# Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License. # A copy of the License is located at # # http://aws.amazon.com/asl/ # # or in the "license" file accompanying this file. # This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. # See the License for the specific language governing permissions and limitations under the License. FROM public.ecr.aws/amazoncorretto/amazoncorretto:11 # Install git, SSH, and other utilities RUN set -ex \ && yum update -y \ && yum install -y -q openssh-clients tar gzip wget unzip perl\ && mkdir ~/.ssh \ && mkdir -p /opt/tools \ && mkdir -p /codebuild/image/config \ && touch ~/.ssh/known_hosts \ && ssh-keyscan -t rsa,dsa,ed25519,ecdsa -H github.com >> ~/.ssh/known_hosts \ && ssh-keyscan -t rsa,dsa,ed25519,ecdsa -H bitbucket.org >> ~/.ssh/known_hosts \ && chmod 600 ~/.ssh/known_hosts \ && yum install -y -q make gettext-devel gcc openssl-devel curl-devel expat-devel iptables RUN useradd codebuild-user ARG MAVEN_HOME="/opt/maven" ARG MAVEN_VERSION=3.9.1 ARG MAVEN_CONFIG_HOME="/root/.m2" ARG GRADLE_VERSION=8.1.1 ARG GRADLE_PATH="/usr/local/gradle" RUN set -ex \ # Install Maven && mkdir -p $MAVEN_HOME \ && curl -LSso /var/tmp/apache-maven-$MAVEN_VERSION-bin.tar.gz https://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz \ && tar xzf /var/tmp/apache-maven-$MAVEN_VERSION-bin.tar.gz -C $MAVEN_HOME --strip-components=1 \ && rm /var/tmp/apache-maven-$MAVEN_VERSION-bin.tar.gz \ && update-alternatives --install /usr/bin/mvn mvn /opt/maven/bin/mvn 10000 \ && mkdir -p $MAVEN_CONFIG_HOME \ # Install Gradle && mkdir -p $GRADLE_PATH \ && wget -q "https://services.gradle.org/distributions/gradle-$GRADLE_VERSION-all.zip" -O "$GRADLE_PATH/gradle-$GRADLE_VERSION-all.zip" \ && unzip -q "$GRADLE_PATH/gradle-$GRADLE_VERSION-all.zip" -d /usr/local \ && rm "$GRADLE_PATH/gradle-$GRADLE_VERSION-all.zip" \ && mkdir "/tmp/gradle-$GRADLE_VERSION" \ && "/usr/local/gradle-$GRADLE_VERSION/bin/gradle" -p "/tmp/gradle-$GRADLE_VERSION" init \ && "/usr/local/gradle-$GRADLE_VERSION/bin/gradle" -p "/tmp/gradle-$GRADLE_VERSION" wrapper \ && perl -pi -e "s/gradle-$GRADLE_VERSION-bin.zip/gradle-$GRADLE_VERSION-all.zip/" "/tmp/gradle-$GRADLE_VERSION/gradle/wrapper/gradle-wrapper.properties" \ && "/tmp/gradle-$GRADLE_VERSION/gradlew" -p "/tmp/gradle-$GRADLE_VERSION" init \ && rm -rf "/tmp/gradle-$GRADLE_VERSION" \ # Install default GRADLE_VERSION to path && ln -s /usr/local/gradle-$GRADLE_VERSION/bin/gradle /usr/bin/gradle \ && rm -rf $GRADLE_PATH # Install Git RUN set -ex \ && GIT_VERSION=2.41.0 \ && GIT_TAR_FILE=git-$GIT_VERSION.tar.gz \ && GIT_SRC=https://github.com/git/git/archive/v${GIT_VERSION}.tar.gz \ && curl -L -o $GIT_TAR_FILE $GIT_SRC \ && tar zxf $GIT_TAR_FILE \ && cd git-$GIT_VERSION \ && make -j4 prefix=/usr \ && make install prefix=/usr \ && cd .. && rm -rf git-$GIT_VERSION \ && rm -rf $GIT_TAR_FILE /tmp/* #Docker 23 ENV DOCKER_BUCKET="download.docker.com" \ DOCKER_CHANNEL="stable" \ DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" \ DOCKER_COMPOSE_VERSION="2.17.3" \ DOCKER_BUILDX_VERSION="0.11.0" ENV DOCKER_SHA256="544262F4A3621222AFB79960BFAD4D486935DAB80893478B5CC9CF8EBAF409AE" ENV DOCKER_VERSION="23.0.6" VOLUME /var/lib/docker RUN set -ex \ && curl -fSL "https://${DOCKER_BUCKET}/linux/static/${DOCKER_CHANNEL}/x86_64/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \ && echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \ && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ && rm docker.tgz \ && docker -v \ # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box && groupadd dockremap \ && useradd -g dockremap dockremap \ && echo 'dockremap:165536:65536' >> /etc/subuid \ && echo 'dockremap:165536:65536' >> /etc/subgid \ && wget -q "https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind" -O /usr/local/bin/dind \ # Install docker compose as docker plugin and maintain docker-compose usage && mkdir -p /usr/local/lib/docker/cli-plugins \ && curl -L https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose \ && chmod +x /usr/local/bin/dind /usr/local/lib/docker/cli-plugins/docker-compose \ && ln -s /usr/local/lib/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose \ # Ensure docker-compose and docker compose work && docker-compose version \ && docker compose version \ # Add docker buildx tool && curl -L https://github.com/docker/buildx/releases/download/v${DOCKER_BUILDX_VERSION}/buildx-v${DOCKER_BUILDX_VERSION}.linux-amd64 -o /usr/local/lib/docker/cli-plugins/docker-buildx \ && chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx \ && ln -s /usr/local/lib/docker/cli-plugins/docker-buildx /usr/local/bin/docker-buildx \ # Ensure docker-buildx works && docker-buildx version \ && docker buildx version # Configure SSH COPY ssh_config /root/.ssh/config COPY runtimes.yml /codebuild/image/config/runtimes.yml COPY dockerd-entrypoint.sh /usr/local/bin/dockerd-entrypoint.sh RUN chmod +x /usr/local/bin/dockerd-entrypoint.sh COPY legal/bill_of_material.txt /usr/share/doc/bill_of_material.txt ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh"]