|
1 | | -FROM rust:slim AS rust-utils |
2 | | -# Install rust helper programs |
3 | | -# ENV CARGO_NET_GIT_FETCH_WITH_CLI=true |
4 | | -ENV CARGO_INSTALL_ROOT=/tmp/ |
5 | | -RUN cargo install exa bat ripgrep typos-cli watchexec-cli |
| 1 | +# Build stage |
| 2 | +FROM nixos/nix:2.19.2 as nix |
6 | 3 |
|
7 | | -FROM ubuntu:jammy AS go |
| 4 | +# enable --experimental-features 'nix-command flakes' globally |
| 5 | +RUN mkdir -p /etc/nix && echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf |
8 | 6 |
|
9 | | -RUN apt-get update && apt-get install --yes curl gcc |
10 | | -# Install Go manually, so that we can control the version |
11 | | -ARG GO_VERSION=1.21.5 |
12 | | -RUN mkdir --parents /usr/local/go |
| 7 | +# Copy the Nix related files into the Docker image |
| 8 | +COPY flake.nix /app/flake.nix |
| 9 | +COPY flake.lock /app/flake.lock |
13 | 10 |
|
14 | | -# Boring Go is needed to build FIPS-compliant binaries. |
15 | | -RUN curl --silent --show-error --location \ |
16 | | - "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" \ |
17 | | - -o /usr/local/go.tar.gz |
| 11 | +# Install dependencies from flake and remove the flake |
| 12 | +RUN nix profile install /app#all --priority 4 && rm -rf /app |
18 | 13 |
|
19 | | -RUN tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 |
| 14 | +# print all users and groups |
| 15 | +RUN cp /etc/passwd /etc/passwd.nix && cp /etc/group /etc/group.nix |
20 | 16 |
|
21 | | -ENV PATH=$PATH:/usr/local/go/bin |
| 17 | +# Final image |
| 18 | +FROM codercom/enterprise-base:latest as final |
22 | 19 |
|
23 | | -# Install Go utilities. |
24 | | -ARG GOPATH="/tmp/" |
25 | | -RUN mkdir --parents "$GOPATH" && \ |
26 | | - # moq for Go tests. |
27 | | - go install github.com/matryer/moq@v0.2.3 && \ |
28 | | - # swag for Swagger doc generation |
29 | | - go install github.com/swaggo/swag/cmd/swag@v1.7.4 && \ |
30 | | - # go-swagger tool to generate the go coder api client |
31 | | - go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 && \ |
32 | | - # goimports for updating imports |
33 | | - go install golang.org/x/tools/cmd/goimports@v0.1.7 && \ |
34 | | - # protoc-gen-go is needed to build sysbox from source |
35 | | - go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.30 && \ |
36 | | - # drpc support for v2 |
37 | | - go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.33 && \ |
38 | | - # migrate for migration support for v2 |
39 | | - go install github.com/golang-migrate/migrate/v4/cmd/migrate@v4.15.1 && \ |
40 | | - # goreleaser for compiling v2 binaries |
41 | | - go install github.com/goreleaser/goreleaser@v1.6.1 && \ |
42 | | - # Install the latest version of gopls for editors that support |
43 | | - # the language server protocol |
44 | | - go install golang.org/x/tools/gopls@latest && \ |
45 | | - # gotestsum makes test output more readable |
46 | | - go install gotest.tools/gotestsum@v1.9.0 && \ |
47 | | - # goveralls collects code coverage metrics from tests |
48 | | - # and sends to Coveralls |
49 | | - go install github.com/mattn/goveralls@v0.0.11 && \ |
50 | | - # kind for running Kubernetes-in-Docker, needed for tests |
51 | | - go install sigs.k8s.io/kind@v0.10.0 && \ |
52 | | - # helm-docs generates our Helm README based on a template and the |
53 | | - # charts and values files |
54 | | - go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.5.0 && \ |
55 | | - # sqlc for Go code generation |
56 | | - (CGO_ENABLED=1 go install github.com/sqlc-dev/sqlc/cmd/sqlc@v1.25.0) && \ |
57 | | - # gcr-cleaner-cli used by CI to prune unused images |
58 | | - go install github.com/sethvargo/gcr-cleaner/cmd/gcr-cleaner-cli@v0.5.1 && \ |
59 | | - # ruleguard for checking custom rules, without needing to run all of |
60 | | - # golangci-lint. Check the go.mod in the release of golangci-lint that |
61 | | - # we're using for the version of go-critic that it embeds, then check |
62 | | - # the version of ruleguard in go-critic for that tag. |
63 | | - go install github.com/quasilyte/go-ruleguard/cmd/ruleguard@v0.3.13 && \ |
64 | | - # go-fuzz for fuzzy testing. they don't publish releases so we rely on latest. |
65 | | - go install github.com/dvyukov/go-fuzz/go-fuzz@latest && \ |
66 | | - go install github.com/dvyukov/go-fuzz/go-fuzz-build@latest && \ |
67 | | - # go-releaser for building 'fat binaries' that work cross-platform |
68 | | - go install github.com/goreleaser/goreleaser@v1.6.1 && \ |
69 | | - go install mvdan.cc/sh/v3/cmd/shfmt@latest && \ |
70 | | - # nfpm is used with `make build` to make release packages |
71 | | - go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.35.1 && \ |
72 | | - # yq v4 is used to process yaml files in coder v2. Conflicts with |
73 | | - # yq v3 used in v1. |
74 | | - go install github.com/mikefarah/yq/v4@v4.30.6 && \ |
75 | | - mv /tmp/bin/yq /tmp/bin/yq4 && \ |
76 | | - go install go.uber.org/mock/mockgen@v0.4.0 |
| 20 | +USER root |
77 | 21 |
|
78 | | -FROM gcr.io/coder-dev-1/alpine:3.18 as proto |
79 | | -WORKDIR /tmp |
80 | | -RUN apk add curl unzip |
81 | | -RUN curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.3/protoc-23.3-linux-x86_64.zip |
82 | | -RUN unzip protoc.zip |
| 22 | +# Copy the Nix related files into the Docker image |
| 23 | +COPY --from=nix /nix /nix |
| 24 | +COPY --from=nix /etc/nix /etc/nix |
| 25 | +COPY --from=nix /root/.nix-profile /root/.nix-profile |
| 26 | +COPY --from=nix /root/.nix-defexpr /root/.nix-defexpr |
| 27 | +COPY --from=nix /root/.nix-channels /root/.nix-channels |
83 | 28 |
|
84 | | -FROM ubuntu:jammy |
| 29 | +# Merge the passwd and group files |
| 30 | +COPY --from=nix /etc/passwd.nix /etc/passwd.nix |
| 31 | +COPY --from=nix /etc/group.nix /etc/group.nix |
| 32 | +RUN cat /etc/passwd.nix >> /etc/passwd && cat /etc/group.nix >> /etc/group && rm /etc/passwd.nix && rm /etc/group.nix |
85 | 33 |
|
86 | | -SHELL ["/bin/bash", "-c"] |
| 34 | +# Update the PATH to include the Nix stuff |
| 35 | +ENV PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:$PATH |
87 | 36 |
|
88 | | -# Updated certificates are necessary to use the teraswitch mirror. |
89 | | -# This must be ran before copying in configuration since the config replaces |
90 | | -# the default mirror with teraswitch. |
91 | | -RUN apt-get update && apt-get install --yes ca-certificates |
| 37 | +# Install npm global packages |
| 38 | +ENV DEBIAN_FRONTEND=noninteractive |
| 39 | +RUN apt-get update && apt-get upgrade -y && \ |
| 40 | + npm install -g pnpm playwright@1.36.2 && npx playwright install-deps && npm cache clean --force && \ |
| 41 | + rm -rf /var/lib/apt/lists/* |
92 | 42 |
|
93 | | -COPY files / |
94 | | - |
95 | | -# Install packages from apt repositories |
96 | | -ARG DEBIAN_FRONTEND="noninteractive" |
97 | | - |
98 | | -RUN apt-get update --quiet && apt-get install --yes \ |
99 | | - apt-transport-https \ |
100 | | - apt-utils \ |
101 | | - bash \ |
102 | | - bash-completion \ |
103 | | - bats \ |
104 | | - bind9-dnsutils \ |
105 | | - build-essential \ |
106 | | - ca-certificates \ |
107 | | - cmake \ |
108 | | - crypto-policies \ |
109 | | - curl \ |
110 | | - fd-find \ |
111 | | - file \ |
112 | | - git \ |
113 | | - gnupg \ |
114 | | - graphviz \ |
115 | | - htop \ |
116 | | - httpie \ |
117 | | - inetutils-tools \ |
118 | | - iproute2 \ |
119 | | - iputils-ping \ |
120 | | - iputils-tracepath \ |
121 | | - jq \ |
122 | | - language-pack-en \ |
123 | | - less \ |
124 | | - lsb-release \ |
125 | | - man \ |
126 | | - meld \ |
127 | | - net-tools \ |
128 | | - openjdk-11-jdk-headless \ |
129 | | - openssh-server \ |
130 | | - openssl \ |
131 | | - libssl-dev \ |
132 | | - pkg-config \ |
133 | | - python3 \ |
134 | | - python3-pip \ |
135 | | - rsync \ |
136 | | - shellcheck \ |
137 | | - strace \ |
138 | | - sudo \ |
139 | | - tcptraceroute \ |
140 | | - termshark \ |
141 | | - traceroute \ |
142 | | - vim \ |
143 | | - wget \ |
144 | | - xauth \ |
145 | | - zip \ |
146 | | - ncdu \ |
147 | | - cargo \ |
148 | | - asciinema \ |
149 | | - zsh \ |
150 | | - ansible \ |
151 | | - neovim \ |
152 | | - google-cloud-sdk \ |
153 | | - google-cloud-sdk-datastore-emulator \ |
154 | | - kubectl \ |
155 | | - postgresql-13 \ |
156 | | - containerd.io \ |
157 | | - docker-ce \ |
158 | | - docker-ce-cli \ |
159 | | - docker-compose-plugin \ |
160 | | - packer \ |
161 | | - fish \ |
162 | | - unzip \ |
163 | | - zstd \ |
164 | | - screen \ |
165 | | - gettext-base && \ |
166 | | - # Delete package cache to avoid consuming space in layer |
167 | | - apt-get clean && \ |
168 | | - # Configure FIPS-compliant policies |
169 | | - update-crypto-policies --set FIPS |
170 | | - |
171 | | -# NOTE: In scripts/Dockerfile.base we specifically install Terraform version 1.5.7 |
172 | | -# as it is the last version licensed under the MPL. Installing the same version |
173 | | -# here for consistency. |
174 | | -RUN wget -O /tmp/terraform.zip "https://releases.hashicorp.com/terraform/1.5.7/terraform_1.5.7_linux_amd64.zip" && \ |
175 | | - unzip /tmp/terraform.zip -d /usr/local/bin && \ |
176 | | - rm -f /tmp/terraform.zip && \ |
177 | | - chmod +x /usr/local/bin/terraform && \ |
178 | | - terraform --version |
179 | | - |
180 | | -# Install the docker buildx component. |
181 | | -RUN DOCKER_BUILDX_VERSION=$(curl -s "https://api.github.com/repos/docker/buildx/releases/latest" | grep '"tag_name":' | sed -E 's/.*"(v[^"]+)".*/\1/') && \ |
182 | | - mkdir -p /usr/local/lib/docker/cli-plugins && \ |
183 | | - curl -Lo /usr/local/lib/docker/cli-plugins/docker-buildx "https://github.com/docker/buildx/releases/download/${DOCKER_BUILDX_VERSION}/buildx-${DOCKER_BUILDX_VERSION}.linux-amd64" && \ |
184 | | - chmod a+x /usr/local/lib/docker/cli-plugins/docker-buildx |
185 | | - |
186 | | -# See https://github.com/cli/cli/issues/6175#issuecomment-1235984381 for proof |
187 | | -# the apt repository is unreliable |
188 | | -RUN GH_CLI_VERSION=$(curl -s "https://api.github.com/repos/cli/cli/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \ |
189 | | - curl -L https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/gh_${GH_CLI_VERSION}_linux_amd64.deb -o gh.deb && \ |
190 | | - dpkg -i gh.deb && \ |
191 | | - rm gh.deb |
192 | | - |
193 | | -# Install Lazygit |
194 | | -# See https://github.com/jesseduffield/lazygit#ubuntu |
195 | | -RUN LAZYGIT_VERSION=$(curl -s "https://api.github.com/repos/jesseduffield/lazygit/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v*([^"]+)".*/\1/') && \ |
196 | | - curl -Lo lazygit.tar.gz "https://github.com/jesseduffield/lazygit/releases/latest/download/lazygit_${LAZYGIT_VERSION}_Linux_x86_64.tar.gz" && \ |
197 | | - tar xf lazygit.tar.gz -C /usr/local/bin lazygit |
198 | | - |
199 | | -# Install frontend utilities |
200 | | -RUN apt-get update && \ |
201 | | - # Node.js (from nodesource) and Yarn (from yarnpkg) |
202 | | - apt-get install --yes --quiet \ |
203 | | - nodejs yarn \ |
204 | | - # Install browsers for e2e testing |
205 | | - google-chrome-stable microsoft-edge-beta && \ |
206 | | - # Pre-install system dependencies that Playwright needs. npx doesn't work here |
207 | | - # for some reason. See https://github.com/microsoft/playwright-cli/issues/136 |
208 | | - npm i -g playwright@1.36.2 pnpm@^8 corepack && playwright install-deps && \ |
209 | | - npm cache clean --force |
210 | | - |
211 | | -# Ensure PostgreSQL binaries are in the users $PATH. |
212 | | -RUN update-alternatives --install /usr/local/bin/initdb initdb /usr/lib/postgresql/13/bin/initdb 100 && \ |
213 | | - update-alternatives --install /usr/local/bin/postgres postgres /usr/lib/postgresql/13/bin/postgres 100 |
214 | | - |
215 | | -# Create links for injected dependencies |
216 | | -RUN ln --symbolic /var/tmp/coder/coder-cli/coder /usr/local/bin/coder && \ |
217 | | - ln --symbolic /var/tmp/coder/code-server/bin/code-server /usr/local/bin/code-server |
218 | | - |
219 | | -# Disable the PostgreSQL systemd service. |
220 | | -# Coder uses a custom timescale container to test the database instead. |
221 | | -RUN systemctl disable \ |
222 | | - postgresql |
223 | | - |
224 | | -# Configure systemd services for CVMs |
225 | | -RUN systemctl enable \ |
226 | | - docker \ |
227 | | - ssh |
228 | | - |
229 | | -# Install tools with published releases, where that is the |
230 | | -# preferred/recommended installation method. |
231 | | -ARG CLOUD_SQL_PROXY_VERSION=2.2.0 \ |
232 | | - DIVE_VERSION=0.10.0 \ |
233 | | - DOCKER_GCR_VERSION=2.1.8 \ |
234 | | - GOLANGCI_LINT_VERSION=1.55.2 \ |
235 | | - GRYPE_VERSION=0.61.1 \ |
236 | | - HELM_VERSION=3.12.0 \ |
237 | | - KUBE_LINTER_VERSION=0.6.3 \ |
238 | | - KUBECTX_VERSION=0.9.4 \ |
239 | | - STRIPE_VERSION=1.14.5 \ |
240 | | - TERRAGRUNT_VERSION=0.45.11 \ |
241 | | - TRIVY_VERSION=0.41.0 |
242 | | - |
243 | | -# cloud_sql_proxy, for connecting to cloudsql instances |
244 | | -# the upstream go.mod prevents this from being installed with go install |
245 | | -RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud-sql-proxy.linux.amd64" && \ |
246 | | - chmod a=rx /usr/local/bin/cloud_sql_proxy && \ |
247 | | - # dive for scanning image layer utilization metrics in CI |
248 | | - curl --silent --show-error --location "https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz" | \ |
249 | | - tar --extract --gzip --directory=/usr/local/bin --file=- dive && \ |
250 | | - # docker-credential-gcr is a Docker credential helper for pushing/pulling |
251 | | - # images from Google Container Registry and Artifact Registry |
252 | | - curl --silent --show-error --location "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${DOCKER_GCR_VERSION}/docker-credential-gcr_linux_amd64-${DOCKER_GCR_VERSION}.tar.gz" | \ |
253 | | - tar --extract --gzip --directory=/usr/local/bin --file=- docker-credential-gcr && \ |
254 | | - # golangci-lint performs static code analysis for our Go code |
255 | | - curl --silent --show-error --location "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz" | \ |
256 | | - tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 "golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint" && \ |
257 | | - # Anchore Grype for scanning container images for security issues |
258 | | - curl --silent --show-error --location "https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz" | \ |
259 | | - tar --extract --gzip --directory=/usr/local/bin --file=- grype && \ |
260 | | - # Helm is necessary for deploying Coder |
261 | | - curl --silent --show-error --location "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | \ |
262 | | - tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 linux-amd64/helm && \ |
263 | | - # kube-linter for linting Kubernetes objects, including those |
264 | | - # that Helm generates from our charts |
265 | | - curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux" --output /usr/local/bin/kube-linter && \ |
266 | | - # kubens and kubectx for managing Kubernetes namespaces and contexts |
267 | | - curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \ |
268 | | - tar --extract --gzip --directory=/usr/local/bin --file=- kubectx && \ |
269 | | - curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubens_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \ |
270 | | - tar --extract --gzip --directory=/usr/local/bin --file=- kubens && \ |
271 | | - # stripe for coder.com billing API |
272 | | - curl --silent --show-error --location "https://github.com/stripe/stripe-cli/releases/download/v${STRIPE_VERSION}/stripe_${STRIPE_VERSION}_linux_x86_64.tar.gz" | \ |
273 | | - tar --extract --gzip --directory=/usr/local/bin --file=- stripe && \ |
274 | | - # terragrunt for running Terraform and Terragrunt files |
275 | | - curl --silent --show-error --location --output /usr/local/bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64" && \ |
276 | | - chmod a=rx /usr/local/bin/terragrunt && \ |
277 | | - # AquaSec Trivy for scanning container images for security issues |
278 | | - curl --silent --show-error --location "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" | \ |
279 | | - tar --extract --gzip --directory=/usr/local/bin --file=- trivy |
280 | | - |
281 | | -# Add Vercel globally. We can't install it in packages.json, because it |
282 | | -# includes Go files which make golangci-lint unhappy. |
283 | | -RUN yarn global add --prefix=/usr/local \ |
284 | | - vercel \ |
285 | | - typescript \ |
286 | | - typescript-language-server \ |
287 | | - prettier && \ |
288 | | - yarn cache clean |
289 | | - |
290 | | -# We use yq during "make deploy" to manually substitute out fields in |
291 | | -# our helm values.yaml file. See https://github.com/helm/helm/issues/3141 |
292 | | -# |
293 | | -# TODO: update to 4.x, we can't do this now because it included breaking |
294 | | -# changes (yq w doesn't work anymore) |
295 | | -# RUN curl --silent --show-error --location "https://github.com/mikefarah/yq/releases/download/v4.9.0/yq_linux_amd64.tar.gz" | \ |
296 | | -# tar --extract --gzip --directory=/usr/local/bin --file=- ./yq_linux_amd64 && \ |
297 | | -# mv /usr/local/bin/yq_linux_amd64 /usr/local/bin/yq |
298 | | - |
299 | | -RUN curl --silent --show-error --location --output /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64" && \ |
300 | | - chmod a=rx /usr/local/bin/yq |
301 | | - |
302 | | -# Install GoLand. |
303 | | -RUN mkdir --parents /usr/local/goland && \ |
304 | | - curl --silent --show-error --location "https://download.jetbrains.com/go/goland-2021.2.tar.gz" | \ |
305 | | - tar --extract --gzip --directory=/usr/local/goland --file=- --strip-components=1 && \ |
306 | | - ln --symbolic /usr/local/goland/bin/goland.sh /usr/local/bin/goland |
307 | | - |
308 | | -# Install Antlrv4, needed to generate paramlang lexer/parser |
309 | | -RUN curl --silent --show-error --location --output /usr/local/lib/antlr-4.9.2-complete.jar "https://www.antlr.org/download/antlr-4.9.2-complete.jar" |
310 | | -ENV CLASSPATH="/usr/local/lib/antlr-4.9.2-complete.jar:${PATH}" |
311 | | - |
312 | | -# Add coder user and allow use of docker/sudo |
313 | | -RUN useradd coder \ |
314 | | - --create-home \ |
315 | | - --shell=/bin/bash \ |
316 | | - --groups=docker \ |
317 | | - --uid=1000 \ |
318 | | - --user-group |
319 | | - |
320 | | -# Adjust OpenSSH config |
321 | | -RUN echo "PermitUserEnvironment yes" >>/etc/ssh/sshd_config && \ |
322 | | - echo "X11Forwarding yes" >>/etc/ssh/sshd_config && \ |
323 | | - echo "X11UseLocalhost no" >>/etc/ssh/sshd_config |
324 | | - |
325 | | -# We avoid copying the extracted directory since COPY slows to minutes when there |
326 | | -# are a lot of small files. |
327 | | -COPY --from=go /usr/local/go.tar.gz /usr/local/go.tar.gz |
328 | | -RUN mkdir /usr/local/go && \ |
329 | | - tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 |
330 | | - |
331 | | -ENV PATH=$PATH:/usr/local/go/bin |
332 | | - |
333 | | -RUN update-alternatives --install /usr/local/bin/gofmt gofmt /usr/local/go/bin/gofmt 100 |
334 | | - |
335 | | -COPY --from=go /tmp/bin /usr/local/bin |
336 | | -COPY --from=rust-utils /tmp/bin /usr/local/bin |
337 | | -COPY --from=proto /tmp/bin /usr/local/bin |
338 | | -COPY --from=proto /tmp/include /usr/local/bin/include |
339 | | - |
340 | | -USER coder |
341 | | - |
342 | | -# Ensure go bins are in the 'coder' user's path. Note that no go bins are |
343 | | -# installed in this docker file, as they'd be mounted over by the persistent |
344 | | -# home volume. |
345 | | -ENV PATH="/home/coder/go/bin:${PATH}" |
346 | | - |
347 | | -# This setting prevents Go from using the public checksum database for |
348 | | -# our module path prefixes. It is required because these are in private |
349 | | -# repositories that require authentication. |
350 | | -# |
351 | | -# For details, see: https://golang.org/ref/mod#private-modules |
| 43 | +# Set environment variables |
352 | 44 | ENV GOPRIVATE="coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" |
353 | 45 |
|
354 | 46 | # Increase memory allocation to NodeJS |
355 | 47 | ENV NODE_OPTIONS="--max-old-space-size=8192" |
| 48 | + |
| 49 | +USER coder |
0 commit comments