-
Notifications
You must be signed in to change notification settings - Fork 3
/
runner.Dockerfile
90 lines (70 loc) · 3.28 KB
/
runner.Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# syntax=docker.io/docker/dockerfile:1.7.1
FROM --platform=$TARGETPLATFORM ubuntu:24.04@sha256:99c35190e22d294cdace2783ac55effc69d32896daaa265f0bbedbcde4fbe3e5 \
as base
RUN set -ex; \
(cd /usr/local/bin; \
ln -s ../lib/node_modules/npm/bin/npm-cli.js npm; \
ln -s ../lib/node_modules/corepack/dist/corepack.js corepack; \
); \
\
export DEBIAN_FRONTEND=noninteractive; \
runDeps='ca-certificates curl git jq unzip findutils patch xz-utils gpg apt-transport-https'; \
buildDeps=''; \
apt-get update && apt-get install -y $runDeps $buildDeps --no-install-recommends; \
\
echo disabled: apt-get purge -y --auto-remove $buildDeps; \
rm -rf /var/lib/apt/lists/*; \
rm -rf /var/log/dpkg.log /var/log/alternatives.log /var/log/apt /root/.gnupg
ENV YSTACK_HOME=/usr/local/src/ystack \
PATH="${PATH}:/usr/local/src/ystack/bin" \
SKAFFOLD_INSECURE_REGISTRY='builds-registry.ystack.svc.cluster.local,prod-registry.ystack.svc.cluster.local' \
SKAFFOLD_UPDATE_CHECK=false \
TURBO_NO_UPDATE_NOTIFIER=1 \
TURBO_GLOBAL_WARNING_DISABLED=1 \
DO_NOT_TRACK=1 \
npm_config_update_notifier=false
FROM --platform=$TARGETPLATFORM node:22.11.0-bookworm-slim@sha256:f73e9c70d4279d5e7b7cc1fe307c5de18b61089ffa2235230408dfb14e2f09a0 \
as node
FROM base as bin
COPY bin/y-bin.runner.yaml \
bin/y-bin-download \
bin/y-bin-dependency-download \
/usr/local/src/ystack/bin/
COPY bin/y-kubectl /usr/local/src/ystack/bin/
RUN y-kubectl version --client=true --output=json
COPY bin/y-kustomize /usr/local/src/ystack/bin/
RUN y-kustomize version
COPY bin/y-helm /usr/local/src/ystack/bin/
# RUN y-helm version --client=true
RUN curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list \
&& apt-get update \
&& apt-get install helm \
&& helm version --client=true \
&& ln -s $(which helm) /usr/local/src/ystack/bin/helm \
&& ln -s $(which helm) /usr/local/src/ystack/bin/y-helm-v3.16.2-bin \
&& y-helm version --client=true
COPY bin/y-buildctl /usr/local/src/ystack/bin/
RUN y-buildctl --version
COPY bin/y-crane /usr/local/src/ystack/bin/
RUN y-crane version
COPY bin/y-yq /usr/local/src/ystack/bin/
RUN y-yq --version
COPY bin/y-skaffold /usr/local/src/ystack/bin/
RUN y-skaffold config set --global collect-metrics false
COPY bin/y-esbuild /usr/local/src/ystack/bin/
RUN y-esbuild --version
COPY bin/y-turbo /usr/local/src/ystack/bin/
RUN y-turbo --version
FROM --platform=$TARGETPLATFORM base
COPY --from=node --link /usr/local/lib/node_modules /usr/local/lib/node_modules
COPY --from=node --link /usr/local/bin/node /usr/local/bin/
COPY --from=bin /usr/local/src/ystack/bin /usr/local/src/ystack/bin
COPY . /usr/local/src/ystack
WORKDIR /usr/local/src/ystack
RUN echo 'nonroot:x:65532:65534:nonroot:/home/nonroot:/usr/sbin/nologin' >> /etc/passwd && \
mkdir -p /home/nonroot && touch /home/nonroot/.bash_history && chown -R 65532:65534 /home/nonroot && \
chown nonroot /usr/local/src/ystack/bin /usr/local/lib/node_modules && \
ln -s /home/nonroot/.skaffold /root/.skaffold
USER nonroot:nogroup
RUN y-skaffold config set --global collect-metrics false