Merge pull request #7 from theredguild/multi-tools-pipx-git-asdf-npm

Update to Dockerfile with several tools, improvement to environment, asdf, pipx installation and more.
theredguild · Oct 3, 2024 · c563730 · c563730
2 parents 118a251 + 7ab4c04
commit c563730
Showing 1 changed file with 45 additions and 21 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -29,8 +29,7 @@ RUN apt-get update && apt-get install -y \
     zsh \
     pipx \
     sudo \
-    # # Does this make sense with asdf installing nodejs?
-    npm \
+    make \
     vim \
     && rm -rf /var/lib/apt/lists/*
 
@@ -47,35 +46,42 @@ RUN usermod -aG sudo $USERNAME
 # Switch to the new user
 USER $USERNAME
 
+# Explicitly setting user home
+ENV HOME="/home/wanderer"
+
 # Set the default shell to zsh
 ENV SHELL=/usr/bin/zsh
 
 # Running everything under zsh
 SHELL ["/usr/bin/zsh", "-c"]
 
-RUN git clone https://github.com/asdf-vm/asdf.git $HOME/.asdf --branch v0.14.1 \
-    && echo '. $HOME/.asdf/asdf.sh' >> $HOME/.zshrc \
+# Building everything inside /src
+WORKDIR /src
+
+ENV ASDF_DIR="$HOME/.asdf"
+RUN git clone https://github.com/asdf-vm/asdf.git $ASDF_DIR --branch v0.14.1
+RUN echo '. $ASDF_DIR/asdf.sh' >> $HOME/.zshrc \
     && echo 'fpath=(${ASDF_DIR}/completions $fpath)' >> $HOME/.zshrc \
     && echo 'autoload -Uz compinit && compinit' >> $HOME/.zshrc \
-    && . $HOME/.asdf/asdf.sh 
+    && . $ASDF_DIR/asdf.sh 
+
+ENV PATH="${ASDF_DIR}/bin:${ASDF_DIR}/shims:$PATH"
 
 # Install Node.js and Go using asdf
-RUN . $HOME/.asdf/asdf.sh \
+RUN . $ASDF_DIR/asdf.sh \
     && asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git \
     && asdf install nodejs latest \
-    && asdf global nodejs latest \
-    && sudo npm install -g pnpm
+    && asdf global nodejs latest
 
-RUN . $HOME/.asdf/asdf.sh \
+RUN . $ASDF_DIR/asdf.sh \
     && asdf plugin add golang https://github.com/asdf-community/asdf-golang.git \
     && asdf install golang latest \
     && asdf global golang latest
 
 # # Install pnpm using npm installed via asdf Node.js
-# RUN sudo npm install -g pnpm
-
+RUN npm install -g pnpm
 ENV PNPM_HOME="/home/${USERNAME}/.local/share/pnpm"
-ENV PATH="$PNPM_HOME:$PNPM_HOME/global/node_modules/.bin:${PATH}"
+ENV PATH="${PNPM_HOME}:${PNPM_HOME}/global/node_modules/.bin:${PATH}"
 
 # Install ESLint and plugins using pnpm
 RUN pnpm install -g eslint \
@@ -91,32 +97,50 @@ RUN pnpm install -g node-version-audit \
 
 # Set GOBIN to /usr/local/bin for Go binaries
 ENV GOBIN=/usr/local/bin
+ENV PATH="${GOBIN}:${PATH}"
 
 # Install gitxray
 RUN . $HOME/.asdf/asdf.sh \
     go install github.com/kulkansecurity/gitxray@latest
 
 # Install git-secrets
-RUN git clone https://github.com/awslabs/git-secrets.git $HOME/secrets \
-    && cd $HOME/secrets \
+RUN git clone https://github.com/awslabs/git-secrets.git git-secrets
+RUN cd git-secrets \
     && sudo make install \
-    && rm -rf $HOME/secrets
+    && rm -rf secrets
 
 # Install detect-secrets
 RUN pipx install detect-secrets
 
-# Install pmapper
-RUN pipx install pmapper
+# Install gitleaks
+RUN git clone https://github.com/gitleaks/gitleaks.git gitleaks \
+    && cd gitleaks \
+    && make build
+
+# Install gitxray
+RUN pipx install gitxray
 
 # Install gh-fake-analyzer
-RUN cd $HOME \
-    && git clone https://github.com/shortdoom/gh-fake-analyzer.git \
-    && cd gh-fake-analyzer \
+RUN git clone https://github.com/shortdoom/gh-fake-analyzer.git
+RUN cd gh-fake-analyzer \
+    && mv .env.example .env \
     && python3 -m venv gfa \
     && source gfa/bin/activate \
     && pip install -r requirements.txt \
     && exit
 
+
+# Create a script to run the gh-fake-analyzer
+USER root
+RUN echo '#!/bin/zsh\n\
+source /src/gh-fake-analyzer/gfa/bin/activate\n\
+python3 /src/gh-fake-analyzer/analyze.py "$@"\n\
+deactivate' > /usr/local/bin/gh-fake-analyzer \
+    && chmod +x /usr/local/bin/gh-fake-analyzer \
+    && chown -R wanderer:trg /usr/local/bin/gh-fake-analyzer
+
+USER wanderer
+
 # Install Trivy
 RUN wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null \
     && echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a /etc/apt/sources.list.d/trivy.list \
@@ -131,4 +155,4 @@ RUN sudo apt-get clean && sudo rm -rf /var/lib/apt/lists/*
 
 # Set working directory
 WORKDIR /home/${USERNAME}
-CMD ["/bin/bash"]
+CMD ["/bin/zsh"]