-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
104 lines (90 loc) · 3.19 KB
/
Dockerfile
File metadata and controls
104 lines (90 loc) · 3.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# syntax=docker/dockerfile:1.24
FROM alpine:3.23.4 AS builder
# BuildKit automatically provides the target architecture for multi-platform builds.
ARG TARGETARCH
# renovate: datasource=github-tags depName=openSUSE/catatonit extractVersion=^v(?<version>.*)$
ARG CATATONIT_VERSION=0.2.1
# renovate: datasource=github-releases depName=mikefarah/yq extractVersion=^v(?<version>.*)$
ARG YQ_VERSION=4.53.2
# yq
RUN case "${TARGETARCH}" in \
amd64) yq_arch='amd64' ;; \
arm64) yq_arch='arm64' ;; \
*) echo "Unsupported TARGETARCH for yq: ${TARGETARCH}" >&2; exit 1 ;; \
esac \
&& wget -O /usr/local/bin/yq \
"https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_${yq_arch}" \
&& chmod +x /usr/local/bin/yq
RUN apk add --no-cache \
autoconf \
automake \
build-base \
libtool \
xz \
&& mkdir -p /tmp/catatonit \
&& wget -O /tmp/catatonit/catatonit.tar.xz \
"https://github.com/openSUSE/catatonit/releases/download/v${CATATONIT_VERSION}/catatonit.tar.xz" \
&& tar -xJf /tmp/catatonit/catatonit.tar.xz -C /tmp/catatonit --strip-components=1 \
&& cd /tmp/catatonit \
&& ./autogen.sh \
&& ./configure \
&& make \
&& install -m 0755 catatonit /usr/local/bin/catatonit
FROM alpine:3.23.4
# alpine-package: name=bash repo=main
ARG BASH_VERSION=5.3.3-r1
# alpine-package: name=bind-tools repo=main
ARG BIND_TOOLS_VERSION=9.20.22-r0
# alpine-package: name=coreutils repo=main
ARG COREUTILS_VERSION=9.8-r1
# alpine-package: name=curl repo=main
ARG CURL_VERSION=8.19.0-r0
# alpine-package: name=gettext repo=main
ARG GETTEXT_VERSION=0.24.1-r1
# alpine-package: name=git repo=main
ARG GIT_VERSION=2.52.0-r0
# alpine-package: name=inetutils-telnet repo=community
ARG INETUTILS_VERSION=2.6-r0
# alpine-package: name=jq repo=main
ARG JQ_VERSION=1.8.1-r0
# alpine-package: name=openssl repo=main
ARG OPENSSL_VERSION=3.5.6-r0
# alpine-package: name=tzdata repo=main
ARG TZDATA_VERSION=2026b-r0
# alpine-package: name=xmlstarlet repo=community
ARG XMLSTARLET_VERSION=1.6.1-r2
# alpine-package: name=rsync repo=main
ARG RSYNC_VERSION=3.4.2-r0
RUN apk add --no-cache \
bash==${BASH_VERSION} \
bind-tools==${BIND_TOOLS_VERSION} \
coreutils==${COREUTILS_VERSION} \
curl==${CURL_VERSION} \
gettext==${GETTEXT_VERSION} \
git==${GIT_VERSION} \
inetutils-telnet==${INETUTILS_VERSION} \
jq==${JQ_VERSION} \
openssl==${OPENSSL_VERSION} \
rsync==${RSYNC_VERSION} \
tzdata==${TZDATA_VERSION} \
xmlstarlet==${XMLSTARLET_VERSION}
# yq
COPY --from=builder /usr/local/bin/yq /usr/local/bin/yq
# catatonit (tiny init)
COPY --from=builder /usr/local/bin/catatonit /usr/bin/catatonit
# ---- Runtime identity is chosen at build time ----
# default = non-root user 10001 with group 0 (OpenShift-friendly)
ARG RUNTIME_USER=10001
ARG RUNTIME_GROUP=0
# Writable work dir that works for both fixed UID and OpenShift arbitrary UID
ENV APP_HOME=/work
RUN mkdir -p "${APP_HOME}" \
&& chown -R ${RUNTIME_USER}:${RUNTIME_GROUP} "${APP_HOME}" \
&& chmod -R g=u "${APP_HOME}"
WORKDIR ${APP_HOME}
# Switch user (numeric IDs; no passwd entry required)
USER ${RUNTIME_USER}:${RUNTIME_GROUP}
STOPSIGNAL SIGTERM
ENTRYPOINT ["/usr/bin/catatonit", "--"]
# Replace with your real process if needed
CMD ["sleep", "infinity"]