mirrors
/
ort
mirror of https://github.com/oss-review-toolkit/ort.git
1
0
Fork 0
Code
ort/Dockerfile

611 lines
19 KiB
Docker
Raw Permalink Blame History

# syntax=devthefuture/dockerfile-x:v1.4.1
# The above opts-in for an extended syntax that supports e.g. "INCLUDE" statements, see
# https://codeberg.org/devthefuture/dockerfile-x
# Copyright (C) 2020 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# License-Filename: LICENSE
INCLUDE docker/versions.dockerfile
# Use OpenJDK Eclipe Temurin Ubuntu LTS
FROM eclipse-temurin:$JAVA_VERSION-jdk-$UBUNTU_VERSION as base
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US:en
ENV LC_ALL=en_US.UTF-8
# Check and set apt proxy
COPY scripts/set_apt_proxy.sh /etc/scripts/set_apt_proxy.sh
RUN /etc/scripts/set_apt_proxy.sh
# Base package set
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
ca-certificates \
coreutils \
curl \
dirmngr \
file \
gcc \
git \
git-lfs \
g++ \
gnupg2 \
iproute2 \
libarchive-tools \
libffi-dev \
libgmp-dev \
libmagic1 \
libz-dev \
locales \
lzma \
make \
netbase \
openssh-client \
openssl \
procps \
rsync \
sudo \
tzdata \
uuid-dev \
unzip \
wget \
xz-utils \
&& rm -rf /var/lib/apt/lists/* \
&& git lfs install
RUN echo $LANG > /etc/locale.gen \
&& locale-gen $LANG \
&& update-locale LANG=$LANG
ARG USERNAME=ort
ARG USER_ID=1000
ARG USER_GID=$USER_ID
ARG HOMEDIR=/home/ort
ENV HOME=$HOMEDIR
ENV USER=$USERNAME
# Non privileged user
RUN groupadd --gid $USER_GID $USERNAME \
&& useradd \
--uid $USER_ID \
--gid $USER_GID \
--shell /bin/bash \
--home-dir $HOMEDIR \
--create-home $USERNAME
RUN chgrp $USER /opt \
&& chmod g+wx /opt
# sudo support
RUN echo "$USERNAME ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/$USERNAME \
&& chmod 0440 /etc/sudoers.d/$USERNAME
# Copy certificates scripts only.
COPY scripts/*_certificates.sh /etc/scripts/
# Set this to a directory containing CRT-files for custom certificates that ORT and all build tools should know about.
ARG CRT_FILES="*.crt"
COPY "$CRT_FILES" /tmp/certificates/
RUN /etc/scripts/export_proxy_certificates.sh /tmp/certificates/ \
&& /etc/scripts/import_certificates.sh /tmp/certificates/
# Add Syft to use as primary SPDX Docker scanner
# Create docs dir to store future SPDX files
RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sudo sh -s -- -b /usr/local/bin \
&& mkdir -p /usr/share/doc/ort \
&& chown $USER:$USER /usr/share/doc/ort
USER $USER
WORKDIR $HOME
ENTRYPOINT [ "/bin/bash" ]
#------------------------------------------------------------------------
# PYTHON - Build Python as a separate component with pyenv
FROM base AS pythonbuild
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
sudo apt-get update -qq \
&& DEBIAN_FRONTEND=noninteractive sudo apt-get install -y --no-install-recommends \
libreadline-dev \
libgdbm-dev \
libsqlite3-dev \
libssl-dev \
libbz2-dev \
liblzma-dev \
tk-dev \
&& sudo rm -rf /var/lib/apt/lists/*
ARG PYTHON_VERSION
ARG PYENV_GIT_TAG
ENV PYENV_ROOT=/opt/python
ENV PATH=$PATH:$PYENV_ROOT/shims:$PYENV_ROOT/bin
RUN curl -kSs https://pyenv.run | bash \
&& pyenv install -v $PYTHON_VERSION \
&& pyenv global $PYTHON_VERSION
ARG CONAN_VERSION
ARG PYTHON_INSPECTOR_VERSION
ARG PYTHON_PIPENV_VERSION
ARG PYTHON_POETRY_VERSION
ARG PIPTOOL_VERSION
ARG SCANCODE_VERSION
RUN ARCH=$(arch | sed s/aarch64/arm64/) \
&& if [ "$ARCH" == "arm64" ]; then \
pip install -U scancode-toolkit-mini==$SCANCODE_VERSION; \
else \
curl -Os https://raw.githubusercontent.com/nexB/scancode-toolkit/v$SCANCODE_VERSION/requirements.txt; \
pip install -U --constraint requirements.txt scancode-toolkit==$SCANCODE_VERSION; \
rm requirements.txt; \
fi
RUN pip install --no-cache-dir -U \
pip=="$PIPTOOL_VERSION" \
wheel \
&& pip install --no-cache-dir -U \
Mercurial \
conan=="$CONAN_VERSION" \
pipenv=="$PYTHON_PIPENV_VERSION" \
poetry=="$PYTHON_POETRY_VERSION" \
python-inspector=="$PYTHON_INSPECTOR_VERSION"
FROM scratch AS python
COPY --from=pythonbuild /opt/python /opt/python
#------------------------------------------------------------------------
# NODEJS - Build NodeJS as a separate component with nvm
FROM base AS nodejsbuild
ARG BOWER_VERSION
ARG NODEJS_VERSION
ARG NPM_VERSION
ARG PNPM_VERSION
ARG YARN_VERSION
ENV NVM_DIR=/opt/nvm
ENV PATH=$PATH:$NVM_DIR/versions/node/v$NODEJS_VERSION/bin
RUN git clone --depth 1 https://github.com/nvm-sh/nvm.git $NVM_DIR
RUN . $NVM_DIR/nvm.sh \
&& nvm install "$NODEJS_VERSION" \
&& nvm alias default "$NODEJS_VERSION" \
&& nvm use default \
&& npm install --global npm@$NPM_VERSION bower@$BOWER_VERSION pnpm@$PNPM_VERSION yarn@$YARN_VERSION
FROM scratch AS nodejs
COPY --from=nodejsbuild /opt/nvm /opt/nvm
#------------------------------------------------------------------------
# RUBY - Build Ruby as a separate component with rbenv
FROM base AS rubybuild
# hadolint ignore=DL3004
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
sudo apt-get update -qq \
&& DEBIAN_FRONTEND=noninteractive sudo apt-get install -y --no-install-recommends \
libreadline6-dev \
libssl-dev \
libz-dev \
make \
xvfb \
zlib1g-dev \
&& sudo rm -rf /var/lib/apt/lists/*
ARG COCOAPODS_VERSION
ARG RUBY_VERSION
ENV RBENV_ROOT=/opt/rbenv
ENV PATH=$RBENV_ROOT/bin:$RBENV_ROOT/shims/:$RBENV_ROOT/plugins/ruby-build/bin:$PATH
RUN git clone --depth 1 https://github.com/rbenv/rbenv.git $RBENV_ROOT
RUN git clone --depth 1 https://github.com/rbenv/ruby-build.git "$(rbenv root)"/plugins/ruby-build
WORKDIR $RBENV_ROOT
RUN src/configure \
&& make -C src
RUN rbenv install $RUBY_VERSION -v \
&& rbenv global $RUBY_VERSION \
&& gem install bundler cocoapods:$COCOAPODS_VERSION
FROM scratch AS ruby
COPY --from=rubybuild /opt/rbenv /opt/rbenv
#------------------------------------------------------------------------
# RUST - Build as a separate component
FROM base AS rustbuild
ARG RUST_VERSION
ENV RUST_HOME=/opt/rust
ENV CARGO_HOME=$RUST_HOME/cargo
ENV RUSTUP_HOME=$RUST_HOME/rustup
RUN curl -ksSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain $RUST_VERSION
FROM scratch AS rust
COPY --from=rustbuild /opt/rust /opt/rust
#------------------------------------------------------------------------
# GOLANG - Build as a separate component
FROM base AS gobuild
ARG GO_VERSION
ENV GOBIN=/opt/go/bin
ENV PATH=$PATH:/opt/go/bin
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN ARCH=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) \
&& curl -L https://dl.google.com/go/go$GO_VERSION.linux-$ARCH.tar.gz | tar -C /opt -xz
FROM scratch AS golang
COPY --from=gobuild /opt/go /opt/go
#------------------------------------------------------------------------
# HASKELL STACK
FROM base AS haskellbuild
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
sudo apt-get update -qq \
&& DEBIAN_FRONTEND=noninteractive sudo apt-get install -y --no-install-recommends \
zlib1g-dev \
&& sudo rm -rf /var/lib/apt/lists/*
ARG HASKELL_STACK_VERSION
ENV HASKELL_HOME=/opt/haskell
ENV PATH=$PATH:$HASKELL_HOME/bin
RUN curl -sSL https://get.haskellstack.org/ | bash -s -- -d $HASKELL_HOME/bin
FROM scratch AS haskell
COPY --from=haskellbuild /opt/haskell /opt/haskell
#------------------------------------------------------------------------
# REPO / ANDROID SDK
FROM base AS androidbuild
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
sudo apt-get update -qq \
&& DEBIAN_FRONTEND=noninteractive sudo apt-get install -y --no-install-recommends \
unzip \
&& sudo rm -rf /var/lib/apt/lists/*
ARG ANDROID_CMD_VERSION
ENV ANDROID_HOME=/opt/android-sdk
RUN --mount=type=tmpfs,target=/android \
cd /android \
&& curl -Os https://dl.google.com/android/repository/commandlinetools-linux-${ANDROID_CMD_VERSION}_latest.zip \
&& unzip -q commandlinetools-linux-${ANDROID_CMD_VERSION}_latest.zip -d $ANDROID_HOME \
&& PROXY_HOST_AND_PORT=${https_proxy#*://} \
&& PROXY_HOST_AND_PORT=${PROXY_HOST_AND_PORT%/} \
&& if [ -n "$PROXY_HOST_AND_PORT" ]; then \
# While sdkmanager uses HTTPS by default, the proxy type is still called "http".
SDK_MANAGER_PROXY_OPTIONS="--proxy=http --proxy_host=${PROXY_HOST_AND_PORT%:*} --proxy_port=${PROXY_HOST_AND_PORT##*:}"; \
fi \
&& yes | $ANDROID_HOME/cmdline-tools/bin/sdkmanager $SDK_MANAGER_PROXY_OPTIONS --sdk_root=$ANDROID_HOME "platform-tools" "cmdline-tools;latest"
RUN curl -ksS https://storage.googleapis.com/git-repo-downloads/repo > $ANDROID_HOME/cmdline-tools/bin/repo \
&& sudo chmod a+x $ANDROID_HOME/cmdline-tools/bin/repo
FROM scratch AS android
COPY --from=androidbuild /opt/android-sdk /opt/android-sdk
#------------------------------------------------------------------------
# Dart
FROM base AS dartbuild
ARG DART_VERSION
WORKDIR /opt/
ENV DART_SDK=/opt/dart-sdk
ENV PATH=$PATH:$DART_SDK/bin
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN --mount=type=tmpfs,target=/dart \
ARCH=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/x64/) \
&& curl -o /dart/dart.zip -L https://storage.googleapis.com/dart-archive/channels/stable/release/$DART_VERSION/sdk/dartsdk-linux-$ARCH-release.zip \
&& unzip /dart/dart.zip
FROM scratch AS dart
COPY --from=dartbuild /opt/dart-sdk /opt/dart-sdk
#------------------------------------------------------------------------
# SBT
FROM base AS scalabuild
ARG SBT_VERSION
ENV SBT_HOME=/opt/sbt
ENV PATH=$PATH:$SBT_HOME/bin
RUN curl -L https://github.com/sbt/sbt/releases/download/v$SBT_VERSION/sbt-$SBT_VERSION.tgz | tar -C /opt -xz
FROM scratch AS scala
COPY --from=scalabuild /opt/sbt /opt/sbt
#------------------------------------------------------------------------
# SWIFT
FROM base AS swiftbuild
ARG SWIFT_VERSION
ENV SWIFT_HOME=/opt/swift
ENV PATH=$PATH:$SWIFT_HOME/bin
RUN mkdir -p $SWIFT_HOME \
&& echo $SWIFT_VERSION \
&& if [ "$(arch)" = "aarch64" ]; then \
SWIFT_PACKAGE="ubuntu2204-aarch64/swift-$SWIFT_VERSION-RELEASE/swift-$SWIFT_VERSION-RELEASE-ubuntu22.04-aarch64.tar.gz"; \
else \
SWIFT_PACKAGE="ubuntu2204/swift-$SWIFT_VERSION-RELEASE/swift-$SWIFT_VERSION-RELEASE-ubuntu22.04.tar.gz"; \
fi \
&& curl -L https://download.swift.org/swift-$SWIFT_VERSION-release/$SWIFT_PACKAGE \
| tar -xz -C $SWIFT_HOME --strip-components=2
FROM scratch AS swift
COPY --from=swiftbuild /opt/swift /opt/swift
#------------------------------------------------------------------------
# DOTNET
FROM base AS dotnetbuild
ARG DOTNET_VERSION
ARG NUGET_INSPECTOR_VERSION
ENV DOTNET_HOME=/opt/dotnet
ENV NUGET_INSPECTOR_HOME=$DOTNET_HOME
ENV PATH=$PATH:$DOTNET_HOME:$DOTNET_HOME/tools:$DOTNET_HOME/bin
# Note: We are not installing a dotnet package directly because
# debian packages from Ubuntu and Microsoft are incomplete
RUN mkdir -p $DOTNET_HOME \
&& echo $SWIFT_VERSION \
&& if [ "$(arch)" = "aarch64" ]; then \
curl -L https://aka.ms/dotnet/$DOTNET_VERSION/dotnet-sdk-linux-arm64.tar.gz | tar -C $DOTNET_HOME -xz; \
else \
curl -L https://aka.ms/dotnet/$DOTNET_VERSION/dotnet-sdk-linux-x64.tar.gz | tar -C $DOTNET_HOME -xz; \
fi
RUN mkdir -p $DOTNET_HOME/bin \
&& curl -L https://github.com/nexB/nuget-inspector/releases/download/v$NUGET_INSPECTOR_VERSION/nuget-inspector-v$NUGET_INSPECTOR_VERSION-linux-x64.tar.gz \
| tar --strip-components=1 -C $DOTNET_HOME/bin -xz
FROM scratch AS dotnet
COPY --from=dotnetbuild /opt/dotnet /opt/dotnet
#------------------------------------------------------------------------
# BAZEL
FROM base as bazelbuild
ARG BAZEL_VERSION
ENV BAZEL_HOME=/opt/bazel
RUN mkdir -p $BAZEL_HOME/bin \
&& if [ "$(arch)" = "aarch64" ]; then \
curl -L https://github.com/bazelbuild/bazel/releases/download/$BAZEL_VERSION/bazel-$BAZEL_VERSION-linux-arm64 -o $BAZEL_HOME/bin/bazel; \
else \
curl -L https://github.com/bazelbuild/bazel/releases/download/$BAZEL_VERSION/bazel-$BAZEL_VERSION-linux-x86_64 -o $BAZEL_HOME/bin/bazel; \
fi \
&& chmod a+x $BAZEL_HOME/bin/bazel
FROM scratch as bazel
COPY --from=bazelbuild /opt/bazel /opt/bazel
#------------------------------------------------------------------------
# ORT
FROM base as ortbuild
# Set this to the version ORT should report.
ARG ORT_VERSION="DOCKER-SNAPSHOT"
WORKDIR $HOME/src/ort
# Prepare Gradle
RUN --mount=type=cache,target=/var/tmp/gradle \
--mount=type=bind,target=$HOME/src/ort,rw \
export GRADLE_USER_HOME=/var/tmp/gradle \
&& sudo chown -R "$USER". $HOME/src/ort /var/tmp/gradle \
&& scripts/set_gradle_proxy.sh \
&& ./gradlew --no-daemon --stacktrace \
-Pversion=$ORT_VERSION \
:cli:installDist \
:helper-cli:startScripts \
&& mkdir /opt/ort \
&& cp -a $HOME/src/ort/cli/build/install/ort /opt/ \
&& cp -a $HOME/src/ort/scripts/*.sh /opt/ort/bin/ \
&& cp -a $HOME/src/ort/helper-cli/build/scripts/orth /opt/ort/bin/ \
&& cp -a $HOME/src/ort/helper-cli/build/libs/helper-cli-*.jar /opt/ort/lib/
FROM scratch AS ortbin
COPY --from=ortbuild /opt/ort /opt/ort
#------------------------------------------------------------------------
# Container with minimal selection of supported package managers.
FROM base as minimal-tools
# Remove ort build scripts
RUN [ -d /etc/scripts ] && sudo rm -rf /etc/scripts
# Install optional tool subversion for ORT analyzer
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
sudo apt-get update && \
DEBIAN_FRONTEND=noninteractive sudo apt-get install -y --no-install-recommends \
subversion \
&& sudo rm -rf /var/lib/apt/lists/*
RUN syft / --exclude '*/usr/share/doc' --exclude '*/etc' -o spdx-json --output json=/usr/share/doc/ort/ort-base.spdx.json
# Python
ENV PYENV_ROOT=/opt/python
ENV PATH=$PATH:$PYENV_ROOT/shims:$PYENV_ROOT/bin
COPY --from=python --chown=$USER:$USER $PYENV_ROOT $PYENV_ROOT
RUN syft $PYENV_ROOT -o spdx-json --output json=/usr/share/doc/ort/ort-python.spdx.json
# NodeJS
ARG NODEJS_VERSION
ENV NVM_DIR=/opt/nvm
ENV PATH=$PATH:$NVM_DIR/versions/node/v$NODEJS_VERSION/bin
COPY --from=nodejs --chown=$USER:$USER $NVM_DIR $NVM_DIR
RUN syft $NVM_DIR -o spdx-json --output json=/usr/share/doc/ort/ort-nodejs.spdx.json
# Rust
ENV RUST_HOME=/opt/rust
ENV CARGO_HOME=$RUST_HOME/cargo
ENV RUSTUP_HOME=$RUST_HOME/rustup
ENV PATH=$PATH:$CARGO_HOME/bin:$RUSTUP_HOME/bin
COPY --from=rust --chown=$USER:$USER $RUST_HOME $RUST_HOME
RUN chmod o+rwx $CARGO_HOME
RUN syft $RUST_HOME -o spdx-json --output json=/usr/share/doc/ort/ort-rust.spdx.json
# Golang
ENV PATH=$PATH:/opt/go/bin
COPY --from=golang --chown=$USER:$USER /opt/go /opt/go
RUN syft /opt/go -o spdx-json --output json=/usr/share/doc/ort/ort-golang.spdx.json
# Ruby
ENV RBENV_ROOT=/opt/rbenv/
ENV GEM_HOME=/var/tmp/gem
ENV PATH=$PATH:$RBENV_ROOT/bin:$RBENV_ROOT/shims:$RBENV_ROOT/plugins/ruby-install/bin
COPY --from=ruby --chown=$USER:$USER $RBENV_ROOT $RBENV_ROOT
RUN syft $RBENV_ROOT -o spdx-json --output json=/usr/share/doc/ort/ort-ruby.spdx.json
#------------------------------------------------------------------------
# Container with all supported package managers.
FROM minimal-tools as all-tools
# Repo and Android
ENV ANDROID_HOME=/opt/android-sdk
ENV ANDROID_USER_HOME=$HOME/.android
ENV PATH=$PATH:$ANDROID_HOME/cmdline-tools/latest/bin:$ANDROID_HOME/cmdline-tools/bin
ENV PATH=$PATH:$ANDROID_HOME/platform-tools
COPY --from=android --chown=$USER:$USER $ANDROID_HOME $ANDROID_HOME
RUN sudo chmod -R o+rw $ANDROID_HOME
RUN syft $ANDROID_HOME -o spdx-json --output json=/usr/share/doc/ort/ort-android.spdx.json
# Swift
ENV SWIFT_HOME=/opt/swift
ENV PATH=$PATH:$SWIFT_HOME/bin
COPY --from=swift --chown=$USER:$USER $SWIFT_HOME $SWIFT_HOME
RUN syft $SWIFT_HOME -o spdx-json --output json=/usr/share/doc/ort/ort-swift.spdx.json
# Scala
ENV SBT_HOME=/opt/sbt
ENV PATH=$PATH:$SBT_HOME/bin
COPY --from=scala --chown=$USER:$USER $SBT_HOME $SBT_HOME
RUN syft $SBT_HOME -o spdx-json --output json=/usr/share/doc/ort/ort-sbt.spdx.json
# Dart
ENV DART_SDK=/opt/dart-sdk
ENV PATH=$PATH:$DART_SDK/bin
COPY --from=dart --chown=$USER:$USER $DART_SDK $DART_SDK
RUN syft $DART_SDK -o spdx-json --output json=/usr/share/doc/ort/ort-golang.dart.json
# Dotnet
ENV DOTNET_HOME=/opt/dotnet
ENV NUGET_INSPECTOR_HOME=$DOTNET_HOME
ENV PATH=$PATH:$DOTNET_HOME:$DOTNET_HOME/tools:$DOTNET_HOME/bin
COPY --from=dotnet --chown=$USER:$USER $DOTNET_HOME $DOTNET_HOME
RUN syft $DOTNET_HOME -o spdx-json --output json=/usr/share/doc/ort/ort-dotnet.spdx.json
# PHP
ARG PHP_VERSION
ARG COMPOSER_VERSION
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
sudo apt-get update && \
DEBIAN_FRONTEND=noninteractive sudo apt-get install -y --no-install-recommends \
php${PHP_VERSION} \
&& sudo rm -rf /var/lib/apt/lists/*
RUN mkdir -p /opt/php/bin \
&& curl -ksS https://getcomposer.org/installer | php -- --install-dir=/opt/php/bin --filename=composer --$COMPOSER_VERSION
ENV PATH=$PATH:/opt/php/bin
RUN syft /opt/php -o spdx-json --output json=/usr/share/doc/ort/ort-php.spdx.json
# Haskell
ENV HASKELL_HOME=/opt/haskell
ENV PATH=$PATH:$HASKELL_HOME/bin
COPY --from=haskell /opt/haskell /opt/haskell
RUN syft /opt/haskell -o spdx-json --output json=/usr/share/doc/ort/ort-haskell.spdx.json
# Bazel
ENV BAZEL_HOME=/opt/bazel
ENV PATH=$PATH:$BAZEL_HOME/bin
COPY --from=bazel $BAZEL_HOME $BAZEL_HOME
RUN syft $BAZEL_HOME -o spdx-json --output json=/usr/share/doc/ort/ort-bazel.spdx.json
#------------------------------------------------------------------------
# Runtime container with minimal selection of supported package managers pre-installed.
FROM minimal-tools as minimal
# ORT
COPY --from=ortbin --chown=$USER:$USER /opt/ort /opt/ort
ENV PATH=$PATH:/opt/ort/bin
USER $USER
WORKDIR $HOME
# Ensure that the ORT data directory exists to be able to mount the config into it with correct permissions.
RUN mkdir -p "$HOME/.ort"
ENTRYPOINT ["/opt/ort/bin/ort"]
#------------------------------------------------------------------------
# Runtime container with all supported package managers pre-installed.
FROM all-tools as run
# ORT
COPY --from=ortbin --chown=$USER:$USER /opt/ort /opt/ort
ENV PATH=$PATH:/opt/ort/bin
USER $USER
WORKDIR $HOME
# Ensure that the ORT data directory exists to be able to mount the config into it with correct permissions.
RUN mkdir -p "$HOME/.ort"
ENTRYPOINT ["/opt/ort/bin/ort"]
View Git Blame Copy Permalink