forked from saic-oss/anvil
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
280 lines (243 loc) · 12 KB
/
Dockerfile
File metadata and controls
280 lines (243 loc) · 12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
FROM centos:8
LABEL name="anvil"
# Make all shells run in a safer way. Ref: https://vaneyckt.io/posts/safer_bash_scripts_with_set_euxo_pipefail/
SHELL [ "/bin/bash", "-euxo", "pipefail", "-c" ]
WORKDIR /
# Need root to do rooty things
USER root
# Install containerd.io. Get versions from https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
# This must be installed manually because Red Hat has blocked later versions of containerd.io
# from being installed normally on RHEL/CentOS 8. Their intention is for people to use Podman/Buildah,
# but the support for running Podman/Buildah inside a container is very weak.
# An earlier version of containerd.io is available, but it limits the version of Docker that you are able
# to install and it is also vulnerable to CVE RHSA-2020:0348
ARG CONTAINERD_VERSION="1.2.13-3.1.el7"
ENV CONTAINERD_VERSION=${CONTAINERD_VERSION}
# Specify Docker version to install. Get versions using 'dnf list docker-ce --showduplicates | sort -r'
ARG DOCKER_VERSION="3:19.03.13"
ENV DOCKER_VERION=${DOCKER_VERSION}
# Intentionally do not specify versions for the tools in the Development Tools group and other
# base packages, so that we always get the latest version. These packages are very stable and
# shouldn't ever need version pinning
# Please keep the list alphabetized for maintainability
RUN dnf install -y \
bind-utils \
bzip2 \
bzip2-devel \
container-selinux \
gcc \
gcc-c++ \
git \
jq \
libffi-devel \
libxslt-devel \
make \
ncurses-devel \
openssl-devel \
readline-devel \
sqlite-devel \
unixODBC-devel \
unzip \
wget \
which \
xz \
&& dnf clean all \
&& rm -rf /var/cache/yum/ \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install Docker
RUN dnf install -y "https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-${CONTAINERD_VERSION}.x86_64.rpm" \
'dnf-command(config-manager)' \
&& dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo \
&& dnf install -y "docker-ce-${DOCKER_VERSION}" \
&& dnf clean all \
&& rm -rf /var/cache/yum/ \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install shellspec. Get versions from https://github.com/shellspec/shellspec/releases
ARG SHELLSPEC_VERSION="0.22.0"
ENV SHELLSPEC_VERSION=${SHELLSPEC_VERSION}
# hadolint ignore=DL3003
RUN git clone --branch "${SHELLSPEC_VERSION}" --depth 1 https://github.com/shellspec/shellspec.git /usr/local/src/shellspec \
&& (cd /usr/local/src/shellspec && make install) \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install go-task. Get versions from https://github.com/go-task/task/releases
ARG GO_TASK_VERSION="2.8.1"
ENV GO_TASK_VERSION=${GO_TASK_VERSION}
# hadolint ignore=DL3003
RUN wget -O /root/task.tar.gz "https://github.com/go-task/task/releases/download/v${GO_TASK_VERSION}/task_linux_amd64.tar.gz" \
&& (cd /usr/local/bin && tar -xzvf /root/task.tar.gz task) \
&& rm -f /root/task.tar.gz \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install shellcheck. Get versions from https://github.com/koalaman/shellcheck/releases
ARG SHELLCHECK_VERSION="0.7.1"
ENV SHELLCHECK_VERSION=${SHELLCHECK_VERSION}
# hadolint ignore=DL3003
RUN wget -O /root/shellcheck.tar.xz "https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz" \
&& (cd /usr/local/bin && tar -xJvf /root/shellcheck.tar.xz --strip-components=1 "shellcheck-v${SHELLCHECK_VERSION}/shellcheck") \
&& rm -f /root/shellcheck.tar.xz \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install hadolint. Get versions from https://github.com/hadolint/hadolint/releases
ARG HADOLINT_VERSION="1.18.0"
ENV HADOLINT_VERSION=${HADOLINT_VERSION}
RUN wget -O /usr/local/bin/hadolint "https://github.com/hadolint/hadolint/releases/download/v${HADOLINT_VERSION}/hadolint-Linux-x86_64" \
&& chmod +x /usr/local/bin/hadolint \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install klar. Get versions from https://github.com/optiopay/klar/releases
ARG KLAR_VERSION="2.4.0"
ENV KLAR_VERSION=${KLAR_VERSION}
RUN wget -O /usr/local/bin/klar "https://github.com/optiopay/klar/releases/download/v${KLAR_VERSION}/klar-${KLAR_VERSION}-linux-amd64" \
&& chmod +x /usr/local/bin/klar \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install Fossa cli. Get versions from https://github.com/fossas/fossa-cli/releases
ARG FOSSA_VERSION="1.0.30"
ENV FOSSA_VERSION=${FOSSA_VERSION}
# hadolint ignore=DL3003
RUN wget -O /root/fossa.tar.gz "https://github.com/fossas/fossa-cli/releases/download/v${FOSSA_VERSION}/fossa-cli_${FOSSA_VERSION}_linux_amd64.tar.gz" \
&& (cd /usr/local/bin && tar -xzvf /root/fossa.tar.gz fossa) \
&& chmod +x /usr/local/bin/fossa \
&& rm -f /root/fossa.tar.gz \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install Gomplate. Get versions from https://github.com/hairyhenderson/gomplate/releases
ARG GOMPLATE_VERSION="3.7.0"
ENV GOMPLATE_VERSION=${GOMPLATE_VERSION}
RUN wget -O /usr/local/bin/gomplate "https://github.com/hairyhenderson/gomplate/releases/download/v${GOMPLATE_VERSION}/gomplate_linux-amd64-slim" \
&& chmod +x /usr/local/bin/gomplate \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install docker-compose. Get versions from https://github.com/docker/compose/releases
ARG DOCKER_COMPOSE_VERSION="1.26.2"
ENV DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}
RUN wget -O /usr/local/bin/docker-compose "https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-x86_64" \
&& chmod +x /usr/local/bin/docker-compose \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
RUN useradd -ms /bin/bash anvil
USER anvil
# Install asdf. Get versions from https://github.com/asdf-vm/asdf/releases
ARG ASDF_VERSION="0.7.8"
ENV ASDF_VERSION=${ASDF_VERSION}
# hadolint ignore=SC2016
RUN git clone --branch "v${ASDF_VERSION}" --depth 1 https://github.com/asdf-vm/asdf.git "${HOME}/.asdf" \
&& echo -e '\nsource $HOME/.asdf/asdf.sh' >> "${HOME}/.bashrc" \
&& echo -e '\nsource $HOME/.asdf/asdf.sh' >> "${HOME}/.profile" \
&& source "${HOME}/.asdf/asdf.sh" \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
ENV PATH="/home/anvil/.asdf/shims:/home/anvil/.asdf/bin:${PATH}"
# Install nodejs. Get versions using 'asdf list all nodejs'
ARG NODEJS_VERSION="12.18.3"
ENV NODEJS_VERSION=${NODEJS_VERSION}
RUN asdf plugin add nodejs \
&& bash ~/.asdf/plugins/nodejs/bin/import-release-team-keyring \
&& asdf install nodejs "${NODEJS_VERSION}" \
&& asdf global nodejs "${NODEJS_VERSION}" \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install python. Get versions using 'asdf list all python'
ARG PYTHON_VERSION="3.8.2"
ENV PYTHON_VERSION=${PYTHON_VERSION}
RUN asdf plugin add python \
&& asdf install python "${PYTHON_VERSION}" \
&& asdf global python "${PYTHON_VERSION}" \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install pre-commit. Get versions using 'pip install pre-commit=='
ARG PRE_COMMIT_VERSION="2.7.1"
ENV PRE_COMMIT_VERSION=${PRE_COMMIT_VERSION}
RUN pip install "pre-commit==${PRE_COMMIT_VERSION}" \
&& asdf reshim python \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install aws cli. Get versions using pip install awscli=='
ARG AWS_CLI_VERSION="1.18.108"
ENV AWS_CLI_VERSION=${AWS_CLI_VERSION}
RUN pip install "awscli==${AWS_CLI_VERSION}" \
&& asdf reshim python \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install Java. Get versions using 'asdf list all java'
ARG JAVA_VERSION="adoptopenjdk-11.0.8+10"
ENV JAVA_VERSION=${JAVA_VERSION}
RUN asdf plugin add java \
&& asdf install java "${JAVA_VERSION}" \
&& asdf global java "${JAVA_VERSION}" \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install kubectl. Get versions using 'asdf list all kubectl'
# Note: It is very important to use the right version of kubectl for your kubernetes cluster.
# Kubernetes only supports a version skew of one minor version (older or newer) compared to the cluster.
# For example, if your cluster version is version 1.12, you should use kubectl version 1.11.X, 1.12.X, or 1.13.X.
# Multiple versions of kubectl are installed. You can choose which one to use by using 'asdf local kubectl X.Y.Z'.
# It will create a file called '.tool-versions' that asdf will look for.
# The env var KUBECTL_VERSION is used to set the global version of kubectl.
ARG KUBECTL_VERSION="1.18.0"
ENV KUBECTL_VERSION=${KUBECTL_VERSION}
RUN asdf plugin add kubectl \
&& asdf install kubectl "$(asdf list all kubectl 1.16 | tail -1)" \
&& asdf install kubectl "$(asdf list all kubectl 1.17 | tail -1)" \
&& asdf install kubectl "${KUBECTL_VERSION}" \
&& asdf global kubectl "${KUBECTL_VERSION}" \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install Helm. Get versions using 'asdf list all helm'.
# Note: Please don't use Helm 2. Friends don't let friends use Tiller.
ARG HELM_VERSION="3.2.4"
ENV HELM_VERSION=${HELM_VERSION}
RUN asdf plugin add helm \
&& asdf install helm "${HELM_VERSION}" \
&& asdf global helm "${HELM_VERSION}" \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install helm-diff plugin. Get versions from https://github.com/databus23/helm-diff/releases
ARG HELM_DIFF_VERSION="3.1.2"
ENV HELM_DIFF_VERSION=${HELM_DIFF_VERSION}
RUN helm plugin install https://github.com/databus23/helm-diff --version "${HELM_DIFF_VERSION}" \
&& asdf reshim helm \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install helm-git plugin. Get versions from https://github.com/aslafy-z/helm-git/releases
ARG HELM_GIT_VERSION="0.8.1"
ENV HELM_GIT_VERSION=${HELM_GIT_VERSION}
RUN helm plugin install https://github.com/aslafy-z/helm-git.git --version "${HELM_GIT_VERSION}" \
&& asdf reshim helm \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install helmfile. Get versions using 'asdf list all helmfile'.
ARG HELMFILE_VERSION="0.125.0"
ENV HELMFILE_VERSION=${HELMFILE_VERSION}
RUN asdf plugin add helmfile \
&& asdf install helmfile "${HELMFILE_VERSION}" \
&& asdf global helmfile "${HELMFILE_VERSION}" \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install Terraform. Get versions using 'asdf list all terraform'
ARG TERRAFORM_VERSION="0.12.29"
ENV TERRAFORM_VERSION=${TERRAFORM_VERSION}
RUN asdf plugin add terraform \
&& asdf install terraform "${TERRAFORM_VERSION}" \
&& asdf global terraform "${TERRAFORM_VERSION}" \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install terraform-docs. Get versions using 'asdf list all terraform-docs'
ARG TERRAFORM_DOCS_VERSION="v0.9.1"
ENV TERRAFORM_DOCS_VERSION=${TERRAFORM_DOCS_VERSION}
RUN asdf plugin add terraform-docs \
&& asdf install terraform-docs "${TERRAFORM_DOCS_VERSION}" \
&& asdf global terraform-docs "${TERRAFORM_DOCS_VERSION}" \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install tflint. Get versions using 'asdf list all tflint'
ARG TFLINT_VERSION="0.18.0"
ENV TFLINT_VERSION=${TFLINT_VERSION}
RUN asdf plugin add tflint \
&& asdf install tflint "${TFLINT_VERSION}" \
&& asdf global tflint "${TFLINT_VERSION}" \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install tfsec. Get versions using 'asdf list all tfsec'
ARG TFSEC_VERSION="0.24.1"
ENV TFSEC_VERSION=${TFSEC_VERSION}
RUN asdf plugin add tfsec \
&& asdf install tfsec "${TFSEC_VERSION}" \
&& asdf global tfsec "${TFSEC_VERSION}" \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Install Apache Maven. Get versions using 'asdf list all maven'
ARG MAVEN_VERSION="3.6.3"
ENV MAVEN_VERSION=${MAVEN_VERSION}
RUN asdf plugin add maven \
&& asdf install maven "${MAVEN_VERSION}" \
&& asdf global maven "${MAVEN_VERSION}" \
&& rm -rf /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
# Support tools installed as anvil when running as root user
USER root
ENV ASDF_DATA_DIR="/home/anvil/.asdf"
RUN cp /home/anvil/.tool-versions /root/.tool-versions
ENV HELM_PLUGINS="/home/anvil/.local/share/helm/plugins"
ENV HELM_REGISTRY_CONFIG="/home/anvil/.config/helm/registry.json"
ENV HELM_REPOSITORY_CACHE="/home/anvil/.cache/helm/repository"
ENV HELM_REPOSITORY_CONFIG="/home/anvil/.config/helm/repositories.yaml"
USER anvil
CMD ["/bin/bash"]