FROM debian:bookworm-slim ARG USER="mta" ARG USER_HOME_DIR="/home/${USER}" ENV HOME ${USER_HOME_DIR} RUN set -ex \ && apt-get update \ && apt-get install -y openssl --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ # smoke test && openssl version \ && useradd --home-dir ${USER_HOME_DIR} \ --create-home \ --shell /bin/bash \ --user-group \ --uid 1000 \ --comment 'Cloud MTA Build Tool' \ --password "$(echo weUseMta | openssl passwd -1 -stdin)" ${USER} \ # allow anybody to write into the image user home directory && chmod a+w ${USER_HOME_DIR} \ && apt-get remove --purge --autoremove -y openssl ADD http://aia.pki.co.sap.com/aia/SAP%20Global%20Root%20CA.crt \ /etc/ssl/certs/SAP_Global_Root_CA.crt ARG NODE_VERSION=18.20.2 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ amd64) ARCH='x64';; \ ppc64el) ARCH='ppc64le';; \ s390x) ARCH='s390x';; \ arm64) ARCH='arm64';; \ armhf) ARCH='armv7l';; \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ && set -ex \ && apt-get update \ # libatomic1 for arm && apt-get install -y ca-certificates curl gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 141F07595B7B3FFE74309A937405533BE57C7D57 \ 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ 61FC681DFB92A079F1685E77973F295594EC4689 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ 108F52B48DB57BB0CC439B2997B01419BD92F80A \ DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ A6023530FC53461FEC91F99C04CD3F2FDE079578 \ ; do \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm -rf "$GNUPGHOME" "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ && apt-mark auto '.*' > /dev/null \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ { print $(NF-1) }' \ | sort -u \ | xargs -r dpkg-query --search \ | cut -d: -f1 \ | sort -u \ | xargs -r apt-mark manual \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ && npm --version ARG YARN_VERSION=1.22.19 RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ && apt-get update \ && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ && rm -rf "$GNUPGHOME" yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ && apt-mark auto '.*' > /dev/null \ && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ { print $(NF-1) }' \ | sort -u \ | xargs -r dpkg-query --search \ | cut -d: -f1 \ | sort -u \ | xargs -r apt-mark manual \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ # smoke test && yarn --version ARG SAPMACHINE_VERSION=11.0.23 ENV JAVA_HOME /opt/jdk RUN sapmachine_install() { \ SAPMACHINE_MAJOR_VERSION=$(echo ${SAPMACHINE_VERSION} | cut -d. -f1); \ ARCH=; \ dpkgArch="$(dpkg --print-architecture)"; \ case "${dpkgArch##*-}" in \ amd64) ARCH='amd64';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac; \ apt-get update; \ apt-get install -y ca-certificates gnupg dirmngr --no-install-recommends; \ rm -rf /var/lib/apt/lists/*; \ export GNUPGHOME="$(mktemp -d)"; \ for key in \ CACB9FE09150307D1D22D82962754C3B3ABCFE23 \ ; do \ gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \ done; \ chmod 644 /etc/apt/trusted.gpg.d/sapmachine.gpg; \ echo "deb http://dist.sapmachine.io/debian/${ARCH}/ ./" | tee /etc/apt/sources.list.d/sapmachine.list; \ apt-get update; \ apt-get install -y sapmachine-${SAPMACHINE_MAJOR_VERSION}-jdk=${SAPMACHINE_VERSION} --no-install-recommends; \ rm -rf "$GNUPGHOME" /var/lib/apt/lists/*; \ apt-get remove --purge --autoremove -y ca-certificates gnupg dirmngr; \ ln -s /usr/lib/jvm/sapmachine-${SAPMACHINE_MAJOR_VERSION} ${JAVA_HOME}; \ }; \ sapjvm_install() { \ ARCH=; \ dpkgArch="$(dpkg --print-architecture)"; \ case "${dpkgArch##*-}" in \ amd64) ARCH='x64';; \ ppc64el) ARCH='ppc64le';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac; \ apt-get update; \ apt-get install -y ca-certificates curl libarchive-tools --no-install-recommends; \ rm -rf /var/lib/apt/lists/*; \ curl -fsSLO --compressed -b 'eula_3_2_agreed=tools.hana.ondemand.com/developer-license-3_2.txt' https://tools.hana.ondemand.com/additional/sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip; \ echo "d93abcb60271b7240e828ba2551646c2825b0f9a sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip" | sha1sum -c -; \ bsdtar -xvf sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip -C /usr/local --strip-components=1 --no-same-owner; \ rm -f sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip; \ apt-get remove --purge --auto-remove -y ca-certificates curl libarchive-tools; \ ln -s /usr/local ${JAVA_HOME}; \ } \ && set -ex \ && if [ $(echo ${SAPMACHINE_VERSION} | cut -d. -f1) -le 8 ]; then \ sapjvm_install; \ else \ sapmachine_install; \ fi \ # smoke test && java -version ARG MAVEN_VERSION=3.9.6 ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries ENV MAVEN_HOME /usr/share/maven ENV M2_HOME ${MAVEN_HOME} RUN set -ex \ && apt-get update \ && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \ && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \ && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \ ; do \ gpg --batch --keyserver hkps://pgp.surf.nl --recv-keys "$key" || \ gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \ done \ && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \ && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \ && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \ && rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \ && chmod -R a+w ${MAVEN_HOME}/conf/* \ && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \ && apt-get remove --purge --autoremove -y ca-certificates curl gnupg dirmngr \ # smoke test && mvn --version ARG MBT_VERSION=1.2.27 RUN set -ex \ && npm install -g --unsafe-perm mbt@${MBT_VERSION} \ && npm cache clean -g --force \ # smoke test && mbt --version # SAP e-Mobility requirements RUN set -ex \ && apt-get update \ && apt-get install -y ca-certificates build-essential python3 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ # smoke test && python3 --version # Allow global npm packages install without sudo RUN set -ex \ && mkdir ${USER_HOME_DIR}/.npm-global \ && mkdir ${USER_HOME_DIR}/.npm-global/lib \ && chown -R ${USER}:${USER} ${USER_HOME_DIR} ENV NPM_CONFIG_PREFIX ${USER_HOME_DIR}/.npm-global WORKDIR /project USER ${USER}