|
1 | | -# Build stage |
2 | | -FROM nixos/nix:2.19.2 as nix |
| 1 | +FROM rust:slim AS rust-utils |
| 2 | +# Install rust helper programs |
| 3 | +# ENV CARGO_NET_GIT_FETCH_WITH_CLI=true |
| 4 | +ENV CARGO_INSTALL_ROOT=/tmp/ |
| 5 | +RUN cargo install exa bat ripgrep typos-cli watchexec-cli |
3 | 6 |
|
4 | | -# enable --experimental-features 'nix-command flakes' globally |
5 | | -RUN mkdir -p /etc/nix && echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf |
| 7 | +FROM ubuntu:jammy AS go |
6 | 8 |
|
7 | | -# Copy the Nix related files into the Docker image |
8 | | -COPY flake.nix /app/flake.nix |
9 | | -COPY flake.lock /app/flake.lock |
| 9 | +RUN apt-get update && apt-get install --yes curl gcc |
| 10 | +# Install Go manually, so that we can control the version |
| 11 | +ARG GO_VERSION=1.21.5 |
| 12 | +RUN mkdir --parents /usr/local/go |
10 | 13 |
|
11 | | -# Install dependencies from flake and remove the flake |
12 | | -RUN nix profile install /app#all --priority 4 && rm -rf /app |
| 14 | +# Boring Go is needed to build FIPS-compliant binaries. |
| 15 | +RUN curl --silent --show-error --location \ |
| 16 | + "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" \ |
| 17 | + -o /usr/local/go.tar.gz |
13 | 18 |
|
14 | | -# print all users and groups |
15 | | -RUN cp /etc/passwd /etc/passwd.nix && cp /etc/group /etc/group.nix |
| 19 | +RUN tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 |
16 | 20 |
|
17 | | -# Final image |
18 | | -FROM codercom/enterprise-base:latest as final |
| 21 | +ENV PATH=$PATH:/usr/local/go/bin |
19 | 22 |
|
20 | | -USER root |
| 23 | +# Install Go utilities. |
| 24 | +ARG GOPATH="/tmp/" |
| 25 | +RUN mkdir --parents "$GOPATH" && \ |
| 26 | + # moq for Go tests. |
| 27 | + go install github.com/matryer/moq@v0.2.3 && \ |
| 28 | + # swag for Swagger doc generation |
| 29 | + go install github.com/swaggo/swag/cmd/swag@v1.7.4 && \ |
| 30 | + # go-swagger tool to generate the go coder api client |
| 31 | + go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 && \ |
| 32 | + # goimports for updating imports |
| 33 | + go install golang.org/x/tools/cmd/goimports@v0.1.7 && \ |
| 34 | + # protoc-gen-go is needed to build sysbox from source |
| 35 | + go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.30 && \ |
| 36 | + # drpc support for v2 |
| 37 | + go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.33 && \ |
| 38 | + # migrate for migration support for v2 |
| 39 | + go install github.com/golang-migrate/migrate/v4/cmd/migrate@v4.15.1 && \ |
| 40 | + # goreleaser for compiling v2 binaries |
| 41 | + go install github.com/goreleaser/goreleaser@v1.6.1 && \ |
| 42 | + # Install the latest version of gopls for editors that support |
| 43 | + # the language server protocol |
| 44 | + go install golang.org/x/tools/gopls@latest && \ |
| 45 | + # gotestsum makes test output more readable |
| 46 | + go install gotest.tools/gotestsum@v1.9.0 && \ |
| 47 | + # goveralls collects code coverage metrics from tests |
| 48 | + # and sends to Coveralls |
| 49 | + go install github.com/mattn/goveralls@v0.0.11 && \ |
| 50 | + # kind for running Kubernetes-in-Docker, needed for tests |
| 51 | + go install sigs.k8s.io/kind@v0.10.0 && \ |
| 52 | + # helm-docs generates our Helm README based on a template and the |
| 53 | + # charts and values files |
| 54 | + go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.5.0 && \ |
| 55 | + # sqlc for Go code generation |
| 56 | + (CGO_ENABLED=1 go install github.com/sqlc-dev/sqlc/cmd/sqlc@v1.25.0) && \ |
| 57 | + # gcr-cleaner-cli used by CI to prune unused images |
| 58 | + go install github.com/sethvargo/gcr-cleaner/cmd/gcr-cleaner-cli@v0.5.1 && \ |
| 59 | + # ruleguard for checking custom rules, without needing to run all of |
| 60 | + # golangci-lint. Check the go.mod in the release of golangci-lint that |
| 61 | + # we're using for the version of go-critic that it embeds, then check |
| 62 | + # the version of ruleguard in go-critic for that tag. |
| 63 | + go install github.com/quasilyte/go-ruleguard/cmd/ruleguard@v0.3.13 && \ |
| 64 | + # go-fuzz for fuzzy testing. they don't publish releases so we rely on latest. |
| 65 | + go install github.com/dvyukov/go-fuzz/go-fuzz@latest && \ |
| 66 | + go install github.com/dvyukov/go-fuzz/go-fuzz-build@latest && \ |
| 67 | + # go-releaser for building 'fat binaries' that work cross-platform |
| 68 | + go install github.com/goreleaser/goreleaser@v1.6.1 && \ |
| 69 | + go install mvdan.cc/sh/v3/cmd/shfmt@latest && \ |
| 70 | + # nfpm is used with `make build` to make release packages |
| 71 | + go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.35.1 && \ |
| 72 | + # yq v4 is used to process yaml files in coder v2. Conflicts with |
| 73 | + # yq v3 used in v1. |
| 74 | + go install github.com/mikefarah/yq/v4@v4.30.6 && \ |
| 75 | + mv /tmp/bin/yq /tmp/bin/yq4 && \ |
| 76 | + go install go.uber.org/mock/mockgen@v0.4.0 |
21 | 77 |
|
22 | | -# Copy the Nix related files into the Docker image |
23 | | -COPY --from=nix /nix /nix |
24 | | -COPY --from=nix /etc/nix /etc/nix |
25 | | -COPY --from=nix /root/.nix-profile /root/.nix-profile |
26 | | -COPY --from=nix /root/.nix-defexpr /root/.nix-defexpr |
27 | | -COPY --from=nix /root/.nix-channels /root/.nix-channels |
| 78 | +FROM gcr.io/coder-dev-1/alpine:3.18 as proto |
| 79 | +WORKDIR /tmp |
| 80 | +RUN apk add curl unzip |
| 81 | +RUN curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.3/protoc-23.3-linux-x86_64.zip |
| 82 | +RUN unzip protoc.zip |
28 | 83 |
|
29 | | -# Merge the passwd and group files |
30 | | -COPY --from=nix /etc/passwd.nix /etc/passwd.nix |
31 | | -COPY --from=nix /etc/group.nix /etc/group.nix |
32 | | -RUN cat /etc/passwd.nix >> /etc/passwd && cat /etc/group.nix >> /etc/group && rm /etc/passwd.nix && rm /etc/group.nix |
| 84 | +FROM ubuntu:jammy |
33 | 85 |
|
34 | | -# Update the PATH to include the Nix stuff |
35 | | -ENV PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:$PATH |
| 86 | +SHELL ["/bin/bash", "-c"] |
36 | 87 |
|
37 | | -# Install npm global packages |
38 | | -ENV DEBIAN_FRONTEND=noninteractive |
39 | | -RUN apt-get update && apt-get upgrade -y && \ |
40 | | - npm install -g pnpm playwright@1.36.2 && npx playwright install-deps && npm cache clean --force && \ |
41 | | - rm -rf /var/lib/apt/lists/* |
| 88 | +# Updated certificates are necessary to use the teraswitch mirror. |
| 89 | +# This must be ran before copying in configuration since the config replaces |
| 90 | +# the default mirror with teraswitch. |
| 91 | +RUN apt-get update && apt-get install --yes ca-certificates |
42 | 92 |
|
43 | | -# Set environment variables |
| 93 | +COPY files / |
| 94 | + |
| 95 | +# Install packages from apt repositories |
| 96 | +ARG DEBIAN_FRONTEND="noninteractive" |
| 97 | + |
| 98 | +RUN apt-get update --quiet && apt-get install --yes \ |
| 99 | + apt-transport-https \ |
| 100 | + apt-utils \ |
| 101 | + bash \ |
| 102 | + bash-completion \ |
| 103 | + bats \ |
| 104 | + bind9-dnsutils \ |
| 105 | + build-essential \ |
| 106 | + ca-certificates \ |
| 107 | + cmake \ |
| 108 | + crypto-policies \ |
| 109 | + curl \ |
| 110 | + fd-find \ |
| 111 | + file \ |
| 112 | + git \ |
| 113 | + gnupg \ |
| 114 | + graphviz \ |
| 115 | + htop \ |
| 116 | + httpie \ |
| 117 | + inetutils-tools \ |
| 118 | + iproute2 \ |
| 119 | + iputils-ping \ |
| 120 | + iputils-tracepath \ |
| 121 | + jq \ |
| 122 | + language-pack-en \ |
| 123 | + less \ |
| 124 | + lsb-release \ |
| 125 | + man \ |
| 126 | + meld \ |
| 127 | + net-tools \ |
| 128 | + openjdk-11-jdk-headless \ |
| 129 | + openssh-server \ |
| 130 | + openssl \ |
| 131 | + libssl-dev \ |
| 132 | + pkg-config \ |
| 133 | + python3 \ |
| 134 | + python3-pip \ |
| 135 | + rsync \ |
| 136 | + shellcheck \ |
| 137 | + strace \ |
| 138 | + sudo \ |
| 139 | + tcptraceroute \ |
| 140 | + termshark \ |
| 141 | + traceroute \ |
| 142 | + vim \ |
| 143 | + wget \ |
| 144 | + xauth \ |
| 145 | + zip \ |
| 146 | + ncdu \ |
| 147 | + cargo \ |
| 148 | + asciinema \ |
| 149 | + zsh \ |
| 150 | + ansible \ |
| 151 | + neovim \ |
| 152 | + google-cloud-sdk \ |
| 153 | + google-cloud-sdk-datastore-emulator \ |
| 154 | + kubectl \ |
| 155 | + postgresql-13 \ |
| 156 | + containerd.io \ |
| 157 | + docker-ce \ |
| 158 | + docker-ce-cli \ |
| 159 | + docker-compose-plugin \ |
| 160 | + packer \ |
| 161 | + fish \ |
| 162 | + unzip \ |
| 163 | + zstd \ |
| 164 | + screen \ |
| 165 | + gettext-base && \ |
| 166 | + # Delete package cache to avoid consuming space in layer |
| 167 | + apt-get clean && \ |
| 168 | + # Configure FIPS-compliant policies |
| 169 | + update-crypto-policies --set FIPS |
| 170 | + |
| 171 | +# NOTE: In scripts/Dockerfile.base we specifically install Terraform version 1.5.7 |
| 172 | +# as it is the last version licensed under the MPL. Installing the same version |
| 173 | +# here for consistency. |
| 174 | +RUN wget -O /tmp/terraform.zip "https://releases.hashicorp.com/terraform/1.5.7/terraform_1.5.7_linux_amd64.zip" && \ |
| 175 | + unzip /tmp/terraform.zip -d /usr/local/bin && \ |
| 176 | + rm -f /tmp/terraform.zip && \ |
| 177 | + chmod +x /usr/local/bin/terraform && \ |
| 178 | + terraform --version |
| 179 | + |
| 180 | +# Install the docker buildx component. |
| 181 | +RUN DOCKER_BUILDX_VERSION=$(curl -s "https://api.github.com/repos/docker/buildx/releases/latest" | grep '"tag_name":' | sed -E 's/.*"(v[^"]+)".*/\1/') && \ |
| 182 | + mkdir -p /usr/local/lib/docker/cli-plugins && \ |
| 183 | + curl -Lo /usr/local/lib/docker/cli-plugins/docker-buildx "https://github.com/docker/buildx/releases/download/${DOCKER_BUILDX_VERSION}/buildx-${DOCKER_BUILDX_VERSION}.linux-amd64" && \ |
| 184 | + chmod a+x /usr/local/lib/docker/cli-plugins/docker-buildx |
| 185 | + |
| 186 | +# See https://github.com/cli/cli/issues/6175#issuecomment-1235984381 for proof |
| 187 | +# the apt repository is unreliable |
| 188 | +RUN GH_CLI_VERSION=$(curl -s "https://api.github.com/repos/cli/cli/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \ |
| 189 | + curl -L https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/gh_${GH_CLI_VERSION}_linux_amd64.deb -o gh.deb && \ |
| 190 | + dpkg -i gh.deb && \ |
| 191 | + rm gh.deb |
| 192 | + |
| 193 | +# Install Lazygit |
| 194 | +# See https://github.com/jesseduffield/lazygit#ubuntu |
| 195 | +RUN LAZYGIT_VERSION=$(curl -s "https://api.github.com/repos/jesseduffield/lazygit/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v*([^"]+)".*/\1/') && \ |
| 196 | + curl -Lo lazygit.tar.gz "https://github.com/jesseduffield/lazygit/releases/latest/download/lazygit_${LAZYGIT_VERSION}_Linux_x86_64.tar.gz" && \ |
| 197 | + tar xf lazygit.tar.gz -C /usr/local/bin lazygit |
| 198 | + |
| 199 | +# Install frontend utilities |
| 200 | +RUN apt-get update && \ |
| 201 | + # Node.js (from nodesource) and Yarn (from yarnpkg) |
| 202 | + apt-get install --yes --quiet \ |
| 203 | + nodejs yarn \ |
| 204 | + # Install browsers for e2e testing |
| 205 | + google-chrome-stable microsoft-edge-beta && \ |
| 206 | + # Pre-install system dependencies that Playwright needs. npx doesn't work here |
| 207 | + # for some reason. See https://github.com/microsoft/playwright-cli/issues/136 |
| 208 | + npm i -g playwright@1.36.2 pnpm@^8 corepack && playwright install-deps && \ |
| 209 | + npm cache clean --force |
| 210 | + |
| 211 | +# Ensure PostgreSQL binaries are in the users $PATH. |
| 212 | +RUN update-alternatives --install /usr/local/bin/initdb initdb /usr/lib/postgresql/13/bin/initdb 100 && \ |
| 213 | + update-alternatives --install /usr/local/bin/postgres postgres /usr/lib/postgresql/13/bin/postgres 100 |
| 214 | + |
| 215 | +# Create links for injected dependencies |
| 216 | +RUN ln --symbolic /var/tmp/coder/coder-cli/coder /usr/local/bin/coder && \ |
| 217 | + ln --symbolic /var/tmp/coder/code-server/bin/code-server /usr/local/bin/code-server |
| 218 | + |
| 219 | +# Disable the PostgreSQL systemd service. |
| 220 | +# Coder uses a custom timescale container to test the database instead. |
| 221 | +RUN systemctl disable \ |
| 222 | + postgresql |
| 223 | + |
| 224 | +# Configure systemd services for CVMs |
| 225 | +RUN systemctl enable \ |
| 226 | + docker \ |
| 227 | + ssh |
| 228 | + |
| 229 | +# Install tools with published releases, where that is the |
| 230 | +# preferred/recommended installation method. |
| 231 | +ARG CLOUD_SQL_PROXY_VERSION=2.2.0 \ |
| 232 | + DIVE_VERSION=0.10.0 \ |
| 233 | + DOCKER_GCR_VERSION=2.1.8 \ |
| 234 | + GOLANGCI_LINT_VERSION=1.55.2 \ |
| 235 | + GRYPE_VERSION=0.61.1 \ |
| 236 | + HELM_VERSION=3.12.0 \ |
| 237 | + KUBE_LINTER_VERSION=0.6.3 \ |
| 238 | + KUBECTX_VERSION=0.9.4 \ |
| 239 | + STRIPE_VERSION=1.14.5 \ |
| 240 | + TERRAGRUNT_VERSION=0.45.11 \ |
| 241 | + TRIVY_VERSION=0.41.0 |
| 242 | + |
| 243 | +# cloud_sql_proxy, for connecting to cloudsql instances |
| 244 | +# the upstream go.mod prevents this from being installed with go install |
| 245 | +RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud-sql-proxy.linux.amd64" && \ |
| 246 | + chmod a=rx /usr/local/bin/cloud_sql_proxy && \ |
| 247 | + # dive for scanning image layer utilization metrics in CI |
| 248 | + curl --silent --show-error --location "https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz" | \ |
| 249 | + tar --extract --gzip --directory=/usr/local/bin --file=- dive && \ |
| 250 | + # docker-credential-gcr is a Docker credential helper for pushing/pulling |
| 251 | + # images from Google Container Registry and Artifact Registry |
| 252 | + curl --silent --show-error --location "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${DOCKER_GCR_VERSION}/docker-credential-gcr_linux_amd64-${DOCKER_GCR_VERSION}.tar.gz" | \ |
| 253 | + tar --extract --gzip --directory=/usr/local/bin --file=- docker-credential-gcr && \ |
| 254 | + # golangci-lint performs static code analysis for our Go code |
| 255 | + curl --silent --show-error --location "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz" | \ |
| 256 | + tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 "golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint" && \ |
| 257 | + # Anchore Grype for scanning container images for security issues |
| 258 | + curl --silent --show-error --location "https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz" | \ |
| 259 | + tar --extract --gzip --directory=/usr/local/bin --file=- grype && \ |
| 260 | + # Helm is necessary for deploying Coder |
| 261 | + curl --silent --show-error --location "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | \ |
| 262 | + tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 linux-amd64/helm && \ |
| 263 | + # kube-linter for linting Kubernetes objects, including those |
| 264 | + # that Helm generates from our charts |
| 265 | + curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux" --output /usr/local/bin/kube-linter && \ |
| 266 | + # kubens and kubectx for managing Kubernetes namespaces and contexts |
| 267 | + curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \ |
| 268 | + tar --extract --gzip --directory=/usr/local/bin --file=- kubectx && \ |
| 269 | + curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubens_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \ |
| 270 | + tar --extract --gzip --directory=/usr/local/bin --file=- kubens && \ |
| 271 | + # stripe for coder.com billing API |
| 272 | + curl --silent --show-error --location "https://github.com/stripe/stripe-cli/releases/download/v${STRIPE_VERSION}/stripe_${STRIPE_VERSION}_linux_x86_64.tar.gz" | \ |
| 273 | + tar --extract --gzip --directory=/usr/local/bin --file=- stripe && \ |
| 274 | + # terragrunt for running Terraform and Terragrunt files |
| 275 | + curl --silent --show-error --location --output /usr/local/bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64" && \ |
| 276 | + chmod a=rx /usr/local/bin/terragrunt && \ |
| 277 | + # AquaSec Trivy for scanning container images for security issues |
| 278 | + curl --silent --show-error --location "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" | \ |
| 279 | + tar --extract --gzip --directory=/usr/local/bin --file=- trivy |
| 280 | + |
| 281 | +# Add Vercel globally. We can't install it in packages.json, because it |
| 282 | +# includes Go files which make golangci-lint unhappy. |
| 283 | +RUN yarn global add --prefix=/usr/local \ |
| 284 | + vercel \ |
| 285 | + typescript \ |
| 286 | + typescript-language-server \ |
| 287 | + prettier && \ |
| 288 | + yarn cache clean |
| 289 | + |
| 290 | +# We use yq during "make deploy" to manually substitute out fields in |
| 291 | +# our helm values.yaml file. See https://github.com/helm/helm/issues/3141 |
| 292 | +# |
| 293 | +# TODO: update to 4.x, we can't do this now because it included breaking |
| 294 | +# changes (yq w doesn't work anymore) |
| 295 | +# RUN curl --silent --show-error --location "https://github.com/mikefarah/yq/releases/download/v4.9.0/yq_linux_amd64.tar.gz" | \ |
| 296 | +# tar --extract --gzip --directory=/usr/local/bin --file=- ./yq_linux_amd64 && \ |
| 297 | +# mv /usr/local/bin/yq_linux_amd64 /usr/local/bin/yq |
| 298 | + |
| 299 | +RUN curl --silent --show-error --location --output /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64" && \ |
| 300 | + chmod a=rx /usr/local/bin/yq |
| 301 | + |
| 302 | +# Install GoLand. |
| 303 | +RUN mkdir --parents /usr/local/goland && \ |
| 304 | + curl --silent --show-error --location "https://download.jetbrains.com/go/goland-2021.2.tar.gz" | \ |
| 305 | + tar --extract --gzip --directory=/usr/local/goland --file=- --strip-components=1 && \ |
| 306 | + ln --symbolic /usr/local/goland/bin/goland.sh /usr/local/bin/goland |
| 307 | + |
| 308 | +# Install Antlrv4, needed to generate paramlang lexer/parser |
| 309 | +RUN curl --silent --show-error --location --output /usr/local/lib/antlr-4.9.2-complete.jar "https://www.antlr.org/download/antlr-4.9.2-complete.jar" |
| 310 | +ENV CLASSPATH="/usr/local/lib/antlr-4.9.2-complete.jar:${PATH}" |
| 311 | + |
| 312 | +# Add coder user and allow use of docker/sudo |
| 313 | +RUN useradd coder \ |
| 314 | + --create-home \ |
| 315 | + --shell=/bin/bash \ |
| 316 | + --groups=docker \ |
| 317 | + --uid=1000 \ |
| 318 | + --user-group |
| 319 | + |
| 320 | +# Adjust OpenSSH config |
| 321 | +RUN echo "PermitUserEnvironment yes" >>/etc/ssh/sshd_config && \ |
| 322 | + echo "X11Forwarding yes" >>/etc/ssh/sshd_config && \ |
| 323 | + echo "X11UseLocalhost no" >>/etc/ssh/sshd_config |
| 324 | + |
| 325 | +# We avoid copying the extracted directory since COPY slows to minutes when there |
| 326 | +# are a lot of small files. |
| 327 | +COPY --from=go /usr/local/go.tar.gz /usr/local/go.tar.gz |
| 328 | +RUN mkdir /usr/local/go && \ |
| 329 | + tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 |
| 330 | + |
| 331 | +ENV PATH=$PATH:/usr/local/go/bin |
| 332 | + |
| 333 | +RUN update-alternatives --install /usr/local/bin/gofmt gofmt /usr/local/go/bin/gofmt 100 |
| 334 | + |
| 335 | +COPY --from=go /tmp/bin /usr/local/bin |
| 336 | +COPY --from=rust-utils /tmp/bin /usr/local/bin |
| 337 | +COPY --from=proto /tmp/bin /usr/local/bin |
| 338 | +COPY --from=proto /tmp/include /usr/local/bin/include |
| 339 | + |
| 340 | +USER coder |
| 341 | + |
| 342 | +# Ensure go bins are in the 'coder' user's path. Note that no go bins are |
| 343 | +# installed in this docker file, as they'd be mounted over by the persistent |
| 344 | +# home volume. |
| 345 | +ENV PATH="/home/coder/go/bin:${PATH}" |
| 346 | + |
| 347 | +# This setting prevents Go from using the public checksum database for |
| 348 | +# our module path prefixes. It is required because these are in private |
| 349 | +# repositories that require authentication. |
| 350 | +# |
| 351 | +# For details, see: https://golang.org/ref/mod#private-modules |
44 | 352 | ENV GOPRIVATE="coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" |
45 | 353 |
|
46 | 354 | # Increase memory allocation to NodeJS |
47 | 355 | ENV NODE_OPTIONS="--max-old-space-size=8192" |
48 | | - |
49 | | -USER coder |
|
0 commit comments