rhodecode_4_source.dockerfile
340 lines
| 12.4 KiB
| text/plain
|
DockerLexer
r290 | # source-nix-install | |||
r191 | ||||
r15 | FROM ubuntu:22.04 | |||
# Using 22.04 LTS Release | ||||
r290 | MAINTAINER RhodeCode Inc. <support@rhodecode.com> | |||
r5 | ||||
ARG TZ="UTC" | ||||
ARG LOCALE_TYPE=en_US.UTF-8 | ||||
ARG RHODECODE_TYPE=Enterprise | ||||
r56 | ||||
r23 | ARG RHODECODE_VERSION=4.28.0 | |||
r5 | ||||
ARG RHODECODE_DB=sqlite | ||||
ARG RHODECODE_USER_NAME=admin | ||||
ARG RHODECODE_USER_PASS=secret4 | ||||
r24 | ARG RHODECODE_USER_EMAIL=admin@server.local | |||
r5 | ||||
# nix ver/channels | ||||
ARG DEV_NIX_VERSION=2.0.4 | ||||
ARG DEV_NIX_CHANNEL=nixos-18.03 | ||||
# env are runtime | ||||
ENV \ | ||||
TZ=${TZ} \ | ||||
LOCALE_TYPE=${LOCALE_TYPE} \ | ||||
\ | ||||
## Define type we build, and the instance we'll create | ||||
RHODECODE_TYPE=${RHODECODE_TYPE} \ | ||||
RC_TYPE_ID=enterprise-1 \ | ||||
\ | ||||
## SETUP ARGS FOR INSTALLATION ## | ||||
## set version we build on, get from .env or set default ver | ||||
RHODECODE_VERSION=${RHODECODE_VERSION} \ | ||||
\ | ||||
## set DB, default sqlite | ||||
RHODECODE_DB=${RHODECODE_DB} \ | ||||
\ | ||||
## set app bootstrap required data | ||||
RHODECODE_USER_NAME=${RHODECODE_USER_NAME} \ | ||||
RHODECODE_USER_PASS=${RHODECODE_USER_PASS} \ | ||||
RHODECODE_USER_EMAIL=${RHODECODE_USER_EMAIL} \ | ||||
\ | ||||
RC_USER=rhodecode \ | ||||
\ | ||||
# SVN CONFIG | ||||
MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf \ | ||||
MOD_DAV_SVN_PORT=8090 \ | ||||
r281 | MOD_DAV_SVN_LOG_LEVEL=info \ | |||
r191 | MOD_DAV_CORE_MODULES_DIR=/usr/lib/apache2/modules \ | |||
MOD_DAV_SVN_MODULE=/usr/lib/apache2/modules/mod_dav_svn.so \ | ||||
r5 | \ | |||
# SSHD CONFIG | ||||
SSHD_CONF_FILE=/etc/rhodecode/sshd_config \ | ||||
\ | ||||
r23 | SHARED_CONF_DIR=/etc/rhodecode/conf \ | |||
r5 | BUILD_CONF=/etc/rhodecode/conf_build \ | |||
r23 | BUILD_BIN_DIR=/usr/local/bin/rhodecode_bin \ | |||
r5 | RHODECODE_DATA_DIR=/var/opt/rhodecode_data \ | |||
RHODECODE_REPO_DIR=/var/opt/rhodecode_repo_store \ | ||||
RHODECODE_HTTP_PORT=10020 \ | ||||
RHODECODE_VCS_PORT=10010 \ | ||||
RHODECODE_HOST=0.0.0.0 \ | ||||
RHODECODE_VCS_HOST=127.0.0.1 | ||||
ENV \ | ||||
# make application scripts visible | ||||
r191 | PATH=$PATH:/home/$RC_USER/.rccontrol-profile/bin \ | |||
RCCONTROL=/home/$RC_USER/.rccontrol-profile/bin/rccontrol \ | ||||
SUPERVISOR_CONF=/home/$RC_USER/.rccontrol/supervisor/supervisord.ini | ||||
r5 | ||||
ENV SVN_LOCALE_DEPS apache2 apache2-utils libapache2-mod-svn | ||||
ENV SSH_LOCALE_DEPS openssh-server | ||||
ENV PYTHON_DEPS python2 | ||||
r24 | ENV EXTRA_DEPS "" | |||
r5 | ||||
ENV \ | ||||
NIX_BLD_USER=nixbld \ | ||||
r8 | NIX_PATH=/nix/var/nix/profiles/per-user/$RC_USER/channels \ | |||
r56 | NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \ | |||
PATH=$PATH:/nix/var/nix/profiles/per-user/$RC_USER/profile/bin:/home/$RC_USER/rhodecode-enterprise-ee/profile/bin | ||||
r5 | ||||
RUN \ | ||||
echo "** install base packages **" && \ | ||||
set -eux; \ | ||||
\ | ||||
savedAptMark="$(apt-mark showmanual)"; \ | ||||
apt-get update; \ | ||||
DEBIAN_FRONTEND="noninteractive" \ | ||||
apt-get install -y --no-install-recommends \ | ||||
tini \ | ||||
bash \ | ||||
binutils \ | ||||
tzdata \ | ||||
locales \ | ||||
openssl \ | ||||
curl \ | ||||
sudo \ | ||||
gosu \ | ||||
r191 | bzip2 unzip \ | |||
r5 | ca-certificates \ | |||
$PYTHON_DEPS \ | ||||
$SSH_LOCALE_DEPS \ | ||||
$SVN_LOCALE_DEPS \ | ||||
$EXTRA_DEPS \ | ||||
; \ | ||||
rm -rf /var/lib/apt/lists/*; | ||||
RUN \ | ||||
echo "** Configure the python executable for py2/3 compat **" && \ | ||||
r23 | IS_PY=$(which python3 || which python2) && \ | |||
if [ -n $IS_PY ] ; then ln -s $IS_PY /usr/bin/python ; fi | ||||
r5 | ||||
RUN \ | ||||
echo "** Configure the locales **" && \ | ||||
sed -i "s/^# ${LOCALE_TYPE}/${LOCALE_TYPE}/g" /etc/locale.gen && \ | ||||
locale-gen | ||||
r191 | RUN \ | |||
echo "Fix python link" && \ | ||||
ln -fs /usr/lib/python2.7/plat-x86_64-linux-gnu/_sysconfigdata_nd.py /usr/lib/python2.7/ | ||||
r5 | # locale-archive is a fix for old nix glibc2.26 locales available | |||
ENV \ | ||||
LOCALE_ARCHIVE=/var/opt/locale-archive \ | ||||
LANG=${LOCALE_TYPE} \ | ||||
LANGUAGE=${LOCALE_TYPE} \ | ||||
LC_ALL=${LOCALE_TYPE} | ||||
# configure the system user | ||||
# explicitly set uid/gid to guarantee that it won't change in the future | ||||
# the values 999:999 are identical to the current user/group id assigned | ||||
RUN \ | ||||
echo "** Create system user $RC_USER **" && \ | ||||
groupadd --system --gid 999 $RC_USER && \ | ||||
useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER && \ | ||||
usermod -G $RC_USER $RC_USER | ||||
RUN \ | ||||
echo "** Create nix-build user $NIX_BLD_USER **" && \ | ||||
groupadd --system --gid 1099 $NIX_BLD_USER && \ | ||||
useradd --system --gid $NIX_BLD_USER --uid 1099 --shell /bin/bash $NIX_BLD_USER && \ | ||||
usermod -G $NIX_BLD_USER $NIX_BLD_USER | ||||
RUN \ | ||||
echo "** disable nix sandboxing **" && \ | ||||
mkdir /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf | ||||
# set the defult bash shell | ||||
SHELL ["/bin/bash", "-c"] | ||||
# Fix and set a timezone | ||||
RUN \ | ||||
r191 | echo "** configure the timezone **" && \ | |||
rm /etc/localtime && cp /usr/share/zoneinfo/$TZ /etc/localtime && \ | ||||
echo $TZ > /etc/timezone | ||||
r5 | ||||
RUN \ | ||||
r191 | echo "** prepare rhodecode store and cache **" && \ | |||
r5 | install -d -m 0700 -o $RC_USER -g $RC_USER /nix && \ | |||
install -d -m 0755 -o $RC_USER -g $RC_USER /opt/rhodecode && \ | ||||
r23 | install -d -m 0755 -o $RC_USER -g $RC_USER /usr/local/bin/rhodecode_bin && \ | |||
r5 | install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_REPO_DIR && \ | |||
install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_DATA_DIR && \ | ||||
install -d -m 0755 -o $RC_USER -g $RC_USER $BUILD_CONF && \ | ||||
r8 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-vcsserver && \ | |||
install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ce && \ | ||||
install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ee && \ | ||||
r5 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/ && \ | |||
install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol && \ | ||||
install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/cache && \ | ||||
install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/bootstrap && \ | ||||
r23 | install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh && \ | |||
install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.rhoderc | ||||
r5 | ||||
# expose our custom sshd config | ||||
COPY service/sshd/sshd_config $SSHD_CONF_FILE | ||||
# Apache SVN setup | ||||
RUN \ | ||||
echo "**** Apache config cleanup ****" && \ | ||||
rm -f /etc/apache2/conf.d/info.conf \ | ||||
/etc/apache2/conf.d/mpm.conf \ | ||||
/etc/apache2/conf.d/userdir.conf && \ | ||||
rm -f /etc/apache2/sites-enabled/* && \ | ||||
rm -f /etc/apache2/sites-available/* | ||||
# custom SVN virtualhost | ||||
COPY service/svn/virtualhost.conf /etc/apache2/sites-enabled/ | ||||
RUN \ | ||||
echo "**** Apache config ****" && \ | ||||
echo $(strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \ | ||||
mkdir -p /run/apache2 && \ | ||||
mkdir -p /var/opt/www && \ | ||||
echo "unset HOME" > /etc/apache2/envvars && \ | ||||
echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ | ||||
echo "export APACHE_PID_FILE=/var/run/apache2/apache2.pid" >> /etc/apache2/envvars && \ | ||||
echo "export APACHE_RUN_DIR=/var/run/apache2" >> /etc/apache2/envvars && \ | ||||
echo "export APACHE_LOCK_DIR=/var/lock/apache2" >> /etc/apache2/envvars && \ | ||||
echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ | ||||
echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \ | ||||
sed -i "s/Listen 80/Listen ${MOD_DAV_SVN_PORT}/g" /etc/apache2/ports.conf | ||||
# Copy artifacts | ||||
r23 | ||||
r143 | COPY --chown=$RC_USER:$RC_USER .cache/locale-archive /var/opt/ | |||
COPY --chown=$RC_USER:$RC_USER .cache/RhodeCode* /home/$RC_USER/.rccontrol/cache/ | ||||
r23 | COPY --chown=$RC_USER:$RC_USER config/_shared/rhodecode_enterprise.license /home/$RC_USER/.rccontrol/bootstrap/ | |||
r5 | COPY --chown=$RC_USER:$RC_USER service/rhodecode/bootstrap/* /home/$RC_USER/.rccontrol/bootstrap/ | |||
r143 | COPY --chown=$RC_USER:$RC_USER .source/ /home/$RC_USER/ | |||
r5 | ||||
r24 | ||||
r23 | RUN \ | |||
echo "** prepare rhodecode dirs **" && \ | ||||
install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/vcsserver-1 && \ | ||||
install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/community-1 && \ | ||||
install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/enterprise-1 && \ | ||||
r24 | echo "Done rhodecode dirs" | |||
r5 | ||||
# change to non-root user for RUN commands | ||||
USER $RC_USER | ||||
WORKDIR /home/$RC_USER | ||||
r143 | RUN \ | |||
echo "** save nix config **" && \ | ||||
touch /home/$RC_USER/.rhoderc && \ | ||||
mkdir -p /home/$RC_USER/.nixpkgs && touch /home/$RC_USER/.nixpkgs/config.nix && \ | ||||
printf '{\n rc = {\n sources = {\n rhodecode-vcsserver = "/home/'$RC_USER'/rhodecode-vcsserver";\n rhodecode-enterprise-ce = "/home/'$RC_USER'/rhodecode-enterprise-ce";\n rhodecode-enterprise-ee = "/home/'$RC_USER'/rhodecode-enterprise-ee";\n };\n };\n}\n' > /home/$RC_USER/.nixpkgs/config.nix | ||||
r8 | ||||
r5 | RUN \ | |||
r8 | echo "** download and install nix ** from $DEV_NIX_VERSION/install" && \ | |||
r24 | curl -L https://releases.nixos.org/nix/nix-$DEV_NIX_VERSION/install | USER=$RC_USER /bin/bash && \ | |||
echo "Done nix install" | ||||
r5 | ||||
RUN \ | ||||
echo "** update nix package database and set channel to $DEV_NIX_CHANNEL **" && \ | ||||
. /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ | ||||
r8 | nix-channel --add https://channels.nixos.org/$DEV_NIX_CHANNEL nixpkgs && \ | |||
r24 | nix-channel --update && \ | |||
echo "done nix package updates" | ||||
r5 | ||||
RUN \ | ||||
echo "** install rhodecode control **" && \ | ||||
# cd /home/$RC_USER/.rccontrol/cache && \ | ||||
# INSTALLER=$(ls -Art /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* | tail -n 1) && \ | ||||
# chmod +x ${INSTALLER} && \ | ||||
# ${INSTALLER} --accept-license && \ | ||||
# ${RCCONTROL} self-init && \ | ||||
# cp -v /home/$RC_USER/.rccontrol-profile/etc/ca-bundle.crt $BUILD_CONF/ && \ | ||||
r23 | echo "Done installing rhodecode control" | |||
r5 | ||||
RUN \ | ||||
r23 | echo "** install vcsserver ${RHODECODE_VERSION} **" && \ | |||
r5 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ | |||
r23 | nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link /home/$RC_USER/.rccontrol/vcsserver-1/profile rhodecode-vcsserver/default.nix && \ | |||
nix-shell --command 'echo COMMAND FROM NIX-SHELL TEST' rhodecode-vcsserver/default.nix && \ | ||||
r191 | echo "Done installing vcsserver" | |||
RUN \ | ||||
echo "** copy config of vcsserver ${RHODECODE_VERSION} **" && \ | ||||
r5 | VCSSERVER_PATH=/home/$RC_USER/rhodecode-vcsserver && \ | |||
r23 | rm -rf $BUILD_BIN_DIR/vcs_bin && \ | |||
cp -rv --preserve=links /home/$RC_USER/.rccontrol/vcsserver-1/profile/bin $BUILD_BIN_DIR/vcs_bin && \ | ||||
cp -v ${VCSSERVER_PATH}/configs/production.ini $BUILD_CONF/vcsserver.ini && \ | ||||
cp -v ${VCSSERVER_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf_vcs.py && \ | ||||
r191 | echo "Done copy config of vcsserver" | |||
r5 | ||||
RUN \ | ||||
echo "** install build Community ${RHODECODE_VERSION} **" && \ | ||||
. /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ | ||||
echo "done" | ||||
RUN \ | ||||
r23 | echo "** install rhodecode ${RHODECODE_VERSION} **" && \ | |||
r5 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ | |||
r23 | nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link /home/$RC_USER/.rccontrol/enterprise-1/profile rhodecode-enterprise-ee/default.nix && \ | |||
r5 | nix-shell --command 'echo ok' rhodecode-enterprise-ee/default.nix && \ | |||
r191 | echo "Done installing rhodecode" | |||
RUN \ | ||||
echo "** copy config of rhodecode ${RHODECODE_VERSION} **" && \ | ||||
r5 | RHODECODE_PATH=/home/$RC_USER/rhodecode-enterprise-ee && \ | |||
r23 | rm -rf $BUILD_BIN_DIR/bin && \ | |||
cp -rv --preserve=links /home/$RC_USER/.rccontrol/enterprise-1/profile/bin $BUILD_BIN_DIR/ && \ | ||||
r5 | cp -v ${RHODECODE_PATH}/configs/production.ini $BUILD_CONF/rhodecode.ini && \ | |||
r24 | cp -v ${RHODECODE_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf_rc.py && \ | |||
r23 | mkdir -p $RHODECODE_DATA_DIR/static && cp -r /home/$RC_USER/.rccontrol/enterprise-1/profile/etc/static/* $RHODECODE_DATA_DIR/static/ && \ | |||
r191 | echo "Done copy config of rhodecode" | |||
r5 | ||||
r143 | #RUN \ | |||
#echo "** configure supervisord **" && \ | ||||
# cp -v ${SUPERVISOR_CONF} $BUILD_CONF/ && \ | ||||
# sed -i "s/self_managed_supervisor = False/self_managed_supervisor = True/g" /home/$RC_USER/.rccontrol.ini && \ | ||||
# echo "Done installing supervisord" | ||||
r5 | ||||
USER root | ||||
RUN \ | ||||
echo "**** cleanup ****" && \ | ||||
apt-get remove -y $PYTHON_DEPS && \ | ||||
apt-get autoclean -y && \ | ||||
rm -f /tmp/* && \ | ||||
r143 | rm -f /home/$RC_USER/.rccontrol/cache/RhodeCode-* && \ | |||
r23 | rm -rf /var/lib/apt/lists/* && \ | |||
rm -rf /var/cache/apk/* && \ | ||||
rm -f ${SUPERVISOR_CONF} && \ | ||||
r56 | echo "Done cleanup" | |||
RUN \ | ||||
echo "**** cleanup source ****" && \ | ||||
r23 | rm -rf /home/$RC_USER/rhodecode-vcsserver && \ | |||
rm -rf /home/$RC_USER/rhodecode-enterprise-ce && \ | ||||
rm -rf /home/$RC_USER/rhodecode-enterprise-ee && \ | ||||
r56 | echo "Done cleanup source" | |||
r5 | ||||
# copy entrypoints | ||||
COPY entrypoints.d/entrypoint.sh /opt/entrypoints.d/entrypoint.sh | ||||
r23 | ||||
r5 | RUN chmod +x /opt/entrypoints.d/entrypoint.sh | |||
# config volume | ||||
VOLUME /etc/rhodecode/conf | ||||
# repo store volume | ||||
VOLUME /var/opt/rhodecode_repo_store | ||||
# data volume | ||||
VOLUME /var/opt/rhodecode_data | ||||
ENTRYPOINT ["/opt/entrypoints.d/entrypoint.sh"] | ||||
# compose can override this | ||||
r56 | CMD [ "$BUILD_BIN_DIR/bin/gunicorn", "--error-logfile=-", "--paster=/etc/rhodecode/conf_build/rhodecode.ini", "--config=/etc/rhodecode/conf_build/gunicorn_conf_rc.py" ] | |||