-
Notifications
You must be signed in to change notification settings - Fork 2
/
Dockerfile-infra
137 lines (125 loc) · 3.63 KB
/
Dockerfile-infra
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
ARG alpine_version
ARG ruby_version
FROM ruby:${ruby_version}-alpine${alpine_version}
ARG covalence_version
ARG dumbinit_version
ARG gosu_version
ARG sops_version
ENV COVALENCE_VERSION $covalence_version
ENV DUMBINIT_VERSION $dumbinit_version
ENV GOSU_VERSION $gosu_version
ENV GOSU_KEY B42F6819007F00F88E364FD4036A9C25BF357DD4
ENV SOPS_VERSION $sops_version
RUN set -ex; \
\
fetchDeps=' \
build-base \
ca-certificates \
curl-dev \
gnupg \
openssl \
python-dev \
ruby-dev \
unzip \
wget \
'; \
apk add --no-cache --update $fetchDeps && \
\
mkdir -p /tmp/build && \
cd /tmp/build && \
\
# Gosu
wget -O /tmp/build/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64"; \
wget -O /tmp/build/gosu.asc "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64.asc"; \
\
( gpg --keyserver ipv4.pool.sks-keyservers.net --receive-keys "$GOSU_KEY" \
|| gpg --keyserver ha.pool.sks-keyservers.net --receive-keys "$GOSU_KEY" ); \
gpg --batch --verify gosu.asc gosu; \
chmod +x gosu; \
\
# Dumb-init
wget -O /tmp/build/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v${DUMBINIT_VERSION}/dumb-init_${DUMBINIT_VERSION}_amd64"; \
chmod +x dumb-init; \
\
# Sops
wget -O /tmp/build/sops "https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux"; \
chmod +x sops;
COPY tools/covalence/Gemfile /tmp/build
COPY tools/covalence/Gemfile.lock /tmp/build
COPY tools/covalence/.gemrc /tmp/build
RUN set -ex; \
\
cd /tmp/build && \
\
# Ruby Gems
bundle install --path=/opt/gems --binstubs=/opt/bin --jobs=4 --retry=3
FROM ruby:${ruby_version}-alpine${alpine_version}
LABEL maintainer="Unif.io, Inc. <support@unif.io>"
ARG covalence_version
ENV COVALENCE_VERSION $covalence_version
ENV BUNDLE_GEMFILE /opt/Gemfile
ENV BUNDLE_PATH /opt/gems
ENV PATH /opt/bin:$PATH
COPY --from=0 /tmp/build/gosu /usr/local/bin/
COPY --from=0 /tmp/build/dumb-init /usr/local/bin/
COPY --from=0 /tmp/build/sops /usr/local/bin/
COPY --from=0 /tmp/build/Gemfile /opt/
COPY --from=0 /tmp/build/Gemfile.lock /opt/
COPY --from=0 /tmp/build/.gemrc /opt/
COPY --from=0 /opt/gems /opt/gems
COPY --from=0 /opt/bin /opt/bin
RUN set -ex; \
\
fetchDeps=' \
ansible \
bash \
build-base \
ca-certificates \
curl \
curl-dev \
docker \
git \
gnupg \
groff \
jq \
less \
mercurial \
openssl \
openssh \
python-dev \
python3-dev \
ruby-dev \
tar \
unzip \
zip \
wget \
docker-compose \
'; \
apk add --no-cache --update $fetchDeps && \
# pip
echo "**** install pip ****" && \
python3 -m ensurepip && \
rm -r /usr/lib/python*/ensurepip && \
pip3 install --no-cache --upgrade pip setuptools wheel && \
pip3 install --no-cache --upgrade --ignore-installed awscli ec2instanceconnectcli && \
\
mkdir -p /tmp/build && \
cd /tmp/build && \
\
# Install glibc
wget -q -O /etc/apk/keys/sgerrand.rsa.pub "https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub" && \
wget -q "https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.29-r0/glibc-2.29-r0.apk" && \
apk add glibc-2.29-r0.apk && \
# Install gem packages
bundle check --gemfile=/opt/Gemfile --path=/opt/gems || bundle install --binstubs=/opt/bin --gemfile=/opt/Gemfile --path=/opt/gems --jobs=4 --retry=3 && \
\
# Cleanup
cd / && \
rm -rf /tmp/build
COPY pkr_files/packer* /usr/local/bin/
COPY tf_files/terraform* /usr/local/bin/
COPY tools/covalence/entrypoint.sh /usr/local/bin/
VOLUME /data
WORKDIR /data
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD ["bundle","exec","rake"]