From 11d9ee28976da36bee734acb083b66280ced4401 Mon Sep 17 00:00:00 2001 From: Shawn Wilson Date: Wed, 31 Jan 2024 18:05:29 -0500 Subject: [PATCH 1/2] Initial docker compose to build a vunnel-dev. --- Dockerfile-dev | 100 ++++++++++++++++++++++++++++++++++++ Dockerfile-dev.dockerignore | 1 + compose.yml | 31 +++++++++++ 3 files changed, 132 insertions(+) create mode 100644 Dockerfile-dev create mode 100644 Dockerfile-dev.dockerignore create mode 100644 compose.yml diff --git a/Dockerfile-dev b/Dockerfile-dev new file mode 100644 index 00000000..b9afebd5 --- /dev/null +++ b/Dockerfile-dev @@ -0,0 +1,100 @@ +FROM ubuntu:latest AS t1 +LABEL name=test1 + +ARG UID +ARG GID +ARG UNAME +ARG GO_VERSION +ARG WORKDIR +ARG PROVIDER +ARG DEBUG +ARG XDG_CACHE_HOME +ARG PIP_NO_CACHE_DIR +ARG PIP_DISABLE_PIP_VERSION_CHECK +ARG PIP_DEFAULT_TIMEOUT +ARG POETRY_NO_INTERACTION +ARG POETRY_VIRTUALENVS_IN_PROJECT +ARG POETRY_VIRTUALENVS_CREATE +ARG PATH + +ENV DEBUG $DEBUG +ENV XDG_CACHE_HOME $XDG_CACHE_HOME +ENV PIP_NO_CACHE_DIR $PIP_NO_CACHE_DIR +ENV PIP_DISABLE_PIP_VERSION_CHECK $PIP_DISABLE_PIP_VERSION_CHECK +ENV PIP_DEFAULT_TIMEOUT $PIP_DEFAULT_TIMEOUT +ENV POETRY_NO_INTERACTION $POETRY_NO_INTERACTION +ENV POETRY_VIRTUALENVS_IN_PROJECT $POETRY_VIRTUALENVS_IN_PROJECT +ENV POETRY_VIRTUALENVS_CREATE $POETRY_VIRTUALENVS_CREATE +ENV PATH $PATH + +RUN --mount=type=cache,target=/var/cache/apt \ + --mount=type=cache,target=/var/lib/apt/lists \ + rm -f /etc/apt/apt.conf.d/docker-clean \ + && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache \ + && apt update \ + && apt install -y \ + bash \ + build-essential \ + curl \ + libcurl4 \ + python3 \ + python3-pip \ + git \ + util-linux + +SHELL [ "/bin/bash", "-c" ] + +RUN --mount=type=cache,target=/tmp \ + [ -f /tmp/go.tgz ] || curl -L "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" -o /tmp/go.tgz \ + && tar -zxvf /tmp/go.tgz -C /usr/local/ + +RUN --mount=type=cache,target=/tmp \ + groupadd -g ${GID} -o ${UNAME} \ + && useradd -m -u ${UID} -g ${GID} -o -s /bin/bash ${UNAME} \ + && chown -R ${UID}:${GID} /tmp \ + && install -d -o ${UID} -g ${GID} -m 770 /work + +USER ${UNAME} + +# Ensure git repos are populated/updated from cache +RUN --mount=type=cache,target=/tmp,uid=${UID},gid=${GID} \ + if [ -d /tmp/grype ]; then \ + git --git-dir=/tmp/grype fetch origin; \ + else \ + git clone --bare https://github.com/anchore/grype /tmp/grype; \ + git --git-dir=/tmp/grype config remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*"; \ + fi && \ + if [ -d /tmp/grype-db ]; then \ + git --git-dir=/tmp/grype-db fetch origin; \ + else \ + git clone --bare https://github.com/anchore/grype-db /tmp/grype-db; \ + git --git-dir=/tmp/grype-db config remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*"; \ + fi + +# Pull git repos from cache +RUN --mount=type=cache,target=/tmp,uid=${UID},gid=${GID} \ + git clone /tmp/grype /work/grype \ + && git clone /tmp/grype-db /work/grype-db + +ADD --chown=${UID}:$${GID} \ + . ${WORKDIR} +RUN --mount=type=cache,target=/home/${UNAME}/.cache/go-build,uid=${UID},gid=${GID} \ + --mount=type=cache,target=/home/${UNAME}/.cache/pip,uid=${UID},gid=${GID} \ + cd ${WORKDIR} \ + && pip install poetry \ + && make bootstrap +RUN --mount=type=cache,target=/home/${UNAME}/.cache/pypoetry/artifacts,uid=${UID},gid=${GID} \ + --mount=type=cache,target=/home/${UNAME}/.cache/pypoetry/cache,uid=${UID},gid=${GID} \ + cd ${WORKDIR} \ + && poetry install +RUN --mount=type=cache,target=/home/${UNAME}/.cache/go-build,uid=${UID},gid=${GID} \ + --mount=type=cache,target=/home/${UNAME}/.cache/pip,uid=${UID},gid=${GID} \ + cd ${WORKDIR} \ + && make dev provider="${PROVIDER}" + +WORKDIR ${WORKDIR} + +LABEL org.opencontainers.image.title vunnel-dev +LABEL org.opencontainers.image.source https://github.com/anchore/vunnel +LABEL org.opencontainers.image.description "Development image for a tool for pulling and processing vulnerability data from mutiple sources" + diff --git a/Dockerfile-dev.dockerignore b/Dockerfile-dev.dockerignore new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/Dockerfile-dev.dockerignore @@ -0,0 +1 @@ + diff --git a/compose.yml b/compose.yml new file mode 100644 index 00000000..817390bb --- /dev/null +++ b/compose.yml @@ -0,0 +1,31 @@ +--- +version: "3" +services: + vunnel-dev: + image: vunnel-dev + environment: + UID: 1000 + GID: 1000 + UNAME: user + build: + context: . + args: + UID: 1000 + GID: 1000 + UNAME: user + GO_VERSION: 1.21.6 + WORKDIR: /work/vunnel + PROVIDER: + DEBUG: 1 + XDG_CACHE_HOME: /home/user/.cache + PIP_NO_CACHE_DIR: off + PIP_DISABLE_PIP_VERSION_CHECK: on + PIP_DEFAULT_TIMEOUT: 100 + POETRY_NO_INTERACTION: 1 + POETRY_VIRTUALENVS_IN_PROJECT: 1 + POETRY_VIRTUALENVS_CREATE: 1 + PATH: /home/user/.local/bin:/home/user/.cache/pypoetry/bin:/home/user/.cache/venv/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + dockerfile: ./Dockerfile-dev + user: "${UID:-1000}:${GID:-1000}" + tty: true + stdin_open: true From 155ef869fce12320c0b3ab998caf2d9d22a64026 Mon Sep 17 00:00:00 2001 From: Shawn Wilson Date: Wed, 31 Jan 2024 20:38:22 -0500 Subject: [PATCH 2/2] Make dockerfile look right and replace t1 with vunnel-dev. Add a watch for file changes to compose. Get make to use bash to execute dev-shell.sh so that pipefail works. --- Dockerfile-dev | 3 +-- Makefile | 3 +++ compose.yml | 4 ++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Dockerfile-dev b/Dockerfile-dev index b9afebd5..8e1db3f8 100644 --- a/Dockerfile-dev +++ b/Dockerfile-dev @@ -1,5 +1,4 @@ -FROM ubuntu:latest AS t1 -LABEL name=test1 +FROM ubuntu:latest AS vunnel-dev ARG UID ARG GID diff --git a/Makefile b/Makefile index b3a1d919..88cb79ca 100644 --- a/Makefile +++ b/Makefile @@ -42,6 +42,9 @@ ifndef PACKAGE_VERSION endif .DEFAULT_GOAL := all +.SHELLFLAGS := -c + +SHELL := /bin/bash .PHONY: all all: static-analysis test ## Run all validations diff --git a/compose.yml b/compose.yml index 817390bb..fb7f7923 100644 --- a/compose.yml +++ b/compose.yml @@ -26,6 +26,10 @@ services: POETRY_VIRTUALENVS_CREATE: 1 PATH: /home/user/.local/bin:/home/user/.cache/pypoetry/bin:/home/user/.cache/venv/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin dockerfile: ./Dockerfile-dev + develop: + watch: + - action: rebuild + path: . user: "${UID:-1000}:${GID:-1000}" tty: true stdin_open: true