-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile.bootstrap
More file actions
109 lines (93 loc) · 4.57 KB
/
Dockerfile.bootstrap
File metadata and controls
109 lines (93 loc) · 4.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# This can be used to bootstrap devcontainer when no images have been pushed
FROM alpine:3.23.3 AS build
ARG TARGETARCH
RUN apk add --no-cache cosign bash curl jq
COPY src/base/.devcontainer/scripts/install_trivy.sh /tmp/install_trivy.sh
RUN case "${TARGETARCH}" in \
x86_64|amd64) TRIVY_ARCH=64bit ;; \
aarch64|arm64) TRIVY_ARCH=ARM64 ;; \
*) echo "Unsupported TARGETARCH: ${TARGETARCH}" && exit 1 ;; \
esac \
&& INSTALL_DIR=/tmp/trivy/ ARCH="${TRIVY_ARCH}" /tmp/install_trivy.sh
FROM mcr.microsoft.com/devcontainers/base:ubuntu-22.04
ARG TARGETARCH
ENV TARGETARCH=${TARGETARCH}
# Install essential packages first
RUN apt-get update && apt-get install -y \
curl \
wget \
git \
sudo \
unzip \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Copy ASDF version file
ENV ASDF_VERSION=0.18.1
# Add amd64 architecture if on arm64
RUN if [ "$TARGETARCH" == "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then dpkg --add-architecture amd64; fi
RUN apt-get update \
&& export DEBIAN_FRONTEND=noninteractive \
&& apt-get -y dist-upgrade \
&& apt-get -y install --no-install-recommends htop vim curl git build-essential \
libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev libbz2-dev \
zlib1g-dev unixodbc unixodbc-dev libsecret-1-0 libsecret-1-dev libsqlite3-dev \
jq apt-transport-https ca-certificates gnupg-agent \
software-properties-common bash-completion python3-pip make libbz2-dev \
libreadline-dev libsqlite3-dev wget llvm libncurses5-dev libncursesw5-dev \
xz-utils tk-dev liblzma-dev netcat-traditional libyaml-dev uuid-runtime xxd unzip
# install aws stuff
# Download correct AWS CLI for arch
RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \
else \
wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \
fi && \
unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \
/tmp/aws-cli/aws/install && \
rm /tmp/awscliv2.zip && rm -rf /tmp/aws-cli
# Install ASDF
RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz"; \
else \
wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz"; \
fi && \
tar -xzf /tmp/asdf.tar.gz -C /tmp && \
mkdir -p /usr/bin && \
mv /tmp/asdf /usr/bin/asdf && \
chmod +x /usr/bin/asdf && \
rm -rf /tmp/asdf.tar.gz
# install gitsecrets
RUN git clone https://github.com/awslabs/git-secrets.git /tmp/git-secrets && \
cd /tmp/git-secrets && \
make install && \
cd && \
rm -rf /tmp/git-secrets && \
mkdir -p /usr/share/secrets-scanner && \
chmod 755 /usr/share/secrets-scanner && \
curl -L https://raw.githubusercontent.com/NHSDigital/software-engineering-quality-framework/main/tools/nhsd-git-secrets/nhsd-rules-deny.txt -o /usr/share/secrets-scanner/nhsd-rules-deny.txt
COPY --from=build /tmp/trivy/trivy /usr/local/bin/trivy
USER vscode
ENV PATH="/home/vscode/.asdf/shims:/home/vscode/.local/bin:$PATH:/workspaces/eps-devcontainers/node_modules/.bin"
RUN \
echo 'PATH="/home/vscode/.asdf/shims:/home/vscode/.local/bin:$PATH:/workspaces/eps-devcontainers/node_modules/.bin"' >> ~/.bashrc; \
echo '. <(asdf completion bash)' >> ~/.bashrc; \
echo '# Install Ruby Gems to ~/gems' >> ~/.bashrc; \
echo 'export GEM_HOME="$HOME/gems"' >> ~/.bashrc; \
echo 'export PATH="$HOME/gems/bin:$PATH"' >> ~/.bashrc;
# Install ASDF plugins
RUN asdf plugin add python; \
asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git; \
asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git; \
asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git; \
asdf plugin add direnv; \
asdf plugin add actionlint; \
asdf plugin add ruby https://github.com/asdf-vm/asdf-ruby.git; \
asdf plugin add yq https://github.com/sudermanjr/asdf-yq.git;
WORKDIR /workspaces/eps-devcontainers
COPY .devcontainer/.tool-versions.bootstrap /workspaces/eps-devcontainers/.tool-versions
COPY .devcontainer/.tool-versions.bootstrap /home/vscode/.tool-versions
# install python before poetry to ensure correct python version is used
RUN asdf install python; \
asdf install
RUN git-secrets --register-aws --global && \
git-secrets --add-provider --global -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt