|
| 1 | +# strip-tags: gnu |
| 2 | +# append-tags: gcc |
| 3 | + |
| 4 | +FROM eclipse-temurin:22-jammy AS jruby-10.0.0.1-jre22 |
| 5 | + |
| 6 | +# A few RUN actions in Dockerfiles are subject to uncontrollable outside |
| 7 | +# variability: an identical command would be the same from `docker build`'s |
| 8 | +# point of view but does not indicate the result would be identical at |
| 9 | +# different points in time. |
| 10 | +# |
| 11 | +# This causes two possible issues: |
| 12 | +# |
| 13 | +# - one wants to capture a new state and so wants the identical |
| 14 | +# non-reproducible command to produce a new result. This could be achieved |
| 15 | +# with --no-cache but this affects every single operation in a Dockerfile |
| 16 | +# - one wants to identify a specific state and leverage caching at that |
| 17 | +# specific state. |
| 18 | +# |
| 19 | +# To that end a BUILD_ARG is introduced to capture an arbitrary identifier of |
| 20 | +# that state (typically time) that is introduced in non-reproducible commands |
| 21 | +# to make them appear different to Docker. |
| 22 | +# |
| 23 | +# Of course it only works when caching data is available: two independent |
| 24 | +# builds with the same value and no cache shared would produce different |
| 25 | +# results. |
| 26 | +ARG REPRO_RUN_KEY=0 |
| 27 | + |
| 28 | +# Configure apt retries to improve automation reliability |
| 29 | +RUN echo 'Acquire::Retries "3";' > /etc/apt/apt.conf.d/80-retries |
| 30 | + |
| 31 | +# `apt-get update` is uncontrolled and fetches whatever is today's index. |
| 32 | +# For the sake of reproducibility subsequent steps (including in dependent |
| 33 | +# images) should not do `apt-get update`, instead this base image should be |
| 34 | +# updated by changing the `REPRO_RUN_KEY`. |
| 35 | +RUN true "${REPRO_RUN_KEY}" && apt-get update |
| 36 | + |
| 37 | +# Install system dependencies for building |
| 38 | +RUN apt-get install -y libc6-dev build-essential git locales tzdata curl --no-install-recommends && rm -rf /var/lib/apt/lists/* |
| 39 | + |
| 40 | +# Ensure sane locale (`eclipse-temurin` already updated `/etc/locale.gen` for `en_US.UTF-8`) |
| 41 | +ENV LANG en_US.UTF-8 |
| 42 | +ENV LANGUAGE en_US:en |
| 43 | + |
| 44 | +# Ensure consistent timezone |
| 45 | +RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime |
| 46 | + |
| 47 | +# Install JRuby, pinned for reproducibility |
| 48 | +ENV JRUBY_VERSION 10.0.2.0 |
| 49 | +ENV JRUBY_SHA256 b8a026f38aa98461a04ed0aa0b20891ce257ecbe53e124719ce9ee5b804525f1 |
| 50 | +RUN mkdir /opt/jruby \ |
| 51 | + && curl -fSL https://repo1.maven.org/maven2/org/jruby/jruby-dist/${JRUBY_VERSION}/jruby-dist-${JRUBY_VERSION}-bin.tar.gz -o /tmp/jruby.tar.gz \ |
| 52 | + && echo "$JRUBY_SHA256 /tmp/jruby.tar.gz" | sha256sum -c - \ |
| 53 | + && tar -zx --strip-components=1 -f /tmp/jruby.tar.gz -C /opt/jruby \ |
| 54 | + && rm /tmp/jruby.tar.gz \ |
| 55 | + && update-alternatives --install /usr/local/bin/ruby ruby /opt/jruby/bin/jruby 1 |
| 56 | +ENV PATH /opt/jruby/bin:$PATH |
| 57 | + |
| 58 | +# Skip installing gem documentation |
| 59 | +RUN mkdir -p /opt/jruby/etc \ |
| 60 | + && echo -e 'install: --no-document\nupdate: --no-document' >> /opt/jruby/etc/gemrc |
| 61 | + |
| 62 | +# don't create ".bundle" in all our apps |
| 63 | +ENV GEM_HOME /usr/local/bundle |
| 64 | +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ |
| 65 | + BUNDLE_APP_CONFIG="$GEM_HOME" |
| 66 | +ENV PATH $GEM_HOME/bin:$PATH |
| 67 | + |
| 68 | +# adjust permissions of a few directories for running "gem install" as an arbitrary user |
| 69 | +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" |
| 70 | + |
| 71 | +## Install a pinned RubyGems and Bundler |
| 72 | +RUN gem update --system 3.7.2 |
| 73 | +RUN gem install bundler:2.7.2 |
| 74 | + |
| 75 | +# Install additional gems that are in CRuby but missing from the above |
| 76 | +# JRuby install distribution. These are version-pinned for reproducibility. |
| 77 | +RUN gem install rake:13.2.1 |
| 78 | + |
| 79 | +# Start IRB as a default |
| 80 | +CMD [ "irb" ] |
0 commit comments