/
Dockerfile
84 lines (63 loc) · 2.4 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
ARG BASE_IMAGE_TYPE=slim
# --------------------------------------
# slim image
# --------------------------------------
FROM ghcr.io/renovatebot/base-image:1.25.1@sha256:e9f466e28d875e7c9120a2d41fb706e40af02a57f2e6062bfea0386cbfc5b240 AS slim-base
# --------------------------------------
# full image
# --------------------------------------
FROM ghcr.io/renovatebot/base-image:1.25.1-full@sha256:9b95f966712558ee685004f0d789b28c5dab383b9db2dc10dc57e27a6552fb64 AS full-base
# --------------------------------------
# build image
# --------------------------------------
FROM slim-base as build
WORKDIR /usr/local/renovate
ENV CI=1 npm_config_modules_cache_max_age=0
ENV RE2_DOWNLOAD_MIRROR=https://github.com/containerbase/node-re2-prebuild/releases/download RE2_DOWNLOAD_SKIP_PATH=1
COPY pnpm-lock.yaml ./
# only fetch deps from lockfile https://pnpm.io/cli/fetch
RUN pnpm fetch --prod
COPY . ./
# install
RUN set -ex; \
pnpm install --prod --offline --ignore-scripts; \
npm explore re2 -- npm run install; \
true
# test
COPY tools/docker/bin/ /usr/local/bin/
RUN set -ex; \
renovate --version; \
renovate-config-validator; \
node -e "new require('re2')('.*').exec('test')"; \
true
# --------------------------------------
# final image
# --------------------------------------
FROM ${BASE_IMAGE_TYPE}-base
LABEL name="renovate"
LABEL org.opencontainers.image.source="https://github.com/renovatebot/renovate" \
org.opencontainers.image.url="https://renovatebot.com" \
org.opencontainers.image.licenses="AGPL-3.0-only"
WORKDIR /usr/src/app
ENV RENOVATE_X_IGNORE_NODE_WARN=true
COPY tools/docker/bin/ /usr/local/bin/
CMD ["renovate"]
ARG RENOVATE_VERSION
COPY --from=build --chown=root:root /usr/local/renovate/ /usr/local/renovate/
# Compabillity, so `config.js` can access renovate and deps
RUN set -ex; \
mkdir /opt/containerbase/tools/renovate; \
echo "${RENOVATE_VERSION}" > /opt/containerbase/versions/renovate; \
ln -sf /usr/local/renovate /opt/containerbase/tools/renovate/${RENOVATE_VERSION}; \
ln -sf /usr/local/renovate/node_modules ./node_modules; \
true
RUN set -ex; \
renovate --version; \
renovate-config-validator; \
node -e "new require('re2')('.*').exec('test')"; \
true
LABEL \
org.opencontainers.image.version="${RENOVATE_VERSION}" \
org.label-schema.version="${RENOVATE_VERSION}"
# Numeric user ID for the ubuntu user. Used to indicate a non-root user to OpenShift
USER 1000