/
Dockerfile
106 lines (81 loc) · 2.76 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
FROM golang:1.13-alpine AS img
RUN apk add --no-cache \
bash \
build-base \
gcc \
git \
libseccomp-dev \
linux-headers \
make \
ca-certificates
RUN go get github.com/go-bindata/go-bindata/go-bindata
WORKDIR /
RUN git clone https://github.com/EcoMind/img.git -b v0.8.0
WORKDIR /img
RUN make static && mv img /usr/bin/img
FROM alpine:3.15.4 as curl
WORKDIR /
RUN apk add curl
FROM curl as yq-downloader
ARG OS=${TARGETOS:-linux}
ARG ARCH=${TARGETARCH:-amd64}
ARG YQ_VERSION="v4.25.1"
ARG YQ_BINARY="yq_${OS}_$ARCH"
RUN wget "https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/$YQ_BINARY" -O /usr/local/bin/yq && \
chmod +x /usr/local/bin/yq
FROM ubuntu:focal-20220426 as fuse-downloader
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
git ca-certificates \
&& update-ca-certificates && \
rm -rf /var/lib/apt/lists/*
WORKDIR /build
RUN git clone https://github.com/containers/fuse-overlayfs.git -b v1.8.2
FROM ubuntu:focal-20220426 as fuse-builder
WORKDIR /build
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
libc6-dev gcc g++ make automake autoconf clang pkgconf libfuse3-dev \
&& rm -rf /var/lib/apt/lists/*
COPY --from=fuse-downloader /build /build
RUN cd fuse-overlayfs && \
sh autogen.sh && \
LIBS="-ldl" LDFLAGS="-static" ./configure --prefix /usr && \
make
FROM ubuntu:focal-20220426
RUN apt-get update && \
apt-get install -y software-properties-common && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64 && \
rm -rf /var/lib/apt/lists/*
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
curl \
git \
jq \
xmlstarlet \
uidmap \
libseccomp-dev \
fuse3 \
&& \
rm -rf /var/lib/apt/lists/*
WORKDIR /app
COPY dep-bootstrap.sh .
RUN chmod +x ./dep-bootstrap.sh
ENV USER=jenkins
USER root
RUN useradd -u 1000 -s /bin/bash jenkins
RUN mkdir -p /home/jenkins
RUN chown 1000:1000 /home/jenkins
RUN export IMG_DISABLE_EMBEDDED_RUNC=1 \
&& chmod u-s /usr/bin/newuidmap /usr/bin/newgidmap \
&& echo "jenkins:100000:65536" > /etc/subgid \
&& echo "jenkins:100000:65536" > /etc/subuid \
&& setcap cap_setuid+ep /usr/bin/newuidmap \
&& setcap cap_setgid+ep /usr/bin/newgidmap \
&& mkdir -p /run/runc && chmod 777 /run/runc
ENV JENKINS_USER=jenkins
COPY --from=img --chown=1000:1000 /usr/bin/img /usr/bin/img
COPY --from=yq-downloader --chown=1000:1000 /usr/local/bin/yq /usr/local/bin/yq
COPY --from=fuse-builder --chown=1000:1000 /build/fuse-overlayfs/fuse-overlayfs /usr/bin/fuse-overlayfs
RUN ["ln", "-sf", "/usr/bin/img", "/usr/bin/docker"]
USER 1000
RUN ./dep-bootstrap.sh 0.5.1 install