-
Notifications
You must be signed in to change notification settings - Fork 76
/
Dockerfile
315 lines (258 loc) · 9.47 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
# syntax=docker/dockerfile:1
# Controls which base image is used to build the CDash image
# Options: "debian" or "ubi" (defaults to "debian")
ARG BASE_IMAGE=debian
# Designates as dev build, adds testing infrastructure, et al.
ARG DEVELOPMENT_BUILD
###############################################################################
# The base image for regular Debian-based images
###############################################################################
FROM php:8.2-apache-bookworm AS cdash-debian-intermediate
ARG BASE_IMAGE
ARG DEVELOPMENT_BUILD
RUN apt-get update && \
apt-get install -y \
ca-certificates \
curl \
gnupg \
&& \
mkdir -p /etc/apt/keyrings && \
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key \
| gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" \
| tee /etc/apt/sources.list.d/nodesource.list && \
apt-get update && \
apt-get install -y \
apt-utils \
git \
libbz2-dev \
libfreetype6-dev \
libjpeg62-turbo-dev \
libldap2-dev \
libmcrypt-dev \
libpng-dev \
libpq-dev \
libxslt-dev \
libxss1 \
nodejs \
unzip \
vim \
wget \
zip \
&& \
docker-php-ext-configure pgsql --with-pgsql=/usr/local/pgsql && \
docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr/include/ && \
docker-php-ext-install -j$(nproc) \
bcmath \
bz2 \
gd \
ldap \
pdo_mysql \
pdo_pgsql \
xsl \
opcache \
&& \
wget -q -O checksum https://composer.github.io/installer.sha384sum && \
wget -q -O composer-setup.php https://getcomposer.org/installer && \
sha384sum -c checksum && \
php composer-setup.php --install-dir=/usr/local/bin --filename=composer && \
php -r "unlink('composer-setup.php');" && \
composer self-update --no-interaction
RUN if [ "$DEVELOPMENT_BUILD" = '1' ]; then \
apt-get update && \
apt-get install -y \
cmake \
rsync \
&& \
`# Cypress dependencies` \
apt-get install -y \
libgtk2.0-0 \
libgtk-3-0 \
libgbm-dev \
libnotify-dev \
libgconf-2-4 \
libnss3 \
libxss1 \
libasound2 \
libxtst6 \
xauth \
xvfb \
&& \
mkdir /tmp/.X11-unix && \
chmod 1777 /tmp/.X11-unix && \
chown root /tmp/.X11-unix/ && \
mkdir -p /var/www/.cache/mesa_shader_cache && \
pecl install xdebug && \
docker-php-ext-enable xdebug; \
fi
# Create an npm cache directory for www-data
RUN mkdir -p /var/www/.npm && \
chown -R www-data:www-data /var/www/.npm
# Copy Apache site-available config files into the image.
COPY ./docker/cdash-site.conf /etc/apache2/sites-available/cdash-site.conf
# Change apache config to listen on port 8080 instead of port 80
RUN sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/ports.conf
# Remove default site, add cdash-site, enable mod_rewrite, enable php
RUN a2dissite 000-default && \
a2ensite cdash-site && \
a2enmod rewrite && \
a2enmod php && \
a2enmod headers
# Enable https site if we're not doing a development build.
RUN if [ "$DEVELOPMENT_BUILD" != '1' ]; then \
a2enmod ssl && \
a2enmod socache_shmcb; \
fi
# Assign www-data ownership of apache2 configuration files
RUN chown -R www-data:www-data /etc/apache2
# Run the rest of the commands as www-data
USER www-data
# Copy CDash (current folder) into /cdash
COPY --chown=www-data:www-data . /cdash
WORKDIR /cdash
COPY ./php.ini /usr/local/etc/php/conf.d/cdash.ini
ENTRYPOINT ["/bin/bash", "/cdash/docker/docker-entrypoint.sh"]
###############################################################################
# The base image for UBI-based images
###############################################################################
FROM registry.access.redhat.com/ubi9/php-82 AS cdash-ubi-intermediate
ARG BASE_IMAGE
ARG DEVELOPMENT_BUILD
ENV TZ=UTC \
LC_ALL=C.UTF-8 \
LANG=C.UTF-8
USER 0
# Install Composer
RUN TEMPFILE=$(mktemp) && \
curl -o "$TEMPFILE" "https://getcomposer.org/installer" && \
php < "$TEMPFILE" && \
mv composer.phar /usr/local/bin/composer
# install dependencies
RUN dnf install -y \
--refresh \
--best \
--nodocs \
--noplugins \
--setopt=install_weak_deps=0 \
#> helpers
ca-certificates \
findutils \
shadow-utils \
git \
vim \
unzip \
zip \
#> cdash
php-bcmath \
php-fpm \
php-gd \
php-ldap \
php-mbstring \
php-mysqlnd \
php-pdo \
php-opcache
RUN if [ "$DEVELOPMENT_BUILD" = '1' ]; then \
dnf install -y \
--refresh \
--best \
--nodocs \
--noplugins \
--setopt=install_weak_deps=0 \
php-xdebug \
rsync \
#> A horrible hack to get a newer version of CMake. As of the time of this
#> writing, Red Hat UBI uses CMake 3.20, while our scripts require CMake>=3.22.
#> This should be replaced with a more acceptable solution at a future point
#> in time, whenever Red Had updates the default version of CMake.
python-pip && \
pip install cmake --upgrade && \
dnf remove -y python-pip; \
fi
# certs, timezone, accounts
RUN chmod -R g=u,o-w /etc/pki/ca-trust/extracted /etc/pki/ca-trust/source/anchors && \
update-ca-trust enable && \
update-ca-trust extract
RUN mkdir /var/log/apache2 && \
chown 1001:1001 /var/log/apache2
# Allow PHP to access all environment variables.
# In the future, we may want to consider limiting this for security reasons.
RUN echo "clear_env = no" >> /etc/php-fpm.d/www.conf
USER 1001
# Copy CDash (current folder) into /cdash
COPY --chown=1001:1001 . /cdash
WORKDIR /cdash
COPY ./php.ini /etc/php.d/cdash.ini
COPY ./docker/cdash-site.conf /etc/httpd/conf.d/cdash-site.conf
# remove lcobucci/jwt due to libsodium rhel issue
RUN composer remove "lcobucci/jwt" --ignore-platform-reqs && rm -rf vendor
###############################################################################
# Do shared installation tasks as the root user
###############################################################################
FROM cdash-${BASE_IMAGE}-intermediate AS cdash-root-intermediate
ARG BASE_IMAGE
ARG DEVELOPMENT_BUILD
USER 0
RUN if [ "$DEVELOPMENT_BUILD" = '1' ]; then \
echo "alias cdash_copy_source='rsync -r -l --exclude-from /cdash_src/.rsyncignore /cdash_src/ /cdash'" >> /etc/bash.bashrc; \
echo "alias cdash_install='cdash_copy_source && bash /cdash/install.sh'" >> /etc/bash.bashrc; \
else \
echo "alias cdash_install='bash /cdash/install.sh'" >> /etc/bash.bashrc; \
fi
# Disable git repo ownership check system wide
RUN git config --system --add safe.directory '*'
###############################################################################
# Intermediate images to switch the user back to the default non-root user
###############################################################################
FROM cdash-root-intermediate AS cdash-debian-non-root-intermediate
USER www-data
FROM cdash-root-intermediate AS cdash-ubi-non-root-intermediate
USER 1001
###############################################################################
# Do shared installation tasks as a non-root user
###############################################################################
FROM cdash-${BASE_IMAGE}-non-root-intermediate AS cdash-non-root-intermediate
LABEL MAINTAINER="Kitware, Inc. <[email protected]>"
ARG BASE_IMAGE
ARG DEVELOPMENT_BUILD
ENV CYPRESS_CACHE_FOLDER=/cdash/cypress_cache
# Set up testing environment if this is a development build
RUN if [ "$DEVELOPMENT_BUILD" = '1' ]; then \
mkdir _build && cd _build && \
cmake \
-DCDASH_DIR_NAME= \
-DCDASH_SERVER=localhost:8080 \
-DCTEST_UPDATE_VERSION_ONLY=1 ..; \
fi
# Install dependencies, including dev dependencies if this is a development build
RUN if [ "$DEVELOPMENT_BUILD" = '1' ]; then \
composer install --no-interaction --no-progress --prefer-dist \
&& npm install; \
else \
composer install \
--no-interaction \
--no-progress \
--prefer-dist \
--no-dev \
--optimize-autoloader && \
npm install --omit=dev; \
fi
# In development, we install the development .env by default
# This could be switched to regular environment variables inserted via docker compose in the future.
RUN if [ "$DEVELOPMENT_BUILD" = '1' ]; then \
cp /cdash/.env.dev /cdash/.env; \
fi
RUN npm run prod --stats-children
# Make sure the build args are set in the ENV for reference in docker-entrypoint.sh
ENV DEVELOPMENT_BUILD=$DEVELOPMENT_BUILD
ENV BASE_IMAGE=$BASE_IMAGE
ENTRYPOINT ["/bin/bash", "/cdash/docker/docker-entrypoint.sh"]
###############################################################################
# Add website-specific information
###############################################################################
FROM cdash-non-root-intermediate AS cdash
CMD ["start-website"]
###############################################################################
# Add worker-specific information
###############################################################################
FROM cdash-non-root-intermediate AS cdash-worker
CMD ["start-worker"]