-
Notifications
You must be signed in to change notification settings - Fork 3
/
Dockerfile
87 lines (77 loc) · 3.79 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# syntax=docker/dockerfile:1
# TARGETPLATFORM is special cased by docker and doesn't need the initial ARG
# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
FROM --platform=$TARGETPLATFORM ghcr.io/yannh/kubeconform:v0.6.7-alpine as kubeconform
ARG TARGETPLATFORM
FROM --platform=$TARGETPLATFORM hadolint/hadolint:v2.12.0-alpine as hadolint
ARG TARGETPLATFORM
FROM --platform=$TARGETPLATFORM koalaman/shellcheck:v0.10.0 as shellcheck
ARG TARGETPLATFORM
FROM --platform=$TARGETPLATFORM rhysd/actionlint:1.7.1 as actionlint
ARG TARGETPLATFORM
FROM --platform=$TARGETPLATFORM python:3.11-alpine3.20 as base_image
ENV LANG=C.UTF-8
ENV LC_ALL=C.UTF-8
ARG COMMIT_HASH
LABEL org.opencontainers.image.title="goat"
LABEL org.opencontainers.image.description="The Grand Opinionated AutoTester (GOAT) automatically applies Seiso's policy as code"
LABEL org.opencontainers.image.version="${COMMIT_HASH}"
LABEL org.opencontainers.image.vendor="Seiso"
LABEL org.opencontainers.image.url="https://seisollc.com"
LABEL org.opencontainers.image.source="https://github.com/SeisoLLC/goat"
LABEL org.opencontainers.image.revision="${COMMIT_HASH}"
LABEL org.opencontainers.image.licenses="MIT"
WORKDIR /etc/opt/goat/
ENV PIP_NO_CACHE_DIR=1
ENV WORKON_HOME=/tmp
ENV PYENV_ROOT="/root/.pyenv"
ENV PATH="$PYENV_ROOT/bin:$PATH"
COPY Pipfile Pipfile.lock ./
COPY --from=kubeconform /kubeconform /usr/bin/
COPY --from=hadolint /bin/hadolint /usr/bin/
COPY --from=shellcheck /bin/shellcheck /usr/bin/
COPY --from=actionlint /usr/local/bin/actionlint /usr/bin/
# hadolint ignore=DL3016,DL3018,DL3013
RUN pip install pipenv \
&& apk upgrade \
&& apk --no-cache add jq \
npm \
tini \
bash \
git \
# Added to build supporting binaries
libffi-dev \
build-base \
# The following apk package is necessary for pyenv functionality
tk-dev \
&& pipenv install --system --deploy --ignore-pipfile \
&& npm install --save-dev --no-cache -g dockerfile_lint \
markdownlint-cli \
textlint \
textlint-filter-rule-allowlist \
textlint-filter-rule-comments \
textlint-rule-terminology \
cspell \
jscpd \
markdown-link-check \
&& git clone https://github.com/pyenv/pyenv.git --depth=1 "${PYENV_ROOT}" \
&& echo 'command -v pyenv >/dev/null || export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.profile \
&& echo 'eval "$(pyenv init -)"' >> ~/.profile \
# This will cleanup the pyenv .git folder as well as any plugin .git folders
&& find "${PYENV_ROOT}" -type d -name ".git" -exec rm -rf {} + \
&& mkdir -p /opt/goat/log \
#####################################################################################################
# The following commands are necessary because pre-commit adds -u os.uid():os.gid() to the docker run
&& chmod o+w /opt/goat/log \
&& mkdir -p /.local \
&& chmod o+w /.local \
#####################################################################################################
# Remove unnecessary packages
&& apk del libffi-dev \
build-base
WORKDIR /goat/
COPY etc/ /etc/opt/goat/
COPY entrypoint.sh /opt/goat/bin/entrypoint.sh
COPY code_review.py /opt/goat/bin/code_review.py
COPY code_reviews/ /opt/goat/bin/code_reviews/
ENTRYPOINT ["tini", "-g", "--", "/opt/goat/bin/entrypoint.sh"]