[IMP]更新cibase镜像

open-hand · Aug 18, 2023 · c57e998 · c57e998
1 parent 1afa3c0
commit c57e998
Showing 1 changed file with 80 additions and 0 deletions.
diff --git a/cibase/1.2.0-base/Dockerfile b/cibase/1.2.0-base/Dockerfile
@@ -0,0 +1,80 @@
+FROM gcr.io/kaniko-project/executor:v1.14.0 AS kaniko
+FROM debian:bullseye
+
+ENV TZ="Asia/Shanghai" \
+    ROOT_PASSWORD="changeit" \
+    YQ_VERSION="v4.35.1" \
+    HELM_VERSION="v3.12.3" \
+    DOCKER_VERSION="5:23.0.6-1~debian.11~bullseye" \
+    PATH="/kaniko:${PATH}"
+
+# copy kaniko
+COPY --from=kaniko /kaniko /kaniko
+COPY --from=kaniko /etc/nsswitch.conf /etc/nsswitch.conf
+
+# install base packages
+RUN set -eux; \
+    apt-get update; \
+    apt-get upgrade -y; \
+    apt-get install -y \
+        jq \
+        vim \
+        git \
+        tar \
+        curl \
+        wget \
+        unzip \
+        pylint \
+        gnupg2 \
+        xmlstarlet \
+        openssh-server \
+        mariadb-client \
+        ca-certificates \
+        build-essential \
+        apt-transport-https; \
+    curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -; \
+    echo \
+        "deb [arch="$(dpkg --print-architecture)"] https://download.docker.com/linux/debian \
+        "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
+        tee /etc/apt/sources.list.d/docker.list > /dev/null; \
+    ARCH="$(dpkg --print-architecture)"; \
+    apt-get update; \
+    apt-get install -y \
+        skopeo \
+        docker-ce-cli=$DOCKER_VERSION; \
+	rm -rf /var/lib/apt/lists/*; \
+    # install yq
+    wget -qO /usr/bin/yq \
+        "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_${ARCH}"; \
+    chmod a+x /usr/bin/yq; \
+    # install helm
+    wget -qO "/tmp/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz" \
+        "https://get.helm.sh/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz"; \
+    tar xzf "/tmp/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz" -C /tmp; \
+    mv /tmp/linux-${ARCH}/helm /usr/bin/helm; \
+    # post install
+    helm plugin install https://github.com/chartmuseum/helm-push; \
+    ln -s /usr/bin/xmlstarlet /usr/bin/xml; \
+    ln -s /kaniko/executor /kaniko/kaniko; \
+    docker-credential-gcr config --token-source=env; \
+    # Modify `sshd_config`
+    sed -ri 's/^#PermitEmptyPasswords no/PermitEmptyPasswords yes/' /etc/ssh/sshd_config; \
+    sed -ri 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config; \
+    sed -ri 's/^UsePAM yes/UsePAM no/' /etc/ssh/sshd_config; \
+    # Delete root password (set as empty)
+    passwd -d root; \
+    mkdir -p /run/sshd; \
+    rm -r /tmp/*;
+
+# Add trivy
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.44.1; \
+    trivy image --download-db-only;\
+    trivy image --download-java-db-only;
+
+# Add mirror source
+RUN cp /etc/apt/sources.list /etc/apt/sources.list.bak; \
+    sed -i 's deb.debian.org mirrors.aliyun.com g' /etc/apt/sources.list
+
+EXPOSE 22
+
+CMD [ "/bin/sh","-c","/usr/sbin/sshd -D" ]