-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9dd835f
commit 343c94e
Showing
3 changed files
with
34 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,28 +3,29 @@ LABEL name="art-bot" \ | |
description="art-bot container image" \ | ||
maintainer="OpenShift Automated Release Tooling (ART) Team <[email protected]>" | ||
|
||
# the build will need to run inside the firewall to access internal resources. | ||
# install Red Hat IT Root CA and RCM repos | ||
# This build will need to be run inside the firewall to access internal resources. | ||
# Install Red Hat IT Root CA and RCM repos, runtime dependencies, and upgrade pip | ||
RUN curl -o /etc/pki/ca-trust/source/anchors/RH-IT-Root-CA.crt --fail -L \ | ||
https://certs.corp.redhat.com/certs/2015-IT-Root-CA.pem \ | ||
&& curl -o /etc/pki/ca-trust/source/anchors/2022-IT-Root-CA.pem --fail -L \ | ||
https://certs.corp.redhat.com/certs/2022-IT-Root-CA.pem \ | ||
&& update-ca-trust extract \ | ||
&& curl -o /etc/yum.repos.d/rcm-tools-fedora.repo https://download.devel.redhat.com/rel-eng/RCMTOOLS/rcm-tools-fedora.repo \ | ||
&& dnf install -y \ | ||
# runtime dependencies | ||
krb5-workstation git rsync \ | ||
# runtime dependencies | ||
python3 python3-certifi python3-rpm python3-rhmsg \ | ||
# development dependencies | ||
gcc krb5-devel python3-devel python3-pip python3-setuptools \ | ||
# other tools | ||
gcc krb5-devel python3-devel python3-pip \ | ||
bash-completion vim tmux wget curl iputils procps-ng psmisc net-tools iproute \ | ||
# install brewkoji | ||
koji brewkoji \ | ||
&& dnf clean all | ||
&& dnf clean all \ | ||
# upgrade pip | ||
&& pip3 install --upgrade pip | ||
|
||
# Install OpenShift Client | ||
ARG OC_VERSION=candidate | ||
# include oc client | ||
RUN wget -O /tmp/openshift-client-linux-"$OC_VERSION".tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/"$OC_VERSION"/openshift-client-linux.tar.gz \ | ||
&& tar -C /usr/local/bin -xzf /tmp/openshift-client-linux-"$OC_VERSION".tar.gz oc kubectl \ | ||
&& rm /tmp/openshift-client-linux-"$OC_VERSION".tar.gz | ||
|
@@ -35,38 +36,36 @@ ARG USERNAME=dev | |
ARG USER_UID=1000 | ||
ARG USER_GID=$USER_UID | ||
|
||
# Create the "dev" user | ||
RUN groupadd --gid "$USER_GID" "$USERNAME" \ | ||
&& useradd --uid "$USER_UID" --gid "$USER_GID" -m "$USERNAME" \ | ||
# give access to its files | ||
&& mkdir -p /workspaces/art-bot \ | ||
&& mkdir -p /workspaces/{elliott,doozer}{,-working-dir} \ | ||
&& mkdir -p /home/"$USERNAME"/.config/{elliott,doozer,art-bot} \ | ||
&& mkdir -p /home/"$USERNAME"/.docker \ | ||
&& mkdir -p /workspaces/art-bot /workspaces/{elliott,doozer}{,-working-dir} \ | ||
/home/"$USERNAME"/.config/{elliott,doozer,art-bot} /home/"$USERNAME"/.docker \ | ||
&& chown -R "${USER_UID}:${USER_GID}" /home/"$USERNAME" /workspaces \ | ||
&& chmod -R 0755 /home/"$USERNAME" \ | ||
&& chmod -R 0777 /workspaces \ | ||
# and allow it passwordless sudo | ||
&& echo "$USERNAME" ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/"$USERNAME" \ | ||
&& echo "$USERNAME ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/"$USERNAME" \ | ||
&& chmod 0440 /etc/sudoers.d/"$USERNAME" | ||
|
||
USER "$USER_UID" | ||
# Set work directory | ||
WORKDIR /workspaces/art-bot | ||
|
||
# install dependencies (allow even openshift's random user to see) | ||
ENV PATH=/home/"$USERNAME"/.local/bin:/home/"$USERNAME"/bin:"$PATH" | ||
# Clone art-tools and run install.sh script | ||
RUN git clone https://github.com/openshift-eng/art-tools.git /art-tools \ | ||
&& cd /art-tools \ | ||
&& ./install.sh | ||
|
||
# Install dependencies from requirements.txt | ||
COPY requirements.txt ./ | ||
RUN umask a+rx && pip3 install --upgrade \ | ||
"git+https://github.com/openshift-eng/art-tools.git#egg=rh-doozer&subdirectory=doozer" \ | ||
"git+https://github.com/openshift-eng/art-tools.git#egg=rh-elliott&subdirectory=elliott" \ | ||
-r ./requirements.txt | ||
RUN pip3 install --upgrade -r requirements.txt | ||
|
||
# install art-bot and default configs | ||
# Install art-bot and default configs | ||
COPY container/krb5-redhat.conf /etc/krb5.conf | ||
COPY . /tmp/art-bot | ||
USER 0 | ||
RUN cp -r /tmp/art-bot/{artbotlib,art-bot.py,art_bot_dev.py} . \ | ||
&& cp /tmp/art-bot/container/doozer-settings.yaml /home/"$USERNAME"/.config/doozer/settings.yaml \ | ||
&& cp /tmp/art-bot/container/elliott-settings.yaml /home/"$USERNAME"/.config/elliott/settings.yaml \ | ||
&& rm -rf /tmp/art-bot | ||
|
||
# Return to non-root user and final work directory | ||
USER "$USER_UID" | ||
WORKDIR /workspaces/art-bot |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters