# virtualenv-install for 5.X FROM ubuntu:22.04 # Using 22.04 LTS Release ARG TZ="UTC" ARG LOCALE_TYPE=en_US.UTF-8 ARG RHODECODE_TYPE=Enterprise ARG RHODECODE_DB=sqlite ARG RHODECODE_USER_NAME=admin ARG RHODECODE_USER_PASS=secret4 ARG RHODECODE_USER_EMAIL=admin@server.local # env are runtime ENV \ TZ=${TZ} \ LOCALE_TYPE=${LOCALE_TYPE} \ \ ## Define type we build, and the instance we'll create RHODECODE_TYPE=${RHODECODE_TYPE} \ RC_TYPE_ID=enterprise-1 \ \ ## set DB, default sqlite RHODECODE_DB=${RHODECODE_DB} \ \ ## set app bootstrap required data RHODECODE_USER_NAME=${RHODECODE_USER_NAME} \ RHODECODE_USER_PASS=${RHODECODE_USER_PASS} \ RHODECODE_USER_EMAIL=${RHODECODE_USER_EMAIL} \ \ RC_USER=rhodecode \ \ # SVN CONFIG MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf \ MOD_DAV_SVN_PORT=8090 \ MOD_DAV_SVN_LOG_LEVEL=info \ MOD_DAV_CORE_MODULES_DIR=/home/rhodecode/apache2/modules \ MOD_DAV_SVN_MODULE=/home/rhodecode/subversion/libexec/mod_dav_svn.so \ \ # SSHD CONFIG SSHD_CONF_FILE=/etc/rhodecode/sshd_config \ \ SHARED_CONF_DIR=/etc/rhodecode/conf \ BUILD_CONF=/etc/rhodecode/conf_build \ BUILD_BIN_DIR=/usr/local/bin/rhodecode_bin \ RHODECODE_STATIC_DIR=/var/opt/rhodecode_static \ RHODECODE_DATA_DIR=/var/opt/rhodecode_data \ RHODECODE_REPO_DIR=/var/opt/rhodecode_repo_store \ RHODECODE_HTTP_PORT=10020 \ RHODECODE_VCS_PORT=10010 \ RHODECODE_HOST=0.0.0.0 \ RHODECODE_VCS_HOST=127.0.0.1 ENV SSH_DEPS \ openssh-server ENV SVN_DEPS \ "" ENV SVN_DEV_DEPS \ libtool automake autoconf libapr1-dev libaprutil1-dev libdb5.3-dev liblz4-dev libpcre3-dev \ libperl-dev libserf-dev libneon27-gnutls-dev libutf8proc-dev py3c-dev gettext tcl-dev ENV PYTHON_DEPS \ python3.11 ENV PYTHON_DEV_DEPS \ python3.11-dev build-essential libpq-dev libmysqlclient-dev libxmlsec1-dev libxml2-dev libsqlite3-dev \ liblzma-dev libzmq3-dev libldap2-dev libsasl2-dev libcurl4-openssl-dev libssl-dev libxslt-dev ENV EXTRA_DEPS \ vim rsync pkg-config openssl libbz2-1.0 libbz2-dev sqlite3 cpanminus libapr1 # define which deps from the above should be removed in cleanup phase ENV CLEANUP_DEPS \ $PYTHON_DEV_DEPS $SVN_DEV_DEPS ENV CLEANUP_DEPS "" # https://launchpad.net/~deadsnakes/+archive/ubuntu/ppa RUN \ echo "** install base packages && python 3.11.9 **" && \ set -eux; \ apt-get update; \ apt-get install -y ca-certificates curl openssl gpg; \ curl -fsSL https://keyserver.ubuntu.com/pks/lookup\?op\=get\&search\=0xba6932366a755776 | gpg --dearmor -o /usr/share/keyrings/python-3.gpg; \ echo "deb [signed-by=/usr/share/keyrings/python-3.gpg] https://ppa.launchpadcontent.net/deadsnakes/ppa/ubuntu jammy main" >> /etc/apt/sources.list; \ echo "deb-src [signed-by=/usr/share/keyrings/python-3.gpg] https://ppa.launchpadcontent.net/deadsnakes/ppa/ubuntu jammy main" >> /etc/apt/sources.list; \ \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ DEBIAN_FRONTEND="noninteractive" \ apt-get install -y --no-install-recommends \ tini \ bash \ binutils \ tzdata \ locales \ openssl \ curl \ sudo \ gosu \ bzip2 unzip \ $PYTHON_DEPS $PYTHON_DEV_DEPS\ $SSH_DEPS \ $SVN_DEPS $SVN_DEV_DEPS\ $EXTRA_DEPS \ ; \ rm -rf /var/lib/apt/lists/*; RUN \ echo "** Configure the locales **" && \ sed -i "s/^# ${LOCALE_TYPE}/${LOCALE_TYPE}/g" /etc/locale.gen && \ locale-gen # locale-archive is a fix for old nix glibc2.26 locales available ENV \ #LOCALE_ARCHIVE=/var/opt/locale-archive \ LANG=${LOCALE_TYPE} \ LANGUAGE=${LOCALE_TYPE} \ LC_ALL=${LOCALE_TYPE} # configure the system user # explicitly set uid/gid to guarantee that it won't change in the future # the values 999:999 are identical to the current user/group id assigned RUN \ echo "** Create system user $RC_USER **" && \ groupadd --system --gid 999 $RC_USER && \ useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER && \ usermod -G $RC_USER $RC_USER # Add new user docker to sudo group RUN \ adduser $RC_USER sudo # Ensure sudo group users are not # asked for a password when using # sudo command by ammending sudoers file RUN \ echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers # set the defult bash shell SHELL ["/bin/bash", "-c"] # Fix and set a timezone RUN \ echo "** configure the timezone **" && \ rm /etc/localtime && cp /usr/share/zoneinfo/$TZ /etc/localtime && \ echo $TZ > /etc/timezone RUN \ echo "** prepare rhodecode store and cache **" && \ install -d -m 0755 -o $RC_USER -g $RC_USER /opt/rhodecode && \ install -d -m 0755 -o $RC_USER -g $RC_USER /usr/local/bin/rhodecode_bin && \ install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_STATIC_DIR && \ install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_REPO_DIR && \ install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_DATA_DIR && \ install -d -m 0755 -o $RC_USER -g $RC_USER $BUILD_CONF && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/ && \ install -m 0755 -o $RC_USER -g $RC_USER /dev/null /home/$RC_USER/.rhoderc && \ install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/venv && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-vcsserver && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ce && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ee && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/cache && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/bootstrap && \ install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh # expose our custom sshd config COPY service/sshd/sshd_config $SSHD_CONF_FILE # change to non-root user for RUN commands USER $RC_USER WORKDIR /home/$RC_USER ENV \ VENV_PATH=/home/$RC_USER/venv ENV \ PYTHON_VERSION=python3.11 \ PYTHON_EXECUTABLE=/usr/bin/python3.11 \ PYTHON=$VENV_PATH/bin/python3.11 \ PIP_EXECUTABLE=$VENV_PATH/bin/pip \ # make venv application scripts visible PATH=$VENV_PATH/bin:/home/$RC_USER/.local/bin:$PATH # check new versions here: https://pypi.org/project/pip/ RUN \ echo "** get pip **" && \ curl -sSL https://bootstrap.pypa.io/get-pip.py -o get-pip.py && \ $PYTHON_EXECUTABLE get-pip.py \ --disable-pip-version-check \ --no-cache-dir \ --no-compile \ "pip==24.0" && \ rm get-pip.py RUN \ /home/$RC_USER/.local/bin/pip install --user virtualenv RUN \ /home/$RC_USER/.local/bin/virtualenv --python="$PYTHON_EXECUTABLE" $VENV_PATH && \ /home/$RC_USER/.local/bin/pip install --upgrade pip # swig install ENV \ RC_SWIG_VERSION=3.0.12 \ PATH=/usr/local/bin/:$PATH RUN \ echo "** install swig packages $RC_SWIG_VERSION **" && \ curl -L https://sourceforge.net/projects/swig/files/swig/swig-$RC_SWIG_VERSION/swig-$RC_SWIG_VERSION.tar.gz/download -o swig.tar.gz && \ tar xfz swig.tar.gz && rm swig.tar.gz && \ cd swig-$RC_SWIG_VERSION && \ ./configure --with-python=$PYTHON && \ make && \ sudo make install && \ cd ../ && sudo rm -rf swig-$RC_SWIG_VERSION # GIT Install ENV \ RC_GIT_VER=2.44.0 \ # make git scripts visible PATH=/home/$RC_USER/git/bin:$PATH RUN \ echo "** install git packages $RC_GIT_VER **" && \ curl -L https://www.kernel.org/pub/software/scm/git/git-$RC_GIT_VER.tar.gz -o git.tar.gz && \ tar xfz git.tar.gz && rm git.tar.gz && \ cd git-$RC_GIT_VER && \ ./configure --prefix=/home/$RC_USER/git && \ make NO_GETTEXT=yes NO_MSGFMT=yes && \ sudo make install && \ cd ../ && sudo rm -rf git-$RC_GIT_VER RUN \ echo "** install git symlinks **" && \ mkdir -p $BUILD_BIN_DIR/vcs_bin && \ sudo chown $RC_USER:$RC_USER /home/$RC_USER/git && \ ln -s /home/$RC_USER/git/bin/* $BUILD_BIN_DIR/vcs_bin/ # GIT LFS install # https://github.com/git-lfs/git-lfs/releases ENV \ RC_GIT_LFS_VER=3.4.1 \ PATH=/home/$RC_USER/git-lfs/bin:$PATH RUN \ echo "** install git LFS packages $RC_GIT_LFS_VER **" && \ curl -L https://github.com/git-lfs/git-lfs/releases/download/v$RC_GIT_LFS_VER/git-lfs-linux-amd64-v$RC_GIT_LFS_VER.tar.gz -o git_lfs.tar.gz && \ tar xfz git_lfs.tar.gz && rm git_lfs.tar.gz && \ mv git-lfs-$RC_GIT_LFS_VER git-lfs && \ rm -rf git-lfs/man && \ cd git-lfs && \ sudo PREFIX=/home/$RC_USER/git ./install.sh && \ rm install.sh README.md CHANGELOG.md RUN \ echo "** install git-lfs symlinks **" && \ mkdir -p $BUILD_BIN_DIR/vcs_bin && \ sudo chown $RC_USER:$RC_USER /home/$RC_USER/git-lfs && \ ln -s /home/$RC_USER/git-lfs/* $BUILD_BIN_DIR/vcs_bin/ # Apache2 install, check here for new versions: https://httpd.apache.org/ ENV \ RC_APACHE2_VER=2.4.59 \ # make apache scripts visible PATH=/home/$RC_USER/apache2/bin:$PATH RUN \ echo "** install Apache packages $RC_SVN_VER **" && \ curl -L https://archive.apache.org/dist/httpd/httpd-$RC_APACHE2_VER.tar.gz -o apache2.tar.gz && \ tar xfz apache2.tar.gz && rm apache2.tar.gz && \ cd httpd-$RC_APACHE2_VER && \ ./configure --prefix=/home/$RC_USER/apache2 --enable-mods-shared=reallyall --enable-dav --enable-authn-anon && \ make && \ make install && \ cd ../ && sudo rm -rf httpd-$RC_APACHE2_VER # custom SVN virtualhost COPY \ service/svn/virtualhost.conf /home/$RC_USER/apache2/conf/virtualhost.conf RUN \ echo "**** Apache config ****" && \ rm -rf /home/$RC_USER/apache2/htdocs && \ rm -rf /home/$RC_USER/apache2/icons && \ rm -rf /home/$RC_USER/apache2/manual && \ rm -rf /home/$RC_USER/apache2/man && \ sed -i "s/DocumentRoot/#DocumentRoot/g" /home/$RC_USER/apache2/conf/httpd.conf && \ sed -i "s/Listen 80/Listen ${MOD_DAV_SVN_PORT}/g" /home/$RC_USER/apache2/conf/httpd.conf && \ sed -i "s/#LoadModule dav_module modules\/mod_dav.so/LoadModule dav_module modules\/mod_dav.so/g" /home/$RC_USER/apache2/conf/httpd.conf && \ sed -i "s/User daemon/User ${RC_USER}/g" /home/$RC_USER/apache2/conf/httpd.conf && \ sed -i "s/Group daemon/Group ${RC_USER}/g" /home/$RC_USER/apache2/conf/httpd.conf && \ sed -i "s/ServerAdmin you@example.com/ServerAdmin admin@${HOSTNAME}/g" /home/$RC_USER/apache2/conf/httpd.conf && \ sed -i "s/ServerName buildkitsandbox/ServerName ${HOSTNAME}/g" /home/$RC_USER/apache2/conf/httpd.conf && \ sed -i "s/#Include conf\/extra\/httpd-vhosts.conf/Include conf\/virtualhost.conf/g" /home/$RC_USER/apache2/conf/httpd.conf # Subversion install # https://svn.apache.org/repos/asf/subversion/trunk/subversion/bindings/swig/INSTALL # new versions: https://subversion.apache.org/download.cgi # https://downloads.apache.org/subversion # https://svn.apache.org/repos/asf/subversion/trunk/CHANGES ENV \ RC_SVN_VER=1.14.3 \ SVN_PREFIX=/home/$RC_USER/subversion \ # make svn scripts visible PATH=/home/$RC_USER/subversion/bin:$PATH RUN \ echo "** install svn packages $RC_SVN_VER **" && \ curl -L https://downloads.apache.org/subversion/subversion-$RC_SVN_VER.tar.gz -o subversion.tar.gz && \ tar xfz subversion.tar.gz && rm subversion.tar.gz && \ cd subversion-$RC_SVN_VER && \ ./autogen.sh && \ ./configure --prefix=$SVN_PREFIX --with-apxs=/home/$RC_USER/apache2/bin/apxs --enable-mod-activation --with-swig=/usr/local/bin/swig && \ make && \ sudo make install && \ sudo make clean-swig-py && \ sudo make swig-py swig_pydir=$VENV_PATH/lib/$PYTHON_VERSION/site-packages/libsvn swig_pydir_extra=$VENV_PATH/lib/$PYTHON_VERSION/site-packages/svn && \ sudo make install-swig-py swig_pydir=$VENV_PATH/lib/$PYTHON_VERSION/site-packages/libsvn swig_pydir_extra=$VENV_PATH/lib/$PYTHON_VERSION/site-packages/svn && \ sudo ldconfig -v && \ cd ../ && sudo rm -rf subversion-$RC_SVN_VER RUN \ echo "** install svn symlinks **" && \ mkdir -p $BUILD_BIN_DIR/vcs_bin && \ sudo chown $RC_USER:$RC_USER /home/$RC_USER/subversion && \ echo $(strings $MOD_DAV_SVN_MODULE | grep 'Powered by') > $BUILD_BIN_DIR/vcs_bin/mod_dav_svn.version && \ ln -s /home/$RC_USER/subversion/bin/* $BUILD_BIN_DIR/vcs_bin/ #TODO: compile libgit2 #https://www.pygit2.org/install.html#advanced #ENV \ # RC_LIBGIT2_VER=1.14.2 \ # curl -L https://github.com/libgit2/libgit2/archive/refs/tags/v$RC_LIBGIT2_VER.tar.gz -o libgit2.tar.gz # tar xzf libgit2.tar.gz && rm libgit2.tar.gz # cd libgit2-$RC_LIBGIT2_VER/ # cmake . # make # sudo make install \ # ARG RHODECODE_VERSION=5.0.2 # env are runtime ENV \ ## SETUP ARGS FOR INSTALLATION ## ## set version we build on, get from .env or set default ver RHODECODE_VERSION=${RHODECODE_VERSION} RUN \ echo 'export PS1=">> rhodecode-docker-$RHODECODE_VERSION \W \$ "' | sudo tee -a /root/.bashrc && \ echo 'export PS1=">> rhodecode-docker-$RHODECODE_VERSION \W \$ "' | sudo tee -a /home/$RC_USER/.bashrc # Copy artifacts #COPY --chown=$RC_USER:$RC_USER .cache/locale-archive /var/opt/ COPY --chown=$RC_USER:$RC_USER config/_shared/rhodecode_enterprise.license /home/$RC_USER/.rccontrol/bootstrap/ COPY --chown=$RC_USER:$RC_USER service/rhodecode/bootstrap/* /home/$RC_USER/.rccontrol/bootstrap/ COPY --chown=$RC_USER:$RC_USER .source/ /home/$RC_USER/ # VCS RUN \ echo "** install vcsserver ${RHODECODE_VERSION} **" && \ $PIP_EXECUTABLE install --disable-pip-version-check --trusted-host pypi.python.org --no-cache-dir \ -r /home/$RC_USER/rhodecode-vcsserver/requirements.txt && \ $PIP_EXECUTABLE install /home/$RC_USER/rhodecode-vcsserver RUN \ #echo "** copy config of vcsserver ${RHODECODE_VERSION} **" && \ VCSSERVER_PATH=/home/$RC_USER/rhodecode-vcsserver && \ rsync -a $VENV_PATH/bin/ $BUILD_BIN_DIR/vcs_bin/ && \ cp -v ${VCSSERVER_PATH}/configs/production.ini $BUILD_CONF/vcsserver.ini && \ cp -v ${VCSSERVER_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf_vcs.py && \ echo "Done copy config of vcsserver" # CE RUN \ echo "** install rhodecode-ce ${RHODECODE_VERSION} **" && \ $PIP_EXECUTABLE install --disable-pip-version-check --trusted-host pypi.python.org --no-cache-dir \ -r /home/$RC_USER/rhodecode-enterprise-ce/requirements_rc_tools.txt \ -r /home/$RC_USER/rhodecode-enterprise-ce/requirements.txt && \ $PIP_EXECUTABLE install /home/$RC_USER/rhodecode-enterprise-ce RUN \ echo "** copy config of rhodecode-ce ${RHODECODE_VERSION} **" && \ RHODECODE_PATH=/home/$RC_USER/rhodecode-enterprise-ce && \ rsync -a $VENV_PATH/bin/ $BUILD_BIN_DIR/bin/ && \ cp -v ${RHODECODE_PATH}/configs/production.ini $BUILD_CONF/rhodecode.ini && \ cp -v ${RHODECODE_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf_rc.py && \ mkdir -p $RHODECODE_STATIC_DIR/static/ && cp -Rf /${RHODECODE_PATH}/rhodecode/public/* $RHODECODE_STATIC_DIR/static/ && chmod 755 -R $RHODECODE_STATIC_DIR/static/ && \ echo "Done copy config of rhodecode-ce" # EE RUN \ echo "** install rhodecode-ee ${RHODECODE_VERSION} **" && \ $PIP_EXECUTABLE install --disable-pip-version-check --trusted-host pypi.python.org --no-cache-dir \ -r /home/$RC_USER/rhodecode-enterprise-ee/requirements.txt && \ $PIP_EXECUTABLE install /home/$RC_USER/rhodecode-enterprise-ee RUN \ echo "** copy config of rhodecode-ee ${RHODECODE_VERSION} **" && \ RHODECODE_PATH=/home/$RC_USER/rhodecode-enterprise-ee && \ rsync -a $VENV_PATH/bin/ $BUILD_BIN_DIR/bin/ && \ cp -v ${RHODECODE_PATH}/configs/production.ini $BUILD_CONF/rhodecode.ini && \ cp -v ${RHODECODE_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf_rc.py && \ mkdir -p $RHODECODE_STATIC_DIR/static/ && cp -Rf /${RHODECODE_PATH}/rc_ee/public/* $RHODECODE_STATIC_DIR/static/ && chmod 755 -R $RHODECODE_STATIC_DIR/static/ && \ echo "Done copy config of rhodecode-ee" RUN \ echo "** STATIC FILE CHECK **" && \ find $RHODECODE_STATIC_DIR/static/ -type f -name "*.less" -delete && \ rm $RHODECODE_STATIC_DIR/static/js/scripts.js && \ /home/$RC_USER/rhodecode-enterprise-ce/rhodecode/tests/scripts/static-file-check.sh $RHODECODE_STATIC_DIR/static/ && \ echo "Done static file check" RUN \ echo "** cleanup of EE code **" && \ for out in "rc_ee" "rc_auth_plugins" "rc_chat" "rc_elasticsearch" "rc_integrations" "rc_license" "rc_reviewers"; do \ echo ; \ echo "cleanup of '$VENV_PATH/lib/$PYTHON_VERSION/site-packages/$out'"; \ rm -rf $VENV_PATH/lib/$PYTHON_VERSION/site-packages/$out/tests; \ rm -rf `find $VENV_PATH/lib/$PYTHON_VERSION/site-packages/$out -path "*__pycache__"`; \ rm -f `find $VENV_PATH/lib/$PYTHON_VERSION/site-packages/$out -type f \( -name "*.py" -o -name "*.c" \) -not -name "__init__.py" -not -path "*celerylib/tasks.py"`; \ rm -f `echo "\`find $VENV_PATH/lib/$PYTHON_VERSION/site-packages/$out -type f -name \"*.so\"\` " | sed -e "s/\.so[ \t]*/\.pyc /g"`; \ done USER root RUN \ echo "**** cleanup ****" && \ apt-get remove -y $CLEANUP_DEPS && \ apt-get autoclean -y && \ rm -rf /tmp/* && \ rm -rf /home/$RC_USER/.cache/pip && \ rm -f /home/$RC_USER/.rccontrol/cache/RhodeCode-* && \ rm -rf /var/lib/apt/lists/* && \ rm -rf /var/cache/apk/* && \ rm -f ${SUPERVISOR_CONF} && \ echo "Done cleanup" RUN \ echo "**** cleanup source ****" && \ rm -rf /home/$RC_USER/*.sh && \ rm -rf /home/$RC_USER/rhodecode-vcsserver && \ rm -rf /home/$RC_USER/rhodecode-enterprise-ce && \ rm -rf /home/$RC_USER/rhodecode-enterprise-ee && \ echo "Done cleanup source" # copy entrypoints COPY entrypoints.d/entrypoint.sh /opt/entrypoints.d/entrypoint.sh RUN chmod +x /opt/entrypoints.d/entrypoint.sh # config volume VOLUME /etc/rhodecode/conf # repo store volume VOLUME /var/opt/rhodecode_repo_store # data volume VOLUME /var/opt/rhodecode_data ENTRYPOINT ["/opt/entrypoints.d/entrypoint.sh"] # Tag images with commit references... ARG VCS_SHA="stable" ARG CE_SHA="stable" ARG EE_SHA="stable" LABEL org.label-schema.vcs-ref.vcsserver.ce="$VCS_SHA" org.label-schema.vcs-ref.rhodecode.ce="$CE_SHA" org.label-schema.vcs-ref.rhodecode.ee="$EE_SHA" # compose can override this CMD [ "$BUILD_BIN_DIR/bin/gunicorn", "--error-logfile=-", "--paster=/etc/rhodecode/conf_build/rhodecode.ini", "--config=/etc/rhodecode/conf_build/gunicorn_conf_rc.py" ]