Switch to new build structure

891ea43d · Christoph Weyer · 3d31143c · 891ea43d · 891ea43d · 891ea43d
Commit 891ea43d authored May 20, 2022 by Christoph Weyer
Hide whitespace changes
Inline Side-by-side

Showing with 75 additions and 22 deletions

.env .env +2 -0

Dockerfile Dockerfile +36 -19

Taskfile.yaml Taskfile.yaml +18 -3

entrypoint.sh entrypoint.sh +19 -0

No files found.
--- a/.env
+++ b/.env
 VERSION=v1.0.1

 IMAGE_NAME=tuhh/e-17/weyer/ansiblelint
+
+DOCKER_WORKDIR="/work"
--- a/Dockerfile
+++ b/Dockerfile
@@ -35,39 +35,56 @@ RUN set -eux \

 FROM alpine:3.13.10 as production

+# define ARG variable after FROM
+ARG DOCKER_USER="nonroot"
+ARG DOCKER_HOME="/home/$DOCKER_USER"
+ARG DOCKER_WORKDIR="/work"
+ARG ENTRYPOINT="ansible-lint"
+
 # https://github.com/opencontainers/image-spec/blob/master/annotations.md
 LABEL org.opencontainers.image.title="tuhh/e-17/weyer/ansiblelint"
 LABEL org.opencontainers.image.source="https://collaborating.tuhh.de/e-17/staff/weyer/gitlab/ci-cd/ci-ansible-lint"
 #LABEL org.opencontainers.image.version=""
 #LABEL org.opencontainers.image.commit=""
-LABEL org.opencontainers.image.description="Ansible Lint a Docker image for GitLab CI"
+LABEL org.opencontainers.image.description="Ansible Lint - A Docker image for GitLab CI"
 LABEL org.opencontainers.image.authors="Christoph Weyer <c.weyer@tuhh.de>"

+RUN set -eux && \
+    addgroup "$DOCKER_USER" && \
+    adduser "$DOCKER_USER" -G "$DOCKER_USER" -h "$DOCKER_HOME" -D
+
 # ignore warning about pining version
 # hadolint ignore=DL3018,DL4006
-RUN set -eux \
-  && apk add --no-cache \
-       bash \
-       git \
-       python3 \
-  && ln -sf ansible /usr/bin/ansible-config \
-  && ln -sf ansible /usr/bin/ansible-console \
-  && ln -sf ansible /usr/bin/ansible-doc \
-  && ln -sf ansible /usr/bin/ansible-galaxy \
-  && ln -sf ansible /usr/bin/ansible-inventory \
-  && ln -sf ansible /usr/bin/ansible-playbook \
-  && ln -sf ansible /usr/bin/ansible-pull \
-  && ln -sf ansible /usr/bin/ansible-test \
-  && ln -sf ansible /usr/bin/ansible-vault \
-  && find /usr/lib/ -name '__pycache__' -print0 | xargs -0 -n1 rm -rf \
-  && find /usr/lib/ -name '*.pyc' -print0 | xargs -0 -n1 rm -rf
+RUN set -eux && \
+    apk add --no-cache \
+            bash \
+            git \
+            python3 \
+    && \
+    ln -sf ansible /usr/bin/ansible-config && \
+    ln -sf ansible /usr/bin/ansible-console && \
+    ln -sf ansible /usr/bin/ansible-doc && \
+    ln -sf ansible /usr/bin/ansible-galaxy && \
+    ln -sf ansible /usr/bin/ansible-inventory && \
+    ln -sf ansible /usr/bin/ansible-playbook && \
+    ln -sf ansible /usr/bin/ansible-pull && \
+    ln -sf ansible /usr/bin/ansible-test && \
+    ln -sf ansible /usr/bin/ansible-vault && \
+    find /usr/lib/ -name '__pycache__' -print0 | xargs -0 -n1 rm -rf && \
+    find /usr/lib/ -name '*.pyc' -print0 | xargs -0 -n1 rm -rf

 COPY --from=builder /usr/lib/python3.8/site-packages/ /usr/lib/python3.8/site-packages/
 COPY --from=builder /usr/bin/ansible-lint /usr/bin/ansible-lint
 COPY --from=builder /usr/bin/ansible /usr/bin/ansible
 COPY --from=builder /usr/bin/ansible-connection /usr/bin/ansible-connection

-WORKDIR /data
+USER ${DOCKER_USER}
+
+ENV ENTRYPOINT="${ENTRYPOINT}"
+
+COPY entrypoint.sh /
+
+WORKDIR ${DOCKER_WORKDIR}

-ENTRYPOINT ["ansible-lint"]
+ENTRYPOINT ["/entrypoint.sh"]
 CMD ["--version"]
--- a/Taskfile.yaml
+++ b/Taskfile.yaml
@@ -17,19 +17,34 @@ tasks:
    deps: [lint]
    desc: Build the Docker image
    cmds:
-      - docker build . -t "${IMAGE_NAME}:latest" -t "${IMAGE_NAME}:${VERSION}"
+      - docker build
+               -t "${IMAGE_NAME}:latest"
+               -t "${IMAGE_NAME}:${VERSION}"
+               .
+
+  test:
+    deps: [build]
+    desc: Show version of installed tool inside Docker container
+    cmds:
+      - docker run --rm "${IMAGE_NAME}"

  run:
    deps: [build]
    desc: Run ansible-lint inside Docker container
    cmds:
-      - docker run --rm -v "$(pwd)/testing:/data" "${IMAGE_NAME}" .
+      - docker run --rm
+                   -v "$(pwd)/testing:${DOCKER_WORKDIR}"
+                   "${IMAGE_NAME}"
+                   .

  bash:
    deps: [build]
    desc: Run bash inside Docker container
    cmds:
-      - docker run --rm -it -v "$(pwd)/testing:/data" --entrypoint /bin/bash "${IMAGE_NAME}"
+      - docker run --rm -it
+                   -v "$(pwd)/testing:${DOCKER_WORKDIR}"
+                   "${IMAGE_NAME}"
+                   bash

  tag:
    deps: [lint]

--- a/entrypoint.sh
+++ b/entrypoint.sh
+#!/bin/sh
+
+set -e
+### debugging
+#echo "$@"
+#set -ux
+
+# run the entrypoint if one of the following conditions is true:
+#  * the first parameter is an option (it begins with an '-')
+#  * the first parameter is not a command found in PATH (i.e. "bash")
+#  * the first parameter is a directory
+#
+if [ "${1#-}" != "${1}" ] || [ ! -x "$(command -v "${1}")" ] || [ -d "${1}" ]
+then
+  # reset the script parameters to the following commands
+  set -- "${ENTRYPOINT}" "$@"
+fi
+
+exec "$@"