diff --git a/env/bitbucket/Dockerfile b/env/bitbucket/Dockerfile index 079b2f37..3a9d9003 100644 --- a/env/bitbucket/Dockerfile +++ b/env/bitbucket/Dockerfile @@ -1,96 +1,180 @@ # create a new version of this docker image -# > docker build -t iterativ/vbv-lernwelt-bitbucket . +# > docker build --platform linux/amd64 -t iterativ/vbv-lernwelt-bitbucket . # push new version to Docker Hub # > docker push iterativ/vbv-lernwelt-bitbucket # run locally with directory mounted # > docker run -v "$(pwd)":/src -it iterativ/vbv-lernwelt-bitbucket /bin/bash -FROM python:3.10-bullseye +FROM cypress/included:10.9.0 MAINTAINER Daniel Egger -ARG DEBIAN_FRONTEND=noninteractive +# install python see https://github.com/docker-library/python +ENV LANG C.UTF-8 +ENV LC_ALL C.UTF-8 -# Install node prereqs, nodejs and yarn -# Ref: https://deb.nodesource.com/setup_16.x -# Ref: https://yarnpkg.com/en/docs/install -# https://github.com/nikolaik/docker-python-nodejs -RUN \ - echo "deb https://deb.nodesource.com/node_16.x bullseye main" > /etc/apt/sources.list.d/nodesource.list && \ - wget -qO- https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - && \ - echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list && \ - wget -qO- https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ - apt-get update && \ - apt-get install -yqq nodejs yarn && \ - pip install -U pip && pip install pipenv && \ - npm i -g npm@^6 -# Install Cypress deps -# https://github.com/cypress-io/cypress-docker-images/blob/master/base/16.5.0/Dockerfile -RUN apt-get update && \ - apt-get install --no-install-recommends -y \ - libgtk2.0-0 \ - libgtk-3-0 \ - libnotify-dev \ - libgconf-2-4 \ - libgbm-dev \ - libnss3 \ - libxss1 \ - libasound2 \ - libxtst6 \ - xauth \ - xvfb \ - # install text editors - vim-tiny \ - nano \ - # install emoji font - fonts-noto-color-emoji \ - # install Chinese fonts - # this list was copied from https://github.com/jim3ma/docker-leanote - fonts-arphic-bkai00mp \ - fonts-arphic-bsmi00lp \ - fonts-arphic-gbsn00lp \ - fonts-arphic-gkai00mp \ - fonts-arphic-ukai \ - fonts-arphic-uming \ - ttf-wqy-zenhei \ - ttf-wqy-microhei \ - xfonts-wqy +# ensure local python is preferred over distribution python +ENV PATH /usr/local/bin:$PATH -RUN npm --version +# http://bugs.python.org/issue19846 +# > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK. +ENV LANG C.UTF-8 -RUN npm install -g yarn@latest --force -RUN yarn --version +# runtime dependencies +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + netbase \ + tzdata \ + ; \ + rm -rf /var/lib/apt/lists/* -# a few environment variables to make NPM installs easier -# good colors for most applications -ENV TERM xterm -# avoid million NPM install messages -ENV npm_config_loglevel warn -# allow installing when the main user is root -ENV npm_config_unsafe_perm true +ENV GPG_KEY A035C8C19219BA821ECEA86B64E628F8D684696D +ENV PYTHON_VERSION 3.10.7 -# Node libraries -RUN node -p process.versions +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + gcc \ + gnupg dirmngr \ + libbluetooth-dev \ + libbz2-dev \ + libc6-dev \ + libexpat1-dev \ + libffi-dev \ + libgdbm-dev \ + liblzma-dev \ + libncursesw5-dev \ + libreadline-dev \ + libsqlite3-dev \ + libssl-dev \ + make \ + tk-dev \ + uuid-dev \ + wget \ + xz-utils \ + zlib1g-dev \ + ; \ + \ + wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; \ + wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; \ + gpg --batch --verify python.tar.xz.asc python.tar.xz; \ + command -v gpgconf > /dev/null && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME" python.tar.xz.asc; \ + mkdir -p /usr/src/python; \ + tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \ + rm python.tar.xz; \ + \ + cd /usr/src/python; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + ./configure \ + --build="$gnuArch" \ + --enable-loadable-sqlite-extensions \ + --enable-optimizations \ + --enable-option-checking=fatal \ + --enable-shared \ + --with-lto \ + --with-system-expat \ + --without-ensurepip \ + ; \ + nproc="$(nproc)"; \ + make -j "$nproc" \ + LDFLAGS="-Wl,--strip-all" \ + ; \ + make install; \ + \ + cd /; \ + rm -rf /usr/src/python; \ + \ + find /usr/local -depth \ + \( \ + \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \ + -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \ + \) -exec rm -rf '{}' + \ + ; \ + \ + ldconfig; \ + \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ + python3 --version -# Show where Node loads required modules from -RUN node -p 'module.paths' +# make some useful symlinks that are expected to exist ("/usr/local/bin/python" and friends) +RUN set -eux; \ + for src in idle3 pydoc3 python3 python3-config; do \ + dst="$(echo "$src" | tr -d 3)"; \ + [ -s "/usr/local/bin/$src" ]; \ + [ ! -e "/usr/local/bin/$dst" ]; \ + ln -svT "$src" "/usr/local/bin/$dst"; \ + done -# install postgresql - RUN apt-get install -y postgresql postgresql-contrib libpq-dev +# if this is called "PIP_VERSION", pip explodes with "ValueError: invalid truth value ''" +ENV PYTHON_PIP_VERSION 22.2.2 +# https://github.com/docker-library/python/issues/365 +ENV PYTHON_SETUPTOOLS_VERSION 63.2.0 +# https://github.com/pypa/get-pip +ENV PYTHON_GET_PIP_URL https://github.com/pypa/get-pip/raw/5eaac1050023df1f5c98b173b248c260023f2278/public/get-pip.py +ENV PYTHON_GET_PIP_SHA256 5aefe6ade911d997af080b315ebcb7f882212d070465df544e1175ac2be519b4 + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + \ + wget -O get-pip.py "$PYTHON_GET_PIP_URL"; \ + echo "$PYTHON_GET_PIP_SHA256 *get-pip.py" | sha256sum -c -; \ + \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ + export PYTHONDONTWRITEBYTECODE=1; \ + \ + python get-pip.py \ + --disable-pip-version-check \ + --no-cache-dir \ + --no-compile \ + "pip==$PYTHON_PIP_VERSION" \ + "setuptools==$PYTHON_SETUPTOOLS_VERSION" \ + ; \ + rm -f get-pip.py; \ + \ + pip --version + +# install postgresql \ +RUN apt install curl ca-certificates gnupg +RUN curl https://www.postgresql.org/media/keys/ACCC4CF8.asc \ +| gpg --dearmor \ +| tee /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg >/dev/null +RUN sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main" > /etc/apt/sources.list.d/postgresql.list' +RUN apt update +RUN apt-get install -y postgresql postgresql-contrib libpq-dev # Required by python3-saml - RUN apt-get -y install libxmlsec1-dev pkg-config gettext +RUN apt-get -y install libxmlsec1-dev pkg-config gettext # install git-crypt RUN apt-get -y install git-crypt -ENV LANG C.UTF-8 -ENV LC_ALL C.UTF-8 - -# Install Google Chrome -RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - -RUN sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' -RUN apt-get update && apt-get install -y google-chrome-stable # versions of local tools RUN echo " node version: $(node -v) \n" \ diff --git a/prepare_server.sh b/prepare_server.sh index 100d6336..afe34335 100755 --- a/prepare_server.sh +++ b/prepare_server.sh @@ -73,7 +73,7 @@ else fi if [ "$START_BACKGROUND" = true ]; then - python3 server/manage.py runserver "${DJANGO_PORT}" --settings="$DJANGO_SETTINGS_MODULE" > /dev/null & + cd server && python3 server/manage.py runserver "${DJANGO_PORT}" --settings="$DJANGO_SETTINGS_MODULE" > /dev/null & else cd server && python3 manage.py runserver "${DJANGO_PORT}" --settings="$DJANGO_SETTINGS_MODULE" fi diff --git a/trufflehog-allow.json b/trufflehog-allow.json index 31f2054c..79605f84 100644 --- a/trufflehog-allow.json +++ b/trufflehog-allow.json @@ -4,6 +4,7 @@ "ignore hash 3": "OvBgP9A2JBgiRad/mM36mkzXSXaJE9BEIENnVEmeZdITvwT09xnxLtT4twkCa8m/loMbPHsvPl0T8lRGVBwjlQ==", "ignore hash 4": "1NpUCSvAKLpDZL9e3tqDaUe8Kk2xAuF1tXosFjBanc4lFCgNcfBp02MD3UjB72ZS", "ignore hash 5": "1LhwZ0DvP4cGBgbBdCfaBQV7eiaOc4jWKdzO9WEXLFT7AaqBN6jqd0uyaZeAZ19K", + "ignore hash 6": "A035C8C19219BA821ECEA86B64E628F8D684696D", "json base64 content": "regex:\"content\": \"", "img base64 content": "regex:data:image/png;base64,.*" } diff --git a/trufflehog-exclude-patterns.txt b/trufflehog-exclude-patterns.txt index 79e19635..d2fe8784 100644 --- a/trufflehog-exclude-patterns.txt +++ b/trufflehog-exclude-patterns.txt @@ -1,5 +1,6 @@ server/requirements/ env_secrets/ +env/bitbucket/Dockerfile env/docker_local.env server/vbv_lernwelt/static/ server/vbv_lernwelt/media/