KuneAgi/Dockerfile at master · ecreall/KuneAgi · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# FROM python:3.6
# Latest python 3.6 moved from stretch to buster the 10th july 2019
# https://github.com/docker-library/python/commit/2a11f610a56ff3c0f0157790dde940894fad7a1a#diff-bd1ee42cf5f4ce9024db9d1f6b1a82e4
# This gives an error with the varnish repository, keep the old image based on stretch for now and do an apt-get upgrade
FROM python@sha256:d0f068df622b07c06e7753a95fc826747c0e9668992c41f09d5c37ad48d4fb17

ARG userid=1000
ARG run_buildout=true

# varnish 4.1 repo has a package for debian jessie, debian stretch,
# ubuntu xenial (16.04), but not ubuntu zesty (17.04) so defaults to varnish 5.0.0 from ubuntu repo.
#RUN echo 'apparmor=unconfined' >> /etc/default/grub
#RUN update-grub
#RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
ARG DEBIAN_FRONTEND noninteractive
RUN apt-get update && apt-get upgrade -y && apt-get install -y apt-utils && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y curl git libzmq3-dev libyaml-dev apt-transport-https lsb-release && \
    curl -L https://packagecloud.io/varnishcache/varnish41/gpgkey | apt-key add - && \
    oslower=$(lsb_release -s -i | tr '[:upper:]' '[:lower:]') && \
    oscodename=$(lsb_release -s -c) && \
    echo "Package: varnish" >/etc/apt/preferences.d/varnish && \
    echo "Pin: release l=varnish41" >>/etc/apt/preferences.d/varnish && \
    echo "Pin-Priority: 999" >>/etc/apt/preferences.d/varnish && \
    (test $oscodename != 'zesty' && echo "deb https://packagecloud.io/varnishcache/varnish41/${oslower}/ ${oscodename} main" > /etc/apt/sources.list.d/varnishcache_varnish41.list || true) && \
    apt-get update && \
    apt-get install -y varnish && \
    rm -rf /var/lib/apt/lists/*


RUN addgroup --quiet --gid $userid "u1000" && \
    adduser \
        --shell /bin/bash \
        --disabled-password \
        --force-badname \
        --no-create-home \
        --uid $userid \
        --gid $userid \
        --gecos '' \
        --quiet \
        --home "/app" \
        "u1000"


RUN pip3 install --disable-pip-version-check --no-cache-dir zc.buildout==2.13.3 setuptools==42.0.2 cryptacular==1.5.5 && pip3 uninstall -y six || true

# grab gosu for easy step-down from root
#RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
RUN arch="$(dpkg --print-architecture)" \
    && set -x \
    && curl --silent -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$arch" \
    && EXPECTED_SHA="5b3b03713a888cee84ecbf4582b21ac9fd46c3d935ff2d7ea25dd5055d302d3c" \
    && sha256sum /usr/local/bin/gosu | grep -q $EXPECTED_SHA \
    && chmod +x /usr/local/bin/gosu
#    && curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$arch.asc" \
#    && gpg --verify /usr/local/bin/gosu.asc \
#    && rm /usr/local/bin/gosu.asc

RUN mkdir -p /app/cache
COPY . /app/
COPY start.bash /start
RUN chown -R u1000:u1000 /app

# compile all pyc in sys.path
RUN python -m compileall
USER u1000
# compile all pyc in in the /app folder
RUN python -m compileall /app
# all the pyc files in the image take 5MB. It's better to have them in the
# image instead of having them generated when the container starts. Think
# about 100 containers started in parallel... less disk write, and we gain
# 495MB of disk space.
WORKDIR /app

RUN mkdir -p -m 700 /app/.ssh && \
    echo "|1|mkhJkTqJT7XEFCg9zJ6vXr9F7KM=|1ihCQCq4xl9SQDtCAqwp4auiRIk= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNn6VI+Ekg/iOz3bZL6bb35tj6fOjmmMOvkw592XDXy+bSes+2qHhcA3uOg5/wEtmRaK583uZH/CJ4512BpLb7M=" >> /app/.ssh/known_hosts && \
    echo "|1|VmfmXO+MNtehwEnpYIEHO7zfvm8=|ya5Yt/ILBv/gMHQLAfSu2tOWO2I= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNn6VI+Ekg/iOz3bZL6bb35tj6fOjmmMOvkw592XDXy+bSes+2qHhcA3uOg5/wEtmRaK583uZH/CJ4512BpLb7M=" >> /app/.ssh/known_hosts
RUN buildout bootstrap -c heroku.cfg
# bin/buildout -c heroku.cfg is done outside this build if do_buildout is false
RUN $run_buildout && bin/buildout -c heroku.cfg
# || true

USER root

CMD ["/start"]