@@ -2,27 +2,31 @@ FROM rust:slim AS rust-utils
22# Install rust helper programs
33# ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
44ENV CARGO_INSTALL_ROOT=/tmp/
5- RUN cargo install exa bat ripgrep typos-cli watchexec-cli
5+ RUN cargo install exa bat ripgrep typos-cli watchexec-cli && \
6+ # Reduce image size.
7+ rm -rf /usr/local/cargo/registry
68
79FROM ubuntu:jammy AS go
810
9- RUN apt-get update && apt-get install --yes curl gcc
1011# Install Go manually, so that we can control the version
1112ARG GO_VERSION=1.22.5
12- RUN mkdir --parents /usr/local/go
1313
1414# Boring Go is needed to build FIPS-compliant binaries.
15- RUN curl --silent --show-error --location \
15+ RUN apt-get update && \
16+ apt-get install --yes curl && \
17+ curl --silent --show-error --location \
1618"https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
17- -o /usr/local/go.tar.gz
18-
19- RUN tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1
19+ -o /usr/local/go.tar.gz && \
20+ rm -rf /var/lib/apt/lists/*
2021
2122ENV PATH=$PATH:/usr/local/go/bin
22-
23- # Install Go utilities.
2423ARG GOPATH="/tmp/"
25- RUN mkdir --parents"$GOPATH" && \
24+ # Install Go utilities.
25+ RUN apt-get update && \
26+ apt-get install --yes gcc && \
27+ mkdir --parents /usr/local/go && \
28+ tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 && \
29+ mkdir --parents"$GOPATH" && \
2630# moq for Go tests.
2731go install github.com/matryer/moq@v0.2.3 && \
2832# swag for Swagger doc generation
@@ -73,34 +77,44 @@ RUN mkdir --parents "$GOPATH" && \
7377# yq v3 used in v1.
7478go install github.com/mikefarah/yq/v4@v4.30.6 && \
7579mv /tmp/bin/yq /tmp/bin/yq4 && \
76- go install go.uber.org/mock/mockgen@v0.4.0
80+ go install go.uber.org/mock/mockgen@v0.4.0 && \
81+ # Reduce image size.
82+ apt-get remove --yes gcc && \
83+ apt-get autoremove --yes && \
84+ apt-get clean && \
85+ rm -rf /var/lib/apt/lists/* && \
86+ rm -rf /usr/local/go && \
87+ rm -rf /tmp/go/pkg && \
88+ rm -rf /tmp/go/src
7789
7890FROM gcr.io/coder-dev-1/alpine:3.18 as proto
7991WORKDIR /tmp
8092RUN apk add curl unzip
81- RUN curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.3/protoc-23.3-linux-x86_64.zip
82- RUN unzip protoc.zip
93+ RUN curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.3/protoc-23.3-linux-x86_64.zip && \
94+ unzip protoc.zip && \
95+ rm protoc.zip
8396
8497FROM ubuntu:jammy
8598
8699SHELL ["/bin/bash" ,"-c" ]
87100
101+ # Install packages from apt repositories
102+ ARG DEBIAN_FRONTEND="noninteractive"
103+
88104# Updated certificates are necessary to use the teraswitch mirror.
89105# This must be ran before copying in configuration since the config replaces
90106# the default mirror with teraswitch.
91107RUN apt-get update && apt-get install --yes ca-certificates
92108
93109COPY files /
110+
94111# We used to copy /etc/sudoers.d/* in from files/ but this causes issues with
95112# permissions and layer caching. Instead, create the file directly.
96113RUN mkdir -p /etc/sudoers.d && \
97114echo'coder ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/nopasswd && \
98115chmod 750 /etc/sudoers.d/ && \
99116chmod 640 /etc/sudoers.d/nopasswd
100117
101- # Install packages from apt repositories
102- ARG DEBIAN_FRONTEND="noninteractive"
103-
104118RUN apt-get update --quiet && apt-get install --yes \
105119ansible \
106120apt-transport-https \
@@ -231,7 +245,9 @@ RUN systemctl disable \
231245# Configure systemd services for CVMs
232246RUN systemctl enable \
233247docker \
234- ssh
248+ ssh && \
249+ # Workaround for envbuilder cache probing not working unless the filesystem is modified.
250+ touch /tmp/.envbuilder-systemctl-enable-docker-ssh-workaround
235251
236252# Install tools with published releases, where that is the
237253# preferred/recommended installation method.