650392c700
base and builder are currently pinned to 3.7, which makes it hard to consider upgrading to python-3.8. To help with that, make python-3.7 and python-3.8 images, but point latest as 3.7 for the time being. Then add version-specific provides and FROM lines so that we can start being deliberate and clear about our version choice. Change-Id: Ibf1d846d5c4a005547785124567ce2900e272a7a
72 lines
2.4 KiB
Docker
72 lines
2.4 KiB
Docker
# Copyright (c) 2019 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
FROM docker.io/opendevorg/python-builder:3.7 as builder
|
|
|
|
COPY . /tmp/src
|
|
RUN assemble
|
|
|
|
FROM docker.io/library/openjdk:8
|
|
|
|
RUN echo 'APT::Install-Recommends "0";' > /etc/apt/apt.conf.d/95disable-recommends
|
|
|
|
# libcgi-pm-perl is for gitweb
|
|
RUN apt-get update \
|
|
&& apt-get install -y dumb-init python3-launchpadlib python3-distutils \
|
|
wget unzip libcgi-pm-perl \
|
|
&& apt-get clean \
|
|
&& rm -rf /var/lib/apt/lists/* \
|
|
&& curl https://bootstrap.pypa.io/get-pip.py > /tmp/get-pip.py \
|
|
&& python3 /tmp/get-pip.py \
|
|
&& rm /tmp/get-pip.py
|
|
|
|
COPY --from=builder /output/ /output
|
|
RUN /output/install-from-bindep
|
|
|
|
# 3000 is what the existing opendev gerrit2 uid is
|
|
RUN addgroup gerrit --gid 3000 --system \
|
|
&& adduser \
|
|
--system \
|
|
--uid 3000 \
|
|
--home /var/gerrit \
|
|
--shell /bin/bash \
|
|
--ingroup gerrit \
|
|
gerrit
|
|
|
|
USER gerrit
|
|
RUN mkdir /var/gerrit/bin \
|
|
&& mkdir /var/gerrit/hooks \
|
|
&& mkdir /var/gerrit/static
|
|
|
|
# Download mysql-connector so that gerrit doens't download it during init.
|
|
RUN mkdir /var/gerrit/lib && \
|
|
wget https://repo1.maven.org/maven2/mysql/mysql-connector-java/5.1.43/mysql-connector-java-5.1.43.jar -O /var/gerrit/lib/mysql-connector-java.jar
|
|
|
|
# Allow incoming traffic
|
|
EXPOSE 29418 8080
|
|
|
|
VOLUME /var/gerrit/git /var/gerrit/index /var/gerrit/cache /var/gerrit/db /var/gerrit/etc /var/log/gerrit /var/gerrit/tmp
|
|
|
|
RUN ln -s /var/log/gerrit /var/gerrit/logs
|
|
|
|
# container.javaOptions
|
|
# Also include container.heapLimit - but with -Xmx prefixing it
|
|
ENV JAVA_OPTIONS ""
|
|
|
|
# Ulimits should be set on command line or in docker-compose.yaml
|
|
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
|
# The /dev/./urandom is not a typo. https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for
|
|
CMD /usr/local/openjdk-8/bin/java -Djava.security.egd=file:/dev/./urandom ${JAVA_OPTIONS} -jar /var/gerrit/bin/gerrit.war daemon -d /var/gerrit
|