-
Notifications
You must be signed in to change notification settings - Fork 44
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: Bryan Latten <[email protected]>
- Loading branch information
1 parent
a434c80
commit 95e7bb1
Showing
3 changed files
with
43 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
FROM centos:8 as base | ||
|
||
### Stage 1 - add/remove packages ### | ||
|
||
# Ensure scripts are available for use in next command | ||
COPY ./container/root/scripts/* /scripts/ | ||
|
||
# - Symlink variant-specific scripts to default location | ||
# - Upgrade base security packages, then clean packaging leftover | ||
# - Add S6 for zombie reaping, boot-time coordination, signal transformation/distribution: @see https://github.com/just-containers/s6-overlay#known-issues-and-workarounds | ||
# - Add goss for local, serverspec-like testing | ||
RUN ln -s /scripts/clean_centos.sh /clean.sh && \ | ||
ln -s /scripts/security_updates_centos.sh /security_updates.sh && \ | ||
/bin/bash -e /security_updates.sh && \ | ||
rpm -e systemd --nodeps && \ | ||
/bin/bash -e /clean.sh && \ | ||
/bin/bash -e /scripts/install_s6.sh && \ | ||
/bin/bash -e /scripts/install_goss.sh | ||
|
||
# Overlay the root filesystem from this repo | ||
COPY ./container/root / | ||
|
||
|
||
### Stage 2 --- collapse layers ### | ||
|
||
FROM scratch | ||
COPY --from=base / . | ||
|
||
# Use in multi-phase builds, when an init process requests for the container to gracefully exit, so that it may be committed | ||
# Used with alternative CMD (worker.sh), leverages supervisor to maintain long-running processes | ||
ENV SIGNAL_BUILD_STOP=99 \ | ||
S6_BEHAVIOUR_IF_STAGE2_FAILS=2 \ | ||
S6_KILL_FINISH_MAXTIME=5000 \ | ||
S6_KILL_GRACETIME=3000 | ||
|
||
RUN goss -g goss.base.yaml validate | ||
|
||
# NOTE: intentionally NOT using s6 init as the entrypoint | ||
# This would prevent container debugging if any of those service crash | ||
CMD ["/bin/bash", "/run.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters