1- FROM ubuntu:24.04@sha256:b59d21599a2b151e23eea5f6602f4af4d7d31c4e236d22bf0b62b86d2e386b8f
1+ FROM ubuntu:24.04@sha256:a08e551cb33850e4740772b38217fc1796a66da2506d312abe51acda354ff061
22
33ARG BATS_VERSION=1.11.0
44ARG CCACHE_VERSION=4.11
55ARG CLANG_VERSION=18
66ARG CPM_VERSION=0.40.2
7- ARG DOCKER_VERSION=27.3.1
87ARG INCLUDE_WHAT_YOU_USE_VERSION=0.22
98ARG XWIN_VERSION=0.6.5
109
@@ -14,89 +13,90 @@ HEALTHCHECK NONE
1413
1514SHELL ["/bin/bash" , "-o" , "pipefail" , "-c" ]
1615
16+ # Set default environment options
17+ ENV CCACHE_DIR=/cache/.ccache \
18+ CMAKE_EXPORT_COMPILE_COMMANDS="On" \
19+ CMAKE_GENERATOR="Ninja" \
20+ CONAN_HOME=/opt/conan \
21+ CPM_SOURCE_CACHE=/cache/.cpm \
22+ PATH="$PATH:/usr/lib/llvm-${CLANG_VERSION}/bin:/opt/gcc-arm-none-eabi/bin" \
23+ PYTHONPYCACHEPREFIX=/cache/.python
24+
1725# Install the base system with all tool dependencies
18- COPY .devcontainer/cpp/apt-requirements-base.json /tmp/apt-requirements-base.json
1926# hadolint ignore=DL3008
20- RUN apt-get update && apt-get install -y --no-install-recommends jq \
21- && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends \
22- && rm /tmp/apt-requirements-base.json \
23- && rm -rf /var/lib/apt/lists/*
24-
25- # Include the Cisco Umbrella PKI Root
26- RUN wget -qO /usr/local/share/ca-certificates/Cisco_Umbrella_Root_CA.crt https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem \
27- && update-ca-certificates
28-
29- # Install some tools via pip to get more recent versions
30- COPY .devcontainer/cpp/requirements.txt /tmp/requirements.txt
31- RUN python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt \
32- && rm -rf /tmp/requirements.txt
33-
34- # Set default environment options for CMake and ccache
35- ENV CCACHE_DIR=/cache/.ccache
36- ENV CMAKE_EXPORT_COMPILE_COMMANDS="On"
37- ENV CMAKE_GENERATOR="Ninja"
38- ENV CONAN_HOME=/opt/conan
39- ENV CPM_SOURCE_CACHE=/cache/.cpm-cache
27+ RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \
28+ --mount=type=bind,source=.devcontainer/cpp/requirements.txt,target=/tmp/requirements.txt \
29+ --mount=type=cache,target=/cache,sharing=locked \
30+ --mount=type=cache,target=/var/cache/apt,sharing=locked \
31+ --mount=type=cache,target=/var/lib/apt,sharing=locked \
32+ --mount=type=cache,target=/var/log,sharing=locked \
33+ apt-get update && apt-get install -y --no-install-recommends jq \
34+ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | \
35+ xargs apt-get install -y --no-install-recommends \
36+ # Include the Cisco Umbrella PKI Root
37+ && wget --no-hsts -qO /usr/local/share/ca-certificates/Cisco_Umbrella_Root_CA.crt https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem \
38+ && update-ca-certificates \
39+ # Install some tools via pip to get more recent versions, clean up afterwards
40+ && python3 -m pip install --break-system-packages --require-hashes --no-cache-dir --no-compile -r /tmp/requirements.txt \
41+ && find / -regex '^.*\( __pycache__\|\. py[co]\) $' -delete \
42+ && rm -rf "$(pip cache dir)"
4043
4144# Install clang toolchain and mull mutation testing framework
42- COPY .devcontainer/cpp/apt-requirements-clang.json /tmp/apt-requirements-clang.json
43- # hadolint ignore=SC1091
44- RUN wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \
45- && wget -qO - https://dl.cloudsmith.io/public/mull-project/mull-stable/gpg.41DB35380DE6BD6F.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \
46- && UBUNTU_CODENAME=$(. /etc/os-release; echo "${UBUNTU_CODENAME/*, /}" ) \
45+ RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,target=/tmp/apt-requirements-clang.json \
46+ --mount=type=cache,target=/var/cache/apt,sharing=locked \
47+ --mount=type=cache,target=/var/lib/apt,sharing=locked \
48+ --mount=type=cache,target=/var/log,sharing=locked \
49+ --mount=type=cache,target=/tmp,sharing=locked,mode=1777 \
50+ wget --no-hsts -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \
51+ && wget --no-hsts -qO - https://dl.cloudsmith.io/public/mull-project/mull-stable/gpg.41DB35380DE6BD6F.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \
52+ && UBUNTU_CODENAME=$(grep '^UBUNTU_CODENAME=' /etc/os-release | cut -d= -f2) \
4753 && echo "deb [signed-by=/usr/share/keyrings/llvm-snapshot-keyring.gpg] http://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-${CLANG_VERSION} main" | tee /etc/apt/sources.list.d/llvm.list > /dev/null \
4854 && echo "deb [signed-by=/usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/mull-project/mull-stable/deb/ubuntu ${UBUNTU_CODENAME} main" | tee /etc/apt/sources.list.d/mull-project-mull-stable.list > /dev/null \
4955 && echo -e 'Package: *\n Pin: origin "apt.llvm.org"\n Pin-Priority: 1000' > /etc/apt/preferences \
5056 && apt-get update \
51- && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-clang.json | xargs apt-get install -y --no-install-recommends \
52- && rm /tmp/apt-requirements* \
53- && rm -rf /var/lib/apt/lists/*
54- ENV PATH="$PATH:/usr/lib/llvm-${CLANG_VERSION}/bin"
57+ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-clang.json | xargs apt-get install -y --no-install-recommends
5558
5659# Install arm-gcc toolchain
5760RUN mkdir /opt/gcc-arm-none-eabi \
58- && wget -qO - "https://developer.arm.com/-/media/Files/downloads/gnu/14.2.rel1/binrel/arm-gnu-toolchain-14.2.rel1-$(uname -m)-arm-none-eabi.tar.xz" | tar --exclude='*arm-none-eabi-gdb*' --exclude='share' --strip-components=1 -xJC /opt/gcc-arm-none-eabi
59- ENV PATH="$PATH:/opt/gcc-arm-none-eabi/bin"
60-
61- # Install docker-cli for Docker-from-Docker tools
62- RUN wget -qO - "https://download.docker.com/linux/static/stable/$(uname -m)/docker-${DOCKER_VERSION}.tgz" | tar xz -C /tmp \
63- && mv /tmp/docker/docker /usr/local/bin/ \
64- && rm -rf /tmp/docker
61+ && wget --no-hsts -qO - "https://developer.arm.com/-/media/Files/downloads/gnu/14.2.rel1/binrel/arm-gnu-toolchain-14.2.rel1-$(uname -m)-arm-none-eabi.tar.xz" | tar --exclude='*arm-none-eabi-gdb*' --exclude='share' --strip-components=1 -xJC /opt/gcc-arm-none-eabi
6562
6663# Install bats
6764RUN batstmp="$(mktemp -d /tmp/bats-core-${BATS_VERSION}.XXXX)" \
68- && wget -qO - https://github.com/bats-core/bats-core/archive/refs/tags/v${BATS_VERSION}.tar.gz | tar xz -C "${batstmp}" \
65+ && wget --no-hsts - qO - https://github.com/bats-core/bats-core/archive/refs/tags/v${BATS_VERSION}.tar.gz | tar xz -C "${batstmp}" \
6966 && bash "${batstmp}/bats-core-${BATS_VERSION}/install.sh" /usr/local \
7067 && rm -rf "${batstmp}" \
7168 && git -C /usr/local clone -b v0.3.0 https://github.com/bats-core/bats-support.git \
7269 && git -C /usr/local clone -b v2.1.0 https://github.com/bats-core/bats-assert.git
7370
7471# Install xwin
75- RUN wget -qO - "https://github.com/Jake-Shadle/xwin/releases/download/${XWIN_VERSION}/xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl.tar.gz" | tar -xzv -C /usr/local/bin --strip-components=1 "xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl/xwin"
72+ RUN wget --no-hsts - qO - "https://github.com/Jake-Shadle/xwin/releases/download/${XWIN_VERSION}/xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl.tar.gz" | tar -xzv -C /usr/local/bin --strip-components=1 "xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl/xwin"
7673
7774# Compile and install additional clang tools; often necessary as binary arm64 builds are lacking, or packages are out-of-date
7875# Install ccache from source for a recent version
79- RUN wget -qO - https://github.com/ccache/ccache/archive/refs/tags/v${CCACHE_VERSION}.tar.gz | tar xz -C /tmp \
76+ RUN --mount=type=cache,target=/cache,sharing=locked \
77+ wget --no-hsts -qO - https://github.com/ccache/ccache/archive/refs/tags/v${CCACHE_VERSION}.tar.gz | tar xz -C /tmp \
8078 && CC=clang CXX=clang++ cmake -DCMAKE_BUILD_TYPE=Release -DENABLE_TESTING=Off -DENABLE_DOCUMENTATION=Off -S /tmp/ccache-${CCACHE_VERSION} -B /tmp/ccache-${CCACHE_VERSION}/build \
8179 && cmake --build /tmp/ccache-${CCACHE_VERSION}/build --target install \
8280 && rm -rf /tmp/ccache-${CCACHE_VERSION}
8381
8482# Install include-what-you-use (iwyu) from source
8583# hadolint ignore=DL3008
86- RUN --mount=type=cache,target=/root/.ccache,sharing=locked \
84+ RUN --mount=type=cache,target=/cache,sharing=locked \
85+ --mount=type=cache,target=/var/cache/apt,sharing=locked \
86+ --mount=type=cache,target=/var/lib/apt,sharing=locked \
8787 apt-get update && apt-get install -y --no-install-recommends libclang-${CLANG_VERSION}-dev llvm-${CLANG_VERSION}-dev \
88- && wget -qO - https://github.com/include-what-you-use/include-what-you-use/archive/refs/tags/${INCLUDE_WHAT_YOU_USE_VERSION}.tar.gz | tar xz -C /tmp \
89- && CC=clang CXX=clang++ cmake -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache - S /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION} -B /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION}/build \
88+ && wget --no-hsts - qO - https://github.com/include-what-you-use/include-what-you-use/archive/refs/tags/${INCLUDE_WHAT_YOU_USE_VERSION}.tar.gz | tar xz -C /tmp \
89+ && CC=clang CXX=clang++ cmake -S /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION} -B /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION}/build \
9090 && cmake --build /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION}/build --target install \
9191 && rm -rf /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION} \
92- && apt-get purge -y libclang-${CLANG_VERSION}-dev llvm-${CLANG_VERSION}-dev libsqlite3-dev \
92+ && apt-get purge -y libclang-${CLANG_VERSION}-dev llvm-${CLANG_VERSION}-dev \
9393 && apt-get autoremove -y \
94- && apt-get clean \
95- && rm -rf /var/lib/apt/lists/*
94+ && apt-get clean
9695
9796# Update all tool alternatives to the correct version
9897# and patch root's bashrc to include bash-completion
99- RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 10 \
98+ RUN --mount=type=cache,target=/var/log,sharing=locked \
99+ update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 10 \
100100 --slave /usr/bin/g++ g++ /usr/bin/g++-14 \
101101 --slave /usr/bin/gcov gcov /usr/bin/gcov-14 \
102102 && update-alternatives --install /usr/bin/cc cc /usr/bin/gcc-14 10 \
@@ -111,6 +111,7 @@ RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 10 \
111111# Set up package managers CPM and Conan
112112# - Install CPM.cmake to the CMake module path
113113# - Configure a default profile for Conan and set the CMake generator to Ninja
114- RUN wget -qP /usr/local/lib/python*/dist-packages/cmake/data/share/cmake-*/Modules/ https://github.com/cpm-cmake/CPM.cmake/releases/download/v${CPM_VERSION}/CPM.cmake \
114+ RUN --mount=type=cache,target=/cache,sharing=locked \
115+ wget --no-hsts -qP /usr/local/lib/python*/dist-packages/cmake/data/share/cmake-*/Modules/ https://github.com/cpm-cmake/CPM.cmake/releases/download/v${CPM_VERSION}/CPM.cmake \
115116 && conan profile detect \
116117 && echo -e "\n [conf]\n tools.cmake.cmaketoolchain:generator=Ninja" >> "$(conan profile path default)"
0 commit comments