docker-buildkite/Dockerfile at main · outstand/docker-buildkite · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
FROM buildkite/agent:3.43.1-ubuntu as agent
FROM outstand/tini as tini
FROM outstand/su-exec as su-exec

FROM buildpack-deps:bullseye
LABEL maintainer="Ryan Schlesinger <ryan@outstand.com>"

SHELL ["/bin/bash", "-o", "pipefail", "-c"]
ENV DEBIAN_FRONTEND=noninteractive

COPY --from=tini /sbin/tini /sbin/
COPY --from=su-exec /sbin/su-exec /sbin/

# COPIED FROM ruby:2.5.1-alpine3.7
# install things globally, for great justice
# and don't create ".bundle" in all our apps
ENV GEM_HOME /usr/local/bundle
ENV BUNDLE_PATH="$GEM_HOME" \
	BUNDLE_SILENCE_ROOT_WARNING=1 \
	BUNDLE_APP_CONFIG="$GEM_HOME"
# path recommendation: https://github.com/bundler/bundler/pull/6469#issuecomment-383235438
ENV PATH $GEM_HOME/bin:$BUNDLE_PATH/gems/bin:$PATH
# adjust permissions of a few directories for running "gem install" as an arbitrary user
RUN mkdir -p "$GEM_HOME" && chmod 777 "$GEM_HOME"
# (BUNDLE_PATH = GEM_HOME, no need to mkdir/chown both)

RUN set -eux; \
      \
      groupadd -g 1000 --system ci; \
      useradd -u 1000 -g ci -ms /bin/bash --system ci; \
      groupadd -g 900 docker; \
      usermod -a -G docker ci; \
      apt-get update -y; \
      apt-get install -y --no-install-recommends \
        zsh \
        jq \
        ruby \
        ruby-bundler \
        rustc \
        cargo \
        apt-transport-https \
        gnupg-agent \
        software-properties-common \
        perl \
        openssh-client \
        rsync \
        less \
        zstd \
      ; \
      \
      apt-get clean; \
      rm -f /var/lib/apt/lists/*_*/; \
      \
      curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -; \
      add-apt-repository \
        "deb [arch=amd64] https://download.docker.com/linux/debian \
        $(lsb_release -cs) \
        stable"; \
      apt-get update -y; \
      apt-get install -y --no-install-recommends \
        docker-ce \
        docker-ce-cli \
        containerd.io \
      ; \
      \
      apt-get clean; \
      rm -f /var/lib/apt/lists/*_*

# This is the last known-good version of compose.
ENV DOCKER_COMPOSE_VERSION 2.2.3
ENV COMPOSE_SWITCH_VERSION 1.0.4

RUN set -eux; \
      \
      mkdir -p /usr/local/lib/docker/cli-plugins; \
      curl -L "https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-linux-x86_64" -o /usr/local/lib/docker/cli-plugins/docker-compose; \
      chmod +x /usr/local/lib/docker/cli-plugins/docker-compose; \
      curl -fL https://github.com/docker/compose-switch/releases/download/v${COMPOSE_SWITCH_VERSION}/docker-compose-linux-amd64 -o /usr/local/bin/compose-switch; \
      chmod +x /usr/local/bin/compose-switch; \
      update-alternatives --install /usr/local/bin/docker-compose docker-compose /usr/local/bin/compose-switch 99

RUN set -eux; \
      \
      echo 'source /etc/profile' > /home/ci/.bashrc; \
      echo 'source /etc/profile' > /home/ci/.bash_profile; \
      echo 'source /etc/profile' > /root/.bashrc; \
      echo 'source /etc/profile' > /root/.bash_profile; \
      echo 'export FIXUID=$(id -u) \n\
            export FIXGID=$(id -g)' > /etc/profile.d/fixuid.sh; \
      chown ci:ci /srv

ENV GIT_LFS_VERSION 3.2.0
ENV GIT_LFS_HASH d6730b8036d9d99f872752489a331995930fec17b61c87c7af1945c65a482a50
RUN set -eux; \
      \
      mkdir -p /tmp/build; \
	    cd /tmp/build; \
      \
      curl -sSL -o git-lfs.tgz https://github.com/git-lfs/git-lfs/releases/download/v${GIT_LFS_VERSION}/git-lfs-linux-amd64-v${GIT_LFS_VERSION}.tar.gz; \
      echo "${GIT_LFS_HASH}  git-lfs.tgz" | sha256sum -c -; \
      tar -xzf git-lfs.tgz --strip-components=1; \
      cp git-lfs /usr/local/bin/; \
      \
      cd; \
      rm -rf /tmp/build; \
      \
      git lfs install --system

RUN set -eux; \
      \
      curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"; \
      unzip awscliv2.zip; \
      ./aws/install; \
      rm awscliv2.zip

ENV BUILDKIT_VERSION v0.11.2
RUN set -eux; \
      \
      cd /usr/local/bin; \
      wget -nv https://github.com/moby/buildkit/releases/download/${BUILDKIT_VERSION}/buildkit-${BUILDKIT_VERSION}.linux-amd64.tar.gz; \
      tar --strip-components=1 -zxvf buildkit-${BUILDKIT_VERSION}.linux-amd64.tar.gz bin/; \
      chmod +x buildctl buildkit-runc buildkitd; \
      rm -f buildkit-${BUILDKIT_VERSION}.linux-amd64.tar.gz

USER ci

ENV BUNDLER_VERSION 2.4.6
RUN gem install bundler -v ${BUNDLER_VERSION} --force --no-document

USER root

ENV DOCKER_CLI_EXPERIMENTAL=enabled

ENV BUILDKITE_AGENT_CONFIG=/buildkite/buildkite-agent.cfg \
    PATH="/usr/local/bin:${PATH}"

RUN set -eux; \
      \
      mkdir -p /var/lib/buildkite/builds /buildkite/hooks /var/lib/buildkite/plugins; \
      curl -Lfs -o /usr/local/bin/ssh-env-config.sh https://raw.githubusercontent.com/buildkite/docker-ssh-env-config/master/ssh-env-config.sh; \
      chmod +x /usr/local/bin/ssh-env-config.sh; \
      chown -R ci:ci /var/lib/buildkite; \
      chown -R ci:ci /buildkite

COPY ./buildkite-agent.cfg /buildkite/buildkite-agent.cfg
COPY --from=agent /usr/local/bin/buildkite-agent /usr/local/bin/buildkite-agent
COPY hooks/pre-command /buildkite/hooks/

ENV BUILDKIT_PROGRESS plain

VOLUME /var/lib/buildkite
COPY ./docker-entrypoint.sh /docker-entrypoint.sh
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["start"]