jsonnet-tf/Dockerfile.podman at main · poweld/jsonnet-tf · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
ARG REGISTRY="registry.hub.docker.com"
#ARG REGISTRY="docker.io"

FROM ${REGISTRY}/library/golang:1.25 AS jsonnet
RUN git clone https://github.com/google/go-jsonnet.git \
  && cd go-jsonnet \
  && go build ./cmd/jsonnet \
  && go build ./cmd/jsonnetfmt \
  && go build ./cmd/jsonnet-deps

RUN mkdir -p /artifacts \
  && cp go-jsonnet/jsonnet /artifacts \
  && cp go-jsonnet/jsonnetfmt /artifacts

FROM ${REGISTRY}/library/python:3.12-bookworm
COPY --from=jsonnet /artifacts/* /bin/
# hashicorp does not support debian trixy release at the moment
# FROM ${REGISTRY}/library/python:3.12

RUN wget -O- https://apt.releases.hashicorp.com/gpg | \
        gpg --dearmor | \
        tee /usr/share/keyrings/hashicorp-archive-keyring.gpg > /dev/null \
    && gpg --no-default-keyring \
        --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \
        --fingerprint \
    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=VERSION_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list


RUN apt-get update \
    && apt-get install -y --no-install-recommends \
      dumb-init \
      terraform \
      # pipx \
    && rm -rf /var/lib/apt/lists/*

ARG APP_DIR="/app"

ENV PATH="${APP_DIR}/.local/bin:${PATH}"
RUN pip install poetry

COPY poetry.lock pyproject.toml ./
RUN poetry install --no-root

COPY src .

# ENTRYPOINT ["dumb-init", "--"]
ENTRYPOINT ["dumb-init", "--", "poetry", "run", "python", "main.py"]