-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile.alpine
186 lines (173 loc) · 9.73 KB
/
Dockerfile.alpine
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
FROM twdps/circleci-base-image:alpine-6.7.0
LABEL org.opencontainers.image.title="circleci-infra-gcp" \
org.opencontainers.image.description="Alpine-based CircleCI executor image" \
org.opencontainers.image.documentation="https://github.com/ThoughtWorks-DPS/circleci-infra-gcp" \
org.opencontainers.image.source="https://github.com/ThoughtWorks-DPS/circleci-infra-gcp" \
org.opencontainers.image.url="https://github.com/ThoughtWorks-DPS/circleci-infra-gcp" \
org.opencontainers.image.vendor="ThoughtWorks, Inc." \
org.opencontainers.image.authors="sean.alvarez@thoughtworks.com" \
org.opencontainers.image.licenses="MIT" \
org.opencontainers.image.created="CREATED" \
org.opencontainers.image.version="VERSION"
########## VENDOR TOOL VERSIONS ##########
ENV TERRAFORM_VERSION=1.6.1
ENV TERRAFORM_SHA256SUM=d1a778850cc44d9348312c9527f471ea1b7a9213205bb5091ec698f3dc92e2a6
ENV TFLINT_VERSION=0.48.0
ENV TFSEC_VERSION=1.28.4
ENV GCLOUD_VERSION=451.0.1
ENV GCLOUD_SHA256SUM=8446f6d837168d7d66dd192c2221c1081c16a2b93cb54642a6bfb7078cd3dd53
ENV CIRCLEPIPE_VERSION=0.2.0
ENV COSIGN_VERSION=2.2.0
ENV DRIFTCTL_VERSION=0.39.0
########## ALPINE VERSIONS ##########
# renovate: datasource=repology depName=alpine_3_18/gnupg versioning=loose
ENV GNUPG_VERSION="2.4.3-r0"
# renovate: datasource=repology depName=alpine_3_18/docker versioning=loose
ENV DOCKER_VERSION="23.0.6-r6"
# renovate: datasource=repology depName=alpine_3_18/openrc versioning=loose
ENV OPENRC_VERSION="0.48-r0"
# renovate: datasource=repology depName=alpine_3_18/nodejs versioning=loose
ENV NODEJS_VERSION="18.18.2-r0"
# renovate: datasource=repology depName=alpine_3_18/npm versioning=loose
ENV NPM_VERSION="9.6.6-r0"
# renovate: datasource=repology depName=alpine_3_18/ruby versioning=loose
ENV RUBY_VERSION="3.2.2-r0"
# renovate: datasource=repology depName=alpine_3_18/ruby-webrick versioning=loose
ENV RUBY_WEBRICK_VERSION="1.8.1-r0"
# renovate: datasource=repology depName=alpine_3_18/ruby-bundler versioning=loose
ENV RUBY_BUNDLER_VERSION="2.4.15-r0"
# renovate: datasource=repology depName=alpine_3_18/python3 versioning=loose
ENV PYTHON3_VERSION="3.11.6-r0"
# renovate: datasource=repology depName=alpine_3_18/perl-utils versioning=loose
ENV PERL_UTILS_VERSION="5.36.1-r2"
# renovate: datasource=repology depName=alpine_3_18/jq versioning=loose
ENV JQ_VERSION="1.6-r3"
# renovate: datasource=repology depName=alpine_3_18/build-base versioning=loose
ENV BUILD_BASE_VERSION="0.5-r3"
# renovate: datasource=repology depName=alpine_3_18/openssl-dev versioning=loose
ENV OPENSSL_DEV_VERSION="3.1.4-r0"
# renovate: datasource=repology depName=alpine_3_18/python3-dev versioning=loose
ENV PYTHON3_DEV_VERSION="3.11.6-r0"
# renovate: datasource=repology depName=alpine_3_18/ruby-dev versioning=loose
ENV RUBY_DEV_VERSION="3.2.2-r0"
# renovate: datasource=repology depName=alpine_3_18/libffi-dev versioning=loose
ENV LIBFFI_DEV_VERSION="3.4.4-r2"
# renovate: datasource=repology depName=alpine_3_18/g++ versioning=loose
ENV GPP_VERSION="12.2.1_git20220924-r10"
# renovate: datasource=repology depName=alpine_3_18/gcc versioning=loose
ENV GCC_VERSION="12.2.1_git20220924-r10"
# renovate: datasource=repology depName=alpine_3_18/make versioning=loose
ENV MAKE_VERSION="4.4.1-r1"
########## PYTHON VERSIONS ##########
# renovate: datasource=repology depName=pypi/pip versioning=loose
ENV PIP_VERSION="23.3.1"
# renovate: datasource=repology depName=pypi/setuptools versioning=loose
ENV SETUPTOOLS_VERSION="68.2.2"
# renovate: datasource=repology depName=pypi/wheel versioning=loose
ENV WHEEL_VERSION="0.41.3"
# renovate: datasource=repology depName=pypi/invoke versioning=loose
ENV INVOKE_VERSION="2.2.0"
# renovate: datasource=repology depName=pypi/requests versioning=loose
ENV REQUESTS_VERSION="2.31.0"
# renovate: datasource=repology depName=pypi/Jinja2 versioning=loose
ENV JINJA2_VERSION="3.1.2"
# renovate: datasource=repology depName=pypi/checkov versioning=loose
ENV CHECKOV_VERSION="3.0.14"
# renovate: datasource=repology depName=pypi/circlecigen versioning=loose
ENV CIRCLECIGEN_VERSION=="0.0.9"
########## NPM VERSIONS ##########
# renovate: datasource=npm depName=snyk versioning=loose
ENV SNYK_VERSION="1.1237.0"
# renovate: datasource=npm depName=github-release-notes versioning=loose
ENV GITHUB_RELEASE_NOTES_VERSION="0.17.3"
# renovate: datasource=npm depName=bats versioning=loose
ENV BATS_VERSION="1.10.0"
########## RUBY VERSIONS ##########
# renovate: datasource=repology depName=rubygems/inspec-bin versioning=loose
ENV INSPEC_BIN_VERSION="5.22.3"
# renovate: datasource=repology depName=rubygems/json versioning=loose
ENV JSON_VERSION="2.6.3"
########## SCRIPTS ##########
SHELL ["/bin/ash", "-o", "pipefail", "-c"]
# sudo since twdps circleci remote docker images set the USER=cirlceci
# hadolint ignore=DL3004
RUN sudo bash -c "echo 'http://dl-cdn.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories" && \
sudo apk add --no-cache \
gnupg==${GNUPG_VERSION} \
docker==${DOCKER_VERSION} \
openrc==${OPENRC_VERSION} \
nodejs==${NODEJS_VERSION} \
npm==${NPM_VERSION} \
ruby==${RUBY_VERSION} \
ruby-webrick==${RUBY_WEBRICK_VERSION} \
ruby-bundler==${RUBY_BUNDLER_VERSION} \
python3==${PYTHON3_VERSION} \
perl-utils==${PERL_UTILS_VERSION} \
jq==${JQ_VERSION} && \
sudo apk add --no-cache --virtual build-dependencies \
build-base==${BUILD_BASE_VERSION} \
openssl-dev==${OPENSSL_DEV_VERSION} \
python3-dev==${PYTHON3_DEV_VERSION} \
ruby-dev==${RUBY_DEV_VERSION} \
libffi-dev==${LIBFFI_DEV_VERSION} \
g++==${GPP_VERSION} \
gcc==${GCC_VERSION} \
make==${MAKE_VERSION} && \
sudo rc-update add docker boot && \
sudo python3 -m ensurepip && \
sudo rm -r /usr/lib/python*/ensurepip && \
sudo pip3 install --upgrade pip==${PIP_VERSION} && \
if [ ! -e /usr/bin/pip ]; then sudo ln -s /usr/bin/pip3 /usr/bin/pip ; fi && \
sudo ln -s /usr/bin/pydoc3 /usr/bin/pydoc && \
sudo pip install --no-binary \
setuptools==${SETUPTOOLS_VERSION} \
wheel==${WHEEL_VERSION} \
invoke==${INVOKE_VERSION} \
requests==${REQUESTS_VERSION} \
jinja2==${JINJA2_VERSION} \
checkov==${CHECKOV_VERSION} \
circlecigen==${CIRCLECIGEN_VERSION} && \
sudo npm install -g \
snyk@${SNYK_VERSION} \
github-release-notes@${GITHUB_RELEASE_NOTES_VERSION} \
bats@${BATS_VERSION} && \
sudo sh -c "echo 'gem: --no-document' > /etc/gemrc" && \
sudo gem install \
inspec-bin:${INSPEC_BIN_VERSION} \
json:${JSON_VERSION} && \
curl -SLO "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-${GCLOUD_VERSION}-linux-x86_64.tar.gz" > "google-cloud-cli-${GCLOUD_VERSION}-linux-x86_64.tar.gz" && \
echo "${GCLOUD_SHA256SUM} google-cloud-cli-${GCLOUD_VERSION}-linux-x86_64.tar.gz" > "google-cloud-cli-${GCLOUD_VERSION}-SHA256SUMS" && \
sha256sum -cs "google-cloud-cli-${GCLOUD_VERSION}-SHA256SUMS" && sudo rm "google-cloud-cli-${GCLOUD_VERSION}-SHA256SUMS" && \
sudo tar -xvzf "google-cloud-cli-${GCLOUD_VERSION}-linux-x86_64.tar.gz" -C /usr/local && \
rm "google-cloud-cli-${GCLOUD_VERSION}-linux-x86_64.tar.gz" && \
sudo chmod +x /usr/local/google-cloud-sdk/install.sh && \
sudo chown -R "$(whoami)" /usr/local/google-cloud-sdk && \
sh /usr/local/google-cloud-sdk/install.sh -q && \
curl -SLO "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" > "terraform_${TERRAFORM_VERSION}_linux_amd64.zip" && \
echo "${TERRAFORM_SHA256SUM} terraform_${TERRAFORM_VERSION}_linux_amd64.zip" > "terraform_${TERRAFORM_VERSION}_SHA256SUMS" && \
sha256sum -cs "terraform_${TERRAFORM_VERSION}_SHA256SUMS" && sudo rm "terraform_${TERRAFORM_VERSION}_SHA256SUMS" && \
sudo unzip "terraform_${TERRAFORM_VERSION}_linux_amd64.zip" -d /usr/local/bin && \
sudo rm "terraform_${TERRAFORM_VERSION}_linux_amd64.zip" && \
curl -SLO "https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/tflint_linux_amd64.zip" > tflint_linux_amd64.zip && \
sudo unzip tflint_linux_amd64.zip -d /usr/local/bin && \
sudo rm tflint_linux_amd64.zip && \
curl -SLO https://github.com/aquasecurity/tfsec/releases/download/v${TFSEC_VERSION}/tfsec-linux-amd64 && \
chmod +x tfsec-linux-amd64 && \
sudo mv tfsec-linux-amd64 /usr/local/bin/tfsec && \
curl -L https://github.com/snyk/driftctl/releases/download/v${DRIFTCTL_VERSION}/driftctl_linux_amd64 -o driftctl && \
chmod +x driftctl && \
sudo mv driftctl /usr/local/bin/driftctl && \
curl -SLO https://github.com/ThoughtWorks-DPS/circlepipe/releases/download/${CIRCLEPIPE_VERSION}/circlepipe_Linux_amd64.tar.gz && \
mkdir ./circlepipe && tar -xzf circlepipe_Linux_amd64.tar.gz -C ./circlepipe && \
sudo mv ./circlepipe/circlepipe /usr/local/bin/circlepipe && \
sudo rm -rf ./circlepipe circlepipe_Linux_amd64.tar.gz && \
curl -LO https://github.com/sigstore/cosign/releases/download/v${COSIGN_VERSION}/cosign-linux-amd64 && \
chmod +x cosign-linux-amd64 && sudo mv cosign-linux-amd64 /usr/local/bin/cosign && \
sudo -u circleci mkdir /home/circleci/.gnupg && \
sudo -u circleci bash -c "echo 'allow-loopback-pinentry' > /home/circleci/.gnupg/gpg-agent.conf" && \
sudo -u circleci bash -c "echo 'pinentry-mode loopback' > /home/circleci/.gnupg/gpg.conf" && \
chmod 700 /home/circleci/.gnupg && chmod 600 /home/circleci/.gnupg/* && \
sudo apk del build-dependencies
ENV PATH="/usr/local/google-cloud-sdk/bin:$PATH"
COPY inspec /etc/chef/accepted_licenses/inspec
USER circleci