opendev/system-config
Code Issues Proposed changes
system-config/docker/gerrit/base/Dockerfile
Clark Boylan 3fdec9d20f Update Gerrit images to 3.3.9 and 3.4.3 
This includes the fixes for right to left unicode that we've already
picked up, but now in an official release. It also updates Elasticsearch
support to prevent use with elasticsearch versions that are vulnerable
to log4shell. We don't use elasticsearch with Gerrit so this doesn't
affect us.

Change-Id: Ifbba7391bd16bc20c003293030a71e0ea787d0c7
2021-12-27 11:41:56 -08:00

82 lines
2.5 KiB
Docker
Raw Blame History

# Copyright (c) 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Mon Dec 27 19:33:56 UTC 2021 - trigger rebuild
FROM docker.io/opendevorg/python-builder:3.9-bullseye as builder
COPY . /tmp/src
RUN assemble
FROM docker.io/library/openjdk:11-bullseye as gerrit-base
RUN echo 'APT::Install-Recommends "0";' > /etc/apt/apt.conf.d/95disable-recommends
# libcgi-pm-perl is for gitweb
RUN apt-get update \
&& apt-get install -y dumb-init python3-launchpadlib python3-distutils \
wget unzip libcgi-pm-perl \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& curl https://bootstrap.pypa.io/get-pip.py > /tmp/get-pip.py \
&& python3 /tmp/get-pip.py \
&& rm /tmp/get-pip.py
COPY --from=builder /output/ /output
RUN /output/install-from-bindep
# 3000 is what the existing opendev gerrit2 uid is
RUN addgroup gerrit --gid 3000 --system \
&& adduser \
--system \
--uid 3000 \
--home /var/gerrit \
--shell /bin/bash \
--ingroup gerrit \
gerrit
# Startup scripts
COPY wait-for-it.sh /wait-for-it.sh
RUN chmod +x /wait-for-it.sh
COPY run-gerrit.sh /run-gerrit.sh
RUN chmod +x /run-gerrit.sh
USER gerrit
RUN mkdir /var/gerrit/bin \
&& mkdir /var/gerrit/hooks \
&& mkdir /var/gerrit/static
# Download mariadb java client.
# Modern gerrit stopped downloading missing libs during init which means we
# need to do the downland and install ourselves.
RUN mkdir /var/gerrit/lib && \
wget https://repo1.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/2.7.2/mariadb-java-client-2.7.2.jar -O /var/gerrit/lib/mariadb-java-client.jar
# Allow incoming traffic
# OpenDev Gerrit listens on 8081 not default of 8080
EXPOSE 29418 8081
VOLUME /var/gerrit/git /var/gerrit/index /var/gerrit/cache /var/gerrit/db /var/gerrit/etc /var/log/gerrit /var/gerrit/tmp
RUN ln -s /var/log/gerrit /var/gerrit/logs
# container.javaOptions
# Also include container.heapLimit - but with -Xmx prefixing it
ENV JAVA_OPTIONS ""
# Ulimits should be set on command line or in docker-compose.yaml
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD "/run-gerrit.sh"
View Git Blame Copy Permalink