forked from hyperledger/aries-cloudagent-python
/
Dockerfile
108 lines (89 loc) · 3.26 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
ARG python_version=3.9.18
FROM python:${python_version}-slim-bullseye AS build
WORKDIR /src
ADD . .
RUN pip install --no-cache-dir poetry
RUN poetry build
FROM python:${python_version}-slim-bullseye AS main
ARG uid=1001
ARG user=aries
ARG acapy_version
ARG acapy_reqs=[askar,bbs]
ENV HOME="/home/$user" \
APP_ROOT="$HOME" \
LC_ALL=C.UTF-8 \
LANG=C.UTF-8 \
PIP_NO_CACHE_DIR=off \
PYTHONUNBUFFERED=1 \
PYTHONIOENCODING=UTF-8 \
RUST_LOG=warn \
SHELL=/bin/bash \
SUMMARY="aries-cloudagent image" \
DESCRIPTION="aries-cloudagent provides a base image for running Hyperledger Aries agents in Docker. \
This image layers the python implementation of aries-cloudagent $acapy_version. Based on Debian Buster."
LABEL summary="$SUMMARY" \
description="$DESCRIPTION" \
io.k8s.description="$DESCRIPTION" \
io.k8s.display-name="aries-cloudagent $acapy_version" \
name="aries-cloudagent" \
acapy.version="$acapy_version" \
maintainer=""
# Add aries user
RUN useradd -U -ms /bin/bash -u $uid $user
# Install environment
RUN apt-get update -y && \
apt-get install -y --no-install-recommends \
apt-transport-https \
ca-certificates \
build-essential \
bzip2 \
curl \
git \
less \
libffi-dev \
libgmp10 \
liblzma5 \
libncurses5 \
libncursesw5 \
libsecp256k1-0 \
libzmq5 \
net-tools \
openssl \
sqlite3 \
zlib1g && \
rm -rf /var/lib/apt/lists/* /usr/share/doc/*
WORKDIR $HOME
# Add local binaries and aliases to path
ENV PATH="$HOME/.local/bin:$PATH"
# - In order to drop the root user, we have to make some directories writable
# to the root group as OpenShift default security model is to run the container
# under random UID.
RUN usermod -a -G 0 $user
# Create standard directories to allow volume mounting and set permissions
# Note: PIP_NO_CACHE_DIR environment variable should be cleared to allow caching
RUN mkdir -p \
$HOME/.aries_cloudagent \
$HOME/.cache/pip/http \
$HOME/.indy_client \
$HOME/ledger/sandbox/data \
$HOME/log
# The root group needs access the directories under $HOME/.indy_client and $HOME/.aries_cloudagent for the container to function in OpenShift.
RUN chown -R $user:root $HOME/.indy_client $HOME/.aries_cloudagent && \
chmod -R ug+rw $HOME/log $HOME/ledger $HOME/.aries_cloudagent $HOME/.cache $HOME/.indy_client
# Create /home/indy and symlink .indy_client folder for backwards compatibility with artifacts created on older indy-based images.
RUN mkdir -p /home/indy
RUN ln -s /home/aries/.indy_client /home/indy/.indy_client
# Install ACA-py from the wheel as $user,
# and ensure the permissions on the python 'site-packages' and $HOME/.local folders are set correctly.
USER $user
COPY --from=build /src/dist/aries_cloudagent*.whl .
RUN aries_cloudagent_package=$(find ./ -name "aries_cloudagent*.whl" | head -n 1) && \
echo "Installing ${aries_cloudagent_package} ..." && \
pip install --no-cache-dir --find-links=. ${aries_cloudagent_package}${acapy_reqs} && \
rm aries_cloudagent*.whl && \
chmod +rx $(python -m site --user-site) $HOME/.local
# Clean-up unneccessary build dependencies and reduce final image size
USER root
RUN apt-get purge -y --auto-remove build-essential
USER $user
ENTRYPOINT ["aca-py"]