-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
rebuilt based on latest buildah quay image
- Loading branch information
1 parent
7ad4045
commit 5a00423
Showing
1 changed file
with
5 additions
and
65 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,86 +1,26 @@ | ||
FROM alpine:3.18.2 as curl | ||
|
||
WORKDIR / | ||
|
||
RUN apk add curl | ||
|
||
FROM curl as yq-downloader | ||
FROM quay.io/buildah/stable:v1.30.0 | ||
|
||
ARG OS=${TARGETOS:-linux} | ||
ARG ARCH=${TARGETARCH:-amd64} | ||
ARG YQ_VERSION="v4.6.0" | ||
ARG YQ_BINARY="yq_${OS}_$ARCH" | ||
RUN wget "https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/$YQ_BINARY" -O /usr/local/bin/yq && \ | ||
RUN curl -L "https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/$YQ_BINARY" -o /usr/local/bin/yq && \ | ||
chmod +x /usr/local/bin/yq | ||
|
||
FROM ubuntu:focal-20220426 as fuse-downloader | ||
|
||
RUN apt-get update && \ | ||
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ | ||
git ca-certificates \ | ||
&& update-ca-certificates && \ | ||
rm -rf /var/lib/apt/lists/* | ||
|
||
WORKDIR /build | ||
RUN git clone https://github.com/containers/fuse-overlayfs.git -b v1.12 | ||
|
||
FROM ubuntu:focal-20220426 as fuse-builder | ||
WORKDIR /build | ||
RUN apt-get update && \ | ||
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ | ||
libc6-dev gcc g++ make automake autoconf clang pkgconf libfuse3-dev \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
COPY --from=fuse-downloader /build /build | ||
RUN cd fuse-overlayfs && \ | ||
sh autogen.sh && \ | ||
LIBS="-ldl" LDFLAGS="-static" ./configure --prefix /usr && \ | ||
make | ||
|
||
FROM ubuntu:kinetic-20230605 | ||
|
||
RUN apt-get update && \ | ||
apt-get install -y software-properties-common && \ | ||
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64 && \ | ||
rm -rf /var/lib/apt/lists/* | ||
|
||
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ | ||
curl \ | ||
git \ | ||
jq \ | ||
uidmap \ | ||
shellcheck \ | ||
libseccomp-dev \ | ||
xmlstarlet \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
WORKDIR /app | ||
|
||
COPY dep-bootstrap.sh . | ||
RUN chmod +x ./dep-bootstrap.sh | ||
|
||
ENV USER=jenkins | ||
ENV USER=1000 | ||
USER root | ||
RUN useradd -u 1000 -s /bin/bash jenkins | ||
RUN mkdir -p /home/jenkins | ||
RUN chown 1000:1000 /home/jenkins | ||
RUN export IMG_DISABLE_EMBEDDED_RUNC=1 \ | ||
&& chmod u-s /usr/bin/newuidmap /usr/bin/newgidmap \ | ||
&& echo "jenkins:100000:65536" > /etc/subgid \ | ||
&& echo "jenkins:100000:65536" > /etc/subuid \ | ||
&& setcap cap_setuid+ep /usr/bin/newuidmap \ | ||
&& setcap cap_setgid+ep /usr/bin/newgidmap \ | ||
&& mkdir -p /run/runc && chmod 777 /run/runc | ||
RUN yum install -y git && chown 1000 -R /app | ||
|
||
ENV JENKINS_USER=jenkins | ||
ENV JENKINS_USER=1000 | ||
|
||
RUN mkdir -p /etc/containers/ | ||
COPY default-policy.json /etc/containers/policy.json | ||
|
||
COPY --from=yq-downloader --chown=1000:1000 /usr/local/bin/yq /usr/local/bin/yq | ||
COPY --from=fuse-builder --chown=1000:1000 /build/fuse-overlayfs/fuse-overlayfs /usr/bin/fuse-overlayfs | ||
COPY --from=buildah/buildah:959e6da7f52b27f8d7a6e39c884f700bce7ab5cb --chown=1000:1000 /usr/local/bin /usr/local/bin | ||
|
||
USER 1000 | ||
|
||
RUN ./dep-bootstrap.sh 0.5.5 install |