-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathkonflux.Dockerfile
More file actions
73 lines (54 loc) · 2.64 KB
/
konflux.Dockerfile
File metadata and controls
73 lines (54 loc) · 2.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
FROM registry.redhat.io/rhel9/postgresql-15:latest@sha256:cba1417b7e8a5b55289aa951c48dc940c72ebea5380045f32cd8faba41937f9b AS scanner-db-common
ARG SCANNER_TAG
RUN if [[ "$SCANNER_TAG" == "" ]]; then >&2 echo "error: required SCANNER_TAG arg is unset"; exit 6; fi
LABEL \
com.redhat.license_terms="https://www.redhat.com/agreements" \
description="Scanner Database Image for Red Hat Advanced Cluster Security for Kubernetes" \
io.k8s.description="Scanner Database Image for Red Hat Advanced Cluster Security for Kubernetes" \
io.openshift.tags="rhacs,scanner-db,stackrox" \
maintainer="Red Hat, Inc." \
# Custom Snapshot creation in `operator-bundle-pipeline` depends on source-location label to be set correctly.
source-location="https://github.com/stackrox/scanner" \
summary="Scanner DB for Red Hat Advanced Cluster Security for Kubernetes" \
url="https://catalog.redhat.com/software/container-stacks/detail/60eefc88ee05ae7c5b8f041c" \
# We must set version label to prevent inheriting value set in the base stage.
version="${SCANNER_TAG}" \
# Release label is required by EC although has no practical semantics.
# We also set it to not inherit one from a base stage in case it's RHEL or UBI.
release="1"
USER root
COPY image/db/pg_hba.conf \
image/db/postgresql.conf \
/etc/
COPY image/db/rhel/scripts/docker-entrypoint.sh \
/usr/local/bin/
COPY LICENSE /licenses/LICENSE
RUN localedef -f UTF-8 -i en_US en_US.UTF-8 && \
mkdir -p /var/lib/postgresql && \
groupmod -g 70 postgres && \
usermod -u 70 postgres -d /var/lib/postgresql && \
chown -R postgres:postgres /var/lib/postgresql && \
chown -R postgres:postgres /var/run/postgresql && \
dnf clean all && \
rpm --verbose -e --nodeps $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*') && \
rm -rf /var/cache/dnf /var/cache/yum && \
mkdir /docker-entrypoint-initdb.d
ENV PG_MAJOR=15 \
PGDATA="/var/lib/postgresql/data/pgdata"
ENTRYPOINT ["docker-entrypoint.sh"]
EXPOSE 5432
CMD ["postgres", "-c", "config_file=/etc/postgresql.conf"]
USER 70:70
FROM scanner-db-common AS scanner-db-slim
LABEL \
com.redhat.component="rhacs-scanner-db-slim-container" \
io.k8s.display-name="scanner-db-slim" \
name="advanced-cluster-security/rhacs-scanner-db-slim-rhel9"
ENV ROX_SLIM_MODE="true"
FROM scanner-db-common AS scanner-db
LABEL \
com.redhat.component="rhacs-scanner-db-container" \
io.k8s.display-name="scanner-db" \
name="advanced-cluster-security/rhacs-scanner-db-rhel9"
COPY --chown=0:0 .konflux/scanner-data/blob-pg-definitions.sql.gz \
/docker-entrypoint-initdb.d/definitions.sql.gz