-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9d98e6a
commit db11cef
Showing
1 changed file
with
27 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,17 @@ | ||
| ############################################################################### | ||
| # Build stages | ||
| ############################################################################### | ||
| FROM python:3.9-bookworm as srcclr-builder | ||
|
|
||
| # python:3.9.17-bookworm | ||
| ARG PYTHON_IMG_VER=sha256:3d35a404db586d00a4ee5a65fd1496fe019ed4bdc068d436a67ce5b64b8b9659 | ||
|
|
||
| # python:3.9.17-slim-bookworm | ||
| ARG PYTHON_SLIM_IMG_VER=sha256:2adc70122c1c77b4ce149129c27ae427e119578c28bc6fc9e8909866c582bd21 | ||
|
|
||
| # php:8.2.8-cli-bookworm | ||
| ARG PHP_IMG_VER=sha256:5f1cbebbb6a873971786857b60a88f0f87f1959a4e29d93fd24afc11db351e09 | ||
|
|
||
| FROM python@${PYTHON_IMG_VER} as srcclr-builder | ||
|
|
||
| SHELL ["/bin/bash", "-o", "pipefail", "-c"] | ||
|
|
||
|
|
@@ -12,7 +22,7 @@ RUN apt-get update && \ | |
| curl -sSL 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xdf7dd7a50b746dd4' | gpg --dearmor -o /etc/apt/trusted.gpg.d/veracode-sca-archive.gpg && \ | ||
| echo 'deb https://download.sourceclear.com/ubuntu stable/' >/etc/apt/sources.list.d/veracode-sca.list | ||
|
|
||
| FROM python:3.9-bookworm as golang-builder | ||
| FROM python@${PYTHON_IMG_VER} as golang-builder | ||
|
|
||
| ARG GOLANGVER=1.20.6 | ||
| ARG GOLANGSHA=b945ae2bb5db01a0fb4786afde64e6fbab50b67f6fa0eb6cfa4924f16a7ff1eb | ||
|
|
@@ -24,7 +34,7 @@ RUN mkdir -p /golang/go && \ | |
| tar -xzvf /golang/golang.tar.gz -C /golang/go && \ | ||
| rm /golang/golang.tar.gz | ||
|
|
||
| FROM python:3.9-bookworm as gradle-builder | ||
| FROM python@${PYTHON_IMG_VER} as gradle-builder | ||
|
|
||
| ARG GRADLEVER=8.2.1 | ||
| ARG GRADLESHA=03ec176d388f2aa99defcadc3ac6adf8dd2bce5145a129659537c0874dea5ad1 | ||
|
|
@@ -37,7 +47,7 @@ RUN mkdir -p /gradle && \ | |
| mv /gradle/gradle-$GRADLEVER /gradle/gradle && \ | ||
| rm /gradle/gradle.zip | ||
|
|
||
| FROM python:3.9-bookworm as ant-builder | ||
| FROM python@${PYTHON_IMG_VER} as ant-builder | ||
|
|
||
| ARG ANTVER=1.10.13 | ||
| ARG ANTSHA=de4ac604629e39a86a306f0541adb3775596909ad92feb8b7de759b1b286417db24f557228737c8b902d6abf722d2ce5bb0c3baa3640cbeec3481e15ab1958c9 | ||
|
|
@@ -50,7 +60,7 @@ RUN mkdir -p /ant && \ | |
| mv /ant/apache-ant-$ANTVER /ant/ant && \ | ||
| rm /ant/ant.tar.gz | ||
|
|
||
| FROM python:3.9-bookworm as maven-builder | ||
| FROM python@${PYTHON_IMG_VER} as maven-builder | ||
|
|
||
| ARG MAVENVER=3.9.3 | ||
| ARG MAVENSHA=400fc5b6d000c158d5ee7937543faa06b6bda8408caa2444a9c947c21472fde0f0b64ac452b8cec8855d528c0335522ed5b6c8f77085811c7e29e1bedbb5daa2 | ||
|
|
@@ -63,7 +73,7 @@ RUN mkdir -p /maven && \ | |
| mv /maven/apache-maven-$MAVENVER /maven/maven && \ | ||
| rm /maven/maven.tar.gz | ||
|
|
||
| FROM python:3.9-bookworm as node-builder | ||
| FROM python@${PYTHON_IMG_VER} as node-builder | ||
|
|
||
| ARG NODEVER=18.17.0 | ||
| ARG NODESHA=5c4a7fd9262c0c47bafab3442de6c3fed1602be3d243cb8cf11309a201955e75 | ||
|
|
@@ -76,13 +86,15 @@ RUN mkdir -p /node && \ | |
| mv /node/node-v$NODEVER-linux-x64 /node/node && \ | ||
| rm /node/node.tar.gz | ||
|
|
||
| FROM php:8.2.8-cli-bookworm as php-builder | ||
| FROM php@${PHP_IMG_VER} as php-builder | ||
|
|
||
| SHELL ["/bin/bash", "-o", "pipefail", "-c"] | ||
|
|
||
| RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer | ||
|
|
||
| FROM python:3.9-bookworm as java-builder | ||
| FROM python@${PYTHON_IMG_VER} as java-builder | ||
|
|
||
| SHELL ["/bin/bash", "-o", "pipefail", "-c"] | ||
|
|
||
| ARG JAVAVER=17.0.8 | ||
| ARG JAVASHA=74b528a33bb2dfa02b4d74a0d66c9aff52e4f52924ce23a62d7f9eb1a6744657 | ||
|
|
@@ -97,7 +109,7 @@ RUN mkdir -p /java && \ | |
| ############################################################################### | ||
| # App stage | ||
| ############################################################################### | ||
| FROM python:3.9-slim-bookworm as app | ||
| FROM python@${PYTHON_SLIM_IMG_VER} as app | ||
|
|
||
| SHELL ["/bin/bash", "-o", "pipefail", "-c"] | ||
| ARG MAINTAINER | ||
|
|
@@ -140,11 +152,11 @@ ENV PATH="$PATH:/usr/local/java/bin" | |
| # Run all additional config in a single RUN to reduce the layers: | ||
| # - Apply security updates | ||
| # - Install: | ||
| # - srcclr agent | ||
| # - git | ||
| # - libyaml (Ruby dep) | ||
| # - PHP dependencies | ||
| # - Ruby | ||
| # - srcclr agent | ||
| # - Install yarn and bower | ||
| # - Clean up apt cache | ||
| # - Upgrade pip and install boto3 for plugin utils | ||
|
|
@@ -153,20 +165,20 @@ ENV PATH="$PATH:/usr/local/java/bin" | |
| # hadolint ignore=DL3005 | ||
| RUN apt-get update && \ | ||
| apt-get install -y --no-install-recommends -o "dpkg::Options::=--refuse-downgrade" \ | ||
| "srcclr=3.8.36" \ | ||
| "git=1:2.39.2-1.1" \ | ||
| "libyaml-0-2=0.2.5-1" \ | ||
| "libargon2-1=0~20171227-0.3+deb12u1" \ | ||
| "libcurl4=7.88.1-10+deb12u1" \ | ||
| "libedit2=3.1-20221030-2" \ | ||
| "libncurses6=6.4-4" \ | ||
| "libonig5=6.9.8-1" \ | ||
| "libsodium23=1.0.18-1" \ | ||
| "libsqlite3-0=3.40.1-2" \ | ||
| "libssl3=3.0.9-1" \ | ||
| "libxml2=2.9.14+dfsg-1.3~deb12u1" \ | ||
| "zlib1g=1:1.2.13.dfsg-1" \ | ||
| "libncurses6=6.4-4" \ | ||
| "ruby=1:3.1" && \ | ||
| "libyaml-0-2=0.2.5-1" \ | ||
| "ruby=1:3.1" \ | ||
| "srcclr=3.8.36" \ | ||
| "zlib1g=1:1.2.13.dfsg-1" && \ | ||
| apt-get -s dist-upgrade | { grep -E '^Inst ' | grep -F 'Debian-Security' || true; } | awk '{print $2}' | xargs apt-get -y --no-install-recommends -o "dpkg::Options::=--refuse-downgrade" install && \ | ||
| npm install --global \ | ||
| "[email protected]" \ | ||
|
|
||