-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathDockerfile
48 lines (41 loc) · 1.79 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# syntax=docker/dockerfile:1.13
FROM nginx:1.27.1 AS nginx
FROM redhat/ubi9:9.5 AS rpm-build
ARG NGINX
ARG NJS
ENV NGINX_VERSION=${NGINX}
ENV NJS_VERSION=${NJS}
RUN rpm --import https://nginx.org/keys/nginx_signing.key \
&& printf "%s\n" "[nginx]" "name=nginx src repo" \
"baseurl=https://nginx.org/packages/mainline/centos/9/SRPMS" \
"gpgcheck=1" "enabled=1" "module_hotfixes=true" >> /etc/yum.repos.d/nginx.repo \
&& dnf install rpm-build gcc make dnf-plugins-core which -y \
&& dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
RUN nginxPackages=" \
nginx-${NGINX_VERSION} \
nginx-module-xslt-${NGINX_VERSION} \
nginx-module-image-filter-${NGINX_VERSION} \
nginx-module-njs-${NGINX_VERSION}+${NJS_VERSION} \
" \
&& /usr/bin/crb enable \
&& dnf download --source ${nginxPackages} \
&& dnf builddep -y --srpm nginx*.rpm \
&& rpmbuild --rebuild --nodebuginfo nginx*.rpm \
&& mkdir -p /nginx/ \
&& cp /root/rpmbuild/RPMS/$(arch)/* /nginx/
FROM redhat/ubi9-minimal:9.5 AS final
ARG NGINX
ARG NJS
ENV NGINX_VERSION ${NGINX}
ENV NJS_VERSION ${NJS}
RUN --mount=type=bind,from=rpm-build,source=/nginx,target=/tmp/ \
rpm -qa --queryformat "%{NAME}\n" | sort > installed \
&& microdnf --nodocs --setopt=install_weak_deps=0 install -y shadow-utils diffutils dnf \
&& rpm -qa --queryformat "%{NAME}\n" | sort > new \
&& groupadd --system --gid 101 nginx \
&& useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \
&& dnf install -y /tmp/*.rpm \
&& dnf -q repoquery --resolve --requires --recursive --whatrequires nginx --queryformat "%{NAME}" > nginx \
&& dnf --setopt=protected_packages= remove -y $(comm -13 installed new | comm -13 nginx -) \
&& microdnf -y clean all \
&& rm installed new nginx