-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile.test-matrix
More file actions
69 lines (59 loc) · 3.07 KB
/
Copy pathDockerfile.test-matrix
File metadata and controls
69 lines (59 loc) · 3.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# Test-matrix image — verify the install scripts run cleanly on a fresh
# Ubuntu 24.04 box. Single image to start; add fedora/arch/alpine layers
# only when a real cross-distro bug shows up.
#
# NOTE on duplication with cheshirecode/sandbox/Dockerfile:
# The apt base layer + gh keyring setup overlaps ~5 lines with that file.
# Council item #9 considered extracting a shared base; rejected because the
# cost (registry image or submodule) outweighs the ~5 lines saved. If a third
# image joins, revisit and publish a base image to ghcr.io.
# Divergence: this file is CI-only (shellcheck → dry-run → install → doctor).
# The sandbox Dockerfile is a dev container with tini + entrypoint + STOPSIGNAL.
#
# Stages:
# 1. shellcheck — static-lint every bin/*.sh
# 2. dry-run install — manifest parse + skills-skip behavior
# 3. real install — runtime deps + skills + worklog (--no-worklog
# since the test image shouldn't fork the journal)
# 4. doctor — exit 0 assertion
#
# Auth-gated tools (Claude OAuth, Codex OAuth, gh-with-PAT) are NOT
# exercised here — those need interactive auth and live outside CI.
#
# Build: docker build -f Dockerfile.test-matrix -t dotfiles-test .
FROM ubuntu:24.04
ENV DEBIAN_FRONTEND=noninteractive
ENV PATH=/root/.local/bin:$PATH
# Bootstrap layer — only the absolute minimum so install-runtime-deps.sh
# has sudo + a package manager + python3 (PyYAML is installed by the
# install script itself).
RUN apt-get update -qq && apt-get install -y --no-install-recommends \
ca-certificates curl gnupg sudo shellcheck \
python3 python3-pip python3-yaml \
git \
&& rm -rf /var/lib/apt/lists/*
# Add the gh apt source (so install-runtime-deps.sh can `apt install gh`).
RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
| dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
&& chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
> /etc/apt/sources.list.d/github-cli.list
WORKDIR /src
COPY . /src
# --- Stage 1: shellcheck --------------------------------------------------
RUN echo "=== Stage 1: shellcheck ===" \
&& shellcheck --severity=warning bin/*.sh
# --- Stage 2: dry-run install --------------------------------------------
RUN echo "=== Stage 2: dry-run install-skills ===" \
&& bin/install-skills.sh --dry-run
# --- Stage 3: real install (no worklog clone in CI) ----------------------
# INSTALL_RUNTIME_DEPS_YES=1 is the script's documented opt-in for non-TTY
# contexts (council item #11 — refuse silent sudo install). CI is exactly
# that intentional opt-in.
RUN echo "=== Stage 3: real install ===" \
&& INSTALL_RUNTIME_DEPS_YES=1 bin/install.sh --no-worklog
# --- Stage 4: doctor ------------------------------------------------------
# Worklog repo not cloned → doctor will WARN, not FAIL. Exit must be 0.
RUN echo "=== Stage 4: doctor ===" \
&& bin/doctor.sh
CMD ["bash"]