Skip to content

Commit ff72fdd

Browse files
joecoralljoecorall
committed
hadolint
1 parent 9f7dfb5 commit ff72fdd

2 files changed

Lines changed: 87 additions & 78 deletions

File tree

.github/workflows/push.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,10 @@ jobs:
99
steps:
1010
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
1111
- run: shellcheck *.sh
12+
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
13+
with:
14+
dockerfile: Dockerfile
15+
verbose: true
1216
push:
1317
needs: [lint]
1418
uses: libops/.github/.github/workflows/build-push-ghcr.yaml@main

Dockerfile

Lines changed: 83 additions & 78 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,68 @@
1-
FROM node:24@sha256:aa648b387728c25f81ff811799bbf8de39df66d7e2d9b3ab55cc6300cb9175d9
1+
FROM node:24-trixie@sha256:1501d5fd51032aa10701a7dcc9e6c72ab1e611a033ffcf08b6d5882e9165f63e
22

33
ARG TZ
44
ENV TZ="$TZ"
55

6-
# install go
7-
WORKDIR /go
8-
COPY download.sh /usr/local/bin
6+
RUN mkdir -p /usr/local/share/npm-global && \
7+
chown -R node:node /usr/local/share && \
8+
mkdir -p /workspace /home/node/.claude && \
9+
chown -R node:node /workspace /home/node/.claude
10+
11+
WORKDIR /workspace
12+
13+
USER node
14+
ENV \
15+
NPM_CONFIG_PREFIX=/usr/local/share/npm-global \
16+
PATH=$PATH:/usr/local/share/npm-global/bin \
17+
SHELL=/bin/bash \
18+
EDITOR=vim
19+
920
ARG \
10-
TARGETARCH=amd64 \
21+
# renovate: datasource=npm depName=@anthropic-ai/claude-code
22+
CLAUDE_CLI_VERSION=v2.0.60 \
23+
# renovate: datasource=npm depName=@google/gemini-cli
24+
GEMINI_CLI_VERSION=v0.19.4
25+
26+
RUN npm install -g "@anthropic-ai/claude-code@$CLAUDE_CLI_VERSION" && \
27+
npm install -g "@google/gemini-cli@$GEMINI_CLI_VERSION"
28+
29+
USER root
30+
ARG \
31+
TARGETARCH \
32+
# renovate: datasource=repology depName=debian_13/aggregate
33+
AGGREGATE_VERSION=1.6-8 \
34+
# renovate: datasource=repology depName=debian_13/bind9
35+
BIND9_VERSION=1:9.20.15-1~deb13u1 \
36+
# renovate: datasource=repology depName=debian_13/fzf
37+
FZF_VERSION=0.60.3-1+b2 \
38+
# renovate: datasource=repology depName=debian_13/gh
39+
GH_VERSION=2.46.0-3 \
40+
# renovate: datasource=repology depName=debian_13/git
41+
GIT_VERSION=1:2.47.3-0+deb13u1 \
42+
# renovate: datasource=repology depName=debian_13/gnupg2
43+
GNUPG2_VERSION=2.4.7-21 \
44+
# renovate: datasource=repology depName=debian_13/iproute2
45+
IPROUTE2_VERSION=6.15.0-1 \
46+
# renovate: datasource=repology depName=debian_13/ipset
47+
IPSET_VERSION=7.22-1+b1 \
48+
# renovate: datasource=repology depName=debian_13/iptables
49+
IPTABLES_VERSION=1.8.11-2 \
50+
# renovate: datasource=repology depName=debian_13/jq
51+
JQ_VERSION=1.7.1-6+deb13u1 \
52+
# renovate: datasource=repology depName=debian_13/less
53+
LESS_VERSION=668-1 \
54+
# renovate: datasource=repology depName=debian_13/make-dfsg
55+
MAKE_VERSION=4.4.1-2 \
56+
# renovate: datasource=repology depName=debian_13/man-db
57+
MAN_DB_VERSION=2.13.1-1 \
58+
# renovate: datasource=repology depName=debian_13/procps
59+
PROCPS_VERSION=2:4.0.4-9 \
60+
# renovate: datasource=repology depName=debian_13/sudo
61+
SUDO_VERSION=1.9.16p2-3 \
62+
# renovate: datasource=repology depName=debian_13/unzip
63+
UNZIP_VERSION=6.0-29 \
64+
# renovate: datasource=repology depName=debian_13/vim
65+
VIM_VERSION=2:9.1.1230-2 \
1166
# renovate: datasource=github-tags depName=golang packageName=golang/go versioning=go-mod-directive
1267
GO_VERSION=go1.25.3 \
1368
GO_BASE_URL="https://go.dev/dl/${GO_VERSION}" \
@@ -16,6 +71,27 @@ ARG \
1671
GO_ARM64=linux-arm64.tar.gz \
1772
GO_ARM64_SHA256="1d42ebc84999b5e2069f5e31b67d6fc5d67308adad3e178d5a2ee2c9ff2001f5"
1873

74+
RUN apt-get update && apt-get install -y --no-install-recommends \
75+
aggregate="${AGGREGATE_VERSION}" \
76+
bind9-dnsutils="${BIND9_VERSION}" \
77+
fzf="${FZF_VERSION}" \
78+
gh="${GH_VERSION}" \
79+
git="${GIT_VERSION}" \
80+
gnupg2="${GNUPG2_VERSION}" \
81+
iproute2="${IPROUTE2_VERSION}" \
82+
ipset="${IPSET_VERSION}" \
83+
iptables="${IPTABLES_VERSION}" \
84+
jq="${JQ_VERSION}" \
85+
less="${LESS_VERSION}" \
86+
make="${MAKE_VERSION}" \
87+
man-db="${MAN_DB_VERSION}" \
88+
procps="${PROCPS_VERSION}" \
89+
sudo="${SUDO_VERSION}" \
90+
unzip="${UNZIP_VERSION}" \
91+
vim="${VIM_VERSION}" \
92+
&& apt-get clean && rm -rf /var/lib/apt/lists/*
93+
94+
COPY download.sh /usr/local/bin
1995
RUN --mount=type=cache,id=base-downloads-${TARGETARCH},sharing=locked,target=/opt/downloads \
2096
if [ "${TARGETARCH}" = "amd64" ]; \
2197
then \
@@ -30,82 +106,11 @@ RUN --mount=type=cache,id=base-downloads-${TARGETARCH},sharing=locked,target=/op
30106
--dest /usr/local ; \
31107
fi
32108

33-
34-
# Install basic development tools and iptables/ipset
35-
RUN apt-get update && apt-get install -y --no-install-recommends \
36-
less \
37-
git \
38-
procps \
39-
sudo \
40-
fzf \
41-
zsh \
42-
man-db \
43-
unzip \
44-
gnupg2 \
45-
gh \
46-
iptables \
47-
ipset \
48-
iproute2 \
49-
dnsutils \
50-
aggregate \
51-
jq \
52-
nano \
53-
vim \
54-
make \
55-
&& apt-get clean && rm -rf /var/lib/apt/lists/*
56-
57-
# Ensure default node user has access to /usr/local/share
58-
RUN mkdir -p /usr/local/share/npm-global && \
59-
chown -R node:node /usr/local/share && \
60-
mkdir -p /workspace /home/node/.claude && \
61-
chown -R node:node /workspace /home/node/.claude
62-
63-
WORKDIR /workspace
64-
65-
ARG GIT_DELTA_VERSION=0.18.2
66-
RUN ARCH=$(dpkg --print-architecture) && \
67-
wget --progress=dot:giga "https://github.com/dandavison/delta/releases/download/${GIT_DELTA_VERSION}/git-delta_${GIT_DELTA_VERSION}_${ARCH}.deb" && \
68-
dpkg -i "git-delta_${GIT_DELTA_VERSION}_${ARCH}.deb" && \
69-
rm "git-delta_${GIT_DELTA_VERSION}_${ARCH}.deb"
70-
71-
# Set up non-root user
72-
USER node
73-
74-
# Install global packages
75-
ENV NPM_CONFIG_PREFIX=/usr/local/share/npm-global
76-
ENV PATH=$PATH:/usr/local/share/npm-global/bin
77-
78-
# Set the default shell to zsh rather than sh
79-
ENV SHELL=/bin/zsh
80-
81-
# Set the default editor and visual
82-
ENV EDITOR=nano
83-
ENV VISUAL=nano
84-
85-
# Default powerline10k theme
86-
ARG ZSH_IN_DOCKER_VERSION=1.2.0
87-
RUN sh -c "$(wget --progress=dot:giga -O- https://github.com/deluan/zsh-in-docker/releases/download/v${ZSH_IN_DOCKER_VERSION}/zsh-in-docker.sh)" -- \
88-
-p git \
89-
-p fzf \
90-
-a "source /usr/share/doc/fzf/examples/key-bindings.zsh" \
91-
-a "source /usr/share/doc/fzf/examples/completion.zsh" \
92-
-a "export PROMPT_COMMAND='history -a' && export HISTFILE=/commandhistory/.bash_history" \
93-
-x
94-
95-
ARG \
96-
# renovate: datasource=npm depName=@anthropic-ai/claude-code
97-
CLAUDE_CLI_VERSION=v2.0.60 \
98-
# renovate: datasource=npm depName=@google/gemini-cli
99-
GEMINI_CLI_VERSION=v0.19.4
100-
RUN npm install -g @anthropic-ai/claude-code@$CLAUDE_CLI_VERSION
101-
RUN npm install -g @google/gemini-cli@$GEMINI_CLI_VERSION
102-
103-
# Copy and set up firewall script
104-
COPY init-firewall.sh /usr/local/bin/
105-
USER root
109+
COPY --chown=node init-firewall.sh /usr/local/bin/
106110
RUN chmod +x /usr/local/bin/init-firewall.sh && \
107111
echo "node ALL=(root) NOPASSWD: /usr/local/bin/init-firewall.sh" > /etc/sudoers.d/node-firewall && \
108112
chmod 0440 /etc/sudoers.d/node-firewall
113+
109114
USER node
110115
ENV \
111116
NODE_OPTIONS="--max-old-space-size=4096" \

0 commit comments

Comments
 (0)