forked from cloud-custodian/cloud-custodian
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathc7n
129 lines (84 loc) · 5.51 KB
/
c7n
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# Dockerfiles are generated from tools/dev/dockerpkg.py
FROM ubuntu:24.04 as build-env
ARG POETRY_VERSION="1.8.3"
SHELL ["/bin/bash", "-c"]
# pre-requisite distro deps, and build env setup
RUN apt-get --yes update
RUN apt-get --yes install --no-install-recommends build-essential curl python3-venv python3-dev adduser
# todo: 24.04 is trying to standardize on ubuntu as builtin non root.
RUN adduser --disabled-login --gecos "" custodian
RUN python3 -m venv /usr/local
RUN /usr/local/bin/pip install -U pip setuptools && /usr/local/bin/pip install "poetry==${POETRY_VERSION}"
ARG PATH="/root/.local/bin:$PATH"
WORKDIR /src
# Add core & aws packages
ADD pyproject.toml poetry.lock README.md /src/
RUN . /usr/local/bin/activate && pip install -qU pip wheel aws-xray-sdk psutil jsonpatch
# Ignore root first pass so if source changes we don't have to invalidate
# dependency install
RUN . /usr/local/bin/activate && poetry install --without dev --no-root
# Now install the root package, we used to do this after dependencies of other providers
# but since moving c7n to a main dependency in pyproject toml we have to do this one first.
ADD c7n /src/c7n/
RUN . /usr/local/bin/activate && poetry install --only-root
ARG providers="gcp azure kube openstack tencentcloud oci awscc"
# Add provider packages
# We include `pyproject.toml` and `poetry.lock` first to allow
# cache of dependency installs.
ADD tools/c7n_gcp/pyproject.toml tools/c7n_gcp/poetry.lock /src/tools/c7n_gcp/
RUN if [[ " ${providers[*]} " =~ "gcp" ]]; then . /usr/local/bin/activate && cd tools/c7n_gcp && poetry install --without dev --no-root; fi
ADD tools/c7n_azure/pyproject.toml tools/c7n_azure/poetry.lock /src/tools/c7n_azure/
RUN if [[ " ${providers[*]} " =~ "azure" ]]; then . /usr/local/bin/activate && cd tools/c7n_azure && poetry install --without dev --no-root; fi
ADD tools/c7n_kube/pyproject.toml tools/c7n_kube/poetry.lock /src/tools/c7n_kube/
RUN if [[ " ${providers[*]} " =~ "kube" ]]; then . /usr/local/bin/activate && cd tools/c7n_kube && poetry install --without dev --no-root; fi
ADD tools/c7n_openstack/pyproject.toml tools/c7n_openstack/poetry.lock /src/tools/c7n_openstack/
RUN if [[ " ${providers[*]} " =~ "openstack" ]]; then . /usr/local/bin/activate && cd tools/c7n_openstack && poetry install --without dev --no-root; fi
ADD tools/c7n_tencentcloud/pyproject.toml tools/c7n_tencentcloud/poetry.lock /src/tools/c7n_tencentcloud/
RUN if [[ " ${providers[*]} " =~ "tencentcloud" ]]; then . /usr/local/bin/activate && cd tools/c7n_tencentcloud && poetry install --without dev --no-root; fi
ADD tools/c7n_oci/pyproject.toml tools/c7n_oci/poetry.lock /src/tools/c7n_oci/
RUN if [[ " ${providers[*]} " =~ "oci" ]]; then . /usr/local/bin/activate && cd tools/c7n_oci && poetry install --without dev --no-root; fi
ADD tools/c7n_awscc/pyproject.toml tools/c7n_awscc/poetry.lock /src/tools/c7n_awscc/
RUN if [[ " ${providers[*]} " =~ "awscc" ]]; then . /usr/local/bin/activate && cd tools/c7n_awscc && poetry install --without dev --no-root; fi
# Now install the root of each provider
ADD tools/c7n_gcp /src/tools/c7n_gcp
RUN if [[ " ${providers[*]} " =~ "gcp" ]]; then . /usr/local/bin/activate && cd tools/c7n_gcp && poetry install --only-root; fi
ADD tools/c7n_azure /src/tools/c7n_azure
RUN if [[ " ${providers[*]} " =~ "azure" ]]; then . /usr/local/bin/activate && cd tools/c7n_azure && poetry install --only-root; fi
ADD tools/c7n_kube /src/tools/c7n_kube
RUN if [[ " ${providers[*]} " =~ "kube" ]]; then . /usr/local/bin/activate && cd tools/c7n_kube && poetry install --only-root; fi
ADD tools/c7n_openstack /src/tools/c7n_openstack
RUN if [[ " ${providers[*]} " =~ "openstack" ]]; then . /usr/local/bin/activate && cd tools/c7n_openstack && poetry install --only-root; fi
ADD tools/c7n_tencentcloud /src/tools/c7n_tencentcloud
RUN if [[ " ${providers[*]} " =~ "tencentcloud" ]]; then . /usr/local/bin/activate && cd tools/c7n_tencentcloud && poetry install --only-root; fi
ADD tools/c7n_oci /src/tools/c7n_oci
RUN if [[ " ${providers[*]} " =~ "oci" ]]; then . /usr/local/bin/activate && cd tools/c7n_oci && poetry install --only-root; fi
ADD tools/c7n_awscc /src/tools/c7n_awscc
RUN if [[ " ${providers[*]} " =~ "awscc" ]]; then . /usr/local/bin/activate && cd tools/c7n_awscc && poetry install --only-root; fi
# Install c7n_awscc
ADD tools/c7n_awscc /src/tools/c7n_awscc
RUN . /usr/local/bin/activate && cd tools/c7n_awscc && poetry install
RUN mkdir /output
FROM ubuntu:24.04
LABEL name="cli" \
repository="http://github.com/cloud-custodian/cloud-custodian"
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get --yes update \
&& apt-get --yes install python3 python3-venv adduser --no-install-recommends \
&& rm -Rf /var/cache/apt \
&& rm -Rf /var/lib/apt/lists/* \
&& rm -Rf /var/log/*
# These should remain below any other commands because they will invalidate
# the layer cache
COPY --from=build-env /src /src
COPY --from=build-env /usr/local /usr/local
COPY --from=build-env /output /output
RUN adduser --disabled-login --gecos "" custodian
USER custodian
WORKDIR /home/custodian
ENV LC_ALL="C.UTF-8" LANG="C.UTF-8"
VOLUME ["/home/custodian"]
ENTRYPOINT ["/usr/local/bin/custodian"]
CMD ["--help"]
LABEL "org.opencontainers.image.title"="cli"
LABEL "org.opencontainers.image.description"="Cloud Management Rules Engine"
LABEL "org.opencontainers.image.documentation"="https://cloudcustodian.io/docs"