-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
109 lines (86 loc) · 6.38 KB
/
Dockerfile
File metadata and controls
109 lines (86 loc) · 6.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# Set the base image to use for subsequent instructions
#checkov:skip=CKV_DOCKER_7: allow use of latest tag
FROM cgr.dev/chainguard/wolfi-base:latest AS build
LABEL org.opencontainers.image.source=https://github.com/yonasBSD/toolkit
# Install build dependencies
RUN apk update && apk --no-cache add cosign bash curl rust build-base
# Run curl installs
RUN mkdir -p /usr/local/bin
# https://get.comtrya.dev SSL cert expired on Sept 7, 2025.
# Use local copy of install script.
#RUN curl -fsSL https://get.comtrya.dev > comtrya.sh && sh comtrya.sh
WORKDIR /app
COPY scripts/comtrya.sh .
RUN sh comtrya.sh
RUN curl -fsSL https://just.systems/install.sh > just.sh && bash just.sh --to /usr/local/bin
RUN curl -fsSL https://taskfile.dev/install.sh > task.sh && sh task.sh -d -b /usr/local/bin
RUN curl -fsSL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh > trufflehog.sh && sh trufflehog.sh -v -b /usr/local/bin
RUN curl -fsSL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh > trivy.sh && sh trivy.sh -b /usr/local/bin
RUN curl -fsSL https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh > binstall.sh && bash binstall.sh && mv /root/.cargo/bin/cargo-binstall /usr/local/bin
RUN curl -fsSL https://dprint.dev/install.sh | sh && mv ~/.dprint/bin/dprint /usr/local/bin
RUN curl -fsSL https://mise.run | sh && mv ~/.local/bin/mise /usr/local/bin
# Download from release assets
RUN curl -sL -o docker-assets-rcl.zip https://github.com/yonasBSD/toolkit/releases/latest/download/docker-assets-rcl.zip && unzip -jo docker-assets-rcl.zip -d /usr/local/bin
RUN curl -sL -o docker-assets-kcl.zip https://github.com/yonasBSD/toolkit/releases/latest/download/docker-assets-kcl.zip && unzip -jo docker-assets-kcl.zip -d /usr/local/bin
RUN curl -sL -o docker-assets-pipelight.zip https://github.com/yonasBSD/toolkit/releases/latest/download/docker-assets-pipelight.zip && unzip -jo docker-assets-pipelight.zip -d /usr/local/bin
RUN curl -sL -o docker-assets-hurl.zip https://github.com/yonasBSD/toolkit/releases/latest/download/docker-assets-hurl.zip && unzip -jo docker-assets-hurl.zip -d /usr/local/bin
RUN curl -sL -o docker-assets-dra.zip https://github.com/yonasBSD/toolkit/releases/latest/download/docker-assets-dra.zip && unzip -jo docker-assets-dra.zip -d /usr/local/bin
RUN curl -sL -o docker-assets-cargo-auditable.zip https://github.com/yonasBSD/toolkit/releases/latest/download/docker-assets-cargo-auditable.zip && unzip -jo docker-assets-cargo-auditable.zip -d /usr/local/bin
RUN curl -sL -o docker-assets-venom.zip https://github.com/yonasBSD/toolkit/releases/latest/download/docker-assets-venom.zip && unzip -jo docker-assets-venom.zip -d /usr/local/bin
RUN curl -sL -o docker-assets-feluda.zip https://github.com/yonasBSD/toolkit/releases/latest/download/docker-assets-feluda.zip && unzip -jo docker-assets-feluda.zip -d /usr/local/bin
RUN curl -sL -o docker-assets-cargo-license.zip https://github.com/yonasBSD/toolkit/releases/latest/download/docker-assets-cargo-license.zip && unzip -jo docker-assets-cargo-license.zip -d /usr/local/bin
# Run cargo installs
#RUN cargo install --git https://github.com/ruuda/rcl rcl && mv /root/.cargo/bin/rcl /usr/local/bin
#RUN cargo install --git https://github.com/pipelight/pipelight && mv /root/.cargo/bin/pipelight /usr/local/bin
#RUN cargo install --git https://github.com/Orange-OpenSource/hurl hurl hurlfmt && mv /root/.cargo/bin/hurl* /usr/local/bin
#RUN cargo install --locked --git https://github.com/devmatteini/dra && mv /root/.cargo/bin/dra /usr/local/bin
# Run cargo-binstall
RUN cargo binstall -y --install-path /usr/local/bin --min-tls-version 1.3 cargo-about
RUN cargo binstall -y --install-path /usr/local/bin --min-tls-version 1.3 cargo-audit
RUN cargo binstall -y --install-path /usr/local/bin --min-tls-version 1.3 cargo-deny
RUN cargo binstall -y --install-path /usr/local/bin --min-tls-version 1.3 cargo-nextest
RUN cargo binstall -y --install-path /usr/local/bin --min-tls-version 1.3 cargo-insta
RUN cargo binstall -y --install-path /usr/local/bin --min-tls-version 1.3 cargo-binutils
RUN cargo binstall -y --install-path /usr/local/bin --min-tls-version 1.3 cargo-llvm-cov
RUN cargo binstall -y --install-path /usr/local/bin --min-tls-version 1.3 cargo2junit
RUN cargo binstall -y --install-path /usr/local/bin --min-tls-version 1.3 sccache
RUN cargo binstall -y --install-path /usr/local/bin --min-tls-version 1.3 rsign2
# Run dra installs
# Some projects don't have binaries for arch that chainguard/wolfi-base uses
RUN dra download --automatic --install --output /usr/local/bin/b3sum BLAKE3-team/BLAKE3
RUN dra download --automatic typst/typst && mkdir typst && tar -xvf typst*tar.xz --directory typst --strip-components 1 && mv typst/typst /usr/local/bin && rm -rf typst
RUN dra download --automatic numtide/treefmt && mkdir treefmt && tar -xvf treefmt*tar.gz --directory treefmt && mv treefmt/treefmt /usr/local/bin && rm -rf treefmt
# Download minijinja, keep original binary name, and create symlink
RUN dra download --automatic mitsuhiko/minijinja && \
mkdir minijinja && \
tar -xvf minijinja*tar.xz --directory minijinja --strip-components 1 && \
mv minijinja/minijinja-cli /usr/local/bin/minijinja-cli && \
ln -s /usr/local/bin/minijinja-cli /usr/local/bin/minijinja && \
rm -rf minijinja
#checkov:skip=CKV_DOCKER_7: allow use of latest tag
FROM cgr.dev/chainguard/wolfi-base:latest
ENV CARGO_HOME=/usr/local
ENV RUSTUP_HOME=/usr/local/rustup
COPY --from=build /usr/local/bin /usr/local/bin
RUN chmod +x /usr/local/bin/*
RUN apk update && apk --no-cache add git cosign bash curl libxml2 build-base gcc glibc-dev clang-21 llvm-21 make cmake ca-certificates uv xz
RUN curl --proto '=https' --tlsv1.3 -sSf https://sh.rustup.rs > rustup-init && \
chmod +x rustup-init \
&& ./rustup-init \
-y \
--profile minimal \
--no-modify-path \
--default-toolchain nightly \
&& rm rustup-init
# Add 'cargo fmt', 'cargo clippy', and llvm-tools
RUN rustup component add rustfmt clippy llvm-tools
# Set the working directory inside the container
WORKDIR /usr/src
# Copy any source file(s) required for the action
COPY scripts/entrypoint.sh .
# Copy dprint config
COPY config/dprint.json .
# Mark GitHub workspace as safe for all future runs
RUN git config --system --add safe.directory /github/workspace
# Configure the container to be run as an executable
ENTRYPOINT ["/usr/src/entrypoint.sh"]