/layers.lock
# Add kubedock
ENV KUBEDOCK_VERSION 0.17.0
ENV KUBECONFIG=/home/user/.kube/config
RUN curl -L https://github.com/joyrex2001/kubedock/releases/download/${KUBEDOCK_VERSION}/kubedock_${KUBEDOCK_VERSION}_linux_amd64.tar.gz | tar -C /usr/local/bin -xz --no-same-owner \
&& chmod +x /usr/local/bin/kubedock
COPY --chown=0:0 kubedock_setup.sh /usr/local/bin/kubedock_setup
# Configure Podman wrapper
ENV PODMAN_WRAPPER_PATH=/usr/bin/podman.wrapper
ENV ORIGINAL_PODMAN_PATH=/usr/bin/podman.orig
COPY --chown=0:0 podman-wrapper.sh "${PODMAN_WRAPPER_PATH}"
RUN mv /usr/bin/podman "${ORIGINAL_PODMAN_PATH}"
COPY --chown=0:0 entrypoint.sh /
COPY --chown=0:0 .stow-local-ignore /home/tooling/
RUN \
# add user and configure it
useradd -u 10001 -G wheel,root -d /home/user --shell /bin/bash -m user && \
# Setup $PS1 for a consistent and reasonable prompt
touch /etc/profile.d/udi_prompt.sh && \
chown 10001 /etc/profile.d/udi_prompt.sh && \
echo "export PS1='\W \`git branch --show-current 2>/dev/null | sed -r -e \"s@^(.+)@\(\1\) @\"\`$ '" >> /etc/profile.d/udi_prompt.sh && \
# Copy the global git configuration to user config as global /etc/gitconfig
# file may be overwritten by a mounted file at runtime
cp /etc/gitconfig ${HOME}/.gitconfig && \
chown 10001 ${HOME}/ ${HOME}/.viminfo ${HOME}/.gitconfig ${HOME}/.stow-local-ignore && \
# Set permissions on /etc/passwd and /home to allow arbitrary users to write
chgrp -R 0 /home && \
chmod -R g=u /etc/passwd /etc/group /home && \
chmod +x /entrypoint.sh && \
# Create symbolic links from /home/tooling/ -> /home/user/
stow . -t /home/user/ -d /home/tooling/ && \
# .viminfo cannot be a symbolic link for security reasons, so copy it to /home/user/
cp /home/tooling/.viminfo /home/user/.viminfo && \
# Bash-related files are backed up to /home/tooling/ incase they are deleted when persistUserHome is enabled.
cp /home/user/.bashrc /home/tooling/.bashrc && \
cp /home/user/.bash_profile /home/tooling/.bash_profile && \
chown 10001 /home/tooling/.bashrc /home/tooling/.bash_profile
USER 10001
ENV HOME=/home/user
WORKDIR /projects
ENTRYPOINT [ "/entrypoint.sh" ]
CMD ["tail", "-f", "/dev/null"]