# Copyright 2020-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License. # A copy of the License is located at # # http://aws.amazon.com/asl/ # # or in the "license" file accompanying this file. # This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. # See the License for the specific language governing permissions and limitations under the License. FROM public.ecr.aws/amazonlinux/amazonlinux:2 AS core # Install git, SSH, and other utilities RUN set -ex \ && yum install -y -q openssh-clients \ && mkdir ~/.ssh \ && mkdir -p /opt/tools \ && mkdir -p /codebuild/image/config \ && touch ~/.ssh/known_hosts \ && ssh-keyscan -t rsa,dsa,ed25519,ecdsa -H github.com >> ~/.ssh/known_hosts \ && ssh-keyscan -t rsa,dsa,ed25519,ecdsa -H bitbucket.org >> ~/.ssh/known_hosts \ && chmod 600 ~/.ssh/known_hosts \ && amazon-linux-extras install epel -y \ && rpm --import https://download.mono-project.com/repo/xamarin.gpg \ && curl https://download.mono-project.com/repo/centos7-stable.repo | tee /etc/yum.repos.d/mono-centos7-stable.repo \ && amazon-linux-extras enable corretto8 \ && amazon-linux-extras enable docker \ && yum groupinstall -y -q "Development tools" \ && yum install -y -q \ GeoIP-devel ImageMagick asciidoc bzip2-devel bzr bzrtools cvs cvsps \ docbook-dtds docbook-style-xsl dpkg-dev e2fsprogs expat-devel expect fakeroot \ glib2-devel groff gzip icu iptables jq krb5-server libargon2-devel \ libcurl-devel libdb-devel libedit-devel libevent-devel libffi-devel \ libicu-devel libjpeg-devel libpng-devel libserf libsqlite3x-devel \ libtidy-devel libunwind libwebp-devel libxml2-devel libxslt libxslt-devel \ libyaml-devel libzip-devel mariadb-devel mercurial mlocate mono-devel \ ncurses-devel oniguruma-devel openssl openssl-devel perl-DBD-SQLite \ perl-DBI perl-HTTP-Date perl-IO-Pty-Easy perl-TimeDate perl-YAML-LibYAML \ postgresql-devel procps-ng python-configobj readline-devel rsync sgml-common \ subversion-perl tar tcl tk vim wget which xfsprogs xmlto xorg-x11-server-Xvfb xz-devel \ amazon-ecr-credential-helper \ && rm /etc/yum.repos.d/mono-centos7-stable.repo RUN useradd codebuild-user #=======================End of layer: core ================= FROM core AS tools # Install Git RUN set -ex \ && GIT_VERSION=2.39.1 \ && GIT_TAR_FILE=git-$GIT_VERSION.tar.gz \ && GIT_SRC=https://github.com/git/git/archive/v${GIT_VERSION}.tar.gz \ && curl -L -o $GIT_TAR_FILE $GIT_SRC \ && tar zxf $GIT_TAR_FILE \ && cd git-$GIT_VERSION \ && make -j4 prefix=/usr \ && make install prefix=/usr \ && cd .. && rm -rf git-$GIT_VERSION \ && rm -rf $GIT_TAR_FILE /tmp/* # Install stunnel RUN set -ex \ && STUNNEL_VERSION=5.69 \ && STUNNEL_TAR=stunnel-$STUNNEL_VERSION.tar.gz \ && STUNNEL_SHA256="1ff7d9f30884c75b98c8a0a4e1534fa79adcada2322635e6787337b4e38fdb81" \ && curl -o $STUNNEL_TAR https://www.stunnel.org/archive/5.x/$STUNNEL_TAR && echo "$STUNNEL_SHA256 $STUNNEL_TAR" | sha256sum --check && tar xfz $STUNNEL_TAR \ && cd stunnel-$STUNNEL_VERSION \ && ./configure \ && make -j4 \ && make install \ && openssl genrsa -out key.pem 2048 \ && openssl req -new -x509 -key key.pem -out cert.pem -days 1095 -subj "/C=US/ST=Washington/L=Seattle/O=Amazon/OU=Codebuild/CN=codebuild.amazon.com" \ && cat key.pem cert.pem >> /usr/local/etc/stunnel/stunnel.pem \ && cd .. && rm -rf stunnel-${STUNNEL_VERSION}* # AWS Tools # https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html RUN curl -sS -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.22.6/2022-03-09/bin/linux/amd64/aws-iam-authenticator \ && curl -sS -o /usr/local/bin/kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.22.6/2022-03-09/bin/linux/amd64/kubectl \ && curl -sS -o /usr/local/bin/ecs-cli https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-linux-amd64-latest \ && curl -sS -L https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_Linux_amd64.tar.gz | tar xz -C /usr/local/bin \ && chmod +x /usr/local/bin/kubectl /usr/local/bin/aws-iam-authenticator /usr/local/bin/ecs-cli /usr/local/bin/eksctl # Configure SSM RUN set -ex \ && yum install -y -q https://s3.amazonaws.com/amazon-ssm-us-east-1/latest/linux_amd64/amazon-ssm-agent.rpm # Install env tools for runtimes ## Dotnet ENV PATH="/root/.dotnet/:/root/.dotnet/tools/:$PATH" RUN set -ex \ && wget -qO /usr/local/bin/dotnet-install.sh https://dot.net/v1/dotnet-install.sh \ && chmod +x /usr/local/bin/dotnet-install.sh ##nodejs ENV N_SRC_DIR="$SRC_DIR/n" RUN git clone https://github.com/tj/n $N_SRC_DIR \ && cd $N_SRC_DIR && make install ##ruby ENV RBENV_SRC_DIR="/usr/local/rbenv" ENV PATH="/root/.rbenv/shims:$RBENV_SRC_DIR/bin:$RBENV_SRC_DIR/shims:$PATH" \ RUBY_BUILD_SRC_DIR="$RBENV_SRC_DIR/plugins/ruby-build" RUN set -ex \ && git clone https://github.com/rbenv/rbenv.git $RBENV_SRC_DIR \ && mkdir -p $RBENV_SRC_DIR/plugins \ && git clone https://github.com/rbenv/ruby-build.git $RUBY_BUILD_SRC_DIR \ && sh $RUBY_BUILD_SRC_DIR/install.sh ##python RUN curl https://pyenv.run | bash ENV PATH="/root/.pyenv/shims:/root/.pyenv/bin:$PATH" ##php RUN curl -L https://raw.githubusercontent.com/phpenv/phpenv-installer/master/bin/phpenv-installer | bash ENV PATH="/root/.phpenv/shims:/root/.phpenv/bin:$PATH" ##go RUN git clone https://github.com/syndbg/goenv.git $HOME/.goenv ENV PATH="/root/.goenv/shims:/root/.goenv/bin:/go/bin:$PATH" ENV GOENV_DISABLE_GOPATH=1 ENV GOPATH="/go" #=======================End of layer: tools ================= FROM tools AS runtimes_1 #**************** JAVA **************************************************** ENV JAVA_17_HOME="/usr/lib/jvm/java-17-amazon-corretto.x86_64" \ JDK_17_HOME="/usr/lib/jvm/java-17-amazon-corretto.x86_64" \ JRE_17_HOME="/usr/lib/jvm/java-17-amazon-corretto.x86_64" \ ANT_VERSION=1.10.13 \ MAVEN_HOME="/opt/maven" \ MAVEN_VERSION=3.9.2 \ INSTALLED_GRADLE_VERSIONS="7.6.1" \ GRADLE_VERSION=7.6.1 \ SBT_VERSION=1.8.3 \ GRADLE_PATH="$SRC_DIR/gradle" \ ANT_DOWNLOAD_SHA512="de4ac604629e39a86a306f0541adb3775596909ad92feb8b7de759b1b286417db24f557228737c8b902d6abf722d2ce5bb0c3baa3640cbeec3481e15ab1958c9" \ MAVEN_DOWNLOAD_SHA512="900bdeeeae550d2d2b3920fe0e00e41b0069f32c019d566465015bdd1b3866395cbe016e22d95d25d51d3a5e614af2c83ec9b282d73309f644859bbad08b63db" \ GRADLE_DOWNLOADS_SHA256="518a863631feb7452b8f1b3dc2aaee5f388355cc3421bbd0275fbeadd77e84b2 7.6.1" \ SBT_DOWNLOAD_SHA256="21F4210786FD68FD15DCA3F4C8EE9CAE0DB249C54E1B0EF6E829E9FA4936423A" \ LOG4J_UNSAFE_VERSIONS="2.11.1 1.2.8" ARG MAVEN_CONFIG_HOME="/root/.m2" ENV JAVA_HOME="$JAVA_17_HOME" \ JDK_HOME="$JDK_17_HOME" \ JRE_HOME="$JRE_17_HOME" RUN set -x \ # Install Amazon Corretto 17 && rpm --import https://yum.corretto.aws/corretto.key \ && curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo \ && yum install -y -q java-17-amazon-corretto java-17-amazon-corretto-devel \ && update-ca-trust \ && for tool_path in $JAVA_HOME/bin/*; do \ tool=`basename $tool_path`; \ update-alternatives --install /usr/bin/$tool $tool $tool_path 10000; \ update-alternatives --set $tool $tool_path; \ done \ && rm $JAVA_HOME/lib/security/cacerts && ln -s /etc/pki/java/cacerts $JAVA_HOME/lib/security/cacerts \ # Install Ant && curl -LSso /var/tmp/apache-ant-$ANT_VERSION-bin.tar.gz https://archive.apache.org/dist/ant/binaries/apache-ant-$ANT_VERSION-bin.tar.gz \ && echo "$ANT_DOWNLOAD_SHA512 /var/tmp/apache-ant-$ANT_VERSION-bin.tar.gz" | sha512sum -c - \ && tar -xzf /var/tmp/apache-ant-$ANT_VERSION-bin.tar.gz -C /opt \ && rm /var/tmp/apache-ant-$ANT_VERSION-bin.tar.gz \ && update-alternatives --install /usr/bin/ant ant /opt/apache-ant-$ANT_VERSION/bin/ant 10000 RUN set -ex \ # Install Maven && mkdir -p $MAVEN_HOME \ && curl -LSso /var/tmp/apache-maven-$MAVEN_VERSION-bin.tar.gz https://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz \ && echo "$MAVEN_DOWNLOAD_SHA512 /var/tmp/apache-maven-$MAVEN_VERSION-bin.tar.gz" | sha512sum -c - \ && tar xzf /var/tmp/apache-maven-$MAVEN_VERSION-bin.tar.gz -C $MAVEN_HOME --strip-components=1 \ && rm /var/tmp/apache-maven-$MAVEN_VERSION-bin.tar.gz \ && update-alternatives --install /usr/bin/mvn mvn /opt/maven/bin/mvn 10000 \ && mkdir -p $MAVEN_CONFIG_HOME \ # Install Gradle && mkdir -p $GRADLE_PATH \ && for version in $INSTALLED_GRADLE_VERSIONS; do { \ wget -q "https://services.gradle.org/distributions/gradle-$version-all.zip" -O "$GRADLE_PATH/gradle-$version-all.zip" \ && unzip -q "$GRADLE_PATH/gradle-$version-all.zip" -d /usr/local \ && echo -e "$GRADLE_DOWNLOADS_SHA256" | grep "$version" | sed "s|$version|$GRADLE_PATH/gradle-$version-all.zip|" | sha256sum -c - \ && rm "$GRADLE_PATH/gradle-$version-all.zip" \ && mkdir "/tmp/gradle-$version" \ && "/usr/local/gradle-$version/bin/gradle" -p "/tmp/gradle-$version" init \ && "/usr/local/gradle-$version/bin/gradle" -p "/tmp/gradle-$version" wrapper \ # Android Studio uses the "-all" distribution for it's wrapper script. && perl -pi -e "s/gradle-$version-bin.zip/gradle-$version-all.zip/" "/tmp/gradle-$version/gradle/wrapper/gradle-wrapper.properties" \ && "/tmp/gradle-$version/gradlew" -p "/tmp/gradle-$version" init \ && rm -rf "/tmp/gradle-$version" \ && if [ "$version" != "$GRADLE_VERSION" ]; then rm -rf "/usr/local/gradle-$version"; fi; \ }; done \ # Install default GRADLE_VERSION to path && ln -s /usr/local/gradle-$GRADLE_VERSION/bin/gradle /usr/bin/gradle \ && rm -rf $GRADLE_PATH \ # Install SBT && curl -fSL "https://github.com/sbt/sbt/releases/download/v${SBT_VERSION}/sbt-${SBT_VERSION}.tgz" -o sbt.tgz \ && echo "${SBT_DOWNLOAD_SHA256} *sbt.tgz" | sha256sum -c - \ && tar xzf sbt.tgz -C /usr/local/bin/ \ && rm sbt.tgz \ && for version in $LOG4J_UNSAFE_VERSIONS; do find / -name log4j*-$version.jar | xargs rm -f; done ENV PATH "/usr/local/bin/sbt/bin:$PATH" RUN sbt version -Dsbt.rootdir=true # Cleanup RUN rm -fr /tmp/* /var/tmp/* #**************** END JAVA **************************************************** #**************** PowerShell ******************************************************* # Install Powershell Core # See instructions at https://docs.microsoft.com/en-us/powershell/scripting/setup/installing-powershell-core-on-linux ENV POWERSHELL_VERSION 7.2.11 ENV POWERSHELL_DOWNLOAD_URL https://github.com/PowerShell/PowerShell/releases/download/v$POWERSHELL_VERSION/powershell-$POWERSHELL_VERSION-linux-x64.tar.gz ENV POWERSHELL_DOWNLOAD_SHA 9D6F798461D172391B508FCF27F9CBBB4BEF307EBFD6886ED50860C322C7D1B3 RUN set -ex \ && curl -SL $POWERSHELL_DOWNLOAD_URL --output powershell.tar.gz \ && echo "$POWERSHELL_DOWNLOAD_SHA powershell.tar.gz" | sha256sum -c - \ && mkdir -p /opt/microsoft/powershell/$POWERSHELL_VERSION \ && tar zxf powershell.tar.gz -C /opt/microsoft/powershell/$POWERSHELL_VERSION \ && rm powershell.tar.gz \ && ln -s /opt/microsoft/powershell/$POWERSHELL_VERSION/pwsh /usr/bin/pwsh #DotNet 6.0 ENV DOTNET_60_SDK_VERSION="6.0.410" ENV DOTNET_ROOT="/root/.dotnet" # Add .NET Core 6.0 Global Tools install folder to PATH RUN /usr/local/bin/dotnet-install.sh -v $DOTNET_60_SDK_VERSION \ && dotnet --list-sdks \ && rm -rf /tmp/* ## Trigger the population of the local package cache ENV NUGET_XMLDOC_MODE skip RUN set -ex \ && mkdir warmup \ && cd warmup \ && dotnet new \ && cd .. \ && rm -rf warmup \ && rm -rf /tmp/NuGetScratch #**************** END Powershell ******************************************************* #**************** NODEJS **************************************************** ENV NODE_16_VERSION="16.20.1" RUN n $NODE_16_VERSION && npm install --save-dev -g -f grunt && npm install --save-dev -g -f grunt-cli && npm install --save-dev -g -f webpack \ && curl -sSL https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo \ && rpm --import https://dl.yarnpkg.com/rpm/pubkey.gpg \ && yum install -y https://dl.fedoraproject.org/pub/epel/8/Modular/x86_64/Packages/l/libuv-1.43.0-2.module_el8+13804+34326f90.x86_64.rpm \ && yum install -y -q yarn \ && yarn --version \ && cd / && rm -rf $N_SRC_DIR && rm -rf /tmp/* #**************** END NODEJS **************************************************** #**************** RUBY ********************************************************* ENV RUBY_31_VERSION="3.1.4" RUN rbenv install $RUBY_31_VERSION && rm -rf /tmp/* && rbenv global $RUBY_31_VERSION && ruby -v #**************** END RUBY ***************************************************** #**************** PYTHON ***************************************************** #Python 3.9 ENV PYTHON_39_VERSION="3.9.17" ENV PYTHON_PIP_VERSION=21.3.1 ENV PYYAML_VERSION=5.4.1 COPY tools/runtime_configs/python/$PYTHON_39_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_39_VERSION RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_39_VERSION && rm -rf /tmp/* RUN pyenv global $PYTHON_39_VERSION RUN set -ex \ && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ && pip3 install --no-cache-dir --upgrade "PyYAML==$PYYAML_VERSION" \ && pip3 install --no-cache-dir --upgrade 'setuptools==57.5.0' wheel aws-sam-cli awscli boto3 pipenv virtualenv --use-feature=2020-resolver #**************** END PYTHON ***************************************************** #**************** PHP **************************************************** ENV PHP_81_VERSION="8.1.20" COPY tools/runtime_configs/php/$PHP_81_VERSION /root/.phpenv/plugins/php-build/share/php-build/definitions/$PHP_81_VERSION RUN phpenv install $PHP_81_VERSION && rm -rf /tmp/* && phpenv global $PHP_81_VERSION RUN echo "memory_limit = 1G;" >> "/root/.phpenv/versions/$PHP_81_VERSION/etc/conf.d/memory.ini" # Install Composer globally RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer #**************** END PHP **************************************************** #**************** GOLANG **************************************************** ENV GOLANG_18_VERSION="1.18.10" ENV GOENV_DISABLE_GOPATH=1 ENV GOPATH="/go" RUN goenv install $GOLANG_18_VERSION && rm -rf /tmp/* && \ goenv global $GOLANG_18_VERSION && \ go env -w GO111MODULE=auto RUN go get -u github.com/golang/dep/cmd/dep #**************** END GOLANG **************************************************** #=======================End of layer: runtimes_1 ================= FROM runtimes_1 AS runtimes_2 #Docker 20 ENV DOCKER_BUCKET="download.docker.com" \ DOCKER_CHANNEL="stable" \ DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" \ DOCKER_COMPOSE_VERSION="1.29.2" ENV DOCKER_SHA256="AB91092320A87691A1EAF0225B48585DB9C69CFF0ED4B0F569F744FF765515E3" ENV DOCKER_VERSION="20.10.24" VOLUME /var/lib/docker RUN set -ex \ && curl -fSL "https://${DOCKER_BUCKET}/linux/static/${DOCKER_CHANNEL}/x86_64/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \ && echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \ && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ && rm docker.tgz \ && docker -v \ # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box && groupadd dockremap \ && useradd -g dockremap dockremap \ && echo 'dockremap:165536:65536' >> /etc/subuid \ && echo 'dockremap:165536:65536' >> /etc/subgid \ && wget -q "https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind" -O /usr/local/bin/dind \ && curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-x86_64 > /usr/local/bin/docker-compose \ && chmod +x /usr/local/bin/dind /usr/local/bin/docker-compose \ && docker-compose version #=======================End of layer: runtimes_2 ================= FROM runtimes_2 AS runtimes_3 # Install GitVersion ENV GITVERSION_VERSION="5.11.1" RUN set -ex \ && dotnet tool install --global GitVersion.Tool --version $GITVERSION_VERSION \ && ln -s ~/.dotnet/tools/dotnet-gitversion /usr/local/bin/gitversion #===================END of runtimes_3 ============== FROM runtimes_3 AS al2_v4 # Configure SSH COPY ssh_config /root/.ssh/config COPY runtimes.yml /codebuild/image/config/runtimes.yml COPY dockerd-entrypoint.sh /usr/local/bin/dockerd-entrypoint.sh COPY legal/THIRD_PARTY_LICENSES.txt /usr/share/doc/THIRD_PARTY_LICENSES.txt COPY legal/bill_of_material.txt /usr/share/doc/bill_of_material.txt COPY amazon-ssm-agent.json /etc/amazon/ssm/amazon-ssm-agent.json ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh"] #=======================End of layer: al2_v4 =================