-
Notifications
You must be signed in to change notification settings - Fork 60
/
Dockerfile
122 lines (96 loc) · 4.94 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# Default arguments
ARG gitWindowsComponent='https://github.com/git-for-windows/git/releases/download/v2.47.1.windows.1/MinGit-2.47.1-64-bit.zip'
ARG gitWindowsComponentSHA256='50b04b55425b5c465d076cdb184f63a0cd0f86f6ec8bb4d5860114a713d2c29a'
ARG jdkServerWindowsComponent='https://corretto.aws/downloads/resources/17.0.7.7.1/amazon-corretto-17.0.7.7.1-windows-x64-jdk.zip'
ARG jdkServerWindowsComponentMD5SUM='feb7eab99c647a0b4347be9f0a3276de'
ARG nanoserverImage='mcr.microsoft.com/windows/nanoserver:1903'
ARG powershellImage='mcr.microsoft.com/powershell:nanoserver-1903'
ARG windowsBuild='1903'
# The list of required arguments
# ARG powershellImage
# ARG jdkServerWindowsComponent
# ARG jdkServerWindowsComponentMD5SUM
# ARG gitWindowsComponent
# ARG gitWindowsComponentSHA256
# ARG windowsBuild
# ARG powershellImage
# PowerShell
FROM ${powershellImage} AS base
# On some agents, Windows 2019 requires administrator permissions to modify "C:/" folder within ...
# ... PowerShell container.
USER ContainerAdministrator
COPY scripts/*.cs /scripts/
SHELL ["pwsh", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
# JDK
ARG jdkServerWindowsComponent
ARG jdkServerWindowsComponentMD5SUM
# Git
ARG gitWindowsComponent
ARG gitWindowsComponentSHA256
RUN [Net.ServicePointManager]::SecurityProtocol = 'tls12, tls11, tls' ; \
$code = Get-Content -Path "scripts/Web.cs" -Raw ; \
Add-Type -IgnoreWarnings -TypeDefinition "$code" -Language CSharp ; \
$downloadScript = [Scripts.Web]::DownloadFiles($Env:jdkServerWindowsComponent + '#MD5#' + $Env:jdkServerWindowsComponentMD5SUM, 'jdk.zip', $Env:gitWindowsComponent + '#SHA256#' + $Env:gitWindowsComponentSHA256, 'git.zip') ; \
iex $downloadScript ; \
Expand-Archive jdk.zip -DestinationPath $Env:ProgramFiles\Java ; \
Get-ChildItem $Env:ProgramFiles\Java | Rename-Item -NewName "OpenJDK" ; \
Remove-Item -Force jdk.zip ; \
Remove-Item $Env:ProgramFiles\Java\OpenJDK\lib\src.zip -Force ; \
Expand-Archive git.zip -DestinationPath $Env:ProgramFiles\Git ; \
# https://youtrack.jetbrains.com/issue/TW-73017
(Get-Content 'C:\Program Files\Git\etc\gitconfig') -replace 'path = C:/Program Files/Git/etc/gitconfig', '' | Set-Content 'C:\Program Files\Git\etc\gitconfig' ; \
Remove-Item -Force git.zip
# Prepare TeamCity server distribution
ARG windowsBuild
COPY TeamCity /TeamCity
RUN New-Item C:/TeamCity/webapps/ROOT/WEB-INF/DistributionType.txt -type file -force -value "docker-windows-$Env:windowsBuild" | Out-Null
COPY run-server.ps1 /TeamCity/run-server.ps1
USER ContainerUser
# Workaround for https://github.com/PowerShell/PowerShell-Docker/issues/164
ARG nanoserverImage
FROM ${nanoserverImage}
ENV ProgramFiles="C:\Program Files" \
# set a fixed location for the Module analysis cache
PSModuleAnalysisCachePath="C:\Users\ContainerUser\AppData\Local\Microsoft\Windows\PowerShell\docker\ModuleAnalysisCache" \
# Persist %PSCORE% ENV variable for user convenience
PSCORE="$ProgramFiles\PowerShell\pwsh.exe"
COPY --from=base ["C:/Program Files/PowerShell", "C:/Program Files/PowerShell"]
# In order to set system PATH, ContainerAdministrator must be used
USER ContainerAdministrator
RUN setx /M PATH "%PATH%;%ProgramFiles%\PowerShell"
USER ContainerUser
# intialize powershell module cache
RUN pwsh -NoLogo -NoProfile -Command " \
$stopTime = (get-date).AddMinutes(15); \
$ErrorActionPreference = 'Stop' ; \
$ProgressPreference = 'SilentlyContinue' ; \
while(!(Test-Path -Path $env:PSModuleAnalysisCachePath)) { \
Write-Host "'Waiting for $env:PSModuleAnalysisCachePath'" ; \
if((get-date) -gt $stopTime) { throw 'timout expired'} \
Start-Sleep -Seconds 6 ; \
}"
COPY --from=base ["C:/Program Files/Java/OpenJDK", "C:/Program Files/Java/OpenJDK"]
COPY --from=base ["C:/Program Files/Git", "C:/Program Files/Git"]
ENV JAVA_HOME="C:\Program Files\Java\OpenJDK" \
TEAMCITY_DIST="C:\TeamCity" \
TEAMCITY_ENV=container \
CATALINA_TMPDIR="C:\TeamCity\temp" \
TEAMCITY_LOGS="C:\TeamCity\logs" \
TEAMCITY_DATA_PATH="C:\ProgramData\JetBrains\TeamCity" \
TEAMCITY_SERVER_MEM_OPTS="-Xmx2g -XX:ReservedCodeCacheSize=640m"
EXPOSE 8111
COPY --from=base $TEAMCITY_DIST $TEAMCITY_DIST
VOLUME $TEAMCITY_DATA_PATH \
$TEAMCITY_LOGS \
$CATALINA_TMPDIR
CMD ["pwsh", "C:/TeamCity/run-server.ps1"]
# Use ContainerAdministrator to update permissions and PATH
USER ContainerAdministrator
RUN setx /M PATH "%PATH%;%JAVA_HOME%\bin;C:\Program Files\Git\cmd"
# Grant Permissions for ContainerUser (Default Account), OI - Object Inherit, CI - Container Inherit, ...
# ... F - full control, D - delete, /T - apply to subfolders & files
RUN cmd /c icacls.exe C:\\TeamCity /grant:r DefaultAccount:(OI)(CI)F /grant:r DefaultAccount:(OI)(CI)D /T
RUN cmd /c icacls.exe C:\\TeamCity /grant:r Users:(OI)(CI)F /grant:r Users:(OI)(CI)D /T
# Applied permission check for logging purposes
RUN cmd /c icacls.exe C:\\TeamCity\\*
USER ContainerUser