docker-images/images/imagewrangler/Dockerfile

49 lines
2 KiB
Docker

ARG REPO_LOCATION
FROM ${REPO_LOCATION}minideb AS builder
RUN install_packages git curl openssh-client ca-certificates
RUN echo "deb [arch=armhf] http://download.docker.com/linux/debian buster stable" >/etc/apt/sources.list.d/docker.list
RUN curl -fsSL https://download.docker.com/linux/debian/gpg >/etc/apt/trusted.gpg.d/docker.asc
COPY imagewrangler_ed25519 /tmp/imagewrangler_ed25519
RUN ssh-keyscan -H git.starbeamrainbowlabs.com >/tmp/known_hosts
# Invalidate the cache to force Docker to pull the latest commit
ADD datetime.txt /tmp/datetime.txt
RUN GIT_SSH_COMMAND="ssh -i /tmp/imagewrangler_ed25519 -o PreferredAuthentications=publickey -o UserKnownHostsFile=/tmp/known_hosts" git clone git@git.starbeamrainbowlabs.com:sbrl/cluster-config.git /srv
WORKDIR /srv
RUN git submodule update --init
###############################################################################
FROM ${REPO_LOCATION}minideb
# Docker apt repo
COPY --from=builder /etc/apt/trusted.gpg.d/docker.asc /etc/apt/trusted.gpg.d/docker.asc
COPY --from=builder /etc/apt/sources.list.d/docker.list /etc/apt/sources.list.d/docker.list
# Everything from make onwards is needed for minideb
RUN install_packages curl jq docker-ce-cli ca-certificates fakeroot fakechroot git
# These will probably invalidate the cache, so we install the packages above first
COPY --from=builder /srv/lantern-build-engine /srv/lantern-build-engine
COPY --from=builder /srv/docker /srv/docker
COPY --from=builder /srv/scripts /srv/scripts
# Note that we chown here because COPY --chown is apparently unreliable :-(
RUN groupadd --gid 995 docker && \
useradd --no-create-home --system --uid 50 --groups docker imagewrangler && \
chown -R 50:995 /srv/docker && \
mkdir /mnt/data_dir
# We need the docker socket to enable us to start containers in order to check them
VOLUME /run/docker.sock
VOLUME /mnt/data_dir
# 995 = the docker group on docker.sock
USER imagewrangler:docker
WORKDIR /srv/scripts
ENTRYPOINT [ "/bin/bash", "./imagewrangler.sh", "check" ]