Skip to content

Commit

Permalink
Add image containing python + vault (#628)
Browse files Browse the repository at this point in the history
  • Loading branch information
@PierreBesson
PierreBesson committed Jan 25, 2024
1 parent 20a6f3d commit b93cd35
Show file tree
Hide file tree
Showing 3 changed files with 83 additions and 1 deletion.
35 changes: 34 additions & 1 deletion .gitlab-ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -777,14 +777,47 @@ kubetools-kubectl:
- $BUILDAH_COMMAND push --format=v2s2 "$REGISTRY_PATH/$IMAGE_NAME:$KUBE_VERSION"
- buildah logout "$REGISTRY_NAME"

python:
<<: *docker_build
variables:
<<: *default-vars
PYTHON_VERSION: "3.12"
# https://releases.hashicorp.com/vault/
VAULT_VERSION: "1.15.4"
script:
- |
cat <<-EOT
|
| # build of python image
|
| VAULT_VERSION = $VAULT_VERSION
|
EOT
- $BUILDAH_COMMAND build
--format=docker
--build-arg VCS_REF="$CI_COMMIT_SHA"
--build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
--build-arg REGISTRY_PATH="$REGISTRY_PATH"
--build-arg VAULT_VERSION="$VAULT_VERSION"
--tag "$REGISTRY_PATH/$IMAGE_NAME:latest"
--tag "$REGISTRY_PATH/$IMAGE_NAME:$PYTHON_VERSION"
--file "dockerfiles/$IMAGE_NAME/Dockerfile" dockerfiles
# Push to Dockerhub
- echo "$Docker_Hub_Pass_Parity" |
buildah login --username "$Docker_Hub_User_Parity" --password-stdin "$REGISTRY_NAME"
- $BUILDAH_COMMAND info
- $BUILDAH_COMMAND push --format=v2s2 "$REGISTRY_PATH/$IMAGE_NAME:latest"
- $BUILDAH_COMMAND push --format=v2s2 "$REGISTRY_PATH/$IMAGE_NAME:$PYTHON_VERSION"
- buildah logout "$REGISTRY_NAME"

terraform:
<<: *docker_build
variables:
<<: *default-vars
# https://releases.hashicorp.com/terraform/
TERRAFORM_VERSION: "1.5.6"
# https://releases.hashicorp.com/vault/
VAULT_VERSION: "1.8.12"
VAULT_VERSION: "1.15.4"
script:
- |
cat <<-EOT
Expand Down
48 changes: 48 additions & 0 deletions dockerfiles/python/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
FROM docker.io/library/python:3.12

ARG VCS_REF=master
ARG BUILD_DATE=""
ARG REGISTRY_PATH=docker.io/paritytech
ARG VAULT_VERSION

# metadata
LABEL io.parity.image.authors="devops-team@parity.io" \
io.parity.image.vendor="Parity Technologies" \
io.parity.image.title="${REGISTRY_PATH}/python" \
io.parity.image.description="python; vault;" \
io.parity.image.source="https://github.com/paritytech/scripts/blob/${VCS_REF}/\
dockerfiles/terraform/Dockerfile" \
io.parity.image.documentation="https://github.com/paritytech/scripts/blob/${VCS_REF}/\
dockerfiles/terraform/README.md" \
io.parity.image.revision="${VCS_REF}" \
io.parity.image.created="${BUILD_DATE}"

RUN curl "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip" \
-o vault.zip; \
unzip vault.zip -d /usr/local/bin/ vault; \
rm vault.zip; \
chmod +x /usr/local/bin/vault

RUN apt-get update \
&& apt-get install -y --no-install-recommends \
docker.io jq \
&& rm -rf /var/lib/apt/lists/* \
&& rm -Rf /usr/share/doc && rm -Rf /usr/share/man \
&& apt-get clean

ARG WORKDIR=/work
RUN groupadd --gid 10001 nonroot && \
useradd --home-dir /home/nonroot \
--create-home \
--shell /bin/bash \
--gid nonroot \
--groups nonroot \
--uid 10000 nonroot
RUN chown -R nonroot. /home/nonroot
RUN mkdir ${WORKDIR}
RUN chown -R nonroot. ${WORKDIR}
USER 10000:10001
WORKDIR ${WORKDIR}

USER nonroot:nonroot
CMD ["/bin/bash"]
1 change: 1 addition & 0 deletions dockerfiles/python/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# Image containing Python + Vault

0 comments on commit b93cd35

Please sign in to comment.