-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathDockerfile
154 lines (132 loc) · 5.43 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
# Build home tool from source
FROM golang:1.20 AS build-home
WORKDIR /tmp/shakefu/home
COPY files/ ./files/
COPY install/ ./install/
# TODO: Use SemVer instead of this
COPY go.mod go.sum home.go VERSION ./
RUN go build --buildvcs=false .
RUN mkdir -p /build && \
cp home /build/home
# Default Dockerfile for Go development containers.
# This is based on debian:bullseye-slim and installs the latest Go release.
# TODO: This is incompatible with a multi-arch build
FROM mcr.microsoft.com/devcontainers/base:bullseye AS base
ARG USER=vscode
# Do work in /tmp since it's not persisted
WORKDIR /tmp
# Don't ask questions
ENV DEBIAN_FRONTEND=noninteractive
# Install required system dependencies
RUN apt-get update -yqq && \
apt-get install -yqq --no-install-recommends \
apt-transport-https \
curl \
git \
gpg \
wget \
zsh && \
apt-get clean -yqq && \
rm -rf /var/lib/apt/lists/*
# Dependencies that pre-commit uses
RUN apt-get update -yqq && apt-get install -yqq --no-install-recommends \
shellcheck \
&& \
apt-get clean -yqq && \
rm -rf /var/lib/apt/lists/*
# Dependencies for building Python
RUN apt-get update -yqq && apt-get install -yqq --no-install-recommends \
bzip2 libbz2-dev \
libffi-dev \
libncurses-dev \
libreadline-dev \
libssl-dev \
lzma liblzma-dev \
ncurses-dev \
openssl \
sqlite3 libsqlite3-dev \
tk-dev \
&& \
apt-get clean -yqq && \
rm -rf /var/lib/apt/lists/*
RUN mkdir -p /etc/apt/keyrings
# Install VSCode
RUN curl -fsSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /etc/apt/keyrings/packages.microsoft.gpg && \
echo "deb [arch=amd64,arm64,armhf signed-by=/etc/apt/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" > /etc/apt/sources.list.d/vscode.list && \
apt-get update -yqq && \
apt-get install -yqq --no-install-recommends code \
&& \
apt-get clean -yqq && \
rm -rf /var/lib/apt/lists/*
# Install gh cli tool
RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
-o /usr/share/keyrings/githubcli-archive-keyring.gpg && \
chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg && \
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" > /etc/apt/sources.list.d/github-cli.list && \
apt-get update -yqq && \
apt-get install -yqq --no-install-recommends gh \
&& \
apt-get clean -yqq && \
rm -rf /var/lib/apt/lists/*
# Install Docker CE CLI
RUN apt-get update -yqq && \
apt-get install -yqq --no-install-recommends apt-transport-https ca-certificates curl gnupg2 lsb-release && \
curl -fsSL "https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]')/gpg" | apt-key add - 2>/dev/null && \
echo "deb [arch=amd64] https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list && \
apt-get update -yqq && \
apt-get install -yqq --no-install-recommends docker-ce-cli \
&& \
apt-get clean -yqq && \
rm -rf /var/lib/apt/lists/*
# We have to ensure this user exists before we setup Docker
# Create a vscode user with uid 1000 (this user may already exist)
RUN useradd \
--create-home \
--shell /bin/zsh \
--uid 1000 \
--gid 1000 \
--non-unique \
"${USER}" || true
# Set the shell to zsh
RUN chsh --shell "/usr/bin/zsh" "${USER}"
# Create docker-init script which configures user group permissions
RUN echo -e "#!/bin/sh\n\
sudoIf() { if [ \"\$(id -u)\" -ne 0 ]; then sudo \"\$@\"; else \"\$@\"; fi }\n\
SOCKET_GID=\$(stat -c '%g' /var/run/docker.sock) \n\
if [ \"${SOCKET_GID}\" != '0' ]; then\n\
if [ \"\$(cat /etc/group | grep :\${SOCKET_GID}:)\" = '' ]; then sudoIf groupadd --gid \${SOCKET_GID} docker-host; fi \n\
if [ \"\$(id ${USER} | grep -E \"groups=.*(=|,)\${SOCKET_GID}\(\")\" = '' ]; then sudoIf usermod -aG \${SOCKET_GID} ${USER}; fi\n\
fi\n\
exec \"\$@\"" > /usr/local/share/docker-init.sh \
&& chmod +x /usr/local/share/docker-init.sh
# Operate in user space from here on out
USER ${USER}
# These are super slow and don't seem to speed up the Codespaces startup
# Install vscode extensions
# WORKDIR /tmp/shakefu
# COPY .devcontainer/extensions.sh ./extensions.sh
# USER ${USER}
# RUN /tmp/shakefu/extensions.sh
# Create SSH directory for user
RUN mkdir -p /home/${USER}/.ssh
# Get the built home binary
COPY --from=build-home /build/home /usr/local/bin/home
# Run our setup
RUN home setup --debug
# Revert to our default user directory
WORKDIR /workspaces/home
# VS Code overrides ENTRYPOINT and CMD when executing `docker run` by default.
# Setting the ENTRYPOINT to docker-init.sh will configure non-root access to
# the Docker socket if "overrideCommand": false is set in devcontainer.json.
# The script will also execute CMD if you need to alter startup behaviors.
# ref: https://github.com/microsoft/vscode-dev-containers/tree/main/containers/docker-from-docker#enabling-non-root-access-to-docker-in-the-container
ENTRYPOINT [ "/usr/local/share/docker-init.sh" ]
CMD [ "sleep", "infinity" ]
# Final output image
# This breaks buildx caching on GHA so we'll skip it for now
# FROM scratch AS final
# ARG USER=vscode
# Copy over the whole filesystem in one whack
# COPY --from=base / /
# Set the user
# USER ${USER}