docker/Dockerfile at main · kokuwaio/docker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# hadolint global ignore=DL3008

##
## Download docker
##

FROM --platform=$BUILDPLATFORM docker.io/library/debian:13.5-slim@sha256:4e401d95de7083948053197a9c3913343cd06b706bf15eb6a0c3ccd26f436a0e AS download
WORKDIR /tmp/docker
RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
	--mount=type=cache,target=/var/cache \
	--mount=type=tmpfs,target=/var/lib/dpkg \
	--mount=type=tmpfs,target=/var/log \
	apt-get -qq update && \
	apt-get -qq install --yes --no-install-recommends ca-certificates curl
ARG TARGETARCH
RUN curl --fail --silent --parallel --remote-name-all \
		"https://download.docker.com/linux/debian/dists/trixie/pool/stable/$TARGETARCH/containerd.io_1.7.28-0~debian.13~trixie_$TARGETARCH.deb" \
		"https://download.docker.com/linux/debian/dists/trixie/pool/stable/$TARGETARCH/docker-buildx-plugin_0.28.0-0~debian.13~trixie_$TARGETARCH.deb" \
		"https://download.docker.com/linux/debian/dists/trixie/pool/stable/$TARGETARCH/docker-ce-cli_28.4.0-1~debian.13~trixie_$TARGETARCH.deb" \
		"https://download.docker.com/linux/debian/dists/trixie/pool/stable/$TARGETARCH/docker-ce_28.4.0-1~debian.13~trixie_$TARGETARCH.deb" \
		"https://download.docker.com/linux/debian/dists/trixie/pool/stable/$TARGETARCH/docker-ce-rootless-extras_28.4.0-1~debian.13~trixie_$TARGETARCH.deb"

##
## Docker Daemon
##

FROM docker.io/library/debian:13.5-slim@sha256:4e401d95de7083948053197a9c3913343cd06b706bf15eb6a0c3ccd26f436a0e AS dockerd
ARG TARGETARCH
RUN --mount=type=bind,from=download,source=/tmp/docker,target=/tmp/docker \
	--mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
	--mount=type=cache,target=/var/cache \
	--mount=type=tmpfs,target=/var/lib/dpkg \
	--mount=type=tmpfs,target=/var/log \
	apt-get -qq update && \
	apt-get -qq install --yes --no-install-recommends ca-certificates \
		"/tmp/docker/containerd.io_1.7.28-0~debian.13~trixie_$TARGETARCH.deb" \
		"/tmp/docker/docker-ce_28.4.0-1~debian.13~trixie_$TARGETARCH.deb" \
		"/tmp/docker/docker-ce-cli_28.4.0-1~debian.13~trixie_$TARGETARCH.deb"
COPY --chmod=555 entrypoint.sh /usr/bin/entrypoint.sh
ENTRYPOINT ["/usr/bin/entrypoint.sh"]

##
## Docker Daemon (rootless)
##

FROM docker.io/library/debian:13.5-slim@sha256:4e401d95de7083948053197a9c3913343cd06b706bf15eb6a0c3ccd26f436a0e AS dockerd-rootless
ARG TARGETARCH
RUN --mount=type=bind,from=download,source=/tmp/docker,target=/tmp/docker \
	--mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
	--mount=type=cache,target=/var/cache \
	--mount=type=tmpfs,target=/var/lib/dpkg \
	--mount=type=tmpfs,target=/var/log \
	apt-get -qq update && \
	apt-get -qq install --yes --no-install-recommends ca-certificates uidmap slirp4netns dbus-user-session iproute2 \
		"/tmp/docker/containerd.io_1.7.28-0~debian.13~trixie_$TARGETARCH.deb" \
		"/tmp/docker/docker-ce_28.4.0-1~debian.13~trixie_$TARGETARCH.deb" \
		"/tmp/docker/docker-ce-cli_28.4.0-1~debian.13~trixie_$TARGETARCH.deb" \
		"/tmp/docker/docker-ce-rootless-extras_28.4.0-1~debian.13~trixie_$TARGETARCH.deb"
RUN useradd rootless --uid 1000 --home-dir /home/rootless --create-home && rm -fr /etc/*- && \
	echo rootless:100000:65536 >> /etc/subuid && \
	echo rootless:100000:65536 >> /etc/subgid && \
	mkdir /run/user -p && chmod 1777 /run/user && \
	mkdir -p /home/rootless/.local/share/docker && \
	chown -R rootless:rootless /home/rootless

VOLUME /home/rootless/.local/share/docker
COPY --chmod=555 entrypoint-rootless.sh /usr/bin/entrypoint.sh
ENTRYPOINT ["/usr/bin/entrypoint.sh"]
USER 1000:1000

##
## Docker CLI
##

FROM docker.io/library/debian:13.5-slim@sha256:4e401d95de7083948053197a9c3913343cd06b706bf15eb6a0c3ccd26f436a0e AS cli-base
ARG TARGETARCH
RUN --mount=type=bind,from=download,source=/tmp/docker,target=/tmp/docker \
	--mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
	--mount=type=cache,target=/var/cache \
	--mount=type=tmpfs,target=/var/lib/dpkg \
	--mount=type=tmpfs,target=/var/log \
	apt-get -qq update && \
	apt-get -qq install --yes --no-install-recommends ca-certificates \
		"/tmp/docker/docker-buildx-plugin_0.28.0-0~debian.13~trixie_$TARGETARCH.deb" \
		"/tmp/docker/docker-ce-cli_28.4.0-1~debian.13~trixie_$TARGETARCH.deb"
RUN mkdir /woodpecker && chown 1000:1000 /woodpecker && chmod -R 777 /woodpecker

FROM cli-base AS cli-base-az
RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
	--mount=type=cache,target=/var/cache \
	--mount=type=tmpfs,target=/var/lib/dpkg \
	--mount=type=tmpfs,target=/var/log \
	apt-get -qq update && \
	apt-get -qq install --yes --no-install-recommends python3 pip
ARG PIP_INDEX_URL
ARG PIP_TRUSTED_HOST
RUN pip install azure-cli==2.87.0 --root-user-action=ignore --break-system-packages --no-cache-dir --progress-bar=off
ENV AZURE_CONFIG_DIR=/tmp/.azure

FROM cli-base AS cli
USER 1000:1000

FROM cli-base AS cli-git
RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
	--mount=type=cache,target=/var/cache \
	--mount=type=tmpfs,target=/var/lib/dpkg \
	--mount=type=tmpfs,target=/var/log \
	apt-get -qq update && \
	apt-get -qq install --yes --no-install-recommends git
USER 1000:1000

FROM cli-base-az AS cli-az
USER 1000:1000

FROM cli-base-az AS cli-az-git
RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
	--mount=type=cache,target=/var/cache \
	--mount=type=tmpfs,target=/var/lib/dpkg \
	--mount=type=tmpfs,target=/var/log \
	apt-get -qq update && \
	apt-get -qq install --yes --no-install-recommends git
USER 1000:1000