17073b4a1b5df9f0d866f38d7b1297022b6624ca
[mbt-docker.git] / Dockerfile
1 FROM debian:bookworm-slim
2
3 ARG USER="mta"
4 ARG USER_HOME_DIR="/home/${USER}"
5 ENV HOME ${USER_HOME_DIR}
6
7 RUN set -ex \
8 && apt-get update \
9 && apt-get install -y openssl --no-install-recommends \
10 && rm -rf /var/lib/apt/lists/* \
11 # smoke test
12 && openssl version \
13 && useradd --home-dir ${USER_HOME_DIR} \
14 --create-home \
15 --shell /bin/bash \
16 --user-group \
17 --uid 1000 \
18 --comment 'Cloud MTA Build Tool' \
19 --password "$(echo weUseMta | openssl passwd -1 -stdin)" ${USER} \
20 # allow anybody to write into the image user home directory
21 && chmod a+w ${USER_HOME_DIR} \
22 && apt-get remove --purge --autoremove -y openssl
23
24 ADD http://aia.pki.co.sap.com/aia/SAP%20Global%20Root%20CA.crt \
25 /etc/ssl/certs/SAP_Global_Root_CA.crt
26
27 ARG NODE_VERSION=18.20.2
28
29 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
30 && case "${dpkgArch##*-}" in \
31 amd64) ARCH='x64';; \
32 ppc64el) ARCH='ppc64le';; \
33 s390x) ARCH='s390x';; \
34 arm64) ARCH='arm64';; \
35 armhf) ARCH='armv7l';; \
36 i386) ARCH='x86';; \
37 *) echo "unsupported architecture"; exit 1 ;; \
38 esac \
39 && set -ex \
40 && apt-get update \
41 # libatomic1 for arm
42 && apt-get install -y ca-certificates curl gnupg dirmngr xz-utils libatomic1 --no-install-recommends \
43 && rm -rf /var/lib/apt/lists/* \
44 && export GNUPGHOME="$(mktemp -d)" \
45 && for key in \
46 4ED778F539E3634C779C87C6D7062848A1AB005C \
47 141F07595B7B3FFE74309A937405533BE57C7D57 \
48 74F12602B6F1C4E913FAA37AD3A89613643B6201 \
49 61FC681DFB92A079F1685E77973F295594EC4689 \
50 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
51 C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
52 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
53 C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
54 108F52B48DB57BB0CC439B2997B01419BD92F80A \
55 DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
56 A6023530FC53461FEC91F99C04CD3F2FDE079578 \
57 CC68F5A3106FF448322E48ED27F5E38D5B0A215F \
58 ; do \
59 gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
60 gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
61 done \
62 && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
63 && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
64 && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
65 && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
66 && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
67 && rm -rf "$GNUPGHOME" "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
68 && apt-mark auto '.*' > /dev/null \
69 && find /usr/local -type f -executable -exec ldd '{}' ';' \
70 | awk '/=>/ { print $(NF-1) }' \
71 | sort -u \
72 | xargs -r dpkg-query --search \
73 | cut -d: -f1 \
74 | sort -u \
75 | xargs -r apt-mark manual \
76 && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
77 && ln -s /usr/local/bin/node /usr/local/bin/nodejs \
78 # smoke tests
79 && node --version \
80 && npm --version
81
82 ARG YARN_VERSION=1.22.19
83
84 RUN set -ex \
85 && savedAptMark="$(apt-mark showmanual)" \
86 && apt-get update \
87 && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \
88 && rm -rf /var/lib/apt/lists/* \
89 && export GNUPGHOME="$(mktemp -d)" \
90 && for key in \
91 6A010C5166006599AA17F08146C2130DFD2497F5 \
92 ; do \
93 gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
94 gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
95 done \
96 && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
97 && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
98 && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
99 && mkdir -p /opt \
100 && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
101 && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
102 && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \
103 && rm -rf "$GNUPGHOME" yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
104 && apt-mark auto '.*' > /dev/null \
105 && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \
106 && find /usr/local -type f -executable -exec ldd '{}' ';' \
107 | awk '/=>/ { print $(NF-1) }' \
108 | sort -u \
109 | xargs -r dpkg-query --search \
110 | cut -d: -f1 \
111 | sort -u \
112 | xargs -r apt-mark manual \
113 && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
114 # smoke test
115 && yarn --version
116
117 ARG SAPMACHINE_VERSION=11.0.23
118
119 ENV JAVA_HOME /opt/jdk
120
121 RUN sapmachine_install() { \
122 SAPMACHINE_MAJOR_VERSION=$(echo ${SAPMACHINE_VERSION} | cut -d. -f1); \
123 ARCH=; \
124 dpkgArch="$(dpkg --print-architecture)"; \
125 case "${dpkgArch##*-}" in \
126 amd64) ARCH='amd64';; \
127 *) echo "unsupported architecture"; exit 1 ;; \
128 esac; \
129 apt-get update; \
130 apt-get install -y ca-certificates gnupg dirmngr --no-install-recommends; \
131 rm -rf /var/lib/apt/lists/*; \
132 export GNUPGHOME="$(mktemp -d)"; \
133 for key in \
134 CACB9FE09150307D1D22D82962754C3B3ABCFE23 \
135 ; do \
136 gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
137 gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
138 done; \
139 chmod 644 /etc/apt/trusted.gpg.d/sapmachine.gpg; \
140 echo "deb http://dist.sapmachine.io/debian/${ARCH}/ ./" | tee /etc/apt/sources.list.d/sapmachine.list; \
141 apt-get update; \
142 apt-get install -y sapmachine-${SAPMACHINE_MAJOR_VERSION}-jdk=${SAPMACHINE_VERSION} --no-install-recommends; \
143 rm -rf "$GNUPGHOME" /var/lib/apt/lists/*; \
144 apt-get remove --purge --autoremove -y ca-certificates gnupg dirmngr; \
145 ln -s /usr/lib/jvm/sapmachine-${SAPMACHINE_MAJOR_VERSION} ${JAVA_HOME}; \
146 }; \
147 sapjvm_install() { \
148 ARCH=; \
149 dpkgArch="$(dpkg --print-architecture)"; \
150 case "${dpkgArch##*-}" in \
151 amd64) ARCH='x64';; \
152 ppc64el) ARCH='ppc64le';; \
153 *) echo "unsupported architecture"; exit 1 ;; \
154 esac; \
155 apt-get update; \
156 apt-get install -y ca-certificates curl libarchive-tools --no-install-recommends; \
157 rm -rf /var/lib/apt/lists/*; \
158 curl -fsSLO --compressed -b 'eula_3_2_agreed=tools.hana.ondemand.com/developer-license-3_2.txt' https://tools.hana.ondemand.com/additional/sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip; \
159 echo "d93abcb60271b7240e828ba2551646c2825b0f9a sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip" | sha1sum -c -; \
160 bsdtar -xvf sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip -C /usr/local --strip-components=1 --no-same-owner; \
161 rm -f sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip; \
162 apt-get remove --purge --auto-remove -y ca-certificates curl libarchive-tools; \
163 ln -s /usr/local ${JAVA_HOME}; \
164 } \
165 && set -ex \
166 && if [ $(echo ${SAPMACHINE_VERSION} | cut -d. -f1) -le 8 ]; then \
167 sapjvm_install; \
168 else \
169 sapmachine_install; \
170 fi \
171 # smoke test
172 && java -version
173
174 ARG MAVEN_VERSION=3.9.6
175 ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
176
177 ENV MAVEN_HOME /usr/share/maven
178 ENV M2_HOME ${MAVEN_HOME}
179
180 RUN set -ex \
181 && apt-get update \
182 && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \
183 && rm -rf /var/lib/apt/lists/* \
184 && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
185 && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
186 && export GNUPGHOME="$(mktemp -d)" \
187 && for key in \
188 29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
189 ; do \
190 gpg --batch --keyserver hkps://pgp.surf.nl --recv-keys "$key" || \
191 gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
192 done \
193 && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
194 && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
195 && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
196 && rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
197 && chmod -R a+w ${MAVEN_HOME}/conf/* \
198 && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
199 && apt-get remove --purge --autoremove -y ca-certificates curl gnupg dirmngr \
200 # smoke test
201 && mvn --version
202
203 ARG MBT_VERSION=1.2.27
204
205 RUN set -ex \
206 && npm install -g --unsafe-perm mbt@${MBT_VERSION} \
207 && npm cache clean -g --force \
208 # smoke test
209 && mbt --version
210
211 # SAP e-Mobility requirements
212 RUN set -ex \
213 && apt-get update \
214 && apt-get install -y ca-certificates build-essential python3 --no-install-recommends \
215 && rm -rf /var/lib/apt/lists/* \
216 # smoke test
217 && python3 --version
218
219 # Allow global npm packages install without sudo
220 RUN set -ex \
221 && mkdir ${USER_HOME_DIR}/.npm-global \
222 && mkdir ${USER_HOME_DIR}/.npm-global/lib \
223 && chown -R ${USER}:${USER} ${USER_HOME_DIR}
224 ENV NPM_CONFIG_PREFIX ${USER_HOME_DIR}/.npm-global
225
226 WORKDIR /project
227 USER ${USER}