From 5436730ee20ba4cfbb2824dbcaaf9c5b4bbfd921 Mon Sep 17 00:00:00 2001 From: Christophe Vila Date: Fri, 31 Oct 2025 23:28:37 +0100 Subject: [PATCH] Updated Dockerfile --- .devcontainer/server/Dockerfile | 132 ++++++++++++++++++++++++++++---- .devcontainer/ui/Dockerfile | 127 +++++++++++++++--------------- 2 files changed, 181 insertions(+), 78 deletions(-) diff --git a/.devcontainer/server/Dockerfile b/.devcontainer/server/Dockerfile index 19157b0..bc295f5 100644 --- a/.devcontainer/server/Dockerfile +++ b/.devcontainer/server/Dockerfile @@ -1,22 +1,37 @@ -ARG VARIANT=21-jdk -FROM eclipse-temurin:${VARIANT} +FROM debian:trixie + +RUN groupadd debian \ + --gid 1000 \ + && useradd debian \ + --uid 1000 \ + --gid debian \ + --shell /bin/bash \ + --create-home RUN apt-get update \ && apt-get -y install --no-install-recommends \ ca-certificates \ + curl \ + dirmngr \ git \ + gnupg \ + gpg \ + gpg-agent \ + libatomic1 \ nano \ + python3 \ unzip \ vim-tiny \ + wget \ + xz-utils \ && apt-get auto-remove -y \ && apt-get clean -y \ - && chsh -s $(which bash) ubuntu \ - && echo 'export PS1="\e[01;32m\u\e[m:\e[01;34m\w\e[m\$ "' >> /home/ubuntu/.bashrc + && rm -rf /var/lib/apt/lists/* \ + && echo 'export PS1="\e[01;32m\u\e[m:\e[01;34m\w\e[m\$ "' >> /home/debian/.bashrc -ARG NEXUS_REPO=https://rm.vilanet.fr/repository/raw -RUN --mount=type=secret,id=nexus_login,target=/tmp/nexus_login \ - --mount=type=secret,id=nexus_pwd,target=/tmp/nexus_pwd \ - curl -Lo /tmp/jetbrains.zip -u$(cat /tmp/nexus_login):$(cat /tmp/nexus_pwd) ${NEXUS_REPO}/jetbrains.zip +ENV JAVA_HOME=/opt/java/openjdk +COPY --from=eclipse-temurin:21 $JAVA_HOME $JAVA_HOME +ENV PATH="${JAVA_HOME}/bin:${PATH}" ENV MAVEN_HOME=/opt/maven ENV PATH=$MAVEN_HOME/bin:$PATH @@ -29,13 +44,104 @@ RUN mkdir -p $MAVEN_HOME \ && tar -xzf /tmp/apache-maven.tar.gz -C $MAVEN_HOME --strip-components=1 \ && rm -f /tmp/apache-maven.tar.gz +ARG NODE_VERSION=22.21.1 +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + C0D6248439F1D5604AAFFB4021D900FFDB233756 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" || \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && npm install -g npm \ + && npm install -g @anthropic-ai/claude-code \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ARG BUN_VERSION=1.3.1 +RUN arch="$(dpkg --print-architecture)" \ + && case "${arch##*-}" in \ + amd64) build="x64-baseline";; \ + arm64) build="aarch64";; \ + *) echo "error: unsupported architecture: $arch"; exit 1 ;; \ + esac \ + && version="$BUN_VERSION" \ + && case "$version" in \ + latest | canary | bun-v*) tag="$version"; ;; \ + v*) tag="bun-$version"; ;; \ + *) tag="bun-v$version"; ;; \ + esac \ + && case "$tag" in \ + latest) release="latest/download"; ;; \ + *) release="download/$tag"; ;; \ + esac \ + && curl "https://github.com/oven-sh/bun/releases/$release/bun-linux-$build.zip" \ + -fsSLO \ + --compressed \ + --retry 5 \ + || (echo "error: failed to download: $tag" && exit 1) \ + && for key in \ + "F3DCC08A8572C0749B3E18888EAB4D40A7B22B59" \ + ; do \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \ + || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + done \ + && curl "https://github.com/oven-sh/bun/releases/$release/SHASUMS256.txt.asc" \ + -fsSLO \ + --compressed \ + --retry 5 \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + || (echo "error: failed to verify: $tag" && exit 1) \ + && grep " bun-linux-$build.zip\$" SHASUMS256.txt | sha256sum -c - \ + || (echo "error: failed to verify: $tag" && exit 1) \ + && unzip "bun-linux-$build.zip" \ + && mv "bun-linux-$build/bun" /usr/local/bin/bun \ + && rm -f "bun-linux-$build.zip" SHASUMS256.txt.asc SHASUMS256.txt \ + && chmod +x /usr/local/bin/bun + +ARG NEXUS_REPO=https://rm.vilanet.fr/repository/raw +RUN --mount=type=secret,id=nexus_login,target=/tmp/nexus_login \ + --mount=type=secret,id=nexus_pwd,target=/tmp/nexus_pwd \ + curl -Lo /tmp/jetbrains.zip -u$(cat /tmp/nexus_login):$(cat /tmp/nexus_pwd) ${NEXUS_REPO}/jetbrains.zip + # Set the default user -USER ubuntu +USER debian -RUN mkdir -p /home/ubuntu/.local/share && \ - unzip -d /home/ubuntu/.local/share /tmp/jetbrains.zip +RUN mkdir -p /home/debian/.local/share \ + && unzip -d /home/debian/.local/share /tmp/jetbrains.zip -#ENV IDEA_VM_OPTIONS=/home/ubuntu/.local/share/jetbrains/vmoptions/idea.vmoptions +#ENV IDEA_VM_OPTIONS=/home/debian/.local/share/jetbrains/vmoptions/idea.vmoptions # Set the working directory -WORKDIR /home/ubuntu +WORKDIR /home/debian diff --git a/.devcontainer/ui/Dockerfile b/.devcontainer/ui/Dockerfile index 6691164..bc295f5 100644 --- a/.devcontainer/ui/Dockerfile +++ b/.devcontainer/ui/Dockerfile @@ -1,6 +1,50 @@ -FROM debian:bookworm +FROM debian:trixie -ARG NODE_VERSION=22.17.1 +RUN groupadd debian \ + --gid 1000 \ + && useradd debian \ + --uid 1000 \ + --gid debian \ + --shell /bin/bash \ + --create-home + +RUN apt-get update \ + && apt-get -y install --no-install-recommends \ + ca-certificates \ + curl \ + dirmngr \ + git \ + gnupg \ + gpg \ + gpg-agent \ + libatomic1 \ + nano \ + python3 \ + unzip \ + vim-tiny \ + wget \ + xz-utils \ + && apt-get auto-remove -y \ + && apt-get clean -y \ + && rm -rf /var/lib/apt/lists/* \ + && echo 'export PS1="\e[01;32m\u\e[m:\e[01;34m\w\e[m\$ "' >> /home/debian/.bashrc + +ENV JAVA_HOME=/opt/java/openjdk +COPY --from=eclipse-temurin:21 $JAVA_HOME $JAVA_HOME +ENV PATH="${JAVA_HOME}/bin:${PATH}" + +ENV MAVEN_HOME=/opt/maven +ENV PATH=$MAVEN_HOME/bin:$PATH + +ARG MAVEN_VERSION=3.9.11 +ARG BASE_URL=https://dlcdn.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries + +RUN mkdir -p $MAVEN_HOME \ + && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \ + && tar -xzf /tmp/apache-maven.tar.gz -C $MAVEN_HOME --strip-components=1 \ + && rm -f /tmp/apache-maven.tar.gz + +ARG NODE_VERSION=22.21.1 RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ @@ -12,9 +56,6 @@ RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ && set -ex \ - # libatomic1 for arm - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys @@ -28,8 +69,8 @@ RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ 108F52B48DB57BB0CC439B2997B01419BD92F80A \ A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" || \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ @@ -41,34 +82,15 @@ RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ - && apt-mark auto '.*' > /dev/null \ - && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ - | sort -u \ - | xargs -r dpkg-query --search \ - | cut -d: -f1 \ - | sort -u \ - | xargs -r apt-mark manual \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && npm install -g npm \ + && npm install -g @anthropic-ai/claude-code \ # smoke tests && node --version \ && npm --version \ && rm -rf /tmp/* -ARG BUN_VERSION=latest -RUN apt-get update -qq \ - && apt-get install -qq --no-install-recommends \ - ca-certificates \ - curl \ - dirmngr \ - gpg \ - gpg-agent \ - unzip \ - python3 \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - && arch="$(dpkg --print-architecture)" \ +ARG BUN_VERSION=1.3.1 +RUN arch="$(dpkg --print-architecture)" \ && case "${arch##*-}" in \ amd64) build="x64-baseline";; \ arm64) build="aarch64";; \ @@ -108,43 +130,18 @@ RUN apt-get update -qq \ && rm -f "bun-linux-$build.zip" SHASUMS256.txt.asc SHASUMS256.txt \ && chmod +x /usr/local/bin/bun -COPY docker-entrypoint.sh /usr/local/bin -RUN mkdir -p /usr/local/bun-node-fallback-bin && ln -s /usr/local/bin/bun /usr/local/bun-node-fallback-bin/node -ENV PATH="${PATH}:/usr/local/bun-node-fallback-bin" +ARG NEXUS_REPO=https://rm.vilanet.fr/repository/raw +RUN --mount=type=secret,id=nexus_login,target=/tmp/nexus_login \ + --mount=type=secret,id=nexus_pwd,target=/tmp/nexus_pwd \ + curl -Lo /tmp/jetbrains.zip -u$(cat /tmp/nexus_login):$(cat /tmp/nexus_pwd) ${NEXUS_REPO}/jetbrains.zip -# Disable the runtime transpiler cache by default inside Docker containers. -# On ephemeral containers, the cache is not useful -ARG BUN_RUNTIME_TRANSPILER_CACHE_PATH=0 -ENV BUN_RUNTIME_TRANSPILER_CACHE_PATH=${BUN_RUNTIME_TRANSPILER_CACHE_PATH} +# Set the default user +USER debian -# Ensure `bun install -g` works -ARG BUN_INSTALL_BIN=/usr/local/bin -ENV BUN_INSTALL_BIN=${BUN_INSTALL_BIN} +RUN mkdir -p /home/debian/.local/share \ + && unzip -d /home/debian/.local/share /tmp/jetbrains.zip -RUN groupadd bun \ - --gid 1000 \ - && useradd bun \ - --uid 1000 \ - --gid bun \ - --shell /bin/sh \ - --create-home \ - && ln -s /usr/local/bin/bun /usr/local/bin/bunx \ - && which bun \ - && which bunx \ - && bun --version +#ENV IDEA_VM_OPTIONS=/home/debian/.local/share/jetbrains/vmoptions/idea.vmoptions -RUN apt-get update \ - && apt-get -y install --no-install-recommends \ - ca-certificates \ - git \ - nano \ - vim-tiny \ - && apt-get auto-remove -y \ - && apt-get clean -y \ - && chsh -s $(which bash) bun \ - && echo 'export PS1="\e[01;32m\u\e[m:\e[01;34m\w\e[m\$ "' >> /home/bun/.bashrc - -USER bun -WORKDIR /home/bun -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["/usr/local/bin/bun"] +# Set the working directory +WORKDIR /home/debian