Dockerfile - mozsearch

mozilla-central/taskcluster/docker/image_builder/Dockerfile

Enable keyboard shortcuts

Source code

File a bug in Firefox Build System :: Task Configuration

Revision control

Copy as Markdown

Other Tools

# This Source Code Form is subject to the terms of the Mozilla Public

# License, v. 2.0. If a copy of the MPL was not distributed with this

# file, You can obtain one at http://mozilla.org/MPL/2.0/.

FROM golang:1.14 as skopeo

WORKDIR /go/src/

RUN ["git", "clone", "--no-checkout", "--depth=1", "--branch=v1.1.1", "https://github.com/containers/skopeo", "."]

RUN ["git", "checkout", "67abbb3cefbdc876447583d5ea45e76bf441eba7"]

ENV GO111MODULE=on CGO_ENABLED=0

RUN ["go", "build", \

	"-mod=vendor", "-o", "out/skopeo", \

	"-tags", "exclude_graphdriver_devicemapper exclude_graphdriver_btrfs containers_image_openpgp", \

	# Set unixTempDirForBigFiles so skopeo will extract in a directory hidden by kaniko

	# We create the directory below.

	"-ldflags", " -X github.com/containers/image/v5/internal/tmpdir.unixTempDirForBigFiles=/workspace/tmp -X github.com/containers/image/v5/signature.systemDefaultPolicyPath=/kaniko/containers/policy.json -extldflags \"-static\" -w -s", \

	"./cmd/skopeo"]

FROM golang:1.14 as kaniko

WORKDIR /go/src/

RUN ["git", "clone", "--no-checkout", "--depth=1", "--branch=v1.0.0", "https://github.com/GoogleContainerTools/kaniko", "."]

RUN ["git", "checkout", "146ec6a9cd6f87b4a12e8119ded575d5edca35ac"]

RUN ["make"]

# Build the `build-image` command as a static binary using musl

# The setup is loosely based on a stripped down version of

# https://github.com/emk/rust-musl-builder/blob/master/Dockerfile

FROM debian:buster as build-image

COPY apt.conf /etc/apt/apt.conf.d/99taskcluster

RUN apt-get update && \

    apt-get install \

        build-essential \

        ca-certificates \

        curl \

        musl-dev \

        musl-tools \

        && \

    useradd rust --user-group --create-home --shell /bin/bash

# Run all further code as user `rust`, and create our working directories

# as the appropriate user.

USER rust

# Set up our path with all our binary directories, including those for the

# musl-gcc toolchain and for our Rust toolchain.

ENV PATH=/home/rust/.cargo/bin:$PATH

# The Rust toolchain to use when building our image.  Set by `hooks/build`.

ENV TOOLCHAIN=1.42.0 \

    TARGET=x86_64-unknown-linux-musl

# Install our Rust toolchain and the `musl` target.  We patch the

# command-line we pass to the installer so that it won't attempt to

# interact with the user or fool around with TTYs.  We also set the default

# `--target` to musl so that our users don't need to keep overriding it

# manually.

RUN curl https://sh.rustup.rs -sSf | \

    sh -s -- -y \

        --profile minimal \

        --default-toolchain $TOOLCHAIN \

        --target $TARGET

# Expect our source code to live in /home/rust/src.  We'll run the build as

# user `rust`, which will be uid 1000, gid 1000 outside the container.

RUN mkdir -p /home/rust/src

WORKDIR /home/rust/src

# Add our source code.

ADD --chown=rust:rust build-image/ ./

# --out-dir is not yet stable

ENV RUSTC_BOOTSTRAP=1

# Build our application.

RUN ["cargo", "build", "--target", "x86_64-unknown-linux-musl", "--out-dir=bin", "--release", "-Zunstable-options"]

FROM scratch as empty

FROM scratch

COPY --from=skopeo /go/src/out/skopeo /kaniko-bootstrap/skopeo

COPY --from=kaniko /go/src/out/executor /kaniko-bootstrap/executor

COPY --from=build-image \

    /home/rust/src/bin/build-image \

    /kaniko-bootstrap/build-image

ADD https://mkcert.org/generate/ /kaniko-bootstrap/ssl/certs/ca-certificats.crt

ENV SSL_CERT_DIR=/kaniko/ssl/certs

ADD policy.json /kaniko-bootstrap/containers/policy.json

ENV HOME /root

ENV USER /root

WORKDIR /workspace

ENV PATH /usr/local/bin:/kaniko

VOLUME /workspace

ENTRYPOINT ["/kaniko-bootstrap/build-image"]