-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile.optimized
66 lines (51 loc) · 2.54 KB
/
Dockerfile.optimized
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# Optimized image for ComplianceAsCode with on-demand builds
FROM fedora:latest
# Build arguments
ARG EXTRA_CERT=false
# Create directory for custom certificates early
RUN mkdir -p /etc/pki/ca-trust/source/anchors/
# Install CA certificates - these are now added via build context with proper permissions
COPY certs/org/ca-bundle.pem /etc/pki/ca-trust/source/anchors/ca-bundle.pem
RUN chmod 644 /etc/pki/ca-trust/source/anchors/ca-bundle.pem
# Handle extra certificates if specified - this is now handled by the build script
# which will create the appropriate files with the right permissions
# Update CA store with all certificates before any network operations
RUN update-ca-trust
# Configure DNF for more reliable package installation in test environments
RUN echo "fastestmirror=true" >> /etc/dnf/dnf.conf && \
echo "keepcache=true" >> /etc/dnf/dnf.conf && \
echo "retries=10" >> /etc/dnf/dnf.conf && \
echo "timeout=120" >> /etc/dnf/dnf.conf
# Now install dependencies after certificates are set up
RUN dnf -y update && \
dnf -y install --nobest --nogpgcheck cmake make openscap-utils python3-pyyaml python3-jinja2 \
git openscap openscap-devel libxml2 libxslt xmlsec1 xmlsec1-openssl \
python3-setuptools python3-pip python3-lxml python3-requests ca-certificates \
&& dnf clean all
# Set up working directory
WORKDIR /content
# Configure git to be more tolerant during testing
# This is important when running with ACT which might use self-signed certificates
RUN git config --global http.sslVerify false
# Clone the repository with latest content
# Using certificates that are now properly installed (or SSL verification disabled for testing)
RUN git clone https://github.com/ComplianceAsCode/content.git /content && \
# Initialize all submodules
git submodule update --init --recursive && \
# Update all submodules to their latest versions
git submodule update --remote --recursive
# Only prepare the build environment, don't build any products
RUN mkdir -p build && \
cd build && \
cmake ..
# Add helper scripts
COPY ./utils/build-product.sh /usr/local/bin/build-product
COPY ./utils/init-environment.sh /usr/local/bin/init-environment
RUN chmod +x /usr/local/bin/build-product /usr/local/bin/init-environment
# Add a welcome message
COPY ./utils/welcome.sh /etc/profile.d/welcome.sh
RUN chmod +x /etc/profile.d/welcome.sh
# Add a quick-start script to build initial products
COPY ./utils/build-common-products.sh /usr/local/bin/build-common-products
RUN chmod +x /usr/local/bin/build-common-products
ENTRYPOINT ["/bin/bash"]