-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathDockerfile
More file actions
149 lines (136 loc) · 5.25 KB
/
Dockerfile
File metadata and controls
149 lines (136 loc) · 5.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# Runner Image for the Scalr remote backend
# --------------------------------------------
#
# Note: This is a PUBLIC image, it should not contain any sensitive data.
FROM debian:trixie-slim
ARG TARGETARCH
SHELL ["/bin/bash", "-o", "pipefail", "-euxc"]
# Base Software
RUN <<EOT
# Install base software
apt-get update -y
apt-get install -y --no-install-recommends \
wget curl ca-certificates \
git-core git-lfs openssh-client \
jq \
gnupg \
zip unzip \
lsb-release
[ "${TARGETARCH}" = "amd64" ] && SESSION_MANAGER_ARCH="64bit" || SESSION_MANAGER_ARCH="arm64"
curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_${SESSION_MANAGER_ARCH}/session-manager-plugin.deb" -o "session-manager-plugin.deb"
dpkg -i session-manager-plugin.deb
# Cleanup
rm session-manager-plugin.deb
apt-get clean
apt-get autoremove -y
rm -rf /var/lib/apt/lists/*
find /usr -name __pycache__ -type d -exec rm -rf {} +
EOT
# Install python standalone build.
ARG PYTHON_VERSION
ARG PYTHON_RELEASE
LABEL python.version=${PYTHON_VERSION}
ENV PIP_ROOT_USER_ACTION=ignore
RUN <<EOT
# See: https://gregoryszorc.com/docs/python-build-standalone/main/running.html#extracting-distributions
export VERSION="${PYTHON_VERSION}"
export RELEASE="${PYTHON_RELEASE}"
# Extract major.minor version (e.g., 3.13 from 3.13.11)
export PY_MINOR="${VERSION%.*}"
apt-get update -y
apt-get install -y --no-install-recommends zstd binutils
[ "${TARGETARCH}" = "amd64" ] && export OPTIONS="x86_64-unknown-linux-gnu-pgo+lto-full"
[ "${TARGETARCH}" = "arm64" ] && export OPTIONS="aarch64-unknown-linux-gnu-pgo+lto-full"
curl -L -o python.tar.zst "https://github.com/astral-sh/python-build-standalone/releases/download/${RELEASE}/cpython-${VERSION}+${RELEASE}-${OPTIONS}.tar.zst"
tar --zstd -xf python.tar.zst
cp -rp python/install/* /usr
rm python.tar.zst
rm -rf python
# Strip debug symbols from shared libraries.
strip -d /usr/lib/libpython${PY_MINOR}.so
# Remove unneeded packages.
rm -rf /usr/lib/Tix* /usr/lib/tcl* /usr/lib/tk* /usr/lib/itcl* /usr/lib/thread*
rm -rf /usr/lib/libpython${PY_MINOR}.a
rm -rf "/usr/lib/python${PY_MINOR}/config-${PY_MINOR}-$(uname -m)-linux-gnu"
rm -rf /usr/lib/python${PY_MINOR}/ensurepip
rm -rf /usr/lib/python${PY_MINOR}/tkinter
rm -rf /usr/lib/python${PY_MINOR}/test
# Cleanup.
apt-get remove -y zstd binutils
apt-get clean
apt-get autoremove -y
rm -rf /var/lib/apt/lists/*
find /usr -name __pycache__ -type d -exec rm -rf {} +
EOT
# Kubectl
ARG KUBECTL_VERSION
LABEL kubectl.version=${KUBECTL_VERSION}
RUN <<EOT
curl -L -o /usr/local/bin/kubectl "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl"
chmod a+x /usr/local/bin/kubectl
EOT
# GCloud
ARG GCLOUD_VERSION
LABEL gcloud.version=${GCLOUD_VERSION}
# Our terraform runs are running in terraform container, where home dir (HOME env var) is /tmp,
# therefore all pip binaries are installing under /tmp/.local/bin
ENV PATH=/usr/local/google-cloud-sdk/bin:/tmp/.local/bin:$PATH
RUN <<EOT
[ "${TARGETARCH}" = "amd64" ] && GCLOUD_ARCH="x86_64" || GCLOUD_ARCH="arm"
curl -fsSL "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${GCLOUD_VERSION}-linux-${GCLOUD_ARCH}.tar.gz" -o google-cloud-sdk.tar.gz
tar -C /usr/local -zxf google-cloud-sdk.tar.gz
rm -rf google-cloud-sdk.tar.gz
gcloud components install \
alpha beta \
gke-gcloud-auth-plugin
# Cleanup
rm -rf /usr/local/google-cloud-sdk/.install/.backup
find /usr/local/google-cloud-sdk -name __pycache__ -type d -exec rm -rf {} +
EOT
# AWS CLI
ARG AWS_CLI_VERSION
LABEL aws-cli.version=${AWS_CLI_VERSION}
RUN <<EOT
[ "${TARGETARCH}" = "amd64" ] && AWS_CLI_ARCH="x86_64" || AWS_CLI_ARCH="aarch64"
curl -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-${AWS_CLI_ARCH}-${AWS_CLI_VERSION}.zip" -o awscli.zip
unzip -q awscli.zip
./aws/install
# Cleanup
rm -rf aws awscli.zip
EOT
# Azure CLI
ARG AZURE_CLI_VERSION
LABEL azure-cli.version=${AZURE_CLI_VERSION}
RUN <<EOT
AZ_DIST=bookworm
mkdir -p /etc/apt/keyrings
curl -sLS https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /etc/apt/keyrings/microsoft.gpg > /dev/null
chmod go+r /etc/apt/keyrings/microsoft.gpg
echo "Types: deb
URIs: https://packages.microsoft.com/repos/azure-cli/
Suites: ${AZ_DIST}
Components: main
Architectures: $(dpkg --print-architecture)
Signed-by: /etc/apt/keyrings/microsoft.gpg" | tee /etc/apt/sources.list.d/azure-cli.sources
apt-get update
apt-get install -y --no-install-recommends "azure-cli=${AZURE_CLI_VERSION}-1~${AZ_DIST}"
# Cleanup
apt-get clean
apt-get autoremove -y
rm -rf /var/lib/apt/lists/*
find /opt/az/lib/python* -regextype grep -regex ".*/tests\?" -exec rm -rf {} +
find /opt/az -name __pycache__ -type d -exec rm -rf {} +
EOT
# Scalr CLI
ARG SCALR_CLI_VERSION
LABEL scalr-cli.version=${SCALR_CLI_VERSION}
RUN <<EOT
curl -fsSL "https://github.com/Scalr/scalr-cli/releases/download/v${SCALR_CLI_VERSION}/scalr-cli_${SCALR_CLI_VERSION}_linux_${TARGETARCH}.zip" -o scalr_cli.zip
unzip -q scalr_cli.zip
mv ./scalr /usr/local/bin/scalr
# Cleanup
rm -rf scalr_cli.zip
EOT
# Add the scalr user (optional; used when running the container with UID 1000).
RUN useradd -u 1000 -m scalr
ENTRYPOINT ["/usr/bin/bash"]