forked from gitpod-io/gitpod
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
256 lines (205 loc) · 11.1 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
# Copyright (c) 2020 Gitpod GmbH. All rights reserved.
# Licensed under the GNU Affero General Public License (AGPL).
# See License-AGPL.txt in the project root for license information.
FROM gitpod/workspace-full:2022-09-25-16-16-41
ENV TRIGGER_REBUILD 22
USER root
### cloud_sql_proxy ###
ARG CLOUD_SQL_PROXY=/usr/local/bin/cloud_sql_proxy
RUN curl -fsSL https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 > $CLOUD_SQL_PROXY \
&& chmod +x $CLOUD_SQL_PROXY
### Helm3 ###
RUN mkdir -p /tmp/helm/ \
&& curl -fsSL https://get.helm.sh/helm-v3.8.1-linux-amd64.tar.gz | tar -xzvC /tmp/helm/ --strip-components=1 \
&& cp /tmp/helm/helm /usr/local/bin/helm \
&& ln -s /usr/local/bin/helm /usr/local/bin/helm3 \
&& rm -rf /tmp/helm/ \
&& helm completion bash > /usr/share/bash-completion/completions/helm
### kubernetes ###
RUN mkdir -p /usr/local/kubernetes/ && \
curl -fsSL https://github.com/kubernetes/kubernetes/releases/download/v1.24.1/kubernetes.tar.gz \
| tar -xzvC /usr/local/kubernetes/ --strip-components=1 \
&& KUBERNETES_SKIP_CONFIRM=true /usr/local/kubernetes/cluster/get-kube-binaries.sh \
&& chown gitpod:gitpod -R /usr/local/kubernetes
ENV PATH=$PATH:/usr/local/kubernetes/cluster/:/usr/local/kubernetes/client/bin/
### kubectl ###
RUN curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - \
# really 'xenial'
&& add-apt-repository -yu "deb https://apt.kubernetes.io/ kubernetes-xenial main" \
&& install-packages kubectl=1.24.1-00 \
&& kubectl completion bash > /usr/share/bash-completion/completions/kubectl
RUN curl -fsSL -o /usr/bin/kubectx https://raw.githubusercontent.com/ahmetb/kubectx/master/kubectx && chmod +x /usr/bin/kubectx \
&& curl -fsSL -o /usr/bin/kubens https://raw.githubusercontent.com/ahmetb/kubectx/master/kubens && chmod +x /usr/bin/kubens
RUN curl -fsSL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_linux_amd64.tar.gz | tar -xz -C /tmp/ \
&& sudo mkdir -p /usr/local/kubebuilder \
&& sudo mv /tmp/kubebuilder_2.3.2_linux_amd64/* /usr/local/kubebuilder \
&& rm -rf /tmp/*
RUN curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.gpg | sudo apt-key add -
### MySQL client ###
RUN install-packages mysql-client
### CertManager's cmctl
RUN cd /usr/bin && curl -fsSL https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cmctl-linux-amd64.tar.gz | tar xzv --no-anchored cmctl
# gokart
RUN cd /usr/bin && curl -fsSL https://github.com/praetorian-inc/gokart/releases/download/v0.4.0/gokart_0.4.0_linux_x86_64.tar.gz | tar xzv --no-anchored gokart
# leeway
ENV LEEWAY_MAX_PROVENANCE_BUNDLE_SIZE=8388608
RUN cd /usr/bin && curl -fsSL https://github.com/gitpod-io/leeway/releases/download/v0.3.1/leeway_0.3.1_Linux_x86_64.tar.gz | tar xz
# evans (gRPC client)
RUN cd /usr/bin && curl -fsSL https://github.com/ktr0731/evans/releases/download/v0.10.6/evans_linux_amd64.tar.gz | tar xz evans
# dazzle
RUN cd /usr/bin && curl -fsSL https://github.com/gitpod-io/dazzle/releases/download/v0.1.12/dazzle_0.1.12_Linux_x86_64.tar.gz | tar xz
# werft CLI
ENV WERFT_CREDENTIAL_HELPER=/workspace/gitpod/dev/preview/werft-credential-helper.sh
ENV WERFT_HOST=werft-grpc.gitpod-dev.com:443
ENV WERFT_TLS_MODE=system
RUN cd /usr/bin && curl -fsSL https://github.com/csweichel/werft/releases/download/v0.3.3/werft-client-linux-amd64.tar.gz | tar xz && mv werft-client-linux-amd64 werft
# yq - jq for YAML files
# Note: we rely on version 3.x.x in various places, 4.x breaks this!
RUN cd /usr/bin && curl -fsSL https://github.com/mikefarah/yq/releases/download/3.4.1/yq_linux_amd64 > yq && chmod +x yq
# yq4 as separate binary
RUN cd /usr/bin && curl -fsSL https://github.com/mikefarah/yq/releases/download/v4.23.1/yq_linux_amd64 > yq4 && chmod +x yq4
# release helper
RUN cd /usr/bin && curl -fsSL https://github.com/c4milo/github-release/releases/download/v1.1.0/github-release_v1.1.0_linux_amd64.tar.gz | tar xz
### Protobuf
RUN set -ex \
&& tmpdir=$(mktemp -d) \
&& curl -fsSL -o $tmpdir/protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v3.20.1/protoc-3.20.1-linux-x86_64.zip \
&& mkdir -p /usr/lib/protoc && cd /usr/lib/protoc && unzip $tmpdir/protoc.zip \
&& chmod -R o+r+x /usr/lib/protoc/include \
&& chmod -R +x /usr/lib/protoc/bin \
&& ln -s /usr/lib/protoc/bin/* /usr/bin \
&& rm -rf $tmpdir
### Telepresence ###
RUN curl -fsSL https://packagecloud.io/datawireio/telepresence/gpgkey | apt-key add - \
# 'cosmic' not supported
&& add-apt-repository -yu "deb https://packagecloud.io/datawireio/telepresence/ubuntu/ bionic main" \
# 0.95 (current at the time of this commit) is broken
&& install-packages \
iproute2 \
iptables \
net-tools \
socat \
telepresence=0.109
### Toxiproxy CLI
RUN curl -fsSL -o /usr/bin/toxiproxy https://github.com/Shopify/toxiproxy/releases/download/v2.4.0/toxiproxy-cli-linux-amd64 \
&& chmod +x /usr/bin/toxiproxy
### libseccomp > 2.5.2
RUN install-packages gperf \
&& cd $(mktemp -d) \
&& curl -fsSL https://github.com/seccomp/libseccomp/releases/download/v2.5.4/libseccomp-2.5.4.tar.gz | tar xz \
&& cd libseccomp-2.5.4 && ./configure && make && make install
### Cypress deps
RUN install-packages \
libgtk2.0-0 \
libgtk-3-0 \
libgbm-dev \
libnotify-dev \
libgconf-2-4 \
libnss3 \
libxss1 \
libasound2 \
libxtst6 \
xauth
# Install netcat to use it as proxy for SSH access to Harvester VMs
RUN install-packages netcat
USER gitpod
# Fix node version we develop against
ARG GITPOD_NODE_VERSION=16.16.0
RUN bash -c ". .nvm/nvm.sh \
&& nvm install $GITPOD_NODE_VERSION \
&& npm install -g typescript yarn"
ENV PATH=/home/gitpod/.nvm/versions/node/v${GITPOD_NODE_VERSION}/bin:$PATH
## Register leeway autocompletion in bashrc
RUN bash -c "echo . \<\(leeway bash-completion\) >> ~/.bashrc"
### Google Cloud ###
# not installed via repository as then 'docker-credential-gcr' is not available
ARG GCS_DIR=/opt/google-cloud-sdk
ENV PATH=$GCS_DIR/bin:$PATH
RUN sudo chown gitpod: /opt \
&& mkdir $GCS_DIR \
&& curl -fsSL https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-400.0.0-linux-x86_64.tar.gz \
| tar -xzvC /opt \
&& /opt/google-cloud-sdk/install.sh --quiet --usage-reporting=false --bash-completion=true \
--additional-components gke-gcloud-auth-plugin docker-credential-gcr alpha beta \
# needed for access to our private registries
&& docker-credential-gcr configure-docker
ENV USE_GKE_GCLOUD_AUTH_PLUGIN=True
# Install tools for gsutil
RUN sudo install-packages \
gcc \
python-dev \
python-setuptools
RUN sudo python3 -m pip uninstall crcmod; sudo python3 -m pip install --no-cache-dir -U crcmod
### gitpod-core specific gcloud/kubectl config
# Copy GCloud default config that points to gitpod-dev
ARG GCLOUD_CONFIG_DIR=/home/gitpod/.config/gcloud
COPY --chown=gitpod gcloud-default-config $GCLOUD_CONFIG_DIR/configurations/config_default
# Set kubeconfig file for dev cluster, using GCloud Application Default Credentials (ADC) as auth provider
ARG KUBE_CONFIG_PATH=/home/gitpod/.kube/config
COPY --chown=gitpod kubeconfig.yaml $KUBE_CONFIG_PATH
# Set Application Default Credentials (ADC) based on user-provided env var
RUN echo ". /workspace/gitpod/scripts/setup-google-adc.sh" >> ~/.bashrc
ENV DB_HOST=localhost
ENV LEEWAY_WORKSPACE_ROOT=/workspace/gitpod
ENV LEEWAY_REMOTE_CACHE_BUCKET=gitpod-core-leeway-cache-branch
# awscliv2
# See also: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-version.html
# See also: https://github.com/aws/aws-cli/blob/v2/CHANGELOG.rst
RUN curl -L "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.7.25.zip" -o "awscliv2.zip" \
&& unzip awscliv2.zip \
&& sudo ./aws/install \
&& rm -f awscliv2.zip
# Install Terraform
ARG RELEASE_URL="https://releases.hashicorp.com/terraform/1.1.7/terraform_1.1.7_linux_amd64.zip"
RUN mkdir -p ~/.terraform \
&& cd ~/.terraform \
&& curl -fsSL -o terraform_linux_amd64.zip ${RELEASE_URL} \
&& unzip *.zip \
&& rm -f *.zip \
&& printf "terraform -install-autocomplete 2> /dev/null\n" >>~/.bashrc
# Install GraphViz to help debug terraform scripts
RUN sudo install-packages graphviz
ENV PATH=$PATH:$HOME/.aws-iam:$HOME/.terraform
# Install codecov uploader
# https://about.codecov.io/blog/introducing-codecovs-new-uploader
RUN sudo curl -fsSL https://uploader.codecov.io/latest/codecov-linux -o /usr/local/bin/codecov \
&& sudo chmod +x /usr/local/bin/codecov
# Install pre-commit https://pre-commit.com/#install
RUN sudo install-packages shellcheck \
&& sudo python3 -m pip install pre-commit
# gh (Github CLI) binary:
RUN cd /usr/bin && curl -fsSL https://github.com/cli/cli/releases/download/v2.11.3/gh_2.11.3_linux_amd64.tar.gz \
| sudo tar xzv --strip-components=2 gh_2.11.3_linux_amd64/bin/gh
# Install observability-related binaries
ARG PROM_VERSION="2.36.0"
RUN curl -LO https://github.com/prometheus/prometheus/releases/download/v${PROM_VERSION}/prometheus-${PROM_VERSION}.linux-amd64.tar.gz && \
tar -xzvf prometheus-${PROM_VERSION}.linux-amd64.tar.gz && \
sudo mv prometheus-${PROM_VERSION}.linux-amd64/promtool /usr/local/bin/promtool && \
rm -rf prometheus-${PROM_VERSION}.linux-amd64/ && \
rm -f prometheus-${PROM_VERSION}.linux-amd64.tar.gz
ARG JSONNET_BUNDLER_VERSION="0.4.0"
RUN curl -fsSL -o jb https://github.com/jsonnet-bundler/jsonnet-bundler/releases/download/v${JSONNET_BUNDLER_VERSION}/jb-linux-amd64 && \
chmod +x jb && sudo mv jb /usr/local/bin
ARG JSONNET_VERSION="0.17.0"
RUN curl -fsSLO https://github.com/google/go-jsonnet/releases/download/v${JSONNET_VERSION}/go-jsonnet_${JSONNET_VERSION}_Linux_x86_64.tar.gz && \
tar -xzvf go-jsonnet_${JSONNET_VERSION}_Linux_x86_64.tar.gz && \
sudo mv jsonnet /usr/local/bin/jsonnet && \
sudo mv jsonnetfmt /usr/local/bin/jsonnetfmt && \
tar -tzf go-jsonnet_${JSONNET_VERSION}_Linux_x86_64.tar.gz | xargs rm -f && \
rm -f go-jsonnet_${JSONNET_VERSION}_Linux_x86_64.tar.gz
ARG GOJSONTOYAML_VERSION="0.1.0"
RUN curl -fsSLO https://github.com/brancz/gojsontoyaml/releases/download/v${GOJSONTOYAML_VERSION}/gojsontoyaml_${GOJSONTOYAML_VERSION}_linux_amd64.tar.gz && \
tar -xzvf gojsontoyaml_${GOJSONTOYAML_VERSION}_linux_amd64.tar.gz && \
sudo mv gojsontoyaml /usr/local/bin/gojsontoyaml && \
tar -tzf gojsontoyaml_${GOJSONTOYAML_VERSION}_linux_amd64.tar.gz | xargs rm -f && \
rm -f gojsontoyaml_${GOJSONTOYAML_VERSION}_linux_amd64.tar.gz
# Install Replicated and KOTS
RUN curl https://raw.githubusercontent.com/replicatedhq/replicated/$(curl -s https://api.github.com/repos/replicatedhq/replicated/releases/latest | jq -r '.name')/install.sh | sudo bash && \
curl https://kots.io/install | bash && \
bash -c "echo . \<\(kubectl kots completion bash\) >> ~/.bashrc"
# Copy our own tools
ENV NEW_KUBECDL=1
COPY dev-kubecdl--app/kubecdl dev-gpctl--app/gpctl dev-preview-previewctl--cli/previewctl /usr/bin/
# Configure our tools' autocompletion
RUN bash -c "echo . \<\(gpctl completion bash\) >> ~/.bashrc" && \
bash -c "echo . \<\(previewctl completion bash\) >> ~/.bashrc"