-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathDockerfile.docker
More file actions
58 lines (45 loc) · 1.84 KB
/
Dockerfile.docker
File metadata and controls
58 lines (45 loc) · 1.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
ARG REGISTRY="registry.hub.docker.com"
#ARG REGISTRY="docker.io"
FROM ${REGISTRY}/library/golang:1.25 AS jsonnet
RUN git clone https://github.com/google/go-jsonnet.git \
&& cd go-jsonnet \
&& go build ./cmd/jsonnet \
&& go build ./cmd/jsonnetfmt \
&& go build ./cmd/jsonnet-deps
RUN mkdir -p /artifacts \
&& cp go-jsonnet/jsonnet /artifacts \
&& cp go-jsonnet/jsonnetfmt /artifacts
FROM ${REGISTRY}/library/python:3.12-bookworm
COPY --from=jsonnet /artifacts/* /bin/
# hashicorp does not support debian trixy release at the moment
# FROM ${REGISTRY}/library/python:3.12
RUN wget -O- https://apt.releases.hashicorp.com/gpg | \
gpg --dearmor | \
tee /usr/share/keyrings/hashicorp-archive-keyring.gpg > /dev/null \
&& gpg --no-default-keyring \
--keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \
--fingerprint \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=VERSION_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
dumb-init \
terraform \
pipx \
&& rm -rf /var/lib/apt/lists/*
ARG APP_DIR="/app"
ARG ARTIFACT_DIR="/artifacts"
ARG UID=1000
ARG GID=1000
ARG USER="somebody"
ARG GROUP="somegroup"
RUN groupadd --gid ${GID} ${GROUP}
RUN useradd --uid ${UID} --gid ${GID} --shell /bin/bash --home-dir ${APP_DIR} --create-home ${USER}
WORKDIR ${APP_DIR}
USER ${USER}
ENV PATH="${APP_DIR}/.local/bin:${PATH}"
RUN pipx install poetry
COPY --chown=${UID}:${GID} poetry.lock pyproject.toml ./
RUN poetry install --no-root
COPY --chown=${UID}:${GID} src .
# ENTRYPOINT ["dumb-init", "--"]
ENTRYPOINT ["dumb-init", "--", "poetry", "run", "python", "main.py"]