-
Notifications
You must be signed in to change notification settings - Fork 9
/
Dockerfile
153 lines (140 loc) · 3.56 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
FROM python:3.12.3-bookworm
###
# For a list of pre-defined annotation keys and value types see:
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#
# Note: Additional labels are added by the build workflow.
LABEL org.opencontainers.image.authors="[email protected]"
LABEL org.opencontainers.image.vendor="Cybersecurity and Infrastructure Security Agency"
###
# Unprivileged user setup variables
###
ARG CISA_UID=421
ARG CISA_GID=${CISA_UID}
ARG CISA_USER="cisa"
ENV CISA_GROUP=${CISA_USER}
ENV CISA_HOME="/home/${CISA_USER}"
###
# Upgrade the system
###
RUN apt-get update --quiet --quiet \
&& apt-get upgrade --quiet --quiet
###
# Create unprivileged user
###
RUN groupadd --system --gid ${CISA_GID} ${CISA_GROUP} \
&& useradd --system --uid ${CISA_UID} --gid ${CISA_GROUP} --comment "${CISA_USER} user" ${CISA_USER}
###
# Install everything we need
#
# Install dependencies are only needed for software installation and
# will be removed at the end of the build process.
###
ENV DEPS \
build-essential \
cmake \
curl \
git \
libblas-dev \
libc6-dev \
libfontconfig1 \
liblapack-dev \
libreadline-dev \
libssl-dev \
libxml2-dev \
libxslt1-dev \
libyaml-dev \
make \
unzip \
wget \
zlib1g-dev \
autoconf \
automake \
bison \
gawk \
libffi-dev \
libgdbm-dev \
libncurses5-dev \
libsqlite3-dev \
libtool \
pkg-config \
sqlite3 \
libgeos-dev \
# Additional dependencies for python-build
libbz2-dev \
llvm \
libncursesw5-dev \
# Latex stuff
xzdec \
texlive-latex-base \
texlive-latex-recommended \
texlive-latex-extra \
texlive-xetex \
fonts-lmodern \
lmodern \
texlive-science \
fontconfig \
redis-tools
# ENV INSTALL_DEPS \
# git
RUN apt-get install --quiet --quiet --yes \
--no-install-recommends --no-install-suggests \
$DEPS $INSTALL_DEPS
###
# Make sure pip, setuptools, and wheel are the latest versions
#
# Note that we use pip3 --no-cache-dir to avoid writing to a local
# cache. This results in a smaller final image, at the cost of
# slightly longer install times.
###
RUN pip3 install --no-cache-dir --upgrade \
pip \
setuptools \
wheel
# Setup texlive latex stuff.
RUN tlmgr init-usertree
###
# Install requirements for report generation
#
# Note that we use pip3 --no-cache-dir to avoid writing to a local
# cache. This results in a smaller final image, at the cost of
# slightly longer install times.
#
# numpy seems to be required to build basemap's wheel, so we'll
# install it first.
#
# Note that matplotlib.basemap is currently incompatible with
# matplotlib 3.x.
RUN pip3 install --no-cache-dir --upgrade numpy \
&& pip3 install --no-cache-dir --upgrade \
chevron \
docopt \
geos \
matplotlib \
https://github.com/cisagov/mongo-db-from-config/tarball/develop \
pandas \
pypdf2
###
# Remove install dependencies
###
# RUN apt-get remove --quiet --quiet $INSTALL_DEPS
###
# Clean up aptitude cruft
###
RUN apt-get --quiet --quiet clean \
&& rm --recursive --force /var/lib/apt/lists/*
###
# Setup working directory and entrypoint
###
# Put this just before we change users because the copy (and every
# step after it) will always be rerun by Docker, but we need to be
# root for the chown command.
COPY src ${CISA_HOME}
RUN chown --recursive ${CISA_USER}:${CISA_GROUP} ${CISA_HOME}
###
# Prepare to run
###
# Right now we need to run as root for the font stuff
# USER ${CISA_USER}:${CISA_GROUP}
WORKDIR ${CISA_HOME}
ENTRYPOINT ["./report.sh"]