[mbt-docker.git] / Dockerfile

FROM debian:bullseye-slim

ARG USER="mta"
ARG USER_HOME_DIR="/home/${USER}"
ENV HOME ${USER_HOME_DIR}

RUN set -ex \
  && apt-get update \
  && apt-get install -y openssl --no-install-recommends \
  && rm -rf /var/lib/apt/lists/* \
  # smoke test
  && openssl version \
  && useradd --home-dir ${USER_HOME_DIR} \
            --create-home \
            --shell /bin/bash \
            --user-group \
            --uid 1000 \
            --comment 'Cloud MTA Build Tool' \
            --password "$(echo weUseMta | openssl passwd -1 -stdin)" ${USER} \
  # allow anybody to write into the image user home directory
  && chmod a+w ${USER_HOME_DIR} \
  && apt-get remove --purge --autoremove -y openssl

ADD http://aia.pki.co.sap.com/aia/SAP%20Global%20Root%20CA.crt \
    /etc/ssl/certs/SAP_Global_Root_CA.crt

ARG NODE_VERSION=16.18.1

RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
    && case "${dpkgArch##*-}" in \
      amd64) ARCH='x64';; \
      ppc64el) ARCH='ppc64le';; \
      s390x) ARCH='s390x';; \
      arm64) ARCH='arm64';; \
      armhf) ARCH='armv7l';; \
      i386) ARCH='x86';; \
      *) echo "unsupported architecture"; exit 1 ;; \
    esac \
    && set -ex \
    && apt-get update \
    # libatomic1 for arm
    && apt-get install -y ca-certificates curl gnupg dirmngr xz-utils libatomic1 --no-install-recommends \
    && rm -rf /var/lib/apt/lists/* \
    && for key in \
      4ED778F539E3634C779C87C6D7062848A1AB005C \
      141F07595B7B3FFE74309A937405533BE57C7D57 \
      74F12602B6F1C4E913FAA37AD3A89613643B6201 \
      61FC681DFB92A079F1685E77973F295594EC4689 \
      8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
      C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
      890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
      C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
      108F52B48DB57BB0CC439B2997B01419BD92F80A \
    ; do \
      gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
      gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
    done \
    && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
    && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
    && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
    && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
    && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
    && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
    && apt-mark auto '.*' > /dev/null \
    && find /usr/local -type f -executable -exec ldd '{}' ';' \
      | awk '/=>/ { print $(NF-1) }' \
      | sort -u \
      | xargs -r dpkg-query --search \
      | cut -d: -f1 \
      | sort -u \
      | xargs -r apt-mark manual \
    && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
    && ln -s /usr/local/bin/node /usr/local/bin/nodejs \
    # smoke tests
    && node --version \
    && npm --version

ARG YARN_VERSION=1.22.19

RUN set -ex \
  && savedAptMark="$(apt-mark showmanual)" \
  && apt-get update \
  && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \
  && rm -rf /var/lib/apt/lists/* \
  && for key in \
    6A010C5166006599AA17F08146C2130DFD2497F5 \
  ; do \
    gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
    gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
  done \
  && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
  && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
  && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
  && mkdir -p /opt \
  && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
  && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
  && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \
  && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
  && apt-mark auto '.*' > /dev/null \
  && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \
  && find /usr/local -type f -executable -exec ldd '{}' ';' \
    | awk '/=>/ { print $(NF-1) }' \
    | sort -u \
    | xargs -r dpkg-query --search \
    | cut -d: -f1 \
    | sort -u \
    | xargs -r apt-mark manual \
  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
  # smoke test
  && yarn --version

ARG SAPMACHINE_VERSION=11.0.17

RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
    && case "${dpkgArch##*-}" in \
      amd64) ARCH='amd64';; \
      *) echo "unsupported architecture"; exit 1 ;; \
    esac \
  && set -ex \
  && apt-get update \
  && apt-get install -y ca-certificates gnupg dirmngr --no-install-recommends \
  && rm -rf /var/lib/apt/lists/* \
  && for key in \
    CACB9FE09150307D1D22D82962754C3B3ABCFE23 \
  ; do \
    gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
    gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
  done \
  && chmod 644 /etc/apt/trusted.gpg.d/sapmachine.gpg \
  && echo "deb http://dist.sapmachine.io/debian/${ARCH}/ ./" | tee /etc/apt/sources.list.d/sapmachine.list \
  && apt-get update \
  && apt-get install -y sapmachine-$(echo ${SAPMACHINE_VERSION} | cut -d. -f1)-jdk=${SAPMACHINE_VERSION} --no-install-recommends \
  && rm -rf /var/lib/apt/lists/* \
  && apt-get remove --purge --autoremove -y ca-certificates gnupg dirmngr \
  # smoke test
  && java --version

ARG MAVEN_VERSION=3.8.6
ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries

ENV MAVEN_HOME /usr/share/maven
ENV M2_HOME ${MAVEN_HOME}

RUN set -ex \
  && apt-get update \
  && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \
  && rm -rf /var/lib/apt/lists/* \
  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
  && for key in \
    6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
  ; do \
    gpg --batch --keyserver hkps://pgp.surf.nl --recv-keys "$key" || \
    gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
  done \
  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
  && rm -f apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
  && chmod -R a+w ${MAVEN_HOME}/conf/* \
  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
  && apt-get remove --purge --autoremove -y ca-certificates curl gnupg dirmngr \
  # smoke test
  && mvn --version

ARG MBT_VERSION=1.2.19

RUN set -ex \
  && npm install -g --unsafe-perm mbt@${MBT_VERSION} \
  && npm cache clean -g --force \
  # smoke test
  && mbt --version

# SAP e-Mobility requirements
RUN set -ex \
  && apt-get update \
  && apt-get install -y ca-certificates build-essential python3 --no-install-recommends \
  && rm -rf /var/lib/apt/lists/* \
  # smoke test
  && python3 --version

WORKDIR /project
USER ${USER}
Commit	Line	Data
74ad74b2	1	FROM debian:bullseye-slim
403c6ed0 AV	2
	3	ARG USER="mta"
	4	ARG USER_HOME_DIR="/home/${USER}"
	5	ENV HOME ${USER_HOME_DIR}
	6
	7	RUN set -ex \
	8	&& apt-get update \
	9	&& apt-get install -y openssl --no-install-recommends \
	10	&& rm -rf /var/lib/apt/lists/* \
9277df83	11	# smoke test
b4603354	12	&& openssl version \
403c6ed0 AV	13	&& useradd --home-dir ${USER_HOME_DIR} \
	14	--create-home \
	15	--shell /bin/bash \
	16	--user-group \
	17	--uid 1000 \
	18	--comment 'Cloud MTA Build Tool' \
	19	--password "$(echo weUseMta \| openssl passwd -1 -stdin)" ${USER} \
a739e5ea JB	20	# allow anybody to write into the image user home directory
	21	&& chmod a+w ${USER_HOME_DIR} \
	22	&& apt-get remove --purge --autoremove -y openssl
403c6ed0 AV	23
	24	ADD http://aia.pki.co.sap.com/aia/SAP%20Global%20Root%20CA.crt \
	25	/etc/ssl/certs/SAP_Global_Root_CA.crt
	26
f7c888a8	27	ARG NODE_VERSION=16.18.1
403c6ed0 AV	28
	29	RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
	30	&& case "${dpkgArch##*-}" in \
	31	amd64) ARCH='x64';; \
	32	ppc64el) ARCH='ppc64le';; \
	33	s390x) ARCH='s390x';; \
	34	arm64) ARCH='arm64';; \
	35	armhf) ARCH='armv7l';; \
	36	i386) ARCH='x86';; \
	37	*) echo "unsupported architecture"; exit 1 ;; \
	38	esac \
	39	&& set -ex \
	40	&& apt-get update \
	41	# libatomic1 for arm
69527ac7	42	&& apt-get install -y ca-certificates curl gnupg dirmngr xz-utils libatomic1 --no-install-recommends \
403c6ed0 AV	43	&& rm -rf /var/lib/apt/lists/* \
	44	&& for key in \
	45	4ED778F539E3634C779C87C6D7062848A1AB005C \
	46	141F07595B7B3FFE74309A937405533BE57C7D57 \
403c6ed0	47	74F12602B6F1C4E913FAA37AD3A89613643B6201 \
403c6ed0 AV	48	61FC681DFB92A079F1685E77973F295594EC4689 \
	49	8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
	50	C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
	51	890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
	52	C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
403c6ed0	53	108F52B48DB57BB0CC439B2997B01419BD92F80A \
403c6ed0 AV	54	; do \
403c6ed0 AV	55	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \|\| \
c52f471b	56	gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
403c6ed0 AV	57	done \
	58	&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
	59	&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
	60	&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
	61	&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt \| sha256sum -c - \
	62	&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
	63	&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
	64	&& apt-mark auto '.*' > /dev/null \
	65	&& find /usr/local -type f -executable -exec ldd '{}' ';' \
	66	\| awk '/=>/ { print $(NF-1) }' \
	67	\| sort -u \
	68	\| xargs -r dpkg-query --search \
	69	\| cut -d: -f1 \
	70	\| sort -u \
	71	\| xargs -r apt-mark manual \
	72	&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
	73	&& ln -s /usr/local/bin/node /usr/local/bin/nodejs \
	74	# smoke tests
	75	&& node --version \
	76	&& npm --version
	77
	78	ARG YARN_VERSION=1.22.19
	79
	80	RUN set -ex \
	81	&& savedAptMark="$(apt-mark showmanual)" \
8c37d866	82	&& apt-get update \
69527ac7	83	&& apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \
403c6ed0 AV	84	&& rm -rf /var/lib/apt/lists/* \
	85	&& for key in \
	86	6A010C5166006599AA17F08146C2130DFD2497F5 \
	87	; do \
	88	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \|\| \
c52f471b	89	gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
403c6ed0 AV	90	done \
	91	&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
	92	&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
	93	&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
	94	&& mkdir -p /opt \
	95	&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
	96	&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
	97	&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \
	98	&& rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
	99	&& apt-mark auto '.*' > /dev/null \
	100	&& { [ -z "$savedAptMark" ] \|\| apt-mark manual $savedAptMark > /dev/null; } \
	101	&& find /usr/local -type f -executable -exec ldd '{}' ';' \
	102	\| awk '/=>/ { print $(NF-1) }' \
	103	\| sort -u \
	104	\| xargs -r dpkg-query --search \
	105	\| cut -d: -f1 \
	106	\| sort -u \
	107	\| xargs -r apt-mark manual \
	108	&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
	109	# smoke test
	110	&& yarn --version
	111
f7c888a8	112	ARG SAPMACHINE_VERSION=11.0.17
8c37d866	113
865db469 JB	114	RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
	115	&& case "${dpkgArch##*-}" in \
	116	amd64) ARCH='amd64';; \
	117	*) echo "unsupported architecture"; exit 1 ;; \
	118	esac \
	119	&& set -ex \
8c37d866	120	&& apt-get update \
c52f471b	121	&& apt-get install -y ca-certificates gnupg dirmngr --no-install-recommends \
8c37d866	122	&& rm -rf /var/lib/apt/lists/* \
c52f471b	123	&& for key in \
4665aa57	124	CACB9FE09150307D1D22D82962754C3B3ABCFE23 \
c52f471b JB	125	; do \
	126	gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \|\| \
	127	gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
	128	done \
	129	&& chmod 644 /etc/apt/trusted.gpg.d/sapmachine.gpg \
865db469	130	&& echo "deb http://dist.sapmachine.io/debian/${ARCH}/ ./" \| tee /etc/apt/sources.list.d/sapmachine.list \
8c37d866 JB	131	&& apt-get update \
	132	&& apt-get install -y sapmachine-$(echo ${SAPMACHINE_VERSION} \| cut -d. -f1)-jdk=${SAPMACHINE_VERSION} --no-install-recommends \
	133	&& rm -rf /var/lib/apt/lists/* \
c52f471b	134	&& apt-get remove --purge --autoremove -y ca-certificates gnupg dirmngr \
8c37d866 JB	135	# smoke test
	136	&& java --version
	137
403c6ed0	138	ARG MAVEN_VERSION=3.8.6
b4603354	139	ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
403c6ed0 AV	140
	141	ENV MAVEN_HOME /usr/share/maven
	142	ENV M2_HOME ${MAVEN_HOME}
	143
	144	RUN set -ex \
	145	&& apt-get update \
b4603354	146	&& apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \
403c6ed0	147	&& rm -rf /var/lib/apt/lists/* \
b4603354 JB	148	&& curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
b4603354 JB	149	&& curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
c52f471b JB	150	&& for key in \
	151	6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
	152	; do \
	153	gpg --batch --keyserver hkps://pgp.surf.nl --recv-keys "$key" \|\| \
	154	gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
	155	done \
b4603354	156	&& gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
403c6ed0	157	&& mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
b4603354 JB	158	&& tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
b4603354 JB	159	&& rm -f apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
27e53e8b	160	&& chmod -R a+w ${MAVEN_HOME}/conf/* \
403c6ed0	161	&& ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
b4603354	162	&& apt-get remove --purge --autoremove -y ca-certificates curl gnupg dirmngr \
8c37d866	163	# smoke test
403c6ed0 AV	164	&& mvn --version
403c6ed0 AV	165
b4603354	166	ARG MBT_VERSION=1.2.19
8c37d866 JB	167
8c37d866 JB	168	RUN set -ex \
34672c4c JB	169	&& npm install -g --unsafe-perm mbt@${MBT_VERSION} \
34672c4c JB	170	&& npm cache clean -g --force \
8c37d866 JB	171	# smoke test
	172	&& mbt --version
	173
	174	# SAP e-Mobility requirements
403c6ed0 AV	175	RUN set -ex \
403c6ed0 AV	176	&& apt-get update \
43e27b30	177	&& apt-get install -y ca-certificates build-essential python3 --no-install-recommends \
403c6ed0	178	&& rm -rf /var/lib/apt/lists/* \
403c6ed0	179	# smoke test
8c37d866	180	&& python3 --version
403c6ed0 AV	181
	182	WORKDIR /project
	183	USER ${USER}