Skip to content

Commit f125ad2

Browse files
leoherran-awsleoherran-aws
committed
Update Dockerfiles
1 parent 5011692 commit f125ad2

File tree

5 files changed

+228
-200
lines changed

5 files changed

+228
-200
lines changed

al2/x86_64/standard/2.0/Dockerfile

Lines changed: 47 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# Copyright 2019-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
1+
# Copyright 2019-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
22
#
33
# Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License.
44
# A copy of the License is located at
@@ -13,8 +13,10 @@ FROM public.ecr.aws/amazonlinux/amazonlinux:2 AS core
1313

1414
# Install git, SSH, and other utilities
1515
RUN set -ex \
16-
&& yum install -yq openssh-clients \
16+
&& yum install -y -q openssh-clients \
1717
&& mkdir ~/.ssh \
18+
&& mkdir -p /opt/tools \
19+
&& mkdir -p /codebuild/image/config \
1820
&& touch ~/.ssh/known_hosts \
1921
&& ssh-keyscan -t rsa,dsa -H github.com >> ~/.ssh/known_hosts \
2022
&& ssh-keyscan -t rsa,dsa -H bitbucket.org >> ~/.ssh/known_hosts \
@@ -23,8 +25,8 @@ RUN set -ex \
2325
&& rpm --import https://download.mono-project.com/repo/xamarin.gpg \
2426
&& curl https://download.mono-project.com/repo/centos7-stable.repo | tee /etc/yum.repos.d/mono-centos7-stable.repo \
2527
&& amazon-linux-extras enable corretto8 \
26-
&& yum groupinstall -yq "Development tools" \
27-
&& yum install -yq \
28+
&& yum groupinstall -y -q "Development tools" \
29+
&& yum install -y -q \
2830
GeoIP-devel ImageMagick asciidoc bzip2-devel bzr bzrtools cvs cvsps \
2931
docbook-dtds docbook-style-xsl dpkg-dev e2fsprogs expat-devel expect fakeroot \
3032
glib2-devel groff gzip icu iptables jq krb5-server libargon2-devel \
@@ -54,12 +56,12 @@ RUN set -ex \
5456
&& cd git-$GIT_VERSION \
5557
&& make -j4 prefix=/usr \
5658
&& make install prefix=/usr \
57-
&& cd .. ; rm -rf git-$GIT_VERSION \
59+
&& cd .. && rm -rf git-$GIT_VERSION \
5860
&& rm -rf $GIT_TAR_FILE /tmp/*
5961

6062
# Install Firefox
6163
RUN set -ex \
62-
&& yum install -yq gtk3-devel dbus-glib-devel \
64+
&& yum install -y -q gtk3-devel dbus-glib-devel \
6365
&& wget -qO ~/FirefoxSetup.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64" \
6466
&& tar xjf ~/FirefoxSetup.tar.bz2 -C /opt/ \
6567
&& ln -s /opt/firefox/firefox /usr/local/bin/firefox \
@@ -77,7 +79,7 @@ RUN set -ex \
7779

7880
# Install Chromium
7981
RUN set -ex \
80-
&& yum install -yq chromium
82+
&& yum install -y -q chromium
8183

8284
# Install ChromeDriver
8385
RUN set -ex \
@@ -96,17 +98,15 @@ RUN set -ex \
9698
&& STUNNEL_VERSION=5.56 \
9799
&& STUNNEL_TAR=stunnel-$STUNNEL_VERSION.tar.gz \
98100
&& STUNNEL_SHA256="7384bfb356b9a89ddfee70b5ca494d187605bb516b4fff597e167f97e2236b22" \
99-
&& curl -o $STUNNEL_TAR https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/$STUNNEL_TAR \
100-
&& echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum -c - \
101-
&& tar xfz $STUNNEL_TAR \
101+
&& curl -o $STUNNEL_TAR https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/$STUNNEL_TAR && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum --check && tar xfz $STUNNEL_TAR \
102102
&& cd stunnel-$STUNNEL_VERSION \
103103
&& ./configure \
104104
&& make -j4 \
105105
&& make install \
106106
&& openssl genrsa -out key.pem 2048 \
107107
&& openssl req -new -x509 -key key.pem -out cert.pem -days 1095 -subj "/C=US/ST=Washington/L=Seattle/O=Amazon/OU=Codebuild/CN=codebuild.amazon.com" \
108108
&& cat key.pem cert.pem >> /usr/local/etc/stunnel/stunnel.pem \
109-
&& cd .. ; rm -rf stunnel-${STUNNEL_VERSION}*
109+
&& cd .. && rm -rf stunnel-${STUNNEL_VERSION}*
110110

111111
# AWS Tools
112112
# https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html
@@ -117,7 +117,7 @@ RUN curl -sS -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3-us-we
117117

118118
# Configure SSM
119119
RUN set -ex \
120-
&& yum install -yq https://s3.amazonaws.com/amazon-ssm-us-east-1/3.0.1390.0/linux_amd64/amazon-ssm-agent.rpm
120+
&& yum install -y -q https://s3.amazonaws.com/amazon-ssm-us-east-1/3.0.1390.0/linux_amd64/amazon-ssm-agent.rpm
121121

122122
# Install env tools for runtimes
123123
## Dotnet
@@ -162,7 +162,7 @@ ENV GOPATH="/go"
162162
FROM tools AS runtimes_1
163163

164164
#**************** JAVA ****************************************************
165-
COPY tools/android-accept-licenses.sh /opt/tools/android-accept-licenses.sh
165+
RUN cat tools/android-accept-licenses.sh > /opt/tools/android-accept-licenses.sh && chmod 755 /opt/tools/android-accept-licenses.sh
166166

167167
ENV JAVA_11_HOME="/opt/jvm/amazon-corretto-11" \
168168
JDK_11_HOME="/opt/jvm/amazon-corretto-11" \
@@ -175,7 +175,7 @@ ENV JAVA_11_HOME="/opt/jvm/amazon-corretto-11" \
175175
MAVEN_VERSION=3.6.3 \
176176
INSTALLED_GRADLE_VERSIONS="4.10.3 5.4.1" \
177177
GRADLE_VERSION=5.4.1 \
178-
SBT_VERSION=1.2.8 \
178+
SBT_VERSION=1.6.1 \
179179
JDK_VERSION=11.0.5.10.1 \
180180
ANDROID_HOME="/usr/local/android-sdk-linux" \
181181
GRADLE_PATH="$SRC_DIR/gradle" \
@@ -190,7 +190,8 @@ ENV JAVA_11_HOME="/opt/jvm/amazon-corretto-11" \
190190
MAVEN_DOWNLOAD_SHA512="c35a1803a6e70a126e80b2b3ae33eed961f83ed74d18fcd16909b2d44d7dada3203f1ffe726c17ef8dcca2dcaa9fca676987befeadc9b9f759967a8cb77181c0" \
191191
GRADLE_DOWNLOADS_SHA256="14cd15fc8cc8705bd69dcfa3c8fefb27eb7027f5de4b47a8b279218f76895a91 5.4.1\n336b6898b491f6334502d8074a6b8c2d73ed83b92123106bd4bf837f04111043 4.10.3" \
192192
ANDROID_SDK_MANAGER_SHA256="92ffee5a1d98d856634e8b71132e8a95d96c83a63fde1099be3d86df3106def9" \
193-
SBT_DOWNLOAD_SHA256="9bb9212541176d6fcce7bd12e4cf8a9c9649f5b63f88b3aff474e0b02c7cfe58"
193+
SBT_DOWNLOAD_SHA256="60286bf1b875b31e2955f8a699888cd2612e9afd94d03cde0a2e71efd7492ffc" \
194+
LOG4J_UNSAFE_VERSIONS="2.11.1 1.2.8"
194195

195196
ARG MAVEN_CONFIG_HOME="/root/.m2"
196197
ENV JDK_DOWNLOAD_TAR="amazon-corretto-${JDK_VERSION}-linux-x64.tar.gz" \
@@ -203,7 +204,7 @@ ENV JDK_DOWNLOAD_URL="https://d3pxv6yz143wms.cloudfront.net/${JDK_VERSION}/${JDK
203204

204205
RUN set -ex \
205206
# Install Amazon Corretto 8
206-
&& yum install -yq java-1.8.0-amazon-corretto-devel \
207+
&& yum install -y -q java-1.8.0-amazon-corretto-devel \
207208
# Ensure Java cacerts symlink points to valid location
208209
&& update-ca-trust
209210

@@ -275,9 +276,11 @@ RUN set -ex \
275276
&& curl -fSL "https://github.com/sbt/sbt/releases/download/v${SBT_VERSION}/sbt-${SBT_VERSION}.tgz" -o sbt.tgz \
276277
&& echo "${SBT_DOWNLOAD_SHA256} *sbt.tgz" | sha256sum -c - \
277278
&& tar xzf sbt.tgz -C /usr/local/bin/ \
278-
&& rm sbt.tgz
279+
&& rm sbt.tgz \
280+
&& for version in $LOG4J_UNSAFE_VERSIONS; do find / -name log4j*-$version.jar | xargs rm -f; done
281+
279282
ENV PATH "/usr/local/bin/sbt/bin:$PATH"
280-
RUN sbt version
283+
RUN sbt version -Dsbt.rootdir=true
281284
# Cleanup
282285
RUN rm -fr /tmp/* /var/tmp/*
283286
#**************** END JAVA ****************************************************
@@ -309,17 +312,18 @@ ENV NODE_10_VERSION="10.19.0"
309312
RUN n $NODE_10_VERSION && npm install --save-dev -g -f grunt && npm install --save-dev -g -f grunt-cli && npm install --save-dev -g -f webpack \
310313
&& curl -sSL https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo \
311314
&& rpm --import https://dl.yarnpkg.com/rpm/pubkey.gpg \
312-
&& yum install -yq yarn \
315+
&& yum install -y https://download-ib01.fedoraproject.org/pub/epel/8/Modular/x86_64/Packages/l/libuv-1.43.0-2.module_el8+13774+f8c1f5a5.x86_64.rpm \
316+
&& yum install -y -q yarn \
313317
&& yarn --version \
314-
&& cd / && rm -rf $N_SRC_DIR; rm -rf /tmp/*
318+
&& cd / && rm -rf $N_SRC_DIR && rm -rf /tmp/*
315319

316320
#**************** END NODEJS ****************************************************
317321

318322
#**************** RUBY *********************************************************
319323

320324
ENV RUBY_26_VERSION="2.6.5"
321325

322-
RUN rbenv install $RUBY_26_VERSION; rm -rf /tmp/*; rbenv global $RUBY_26_VERSION;ruby -v
326+
RUN rbenv install $RUBY_26_VERSION && rm -rf /tmp/* && rbenv global $RUBY_26_VERSION && ruby -v
323327

324328
#**************** END RUBY *****************************************************
325329

@@ -328,8 +332,8 @@ ENV PYTHON_37_VERSION="3.7.10"
328332
ENV PYTHON_PIP_VERSION=21.1.2
329333
ENV PYYAML_VERSION=5.4.1
330334

331-
COPY tools/runtime_configs/python/$PYTHON_37_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION
332-
RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION; rm -rf /tmp/*
335+
RUN cat tools/runtime_configs/python/$PYTHON_37_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION
336+
RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION && rm -rf /tmp/*
333337
RUN pyenv global $PYTHON_37_VERSION
334338
RUN set -ex \
335339
&& pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \
@@ -341,8 +345,8 @@ RUN set -ex \
341345
#**************** PHP ****************************************************
342346
ENV PHP_73_VERSION="7.3.13"
343347

344-
COPY tools/runtime_configs/php/$PHP_73_VERSION /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_73_VERSION
345-
RUN phpenv install $PHP_73_VERSION; rm -rf /tmp/*; phpenv global $PHP_73_VERSION
348+
RUN cat tools/runtime_configs/php/$PHP_73_VERSION > /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_73_VERSION
349+
RUN phpenv install $PHP_73_VERSION && rm -rf /tmp/* && phpenv global $PHP_73_VERSION
346350
RUN echo "memory_limit = 1G;" >> "/root/.phpenv/versions/$PHP_73_VERSION/etc/conf.d/memory.ini"
347351

348352
# Install Composer globally
@@ -356,25 +360,24 @@ ENV GOLANG_13_VERSION="1.13.15" \
356360
ENV GOENV_DISABLE_GOPATH=1
357361
ENV GOPATH="/go"
358362

359-
RUN goenv install $GOLANG_12_VERSION; rm -rf /tmp/*
363+
RUN goenv install $GOLANG_12_VERSION && rm -rf /tmp/*
360364

361-
RUN goenv install $GOLANG_13_VERSION; rm -rf /tmp/*; \
362-
goenv global $GOLANG_13_VERSION
365+
RUN goenv install $GOLANG_13_VERSION && rm -rf /tmp/* && goenv global $GOLANG_13_VERSION
363366

364367
RUN go get -u github.com/golang/dep/cmd/dep
365368
#**************** END GOLANG ****************************************************
366369

367370
#=======================End of layer: runtimes_1 =================
368371
FROM runtimes_1 AS runtimes_2
369372

370-
#Docker 19
373+
#Docker 20
371374
ENV DOCKER_BUCKET="download.docker.com" \
372375
DOCKER_CHANNEL="stable" \
373376
DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" \
374377
DOCKER_COMPOSE_VERSION="1.24.0"
375378

376-
ENV DOCKER_SHA256="caf74e54b58c0b38bb4d96c8f87665f29b684371c9a325562a3904b8c389995e"
377-
ENV DOCKER_VERSION="20.10.9"
379+
ENV DOCKER_SHA256="dd6ff72df1edfd61ae55feaa4aadb88634161f0aa06dbaaf291d1be594099ff3"
380+
ENV DOCKER_VERSION="20.10.11"
378381

379382
VOLUME /var/lib/docker
380383

@@ -397,8 +400,8 @@ RUN set -ex \
397400
#Python 3.8
398401
ENV PYTHON_38_VERSION="3.8.10"
399402

400-
COPY tools/runtime_configs/python/$PYTHON_38_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION
401-
RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION; rm -rf /tmp/*
403+
RUN cat tools/runtime_configs/python/$PYTHON_38_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION
404+
RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION && rm -rf /tmp/*
402405
RUN pyenv global $PYTHON_38_VERSION
403406
RUN set -ex \
404407
&& pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \
@@ -408,8 +411,8 @@ RUN set -ex \
408411
#Python 3.9
409412
ENV PYTHON_39_VERSION="3.9.5"
410413

411-
COPY tools/runtime_configs/python/$PYTHON_39_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_39_VERSION
412-
RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_39_VERSION; rm -rf /tmp/*
414+
RUN cat tools/runtime_configs/python/$PYTHON_39_VERSION > /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_39_VERSION
415+
RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_39_VERSION && rm -rf /tmp/*
413416
RUN pyenv global $PYTHON_39_VERSION
414417
RUN set -ex \
415418
&& pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \
@@ -456,14 +459,15 @@ ENV MAVEN_CONFIG=$MAVEN_CONFIG_HOME
456459
ENV DEBIAN_FRONTEND="noninteractive"
457460

458461
# Configure SSH
459-
COPY ssh_config /root/.ssh/config
460-
COPY runtimes.yml /codebuild/image/config/runtimes.yml
461-
COPY dockerd-entrypoint.sh /usr/local/bin/
462-
COPY legal/THIRD_PARTY_LICENSES.txt /usr/share/doc
463-
COPY legal/bill_of_material.txt /usr/share/doc
464-
COPY amazon-ssm-agent.json /etc/amazon/ssm/
465-
466-
ENTRYPOINT ["dockerd-entrypoint.sh"]
462+
RUN cat ssh_config > /root/.ssh/config
463+
RUN cat runtimes.yml > /codebuild/image/config/runtimes.yml
464+
RUN cat dockerd-entrypoint.sh > /usr/local/bin/dockerd-entrypoint.sh
465+
RUN chmod +x /usr/local/bin/dockerd-entrypoint.sh
466+
RUN cat legal/THIRD_PARTY_LICENSES.txt > /usr/share/doc/THIRD_PARTY_LICENSES.txt
467+
RUN cat legal/bill_of_material.txt > /usr/share/doc/bill_of_material.txt
468+
RUN cat amazon-ssm-agent.json > /etc/amazon/ssm/amazon-ssm-agent.json
469+
470+
ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh"]
467471

468472
#=======================End of layer: al2_v1 =================
469473

0 commit comments

Comments
 (0)