generated from ministryofjustice/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile
379 lines (284 loc) · 12.9 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
#checkov:skip=CKV_DOCKER_2: HEALTHCHECK not required - Health checks are implemented downstream of this image
FROM public.ecr.aws/ubuntu/ubuntu@sha256:da20fb875cfefd317c49e7aaf3998d3e5ad42c5b20f34a0eec6dca2fe4fbb8f4
LABEL org.opencontainers.image.vendor="Ministry of Justice" \
org.opencontainers.image.authors="Analytical Platform (analytical-platform@digital.justice.gov.uk)" \
org.opencontainers.image.title="Cloud Development Environment Base" \
org.opencontainers.image.description="Cloud Development Environment base image for Analytical Platform" \
org.opencontainers.image.url="https://github.com/ministryofjustice/analytical-platform-cloud-development-environment-base"
ENV CONTAINER_USER="analyticalplatform" \
CONTAINER_UID="1000" \
CONTAINER_GROUP="analyticalplatform" \
CONTAINER_GID="1000" \
ANALYTICAL_PLATFORM_DIRECTORY="/opt/analytical-platform" \
DEBIAN_FRONTEND="noninteractive" \
PIP_BREAK_SYSTEM_PACKAGES="1" \
AWS_CLI_VERSION="2.23.3" \
AWS_SSO_CLI_VERSION="1.17.0" \
MINICONDA_VERSION="24.11.1-0" \
MINICONDA_SHA256="636b209b00b6673471f846581829d4b96b9c3378679925a59a584257c3fef5a3" \
NODE_LTS_VERSION="22.13.1" \
CORRETTO_VERSION="1:21.0.6.7-1" \
DOTNET_SDK_VERSION="8.0.112-0ubuntu1~24.04.1" \
R_VERSION="4.4.2-1.2404.0" \
OLLAMA_VERSION="0.5.7" \
KUBECTL_VERSION="1.29.12" \
HELM_VERSION="3.16.4" \
CLOUD_PLATFORM_CLI_VERSION="1.37.14" \
MICROSOFT_SQL_ODBC_VERSION="18.4.1.1-1" \
MICROSOFT_SQL_TOOLS_VERSION="18.4.1.1-1" \
NBSTRIPOUT_VERSION="0.8.1" \
CUDA_VERSION="12.6.3" \
NVIDIA_DISABLE_REQUIRE="true" \
NVIDIA_CUDA_CUDART_VERSION="12.6.77-1" \
NVIDIA_CUDA_COMPAT_VERSION="560.35.05-0ubuntu1" \
NVIDIA_VISIBLE_DEVICES="all" \
NVIDIA_DRIVER_CAPABILITIES="compute,utility" \
LD_LIBRARY_PATH="/usr/local/nvidia/lib:/usr/local/nvidia/lib64" \
PATH="/usr/local/nvidia/bin:/usr/local/cuda/bin:/opt/conda/bin:/home/analyticalplatform/.local/bin:/opt/mssql-tools18/bin:${PATH}"
# renovate: release=noble depName=apt-transport-https
ENV APT_TRANSPORT_HTTPS_VERSION="2.7.14build2"
# renovate: release=noble depName=ca-certificates
ENV CA_CERTIFICATES_VERSION="20240203"
# renovate: release=noble-updates depName=curl
ENV CURL_VERSION="8.5.0-2ubuntu10.6"
# renovate: release=noble-updates depName=git
ENV GIT_VERSION="1:2.43.0-1ubuntu7.2"
# renovate: release=noble depName=ffmpeg
ENV FFMPEG_VERSION="7:6.1.1-3ubuntu5"
# renovate: release=noble depName=jq
ENV JQ_VERSION="1.7.1-3build1"
# renovate: release=noble depName=mandoc
ENV MANDOC_VERSION="1.14.6-1"
# renovate: release=noble-updates depName=less
ENV LESS_VERSION="590-2ubuntu2.1"
# renovate: release=noble-updates depName=python3.12
ENV PYTHON3_12_VERSION="3.12.3-1ubuntu0.4"
# renovate: release=noble-updates depName=python3-pip
ENV PYTHON3_PIP_VERSION="24.0+dfsg-1ubuntu1.1"
# renovate: release=noble-updates depName=vim
ENV VIM_VERSION="2:9.1.0016-1ubuntu7.6"
# renovate: release=noble-updates depName=unixodbc
ENV UNIXODBC_VERSION="2.3.12-1ubuntu0.24.04.1"
# renovate: release=noble-updates depName=unzip
ENV UNZIP_VERSION="6.0-28ubuntu4.1"
SHELL ["/bin/bash", "-e", "-u", "-o", "pipefail", "-c"]
# User Configuration
# The "ubuntu" user is removed as it uses uid 1000, however we use uid 1000 to map home directories to EFS
RUN <<EOF
userdel --remove --force ubuntu
groupadd \
--gid ${CONTAINER_GID} \
${CONTAINER_GROUP}
useradd \
--uid ${CONTAINER_UID} \
--gid ${CONTAINER_GROUP} \
--create-home \
--shell /bin/bash \
${CONTAINER_USER}
EOF
# Base Configuration
# Install a base set of packages and create the Analytical Platform directory
RUN <<EOF
apt-get update --yes
apt-get install --yes \
"apt-transport-https=${APT_TRANSPORT_HTTPS_VERSION}" \
"ca-certificates=${CA_CERTIFICATES_VERSION}" \
"curl=${CURL_VERSION}" \
"git=${GIT_VERSION}" \
"ffmpeg=${FFMPEG_VERSION}" \
"jq=${JQ_VERSION}" \
"mandoc=${MANDOC_VERSION}" \
"less=${LESS_VERSION}" \
"python3.12=${PYTHON3_12_VERSION}" \
"python3-pip=${PYTHON3_PIP_VERSION}" \
"vim=${VIM_VERSION}" \
"unixodbc=${UNIXODBC_VERSION}" \
"unzip=${UNZIP_VERSION}"
apt-get clean --yes
rm --force --recursive /var/lib/apt/lists/*
install --directory --owner "${CONTAINER_USER}" --group "${CONTAINER_GROUP}" --mode 0755 "${ANALYTICAL_PLATFORM_DIRECTORY}"
EOF
# Init Configuration
# Copies init scripts to the Analytical Platform directory for use in entrypoints
COPY --chown="${CONTAINER_USER}:${CONTAINER_GROUP}" --chmod=755 src${ANALYTICAL_PLATFORM_DIRECTORY}/init ${ANALYTICAL_PLATFORM_DIRECTORY}/init
# Backup Bash Configuration
# Back up the default Bash configuration files so they can be restored later if needed
# When a tool launches for the first time mounted on EFS /home/${CONTAINER_USER} will be empty
RUN <<EOF
install --directory --owner "${CONTAINER_USER}" --group "${CONTAINER_GROUP}" --mode 0755 "${ANALYTICAL_PLATFORM_DIRECTORY}/bash-backup"
install --owner="${CONTAINER_USER}" --group="${CONTAINER_GROUP}" --mode=0644 "/home/${CONTAINER_USER}/.bashrc" "${ANALYTICAL_PLATFORM_DIRECTORY}/bash-backup/.bashrc"
install --owner="${CONTAINER_USER}" --group="${CONTAINER_GROUP}" --mode=0644 "/home/${CONTAINER_USER}/.bash_logout" "${ANALYTICAL_PLATFORM_DIRECTORY}/bash-backup/.bash_logout"
install --owner="${CONTAINER_USER}" --group="${CONTAINER_GROUP}" --mode=0644 "/home/${CONTAINER_USER}/.profile" "${ANALYTICAL_PLATFORM_DIRECTORY}/bash-backup/.profile"
EOF
# First Run Notice
# Copies a generic first-run-notice to the Analytical Platform directory and adds a snippet to the bash configuration to execute if using a valid terminal
COPY --chown="${CONTAINER_USER}:${CONTAINER_GROUP}" --chmod=0644 src${ANALYTICAL_PLATFORM_DIRECTORY}/first-run-notice.txt ${ANALYTICAL_PLATFORM_DIRECTORY}/first-run-notice.txt
COPY src/etc/bash.bashrc.snippet /etc/bash.bashrc.snippet
RUN <<EOF
cat /etc/bash.bashrc.snippet >> /etc/bash.bashrc
EOF
# AWS CLI
# Installs AWS CLI (https://aws.amazon.com/cli/)
COPY --chown=nobody:nogroup --chmod=0644 src/opt/aws-cli/aws-cli@amazon.com.asc /opt/aws-cli/aws-cli@amazon.com.asc
RUN <<EOF
gpg --import /opt/aws-cli/aws-cli@amazon.com.asc
curl --location --fail-with-body \
"https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWS_CLI_VERSION}.zip.sig" \
--output "awscliv2.sig"
curl --location --fail-with-body \
"https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWS_CLI_VERSION}.zip" \
--output "awscliv2.zip"
gpg --verify awscliv2.sig awscliv2.zip
unzip awscliv2.zip
./aws/install
rm --force --recursive awscliv2.sig awscliv2.zip aws
EOF
# AWS SSO CLI
# Installs AWS SSO CLI (https://github.com/synfinatic/aws-sso-cli)
COPY --chown="${CONTAINER_USER}:${CONTAINER_GROUP}" --chmod=0644 src${ANALYTICAL_PLATFORM_DIRECTORY}/aws-sso/config.yaml ${ANALYTICAL_PLATFORM_DIRECTORY}/aws-sso/config.yaml
# TODO: @jacobwoffenden - How do we make this persistent in the runtime environment?
ENV AWS_SSO_FILE_PASSWORD="analyticalplatform"
RUN <<EOF
curl --location --fail-with-body \
"https://github.com/synfinatic/aws-sso-cli/releases/download/v${AWS_SSO_CLI_VERSION}/aws-sso-${AWS_SSO_CLI_VERSION}-linux-amd64" \
--output "aws-sso"
install --owner nobody --group nogroup --mode 0755 aws-sso /usr/local/bin/aws-sso
rm --force aws-sso
EOF
# Miniconda
# Installs Miniconda (https://docs.anaconda.com/miniconda/)
RUN <<EOF
curl --location --fail-with-body \
"https://repo.anaconda.com/miniconda/Miniconda3-py312_${MINICONDA_VERSION}-Linux-x86_64.sh" \
--output "miniconda.sh"
echo "${MINICONDA_SHA256} miniconda.sh" | sha256sum --check
bash miniconda.sh -b -p /opt/conda
chown --recursive "${CONTAINER_USER}":"${CONTAINER_GROUP}" /opt/conda
rm --force miniconda.sh
EOF
# nbstripout
# Installs nbstripout (https://github.com/kynan/nbstripout)
RUN <<EOF
pip install --no-cache-dir "nbstripout==${NBSTRIPOUT_VERSION}"
nbstripout --install --system
EOF
# Node.js LTS
# Install Node.js LTS (https://nodejs.org/)
RUN <<EOF
curl --location --fail-with-body \
"https://deb.nodesource.com/setup_lts.x" \
--output "node.sh"
bash node.sh
apt-get install --yes "nodejs=${NODE_LTS_VERSION}-1nodesource1"
apt-get clean --yes
rm --force --recursive /var/lib/apt/lists/* node.sh
EOF
# Amazon Corretto
# Install Amazon Corretto (https://aws.amazon.com/corretto/)
RUN <<EOF
curl --location --fail-with-body \
"https://apt.corretto.aws/corretto.key" \
--output corretto.key
cat corretto.key | gpg --dearmor --output corretto-keyring.gpg
install -D --owner root --group root --mode 644 corretto-keyring.gpg /etc/apt/keyrings/corretto-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/corretto-keyring.gpg] https://apt.corretto.aws stable main" > /etc/apt/sources.list.d/corretto.list
apt-get update --yes
apt-get install --yes "java-21-amazon-corretto-jdk=${CORRETTO_VERSION}"
apt-get clean --yes
rm --force --recursive /var/lib/apt/lists/* corretto-keyring.gpg corretto.key
EOF
# .NET SDK
# Install .NET SDK (https://dotnet.microsoft.com/)
RUN <<EOF
apt-get update --yes
apt-get install --yes "dotnet-sdk-8.0=${DOTNET_SDK_VERSION}"
apt-get clean --yes
rm --force --recursive /var/lib/apt/lists/*
EOF
# R
# Install R (https://www.r-project.org/)
RUN <<EOF
curl --location --fail-with-body \
"https://cloud.r-project.org/bin/linux/ubuntu/marutter_pubkey.asc" \
--output "marutter_pubkey.asc"
cat marutter_pubkey.asc | gpg --dearmor --output marutter_pubkey.gpg
install -D --owner root --group root --mode 644 marutter_pubkey.gpg /etc/apt/keyrings/marutter_pubkey.gpg
echo "deb [signed-by=/etc/apt/keyrings/marutter_pubkey.gpg] https://cloud.r-project.org/bin/linux/ubuntu noble-cran40/" > /etc/apt/sources.list.d/cran.list
apt-get update --yes
apt-get install --yes "r-base=${R_VERSION}"
apt-get clean --yes
rm --force --recursive /var/lib/apt/lists/* marutter_pubkey.asc marutter_pubkey.gpg
EOF
# Ollama
RUN <<EOF
curl --location --fail-with-body \
"https://github.com/ollama/ollama/releases/download/v${OLLAMA_VERSION}/ollama-linux-amd64.tgz" \
--output ollama-linux-amd64.tgz
curl --location --fail-with-body \
"https://github.com/ollama/ollama/releases/download/v${OLLAMA_VERSION}/sha256sum.txt" \
--output ollama-sha256sum.txt
sha256sum --check --ignore-missing ollama-sha256sum.txt
tar -C /usr -xzf ollama-linux-amd64.tgz
rm --force --recursive ollama-linux-amd64.tgz ollama-sha256sum.txt
EOF
# NVIDIA CUDA
# Installs NVIDIA drivers
RUN <<EOF
curl --location --fail-with-body \
"https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/x86_64/3bf863cc.pub" \
--output "3bf863cc.pub"
cat 3bf863cc.pub | gpg --dearmor --output nvidia.gpg
install -D --owner root --group root --mode 644 nvidia.gpg /etc/apt/keyrings/nvidia.gpg
echo "deb [signed-by=/etc/apt/keyrings/nvidia.gpg] https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/x86_64 /" > /etc/apt/sources.list.d/cuda.list
apt-get update --yes
apt-get install --yes \
"cuda-cudart-12-6=${NVIDIA_CUDA_CUDART_VERSION}" \
"cuda-compat-12-6=${NVIDIA_CUDA_COMPAT_VERSION}"
echo "/usr/local/nvidia/lib" >> /etc/ld.so.conf.d/nvidia.conf
echo "/usr/local/nvidia/lib64" >> /etc/ld.so.conf.d/nvidia.conf
apt-get clean --yes
rm --force --recursive /var/lib/apt/lists/* 3bf863cc.pub nvidia.gpg
EOF
# Kubernetes CLI
RUN <<EOF
curl --location --fail-with-body \
"https://dl.k8s.io/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl" \
--output "kubectl"
install --owner nobody --group nogroup --mode 0755 kubectl /usr/local/bin/kubectl
rm --force kubectl
EOF
# Helm
RUN <<EOF
curl --location --fail-with-body \
"https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" \
--output "helm.tar.gz"
tar --extract --file "helm.tar.gz"
install --owner nobody --group nogroup --mode 0755 linux-amd64/helm /usr/local/bin/helm
rm --force --recursive linux-amd64 helm.tar.gz
EOF
# Cloud Platform CLI
RUN <<EOF
curl --location --fail-with-body \
"https://github.com/ministryofjustice/cloud-platform-cli/releases/download/${CLOUD_PLATFORM_CLI_VERSION}/cloud-platform-cli_${CLOUD_PLATFORM_CLI_VERSION}_linux_amd64.tar.gz" \
--output "cloud-platform-cli.tar.gz"
tar --extract --file cloud-platform-cli.tar.gz
install --owner nobody --group nogroup --mode 0755 cloud-platform /usr/local/bin/cloud-platform
rm --force --recursive cloud-platform LICENSE README.md completions cloud-platform-cli.tar.gz
EOF
# Microsoft SQL ODBC and Tools
RUN <<EOF
curl --location --fail-with-body \
"https://packages.microsoft.com/keys/microsoft.asc" \
--output microsoft.asc
cat microsoft.asc | gpg --dearmor --output microsoft-prod.gpg
install -D --owner root --group root --mode 644 microsoft-prod.gpg /usr/share/keyrings/microsoft-prod.gpg
echo "deb [arch=amd64,arm64,armhf signed-by=/usr/share/keyrings/microsoft-prod.gpg] https://packages.microsoft.com/ubuntu/24.04/prod noble main" > /etc/apt/sources.list.d/mssql-release.list
apt-get update --yes
ACCEPT_EULA=Y apt-get install --yes \
"msodbcsql18=${MICROSOFT_SQL_ODBC_VERSION}" \
"mssql-tools18=${MICROSOFT_SQL_TOOLS_VERSION}"
apt-get clean --yes
rm --force --recursive /var/lib/apt/lists/* microsoft.asc microsoft-prod.gpg
EOF
USER ${CONTAINER_USER}
WORKDIR /home/${CONTAINER_USER}