Switch to SAP Machine JDK + enfore strict version
[mbt-docker.git] / Dockerfile
... / ...
CommitLineData
1FROM debian:bullseye-slim
2
3ARG USER="mta"
4ARG USER_HOME_DIR="/home/${USER}"
5ENV HOME ${USER_HOME_DIR}
6
7RUN set -ex \
8 && apt-get update \
9 && apt-get install -y openssl --no-install-recommends \
10 && rm -rf /var/lib/apt/lists/* \
11 && useradd --home-dir ${USER_HOME_DIR} \
12 --create-home \
13 --shell /bin/bash \
14 --user-group \
15 --uid 1000 \
16 --comment 'Cloud MTA Build Tool' \
17 --password "$(echo weUseMta | openssl passwd -1 -stdin)" ${USER} \
18 # allow anybody to write into the image user home directory
19 && chmod a+w ${USER_HOME_DIR}
20
21ADD http://aia.pki.co.sap.com/aia/SAP%20Global%20Root%20CA.crt \
22 /etc/ssl/certs/SAP_Global_Root_CA.crt
23
24ARG NODE_VERSION=16.17.1
25
26RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
27 && case "${dpkgArch##*-}" in \
28 amd64) ARCH='x64';; \
29 ppc64el) ARCH='ppc64le';; \
30 s390x) ARCH='s390x';; \
31 arm64) ARCH='arm64';; \
32 armhf) ARCH='armv7l';; \
33 i386) ARCH='x86';; \
34 *) echo "unsupported architecture"; exit 1 ;; \
35 esac \
36 && set -ex \
37 && apt-get update \
38 # libatomic1 for arm
39 && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \
40 && rm -rf /var/lib/apt/lists/* \
41 && for key in \
42 4ED778F539E3634C779C87C6D7062848A1AB005C \
43 141F07595B7B3FFE74309A937405533BE57C7D57 \
44 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
45 74F12602B6F1C4E913FAA37AD3A89613643B6201 \
46 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
47 61FC681DFB92A079F1685E77973F295594EC4689 \
48 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
49 C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
50 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
51 C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
52 DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
53 A48C2BEE680E841632CD4E44F07496B3EB3C1762 \
54 108F52B48DB57BB0CC439B2997B01419BD92F80A \
55 B9E2F5981AA6E0CD28160D9FF13993A75599653C \
56 ; do \
57 gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
58 gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
59 done \
60 && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
61 && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
62 && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
63 && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
64 && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
65 && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
66 && apt-mark auto '.*' > /dev/null \
67 && find /usr/local -type f -executable -exec ldd '{}' ';' \
68 | awk '/=>/ { print $(NF-1) }' \
69 | sort -u \
70 | xargs -r dpkg-query --search \
71 | cut -d: -f1 \
72 | sort -u \
73 | xargs -r apt-mark manual \
74 && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
75 && ln -s /usr/local/bin/node /usr/local/bin/nodejs \
76 # smoke tests
77 && node --version \
78 && npm --version
79
80ARG YARN_VERSION=1.22.19
81
82RUN set -ex \
83 && savedAptMark="$(apt-mark showmanual)" \
84 && apt-get update \
85 && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \
86 && rm -rf /var/lib/apt/lists/* \
87 && for key in \
88 6A010C5166006599AA17F08146C2130DFD2497F5 \
89 ; do \
90 gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
91 gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
92 done \
93 && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
94 && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
95 && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
96 && mkdir -p /opt \
97 && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
98 && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
99 && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \
100 && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
101 && apt-mark auto '.*' > /dev/null \
102 && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \
103 && find /usr/local -type f -executable -exec ldd '{}' ';' \
104 | awk '/=>/ { print $(NF-1) }' \
105 | sort -u \
106 | xargs -r dpkg-query --search \
107 | cut -d: -f1 \
108 | sort -u \
109 | xargs -r apt-mark manual \
110 && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
111 # smoke test
112 && yarn --version
113
114ARG SAPMACHINE_VERSION=11.0.16.1
115
116RUN set -ex \
117 && apt-get update \
118 && apt-get install -y gnupg dirmngr --no-install-recommends \
119 && rm -rf /var/lib/apt/lists/* \
120 && for key in \
121 CACB9FE09150307D1D22D82962754C3B3ABCFE23 \
122 ; do \
123 gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
124 gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
125 gpg --batch --export --armor "$key" | tee /etc/apt/trusted.gpg.d/sapmachine-${key}.gpg.asc; \
126 done \
127 && echo "deb http://dist.sapmachine.io/debian/amd64/ ./" | tee /etc/apt/sources.list.d/sapmachine.list \
128 && apt-get update \
129 && apt-get install -y sapmachine-$(echo ${SAPMACHINE_VERSION} | cut -d. -f1)-jdk=${SAPMACHINE_VERSION} --no-install-recommends \
130 && rm -rf /var/lib/apt/lists/* \
131 && apt-get remove --purge --autoremove -y gnupg dirmngr \
132 # smoke test
133 && java --version
134
135ARG MAVEN_VERSION=3.8.6
136ARG SHA=f790857f3b1f90ae8d16281f902c689e4f136ebe584aba45e4b1fa66c80cba826d3e0e52fdd04ed44b4c66f6d3fe3584a057c26dfcac544a60b301e6d0f91c26
137ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
138
139ENV MAVEN_HOME /usr/share/maven
140ENV M2_HOME ${MAVEN_HOME}
141
142RUN set -ex \
143 && apt-get update \
144 && apt-get install -y ca-certificates curl procps --no-install-recommends \
145 && rm -rf /var/lib/apt/lists/* \
146 && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
147 && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
148 && echo "${SHA} /tmp/apache-maven.tar.gz" | sha512sum -c - \
149 && tar -xzf /tmp/apache-maven.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
150 && rm -f /tmp/apache-maven.tar.gz \
151 && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
152 && chmod --recursive a+w "${MAVEN_HOME}"/conf/* \
153 && apt-get remove --purge --autoremove -y curl \
154 # smoke test
155 && mvn --version
156
157ARG MBT_VERSION=1.2.18
158
159RUN set -ex \
160 && npm install -g mbt@${MBT_VERSION} \
161 # smoke test
162 && mbt --version
163
164# SAP e-Mobility requirements
165RUN set -ex \
166 && apt-get update \
167 && apt-get install -y build-essential python3 --no-install-recommends \
168 && rm -rf /var/lib/apt/lists/* \
169 # smoke test
170 && python3 --version
171
172WORKDIR /project
173USER ${USER}