blob: 5207d694e0966b23b5ed5aa8daec1dbc6fdbbd29 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
# -- <worker_dependencies> --
FROM docker:dind AS worker_dependencies
# -- </worker_dependencies> --
# -- <ci_worker> --
FROM img.liz.coffee/emprespresso/ci_base:release AS worker
ENV PIPELINE_PATH=/app/worker/dist/scripts
RUN chmod +x /app/worker/dist/scripts/*
RUN mkdir -p /var/lib/laminar/cfg
RUN cp -r /app/worker/jobs /var/lib/laminar/cfg
# see: https://github.com/nodejs/docker-node/blame/89b29ef06b421598ec007605a2604ede0348b298/22/bullseye-slim/Dockerfile#L3-L4
RUN chown -R node:node /var/lib/laminar
# adding a user to only the group"docker" doesn't deterministically give it access to the
# docker socket of the host.
# e.g. host has /etc/groups: docker:995, container has /etc/groups: docker:996
# because i'm likely the only one to ever touch this, and i FORCE "docker" to be 996, this will
# be hardcoded defaulting to 995.
ARG DOCKER_GID="995" # but it may be overridden via this `DOCKER_GID` build arg.
RUN groupadd -g ${DOCKER_GID} docker
RUN usermod -a -d /var/lib/laminar -G docker node
COPY --from=worker_dependencies /usr/local/bin/docker /usr/local/bin/
USER node
WORKDIR /var/lib/laminar
EXPOSE 8080
CMD [ "/usr/sbin/laminard" ]
# -- </ci_worker> --
|
