-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathDockerfile
More file actions
91 lines (72 loc) · 2.99 KB
/
Dockerfile
File metadata and controls
91 lines (72 loc) · 2.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
FROM quay.io/podman/stable:v5
EXPOSE 5000
ENV USERNAME="podman"
ENV HOME_DIR="/home/$USERNAME"
ENV BIN_DIR="$HOME_DIR/.local/bin"
ENV PATH="$PATH:$BIN_DIR:$HOME_DIR/.npm-global/bin" \
DATA_DIR="$HOME_DIR/data" \
APP_DIR="$HOME_DIR/github-webhook-server"
RUN systemd-machine-id-setup
RUN dnf --nodocs --setopt=install_weak_deps=False --disable-repo=fedora-cisco-openh264 -y install dnf-plugins-core \
&& dnf --nodocs --setopt=install_weak_deps=False --disable-repo=fedora-cisco-openh264 -y update \
&& dnf --nodocs --setopt=install_weak_deps=False --disable-repo=fedora-cisco-openh264 -y install \
git \
unzip \
gcc \
python3-devel \
python3.10-devel \
python3.11-devel \
python3.12-devel \
python3.13-devel \
clang \
cargo \
libcurl-devel \
libxml2-devel \
nodejs \
npm \
which \
tini \
libffi-devel \
&& dnf clean all \
&& rm -rf /var/cache /var/log/dnf* /var/log/yum.* /var/lib/dnf /var/log/dnf.* /var/log/hawkey.log
RUN mkdir -p $BIN_DIR \
&& mkdir -p $APP_DIR \
&& mkdir -p $DATA_DIR \
&& mkdir -p $DATA_DIR/logs
RUN usermod --add-subuids 100000-165535 --add-subgids 100000-165535 $USERNAME \
&& chown -R $USERNAME:$USERNAME $HOME_DIR
USER $USERNAME
WORKDIR $HOME_DIR
ENV UV_PYTHON=python3.13 \
UV_COMPILE_BYTECODE=1 \
UV_NO_SYNC=1 \
UV_CACHE_DIR=${APP_DIR}/.cache \
PYTHONUNBUFFERED=1
COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx ${BIN_DIR}/
RUN uv tool install pre-commit && uv tool install poetry && uv tool install prek && uv tool install tox
# Install AI CLI tools
# Claude Code CLI (installs to ~/.local/bin)
RUN /bin/bash -o pipefail -c "curl -fsSL https://claude.ai/install.sh | bash"
# Cursor Agent CLI (installs to ~/.local/bin)
RUN /bin/bash -o pipefail -c "curl -fsSL https://cursor.com/install | bash"
# Gemini CLI (npm global install)
RUN mkdir -p $HOME_DIR/.npm-global \
&& npm config set prefix "$HOME_DIR/.npm-global" \
&& npm install -g @google/gemini-cli
RUN set -ex \
&& curl --fail -vL https://mirror.openshift.com/pub/openshift-v4/clients/rosa/latest/rosa-linux.tar.gz | tar -C $BIN_DIR -xzvf - rosa \
&& chmod +x $BIN_DIR/rosa \
&& curl --fail -vL https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 -o $BIN_DIR/regctl \
&& chmod +x $BIN_DIR/regctl \
&& curl --fail -vL https://github.com/mislav/hub/releases/download/v2.14.2/hub-linux-amd64-2.14.2.tgz | tar --wildcards --strip-components=2 -C $BIN_DIR -xzvf - '*/bin/hub' \
&& chmod +x $BIN_DIR/hub
# Copy dependency manifests first for uv sync cache stability
COPY --chown=$USERNAME:$USERNAME pyproject.toml uv.lock README.md $APP_DIR/
WORKDIR $APP_DIR
RUN uv sync
# Copy application code after dependency install
COPY --chown=$USERNAME:$USERNAME entrypoint.py $APP_DIR/
COPY --chown=$USERNAME:$USERNAME webhook_server $APP_DIR/webhook_server/
COPY --chown=$USERNAME:$USERNAME scripts $APP_DIR/scripts/
HEALTHCHECK CMD curl --fail http://127.0.0.1:5000/webhook_server/healthcheck || exit 1
ENTRYPOINT ["tini", "--", "uv", "run", "entrypoint.py"]