-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathDockerfile-ci
136 lines (118 loc) · 3.63 KB
/
Dockerfile-ci
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
FROM ubuntu:rolling
ARG DEBIAN_FRONTEND=noninteractive
SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
RUN apt-get update; \
apt-get full-upgrade -y; \
apt-get install -y --no-install-recommends \
apt-transport-https \
ca-certificates \
curl \
git \
gnupg \
locales \
lsb-release \
openssl \
python3 \
python3-apt \
python3-dev \
python3-pip \
python3-setuptools \
tar \
xz-utils \
;\
apt-get clean; \
rm -rf /var/lib/apt/lists/*
RUN locale-gen en_US.UTF-8
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
# Run this container as current host user:
ARG USER_ID
ARG GROUP_ID
RUN groupadd -g "${GROUP_ID}" docker; \
useradd -l -u "${USER_ID}" -g docker docker; \
install -d -m 0750 -o docker -g docker /home/docker; \
chown "${USER_ID}":"${GROUP_ID}" -R /home/docker
WORKDIR /tmp/
# nodejs LTS and latest NPM:
RUN curl -fsSL https://raw.githubusercontent.com/tj/n/master/bin/n \
-o /usr/local/bin/n; \
chmod 0755 /usr/local/bin/n; \
n lts; \
npm install -g npm@latest
# shellcheck:
ARG SHELLCHECK_VERSION=0.8.0
RUN curl -OfsSL \
"https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz"; \
tar -xf "shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz"; \
mv "shellcheck-v${SHELLCHECK_VERSION}/shellcheck" /usr/local/bin/; \
rm -r \
"shellcheck-v${SHELLCHECK_VERSION}/" \
"shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz"
# hadolint:
ARG HADOLINT_VERSION=2.10.0
RUN curl -fsSL \
"https://github.com/hadolint/hadolint/releases/download/v${HADOLINT_VERSION}/hadolint-Linux-x86_64" \
-o /usr/local/bin/hadolint; \
chmod +x /usr/local/bin/hadolint
# Docker:
RUN curl -fsSL \
https://download.docker.com/linux/ubuntu/gpg | \
gpg --dearmor > /usr/share/keyrings/docker.gpg; \
echo \
"deb \
[arch=amd64 signed-by=/usr/share/keyrings/docker.gpg] \
https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable" > /etc/apt/sources.list.d/docker.list; \
apt-get update; \
apt-get install -y --no-install-recommends \
docker-ce \
docker-ce-cli \
containerd.io \
;\
apt-get clean; \
rm -rf /var/lib/apt/lists/*
# editorconfig-checker (ec):
ENV EC_VERSION 2.5.0
RUN curl -OfsSL \
"https://github.com/editorconfig-checker/editorconfig-checker/releases/download/${EC_VERSION}/ec-linux-amd64.tar.gz"; \
tar -xzf ec-linux-amd64.tar.gz; \
mv bin/ec-linux-amd64 /usr/local/bin/ec; \
rm -r \
ec-linux-amd64.tar.gz \
bin/
# Trivy:
RUN curl -fsSL \
https://aquasecurity.github.io/trivy-repo/deb/public.key | \
gpg --dearmor > /usr/share/keyrings/trivy.gpg; \
echo \
"deb \
[signed-by=/usr/share/keyrings/trivy.gpg] \
https://aquasecurity.github.io/trivy-repo/deb bionic main" \
> /etc/apt/sources.list.d/trivy.list; \
apt-get update; \
apt-get install -y --no-install-recommends \
trivy \
;\
apt-get clean; \
rm -rf /var/lib/apt/lists/*
# Upgrade pip:
RUN pip3 install --upgrade --no-cache-dir \
pip \
setuptools \
wheel \
; \
apt-get remove -y \
python3-pip \
python3-setuptools \
python3-wheel \
; \
apt-get autoremove -y
USER docker
ENV PATH="/home/docker/.local/bin:${PATH}"
# pip (common):
COPY requirements.txt /tmp/
RUN pip3 install --upgrade --no-cache-dir --requirement /tmp/requirements.txt
WORKDIR /docker
CMD ["bash"]