-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy pathDockerfile
193 lines (184 loc) · 11.1 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
FROM alpine:3.12 AS base
LABEL MAINTAINER="Screwdriver Team <screwdriver.cd>"
ARG TARGETOS TARGETARCH
RUN echo "Building for ${TARGETOS}_${TARGETARCH}"
WORKDIR /opt/sd
FROM base AS base-amd64
RUN set -x \
# Alpine ships with musl instead of glibc (this fixes the symlink)
&& mkdir /lib64 \
&& ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2 \
# Also, missing https for some magic reason
&& apk add --no-cache --update ca-certificates \
&& apk add --no-cache --virtual .build-dependencies wget gpgme unzip \
# Install Habitat
&& mkdir -p /hab/bin /opt/sd/bin \
# Download Habitat Binary
&& wget -O hab.tar.gz "https://packages.chef.io/files/stable/habitat/0.79.1/hab-x86_64-linux.tar.gz" \
&& tar -C . -ozxvf hab.tar.gz \
&& mv hab-*/hab /hab/bin/hab \
&& chmod +x /hab/bin/hab \
# @TODO Remove this, I don't think it belongs here. We should use /hab/bin/hab instead.
&& cp /hab/bin/hab /opt/sd/bin/hab \
# Install Habitat packages
&& /hab/bin/hab pkg install core/bash core/git core/zip core/unzip core/kmod core/iptables core/docker/19.03.8 core/wget core/sed core/jq-static/1.6 \
# Install curl 7.54.1 since we use that version in artifact-bookend
# https://github.com/screwdriver-cd/artifact-bookend/blob/master/commands.txt
&& /hab/bin/hab pkg install core/curl/7.54.1 \
# Cleanup Habitat Files
&& rm -rf /hab/cache /opt/sd/hab.tar.gz /opt/sd/hab-* \
# Cleanup docs and man pages (how could this go wrong)
&& find /hab -name doc -exec rm -r {} + \
&& find /hab -name docs -exec rm -r {} + \
&& find /hab -name man -exec rm -r {} + \
# bin link bash if not present
&& if [[ -z $(command -v bash) ]]; then /hab/bin/hab pkg binlink core/bash bash ; fi \
# Download zstd
&& wget -q -O zstd-cli-linux.tar.gz "https://github.com/screwdriver-cd/sd-packages/releases/download/v0.0.40/zstd-cli-linux.tar.gz" \
&& tar -C . -ozxvf zstd-cli-linux.tar.gz \
&& mv zstd-linux-x86_64 zstd \
# Download skopeo
&& wget -q -O skopeo-linux.tar.gz "https://github.com/screwdriver-cd/sd-packages/releases/download/v0.0.40/skopeo-linux.tar.gz" \
&& tar -C . -ozxvf skopeo-linux.tar.gz \
&& mv skopeo.linux.amd64 skopeo
FROM base AS base-arm64
RUN set -x \
# Alpine ships with musl instead of glibc (this fixes the symlink)
&& mkdir /lib64 \
&& ln -s /lib/libc.musl-aarch64.so.1 /lib64/ld-linux-aarch64.so.1 \
&& apk add --no-cache --update ca-certificates \
&& apk add --no-cache --virtual .build-dependencies gpgme \
# Donwload pkgs needed in container
&& apk add --no-cache composer wget zip unzip git bash iptables sed docker jq curl kmod \
# Download zstd
&& wget -q -O zstd-cli-linux.tar.gz "https://github.com/screwdriver-cd/sd-packages/releases/download/v0.0.40/zstd-cli-linux-aarch64.tar.gz" \
&& tar -C . -ozxvf zstd-cli-linux.tar.gz \
&& mv zstd-linux-aarch64 zstd \
# Download skopeo
&& wget -q -O skopeo-linux.tar.gz "https://github.com/screwdriver-cd/sd-packages/releases/download/v0.0.40/skopeo-linux-aarch64.tar.gz" \
&& tar -C . -ozxvf skopeo-linux.tar.gz \
&& mv skopeo.linux.arm64 skopeo \
# Download sonar scanner cli any
&& wget -O sonarscanner-cli-any.zip "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006.zip" \
&& unzip -q sonarscanner-cli-any.zip \
&& mv sonar-scanner-* sonarscanner-cli-macosx-arm64 \
# Cleanup
&& rm -rf /opt/sd/sonarscanner-cli-any.zip
# Install common dependencies by target architcture
FROM base-${TARGETARCH} AS final
RUN set -x \
# Download Launcher
&& wget -q -O - https://api.github.com/repos/screwdriver-cd/launcher/releases/latest \
| egrep -o "/screwdriver-cd/launcher/releases/download/v[0-9.]*/launcher_${TARGETOS}_${TARGETARCH}" \
| sed -e "s/\/screwdriver-cd\/\([a-zA-Z-]*\)\/releases\/download\/\(v[0-9.]*\)\/launcher_${TARGETOS}_${TARGETARCH}/\1 \2/" >> tool-versions \
&& wget -q -O - https://api.github.com/repos/screwdriver-cd/launcher/releases/latest \
| egrep -o "/screwdriver-cd/launcher/releases/download/v[0-9.]*/launcher_${TARGETOS}_${TARGETARCH}" \
| wget --base=http://github.com/ -i - -O launch \
&& chmod +x launch \
# Download Log Service
&& wget -q -O - https://api.github.com/repos/screwdriver-cd/log-service/releases/latest \
| egrep -o "/screwdriver-cd/log-service/releases/download/v[0-9.]*/log-service_${TARGETOS}_${TARGETARCH}" \
| sed -e "s/\/screwdriver-cd\/\([a-zA-Z-]*\)\/releases\/download\/\(v[0-9.]*\)\/log-service_${TARGETOS}_${TARGETARCH}/\1 \2/" >> tool-versions \
&& wget -q -O - https://api.github.com/repos/screwdriver-cd/log-service/releases/latest \
| egrep -o "/screwdriver-cd/log-service/releases/download/v[0-9.]*/log-service_${TARGETOS}_${TARGETARCH}" \
| wget --base=http://github.com/ -i - -O logservice \
&& chmod +x logservice \
# Download Meta CLI
&& wget -q -O - https://api.github.com/repos/screwdriver-cd/meta-cli/releases/latest \
| egrep -o "/screwdriver-cd/meta-cli/releases/download/v[0-9.]*/meta-cli_${TARGETOS}_${TARGETARCH}" \
| sed -e "s/\/screwdriver-cd\/\([a-zA-Z-]*\)\/releases\/download\/\(v[0-9.]*\)\/meta-cli_${TARGETOS}_${TARGETARCH}/\1 \2/" >> tool-versions \
&& wget -q -O - https://api.github.com/repos/screwdriver-cd/meta-cli/releases/latest \
| egrep -o "/screwdriver-cd/meta-cli/releases/download/v[0-9.]*/meta-cli_${TARGETOS}_${TARGETARCH}" \
| wget --base=http://github.com/ -i - -O meta \
&& chmod +x meta \
# Download sd-step
&& wget -q -O - https://api.github.com/repos/screwdriver-cd/sd-step/releases/latest \
| egrep -o "/screwdriver-cd/sd-step/releases/download/v[0-9.]*/sd-step_${TARGETOS}_${TARGETARCH}" \
| sed -e "s/\/screwdriver-cd\/\([a-zA-Z-]*\)\/releases\/download\/\(v[0-9.]*\)\/sd-step_${TARGETOS}_${TARGETARCH}/\1 \2/" >> tool-versions \
&& wget -q -O - https://api.github.com/repos/screwdriver-cd/sd-step/releases/latest \
| egrep -o "/screwdriver-cd/sd-step/releases/download/v[0-9.]*/sd-step_${TARGETOS}_${TARGETARCH}" \
| wget --base=http://github.com/ -i - -O sd-step \
&& chmod +x sd-step \
# Download sd-cmd
&& wget -q -O - https://api.github.com/repos/screwdriver-cd/sd-cmd/releases/latest \
| egrep -o "/screwdriver-cd/sd-cmd/releases/download/v[0-9.]*/sd-cmd_${TARGETOS}_${TARGETARCH}" \
| sed -e "s/\/screwdriver-cd\/\([a-zA-Z-]*\)\/releases\/download\/\(v[0-9.]*\)\/sd-cmd_${TARGETOS}_${TARGETARCH}/\1 \2/" >> tool-versions \
&& wget -q -O - https://api.github.com/repos/screwdriver-cd/sd-cmd/releases/latest \
| egrep -o "/screwdriver-cd/sd-cmd/releases/download/v[0-9.]*/sd-cmd_${TARGETOS}_${TARGETARCH}" \
| wget --base=http://github.com/ -i - -O sd-cmd \
&& chmod +x sd-cmd \
# Download store-cli
&& wget -q -O - https://api.github.com/repos/screwdriver-cd/store-cli/releases/latest \
| egrep -o "/screwdriver-cd/store-cli/releases/download/v[0-9.]*/store-cli_${TARGETOS}_${TARGETARCH}" \
| sed -e "s/\/screwdriver-cd\/\([a-zA-Z-]*\)\/releases\/download\/\(v[0-9.]*\)\/store-cli_${TARGETOS}_${TARGETARCH}/\1 \2/" >> tool-versions \
&& wget -q -O - https://api.github.com/repos/screwdriver-cd/store-cli/releases/latest \
| egrep -o "/screwdriver-cd/store-cli/releases/download/v[0-9.]*/store-cli_${TARGETOS}_${TARGETARCH}" \
| wget --base=http://github.com/ -i - -O store-cli \
&& chmod +x store-cli \
# Download gitversion
&& wget -q -O - https://api.github.com/repos/screwdriver-cd/gitversion/releases/latest \
| egrep -o "/screwdriver-cd/gitversion/releases/download/v[0-9.]*/gitversion_${TARGETOS}_${TARGETARCH}" \
| sed -e "s/\/screwdriver-cd\/\([a-zA-Z-]*\)\/releases\/download\/\(v[0-9.]*\)\/gitversion_${TARGETOS}_${TARGETARCH}/\1 \2/" >> tool-versions \
&& wget -q -O - https://api.github.com/repos/screwdriver-cd/gitversion/releases/latest \
| egrep -o "/screwdriver-cd/gitversion/releases/download/v[0-9.]*/gitversion_${TARGETOS}_${TARGETARCH}" \
| wget --base=http://github.com/ -i - -O gitversion \
&& chmod +x gitversion \
# Download Tini Static
&& wget -q -O - https://api.github.com/repos/krallin/tini/releases/latest \
| egrep -o "/krallin/tini/releases/download/v[0-9.]*/tini-static" \
| head -1 \
| wget --base=http://github.com/ -i - -O tini-static \
&& wget -q -O - https://api.github.com/repos/krallin/tini/releases/latest \
| egrep -o "/krallin/tini/releases/download/v[0-9.]*/tini-static.asc" \
| wget --base=http://github.com/ -i - -O tini-static.asc \
&& found=''; \
( \
gpg --no-tty --keyserver keyserver.ubuntu.com --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 || \
gpg --no-tty --keyserver pgp.mit.edu --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 || \
gpg --no-tty --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 || \
gpg --no-tty --keyserver keyserver.pgp.com --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 || \
gpg --no-tty --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 || \
gpg --no-tty --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \
) \
&& found=yes && break; \
test -z "$found" && echo >&2 "error: failed to fetch GPG key 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7" && exit 1; \
gpg --verify tini-static.asc \
&& rm tini-static.asc \
&& mv tini-static tini \
&& chmod +x tini \
# Download dumb-init
&& wget -O /usr/local/bin/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_${TARGETARCH}" \
&& chmod +x /usr/local/bin/dumb-init \
&& cp /usr/local/bin/dumb-init /opt/sd/dumb-init \
# Install Sonar scanner cli
&& wget -O sonarscanner-cli-linux.zip "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip" \
&& wget -O sonarscanner-cli-macosx.zip "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-macosx.zip" \
&& unzip -q sonarscanner-cli-linux.zip \
&& unzip -q sonarscanner-cli-macosx.zip \
&& mv sonar-scanner-*-linux sonarscanner-cli-linux \
&& mv sonar-scanner-*-macosx sonarscanner-cli-macosx \
# Install skopeo
&& chmod +x skopeo \
# Install zstd linux
&& mv zstd zstd-cli-linux \
&& chmod +x zstd-cli-linux \
# Install zstd for mac
&& wget -q -O zstd-cli-macosx.tar.gz "https://github.com/screwdriver-cd/sd-packages/releases/download/v0.0.40/zstd-cli-macosx.tar.gz" \
&& tar -C . -ozxvf zstd-cli-macosx.tar.gz \
&& mv zstd zstd-cli-macosx \
&& chmod +x zstd-cli-macosx \
# Cleanup Skopeo and Sonar scanner cli files
&& rm -rf /opt/sd/skopeo-linux.tar.gz /opt/sd/sonarscanner-cli-linux.zip /opt/sd/sonarscanner-cli-macosx.zip /opt/sd/sonar-scanner-*-linux /opt/sd/sonar-scanner-*-macosx \
# Cleanup Zstd cli files
&& rm -rf /opt/sd/zstd-cli-linux.tar.gz /opt/sd/zstd-cli-macosx.tar.gz \
# Cleanup packages
&& apk del --purge .build-dependencies
# Copy optional entrypoint script to the image
COPY Docker/launcher_entrypoint.sh /opt/sd/launcher_entrypoint.sh
# Copy wrapper script to the image
COPY Docker/run.sh /opt/sd/run.sh
COPY Docker/local_run.sh /opt/sd/local_run.sh
VOLUME /opt/sd
VOLUME /hab
# Set Entrypoint
ENTRYPOINT ["/opt/sd/launcher_entrypoint.sh"]