-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
104 lines (91 loc) · 3.47 KB
/
Dockerfile
File metadata and controls
104 lines (91 loc) · 3.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# Airgap Test Runner Container
#
# Complete toolchain for running airgap tests:
# - Terraform (infrastructure provisioning)
# - Azure CLI (Azure operations)
# - kubectl (Kubernetes operations)
# - Helm (chart operations)
#
# Note: Ansible runs inside the K8s cluster via Jobs deployed by Helm,
# not on this machine.
#
# Build:
# docker build --platform linux/amd64 -t $ACR_REGISTRY/airgap-test-runner:$(git rev-parse --short HEAD) .
#
# Push (after az acr login -n $ACR_NAME):
# docker push $ACR_REGISTRY/airgap-test-runner:$(git rev-parse --short HEAD)
#
# Run (interactive):
# docker run -it --rm \
# -v ~/.azure:/root/.azure \
# -v ~/.kube:/root/.kube \
# -v $(pwd):/workspace \
# -w /workspace \
# -e QUIX_ACR_USERNAME -e QUIX_ACR_PASSWORD \
# -e ACR_REGISTRY -e ACR_ID \
# -e QUIX_LICENSE_KEY \
# $ACR_REGISTRY/airgap-test-runner:latest ./run-airgap-test.sh
#
# For Azure DevOps:
# container: $ACR_REGISTRY/airgap-test-runner:latest
# Mount credentials via pipeline variables
FROM mcr.microsoft.com/azure-cli:cbl-mariner2.0
# Tool versions - pinned for reproducibility
ARG TERRAFORM_VERSION=1.7.5
ARG KUBECTL_VERSION=1.33.0
ARG HELM_VERSION=3.14.0
# Install base packages
# shadow-utils: provides su/useradd (required by Azure DevOps container job init)
# sudo: required by Azure DevOps to grant pipeline user permissions
RUN tdnf install -y \
unzip \
curl \
tar \
gzip \
git \
jq \
gawk \
diffutils \
ca-certificates \
shadow-utils \
sudo \
util-linux \
&& tdnf clean all
# Install yq (YAML processor - required by dev.sh)
RUN curl -fsSL "https://github.com/mikefarah/yq/releases/download/v4.40.5/yq_linux_amd64" -o /usr/local/bin/yq \
&& chmod +x /usr/local/bin/yq
# Install Terraform
RUN curl -fsSL "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" -o /tmp/terraform.zip \
&& unzip /tmp/terraform.zip -d /usr/local/bin \
&& rm /tmp/terraform.zip \
&& chmod +x /usr/local/bin/terraform
# Install kubectl
RUN curl -fsSL "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl" -o /usr/local/bin/kubectl \
&& chmod +x /usr/local/bin/kubectl
# Install Helm
RUN curl -fsSL "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" -o /tmp/helm.tar.gz \
&& tar -xzf /tmp/helm.tar.gz -C /tmp \
&& mv /tmp/linux-amd64/helm /usr/local/bin/helm \
&& rm -rf /tmp/helm.tar.gz /tmp/linux-amd64 \
&& chmod +x /usr/local/bin/helm
# Install crane (container registry tool - used to extract files from installer image)
ARG CRANE_VERSION=0.20.3
RUN curl -fsSL "https://github.com/google/go-containerregistry/releases/download/v${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz" \
| tar xz -C /usr/local/bin crane \
&& chmod +x /usr/local/bin/crane
# Create workspace directory
WORKDIR /workspace
# Verify all tools are installed
RUN echo "=== Tool Versions ===" \
&& az version --output table \
&& terraform version \
&& kubectl version --client \
&& helm version --short \
&& crane version \
&& echo "=== All tools installed successfully ==="
# Set bash as default shell for better script compatibility
SHELL ["/bin/bash", "-c"]
# Azure DevOps container jobs expect /home/vsts to exist as the working directory
RUN mkdir -p /home/vsts && chmod 777 /home/vsts
# No ENTRYPOINT/CMD - Azure DevOps manages the container lifecycle for container jobs.
# For local use, run with: docker run -it ... /bin/bash