-
Notifications
You must be signed in to change notification settings - Fork 26
/
Dockerfile.debian
134 lines (95 loc) · 4.27 KB
/
Dockerfile.debian
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
FROM python:3.13.0-slim-bookworm@sha256:751d8bece269ba9e672b3f2226050e7e6fb3f3da3408b5dcb5d415a054fcb061 AS builder
SHELL ["/bin/bash", "-c"]
# Prevent Python from writing out pyc files
ENV PYTHONDONTWRITEBYTECODE=1
# Keep Python from buffering stdin/stdout
ENV PYTHONUNBUFFERED=1
# Disable any user interaction
ENV DEBIAN_FRONTEND=noninteractive
# Enable custom virtual environment
ENV VIRTUAL_ENV=/opt/venv
ENV PATH="$VIRTUAL_ENV/bin:$PATH"
# renovate: datasource=pypi depName=pip versioning=pep440
ARG PIP_VERSION="24.2"
# renovate: datasource=repology depName=debian_12/gcc versioning=loose
ARG GCC_VERSION="4:12.2.0-3"
# renovate: datasource=repology depName=debian_12/glibc versioning=loose
ARG GLIBC_VERSION="2.36-9+deb12u8"
# renovate: datasource=repology depName=debian_12/libffi versioning=loose
ARG LIBFFI_VERSION="3.4.4-1"
# renovate: datasource=repology depName=debian_12/rustc versioning=loose
ARG RUSTC_VERSION="1.63.0+dfsg1-2"
# renovate: datasource=repology depName=debian_12/cargo versioning=loose
ARG CARGO_VERSION="0.66.0+ds1-1"
# renovate: datasource=repology depName=debian_12/openssl versioning=loose
ARG OPENSSL_VERSION="3.0.14-1~deb12u2"
ARG ARMV7_DEPS=" \
gcc=${GCC_VERSION} \
libc6-dev=${GLIBC_VERSION} \
libffi-dev=${LIBFFI_VERSION} \
rustc=${RUSTC_VERSION} \
cargo=${CARGO_VERSION} \
libssl-dev=${OPENSSL_VERSION} \
"
# Install required packages
# hadolint ignore=DL3008
RUN apt-get update && \
if [ "$(getconf LONG_BIT)" -eq 32 ]; then apt-get install -y --no-install-recommends ${ARMV7_DEPS}; fi && \
rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
# Set the working directory
WORKDIR /app
# Add requirements file
COPY requirements.txt .
# Install requirements
RUN python3 -m venv "${VIRTUAL_ENV}" && \
pip install --no-cache-dir --upgrade pip=="${PIP_VERSION}" && \
pip install --no-cache-dir -r requirements.txt
FROM python:3.13.0-slim-bookworm@sha256:751d8bece269ba9e672b3f2226050e7e6fb3f3da3408b5dcb5d415a054fcb061 AS geckodriver
SHELL ["/bin/bash", "-c"]
# Disable any user interaction
ENV DEBIAN_FRONTEND=noninteractive
# renovate: datasource=repology depName=debian_12/curl versioning=loose
ARG CURL_VERSION="7.88.1-10+deb12u7"
# renovate: datasource=github-tags depName=mozilla/geckodriver
ARG GECKODRIVER_VERSION="v0.35.0"
# Install required packages
RUN apt-get update && \
apt-get install -y --no-install-recommends curl="${CURL_VERSION}" && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
# Download geckodriver
RUN set -x && \
if [ "$(uname --m)" == "x86_64" ]; then ARCH="linux64"; elif [ "$(uname --m)" == "aarch64" ]; then ARCH="linux-aarch64"; else ARCH="linux32"; fi && \
curl -sSL -O https://github.com/mozilla/geckodriver/releases/download/"${GECKODRIVER_VERSION}"/geckodriver-"${GECKODRIVER_VERSION}"-"${ARCH}".tar.gz && \
tar zxf geckodriver-"${GECKODRIVER_VERSION}"-"${ARCH}".tar.gz
FROM python:3.13.0-slim-bookworm@sha256:751d8bece269ba9e672b3f2226050e7e6fb3f3da3408b5dcb5d415a054fcb061
# Disable any user interaction
ENV DEBIAN_FRONTEND=noninteractive
# renovate: datasource=pypi depName=pip versioning=pep440
ARG PIP_VERSION="24.2"
# renovate: datasource=repology depName=debian_12/firefox-esr versioning=loose
ARG FIREFOX_VERSION="128.3.1esr-1~deb12u1"
# Install required packages
RUN apt-get update && \
apt-get install -y --no-install-recommends firefox-esr="${FIREFOX_VERSION}" && \
apt-get autoremove -y && \
apt-get clean && \
rm -rf /tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/* /var/tmp/* /usr/share/doc /usr/share/man
# Fix vulnerabilities reported by Trivy
RUN /usr/local/bin/pip install --upgrade pip=="${PIP_VERSION}" && \
apt-get update && \
apt-get upgrade -y libgnutls30 perl-base libexpat1 && \
apt-get clean && \
rm -rf /tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/* /var/tmp/*
# Enable custom virtual environment
ENV VIRTUAL_ENV=/opt/venv
ENV PATH="$VIRTUAL_ENV/bin:$PATH"
# Copy dependencies from previous stage
COPY --from=builder $VIRTUAL_ENV $VIRTUAL_ENV
# Copy geckodriver from previous stage
COPY --from=geckodriver --chmod=755 /geckodriver /usr/local/bin/geckodriver
# Set the working directory
WORKDIR /app
# Copy and set the entrypoint bash script
COPY renew.py .
ENTRYPOINT ["python3", "renew.py"]