-
Notifications
You must be signed in to change notification settings - Fork 285
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Container pfsetacls separate build from production
- Loading branch information
Showing
1 changed file
with
50 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,31 +1,19 @@ | ||
ARG NODE_VERSION=16 | ||
ARG ALPINE_VERSION=3.17.2 | ||
|
||
FROM node:${NODE_VERSION}-alpine AS node | ||
|
||
FROM golang:1.23.2-alpine3.20 | ||
|
||
COPY --from=node /usr/lib /usr/lib | ||
COPY --from=node /usr/local/lib /usr/local/lib | ||
COPY --from=node /usr/local/include /usr/local/include | ||
COPY --from=node /usr/local/bin /usr/local/bin | ||
|
||
RUN node -v && \ | ||
npm install -g yarn --force && \ | ||
yarn -v | ||
FROM golang:1.23.1-bookworm AS build | ||
|
||
ENV SEMAPHORE_VERSION="development" SEMAPHORE_ARCH="linux_amd64" \ | ||
SEMAPHORE_CONFIG_PATH="${SEMAPHORE_CONFIG_PATH:-/etc/semaphore}" \ | ||
APP_ROOT="/go/src/github.com/ansible-semaphore/semaphore/" | ||
|
||
RUN apk -q update && \ | ||
apk -q add gcc g++ make git mariadb-client python3 py3-pip py-pip py3-openssl openssl ca-certificates curl-dev openssh-client tini nodejs bash rsync python3-dev libffi-dev py3-paramiko curl libssh-dev | ||
# hadolint ignore=DL3013 | ||
RUN curl -fsSL https://deb.nodesource.com/setup_16.x | bash - | ||
|
||
RUN apt update && apt install -y gcc g++ make git mariadb-client python3 pip python3-openssl openssl ca-certificates curl libcurl4-openssl-dev openssh-client tini nodejs bash rsync python3-dev libffi-dev python3-paramiko &&\ | ||
apt-get clean | ||
|
||
RUN VER=`python3 -c 'import sys; val=sys.version_info;print(str(val.major)+"."+str(val.minor))'` ; \ | ||
rm -rf /usr/lib/python$VER/EXTERNALLY-MANAGED && \ | ||
pip3 install --upgrade pip cffi &&\ | ||
pip3 install ansible && \ | ||
pip3 install ansible-pylibssh | ||
pip3 install ansible && pip3 install ansible-pylibssh | ||
|
||
RUN adduser --disabled-password -u 1002 --gecos 0 semaphore && \ | ||
mkdir -p /go/src/github.com/ansible-semaphore/semaphore && \ | ||
|
@@ -36,24 +24,58 @@ RUN adduser --disabled-password -u 1002 --gecos 0 semaphore && \ | |
chown -R semaphore:0 /tmp/semaphore && \ | ||
chown -R semaphore:0 /etc/semaphore && \ | ||
chown -R semaphore:0 /var/lib/semaphore && \ | ||
ssh-keygen -t rsa -q -f "/root/.ssh/id_rsa" -N "" && \ | ||
ssh-keygen -t rsa -q -f "/root/.ssh/id_rsa" -N "" && \ | ||
ssh-keyscan -H github.com > /root/.ssh/known_hosts | ||
|
||
RUN cd $(go env GOPATH) && \ | ||
curl -sL https://taskfile.dev/install.sh | sh -s -- "v3.33.0" && \ | ||
npm install --production -g [email protected] | ||
RUN cd $(go env GOPATH) && curl -sL https://taskfile.dev/install.sh | sh -s -- "v3.33.0" | ||
|
||
RUN npm install --omit=dev -g [email protected] | ||
|
||
RUN git config --global --add safe.directory /go/src/github.com/ansible-semaphore/semaphore | ||
|
||
# Copy in app source | ||
WORKDIR ${APP_ROOT} | ||
ARG SOURCE=https://github.com/ansible-semaphore/semaphore.git | ||
ARG RELEASE=v2.8.90 | ||
ARG source=https://github.com/ansible-semaphore/semaphore.git | ||
ARG release=v2.8.90 | ||
|
||
RUN git clone -qq --depth 1 --single-branch --branch ${release} ${source} ./ | ||
|
||
RUN deployment/docker/ci/bin/install | ||
|
||
# Prepapre the VM | ||
FROM debian:12 | ||
|
||
COPY --from=build /usr/lib /usr/lib | ||
COPY --from=build /usr/local/lib /usr/local/lib | ||
COPY --from=build /usr/local/include /usr/local/include | ||
COPY --from=build /usr/local/bin /usr/local/bin | ||
COPY --from=build /var/lib/semaphore /var/lib/semaphore | ||
COPY --from=build /go/src/github.com/ansible-semaphore/semaphore/bin/semaphore /usr/local/bin/semaphore/bin/semaphore | ||
COPY --from=build /go/src/github.com/ansible-semaphore/semaphore/LICENSE /usr/local/bin/semaphore/LICENSE | ||
|
||
RUN apt -q update && \ | ||
apt -q -y install curl && \ | ||
curl -fsSL https://deb.nodesource.com/setup_16.x | bash - | ||
|
||
RUN git clone -qq --depth 1 --single-branch --branch ${RELEASE} ${SOURCE} ./ && \ | ||
deployment/docker/ci/bin/install | ||
RUN apt update && \ | ||
apt install -y -q --no-install-recommends git mariadb-client python3 pip python3-openssl openssl ca-certificates libcurl4-openssl-dev openssh-client tini nodejs bash rsync python3-dev libffi-dev python3-paramiko &&\ | ||
apt-get clean | ||
|
||
RUN VER=`python3 -c 'import sys; val=sys.version_info;print(str(val.major)+"."+str(val.minor))'` ; \ | ||
rm -rf /usr/lib/python$VER/EXTERNALLY-MANAGED && \ | ||
pip3 install --upgrade pip cffi &&\ | ||
pip3 install ansible && \ | ||
pip3 install ansible-pylibssh | ||
|
||
RUN adduser --disabled-password -u 1002 --gecos 0 semaphore && \ | ||
mkdir -p /tmp/semaphore && \ | ||
mkdir -p /etc/semaphore && \ | ||
chown -R semaphore:0 /tmp/semaphore && \ | ||
chown -R semaphore:0 /etc/semaphore && \ | ||
chown -R semaphore:0 /var/lib/semaphore && \ | ||
chown -R semaphore:0 /usr/local/bin/semaphore | ||
|
||
USER semaphore | ||
EXPOSE 3000 | ||
ENTRYPOINT ["/usr/local/bin/semaphore-wrapper"] | ||
CMD ["./bin/semaphore", "server", "--config", "/etc/semaphore/config.json"] | ||
CMD ["/usr/local/bin/semaphore/bin/semaphore", "server", "--config", "/etc/semaphore/config.json"] |