From 5c90baace89d9e3bc1f69c136ff50c154723801f Mon Sep 17 00:00:00 2001
From: Joel Anderson <joel@goatshriek.com>
Date: Mon, 28 Oct 2024 17:31:20 -0400
Subject: [PATCH] add initial Dockerfile

cleanup apk after install

update for security notes

add no-cache to apk
---
 .github/workflows/build.yml | 11 +++++++++++
 tools/README.md             |  7 +++++++
 tools/docker/Dockerfile     | 22 ++++++++++++++++++++++
 3 files changed, 40 insertions(+)
 create mode 100644 tools/README.md
 create mode 100644 tools/docker/Dockerfile

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 734394e..0c828cb 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -65,6 +65,17 @@ jobs:
         run: bundle exec rake test:python
       - name: Run Python Examples
         run: bundle exec rake examples:python
+  docker:
+    runs-on: ubuntu-latest
+    name: docker build
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+      - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+        with:
+          file: 'tools/docker/Dockerfile'
+          push: false
+          tags: 'wrapture'
   sonar-analysis:
     runs-on: ubuntu-latest
     name: SonarCloud analysis
diff --git a/tools/README.md b/tools/README.md
new file mode 100644
index 0000000..44117c4
--- /dev/null
+++ b/tools/README.md
@@ -0,0 +1,7 @@
+# Development Tools
+This directory has configuration and support files for external tools that are
+used in Wrapture development.
+
+
+## docker
+Contains the Dockerfile used to build the wrapture container image.
diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile
new file mode 100644
index 0000000..9de25ec
--- /dev/null
+++ b/tools/docker/Dockerfile
@@ -0,0 +1,22 @@
+FROM ruby:3.3.5-alpine3.20
+
+# copy the build-necessary source into the container
+WORKDIR /usr/src/wrapture
+COPY bin ./bin
+COPY lib ./lib
+COPY sig ./sig
+COPY Gemfile wrapture.gemspec ./
+
+# set up the environment for the build
+RUN apk update \
+      && apk add --no-cache --virtual build-dependencies build-base \
+      && bundle install \
+      && gem build --output wrapture.gem wrapture.gemspec \
+      && gem install wrapture.gem \
+      && apk del build-dependencies \
+      && addgroup -S wrapture \
+      && adduser -S wrapture -G wrapture
+
+# set the user to wrapture
+WORKDIR /home/wrapture
+USER wrapture