sonicweb/Dockerfile at master · AlphaOne1/sonicweb · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# SPDX-FileCopyrightText: 2026 The SonicWeb contributors.
# SPDX-License-Identifier: MPL-2.0

############################
# Usage:
#
# This dockerfile relies on a previously build os and architecture fitting executable.
# It can be generated as follows:
#     $ make sonicweb-linux-amd64
# Copy or mount the web content to the /www directory.
# After starting the image the content of this directory will be served.

ARG USER=appuser

FROM ubuntu:latest@sha256:c4a8d5503dfb2a3eb8ab5f807da5bc69a85730fb49b5cfca2330194ebcc41c7b AS builder

ARG TARGETARCH
ARG USER

# Centralized versions and checksums for third-party web assets
ARG HLJS_VER=11.11.1
ARG MARKED_VER=16.3.0
ARG MARKED_HL_VER=2.2.2
ARG GHMD_VER=5.8.1

ARG HLJS_JS_SHA256=c4a399dd6f488bc97a3546e3476747b3e714c99c57b9473154c6fb8d259b9381
ARG MARKED_SHA256=fe19dcc22695007cccbd794f859676e9d25356d48be2fe1a158650405a34e81f
ARG MARKED_HL_SHA256=94854921cc0771c9b51277240ea326368d24ad05d334e8fdb0f896c68526f9b7
ARG GHMD_SHA256=c47f5a601c095973e19c0a7d0418d35b2b209098955d2cc4136eb274f9083cc4
ARG HLJS_CSS_SHA256=3a9a5def8b9c311e5ae43abde85c63133185eed4f0d9f67fea4b00a8308cf066
ARG HLJS_DARK_CSS_SHA256=bc1116bfba58ee83794d53b8bd08e5ab13cba81bf03454cf67d6cfe435033cae

RUN useradd --home     "/nonexistent"      \
            --shell    "/usr/sbin/nologin" \
            --user-group                   \
            --uid 65532                    \
            -r                             \
            "${USER}"

RUN mkdir -p /tmp/root/bin        \
             /tmp/root/etc        \
             /tmp/root/usr/share/doc/sonicweb \
             /tmp/root/tmp        \
             /tmp/root/www        \
             /tmp/root/www/styles \
             /tmp/root/www/js

COPY --chmod=0755 sonicweb-linux-${TARGETARCH} /tmp/root/bin/sonicweb
COPY --chmod=0444 docker_root/                \
                  README.md                   \
                  sonicweb_logo.svg           /tmp/root/www/
COPY --chmod=0444 LICENSE                                         \
                  README.md                                       \
                  third_party_licenses-linux-${TARGETARCH}.tar.xz /tmp/root/usr/share/doc/sonicweb/

ADD --chmod=0444                                                                     \
    --checksum=sha256:${HLJS_JS_SHA256}                                              \
    https://cdnjs.cloudflare.com/ajax/libs/highlight.js/${HLJS_VER}/highlight.min.js \
    /tmp/root/www/js/

ADD --chmod=0444                                                                      \
    --checksum=sha256:${MARKED_SHA256}                                                \
    https://cdnjs.cloudflare.com/ajax/libs/marked/${MARKED_VER}/lib/marked.umd.min.js \
    /tmp/root/www/js/

ADD --chmod=0444                                                                              \
    --checksum=sha256:${MARKED_HL_SHA256}                                                     \
    https://cdnjs.cloudflare.com/ajax/libs/marked-highlight/${MARKED_HL_VER}/index.umd.min.js \
    /tmp/root/www/js/marked-highlight.umd.min.js

ADD --chmod=0444                                                                                   \
    --checksum=sha256:${GHMD_SHA256}                                                               \
    https://cdnjs.cloudflare.com/ajax/libs/github-markdown-css/${GHMD_VER}/github-markdown.min.css \
    /tmp/root/www/styles/

ADD --chmod=0444                                                                          \
    --checksum=sha256:${HLJS_CSS_SHA256}                                                  \
    https://cdnjs.cloudflare.com/ajax/libs/highlight.js/${HLJS_VER}/styles/github.min.css \
    /tmp/root/www/styles/

ADD --chmod=0444                                                                                      \
    --checksum=sha256:${HLJS_DARK_CSS_SHA256}                                                         \
    https://cdnjs.cloudflare.com/ajax/libs/highlight.js/${HLJS_VER}/styles/github-dark-dimmed.min.css \
    /tmp/root/www/styles/

RUN getent passwd "${USER}" > /tmp/root/etc/passwd &&\
    getent group  "${USER}" > /tmp/root/etc/group  &&\
                                                     \
    chown -R ${USER}:${USER}  /tmp/root/bin          \
                              /tmp/root/tmp          \
                              /tmp/root/www        &&\
    chmod 1777                /tmp/root/tmp        &&\
    sed -i '1,/<\/p>/{/<a href.*/,/<\/a>/d}' /tmp/root/www/README.md

################################################################################
FROM scratch AS sonicweb

# Defaults for local builds; CI should override these via --build-arg
ARG VERSION=dev
ARG REVISION=unknown
ARG CREATED=1970-01-01T00:00:00Z

LABEL org.opencontainers.image.title="SonicWeb"                             \
      org.opencontainers.image.description="SonicWeb web server"            \
      org.opencontainers.image.licenses=MPL-2.0                             \
      org.opencontainers.image.source=https://github.com/AlphaOne1/sonicweb \
      org.opencontainers.image.documentation=https://github.com/AlphaOne1/sonicweb \
      org.opencontainers.image.url=https://github.com/AlphaOne1/sonicweb    \
      org.opencontainers.image.version="${VERSION}"                         \
      org.opencontainers.image.revision="${REVISION}"                       \
      org.opencontainers.image.created="${CREATED}"

ARG USER

COPY --from=builder /tmp/root   /

# if no volume is mounted, a standard documentation page is shown.
# This page is overlayed by later mounts.
VOLUME  /www
ENV     HOME=/www \
        PATH=/bin \
        TMPDIR=/tmp
WORKDIR /www

EXPOSE  8080/tcp  \
        8081/tcp

USER    ${USER}:${USER}

ENTRYPOINT ["/bin/sonicweb"]