forked from mendix/docker-mendix-buildpack
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
190 lines (146 loc) · 7.01 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
# Dockerfile to create a Mendix Docker image based on either the source code or
# Mendix Deployment Archive (aka mda file)
#
# Author: Mendix Digital Ecosystems, digitalecosystems@mendix.com
# Version: 2.1.0
ARG ROOTFS_IMAGE=mendix/rootfs:bionic
ARG BUILDER_ROOTFS_IMAGE=mendix/rootfs:bionic
# Build stage
FROM ${BUILDER_ROOTFS_IMAGE} AS builder
# Build-time variables
ARG BUILD_PATH=project
ARG DD_API_KEY
# CF buildpack version
ARG CF_BUILDPACK=v4.30.2
# CF buildpack download URL
ARG CF_BUILDPACK_URL=https://github.com/mendix/cf-mendix-buildpack/releases/download/${CF_BUILDPACK}/cf-mendix-buildpack.zip
# Exclude the logfilter binary by default
ARG EXCLUDE_LOGFILTER=true
# Allow specification of alternative BLOBSTORE location and debugging
ARG BLOBSTORE
ARG BUILDPACK_XTRACE
# Set the user ID
ARG USER_UID=1001
# Each comment corresponds to the script line:
# 1. Create all directories needed by scripts
# 2. Download CF buildpack
# 3. Extract CF buildpack
# 4. Delete CF buildpack zip archive
# 5. Update ownership of /opt/mendix so that the app can run as a non-root user
# 6. Update permissions of /opt/mendix so that the app can run as a non-root user
RUN mkdir -p /opt/mendix/buildpack /opt/mendix/build &&\
ln -s /root /home/vcap &&\
echo "Downloading CF Buildpack from ${CF_BUILDPACK_URL}" &&\
curl -fsSL ${CF_BUILDPACK_URL} -o /tmp/cf-mendix-buildpack.zip && \
python3 -m zipfile -e /tmp/cf-mendix-buildpack.zip /opt/mendix/buildpack/ &&\
rm /tmp/cf-mendix-buildpack.zip &&\
chown -R ${USER_UID}:0 /opt/mendix &&\
chmod -R g=u /opt/mendix
# Copy python scripts which execute the buildpack (exporting the VCAP variables)
COPY scripts/compilation scripts/git /opt/mendix/buildpack/
# Copy project model/sources
COPY $BUILD_PATH /opt/mendix/build
# Install the buildpack Python dependencies
RUN chmod +rx /opt/mendix/buildpack/bin/bootstrap-python && /opt/mendix/buildpack/bin/bootstrap-python /opt/mendix/buildpack /tmp/buildcache
# Add the buildpack modules
ENV PYTHONPATH "$PYTHONPATH:/opt/mendix/buildpack/lib/:/opt/mendix/buildpack/:/opt/mendix/buildpack/lib/python3.6/site-packages/"
# Use nginx supplied by the base OS
ENV NGINX_CUSTOM_BIN_PATH=/usr/sbin/nginx
# Each comment corresponds to the script line:
# 1. Create cache directory and directory for dependencies which can be shared
# 2. Set permissions for compilation scripts
# 3. Navigate to buildpack directory
# 4. Call compilation script
# 5. Remove temporary files
# 6. Create symlink for java prefs used by CF buildpack
# 7. Update ownership of /opt/mendix so that the app can run as a non-root user
# 8. Update permissions of /opt/mendix so that the app can run as a non-root user
RUN mkdir -p /tmp/buildcache /tmp/cf-deps /var/mendix/build /var/mendix/build/.local &&\
chmod +rx /opt/mendix/buildpack/compilation /opt/mendix/buildpack/git /opt/mendix/buildpack/buildpack/stage.py &&\
cd /opt/mendix/buildpack &&\
./compilation /opt/mendix/build /tmp/buildcache /tmp/cf-deps 0 &&\
rm -fr /tmp/buildcache /tmp/javasdk /tmp/opt /tmp/downloads /opt/mendix/buildpack/compilation /opt/mendix/buildpack/git &&\
ln -s /opt/mendix/.java /opt/mendix/build &&\
chown -R ${USER_UID}:0 /opt/mendix /var/mendix &&\
chmod -R g=u /opt/mendix /var/mendix
FROM ${ROOTFS_IMAGE}
LABEL Author="Mendix Digital Ecosystems"
LABEL maintainer="digitalecosystems@mendix.com"
# Uninstall build-time dependencies to remove potentially vulnerable libraries
ARG UNINSTALL_BUILD_DEPENDENCIES=true
# Set the user ID
ARG USER_UID=1001
# Set the home path
ENV HOME=/opt/mendix/build
# Allow the user group to modify /etc/passwd so that OpenShift 3 randomized UIDs are supported by CF Buildpack
RUN chmod g=u /etc/passwd &&\
chown ${USER_UID}:0 /etc/passwd
# Uninstall Ubuntu packages which are only required during build time
RUN if [ "$UNINSTALL_BUILD_DEPENDENCIES" = "true" ] && grep -q ubuntu /etc/os-release ; then\
DEBIAN_FRONTEND=noninteractive apt-mark manual libfontconfig1 && \
DEBIAN_FRONTEND=noninteractive apt-get remove --purge --auto-remove -q -y wget curl libgdiplus ; \
fi
# Add the buildpack modules
ENV PYTHONPATH "/opt/mendix/buildpack/lib/:/opt/mendix/buildpack/:/opt/mendix/buildpack/lib/python3.6/site-packages/"
# Copy start scripts
COPY scripts/startup scripts/vcap_application.json /opt/mendix/build/
# Create vcap home directory for Datadog configuration
RUN mkdir -p /home/vcap /opt/datadog-agent/run &&\
chown -R ${USER_UID}:0 /home/vcap /opt/datadog-agent/run &&\
chmod -R g=u /home/vcap /opt/datadog-agent/run
# Each comment corresponds to the script line:
# 1. Make the startup script executable
# 2. Update ownership of /opt/mendix so that the app can run as a non-root user
# 3. Update permissions of /opt/mendix so that the app can run as a non-root user
# 4. Ensure that running Java 8 as root will still be able to load offline licenses
RUN chmod +rx /opt/mendix/build/startup &&\
chown -R ${USER_UID}:0 /opt/mendix &&\
chmod -R g=u /opt/mendix &&\
ln -s /opt/mendix/.java /root
##############################################################################
# below 6 commands to prepare for pupeteer service
#Installs latest Chromium package.
RUN echo 'Installing Chromium...'
RUN apt update && apt install -y \
chromium-browser \
chromium-chromedriver
# Run echo tester
RUN echo 'Installing node...'
# Installing curl
RUN apt-get -y install curl
# Installing Node using curl
RUN curl -sL https://deb.nodesource.com/setup_17.x -o nodesource_setup.sh \
&& bash nodesource_setup.sh \
&& apt install -y build-essential nodejs
# RUN curl -sL https://deb.nodesource.com/setup_18.x -o nodesource_setup.sh && bash nodesource_setup.sh && apt install -y build-essential nodejs
# RUN curl -sL https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.2/install.sh -o install_nvm.sh && bash install_nvm.sh && apt install -y build-essential nodejs
# Install Node from github
# RUN apt-get install -y git-core curl build-essential openssl libssl-dev \
# && git clone https://github.com/nodejs/node.git \
# && cd node \
# && ./configure \
# && make \
# && sudo make install
# Check installed node version
RUN node --version
# Check mendix directory
RUN ls /opt/mendix/build
##############################################################################
USER ${USER_UID}
# Copy jre from build container
COPY --from=builder /var/mendix/build/.local/usr /opt/mendix/build/.local/usr
# Copy Mendix Runtime from build container
COPY --from=builder /var/mendix/build/runtimes /opt/mendix/build/runtimes
# Copy build artifacts from build container
COPY --from=builder /opt/mendix /opt/mendix
##############################################################################
# Check mendix directory
RUN ls /opt/mendix/build
##############################################################################
# Use nginx supplied by the base OS
ENV NGINX_CUSTOM_BIN_PATH=/usr/sbin/nginx
WORKDIR /opt/mendix/build
# Expose nginx port
ENV PORT 8080
EXPOSE $PORT
ENTRYPOINT ["/opt/mendix/build/startup","/opt/mendix/buildpack/buildpack/start.py"]