From e83c6fe1fae059af4f48f10f89610300b15c77e9 Mon Sep 17 00:00:00 2001 From: Helio Chissini de Castro Date: Tue, 8 Nov 2022 17:27:03 +0100 Subject: [PATCH] docker: Build and run as a non-privileged user - Shell in login profile is not more needed - Container runs always on the defined build user ( default: ort ) - Added an auxiliary script for apt proxy - Detect platform for build. scancode is disabled on linux/arm64 Signed-off-by: Helio Chissini de Castro --- Dockerfile | 417 +++++++++++------- docker/android.sh | 22 - docker/ort-wrapper.sh | 20 - docker/python.sh | 27 -- docker/ruby.sh | 25 -- docker/rust.sh | 26 -- ...{00-add_local_path.sh => set_apt_proxy.sh} | 20 +- scripts/docker_build.sh | 5 +- 8 files changed, 269 insertions(+), 293 deletions(-) delete mode 100755 docker/android.sh delete mode 100755 docker/ort-wrapper.sh delete mode 100755 docker/python.sh delete mode 100755 docker/ruby.sh delete mode 100644 docker/rust.sh rename docker/{00-add_local_path.sh => set_apt_proxy.sh} (75%) diff --git a/Dockerfile b/Dockerfile index e364c900f8d7..33c1b0d280f9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.3 +# syntax=docker/dockerfile-upstream:1.4 # Copyright (C) 2020 The ORT Project Authors (see ) # @@ -18,20 +18,22 @@ # License-Filename: LICENSE # Use OpenJDK Eclipe Temurin Ubuntu LTS -FROM eclipse-temurin:11-jdk-jammy as ort-base-image +FROM eclipse-temurin:11-jdk-jammy as base ENV LANG=en_US.UTF-8 ENV LANGUAGE=en_US:en ENV LC_ALL=en_US.UTF-8 -RUN echo $LANG > /etc/locale.gen \ - && locale-gen en_US.UTF-8 \ - && update-locale LANG=en_US.UTF-8 +RUN echo "Architecture: $(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/)" + +# Check and set apt proxy +COPY docker/set_apt_proxy.sh /etc/scripts/set_apt_proxy.sh +RUN /etc/scripts/set_apt_proxy.sh # Base package set RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ - apt-get update \ + apt-get update -qq \ && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ ca-certificates \ coreutils \ @@ -39,12 +41,16 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ curl \ dirmngr \ gcc \ + g++ \ git \ gnupg2 \ iproute2 \ libarchive-tools \ - libz-dev \ + libgmp-dev \ + libffi-dev \ locales \ + lzma \ + make \ netbase \ openssh-client \ openssl \ @@ -56,12 +62,17 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ unzip \ wget \ xz-utils \ - && rm -rf /var/lib/apt/lists/* + && sudo rm -rf /var/lib/apt/lists/* + +RUN echo $LANG > /etc/locale.gen \ + && locale-gen $LANG \ + && update-locale LANG=$LANG ARG USERNAME=ort ARG USER_ID=1000 ARG USER_GID=$USER_ID ARG HOMEDIR=/home/ort +ENV USER=$USERNAME ENV HOME=$HOMEDIR # Non privileged user @@ -73,14 +84,16 @@ RUN groupadd --gid $USER_GID $USERNAME \ --home-dir $HOMEDIR \ --create-home $USERNAME +# We use /opt as main language install dir +RUN chgrp $USERNAME /opt \ + && chmod g+wx /opt + # sudo support RUN echo "$USERNAME ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/$USERNAME \ && chmod 0440 /etc/sudoers.d/$USERNAME -COPY docker/00-add_local_path.sh /etc/profile.d/ - -# Copy ort scripts -COPY scripts /etc/scripts +# Import certificates scripts only +COPY scripts/import_certificates.sh /etc/scripts/import_certificates.sh # Set this to a directory containing CRT-files for custom certificates that ORT and all build tools should know about. ARG CRT_FILES="" @@ -91,78 +104,76 @@ RUN /etc/scripts/import_certificates.sh \ /etc/scripts/import_certificates.sh /tmp/certificates/; \ fi -#------------------------------------------------------------------------ -FROM ort-base-image AS build +USER ${USERNAME} -#------------------------------------------------------------------------ -# Ubuntu build toolchain -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - build-essential \ - dpkg-dev \ - libbluetooth-dev \ - libbz2-dev \ - libc6-dev \ - libexpat1-dev \ - libffi-dev \ - libgmp-dev \ - libgdbm-dev \ - liblzma-dev \ - libmpdec-dev \ - libncursesw5-dev \ - libreadline-dev \ - libsqlite3-dev \ - libssl-dev \ - make \ - tk-dev \ - zlib1g-dev \ - && rm -rf /var/lib/apt/lists/* +ENTRYPOINT [ "/bin/bash" ] #------------------------------------------------------------------------ # PYTHON - Build Python as a separate component with pyenv -FROM build as pythonbuild +FROM base as python + +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + sudo apt-get update -qq \ + && DEBIAN_FRONTEND=noninteractive sudo apt-get install -y --no-install-recommends \ + libreadline-dev \ + libgdbm-dev \ + libsqlite3-dev \ + libssl-dev \ + libbz2-dev \ + liblzma-dev \ + tk-dev \ + && sudo rm -rf /var/lib/apt/lists/* ARG PYTHON_VERSION=3.10.6 ARG PYENV_GIT_TAG=v2.3.4 ENV PYENV_ROOT=/opt/python -RUN curl -kSs https://pyenv.run | bash -ENV PATH=${PYENV_ROOT}/shims:${PYENV_ROOT}/bin:$PATH -RUN pyenv install -v ${PYTHON_VERSION} -RUN pyenv global ${PYTHON_VERSION} +ENV PATH=$PATH:${PYENV_ROOT}/shims:${PYENV_ROOT}/bin -COPY docker/python.sh /etc/profile.d +RUN curl -kSs https://pyenv.run | bash \ + && pyenv install -v ${PYTHON_VERSION} \ + && pyenv global ${PYTHON_VERSION} ARG CONAN_VERSION=1.53.0 ARG PYTHON_INSPECTOR_VERSION=0.9.2 ARG PYTHON_PIPENV_VERSION=2022.9.24 ARG PYTHON_POETRY_VERSION=1.1.13 ARG PIPTOOL_VERSION=22.2.2 -ARG SCANCODE_VERSION=30.1.0 -ENV PYENV_ROOT=/opt/python -ENV PATH=${PYENV_ROOT}/shims:${PYENV_ROOT}/bin:$PATH -# Scancode need restrict commoncode version -RUN pip install -U \ +RUN pip install --no-cache-dir -U \ pip=="${PIPTOOL_VERSION}" \ wheel \ - && pip install -U \ + && pip install --no-cache-dir -U \ Mercurial \ - commoncode==30.0.0 \ conan=="${CONAN_VERSION}" \ pipenv=="${PYTHON_PIPENV_VERSION}" \ poetry==${PYTHON_POETRY_VERSION} \ - python-inspector=="${PYTHON_INSPECTOR_VERSION}" \ - scancode-toolkit==${SCANCODE_VERSION} + python-inspector=="${PYTHON_INSPECTOR_VERSION}" + +ARG SCANCODE_VERSION=30.1.0 + +# Scancode is not ready for linux/arm64 +RUN arch=$(arch | sed s/aarch64/arm64/) \ + && if [ "$arch" != "arm64" ]; then pip install --no-cache-dir -U scancode-toolkit==${SCANCODE_VERSION}; fi #------------------------------------------------------------------------ # RUBY - Build Ruby as a separate component with rbenv -FROM build as rubybuild +FROM base as ruby + +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + sudo apt-get update -qq \ + && DEBIAN_FRONTEND=noninteractive sudo apt-get install -y --no-install-recommends \ + libreadline6-dev \ + libssl-dev \ + libz-dev \ + xvfb \ + zlib1g-dev \ + && sudo rm -rf /var/lib/apt/lists/* -ARG COCOAPODS_VERSION=1.11.2 ARG RUBY_VERSION=3.1.2 + ENV RBENV_ROOT=/opt/rbenv ENV PATH=${RBENV_ROOT}/bin:${RBENV_ROOT}/shims/:${RBENV_ROOT}/plugins/ruby-build/bin:$PATH @@ -172,189 +183,275 @@ WORKDIR ${RBENV_ROOT} RUN src/configure \ && make -C src RUN rbenv install ${RUBY_VERSION} -v \ - && rbenv global ${RUBY_VERSION} \ - && gem install bundler cocoapods:${COCOAPODS_VERSION} + && rbenv global ${RUBY_VERSION} -COPY docker/ruby.sh /etc/profile.d +# Packages +ARG COCOAPODS_VERSION=1.11.2 + +RUN gem install bundler cocoapods:${COCOAPODS_VERSION} #------------------------------------------------------------------------ # NODEJS - Build NodeJS as a separate component with nvm -FROM build AS nodebuild +FROM base AS nodejs -ARG BOWER_VERSION=1.8.12 ARG NODEJS_VERSION=16.17.1 ARG NPM_VERSION=8.15.1 -ARG NVM_DIR=/opt/nvm -ARG PNPM_VERSION=7.8.0 -ARG YARN_VERSION=1.22.10 + +ENV NVM_DIR=/opt/nvm RUN git clone --depth 1 https://github.com/nvm-sh/nvm.git $NVM_DIR RUN . $NVM_DIR/nvm.sh \ && nvm install "${NODEJS_VERSION}" \ && nvm alias default "${NODEJS_VERSION}" \ - && nvm use default \ - && npm install --global npm@$NPM_VERSION bower@$BOWER_VERSION pnpm@$PNPM_VERSION yarn@$YARN_VERSION + && nvm use default + +# Packages +ARG BOWER_VERSION=1.8.12 +ARG PNPM_VERSION-7.8.0 +ARG YARN_VERSION=1.22.10 + +ENV NODE_PATH $NVM_DIR/v$NODEJS_VERSION/lib/node_modules +ENV PATH=$PATH:$NVM_DIR/versions/node/v$NODEJS_VERSION/bin + +RUN npm install --global npm@$NPM_VERSION bower@$BOWER_VERSION pnpm@$PNPM_VERSION yarn@$YARN_VERSION #------------------------------------------------------------------------ # RUST - Build as a separate component -FROM build AS rustbuild +FROM base AS rust -ARG RUST_HOME=/opt/rust -ARG CARGO_HOME=${RUST_HOME}/cargo -ARG RUSTUP_HOME=${RUST_HOME}/rustup ARG RUST_VERSION=1.64.0 + +ENV RUST_HOME=/opt/rust +ENV CARGO_HOME=${RUST_HOME}/cargo +ENV RUSTUP_HOME=${RUST_HOME}/rustup + RUN curl -ksSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain ${RUST_VERSION} #------------------------------------------------------------------------ # GOLANG - Build as a separate component -FROM build AS gobuild +FROM base AS go ARG GO_DEP_VERSION=0.5.4 ARG GO_VERSION=1.18.3 + ENV GOPATH=/opt/go -RUN curl -L https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz | tar -C /opt -xz -ENV PATH=/opt/go/bin:$PATH -RUN go version +ENV PATH=$PATH:${GOPATH}/bin + +RUN arch=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) \ + && curl -L https://dl.google.com/go/go${GO_VERSION}.linux-${arch}.tar.gz | tar -C /opt -xz; + RUN curl -ksS https://raw.githubusercontent.com/golang/dep/v$GO_DEP_VERSION/install.sh | bash -RUN echo "add_local_path /opt/go/bin:\$PATH" > /etc/profile.d/go.sh #------------------------------------------------------------------------ # HASKELL STACK -FROM build AS haskellbuild +FROM base AS haskell_stack + +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + sudo apt-get update -qq \ + && DEBIAN_FRONTEND=noninteractive sudo apt-get install -y --no-install-recommends \ + zlib1g-dev \ + && sudo rm -rf /var/lib/apt/lists/* ARG HASKELL_STACK_VERSION=2.7.5 -RUN curl -sSL https://get.haskellstack.org/ | bash -s -- -d /usr/bin + +ENV HASKELL_HOME=/opt/haskell +ENV PATH=$PATH:${HASKELL_HOME}/bin + +RUN curl -sSL https://get.haskellstack.org/ | bash -s -- -d ${HASKELL_HOME}/bin #------------------------------------------------------------------------ # REPO / ANDROID SDK -FROM build AS androidbuild +FROM base AS android_cmd ARG ANDROID_CMD_VERSION=8512546 ENV ANDROID_HOME=/opt/android-sdk -RUN curl -ksS https://storage.googleapis.com/git-repo-downloads/repo > /usr/bin/repo \ - && chmod a+x /usr/bin/repo +ARG USERNAME=ort +ARG USER_ID=1000 +ARG USER_GID=$USER_ID +ARG HOMEDIR=/home/ort +ENV USER=$USERNAME +ENV HOME=$HOMEDIR -RUN curl -Os https://dl.google.com/android/repository/commandlinetools-linux-${ANDROID_CMD_VERSION}_latest.zip \ +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + sudo apt-get update -qq \ + && DEBIAN_FRONTEND=noninteractive sudo apt-get install -y --no-install-recommends \ + unzip \ + && sudo rm -rf /var/lib/apt/lists/* + +RUN curl -ksS https://storage.googleapis.com/git-repo-downloads/repo | sudo tee /usr/bin/repo > /dev/null 2>&1 \ + && sudo chmod a+x /usr/bin/repo + +RUN --mount=type=tmpfs,target=/android \ + cd /android \ + && curl -Os https://dl.google.com/android/repository/commandlinetools-linux-${ANDROID_CMD_VERSION}_latest.zip \ && unzip -q commandlinetools-linux-${ANDROID_CMD_VERSION}_latest.zip -d $ANDROID_HOME \ - && rm commandlinetools-linux-${ANDROID_CMD_VERSION}_latest.zip \ && PROXY_HOST_AND_PORT=${https_proxy#*://} \ && if [ -n "$PROXY_HOST_AND_PORT" ]; then \ # While sdkmanager uses HTTPS by default, the proxy type is still called "http". SDK_MANAGER_PROXY_OPTIONS="--proxy=http --proxy_host=${PROXY_HOST_AND_PORT%:*} --proxy_port=${PROXY_HOST_AND_PORT##*:}"; \ fi \ && yes | $ANDROID_HOME/cmdline-tools/bin/sdkmanager $SDK_MANAGER_PROXY_OPTIONS \ - --sdk_root=$ANDROID_HOME "platform-tools" "cmdline-tools;latest" \ - && chmod -R o+rw $ANDROID_HOME -COPY docker/android.sh /etc/profile.d + --sdk_root=$ANDROID_HOME "platform-tools" "cmdline-tools;latest" + +#------------------------------------------------------------------------ +# Dart +FROM base AS dart + +ARG DART_VERSION=2.18.4 +WORKDIR /opt/ + +ENV DART_SDK=/opt/dart-sdk +ENV PATH=$PATH:${DART_SDK}/bin + +RUN --mount=type=tmpfs,target=/dart \ + arch=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/x64/) \ + && curl -o /dart/dart.zip -L https://storage.googleapis.com/dart-archive/channels/stable/release/${DART_VERSION}/sdk/dartsdk-linux-${arch}-release.zip \ + && unzip /dart/dart.zip + +#------------------------------------------------------------------------ +# SBT +FROM base AS sbt + +ARG SBT_VERSION=1.6.1 + +ENV SBT_HOME=/opt/sbt +ENV PATH=$PATH:${SBT_HOME}/bin + +RUN curl -L https://github.com/sbt/sbt/releases/download/v${SBT_VERSION}/sbt-${SBT_VERSION}.tgz | tar -C /opt -xz #------------------------------------------------------------------------ # ORT -FROM build as ortbuild +FROM base as ort # Set this to the version ORT should report. ARG ORT_VERSION="DOCKER-SNAPSHOT" -COPY . /usr/local/src/ort -WORKDIR /usr/local/src/ort +WORKDIR ${HOME}/src/ort # Prepare Gradle -RUN scripts/import_proxy_certs.sh /usr/local/src/ort/gradle.properties \ +RUN --mount=type=bind,target=${HOME}/src/ort,rw \ + sudo chown -R ${USER}. . \ + && scripts/import_proxy_certs.sh ${HOME}/src/ort/gradle.properties \ && scripts/set_gradle_proxy.sh \ - && ./gradlew --no-daemon --stacktrace -Pversion=$ORT_VERSION :cli:distTar :helper-cli:startScripts - -RUN mkdir -p /opt/ort \ - && tar xf /usr/local/src/ort/cli/build/distributions/ort-$ORT_VERSION.tar -C /opt/ort --strip-components 1 \ - && cp -a /usr/local/src/ort/scripts/*.sh /opt/ort/bin/ \ - && cp -a /usr/local/src/ort/helper-cli/build/scripts/orth /opt/ort/bin/ \ - && cp -a /usr/local/src/ort/helper-cli/build/libs/helper-cli-*.jar /opt/ort/lib/ \ - && cd \ - && rm -rf /usr/local/src + && ./gradlew --no-daemon --stacktrace -Pversion=$ORT_VERSION :cli:distTar :helper-cli:startScripts \ + && mkdir -p /opt/ort \ + && cd /opt/ort \ + && tar xf ${HOME}/src/ort/cli/build/distributions/ort-$ORT_VERSION.tar -C /opt/ort --strip-components 1 \ + && cp -a ${HOME}/src/ort/scripts/*.sh /opt/ort/bin/ \ + && cp -a ${HOME}/src/ort/helper-cli/build/scripts/orth /opt/ort/bin/ \ + && cp -a ${HOME}/src/ort/helper-cli/build/libs/helper-cli-*.jar /opt/ort/lib/ #------------------------------------------------------------------------ -# Main container -FROM ort-base-image as run +# Components container +FROM base as components + +ARG USERNAME=ort +ARG HOMEDIR=/home/ort +ENV USER=$USERNAME +ENV HOME=$HOMEDIR -# Remove ort build scripts -RUN rm -rf /etc/scripts +USER $USER +WORKDIR $HOME -# Python -ARG PYENV_ROOT=/opt/python -COPY --chown=$USERNAME:$USERNAME --from=pythonbuild ${PYENV_ROOT} ${PYENV_ROOT} -COPY --from=pythonbuild /etc/profile.d/python.sh /etc/profile.d/ -RUN chmod o+rwx ${PYENV_ROOT} +# Apt install commands. +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + sudo apt-get update -qq && \ + DEBIAN_FRONTEND=noninteractive sudo apt-get install -y --no-install-recommends \ + php \ + subversion \ + && sudo rm -rf /var/lib/apt/lists/* + +# PHP composer +ARG COMPOSER_VERSION=2.2 +RUN curl -ksS https://getcomposer.org/installer | sudo php -- --install-dir=/bin --filename=composer --$COMPOSER_VERSION + +# Python +ENV PYENV_ROOT=/opt/python +ENV PATH=$PATH:${PYENV_ROOT}/shims:${PYENV_ROOT}/bin + +COPY --from=python ${PYENV_ROOT} ${PYENV_ROOT} +RUN sudo chown -R ${USER}.${USER} ${PYENV_ROOT} # Ruby -ARG RBENV_ROOT=/opt/rbenv/ -COPY --chown=$USERNAME:$USERNAME --from=rubybuild ${RBENV_ROOT} ${RBENV_ROOT} -COPY --from=rubybuild /etc/profile.d/ruby.sh /etc/profile.d/ -RUN chmod o+rwx ${RBENV_ROOT} +ENV RBENV_ROOT=/opt/rbenv/ +ENV PATH=$PATH:${RBENV_ROOT}/bin:${RBENV_ROOT}/shims:${RBENV_ROOT}/plugins/ruby-install/bin + +COPY --chown=${USER}.${USER} --from=ruby ${RBENV_ROOT} ${RBENV_ROOT} +RUN sudo chown -R ${USER}.${USER} ${RBENV_ROOT} # NodeJS ARG NODEJS_VERSION=16.17.1 -ARG NVM_DIR=/opt/nvm + +ENV NVM_DIR=/opt/nvm ENV NODE_PATH $NVM_DIR/v$NODEJS_VERSION/lib/node_modules -ENV PATH $NVM_DIR/versions/node/v$NODEJS_VERSION/bin:$PATH -COPY --chown=$USERNAME:$USERNAME --from=nodebuild ${NVM_DIR} ${NVM_DIR} -RUN chmod o+rwx ${NVM_DIR} +ENV PATH=$PATH:$NVM_DIR/versions/node/v$NODEJS_VERSION/bin + +COPY --from=nodejs ${NVM_DIR} ${NVM_DIR} +RUN sudo chown -R ${USER}.${USER} ${NVM_DIR} # Rust -ARG RUST_HOME=/opt/rust -ARG CARGO_HOME=${RUST_HOME}/cargo -COPY --chown=$USERNAME:$USERNAME --from=rustbuild /opt/rust /opt/rust -COPY docker/rust.sh /etc/profile.d/ -RUN chmod o+rwx ${CARGO_HOME} +ENV RUST_HOME=/opt/rust +ENV CARGO_HOME=${RUST_HOME}/cargo +ENV RUSTUP_HOME=${RUST_HOME}/rustup +ENV PATH=$PATH:${CARGO_HOME}/bin:${RUSTUP_HOME}/bin + +COPY --from=rust ${RUST_HOME} ${RUST_HOME} +RUN sudo chown -R ${USER}.${USER} ${RUST_HOME} \ + && sudo chmod -R o+rw ${RUST_HOME} # Golang -COPY --chown=$USERNAME:$USERNAME --from=gobuild /opt/go /opt/go/ -COPY --from=gobuild /etc/profile.d/go.sh /etc/profile.d/ +ENV GOPATH=/opt/go +ENV PATH=$PATH:${GOPATH}/bin + +COPY --from=go ${GOPATH} ${GOPATH} +RUN sudo chown -R ${USER}.${USER} ${GOPATH} \ + && sudo chmod -R o+rw ${GOPATH} # Haskell -COPY --from=haskellbuild /usr/bin/stack /usr/bin +COPY --from=haskell_stack /opt/haskell/bin/stack /usr/bin # Repo and Android ENV ANDROID_HOME=/opt/android-sdk -COPY --from=androidbuild /usr/bin/repo /usr/bin/ -COPY --from=androidbuild /etc/profile.d/android.sh /etc/profile.d/ -COPY --chown=$USERNAME:$USERNAME --from=androidbuild ${ANDROID_HOME} ${ANDROID_HOME} -RUN chmod o+rw ${ANDROID_HOME} +ENV PATH=$PATH:${ANDROID_HOME}/tools/bin:${ANDROID_HOME}/emulator:${ANDROID_HOME}/platform-tools -# External repositories for SBT -ARG SBT_VERSION=1.6.1 -RUN KEYURL="https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x2EE0EA64E40A89B84B2DF73499E82A75642AC823" \ - && echo "deb https://repo.scala-sbt.org/scalasbt/debian all main" | tee /etc/apt/sources.list.d/sbt.list \ - && echo "deb https://repo.scala-sbt.org/scalasbt/debian /" | tee /etc/apt/sources.list.d/sbt_old.list \ - && curl -ksS "$KEYURL" | gpg --dearmor | tee "/etc/apt/trusted.gpg.d/scala_ubuntu.gpg" > /dev/null - -# External repository for Dart -RUN KEYURL="https://dl-ssl.google.com/linux/linux_signing_key.pub" \ - && LISTURL="https://storage.googleapis.com/download.dartlang.org/linux/debian/dart_stable.list" \ - && curl -ksS "$KEYURL" | gpg --dearmor | tee "/etc/apt/trusted.gpg.d/dart.gpg" > /dev/null \ - && curl -ksS "$LISTURL" > /etc/apt/sources.list.d/dart.list \ - && echo "add_local_path /usr/lib/dart/bin:\$PATH" > /etc/profile.d/dart.sh +COPY --from=android_cmd /usr/bin/repo /usr/bin/ +COPY --from=android_cmd ${ANDROID_HOME} ${ANDROID_HOME} +RUN sudo chown -R ${USER}.${USER} ${ANDROID_HOME} \ + && sudo chmod -R o+rw ${ANDROID_HOME} -# Apt install commands. -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - dart \ - php \ - sbt=$SBT_VERSION \ - subversion \ - && rm -rf /var/lib/apt/lists/* +# Dart +ENV DART_SDK=/opt/dart-sdk +ENV PATH=$PATH:${DART_SDK}/bin -# PHP composer -ARG COMPOSER_VERSION=2.2 -RUN curl -ksS https://getcomposer.org/installer | php -- --install-dir=/bin --filename=composer --$COMPOSER_VERSION +COPY --from=dart ${DART_SDK} ${DART_SDK} +RUN sudo chown -R ${USER}.${USER} ${DART_SDK} -# ORT -COPY --chown=$USERNAME:$USERNAME --from=ortbuild /opt/ort /opt/ort -COPY docker/ort-wrapper.sh /usr/bin/ort -COPY docker/ort-wrapper.sh /usr/bin/orth -RUN chmod 755 /usr/bin/ort +# SBT +ENV SBT_HOME=/opt/sbt +ENV PATH=$PATH:${SBT_HOME}/bin + +COPY --from=sbt ${SBT_HOME} ${SBT_HOME} +RUN sudo chown -R ${USER}.${USER} ${SBT_HOME} + +#------------------------------------------------------------------------ +# Main Runtime container +FROM components AS run -USER $USERNAME -WORKDIR $HOMEDIR +ARG USERNAME=ort +ARG HOMEDIR=/home/ort +ENV USER=$USERNAME +ENV HOME=$HOMEDIR + +USER $USER +WORKDIR $HOME + +# ORT +COPY --from=ort /opt/ort /opt/ort +RUN sudo ln -sf /opt/ort/bin/ort /usr/bin/ort \ + && sudo ln -sf /opt/ort/bin/orth /usr/bin/orth ENTRYPOINT ["/usr/bin/ort"] diff --git a/docker/android.sh b/docker/android.sh deleted file mode 100755 index bbc3e0e0bd71..000000000000 --- a/docker/android.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -# Copyright (C) 2021 The ORT Project Authors (see ) -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# License-Filename: LICENSE - -add_local_path "${ANDROID_HOME}/tools/bin" -add_local_path "${ANDROID_HOME}/emulator" -add_local_path "${ANDROID_HOME}/platform-tools" diff --git a/docker/ort-wrapper.sh b/docker/ort-wrapper.sh deleted file mode 100755 index 0903d953a36f..000000000000 --- a/docker/ort-wrapper.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -l - -# Copyright (C) 2021 The ORT Project Authors (see ) -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# License-Filename: LICENSE - -exec /opt/ort/bin/"$(basename "$0")" "$@" diff --git a/docker/python.sh b/docker/python.sh deleted file mode 100755 index 25dc4e2095b2..000000000000 --- a/docker/python.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -# Copyright (C) 2021 The ORT Project Authors (see ) -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# License-Filename: LICENSE - -PYENV_ROOT="/opt/python" -export PYENV_ROOT - -add_local_path "${PYENV_ROOT}/bin" -add_local_path "${PYENV_ROOT}/shims" - -# shellcheck disable=1091 -. "$(pyenv root)"/completions/pyenv.bash; diff --git a/docker/ruby.sh b/docker/ruby.sh deleted file mode 100755 index 32bab175605e..000000000000 --- a/docker/ruby.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -# Copyright (C) 2021 The ORT Project Authors (see ) -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# License-Filename: LICENSE - -RBENV_ROOT="/opt/rbenv" -export RBENV_ROOT - -add_local_path "${RBENV_ROOT}/bin" -add_local_path "${RBENV_ROOT}/shims" -add_local_path "${RBENV_ROOT}/plugins/ruby-install/bin" diff --git a/docker/rust.sh b/docker/rust.sh deleted file mode 100644 index 594074d3054c..000000000000 --- a/docker/rust.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -# Copyright (C) 2022 The ORT Project Authors (see ) -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# License-Filename: LICENSE - -RUST_HOME="/opt/rust" -CARGO_HOME="${RUST_HOME}/cargo" -RUSTUP_HOME="${RUST_HOME}/rustup" -export RUST_HOME CARGO_HOME RUSTUP_HOME - -add_local_path "${CARGO_HOME}/bin" -add_local_path "${RUSTUP_HOME}/bin" diff --git a/docker/00-add_local_path.sh b/docker/set_apt_proxy.sh similarity index 75% rename from docker/00-add_local_path.sh rename to docker/set_apt_proxy.sh index b75e483a7677..eac34bde037d 100755 --- a/docker/00-add_local_path.sh +++ b/docker/set_apt_proxy.sh @@ -1,6 +1,6 @@ #!/bin/bash - -# Copyright (C) 2021 The ORT Project Authors (see ) +# +# Copyright (C) 2020 The ORT Project Authors (see ) # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,13 +17,11 @@ # SPDX-License-Identifier: Apache-2.0 # License-Filename: LICENSE -# Global functions -add_local_path () { - case ":${PATH:=$1}:" in - *:"$1":*) ;; - *) PATH="$1:$PATH" ;; - esac; +if [ -n "$http_proxy" ]; then + cat << EOF > /etc/apt/apt.conf.d/proxy.conf +Acquire { + HTTP::proxy "$http_proxy"; + HTTPS::proxy "$http_proxy"; } - -export -f add_local_path - +EOF +fi \ No newline at end of file diff --git a/scripts/docker_build.sh b/scripts/docker_build.sh index d748872b5ac0..f3dd58aa1fa3 100755 --- a/scripts/docker_build.sh +++ b/scripts/docker_build.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash -x # # Copyright (C) 2020 The ORT Project Authors (see ) # @@ -21,12 +21,13 @@ DOCKER_ARGS=$@ GIT_ROOT=$(git rev-parse --show-toplevel) GIT_REVISION=$(git describe --abbrev=10 --always --tags --dirty --match=[0-9]*) +PLATFORM="${PLATFORM:-linux/$(arch)}" echo "Setting ORT_VERSION to $GIT_REVISION." docker buildx build \ -f "$GIT_ROOT/Dockerfile" \ -t "${ORT_DOCKER_TAG:-ort}" \ --build-arg ORT_VERSION="$GIT_REVISION" \ - --platform linux/amd64 \ + --platform "$PLATFORM" \ $DOCKER_ARGS \ "$GIT_ROOT"