-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathDockerfile
126 lines (102 loc) · 3.14 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# fusedav uses a multi-stage image build process.
#
# base adds some basic packages to fedora:28. It is separate to allow
# layer caching to operate.
#
# dev includes the compiler and development libraries. It is the terminal
# stage used when running a Dev Container.
#
# compile executes the actual compile operation.
#
# extract builds an image containing only the RPM.
# By exporting that layer (BuildKit feature), we are able to access the RPM
# from the host for later publishing.
#
# runtime is the final runtime image.
#
FROM docker.io/library/fedora:28 AS base
SHELL ["/bin/bash", "-euo", "pipefail", "-c"]
RUN \
dnf install -y \
fuse \
fuse-libs \
jemalloc \
leveldb \
sudo \
uriparser \
which \
&& dnf clean all \
&& rm -rf /var/cache/dnf \
&& groupadd -g 1098 fusedav \
&& useradd -u 1098 -g 1098 -G wheel -d /home/fusedav -s /bin/bash -m fusedav \
&& groupadd -g 1099 vscode \
&& useradd -u 1099 -g 1099 -G wheel -d /home/vscode -s /bin/bash -m vscode \
&& echo "%wheel ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/wheel \
&& grep -E -q '^user_allow_other' /etc/fuse.conf || echo user_allow_other >> /etc/fuse.conf
# TODO: consider removing fusedav from wheel group
########################################
FROM base AS dev
RUN \
dnf install -y \
'dnf-command(config-manager)' \
autoconf \
automake \
bind-utils \
expat-devel \
findutils \
fuse-devel \
gcc \
gdb \
git \
glib2-devel \
jemalloc-devel \
leveldb-devel \
libcurl-devel \
make \
procps-ng \
rpm-build \
strace \
systemd-devel \
tcpdump \
uriparser-devel \
zlib-devel \
&& dnf config-manager --add-repo https://cli.github.com/packages/rpm/gh-cli.repo \
&& dnf install -y gh \
&& dnf clean all \
&& rm -rf /var/cache/dnf \
&& curl -fsSL https://github.com/pantheon-systems/autotag/releases/latest/download/autotag_linux_amd64 \
-o /usr/local/bin/autotag \
&& chmod 0755 /usr/local/bin/autotag
# Installing autotag above makes it available within a dev container.
# When building via CI/CD, autotag is installed/called elsewhere.
# Installing gh above makes it available within a dev container.
# When building via GitHub Actions, gh is installed/called elsewhere.
USER vscode
########################################
FROM dev AS compile
# new-version.sh MUST be created before we get here
COPY . /build
WORKDIR /build
# Using explicit USER instructions instead of sudo to satisfy Guardrails.
USER root
RUN \
chown -R vscode /build
USER vscode
RUN \
scripts/build-rpm.sh
########################################
FROM scratch AS extract
COPY --from=compile /home/vscode/rpmbuild/RPMS RPMS
COPY --from=compile /home/vscode/rpmbuild/SRPMS SRPMS
COPY --from=compile /build/LATEST-RPM-VER-REL LATEST-RPM-VER-REL
########################################
FROM base AS runtime
COPY --from=compile \
/build/LATEST-RPM-VER-REL \
/home/vscode/rpmbuild/RPMS/x86_64/fusedav-*.rpm \
/tmp/
# BEWARE: `.fc28` is the RPM release suffix normally added by rpmbuild.
RUN \
LATEST=$(cat /tmp/LATEST-RPM-VER-REL) \
&& rpm -i "/tmp/fusedav-${LATEST}.fc28.x86_64.rpm"
USER fusedav