-
Notifications
You must be signed in to change notification settings - Fork 47
Expand file tree
/
Copy pathDockerfile
More file actions
252 lines (233 loc) · 10.4 KB
/
Dockerfile
File metadata and controls
252 lines (233 loc) · 10.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
# =============================================================================
# LiteOps CI/CD Platform - Docker in Docker Multi-stage Dockerfile
# =============================================================================
# 第一阶段:构建和工具安装阶段
FROM debian:bullseye-slim AS builder
# 设置构建时的环境变量
ENV DEBIAN_FRONTEND=noninteractive \
PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
# Java环境变量
JAVA_HOME=/usr/local/java/jdk1.8.0_211 \
MAVEN_HOME=/usr/local/maven/apache-maven-3.8.8 \
# NVM环境变量
NVM_DIR=/root/.nvm \
# Docker版本
DOCKER_VERSION=24.0.7
# =============================================================================
# 系统基础配置和轻量化软件安装
# =============================================================================
RUN set -eux; \
# 配置阿里云镜像源以加速下载
sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list && \
sed -i 's/security.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list && \
apt-get update && \
apt-get install -y --no-install-recommends \
# Python
python3.9 \
python3-pip \
curl \
ca-certificates \
# SSH
openssh-client \
# Git(GitPython依赖)
git \
# 进程管理
procps \
bash \
# Docker安装依赖
apt-transport-https \
gnupg \
lsb-release \
iptables \
&& \
# 创建Python符号链接
ln -sf /usr/bin/python3.9 /usr/bin/python3 && \
ln -sf /usr/bin/python3.9 /usr/bin/python && \
# 配置pip镜像源
pip config set global.index-url https://mirrors.aliyun.com/pypi/simple/ && \
pip config set install.trusted-host mirrors.aliyun.com && \
# SSH客户端基础配置
mkdir -p /root/.ssh && \
chmod 700 /root/.ssh && \
# 安装NVM
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | bash && \
echo 'export NVM_DIR="$HOME/.nvm"' >> /root/.bashrc && \
echo '[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"' >> /root/.bashrc && \
echo '[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" --no-use' >> /root/.profile && \
# 创建Java和Maven安装目录
mkdir -p /usr/local/java /usr/local/maven && \
# 安装Docker Engine
(curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian bullseye stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null) || \
(curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian bullseye stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null) && \
apt-get update && \
apt-get install -y --no-install-recommends \
docker-ce-cli \
docker-ce \
&& \
apt-get autoremove -y && \
apt-get autoclean && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/apt/* /root/.cache/*
# =============================================================================
# Java环境安装
# =============================================================================
COPY jdk-8u211-linux-x64.tar.gz apache-maven-3.8.8-bin.tar.gz /tmp/
RUN set -eux; \
# 解压JDK和Maven
tar -xzf /tmp/jdk-8u211-linux-x64.tar.gz -C /usr/local/java && \
tar -xzf /tmp/apache-maven-3.8.8-bin.tar.gz -C /usr/local/maven && \
# 立即清理压缩包
rm -f /tmp/jdk-8u211-linux-x64.tar.gz /tmp/apache-maven-3.8.8-bin.tar.gz && \
# 删除所有不必要的文件
cd /usr/local/java/jdk1.8.0_211 && \
rm -rf src.zip javafx-src.zip man sample demo \
COPYRIGHT LICENSE README.html THIRDPARTYLICENSEREADME.txt \
release ASSEMBLY_EXCEPTION && \
# 删除不常用的JDK工具
cd bin && \
rm -f appletviewer extcheck jarsigner java-rmi.cgi \
javadoc javah javap javaws jcmd jconsole jdb jhat \
jinfo jmap jps jrunscript jsadebugd jstack jstat \
jstatd jvisualvm native2ascii orbd policytool \
rmic rmid rmiregistry schemagen serialver servertool \
tnameserv wsgen wsimport xjc && \
# 删除JRE中的不必要文件
cd ../jre && \
rm -rf COPYRIGHT LICENSE README THIRDPARTYLICENSEREADME.txt \
ASSEMBLY_EXCEPTION release && \
cd bin && \
rm -f javaws jvisualvm orbd policytool rmid \
rmiregistry servertool tnameserv && \
# Maven安装,删除文档和示例
cd /usr/local/maven/apache-maven-3.8.8 && \
rm -rf LICENSE NOTICE README.txt
# =============================================================================
# 第二阶段:超轻量运行时镜像
# =============================================================================
FROM debian:bullseye-slim
# 设置运行时环境变量
ENV DEBIAN_FRONTEND=noninteractive \
PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
# Java环境变量
JAVA_HOME=/usr/local/java/jdk1.8.0_211 \
MAVEN_HOME=/usr/local/maven/apache-maven-3.8.8 \
# NVM环境变量
NVM_DIR=/root/.nvm \
# Docker版本
DOCKER_VERSION=24.0.7 \
# Locale配置 - 使用POSIX避免SSH locale警告
LC_ALL=POSIX \
LANG=POSIX \
# 更新PATH环境变量
PATH=/usr/local/java/jdk1.8.0_211/bin:/usr/local/maven/apache-maven-3.8.8/bin:/usr/local/bin:/usr/local/sbin:$PATH
# =============================================================================
# 运行时最小化系统配置
# =============================================================================
RUN set -eux; \
# 配置阿里云镜像源
sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list && \
sed -i 's/security.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list && \
# 只安装绝对必需的运行时包
apt-get update && \
apt-get install -y --no-install-recommends \
python3.9 \
python3-pip \
curl \
ca-certificates \
# SSH
openssh-client \
# Git(GitPython依赖)
git \
# 轻量web服务器
nginx-light \
# 进程管理
procps \
bash \
# Docker运行时依赖
apt-transport-https \
gnupg \
lsb-release \
iptables \
&& \
# 创建Python符号链接
ln -sf /usr/bin/python3.9 /usr/bin/python3 && \
ln -sf /usr/bin/python3.9 /usr/bin/python && \
# 配置pip镜像源
pip config set global.index-url https://mirrors.aliyun.com/pypi/simple/ && \
pip config set install.trusted-host mirrors.aliyun.com && \
# 安装Docker Engine
(curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian bullseye stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null) || \
(curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian bullseye stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null) && \
apt-get update && \
apt-get install -y --no-install-recommends \
docker-ce-cli \
docker-ce \
&& \
# 安装kubectl - 使用官方二进制文件
KUBECTL_VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt) && \
curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
chmod +x kubectl && \
mv kubectl /usr/local/bin/ && \
# 创建必要的目录
mkdir -p /app/logs && \
rm -rf /var/log/nginx/* /var/lib/nginx/body /var/lib/nginx/fastcgi \
/var/lib/nginx/proxy /var/lib/nginx/scgi /var/lib/nginx/uwsgi \
/etc/nginx/sites-enabled/default && \
apt-get autoremove -y && \
apt-get autoclean && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/apt/* /root/.cache/* \
/var/cache/debconf/* /var/lib/dpkg/info/* /usr/share/doc/* \
/usr/share/man/* /usr/share/locale/* /usr/share/info/*
# =============================================================================
# 从构建阶段复制文件
# =============================================================================
# 复制SSH配置
COPY --from=builder /root/.ssh /root/.ssh
# 复制NVM环境
COPY --from=builder /root/.nvm /root/.nvm
COPY --from=builder /root/.bashrc /root/.bashrc
COPY --from=builder /root/.profile /root/.profile
# 复制Java环境
COPY --from=builder /usr/local/java /usr/local/java
COPY --from=builder /usr/local/maven /usr/local/maven
# Docker已在运行时阶段安装,无需复制
# =============================================================================
# 应用程序配置
# =============================================================================
# 设置工作目录
WORKDIR /app
# 配置Nginx - 复制自定义配置文件
COPY nginx.conf /etc/nginx/sites-available/default
RUN ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
# 复制前端构建文件到Nginx静态文件目录
COPY web/dist/ /usr/share/nginx/html/
# Python依赖安装
COPY backend/requirements.txt /app/
RUN pip install --no-cache-dir -r requirements.txt && \
# 清理pip缓存和不必要的文件
rm -rf /root/.cache/pip /tmp/* && \
# 移除pip的缓存目录
pip cache purge 2>/dev/null || true
# 复制后端应用代码
COPY backend/ /app/
# 复制启动脚本并设置执行权限
COPY docker-entrypoint.sh /app/
COPY ci-entrypoint-dind.sh /usr/local/bin/
RUN chmod +x /app/docker-entrypoint.sh /usr/local/bin/ci-entrypoint-dind.sh
# =============================================================================
# 容器配置
# =============================================================================
# 暴露端口
# 80: Nginx Web服务器端口
# 8900: Django后端API端口
EXPOSE 80 8900
# 设置容器入口点和默认命令
ENTRYPOINT ["/usr/local/bin/ci-entrypoint-dind.sh"]
CMD ["/app/docker-entrypoint.sh"]