dispatch/Dockerfile.base at unity · kylie-sre/dispatch · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
FROM python:3.8
LABEL maintainer="sre@unity3d.com"
LABEL org.opencontainers.image.title="Dispatch PyPI Wheel"
LABEL org.opencontainers.image.description="PyPI Wheel Builder for Dispatch"
LABEL org.opencontainers.image.url="https://dispatch.io/"
LABEL org.opencontainers.image.source="https://github.com/kylie-sre/dispatch"
LABEL org.opencontainers.image.vendor="Unity Tech."
LABEL org.opencontainers.image.authors="sre@unity3d.com"

RUN mkdir /dispatch
COPY requirements-base.txt /dispatch/requirements-base.txt
RUN python -m pip install --upgrade pip && \
    python -m venv /venv && \
    /venv/bin/pip install -r /dispatch/requirements-base.txt

RUN apt-get update && apt-get install -y --no-install-recommends \
    # Needed for GPG
    dirmngr \
    gnupg2 \
    # Needed for fetching stuff
    ca-certificates \
    wget \
    && rm -rf /var/lib/apt/lists/*

# Fetch trusted keys
RUN for key in \
    # gosu
    B42F6819007F00F88E364FD4036A9C25BF357DD4 \
    # tini
    595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \
    # Node - gpg keys listed at https://github.com/nodejs/node
    94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
    FD3A5288F042B6850C66B31F09FE44734EB7990E \
    71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
    DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
    C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
    B9AE9905FFD7803F25714661B63B535A4C206CA9 \
    77984A986EBC2AA786BC0F66B01FBB92821C587A \
    8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
    4ED778F539E3634C779C87C6D7062848A1AB005C \
    A48C2BEE680E841632CD4E44F07496B3EB3C1762 \
    B9E2F5981AA6E0CD28160D9FF13993A75599653C \
    ; do \
        # Let's try several servers to ensure we get all the keys
        for server in \
            keys.openpgp.org \
            keyserver.ubuntu.com \
            hkps.pool.sks-keyservers.net \
        ; do \
	        gpg2 --batch --keyserver "$server" --recv-keys "$key"; \
        done \
    done

COPY ui/.nvmrc /usr/src/dispatch/
RUN cd /usr/src/dispatch \
    && export NODE_VERSION="$(cat .nvmrc)" \
    && wget "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.gz" \
    && wget "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
    && gpg --batch --verify SHASUMS256.txt.asc \
    && grep " node-v$NODE_VERSION-linux-x64.tar.gz\$" SHASUMS256.txt.asc | sha256sum -c - \
    && tar -xzf "node-v$NODE_VERSION-linux-x64.tar.gz" -C /usr/local --strip-components=1 \
    && rm -f "node-v$NODE_VERSION-linux-x64.tar.gz" SHASUMS256.txt.asc