-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathDockerfile.release
More file actions
37 lines (32 loc) · 1.45 KB
/
Dockerfile.release
File metadata and controls
37 lines (32 loc) · 1.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# Lightweight container for OCI release operations (publish, index, pull, tag).
# Contains buildah, skopeo, Python 3, git, and configargparse — nothing else.
#
# Usage:
# docker build -f Dockerfile.release -t captainos-release .
# docker run --rm -v $(pwd):/work captainos-release release publish
FROM python:3.12-slim
# Install buildah, skopeo, and git
RUN apt-get update && apt-get install -y --no-install-recommends \
buildah \
skopeo \
git \
ca-certificates \
&& rm -rf /var/lib/apt/lists/* \
&& git config --global --add safe.directory /work
# Configure rootless storage driver and chroot isolation (no user-namespace
# required — we only assemble scratch images, never RUN anything inside them).
RUN printf '[storage]\ndriver = "vfs"\nrunroot = "/var/tmp/buildah-runroot"\ngraphroot = "/var/tmp/buildah-storage"\n' \
> /etc/containers/storage.conf
ENV BUILDAH_ISOLATION=chroot
# Buildah 1.39+ on Debian requires netavark but we never need networking
# (all images are FROM scratch with no RUN steps). A no-op stub satisfies
# the startup check.
RUN mkdir -p /usr/libexec/podman \
&& printf '#!/bin/sh\nexit 0\n' > /usr/libexec/podman/netavark \
&& chmod +x /usr/libexec/podman/netavark
# Install Python dependencies
COPY requirements.txt /tmp/requirements.txt
RUN pip install --no-cache-dir -r /tmp/requirements.txt && rm /tmp/requirements.txt
WORKDIR /work
ENTRYPOINT ["python3", "/work/build.py"]
CMD ["release", "--help"]