forked from fabric8-analytics/fabric8-analytics-worker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
115 lines (91 loc) · 4.26 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
FROM registry.centos.org/centos/centos:7
MAINTAINER Pavel Odvody <[email protected]>, or Tomas Tomecek <[email protected]>, or Jiri Popelka <[email protected]>
ENV LANG=en_US.UTF-8 \
BLACKDUCK_PATH='/opt/blackduck/' \
JAVANCSS_PATH='/opt/javancss/' \
OWASP_DEP_CHECK_PATH='/opt/dependency-check/' \
# place where to download & unpack artifacts
WORKER_DATA_DIR='/var/lib/cucos-lib/worker_data' \
# home directory
HOME='/workdir' \
# place for alembic migrations
ALEMBIC_DIR='/alembic'
CMD ["/usr/bin/workers.sh"]
# Cache friendly dependency specifications:
# - deps are listed in text files or scripts inside the lib/ dir
# - individual files are copied in during image build
# - changes in minimum and/or pinned versions will invalidate the cache
RUN mkdir -p /tmp/install_deps
# https://copr.fedorainfracloud.org/coprs/jpopelka/license-check/
# https://copr.fedorainfracloud.org/coprs/jpopelka/mercator/
# https://copr.fedorainfracloud.org/coprs/jpopelka/python-brewutils/
COPY hack/_copr_jpopelka-license-check.repo hack/_copr_jpopelka-mercator.repo hack/_copr_jpopelka-python-brewutils.repo /etc/yum.repos.d/
# Install RPM dependencies
COPY hack/install_deps_rpm.sh /tmp/install_deps/
RUN yum install -y epel-release && \
yum install -y python34-pip openssl ruby-devel libicu-devel gcc-c++ cmake postgresql && \
/tmp/install_deps/install_deps_rpm.sh && \
yum clean all
# Install binwalk, the pip package is broken, following docs from github.com/devttys0/binwalk
RUN mkdir /tmp/binwalk/ && \
curl -L https://github.com/devttys0/binwalk/archive/v2.1.1.tar.gz | tar xz -C /tmp/binwalk/ --strip-components 1 && \
python /tmp/binwalk/setup.py install && \
rm -rf /tmp/binwalk/
# Install non-Mercator python native deps
COPY hack/pip-requirements.txt /tmp/install_deps/
# Fixes: http://stackoverflow.com/questions/14296531
RUN pip3 install --upgrade pip && pip install --upgrade wheel && \
pip3 install -r /tmp/install_deps/pip-requirements.txt && \
pip3 install alembic psycopg2
# Install github-linguist rubygem
RUN gem install --no-document github-linguist -v 5.0.2
# Install javascript deps
COPY hack/install_deps_npm.sh /tmp/install_deps/
RUN /tmp/install_deps/install_deps_npm.sh
# Install BlackDuck CLI
COPY hack/install_bd.sh /tmp/install_deps/
RUN /tmp/install_deps/install_bd.sh
# Install JavaNCSS for code metrics
COPY hack/install_javancss.sh /tmp/install_deps/
RUN /tmp/install_deps/install_javancss.sh
# Install OWASP dependency-check cli for security scan of jar files
COPY hack/install_owasp_dependency-check.sh /tmp/install_deps/
RUN /tmp/install_deps/install_owasp_dependency-check.sh
# Install dependencies required in both Python 2 and 3 versions
COPY ./hack/py23requirements.txt /tmp/install_deps/
RUN pip2 install -r /tmp/install_deps/py23requirements.txt
RUN pip3 install -r /tmp/install_deps/py23requirements.txt
# Import RH CA cert
COPY hack/import_RH_CA_cert.sh /tmp/install_deps/
RUN /tmp/install_deps/import_RH_CA_cert.sh
# Import BlackDuck Hub CA cert
COPY hack/import_BD_CA_cert.sh /tmp/install_deps/
RUN /tmp/install_deps/import_BD_CA_cert.sh
# Make sure random user has place to store files
RUN mkdir -p ${HOME} ${WORKER_DATA_DIR} ${ALEMBIC_DIR}/alembic/ && \
chmod 777 ${HOME} ${WORKER_DATA_DIR}
WORKDIR ${HOME}
# You don't want to repeat all the above when changing something in repo
# while it's okay to rerun this \/
RUN mkdir -p /tmp/cucoslib
COPY requirements.txt /tmp/cucoslib
RUN cd /tmp/cucoslib && \
pip3 install -r requirements.txt
COPY alembic.ini hack/run-db-migrations.sh ${ALEMBIC_DIR}/
COPY alembic/ ${ALEMBIC_DIR}/alembic
# Install cucoslib
COPY ./ /tmp/cucoslib
RUN cd /tmp/cucoslib && pip3 install .
# Make sure there are no root-owned files and directories in the home directory,
# as this directory can be used by non-root user at runtime.
RUN find ${HOME} -mindepth 1 -delete
# A temporary hack to keep Selinon up2date
COPY hack/update_selinon.sh /tmp/
RUN sh /tmp/update_selinon.sh
# Not-yet-upstream-released patches
RUN mkdir -p /tmp/install_deps/patches/
COPY hack/patches/* /tmp/install_deps/patches/
COPY hack/patches/* /tmp/install_deps/patches/
COPY hack/apply_patches.sh /tmp/install_deps/
# Apply patches here to be able to patch selinon as well
RUN /tmp/install_deps/apply_patches.sh