FROM ubuntu:22.04 # Using 22.04 LTS Release MAINTAINER RhodeCode Inc. ARG TZ="UTC" ARG LOCALE_TYPE=en_US.UTF-8 ARG RHODECODE_TYPE=Enterprise # source-install ARG RHODECODE_VERSION=4.28.0 ARG RHODECODE_DB=sqlite ARG RHODECODE_USER_NAME=admin ARG RHODECODE_USER_PASS=secret4 ARG RHODECODE_USER_EMAIL=support@rhodecode.com # nix ver/channels ARG DEV_NIX_VERSION=2.0.4 ARG DEV_NIX_CHANNEL=nixos-18.03 # env are runtime ENV \ TZ=${TZ} \ LOCALE_TYPE=${LOCALE_TYPE} \ \ ## Define type we build, and the instance we'll create RHODECODE_TYPE=${RHODECODE_TYPE} \ RC_TYPE_ID=enterprise-1 \ \ ## SETUP ARGS FOR INSTALLATION ## ## set version we build on, get from .env or set default ver RHODECODE_VERSION=${RHODECODE_VERSION} \ \ ## set DB, default sqlite RHODECODE_DB=${RHODECODE_DB} \ \ ## set app bootstrap required data RHODECODE_USER_NAME=${RHODECODE_USER_NAME} \ RHODECODE_USER_PASS=${RHODECODE_USER_PASS} \ RHODECODE_USER_EMAIL=${RHODECODE_USER_EMAIL} \ \ RC_USER=rhodecode \ \ # SVN CONFIG MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf \ MOD_DAV_SVN_PORT=8090 \ \ # SSHD CONFIG SSHD_CONF_FILE=/etc/rhodecode/sshd_config \ \ SHARED_CONF_DIR=/etc/rhodecode/conf \ BUILD_CONF=/etc/rhodecode/conf_build \ BUILD_BIN_DIR=/usr/local/bin/rhodecode_bin \ RHODECODE_DATA_DIR=/var/opt/rhodecode_data \ RHODECODE_REPO_DIR=/var/opt/rhodecode_repo_store \ RHODECODE_HTTP_PORT=10020 \ RHODECODE_VCS_PORT=10010 \ RHODECODE_HOST=0.0.0.0 \ RHODECODE_VCS_HOST=127.0.0.1 ENV \ RCCONTROL=/home/$RC_USER/.rccontrol-profile/bin/rccontrol \ SUPERVISOR_CONF=/home/$RC_USER/.rccontrol/supervisor/supervisord.ini \ # make application scripts visible PATH=$PATH:/home/$RC_USER/.rccontrol-profile/bin ENV SVN_LOCALE_DEPS apache2 apache2-utils libapache2-mod-svn ENV SSH_LOCALE_DEPS openssh-server ENV PYTHON_DEPS python2 ENV EXTRA_DEPS "" ENV \ PATH=$PATH:/nix/var/nix/profiles/per-user/$RC_USER/profile/bin:/home/$RC_USER/rhodecode-enterprise-ee/profile/bin \ NIX_BLD_USER=nixbld \ NIX_PATH=/nix/var/nix/profiles/per-user/$RC_USER/channels \ NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt RUN \ echo "** install base packages **" && \ set -eux; \ \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ DEBIAN_FRONTEND="noninteractive" \ apt-get install -y --no-install-recommends \ tini \ bash \ binutils \ tzdata \ locales \ openssl \ curl \ sudo \ gosu \ bzip2 \ ca-certificates \ $PYTHON_DEPS \ $SSH_LOCALE_DEPS \ $SVN_LOCALE_DEPS \ $EXTRA_DEPS \ ; \ rm -rf /var/lib/apt/lists/*; RUN \ echo "** Configure the python executable for py2/3 compat **" && \ IS_PY=$(which python3 || which python2) && \ if [ -n $IS_PY ] ; then ln -s $IS_PY /usr/bin/python ; fi RUN \ echo "** Configure the locales **" && \ sed -i "s/^# ${LOCALE_TYPE}/${LOCALE_TYPE}/g" /etc/locale.gen && \ locale-gen # locale-archive is a fix for old nix glibc2.26 locales available ENV \ LOCALE_ARCHIVE=/var/opt/locale-archive \ LANG=${LOCALE_TYPE} \ LANGUAGE=${LOCALE_TYPE} \ LC_ALL=${LOCALE_TYPE} # configure the system user # explicitly set uid/gid to guarantee that it won't change in the future # the values 999:999 are identical to the current user/group id assigned RUN \ echo "** Create system user $RC_USER **" && \ groupadd --system --gid 999 $RC_USER && \ useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER && \ usermod -G $RC_USER $RC_USER RUN \ echo "** Create nix-build user $NIX_BLD_USER **" && \ groupadd --system --gid 1099 $NIX_BLD_USER && \ useradd --system --gid $NIX_BLD_USER --uid 1099 --shell /bin/bash $NIX_BLD_USER && \ usermod -G $NIX_BLD_USER $NIX_BLD_USER RUN \ echo "** disable nix sandboxing **" && \ mkdir /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf # set the defult bash shell SHELL ["/bin/bash", "-c"] # Fix and set a timezone RUN \ echo "** configure the timezone **" && \ rm /etc/localtime && cp /usr/share/zoneinfo/$TZ /etc/localtime && \ echo $TZ > /etc/timezone RUN \ echo "** prepare rhodecode store and cache **" && \ install -d -m 0700 -o $RC_USER -g $RC_USER /nix && \ install -d -m 0755 -o $RC_USER -g $RC_USER /opt/rhodecode && \ install -d -m 0755 -o $RC_USER -g $RC_USER /usr/local/bin/rhodecode_bin && \ install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_REPO_DIR && \ install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_DATA_DIR && \ install -d -m 0755 -o $RC_USER -g $RC_USER $BUILD_CONF && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-vcsserver && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ce && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ee && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/ && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/cache && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/bootstrap && \ install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh && \ install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.rhoderc # expose our custom sshd config COPY service/sshd/sshd_config $SSHD_CONF_FILE # Apache SVN setup RUN \ echo "**** Apache config cleanup ****" && \ rm -f /etc/apache2/conf.d/info.conf \ /etc/apache2/conf.d/mpm.conf \ /etc/apache2/conf.d/userdir.conf && \ rm -f /etc/apache2/sites-enabled/* && \ rm -f /etc/apache2/sites-available/* # custom SVN virtualhost COPY service/svn/virtualhost.conf /etc/apache2/sites-enabled/ RUN \ echo "**** Apache config ****" && \ echo $(strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \ mkdir -p /run/apache2 && \ mkdir -p /var/opt/www && \ echo "unset HOME" > /etc/apache2/envvars && \ echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ echo "export APACHE_PID_FILE=/var/run/apache2/apache2.pid" >> /etc/apache2/envvars && \ echo "export APACHE_RUN_DIR=/var/run/apache2" >> /etc/apache2/envvars && \ echo "export APACHE_LOCK_DIR=/var/lock/apache2" >> /etc/apache2/envvars && \ echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \ sed -i "s/Listen 80/Listen ${MOD_DAV_SVN_PORT}/g" /etc/apache2/ports.conf # Copy artifacts COPY --chown=$RC_USER:$RC_USER .cache/* /home/$RC_USER/.rccontrol/cache/ COPY --chown=$RC_USER:$RC_USER config/_shared/rhodecode_enterprise.license /home/$RC_USER/.rccontrol/bootstrap/ COPY --chown=$RC_USER:$RC_USER service/rhodecode/bootstrap/* /home/$RC_USER/.rccontrol/bootstrap/ COPY --chown=$RC_USER:$RC_USER .source/ /home/$RC_USER/ RUN \ echo "** prepare rhodecode dirs **" && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/vcsserver-1 && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/community-1 && \ install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/enterprise-1 && \ RUN \ echo "**** locale-archive path ****" && \ mv -v /home/$RC_USER/.rccontrol/cache/locale-archive /var/opt/locale-archive # change to non-root user for RUN commands USER $RC_USER WORKDIR /home/$RC_USER RUN \ echo "** download and install nix ** from $DEV_NIX_VERSION/install" && \ curl -L https://releases.nixos.org/nix/nix-$DEV_NIX_VERSION/install | USER=$RC_USER /bin/bash RUN \ echo "** update nix package database and set channel to $DEV_NIX_CHANNEL **" && \ . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ nix-channel --add https://channels.nixos.org/$DEV_NIX_CHANNEL nixpkgs && \ nix-channel --update RUN \ echo "** save nix config **" && \ touch /home/$RC_USER/.rhoderc && \ mkdir -p /home/$RC_USER/.nixpkgs && touch /home/$RC_USER/.nixpkgs/config.nix && \ printf '{\n rc = {\n sources = {\n rhodecode-vcsserver = "/home/'$RC_USER'/rhodecode-vcsserver";\n rhodecode-enterprise-ce = "/home/'$RC_USER'/rhodecode-enterprise-ce";\n rhodecode-enterprise-ee = "/home/'$RC_USER'/rhodecode-enterprise-ee";\n };\n };\n}\n' > /home/$RC_USER/.nixpkgs/config.nix RUN \ echo "** install rhodecode control **" && \ # cd /home/$RC_USER/.rccontrol/cache && \ # INSTALLER=$(ls -Art /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* | tail -n 1) && \ # chmod +x ${INSTALLER} && \ # ${INSTALLER} --accept-license && \ # ${RCCONTROL} self-init && \ # cp -v /home/$RC_USER/.rccontrol-profile/etc/ca-bundle.crt $BUILD_CONF/ && \ echo "Done installing rhodecode control" RUN \ echo "** install vcsserver ${RHODECODE_VERSION} **" && \ . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link /home/$RC_USER/.rccontrol/vcsserver-1/profile rhodecode-vcsserver/default.nix && \ nix-shell --command 'echo COMMAND FROM NIX-SHELL TEST' rhodecode-vcsserver/default.nix && \ VCSSERVER_PATH=/home/$RC_USER/rhodecode-vcsserver && \ rm -rf $BUILD_BIN_DIR/vcs_bin && \ cp -rv --preserve=links /home/$RC_USER/.rccontrol/vcsserver-1/profile/bin $BUILD_BIN_DIR/vcs_bin && \ cp -v ${VCSSERVER_PATH}/configs/production.ini $BUILD_CONF/vcsserver.ini && \ cp -v ${VCSSERVER_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf_vcs.py && \ echo "Done installing vcsserver" RUN \ echo "** install build Community ${RHODECODE_VERSION} **" && \ . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ echo "done" RUN \ echo "** install rhodecode ${RHODECODE_VERSION} **" && \ . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link /home/$RC_USER/.rccontrol/enterprise-1/profile rhodecode-enterprise-ee/default.nix && \ nix-shell --command 'echo ok' rhodecode-enterprise-ee/default.nix && \ RHODECODE_PATH=/home/$RC_USER/rhodecode-enterprise-ee && \ rm -rf $BUILD_BIN_DIR/bin && \ cp -rv --preserve=links /home/$RC_USER/.rccontrol/enterprise-1/profile/bin $BUILD_BIN_DIR/ && \ cp -v ${RHODECODE_PATH}/configs/production.ini $BUILD_CONF/rhodecode.ini && \ cp -v ${RHODECODE_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf.py && \ mkdir -p $RHODECODE_DATA_DIR/static && cp -r /home/$RC_USER/.rccontrol/enterprise-1/profile/etc/static/* $RHODECODE_DATA_DIR/static/ && \ echo "Done installing rhodecode" RUN \ echo "** configure supervisord **" && \ #cp -v ${SUPERVISOR_CONF} $BUILD_CONF/ && \ #sed -i "s/self_managed_supervisor = False/self_managed_supervisor = True/g" /home/$RC_USER/.rccontrol.ini && \ echo "Done installing supervisord" USER root RUN \ echo "**** cleanup ****" && \ apt-get remove -y $PYTHON_DEPS && \ apt-get autoclean -y && \ rm -f /tmp/* && \ rm -f /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* && \ rm -f /home/$RC_USER/.rccontrol/cache/*.bz2 && \ rm -rf /var/lib/apt/lists/* && \ rm -rf /var/cache/apk/* && \ rm -f ${SUPERVISOR_CONF} && \ rm -rf /home/$RC_USER/rhodecode-vcsserver && \ rm -rf /home/$RC_USER/rhodecode-enterprise-ce && \ rm -rf /home/$RC_USER/rhodecode-enterprise-ee && \ echo "Done cleanup" # copy entrypoints COPY entrypoints.d/entrypoint.sh /opt/entrypoints.d/entrypoint.sh RUN chmod +x /opt/entrypoints.d/entrypoint.sh # config volume VOLUME /etc/rhodecode/conf # repo store volume VOLUME /var/opt/rhodecode_repo_store # data volume VOLUME /var/opt/rhodecode_data # logs volume VOLUME /var/log/rhodecode ENTRYPOINT ["/opt/entrypoints.d/entrypoint.sh"] # compose can override this CMD [ "$BUILD_BIN_DIR/bin/gunicorn", "--error-logfile=-", "--paster=/etc/rhodecode/conf_build/run.ini", "--config=/etc/rhodecode/conf_build/gunicorn_conf.py" ]