forked from oss-review-toolkit/ort
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile-legacy
214 lines (183 loc) · 8.4 KB
/
Dockerfile-legacy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
# syntax=docker/dockerfile:1.4
# Use at least version 1.4 above to be able to use linked copies, see e.g.
# https://www.howtogeek.com/devops/how-to-accelerate-docker-builds-and-optimize-caching-with-copy-link/
# Copyright (C) 2020 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# License-Filename: LICENSE
# Set this to a directory containing CRT-files for custom certificates that ORT and all build tools should know about.
ARG CRT_FILES="*.crt"
# Set this to the Java version to use in the base image (and to build and run ORT with).
ARG JAVA_VERSION=17
# Set this to the version ORT should report.
ARG ORT_VERSION="DOCKER-SNAPSHOT"
# Set this to the NuGet Inspector version to use.
ARG NUGET_INSPECTOR_VERSION=0.9.12
# Set this to the Python Inspector version to use.
ARG PYTHON_INSPECTOR_VERSION="0.9.6"
# Set this to the ScanCode version to use.
ARG SCANCODE_VERSION="31.2.4"
FROM eclipse-temurin:$JAVA_VERSION-jdk-jammy AS build
# Repeat global arguments used in this stage.
ARG CRT_FILES
ARG ORT_VERSION
COPY . /usr/local/src/ort
COPY "$CRT_FILES" /tmp/certificates/
WORKDIR /usr/local/src/ort
# Persist whatever gets written to the Gradle user home to speed up subsequent builds.
RUN --mount=type=cache,target=/tmp/.gradle/ \
export GRADLE_USER_HOME=/tmp/.gradle/ && \
scripts/export_proxy_certificates.sh /tmp/certificates/ && \
scripts/import_certificates.sh /tmp/certificates/ && \
scripts/set_gradle_proxy.sh && \
./gradlew --no-daemon --stacktrace -Pversion=$ORT_VERSION :cli:installDist :helper-cli:startScripts
FROM eclipse-temurin:$JAVA_VERSION-jdk-jammy AS run
# Repeat global arguments used in this stage.
ARG CRT_FILES
ARG NUGET_INSPECTOR_VERSION
ARG PYTHON_INSPECTOR_VERSION
ARG SCANCODE_VERSION
ENV \
# Package manager versions.
BOWER_VERSION=1.8.12 \
CARGO_VERSION=0.67.1+ds0ubuntu0.libgit2-0ubuntu0.22.04.2 \
COCOAPODS_VERSION=1.11.2 \
COMPOSER_VERSION=2.2.6-2ubuntu4 \
CONAN_VERSION=1.57.0 \
GO_DEP_VERSION=0.5.4 \
GO_VERSION=1.20.5 \
HASKELL_STACK_VERSION=2.7.5 \
NPM_VERSION=8.15.1 \
PNPM_VERSION=7.8.0 \
PYTHON_PIPENV_VERSION=2022.9.24 \
PYTHON_POETRY_VERSION=1.2.2 \
SBT_VERSION=1.6.1 \
YARN_VERSION=1.22.17 \
# SDK versions.
ANDROID_SDK_VERSION=9477386 \
# Installation directories.
ANDROID_HOME=/opt/android-sdk \
GOPATH=/tmp/go
ENV DEBIAN_FRONTEND=noninteractive \
PATH="$PATH:$GOPATH/bin:/opt/go/bin:/opt/ort/bin"
# Apt install commands.
RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \
apt-get update && \
apt-get install -y --no-install-recommends ca-certificates gnupg software-properties-common && \
echo "deb https://repo.scala-sbt.org/scalasbt/debian all main" | tee -a /etc/apt/sources.list.d/sbt.list && \
curl -ksS "https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&search=0x2EE0EA64E40A89B84B2DF73499E82A75642AC823" | apt-key adv --import - && \
curl -sL https://deb.nodesource.com/setup_16.x | bash - && \
add-apt-repository -y ppa:git-core/ppa && \
apt-get update && \
apt-get install -y --no-install-recommends \
# Install general tools required by this Dockerfile.
lib32stdc++6 \
libffi-dev \
libgmp-dev \
libxext6 \
libxi6 \
libxrender1 \
libxtst6 \
make \
netbase \
openssh-client \
unzip \
xz-utils \
zlib1g-dev \
# Install VCS tools (no specific versions required here).
git \
mercurial \
subversion \
# Install package managers (in versions known to work).
cargo=$CARGO_VERSION \
composer=$COMPOSER_VERSION \
nodejs \
python-is-python3 \
python3-dev \
python3-pip \
python3-setuptools \
ruby-dev \
sbt=$SBT_VERSION \
# dotnet requirements
libc6 \
libgcc1 \
libgcc-s1 \
libgssapi-krb5-2 \
libicu70 \
liblttng-ust1 \
libssl3 \
libstdc++6 \
libunwind8 \
&& \
rm -rf /var/lib/apt/lists/*
COPY scripts/*.sh /opt/ort/bin/
COPY "$CRT_FILES" /tmp/certificates/
# Custom install commands.
RUN /opt/ort/bin/export_proxy_certificates.sh /tmp/certificates/ && \
/opt/ort/bin/import_certificates.sh /tmp/certificates/ && \
# Install VCS tools (no specific versions required here).
curl -ksS https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \
chmod a+x /usr/local/bin/repo && \
# Install package managers (in versions known to work).
npm install --location=global npm@$NPM_VERSION bower@$BOWER_VERSION pnpm@$PNPM_VERSION yarn@$YARN_VERSION && \
pip install --no-cache-dir wheel && \
pip install --no-cache-dir conan==$CONAN_VERSION poetry==$PYTHON_POETRY_VERSION pipenv==$PYTHON_PIPENV_VERSION && \
# Install golang in order to have `go mod` as package manager.
curl -ksSO https://dl.google.com/go/go$GO_VERSION.linux-amd64.tar.gz && \
tar -C /opt -xzf go$GO_VERSION.linux-amd64.tar.gz && \
rm go$GO_VERSION.linux-amd64.tar.gz && \
export GOBIN=/opt/go/bin && \
curl -ksS https://raw.githubusercontent.com/golang/dep/v$GO_DEP_VERSION/install.sh | sh && \
curl -ksS https://raw.githubusercontent.com/commercialhaskell/stack/v$HASKELL_STACK_VERSION/etc/scripts/get-stack.sh | sh && \
# Install SDKs required for analysis.
curl -Os https://dl.google.com/android/repository/commandlinetools-linux-${ANDROID_SDK_VERSION}_latest.zip && \
unzip -q commandlinetools-linux-${ANDROID_SDK_VERSION}_latest.zip -d $ANDROID_HOME && \
rm commandlinetools-linux-${ANDROID_SDK_VERSION}_latest.zip && \
PROXY_HOST_AND_PORT=${https_proxy#*://} && \
PROXY_HOST_AND_PORT=${PROXY_HOST_AND_PORT%/} && \
if [ -n "$PROXY_HOST_AND_PORT" ]; then \
# While sdkmanager uses HTTPS by default, the proxy type is still called "http".
SDK_MANAGER_PROXY_OPTIONS="--proxy=http --proxy_host=${PROXY_HOST_AND_PORT%:*} --proxy_port=${PROXY_HOST_AND_PORT##*:}"; \
fi && \
yes | $ANDROID_HOME/cmdline-tools/bin/sdkmanager $SDK_MANAGER_PROXY_OPTIONS --sdk_root=$ANDROID_HOME "platform-tools" && \
chmod -R o+w $ANDROID_HOME && \
# Install 'CocoaPods'.
gem install cocoapods -v $COCOAPODS_VERSION
# Add scanners (in versions known to work).
RUN curl -Os https://raw.githubusercontent.com/nexB/scancode-toolkit/v$SCANCODE_VERSION/requirements.txt && \
pip install --no-cache-dir --constraint requirements.txt scancode-toolkit==$SCANCODE_VERSION && \
rm requirements.txt
RUN pip install --no-cache-dir python-inspector==$PYTHON_INSPECTOR_VERSION
# nuget-inspector
ENV NUGET_INSPECTOR_ROOT=/opt/nuget-inspector
ENV NUGET_INSPECTOR_HOME=$NUGET_INSPECTOR_ROOT/bin
ENV NUGET_DOTNET_HOME=$NUGET_INSPECTOR_ROOT/dotnet
ENV PATH=$PATH:$NUGET_DOTNET_HOME:$NUGET_DOTNET_HOME/tools:$NUGET_INSPECTOR_HOME
# Note: We are not installing a dotnet package directly because
# debian packages from Ubuntu and Microsoft are incomplete
RUN mkdir -p $NUGET_DOTNET_HOME \
&& curl --location https://aka.ms/dotnet/6.0/dotnet-sdk-linux-x64.tar.gz \
| tar -C $NUGET_DOTNET_HOME -xz
RUN mkdir -p $NUGET_INSPECTOR_HOME \
&& curl -L https://github.com/nexB/nuget-inspector/releases/download/v${NUGET_INSPECTOR_VERSION}/nuget-inspector-v${NUGET_INSPECTOR_VERSION}-linux-x64.tar.gz \
| tar --strip-components=1 -C $NUGET_INSPECTOR_HOME -xz
FROM run AS dist
# Repeat global arguments used in this stage.
ARG ORT_VERSION
COPY --from=build --link /usr/local/src/ort/cli/build/install/ort /opt/ort
# Support to run the helper-cli like `docker run --entrypoint /opt/ort/bin/orth ort`.
COPY --from=build --link /usr/local/src/ort/helper-cli/build/scripts/orth /opt/ort/bin/
COPY --from=build --link /usr/local/src/ort/helper-cli/build/libs/helper-cli-$ORT_VERSION.jar /opt/ort/lib/
ENTRYPOINT ["/opt/ort/bin/ort"]