github.com/SAP/cloud-mta-build-tool@v1.2.27/Dockerfile_mbtci_template (about) 1 FROM debian:bullseye-slim 2 3 # Build time arguments 4 ARG MTA_USER="mta" 5 ARG MTA_USER_HOME="/home/${MTA_USER}" 6 ARG MBT_VERSION=1.2.27 7 ARG GO_VERSION=1.21.0 8 ARG NODE_VERSION=NODE_VERSION_TEMPLATE 9 ARG MAVEN_VERSION=3.9.4 10 ARG UI5_VERSION=2.14.19 11 ARG MAVEN_BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries 12 ARG SAPMACHINE_VERSION=JAVA_VERSION_TEMPLATE 13 ARG CYCLONEDX_CLI_VERSION=0.24.2 14 ARG CYCLONEDX_CLI_BINARY=cyclonedx 15 ARG CYCLONEDX_GOMOD_VERSION=1.4.0 16 ARG CYCLONEDX_GOMOD_BINARY=cyclonedx-gomod 17 ARG CYCLONEDX_BOM_PACKAGE=cyclonedx-bom 18 ARG CYCLONEDX_BOM_VERSION=0.0.9 19 ARG CYCLONEDX_BOM_BINARY=cyclonedx-bom 20 21 # Environment variables 22 ENV PYTHON /usr/bin/python3 23 ENV JAVA_HOME /opt/jdk 24 ENV MAVEN_HOME /usr/share/maven 25 ENV M2_HOME ${MAVEN_HOME} 26 ENV PATH /usr/local/go/bin:$PATH 27 ENV CGO_ENABLED=0 28 ENV GOOS=linux 29 ENV DEBIAN_FRONTEND=noninteractive 30 31 # Create user account and using openssl to create password 32 RUN set -ex \ 33 && apt-get update \ 34 && apt-get install -y openssl --no-install-recommends \ 35 && rm -rf /var/lib/apt/lists/* \ 36 # smoke test 37 && openssl version \ 38 && useradd --home-dir ${MTA_USER_HOME} \ 39 --create-home \ 40 --shell /bin/bash \ 41 --user-group \ 42 --uid 1000 \ 43 --comment 'Cloud MTA Build Tool' \ 44 --password "$(echo weUseMta | openssl passwd -1 -stdin)" ${MTA_USER} \ 45 # allow anybody to write into the image user home directory 46 && chmod a+w ${MTA_USER_HOME} \ 47 && apt-get remove --purge --autoremove -y openssl 48 49 # Download SAP_Global_Root_CA.crt to target 50 ADD http://aia.pki.co.sap.com/aia/SAP%20Global%20Root%20CA.crt \ 51 /etc/ssl/certs/SAP_Global_Root_CA.crt 52 53 # Install Node.js 54 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ 55 && case "${dpkgArch##*-}" in \ 56 amd64) ARCH='x64';; \ 57 ppc64el) ARCH='ppc64le';; \ 58 s390x) ARCH='s390x';; \ 59 arm64) ARCH='arm64';; \ 60 armhf) ARCH='armv7l';; \ 61 i386) ARCH='x86';; \ 62 *) echo "unsupported architecture"; exit 1 ;; \ 63 esac \ 64 && set -ex \ 65 && apt-get update \ 66 # libatomic1 for arm 67 && apt-get install -y ca-certificates curl gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ 68 && rm -rf /var/lib/apt/lists/* \ 69 && export GNUPGHOME="$(mktemp -d)" \ 70 && for key in \ 71 4ED778F539E3634C779C87C6D7062848A1AB005C \ 72 141F07595B7B3FFE74309A937405533BE57C7D57 \ 73 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ 74 DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ 75 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ 76 C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ 77 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ 78 C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ 79 108F52B48DB57BB0CC439B2997B01419BD92F80A \ 80 ; do \ 81 gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ 82 gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \ 83 done \ 84 && curl -fsSLO --compressed "https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${ARCH}.tar.xz" \ 85 && curl -fsSLO --compressed "https://nodejs.org/dist/v${NODE_VERSION}/SHASUMS256.txt.asc" \ 86 && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ 87 && grep " node-v${NODE_VERSION}-linux-${ARCH}.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ 88 && tar -xJf "node-v${NODE_VERSION}-linux-${ARCH}.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ 89 && rm -rf "$GNUPGHOME" "node-v${NODE_VERSION}-linux-${ARCH}.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ 90 && apt-mark auto '.*' > /dev/null \ 91 && find /usr/local -type f -executable -exec ldd '{}' ';' \ 92 | awk '/=>/ { print $(NF-1) }' \ 93 | sort -u \ 94 | xargs -r dpkg-query --search \ 95 | cut -d: -f1 \ 96 | sort -u \ 97 | xargs -r apt-mark manual \ 98 && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ 99 && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ 100 # smoke tests 101 && echo "node ${NODE_VERSION} install smoke tests!" \ 102 && node --version \ 103 && npm --version 104 105 # Install Grunt CLI 106 RUN set -ex \ 107 && npm install --prefix /usr/local/ -g grunt-cli \ 108 && npm cache clean -g --force \ 109 # smoke test 110 && echo "grunt-cli install smoke test!" \ 111 && grunt --version 112 113 # Install UI5 CLI 114 RUN set -ex \ 115 && npm install --prefix /usr/local/ -g @ui5/cli@${UI5_VERSION} \ 116 && npm cache clean -g --force \ 117 # smoke test 118 && echo "ui5 install smoke test!" \ 119 && ui5 --version 120 121 # Install Golang 122 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ 123 && case "${dpkgArch##*-}" in \ 124 i386) ARCH='386';; \ 125 amd64) ARCH='amd64';; \ 126 ppc64el) ARCH='ppc64le';; \ 127 s390x) ARCH='s390x';; \ 128 arm64) ARCH='arm64';; \ 129 armhf) ARCH='armv6l';; \ 130 *) echo "unsupported architecture"; exit 1 ;; \ 131 esac \ 132 && set -ex \ 133 && apt-get update \ 134 && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \ 135 && rm -rf /var/lib/apt/lists/* \ 136 && export GNUPGHOME="$(mktemp -d)" \ 137 && for key in \ 138 EB4C1BFD4F042F6DDDCCEC917721F63BD38B4796 \ 139 2F528D36D67B69EDF998D85778BD65473CB3BD13 \ 140 ; do \ 141 gpg --batch --keyserver hkps://pgp.surf.nl --recv-keys "$key" || \ 142 gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \ 143 done \ 144 && curl -fsSLO --compressed https://storage.googleapis.com/golang/go${GO_VERSION}.${GOOS}-${ARCH}.tar.gz \ 145 && curl -fsSLO --compressed https://storage.googleapis.com/golang/go${GO_VERSION}.${GOOS}-${ARCH}.tar.gz.asc \ 146 && gpg --batch --verify go${GO_VERSION}.${GOOS}-${ARCH}.tar.gz.asc go${GO_VERSION}.${GOOS}-${ARCH}.tar.gz \ 147 && tar -xvf go${GO_VERSION}.${GOOS}-${ARCH}.tar.gz -C /usr/local \ 148 && rm -rf "$GNUPGHOME" go${GO_VERSION}.${GOOS}-${ARCH}.tar.gz go${GO_VERSION}.${GOOS}-${ARCH}.tar.gz.asc \ 149 && apt-get remove --purge --autoremove -y ca-certificates curl gnupg dirmngr \ 150 # smoke test 151 && echo "go ${GO_VERSION} install smoke test!" \ 152 && go version 153 154 # Install SAPMachine 155 RUN sapmachine_install() { \ 156 SAPMACHINE_MAJOR_VERSION=$(echo ${SAPMACHINE_VERSION} | cut -d. -f1); \ 157 ARCH=; \ 158 dpkgArch="$(dpkg --print-architecture)"; \ 159 case "${dpkgArch##*-}" in \ 160 amd64) ARCH='amd64';; \ 161 *) echo "unsupported architecture"; exit 1 ;; \ 162 esac; \ 163 apt-get update; \ 164 apt-get install -y ca-certificates gnupg dirmngr --no-install-recommends; \ 165 rm -rf /var/lib/apt/lists/*; \ 166 export GNUPGHOME="$(mktemp -d)"; \ 167 for key in \ 168 CACB9FE09150307D1D22D82962754C3B3ABCFE23 \ 169 ; do \ 170 gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ 171 gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \ 172 done; \ 173 chmod 644 /etc/apt/trusted.gpg.d/sapmachine.gpg; \ 174 echo "deb http://dist.sapmachine.io/debian/${ARCH}/ ./" | tee /etc/apt/sources.list.d/sapmachine.list; \ 175 apt-get update; \ 176 apt-get install -y sapmachine-${SAPMACHINE_MAJOR_VERSION}-jdk=${SAPMACHINE_VERSION} --no-install-recommends; \ 177 rm -rf "$GNUPGHOME" /var/lib/apt/lists/*; \ 178 apt-get remove --purge --autoremove -y ca-certificates gnupg dirmngr; \ 179 ln -s /usr/lib/jvm/sapmachine-${SAPMACHINE_MAJOR_VERSION} ${JAVA_HOME}; \ 180 }; \ 181 sapjvm_install() { \ 182 ARCH=; \ 183 dpkgArch="$(dpkg --print-architecture)"; \ 184 case "${dpkgArch##*-}" in \ 185 amd64) ARCH='x64';; \ 186 ppc64el) ARCH='ppc64le';; \ 187 *) echo "unsupported architecture"; exit 1 ;; \ 188 esac; \ 189 apt-get update; \ 190 apt-get install -y ca-certificates curl libarchive-tools --no-install-recommends; \ 191 rm -rf /var/lib/apt/lists/*; \ 192 curl -fsSLO --compressed -b 'eula_3_1_agreed=tools.hana.ondemand.com/developer-license-3_1.txt' https://tools.hana.ondemand.com/additional/sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip; \ 193 echo "7d63f20b17becb5f658d413c113ea9efdfbba6a0 sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip" | sha1sum -c -; \ 194 bsdtar -xvf sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip -C /usr/local --strip-components=1 --no-same-owner; \ 195 rm -f sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip; \ 196 apt-get remove --purge --auto-remove -y ca-certificates curl libarchive-tools; \ 197 ln -s /usr/local ${JAVA_HOME}; \ 198 } \ 199 && set -ex \ 200 && if [ $(echo ${SAPMACHINE_VERSION} | cut -d. -f1) -le 8 ]; then \ 201 sapjvm_install; \ 202 else \ 203 sapmachine_install; \ 204 fi \ 205 # smoke test 206 && echo "SAPMachine ${SAPMACHINE_VERSION} install smoke test!" \ 207 && java -version 208 209 # Install Maven 210 RUN set -ex \ 211 && apt-get update \ 212 && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \ 213 && rm -rf /var/lib/apt/lists/* \ 214 && curl -fsSLO --compressed ${MAVEN_BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \ 215 && curl -fsSLO --compressed ${MAVEN_BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \ 216 && export GNUPGHOME="$(mktemp -d)" \ 217 && for key in \ 218 29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \ 219 ; do \ 220 gpg --batch --keyserver hkps://pgp.surf.nl --recv-keys "$key" || \ 221 gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \ 222 done \ 223 && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \ 224 && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \ 225 && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \ 226 && rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \ 227 && chmod -R a+w ${MAVEN_HOME}/conf/* \ 228 && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \ 229 && apt-get remove --purge --autoremove -y ca-certificates curl gnupg dirmngr \ 230 # smoke test 231 && echo "mvn ${MAVEN_VERSION} install smoke test!" \ 232 && mvn --version 233 234 # Install MBT 235 RUN set -ex \ 236 && npm install -g --unsafe-perm mbt@${MBT_VERSION} \ 237 && npm cache clean -g --force \ 238 # smoke test 239 && echo "mbt ${MBT_VERSION} install smoke test!" \ 240 && mbt --version 241 242 # Install essential build tools and Python 243 RUN set -ex \ 244 && apt-get update \ 245 && apt-get install -y ca-certificates build-essential git python2.7 python3 --no-install-recommends \ 246 && rm -rf /var/lib/apt/lists/* \ 247 # smoke tests 248 && echo "python install smoke tests!" \ 249 && python2.7 --version \ 250 && python3 --version 251 252 # Allow global npm packages install without sudo 253 RUN set -ex \ 254 && mkdir ${MTA_USER_HOME}/.npm-global \ 255 && mkdir ${MTA_USER_HOME}/.npm-global/lib \ 256 && chown -R ${MTA_USER}:${MTA_USER} ${MTA_USER_HOME} 257 ENV NPM_CONFIG_PREFIX ${MTA_USER_HOME}/.npm-global 258 259 # Install cyclone-cli 260 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ 261 && case "${dpkgArch##*-}" in \ 262 amd64) ARCH='x64';; \ 263 arm64) ARCH='arm64';; \ 264 *) echo "unsupported architecture"; exit 1 ;; \ 265 esac \ 266 && set -ex \ 267 && apt-get update \ 268 && apt-get install -y ca-certificates curl gnupg dirmngr libicu-dev --no-install-recommends \ 269 && rm -rf /var/lib/apt/lists/* \ 270 && curl -fsSLO --compressed "https://github.com/CycloneDX/cyclonedx-cli/releases/download/v${CYCLONEDX_CLI_VERSION}/${CYCLONEDX_CLI_BINARY}-linux-${ARCH}" \ 271 && chmod a+rx ${CYCLONEDX_CLI_BINARY}-linux-${ARCH} \ 272 && mv ${CYCLONEDX_CLI_BINARY}-linux-${ARCH} /usr/local/bin/${CYCLONEDX_CLI_BINARY} \ 273 && apt-get remove --purge --autoremove -y ca-certificates curl gnupg dirmngr \ 274 && echo "cyclonedx-cli smoke tests!" \ 275 && ${CYCLONEDX_CLI_BINARY} --version 276 277 # Install cyclone-gomod 278 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ 279 && case "${dpkgArch##*-}" in \ 280 amd64) ARCH='amd64';; \ 281 arm64) ARCH='arm64';; \ 282 *) echo "unsupported architecture"; exit 1 ;; \ 283 esac \ 284 && set -ex \ 285 && apt-get update \ 286 && apt-get install -y ca-certificates curl gnupg dirmngr libicu-dev --no-install-recommends \ 287 && rm -rf /var/lib/apt/lists/* \ 288 && curl -fsSLO --compressed "https://github.com/CycloneDX/cyclonedx-gomod/releases/download/v${CYCLONEDX_GOMOD_VERSION}/${CYCLONEDX_GOMOD_BINARY}_${CYCLONEDX_GOMOD_VERSION}_linux_${ARCH}.tar.gz" \ 289 && tar -xzf ${CYCLONEDX_GOMOD_BINARY}_${CYCLONEDX_GOMOD_VERSION}_linux_${ARCH}.tar.gz \ 290 && chmod a+rx ${CYCLONEDX_GOMOD_BINARY} \ 291 && mv ${CYCLONEDX_GOMOD_BINARY} /usr/local/bin/${CYCLONEDX_GOMOD_BINARY} \ 292 && apt-get remove --purge --autoremove -y ca-certificates curl gnupg dirmngr \ 293 && echo "cyclonedx-gomod smoke tests!" \ 294 && cyclonedx-gomod version 295 296 # Install cyclone-bom 297 RUN set -ex \ 298 && npm install --prefix /usr/local/ -g ${CYCLONEDX_BOM_PACKAGE}@${CYCLONEDX_BOM_VERSION} \ 299 && echo "cyclonedx-bom smoke tests!" \ 300 && npx ${CYCLONEDX_BOM_BINARY} -h 301 302 # Install curl and ca-certificates 303 RUN set -ex \ 304 && apt-get update \ 305 && apt-get install -y curl ca-certificates --no-install-recommends 306 307 ENV PATH=$PATH:./node_modules/.bin:${MTA_USER_HOME}/.npm-global/bin 308 WORKDIR /project 309 USER ${MTA_USER}