-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathDockerfile
More file actions
157 lines (142 loc) · 7.61 KB
/
Dockerfile
File metadata and controls
157 lines (142 loc) · 7.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# Adapted from https://github.com/pulumi/pulumi-docker-containers/blob/main/docker/pulumi/Dockerfile
# to minimize image size
FROM public.ecr.aws/docker/library/python:3.12-slim-bullseye AS base
ENV GO_VERSION=1.24.9
ENV GO_SHA=5b7899591c2dd6e9da1809fde4a2fad842c45d3f6b9deb235ba82216e31e34a6
ENV HELM_VERSION=3.12.3
ENV HELM_SHA=1b2313cd198d45eab00cc37c38f6b1ca0a948ba279c29e322bdf426d406129b5
ARG CI_UPLOADER_SHA=873976f0f8de1073235cf558ea12c7b922b28e1be22dc1553bf56162beebf09d
ARG CI_UPLOADER_VERSION=2.30.1
ARG DDA_VERSION=v0.29.0
ARG CODECOV_VERSION=0.6.1
ARG CODECOV_SHA=0c9b79119b0d8dbe7aaf460dc3bd7c3094ceda06e5ae32b0d11a8ff56e2cc5c5
# Skip Pulumi update warning https://www.pulumi.com/docs/cli/environment-variables/
ENV PULUMI_SKIP_UPDATE_CHECK=true
# Always prevent installing dependencies dynamically
ENV DDA_NO_DYNAMIC_DEPS=1
# Install deps all in one step
RUN apt-get update -y && \
apt-get install -y \
apt-transport-https \
build-essential \
ca-certificates \
curl \
git \
gnupg \
software-properties-common \
wget \
parallel \
unzip && \
# Get all of the signatures we need all at once.
curl --retry 10 -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - && \
curl --retry 10 -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
curl --retry 10 -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - && \
curl --retry 10 -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - && \
curl --retry 10 -fsSL https://packages.microsoft.com/keys/microsoft.asc | apt-key add - && \
curl --retry 10 -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | gpg --dearmor -o /usr/share/keyrings/kubernetes-archive-keyring.gpg && \
curl --retry 10 -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg && \
# IAM Authenticator for EKS
curl --retry 10 -fsSLo /usr/bin/aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v0.5.9/aws-iam-authenticator_0.5.9_linux_amd64 && \
chmod +x /usr/bin/aws-iam-authenticator && \
# AWS v2 cli
curl --retry 10 -fsSLo awscliv2.zip https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip && \
unzip -q awscliv2.zip && \
./aws/install && \
rm -rf aws awscliv2.zip && \
# Add additional apt repos all at once
echo "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list && \
echo "deb https://packages.cloud.google.com/apt cloud-sdk-$(lsb_release -cs) main" | tee /etc/apt/sources.list.d/google-cloud-sdk.list && \
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list && \
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/azure.list && \
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list && \
# Install second wave of dependencies
apt-get update -y && \
apt-get install -y \
azure-cli \
docker-ce \
google-cloud-sdk \
google-cloud-sdk-gke-gcloud-auth-plugin \
jq \
kubectl \
vault \
# xsltproc is required by libvirt-sdk used in the micro-vms scenario
xsltproc && \
# Remove the cap_ipc_lock capability from vault https://github.com/hashicorp/vault/issues/10924
setcap -r /usr/bin/vault && \
# Install the datadog-ci-uploader
curl --retry 10 -fsSL https://github.com/DataDog/datadog-ci/releases/download/v${CI_UPLOADER_VERSION}/datadog-ci_linux-x64 --output "/usr/local/bin/datadog-ci" && \
echo "${CI_UPLOADER_SHA} /usr/local/bin/datadog-ci" | sha256sum --check && \
chmod +x /usr/local/bin/datadog-ci && \
# Clean up the lists work
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Install Go
RUN curl --retry 10 -fsSLo /tmp/go.tgz https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz && \
echo "${GO_SHA} /tmp/go.tgz" | sha256sum -c - && \
tar -C /usr/local -xzf /tmp/go.tgz && \
rm /tmp/go.tgz && \
export PATH="/usr/local/go/bin:$PATH" && \
go version
ENV GOPATH=/go
ENV PATH=$GOPATH/bin:/usr/local/go/bin:$PATH
# Install Helm
# Explicitly set env variables that helm reads to their defaults, so that subsequent calls to
# helm will find the stable repo even if $HOME points to something other than /root
# (e.g. in GitHub actions where $HOME points to /github/home).
ENV XDG_CONFIG_HOME=/root/.config
ENV XDG_CACHE_HOME=/root/.cache
RUN curl --retry 10 -fsSLo /tmp/helm.tgz https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz && \
echo "${HELM_SHA} /tmp/helm.tgz" | sha256sum -c - && \
tar -C /usr/local/bin -xzf /tmp/helm.tgz --strip-components=1 linux-amd64/helm && \
rm /tmp/helm.tgz && \
helm version && \
helm repo add stable https://charts.helm.sh/stable && \
helm repo update
# Passing --build-arg PULUMI_VERSION=vX.Y.Z will use that version
# of the SDK. Otherwise, we use whatever get.pulumi.com thinks is
# the latest
ARG PULUMI_VERSION
# Install the Pulumi SDK, including the CLI and language runtimes.
RUN --mount=type=secret,id=github_token \
export GITHUB_TOKEN=$(cat /run/secrets/github_token) && \
curl --retry 10 -fsSL https://get.pulumi.com/ | bash -s -- --version $PULUMI_VERSION && \
mv ~/.pulumi/bin/* /usr/bin
# Install Pulumi plugins
# The time resource is installed explicitly here instead in go.mod
# because it's not used directly by this repository, thus go mod tidy
# would remove it...
COPY . /tmp/test-infra
RUN --mount=type=secret,id=github_token \
export GITHUB_TOKEN=$(cat /run/secrets/github_token) && \
cd /tmp/test-infra && \
go mod download && \
export PULUMI_CONFIG_PASSPHRASE=dummy && \
pulumi --non-interactive plugin install && \
pulumi --non-interactive plugin ls && \
pulumi --non-interactive plugin ls --json | jq -r '.[].name' | awk '{count[$1]++} END {for (plugin in count) if (count[plugin] > 1) print "Several versions of\t" plugin "\tplugin detected"}' | tee /tmp/plugin_list.txt && \
! [ -s /tmp/plugin_list.txt ] && \
rm /tmp/plugin_list.txt && \
cd /
# Install Agent requirements, required to run invoke tests task
# Remove AWS-related deps as we already install AWS CLI v2
RUN pip3 install --no-cache-dir "git+https://github.com/DataDog/datadog-agent-dev.git@${DDA_VERSION}" && \
dda -v self dep sync -f legacy-e2e -f legacy-github && \
# Disable update check as it is not needed in the CI and it can pollute the output when displaying changelog
dda config set update.mode off && \
# TODO: Remove once we have a new version of dda where the semver deps is in legacy_github
pip3 install semver==2.10.0 && \
go install gotest.tools/gotestsum@latest
# Install Orchestrion for native Go Test Visibility support
RUN go install github.com/DataDog/orchestrion@v1.4.0
# Install authanywhere for infra token management
RUN curl -OL "binaries.ddbuild.io/dd-source/authanywhere/LATEST/authanywhere-linux-amd64" && \
mv authanywhere-linux-amd64 /bin/authanywhere && \
chmod +x /bin/authanywhere
# Install Codecov
RUN curl -Os https://uploader.codecov.io/v${CODECOV_VERSION}/linux/codecov && \
echo "${CODECOV_SHA} codecov" | sha256sum -c - && \
mv codecov /usr/local/bin/codecov && \
chmod +x /usr/local/bin/codecov
RUN rm -rf /tmp/test-infra
# Configure aws retries
COPY .awsconfig $HOME/.aws/config