/
Dockerfile
128 lines (106 loc) · 5.03 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
#
# Copyright (c) 2018-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
# IBM Corporation - implementation
#
# Builder: check meta.yamls and create index.json
# https://access.redhat.com/containers/?tab=tags#/registry.access.redhat.com/ubi8/python-38
FROM registry.access.redhat.com/ubi8/python-38:1-63.1626843762 as builder
USER 0
#################
# PHASE ONE: create ubi8 image with yq
#################
ARG BOOTSTRAP=false
ENV BOOTSTRAP=${BOOTSTRAP}
# to get all the python deps pre-fetched so we can build in Brew:
# 1. extract files in the container to your local filesystem
# find v3 -type f -exec dos2unix {} \;
# NOTE: used to be in /root/.local but now can be found in /opt/app-root/src/.local
# CONTAINERNAME=devfileregistryoffline && \
# docker build -t ${CONTAINERNAME} . --no-cache --target builder \
# --build-arg BOOTSTRAP=true -f build/dockerfiles/Dockerfile
# mkdir -p /tmp/root-local/ && docker run --rm -v \
# /tmp/root-local/:/tmp/root-local/ ${CONTAINERNAME} /bin/bash \
# -c 'cd /opt/app-root/src/.local/ && cp -r bin/ lib/ /tmp/root-local/'
# pushd /tmp/root-local >/dev/null && sudo tar czf root-local.tgz lib/ bin/ && popd >/dev/null && mv -f /tmp/root-local/root-local.tgz . && sudo rm -fr /tmp/root-local/
# 2. then add it to dist-git so it's part of this repo
# rhpkg new-sources root-local.tgz
# built in Brew, use tarball in lookaside cache; built locally, comment this out
# COPY root-local.tgz /tmp/root-local.tgz
# NOTE: uncomment for local build. Must also set full registry path in FROM to registry.redhat.io or registry.access.redhat.com
# enable rhel 7 or 8 content sets (from Brew) to resolve jq as rpm
COPY ./build/dockerfiles/content_set*.repo /etc/yum.repos.d/
COPY ./build/dockerfiles/rhel.install.sh /tmp
RUN /tmp/rhel.install.sh && rm -f /tmp/rhel.install.sh
COPY ./build/scripts ./arbitrary-users-patch/base_images /build/
COPY ./devfiles /build/devfiles
WORKDIR /build/
# Registry, organization, and tag to use for base images in dockerfiles. Devfiles
# will be rewritten during build to use these values for base images.
ARG PATCHED_IMAGES_REG="quay.io"
ARG PATCHED_IMAGES_ORG="eclipse"
ARG PATCHED_IMAGES_TAG="next"
RUN TAG=${PATCHED_IMAGES_TAG} \
ORGANIZATION=${PATCHED_IMAGES_ORG} \
REGISTRY=${PATCHED_IMAGES_REG} \
./update_devfile_patched_image_tags.sh
RUN ./check_mandatory_fields.sh devfiles
RUN ./swap_images.sh devfiles
RUN ./index.sh > /build/devfiles/index.json
RUN ./list_referenced_images.sh devfiles > /build/devfiles/external_images.txt
RUN chmod -R g+rwX /build/devfiles
#################
# PHASE TWO: configure registry image
#################
# Build registry, copying meta.yamls and index.json from builder
# https://access.redhat.com/containers/?tab=tags#/registry.access.redhat.com/ubi8/httpd-24
FROM registry.access.redhat.com/ubi8/httpd-24:1-143.1626836617 AS registry
USER 0
# latest httpd container doesn't include ssl cert, so generate one
RUN chmod +x /usr/share/container-scripts/httpd/pre-init/40-ssl-certs.sh && \
/usr/share/container-scripts/httpd/pre-init/40-ssl-certs.sh
RUN \
yum -y -q update && \
yum -y -q clean all && rm -rf /var/cache/yum && \
echo "Installed Packages" && rpm -qa | sort -V && echo "End Of Installed Packages"
RUN echo "<FilesMatch "\""^\\.ht"\"">" >> /etc/httpd/conf/httpd.conf && \
echo "Require all denied" >> /etc/httpd/conf/httpd.conf && \
echo "</FilesMatch>" >> /etc/httpd/conf/httpd.conf
RUN sed -i /etc/httpd/conf.d/ssl.conf \
-e "s,SSLProtocol all -SSLv2,SSLProtocol all -SSLv3," \
-e "s,SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5,SSLCipherSuite HIGH:!aNULL:!MD5,"
RUN sed -i /etc/httpd/conf/httpd.conf \
-e "s,Listen 80,Listen 8080," \
-e "s,logs/error_log,/dev/stderr," \
-e "s,logs/access_log,/dev/stdout," \
-e "s,AllowOverride None,AllowOverride All," && \
chmod a+rwX /etc/httpd/conf /run/httpd /etc/httpd/logs/
STOPSIGNAL SIGWINCH
ARG CRW_BRANCH=crw-2-rhel-8
ENV CRW_BRANCH=${CRW_BRANCH}
WORKDIR /var/www/html
RUN mkdir -m 777 /var/www/html/devfiles
COPY README.md .htaccess /var/www/html/
COPY --from=builder /build/devfiles /var/www/html/devfiles
COPY ./images /var/www/html/images
COPY ./build/dockerfiles/rhel.entrypoint.sh ./build/dockerfiles/entrypoint.sh /usr/local/bin/
RUN chmod g+rwX /usr/local/bin/entrypoint.sh /usr/local/bin/rhel.entrypoint.sh && \
chgrp -R 0 /var/www/html && chmod -R g+rw /var/www/html
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD ["/usr/local/bin/rhel.entrypoint.sh"]
# Offline build
FROM builder AS offline-builder
RUN ./cache_projects.sh devfiles resources && \
./cache_images.sh devfiles resources && \
chmod -R g+rwX /build
FROM registry AS offline-registry
COPY --from=offline-builder /build/devfiles /var/www/html/devfiles
COPY --from=offline-builder /build/resources /var/www/html/resources
# append Brew metadata here