| # debian.sh --arch 'arm64' out/ 'bookworm' '@1747699200' |
| RUN /bin/sh -c groupadd --gid 1000 node && useradd --uid 1000 --gid node --shell /bin/bash --create-home node # buildkit |
| ENV NODE_VERSION=23.11.1 |
| RUN /bin/sh -c ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" && case "${dpkgArch##*-}" in amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; *) echo "unsupported architecture"; exit 1 ;; esac && set -ex && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends && rm -rf /var/lib/apt/lists/* && export GNUPGHOME="$(mktemp -d)" && for key in C0D6248439F1D5604AAFFB4021D900FFDB233756 DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 CC68F5A3106FF448322E48ED27F5E38D5B0A215F 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C 108F52B48DB57BB0CC439B2997B01419BD92F80A A363A499291CBBC940DD62E41F10027AF002F8B0 ; do gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; done && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc && gpgconf --kill all && rm -rf "$GNUPGHOME" && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; && apt-mark auto '.*' > /dev/null && find /usr/local -type f -executable -exec ldd '{}' ';' | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' | sort -u | xargs -r dpkg-query --search | cut -d: -f1 | sort -u | xargs -r apt-mark manual && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false && ln -s /usr/local/bin/node /usr/local/bin/nodejs && node --version && npm --version && rm -rf /tmp/* # buildkit |
| ENV YARN_VERSION=1.22.22 |
| RUN /bin/sh -c set -ex && savedAptMark="$(apt-mark showmanual)" && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends && rm -rf /var/lib/apt/lists/* && export GNUPGHOME="$(mktemp -d)" && for key in 6A010C5166006599AA17F08146C2130DFD2497F5 ; do gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; done && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && gpgconf --kill all && rm -rf "$GNUPGHOME" && mkdir -p /opt && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && apt-mark auto '.*' > /dev/null && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } && find /usr/local -type f -executable -exec ldd '{}' ';' | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' | sort -u | xargs -r dpkg-query --search | cut -d: -f1 | sort -u | xargs -r apt-mark manual && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false && yarn --version && rm -rf /tmp/* # buildkit |
| COPY docker-entrypoint.sh /usr/local/bin/ # buildkit |
| ENTRYPOINT ["docker-entrypoint.sh"] |
| CMD ["node"] |
| ENV DUMB_INIT_VERSION=1.2.5-2 |
| ENV GIT_VERSION=1:2.39.5-0+deb12u3 |
| ENV CURL_VERSION=7.88.1-10+deb12u14 |
| ENV JQ_VERSION=1.6-2.1+deb12u1 |
| ENV DOCKER_CLI_VERSION=27.4.0 |
| ENV DOCKER_BUILDX_VERSION=0.32.1 |
| ENV SHELLCHECK_VERSION=0.9.0-1 |
| ENV RIPGREP_VERSION=13.0.0-4+b2 |
| ENV MAKE_VERSION=4.3-4.1 |
| ENV PYTHON3_VERSION=3.11.2-1+b1 |
| ENV PYTHON3_PIP_VERSION=23.0.1+dfsg-1 |
| ENV PRE_COMMIT_VERSION=4.5.1 |
| ENV CA_CERTIFICATES_VERSION=20230311+deb12u1 |
| ENV XCLIP_VERSION=0.13-2 |
| ENV WL_CLIPBOARD_VERSION=2.1.0-0.1+b1 |
| ENV HADOLINT_VERSION=2.14.0 |
| ENV NPM_VERSION=11.12.0 |
| ENV OPENCODE_VERSION=1.2.27 |
| ENV STARSHIP_VERSION=1.24.2 |
| ARG TARGETARCH=arm64 |
| ARG DOCKER_GID=999 |
| RUN |2 TARGETARCH=arm64 DOCKER_GID=999 /bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates=$CA_CERTIFICATES_VERSION dumb-init=$DUMB_INIT_VERSION git=$GIT_VERSION curl=$CURL_VERSION jq=$JQ_VERSION shellcheck=$SHELLCHECK_VERSION ripgrep make=$MAKE_VERSION python3 python3-pip=$PYTHON3_PIP_VERSION xclip=$XCLIP_VERSION && case "$TARGETARCH" in amd64|arm64) if ! apt-get install -y --no-install-recommends wl-clipboard=$WL_CLIPBOARD_VERSION; then apt-get install -y --no-install-recommends wl-clipboard; fi ;; *) echo "Unsupported TARGETARCH: $TARGETARCH" >&2; exit 1 ;; esac && python3 -m pip install --no-cache-dir --break-system-packages pre-commit==${PRE_COMMIT_VERSION} && case "$TARGETARCH" in amd64) docker_arch="x86_64" ;; arm64) docker_arch="aarch64" ;; *) echo "Unsupported TARGETARCH: $TARGETARCH" >&2; exit 1 ;; esac && curl -fsSL "https://download.docker.com/linux/static/stable/${docker_arch}/docker-${DOCKER_CLI_VERSION}.tgz" -o /tmp/docker.tgz && tar -xzf /tmp/docker.tgz -C /tmp && install -m 0755 /tmp/docker/docker /usr/local/bin/docker && curl -fsSL "https://github.com/docker/buildx/releases/download/v${DOCKER_BUILDX_VERSION}/buildx-v${DOCKER_BUILDX_VERSION}.linux-${TARGETARCH}" -o /tmp/docker-buildx && install -D -m 0755 /tmp/docker-buildx /usr/local/libexec/docker/cli-plugins/docker-buildx && rm -rf /tmp/docker /tmp/docker.tgz && rm -f /tmp/docker-buildx && if ! getent group docker >/dev/null; then groupadd -g ${DOCKER_GID} docker; fi && usermod -aG docker node && rm -rf /var/lib/apt/lists/* && apt-get clean # buildkit |
| RUN |2 TARGETARCH=arm64 DOCKER_GID=999 /bin/sh -c case "$TARGETARCH" in amd64) hadolint_arch="x86_64" ;; arm64) hadolint_arch="arm64" ;; *) echo "Unsupported TARGETARCH: $TARGETARCH" >&2; exit 1 ;; esac && curl -fsSL "https://github.com/hadolint/hadolint/releases/download/v${HADOLINT_VERSION}/hadolint-Linux-${hadolint_arch}" -o /usr/local/bin/hadolint && chmod 0755 /usr/local/bin/hadolint # buildkit |
| RUN |2 TARGETARCH=arm64 DOCKER_GID=999 /bin/sh -c npm install -g npm@${NPM_VERSION} && npm install -g opencode-ai@${OPENCODE_VERSION} && npm cache clean --force # buildkit |
| RUN |2 TARGETARCH=arm64 DOCKER_GID=999 /bin/sh -c case "$TARGETARCH" in amd64) starship_archive="starship-x86_64-unknown-linux-gnu.tar.gz" ;; arm64) starship_archive="starship-aarch64-unknown-linux-musl.tar.gz" ;; *) echo "Unsupported TARGETARCH: $TARGETARCH" >&2; exit 1 ;; esac && curl -fsSL "https://github.com/starship/starship/releases/download/v${STARSHIP_VERSION}/${starship_archive}" -o /tmp/starship.tar.gz && tar -xzf /tmp/starship.tar.gz -C /tmp && install -m 0755 /tmp/starship /usr/local/bin/starship && rm -rf /tmp/starship.tar.gz /tmp/starship && printf '\nif [ -x /usr/local/bin/starship ]; then\n eval "$(starship init bash)"\nfi\n' >> /etc/bash.bashrc # buildkit |
| RUN |2 TARGETARCH=arm64 DOCKER_GID=999 /bin/sh -c mkdir -p /home/node/.cache/starship && chown -R node:node /home/node/.cache # buildkit |
| USER node |
| WORKDIR /workspace |
| ENTRYPOINT ["dumb-init" "--"] |
| CMD ["opencode"] |
