-
Notifications
You must be signed in to change notification settings - Fork 3
/
Dockerfile
134 lines (130 loc) · 4.38 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#
# Architecture-independent Docker image for container-based Solo5 CI nodes.
#
# "builder" stage
#
FROM debian:buster AS builder
#
# Installs surf-build from Git, version is set here:
ARG SURF_VERSION=2.0.0
#
# Install dependencies.
# "file" is required(?) by various npm scripts.
#
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -qq -y \
--no-install-recommends \
apt-transport-https \
build-essential \
ca-certificates \
curl \
file \
git \
gnupg \
&& apt-get clean
#
# Add NodeSource repository key and install Node.js.
#
RUN curl --silent https://deb.nodesource.com/gpgkey/nodesource.gpg.key \
| apt-key add - && \
echo "deb https://deb.nodesource.com/node_10.x buster main" \
| tee /etc/apt/sources.list.d/nodesource.list
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -qq -y \
--no-install-recommends \
nodejs \
&& apt-get clean
#
# Create a non-root user, otherwise npm somehow manages to succeed in building
# a package but does not actually compile the .ts files into it. What is this I
# don't even ...
#
RUN useradd -u 1000 -g users -d /home/build -m -s /bin/bash build
USER build
WORKDIR /home/build
#
# Clone surf-build, compile and pack into tarball.
# This particular part of the build must not run as root (see above) or be run
# with "-g" since both cases WILL cause failures with unhelpful error messages
# or none at all!
#
# Use --no-optional to prevent npm trying to install yet more useless
# dependencies and verbosely spewing pages of errors when it fails.
#
RUN git clone --depth=1 https://github.com/surf-build/surf
RUN cd surf && git checkout v${SURF_VERSION} && \
npm install --no-optional && npm pack && \
cp surf-build-${SURF_VERSION}.tgz /tmp/surf-build.tar.gz
#
# "ci" stage
#
FROM debian:buster AS ci
#
# Install dependencies.
#
# "iputils-ping" is needed to replace "inetutils-ping" due to
# https://github.com/debuerreotype/docker-debian-artifacts/issues/36
#
# "qemu-system-x86" is only used on x86_64 for the virtio tests.
#
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -qq -y \
--no-install-recommends \
apt-transport-https \
build-essential \
ca-certificates \
curl \
file \
git \
gnupg \
linux-libc-dev \
iputils-ping \
libseccomp-dev \
pkg-config \
$([ `uname -m` = x86_64 ] && echo qemu-system-x86) \
&& apt-get clean
#
# Install dumb-init for correct operation as container PID 1
#
# Build from source so that we don't have to care which architecture we're on.
#
RUN curl -L --silent https://github.com/Yelp/dumb-init/archive/v1.2.0.tar.gz -o /tmp/dumb-init.tar.gz \
&& tar -C /tmp -xzf /tmp/dumb-init.tar.gz \
&& make -C /tmp/dumb-init-1.2.0 \
&& cp /tmp/dumb-init-1.2.0/dumb-init /usr/bin \
&& rm -r /tmp/dumb-init-1.2.0 /tmp/dumb-init.tar.gz
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
#
# Add NodeSource repository key and install Node.js.
#
RUN curl --silent https://deb.nodesource.com/gpgkey/nodesource.gpg.key \
| apt-key add - && \
echo "deb https://deb.nodesource.com/node_10.x buster main" \
| tee /etc/apt/sources.list.d/nodesource.list
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -qq -y \
--no-install-recommends \
nodejs \
&& apt-get clean
#
# Install surf-build using the packaged tarball we built earlier.
#
# Use --no-optional to prevent npm trying to install yet more useless
# dependencies and verbosely spewing pages of errors when it fails.
# --unsafe-perm is needed to work around meaningless npm failure with "EACCES"
# when installing dugite.
#
COPY --from=builder /tmp/surf-build.tar.gz /tmp/surf-build.tar.gz
RUN npm install -g --unsafe-perm --no-optional /tmp/surf-build.tar.gz && rm -f /tmp/surf-build.tar.gz
# XXX Add LOCAL_GIT_DIRECTORY=/usr GIT_EXEC_PATH=/usr/lib/git-core to
# environment to force dugite to use system Git instead of a random binary from
# the Internet?
# Needed to get Git credentials passed through correctly when uploading the build log as a gist.
RUN ln -s /usr/lib/node_modules/surf-build/node_modules/.bin/git-askpass-env \
/usr/local/bin/git-askpass-env
#
# Run the builder.
#
# We don't set a specific CMD here; the driver script will run the appropriate
# surf-build command.
CMD ["/bin/bash"]