puts the scripts in the container and take out the user

This commit is contained in:
Blair Vanderlugt 2021-05-02 16:56:08 +00:00
parent 13253a2dcc
commit e1564574f7

View File

@ -47,9 +47,9 @@ RUN wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.37.2/install.sh |
ENV NODE_PATH $NVM_DIR/versions/node//v$NODE_VERSION/lib/node_modules ENV NODE_PATH $NVM_DIR/versions/node//v$NODE_VERSION/lib/node_modules
ENV PATH $NVM_DIR/versions/node//v$NODE_VERSION/bin:$PATH ENV PATH $NVM_DIR/versions/node//v$NODE_VERSION/bin:$PATH
RUN useradd --create-home grassroots #RUN useradd --create-home grassroots
WORKDIR /home/grassroots # WORKDIR /home/grassroots
USER grassroots # USER grassroots
ARG pip_extra_index_url=https://pip.grassrootseconomics.net:8433 ARG pip_extra_index_url=https://pip.grassrootseconomics.net:8433
ARG cic_base_version=0.1.2a79 ARG cic_base_version=0.1.2a79
@ -57,44 +57,49 @@ ARG cic_eth_version=0.11.0b8+build.c2286e5c
ARG sarafu_faucet_version=0.0.2a28 ARG sarafu_faucet_version=0.0.2a28
ARG sarafu_token_version=0.0.1a6 ARG sarafu_token_version=0.0.1a6
ARG cic_contracts_version=0.0.2a2 ARG cic_contracts_version=0.0.2a2
RUN pip install --user --index-url https://pypi.org/simple --extra-index-url $pip_extra_index_url cic-base[full_graph]==$cic_base_version \ RUN pip install --index-url https://pypi.org/simple --extra-index-url $pip_extra_index_url cic-base[full_graph]==$cic_base_version \
cic-eth==$cic_eth_version \ cic-eth==$cic_eth_version \
cic-contracts==$cic_contracts_version \ cic-contracts==$cic_contracts_version \
sarafu-faucet==$sarafu_faucet_version \ sarafu-faucet==$sarafu_faucet_version \
sarafu-token==$sarafu_token_version sarafu-token==$sarafu_token_version
# -------------- begin runtime container ----------------
FROM python:3.8.6-slim-buster as runtime-image FROM python:3.8.6-slim-buster as runtime-image
RUN apt-get update RUN apt-get update
RUN apt-get install -y --no-install-recommends gnupg libpq-dev RUN apt-get install -y --no-install-recommends gnupg libpq-dev
RUN apt-get install -y --no-install-recommends jq RUN apt-get install -y jq bash iputils-ping socat
COPY --from=compile-image /usr/local/bin/ /usr/local/bin/ COPY --from=compile-image /usr/local/bin/ /usr/local/bin/
COPY --from=compile-image /usr/local/etc/cic/ /usr/local/etc/cic/ COPY --from=compile-image /usr/local/etc/cic/ /usr/local/etc/cic/
COPY --from=compile-image /usr/local/lib/python3.8/site-packages/ \
/usr/local/lib/python3.8/site-packages/
RUN useradd --create-home grassroots ENV EXTRA_INDEX_URL https://pip.grassrootseconomics.net:8433
WORKDIR /home/grassroots # RUN useradd -u 1001 --create-home grassroots
# COPY python dependencies to user dir # RUN adduser grassroots sudo && \
COPY --from=compile-image /home/grassroots/.local .local # echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
ENV PATH=/home/grassroots/.local/bin:$PATH # WORKDIR /home/grassroots
COPY contract-migration/testdata/pgp testdata/pgp COPY contract-migration/testdata/pgp testdata/pgp
COPY contract-migration/sarafu_declaration.json sarafu_declaration.json COPY contract-migration/sarafu_declaration.json sarafu_declaration.json
COPY contract-migration/keystore keystore COPY contract-migration/keystore keystore
COPY contract-migration/envlist . COPY contract-migration/envlist .
COPY contract-migration/scripts scripts/
# RUN chown grassroots:grassroots .local/
RUN mkdir -p /tmp/cic/config
RUN chown grassroots:grassroots /tmp/cic/config
# A shared output dir for environment configs # A shared output dir for environment configs
RUN mkdir -p /tmp/cic/config
# RUN chown grassroots:grassroots /tmp/cic/config
RUN chmod a+rwx /tmp/cic/config RUN chmod a+rwx /tmp/cic/config
COPY contract-migration/*.sh ./ COPY contract-migration/*.sh ./
RUN chown grassroots:grassroots -R . # RUN chown grassroots:grassroots -R .
RUN chmod gu+x *.sh RUN chmod gu+x *.sh
# we copied these from the root build container.
# this is dumb though...I guess the compile image should have the same user
# RUN chown grassroots:grassroots -R /usr/local/lib/python3.8/site-packages/
USER grassroots # USER grassroots
ENTRYPOINT [ ] ENTRYPOINT [ ]