forked from vulnerability-lookup/vulnerability-lookup
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
84 lines (66 loc) · 2.6 KB
/
Dockerfile
File metadata and controls
84 lines (66 loc) · 2.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
FROM debian AS builder
WORKDIR /build
RUN apt-get update && apt-get -y upgrade
RUN apt install -y pipx git make gcc g++ make cmake autoconf automake libtool python3 libssl-dev wget
RUN pipx install poetry && env
ENV PATH=/root/.local/bin:$PATH
# this was build on a ARM machine, change to AMD if on Intel
RUN wget https://dl.google.com/go/go1.22.2.linux-arm64.tar.gz
RUN tar -C /usr/local -xzf go1.22.2.linux-arm64.tar.gz
ENV PATH=/usr/local/go/bin:$PATH
RUN git clone https://github.com/csaf-poc/csaf_distribution.git
RUN cd csaf_distribution ; make build_linux
FROM debian
RUN apt-get update && apt-get -y upgrade
RUN apt install -y pipx git make gcc g++ make cmake autoconf automake libtool python3 libssl-dev wget
RUN pipx install poetry && env
ENV PATH=/root/.local/bin:$PATH
ARG APP_DIR=/main/app
ARG STORAGE_HOSTNAME
ARG STORAGE_PORT
ARG CSAF_PATH
ARG INSTANCE_NAME
ARG INSTANCE_UUID
ARG POSTGRES_HOSTNAME
ARG POSTGRES_DATABASE
ARG POSTGRES_PASSWORD
WORKDIR $CSAF_PATH
COPY --from=builder /build/csaf_distribution/bin-linux-amd64/ ./
WORKDIR ${APP_DIR}
# Install Vulnerability Lookup
COPY bin ./bin/
COPY cache ./cache/
COPY config ./config/
COPY etc ./etc/
COPY storage ./storage/
COPY tests ./tests/
COPY tools ./tools/
COPY vulnerabilitylookup ./vulnerabilitylookup/
COPY website ./website/
COPY mypy.ini poetry.lock pyproject.toml README.md ./
RUN mkdir -p ./logs
RUN poetry install
RUN echo VULNERABILITYLOOKUP_HOME="${APP_DIR}" >> .env
COPY .git ./.git/
COPY .gitignore .gitmodules ./
COPY .github ./github/
COPY run.sh /
RUN chmod +x /run.sh
WORKDIR ${APP_DIR}/config
RUN mv ./generic.json.sample ./generic.json
RUN mv ./logging.json.sample ./logging.json
RUN mv ./modules.cfg.sample ./modules.cfg
RUN mv ./stream.json.sample ./stream.json
RUN mv ./website.py.sample ./website.py
RUN sed -i 's@\("storage_db_hostname": *"\)[^"]*@\1'"$STORAGE_HOSTNAME"'@' generic.json
RUN sed -i 's@\("storage_db_port": *"\)[^"]*@\1'"$STORAGE_PORT"'@' generic.json
RUN sed -i 's@\("public_domain": *"\)[^"]*@\1'"127.0.0.1:10001"'@' generic.json
RUN sed -i 's@\("csaf_downloader_path": *"\)[^"]*@\1'"$CSAF_PATH/csaf_downloader"'@' generic.json
RUN sed -i 's@\("local_instance_name": *"\)[^"]*@\1'"$INSTANCE_NAME"'@' generic.json
RUN sed -i 's@\("local_instance_uuid": *"\)[^"]*@\1'"$INSTANCE_UUID"'@' generic.json
RUN sed -i "/\"host\": *\"127\.0\.0\.1\"/s/\"127\.0\.0\.1\"/\"${POSTGRES_HOSTNAME}\"/" website.py
RUN sed -i "/DATABASE_NAME = \"vulnlookup\"/s/\"vulnlookup\"/\"${POSTGRES_DATABASE}\"/" website.py
RUN sed -i "/\"password\": *\"password\"/s/\"password\",/\"${POSTGRES_PASSWORD}\",/" website.py
EXPOSE 10001
WORKDIR ${APP_DIR}
CMD /run.sh