This repository has been archived by the owner on Jan 9, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathDockerfile.base
107 lines (86 loc) · 4.97 KB
/
Dockerfile.base
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# Copyright 2023-2024 New Vector Ltd
#
# SPDX-License-Identifier: AGPL-3.0-or-later
FROM python:3.11-slim-bookworm AS build
RUN apt --yes update && apt --yes install git curl libc-bin && \
ls -l /usr/lib/locale
FROM golang:1.22-bookworm AS golang-builder
ARG TARGETPLATFORM
WORKDIR /workspace
RUN apt update && apt install -y git make && \
cd /workspace && \
git clone https://github.com/element-hq/ansible-operator-plugins.git && \
cd ansible-operator-plugins && \
git checkout gaelg/mark-unsafe-non-spec-object && \
make build/ansible-operator && \
mv ./ansible-operator /usr/local/bin/ansible-operator && \
chmod +x /usr/local/bin/ansible-operator && /usr/local/bin/ansible-operator version
FROM build AS base-builder
ARG TARGETPLATFORM
WORKDIR /workspace
RUN mkdir -p /etc/ansible \
&& echo "localhost ansible_connection=local" > /etc/ansible/hosts \
&& echo '[defaults]' > /etc/ansible/ansible.cfg \
&& echo "callbacks_enabled = ansible.posix.profile_tasks" >> /etc/ansible/ansible.cfg \
&& echo "internal_poll_interval = 0.05" >> /etc/ansible/ansible.cfg \
&& echo 'roles_path = /element.io/roles' >> /etc/ansible/ansible.cfg \
&& echo 'collections_path = /ansible/collections' >> /etc/ansible/ansible.cfg \
&& echo 'library = /usr/share/ansible/openshift' >> /etc/ansible/ansible.cfg
ENV TINI_VERSION=v0.19.0
ENV OPERATOR_SDK_VERSION=1.34.1
ENV HELM_VERSION=v3.14.0
# Install Helm
RUN apt update && apt install -y wget && \
export HELM_ARCH=$( sh -c 'echo ${TARGETPLATFORM#"linux/"}') && \
echo https://get.helm.sh/helm-${HELM_VERSION}-linux-$( sh -c 'echo ${TARGETPLATFORM#"linux/"}').tar.gz && \
wget https://get.helm.sh/helm-${HELM_VERSION}-linux-$( sh -c 'echo ${TARGETPLATFORM#"linux/"}').tar.gz && \
wget https://get.helm.sh/helm-${HELM_VERSION}-linux-$( sh -c 'echo ${TARGETPLATFORM#"linux/"}').tar.gz.sha256sum && \
sha256sum --check --status helm-${HELM_VERSION}-linux-$( sh -c 'echo ${TARGETPLATFORM#"linux/"}').tar.gz.sha256sum && \
tar xf helm-${HELM_VERSION}-linux-$( sh -c 'echo ${TARGETPLATFORM#"linux/"}').tar.gz && \
cp linux-$( sh -c 'echo ${TARGETPLATFORM#"linux/"}')/helm /bin && \
rm -rfv linux-$( sh -c 'echo ${TARGETPLATFORM#"linux/"}') helm-${HELM_VERSION}-linux-$( sh -c 'echo ${TARGETPLATFORM#"linux/"}').tar.gz && \
apt remove -y wget
RUN curl -L -o /workspace/tini-$( sh -c 'echo ${TARGETPLATFORM#"linux/"}') https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-$( sh -c 'echo ${TARGETPLATFORM#"linux/"}') && \
curl -L -o /workspace/tini-$( sh -c 'echo ${TARGETPLATFORM#"linux/"}').sha256 https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-$( sh -c 'echo ${TARGETPLATFORM#"linux/"}').sha256sum && \
sha256sum --check --status /workspace/tini-$( sh -c 'echo ${TARGETPLATFORM#"linux/"}').sha256 && \
mv /workspace/tini-$( sh -c 'echo ${TARGETPLATFORM#"linux/"}') /usr/local/bin/tini
# Ensure directory permissions are properly set
RUN chmod +x /usr/local/bin/tini && /usr/local/bin/tini --version
WORKDIR /element.io
COPY requirements.yml /element.io/requirements.yml
COPY requirements.txt /tmp/requirements.txt
RUN pip install -r /tmp/requirements.txt
RUN ansible-galaxy collection install -r /element.io/requirements.yml -p /ansible/collections
# We prepare required libs here because we can determine the path using uname -m in RUN
RUN mkdir /required-libs && \
cp /lib/$( sh -c 'uname -m' )-linux-gnu/libselinux.so.1 /required-libs && \
cp /lib/$( sh -c 'uname -m' )-linux-gnu/libpcre2-8.so.0 /required-libs
FROM gcr.io/distroless/python3-debian12 as base
# Label this image with the repo and commit that built it, for freshmaking purposes.
ARG GIT_COMMIT=devel
LABEL git_commit=$GIT_COMMIT
COPY --from=base-builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
COPY --from=base-builder /etc/ansible /etc/ansible
COPY --from=base-builder /ansible /ansible
COPY --from=base-builder /usr/local/bin /usr/local/bin
COPY --from=golang-builder /usr/local/bin/ansible-operator /usr/local/bin/ansible-operator
# /bin/sh is required or ansible complains with
# failed to find the executable specified /bin/sh. Please verify if the executable exists and re-try
COPY --from=base-builder /usr/bin/dash /bin/sh
# Copy required binaries
COPY --from=base-builder /bin/sleep /bin/sleep
COPY --from=base-builder /bin/chmod /bin/chmod
COPY --from=base-builder /bin/mkdir /bin/mkdir
COPY --from=base-builder /bin/rm /bin/rm
COPY --from=base-builder /bin/helm /bin/helm
# Copy shared libraries into distroless image
COPY --from=base-builder /required-libs /lib/
COPY --from=base-builder /usr/local/lib /usr/local/lib
COPY --from=base-builder /usr/lib/locale/C.utf8 /usr/lib/locale/C.utf8
COPY --from=base-builder --chown=nonroot:nonroot /element.io /element.io
USER nonroot
WORKDIR /element.io
ENV LC_ALL "C.UTF-8"
ENV LANG "C.UTF-8"
ENV PATH "/usr/local/bin:$PATH"
ENTRYPOINT ["/usr/local/bin/tini", "--", "/usr/local/bin/ansible-operator", "run", "--watches-file=/element.io/watches.yaml"]