pgadmin4/Dockerfile
Akshay Joshi 16f1e87bb7 Temporary Changed 'yarn audit' command to 'yarn audit --groups dependencies' to
fix the vulnerability found in decompress js package.
2020-02-28 17:29:32 +05:30

205 lines
7.3 KiB
Docker

########################################################################
#
# pgAdmin 4 - PostgreSQL Tools
#
# Copyright (C) 2013 - 2018, The pgAdmin Development Team
# This software is released under the PostgreSQL Licence
#
#########################################################################
#########################################################################
# Create a Node container which will be used to build the JS components
# and clean up the web/ source code
#########################################################################
FROM node:10-alpine AS app-builder
RUN apk add --no-cache \
autoconf \
automake \
bash \
g++ \
libc6-compat \
libjpeg-turbo-dev \
libpng-dev \
make \
nasm \
git \
zlib-dev
# Create the /pgadmin4 directory and copy the source into it. Explicitly
# remove the node_modules directory as we'll recreate a clean version, as well
# as various other files we don't want
COPY web /pgadmin4/web
RUN rm -rf /pgadmin4/web/*.log \
/pgadmin4/web/config_*.py \
/pgadmin4/web/node_modules \
/pgadmin4/web/regression \
`find /pgadmin4/web -type d -name tests` \
`find /pgadmin4/web -type f -name .DS_Store`
WORKDIR /pgadmin4/web
# Build the JS vendor code in the app-builder, and then remove the vendor source.
RUN npm install && \
npm audit fix && \
rm -f yarn.lock && \
yarn import && \
# Commented the below line to avoid vulnerability in decompress package and
# audit only dependencies folder. Refer https://www.npmjs.com/advisories/1217.
# Pull request is already been send https://github.com/kevva/decompress/pull/73,
# once fixed we will uncomment it.
# yarn audit && \
yarn audit --groups dependencies && \
rm -f package-lock.json && \
yarn run bundle && \
rm -rf node_modules \
yarn.lock \
package.json \
.[^.]* \
babel.cfg \
webpack.* \
karma.conf.js \
./pgadmin/static/js/generated/.cache
#########################################################################
# Now, create a documentation build container for the Sphinx docs
#########################################################################
FROM python:3.7-alpine3.10 as docs-builder
# Install only dependencies absolutely required for documentation building
RUN apk add --no-cache \
make \
build-base \
openssl-dev \
libffi-dev && \
pip install --no-cache-dir \
sphinx \
flask_security_too \
flask_paranoid \
python-dateutil \
flask_sqlalchemy \
flask_gravatar \
flask_migrate \
simplejson \
cryptography
# Copy the docs from the local tree. Explicitly remove any existing builds that
# may be present
COPY docs /pgadmin4/docs
COPY web /pgadmin4/web
RUN rm -rf /pgadmin4/docs/en_US/_build
# Build the docs
RUN LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 make -C /pgadmin4/docs/en_US -f Makefile.sphinx html
#########################################################################
# Create additional builders to get all of the PostgreSQL utilities
#########################################################################
FROM postgres:9.4-alpine as pg94-builder
FROM postgres:9.5-alpine as pg95-builder
FROM postgres:9.6-alpine as pg96-builder
FROM postgres:10-alpine as pg10-builder
FROM postgres:11-alpine as pg11-builder
FROM postgres:12-alpine as pg12-builder
FROM alpine:3.10 as tool-builder
# Copy the PG binaries
COPY --from=pg94-builder /usr/local/bin/pg_dump /usr/local/pgsql/pgsql-9.4/
COPY --from=pg94-builder /usr/local/bin/pg_dumpall /usr/local/pgsql/pgsql-9.4/
COPY --from=pg94-builder /usr/local/bin/pg_restore /usr/local/pgsql/pgsql-9.4/
COPY --from=pg94-builder /usr/local/bin/psql /usr/local/pgsql/pgsql-9.4/
COPY --from=pg95-builder /usr/local/bin/pg_dump /usr/local/pgsql/pgsql-9.5/
COPY --from=pg95-builder /usr/local/bin/pg_dumpall /usr/local/pgsql/pgsql-9.5/
COPY --from=pg95-builder /usr/local/bin/pg_restore /usr/local/pgsql/pgsql-9.5/
COPY --from=pg95-builder /usr/local/bin/psql /usr/local/pgsql/pgsql-9.5/
COPY --from=pg96-builder /usr/local/bin/pg_dump /usr/local/pgsql/pgsql-9.6/
COPY --from=pg96-builder /usr/local/bin/pg_dumpall /usr/local/pgsql/pgsql-9.6/
COPY --from=pg96-builder /usr/local/bin/pg_restore /usr/local/pgsql/pgsql-9.6/
COPY --from=pg96-builder /usr/local/bin/psql /usr/local/pgsql/pgsql-9.6/
COPY --from=pg10-builder /usr/local/bin/pg_dump /usr/local/pgsql/pgsql-10/
COPY --from=pg10-builder /usr/local/bin/pg_dumpall /usr/local/pgsql/pgsql-10/
COPY --from=pg10-builder /usr/local/bin/pg_restore /usr/local/pgsql/pgsql-10/
COPY --from=pg10-builder /usr/local/bin/psql /usr/local/pgsql/pgsql-10/
COPY --from=pg11-builder /usr/local/bin/pg_dump /usr/local/pgsql/pgsql-11/
COPY --from=pg11-builder /usr/local/bin/pg_dumpall /usr/local/pgsql/pgsql-11/
COPY --from=pg11-builder /usr/local/bin/pg_restore /usr/local/pgsql/pgsql-11/
COPY --from=pg11-builder /usr/local/bin/psql /usr/local/pgsql/pgsql-11/
COPY --from=pg12-builder /usr/local/bin/pg_dump /usr/local/pgsql/pgsql-12/
COPY --from=pg12-builder /usr/local/bin/pg_dumpall /usr/local/pgsql/pgsql-12/
COPY --from=pg12-builder /usr/local/bin/pg_restore /usr/local/pgsql/pgsql-12/
COPY --from=pg12-builder /usr/local/bin/psql /usr/local/pgsql/pgsql-12/
#########################################################################
# Assemble everything into the final container.
#########################################################################
FROM python:3.7-alpine3.10
COPY --from=tool-builder /usr/local/pgsql /usr/local/
WORKDIR /pgadmin4
ENV PYTHONPATH=/pgadmin4
# Copy in the code and docs
COPY --from=app-builder /pgadmin4/web /pgadmin4
COPY --from=docs-builder /pgadmin4/docs/en_US/_build/html/ /pgadmin4/docs
COPY requirements.txt /pgadmin4/requirements.txt
# Install build-dependencies, build & install C extensions and purge deps in
# one RUN step
RUN apk add --no-cache --virtual \
build-deps \
build-base \
postgresql-dev \
libffi-dev \
linux-headers && \
apk add \
postfix \
postgresql-client \
postgresql-libs \
shadow \
sudo \
libcap && \
pip install --upgrade pip && \
pip install --no-cache-dir -r requirements.txt && \
pip install --no-cache-dir gunicorn==19.9.0 && \
apk del --no-cache build-deps && \
echo "pgadmin ALL = NOPASSWD: /usr/sbin/postfix start" > /etc/sudoers.d/postfix
# We need the v12 libpq, which is only in the 'edge' build of Alpine at present
COPY --from=pg12-builder /usr/local/lib/libpq.so.5.12 /usr/lib/
RUN ln -sf /usr/lib/libpq.so.5.12 /usr/lib/libpq.so.5
# Copy the runner script
COPY pkg/docker/run_pgadmin.py /pgadmin4
COPY pkg/docker/entrypoint.sh /entrypoint.sh
# Precompile and optimize python code to save time and space on startup
RUN python -O -m compileall -x node_modules /pgadmin4
RUN groupadd -g 5050 pgadmin && \
useradd -r -u 5050 -g pgadmin pgadmin && \
mkdir -p /var/lib/pgadmin && \
chown pgadmin:pgadmin /var/lib/pgadmin && \
mkdir -p /var/log/pgadmin && \
chown pgadmin:pgadmin /var/log/pgadmin && \
touch /pgadmin4/config_distro.py && \
chown pgadmin:pgadmin /pgadmin4/config_distro.py && \
setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/python3.7
USER pgadmin
# Finish up
VOLUME /var/lib/pgadmin
EXPOSE 80 443
ENTRYPOINT ["/entrypoint.sh"]