-
Notifications
You must be signed in to change notification settings - Fork 84
/
Dockerfile
82 lines (60 loc) · 2.84 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
FROM quay.io/app-sre/qontract-reconcile-builder:0.5.3 as build-image
WORKDIR /work
COPY helm helm
COPY reconcile reconcile
COPY release release
COPY tools tools
COPY setup.py .
COPY GIT_VERSION .
COPY dockerfiles/hack/run-integration.py .
RUN python3 -m pip install --no-cache-dir --upgrade pip setuptools wheel && \
python3 -m pip wheel . --wheel-dir /work/wheels
FROM quay.io/app-sre/qontract-reconcile-base:0.12.4 as dev-image
ARG CONTAINER_UID=1000
RUN useradd --uid ${CONTAINER_UID} reconcile
RUN python3 -m pip install --no-cache-dir --upgrade pip setuptools wheel
# Cache mount. We don't need te wheel files in the final image.
# This COPY will create a layer with all the wheel files to install the app.
# This layer is not needed in the final image, so we can leverage a cache mount
# to get rid of it. Implement the cache mount with the RUN command when we are
# able to use the buildkit features.
COPY --from=build-image /work/ /tmp/work/
#RUN --mount=type=cache,target=/tmp/work/,from=build-image,source=/work \
COPY . /work
WORKDIR /work
RUN python3 -m pip install --no-cache-dir --no-index --find-links=/tmp/work/wheels qontract-reconcile
RUN python3 -m pip install -e .
RUN python3 -m pip install -r /work/requirements/requirements-debugger.txt
RUN chown -R reconcile /work && \
chown -R reconcile /.terraform.d
USER reconcile
VOLUME ["/work"]
ENTRYPOINT ["/work/dev/run.sh"]
FROM quay.io/app-sre/qontract-reconcile-base:0.12.4 as prod-image
ARG quay_expiration=never
LABEL quay.expires-after=${quay_expiration}
# Cache mount. We don't need te wheel files in the final image.
# This COPY will create a layer with all the wheel files to install the app.
# This layer is not needed in the final image, so we can leverage a cache mount
# to get rid of it. Implement the cache mount un the RUN command when we are able to
# to use the buildkit features.
COPY --from=build-image /work/ /tmp/work/
#RUN --mount=type=cache,target=/tmp/work/,from=build-image,source=/work \
RUN microdnf upgrade -y && \
python3 -m pip install --no-cache-dir --upgrade pip setuptools wheel && \
python3 -m pip install --no-cache-dir --no-index --find-links=/tmp/work/wheels qontract-reconcile && \
mkdir /helm && cp -r /tmp/work/helm/* /helm && \
cp /tmp/work/run-integration.py /run-integration.py
CMD [ "/run-integration.py" ]
FROM prod-image as fips-prod-image
ENV OC_VERSION=4.10.15
# Tini
ENV TINI_VERSION v0.19.0
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
RUN chmod +x /tini
# oc versions sometimes have issues with FIPS enabled systems requiring us to use specific
# versions in these environments so in this case we extract an older version of oc and kubectl
COPY --chown=0:0 --from=quay.io/app-sre/qontract-reconcile-oc:0.1.0 \
/work/${OC_VERSION}/ /usr/local/bin/
ENTRYPOINT ["/tini", "--"]
CMD [ "/run-integration.py" ]