-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathDockerfile
167 lines (154 loc) · 4.14 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
# We can't upgrade to Python 3.12 right now because matplotlib uses
# configparser.SafeConfigParser, but as of Python 3.12 that object has
# been removed from the configparser library. Hence we are stuck at
# 3.11 until we can upgrade matplotlib.
#
# For more information:
# https://github.com/python/cpython/blob/3.12/Lib/configparser.py
FROM python:3.11.8-bookworm
###
# For a list of pre-defined annotation keys and value types see:
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#
# Note: Additional labels are added by the build workflow.
LABEL org.opencontainers.image.authors="[email protected]"
LABEL org.opencontainers.image.vendor="Cybersecurity and Infrastructure Security Agency"
###
# Unprivileged user setup variables
###
ARG CISA_UID=421
ARG CISA_GID=${CISA_UID}
ARG CISA_USER="cisa"
ENV CISA_GROUP=${CISA_USER}
ENV CISA_HOME="/home/${CISA_USER}"
###
# Upgrade the system
###
RUN apt-get update --quiet --quiet \
&& apt-get upgrade --quiet --quiet
###
# Create unprivileged user
###
RUN groupadd --system --gid ${CISA_GID} ${CISA_GROUP} \
&& useradd --system --uid ${CISA_UID} --gid ${CISA_GROUP} --comment "${CISA_USER} user" ${CISA_USER}
###
# Install everything we need
#
# Install dependencies are only needed for software installation and
# will be removed at the end of the build process.
###
ENV DEPS="build-essential \
cmake \
curl \
git \
libblas-dev \
libc6-dev \
libfontconfig1 \
liblapack-dev \
libreadline-dev \
libssl-dev \
libxml2-dev \
libxslt1-dev \
libyaml-dev \
make \
unzip \
wget \
zlib1g-dev \
autoconf \
automake \
bison \
gawk \
libffi-dev \
libgdbm-dev \
libncurses5-dev \
libsqlite3-dev \
libtool \
pkg-config \
sqlite3 \
libgeos-dev \
# Additional dependencies for python-build
libbz2-dev \
llvm \
libncursesw5-dev \
# Latex stuff
xzdec \
texlive-latex-base \
texlive-latex-recommended \
texlive-latex-extra \
texlive-xetex \
fonts-lmodern \
lmodern \
texlive-science \
fontconfig \
redis-tools"
# ENV INSTALL_DEPS \
# git
RUN apt-get install --quiet --quiet --yes \
--no-install-recommends --no-install-suggests \
$DEPS $INSTALL_DEPS
###
# Make sure pip, setuptools, and wheel are the latest versions
#
# Note that we use pip3 --no-cache-dir to avoid writing to a local
# cache. This results in a smaller final image, at the cost of
# slightly longer install times.
###
RUN pip3 install --no-cache-dir --upgrade \
pip \
setuptools \
wheel
# Setup texlive latex stuff.
RUN tlmgr init-usertree
###
# Install requirements for report generation
#
# Note that we use pip3 --no-cache-dir to avoid writing to a local
# cache. This results in a smaller final image, at the cost of
# slightly longer install times.
#
# numpy seems to be required to build basemap's wheel, so we'll
# install it first. Note that numpy>=2 lacks the numpy/noprefix.h
# header required when building the wheel for matplotlib~=2.2.3, so we
# have to pin numpy to <2.
#
# Note that matplotlib.basemap is currently incompatible with
# matplotlib 3.x.
RUN pip3 install --no-cache-dir --upgrade "numpy<2" \
&& pip3 install --no-cache-dir --upgrade \
boto3 \
chevron \
dnspython \
docopt \
geos \
matplotlib~=2.2.3 \
https://github.com/cisagov/mongo-db-from-config/tarball/develop \
pandas \
publicsuffix \
pyasn \
pypdf2 \
requests \
requests_aws4auth
###
# Remove install dependencies
###
# RUN apt-get remove --quiet --quiet $INSTALL_DEPS
###
# Clean up aptitude cruft
###
RUN apt-get --quiet --quiet clean \
&& rm --recursive --force /var/lib/apt/lists/*
###
# Setup working directory and entrypoint
###
# Put this just before we change users because the copy (and every
# step after it) will always be rerun by Docker, but we need to be
# root for the chown command.
COPY src ${CISA_HOME}
RUN chown --recursive ${CISA_USER}:${CISA_GROUP} ${CISA_HOME}
###
# Prepare to run
###
# Right now we need to run as root for the font stuff
# USER ${CISA_USER}:${CISA_GROUP}
WORKDIR ${CISA_HOME}
ENTRYPOINT ["./report.sh"]