-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile.devtools
More file actions
82 lines (73 loc) · 2.94 KB
/
Dockerfile.devtools
File metadata and controls
82 lines (73 loc) · 2.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# syntax=docker/dockerfile:1.4
# Devtools image extending salt-dev with interactive development tools.
# Build: docker buildx build -f Dockerfile.devtools -t salt-dev-tools --load .
ARG BASE_TAG=latest
ARG BASE_IMAGE=paratools/salt-dev
FROM ${BASE_IMAGE}:${BASE_TAG}
LABEL maintainer="ParaTools Inc."
SHELL ["/bin/bash", "-euo", "pipefail", "-c"]
# Switch to root for package installation
USER root
# Create a named salt user with a real home directory
# GID 967 matches the docker group already in the base image
# UID is not pinned -- use --user at runtime to match host UID for bind mounts
# chown required: base image WORKDIR creates /home/salt owned by root,
# and useradd -m does not chown pre-existing directories
RUN useradd -m -s /bin/bash -g 967 salt \
&& chown salt:967 /home/salt
# Add GitHub CLI apt repository
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked <<EOC
#!/usr/bin/env bash
set -euo pipefail
apt-get update
apt-get install -y --no-install-recommends curl gpg
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg -o /tmp/gh-cli.gpg
gpg --with-colons --import-options show-only --import /tmp/gh-cli.gpg 2>/dev/null \
| grep -q "fpr:::::::::2C6106201985B60E6C7AC87323F3D4EA75716059:" \
|| { echo "ERROR: GitHub CLI GPG key fingerprint mismatch!"; exit 1; }
gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg < /tmp/gh-cli.gpg
rm /tmp/gh-cli.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
> /etc/apt/sources.list.d/github-cli.list
EOC
# Install all development tools in a single layer
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked <<EOC
#!/usr/bin/env bash
set -euo pipefail
apt-get update
apt-get install -y --no-install-recommends \
emacs-nox \
gh \
nodejs npm \
ripgrep \
silversearcher-ag \
htop \
gdb \
jq \
python3 \
bat \
sudo \
valgrind
# Symlink batcat to bat for convenience (Debian name conflict)
ln -sf /usr/bin/batcat /usr/local/bin/bat
# Grant salt user passwordless sudo (dev/debug image only)
echo "salt ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/salt
rm -rf /var/lib/apt/lists/*
EOC
# Install Claude Code globally via npm
# Intentionally unpinned: always install latest Claude Code
# hadolint ignore=DL3016
RUN npm install -g @anthropic-ai/claude-code
# Copy Intel IFX installer script (run manually when needed)
COPY install-intel-ifx.sh /usr/local/bin/install-intel-ifx.sh
RUN chmod +x /usr/local/bin/install-intel-ifx.sh
# Copy entrypoint script
COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
# Switch to salt user for runtime
USER salt
WORKDIR /home/salt/src
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["/bin/bash"]