forked from gardener/cc-utils
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile.job-image-base
More file actions
59 lines (51 loc) · 2.31 KB
/
Dockerfile.job-image-base
File metadata and controls
59 lines (51 loc) · 2.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
FROM alpine:3 AS builder
COPY gardener-cicd-libs.apk-packages .
COPY requirements.txt .
RUN apk add --no-cache \
curl \
&& cat gardener-cicd-libs.apk-packages | xargs apk add --no-cache \
&& mkdir -p $HOME/.config/pip \
&& echo -e "[global]\nbreak-system-packages = true" >> $HOME/.config/pip/pip.conf \
&& pip3 install --upgrade --no-cache-dir \
pip \
&& pip3 install --root /pkgs --upgrade --no-cache-dir \
$(grep -v '#' requirements.txt | grep -v 'gardener' | tr '\n' ' ')
FROM alpine:3
ARG DOCKER_CHANNEL=stable
ARG DOCKER_VERSION=28.3.3
ENV PATH=$PATH:/opt/docker
ARG TARGETARCH
ARG DOCKER_BUILDX_VERSION=v0.26.1
COPY --from=builder /pkgs/usr /usr
RUN --mount=source=apk-packages.blacklist,target=/apk-packages.blacklist \
--mount=source=gardener-cicd-libs.apk-packages,target=/gardener-cicd-libs.apk-packages \
if [ -z "${TARGETARCH}" ]; then TARGETARCH="amd64"; fi \
&& if [ "${TARGETARCH}" == "arm64" ]; then DOCKER_ARCH="aarch64"; \
elif [ "${TARGETARCH}" == "amd64" ]; then DOCKER_ARCH="x86_64"; fi \
&& cat /gardener-cicd-libs.apk-packages \
| grep -v -f /apk-packages.blacklist \
| xargs apk add --no-cache \
&& mkdir -p $HOME/.config/pip \
&& echo -e "[global]\nbreak-system-packages = true" >> $HOME/.config/pip/pip.conf \
&& pip3 install --upgrade --no-cache-dir \
pip \
&& echo "before docker" \
&& curl -Lf \
"https://download.docker.com/linux/static/${DOCKER_CHANNEL}/${DOCKER_ARCH}/docker-${DOCKER_VERSION}.tgz" \
| tar zx -C /opt \
&& mkdir -p /usr/lib/docker/cli-plugins \
&& echo "before docker-buildx" \
&& curl -Lo /usr/lib/docker/cli-plugins/docker-buildx \
https://github.com/docker/buildx/releases/download/${DOCKER_BUILDX_VERSION}/buildx-${DOCKER_BUILDX_VERSION}.linux-${TARGETARCH} \
&& chmod +x /usr/lib/docker/cli-plugins/docker-buildx \
&& echo "before first aia" \
&& curl http://aia.pki.co.sap.com/aia/SAP%20Global%20Root%20CA.crt -o \
/usr/local/share/ca-certificates/SAP_Global_Root_CA.crt \
&& echo "before second aia" \
&& curl -Lo /usr/local/share/ca-certificates/SAPNetCA_G2_2.crt \
http://aia.pki.co.sap.com/aia/SAPNetCA_G2_2.crt \
&& update-ca-certificates \
&& dos2unix /etc/ssl/certs/ca-certificates.crt \
&& ln -sf /etc/ssl/certs/ca-certificates.crt "$(python3 -m certifi)" \
&& mkdir -p ~/.ssh \
&& ssh-keyscan -H github.wdf.sap.corp github.com >> ~/.ssh/known_hosts