node_reqwest/Dockerfile at main · vadimpiven/node_reqwest · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# syntax=docker/dockerfile:1.21@sha256:27f9262d43452075f3c410287a2c43f5ef1bf7ec2bb06e8c9eeb1b8d453087bc
# <https://quay.io/repository/pypa/manylinux_2_28?tab=tags>
FROM quay.io/pypa/manylinux_2_28@sha256:918ab52de643406efd7f8634c66ad9dd60613ca71ffd869b2c4fec8f6b917076

ARG TARGETARCH
ARG USERNAME=runner
ARG USER_UID=1001
ARG USER_GID=$USER_UID

# Container environment variables
ENV MISE_ENV=docker
ENV MISE_TRUSTED_CONFIG_PATHS=/workspace
ENV MISE_DATA_DIR=/workspace/.cache/docker/mise
ENV READY_MARKER=/home/${USERNAME}/.container-ready

# SSL environment variables
ENV SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt
ENV SSL_CERT_DIR=/etc/ssl/certs

HEALTHCHECK --interval=10s --timeout=5s --start-period=180s --retries=3 \
    CMD [ -f "$READY_MARKER" ] || exit 1

SHELL ["/bin/bash", "-o", "pipefail", "-c"]
COPY .mise-version /tmp/.mise-version
# hadolint ignore=DL3041,SC2016
RUN --mount=type=cache,target=/var/cache/dnf,sharing=locked \
    # Install mise (musl binary, statically linked)
    MISE_VERSION=$(cat /tmp/.mise-version) \
    && rm -f /tmp/.mise-version \
    && MISE_ARCH=$([ "$TARGETARCH" = "amd64" ] && echo "x64" || echo "arm64") \
    && curl -sSL "https://github.com/jdx/mise/releases/download/${MISE_VERSION}/mise-${MISE_VERSION}-linux-${MISE_ARCH}-musl" -o /usr/local/bin/mise \
    && chmod +x /usr/local/bin/mise \
    \
    # Dependency Installation
    && rm -f /usr/local/bin/git-lfs \
    && dnf update -y \
    && dnf install -y --setopt=install_weak_deps=False \
    alsa-lib \
    at-spi2-atk \
    atk \
    cairo \
    dbus-libs \
    gdk-pixbuf2 \
    git \
    gtk3 \
    libicu \
    libX11 \
    libXcomposite \
    libXcursor \
    libXdamage \
    libXext \
    libXfixes \
    libXi \
    libXrandr \
    libXrender \
    libxkbcommon \
    libXtst \
    mesa-libgbm \
    nss \
    pango \
    sudo \
    xorg-x11-server-Xvfb \
    && dnf clean all \
    \
    # Create SSL symlinks
    && mkdir -p ${SSL_CERT_DIR} \
    && ln -sf ${SSL_CERT_FILE} ${SSL_CERT_DIR}/ca-certificates.crt \
    && ln -sf ${SSL_CERT_FILE} /opt/_internal/certs.pem \
    \
    # User Setup
    && groupadd --gid ${USER_GID} --non-unique ${USERNAME} \
    && useradd --uid ${USER_UID} --gid ${USER_GID} --non-unique --shell /bin/bash --create-home ${USERNAME} \
    && echo "${USERNAME} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/${USERNAME} \
    && chmod 0440 /etc/sudoers.d/${USERNAME} \
    && mkdir -p /mitmproxy-certs \
    && printf '%s\n' \
    '# Global Bash initialization (sourced by BASH_ENV and .bashrc)' \
    'if [ -n "${READY_MARKER:-}" ] && [ "${ENTRYPOINT:-}" != "true" ]; then' \
    '  while [ ! -f "$READY_MARKER" ]; do sleep 0.5; done' \
    'fi' \
    'eval "$(mise activate bash)"' \
    > /etc/bash-entrypoint.sh \
    && chmod +x /etc/bash-entrypoint.sh \
    && echo ". /etc/bash-entrypoint.sh" >> /home/${USERNAME}/.bashrc \
    && chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.bashrc \
    && chown -R ${USERNAME}:${USERNAME} /home/${USERNAME}

ENV BASH_ENV=/etc/bash-entrypoint.sh

USER ${USERNAME}
COPY --chmod=755 docker-entrypoint.sh /usr/local/bin/entrypoint
ENTRYPOINT ["env", "ENTRYPOINT=true", "/usr/local/bin/entrypoint"]
WORKDIR /workspace