mirror of https://github.com/mongodb/mongo
147 lines
5.5 KiB
Docker
147 lines
5.5 KiB
Docker
# syntax=docker/dockerfile:1
|
|
ARG BASE_IMAGE=quay.io/mongodb/bazel-remote-execution:ubuntu24-2025_09_05-17_18_29
|
|
FROM $BASE_IMAGE
|
|
ARG BASE_IMAGE
|
|
|
|
ARG USERNAME=mongo-dev
|
|
ARG USER_UID=1000
|
|
ARG USER_GID=$USER_UID
|
|
|
|
# Create the user
|
|
RUN groupadd $USERNAME && useradd -s /bin/bash --gid $USER_GID -m $USERNAME
|
|
|
|
RUN apt-get update && apt-get install -y \
|
|
sudo \
|
|
curl \
|
|
ca-certificates \
|
|
xdg-utils \
|
|
wget \
|
|
less \
|
|
jq \
|
|
vim-tiny \
|
|
procps \
|
|
lsof \
|
|
zip \
|
|
unzip \
|
|
openssh-client \
|
|
git \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Install xdg-open wrapper for browser integration
|
|
COPY .devcontainer/xdg-open-wrapper.sh /usr/local/bin/xdg-open-wrapper.sh
|
|
RUN chmod +x /usr/local/bin/xdg-open-wrapper.sh && \
|
|
if [ -f /usr/bin/xdg-open ]; then \
|
|
mv /usr/bin/xdg-open /usr/bin/xdg-open.real; \
|
|
fi && \
|
|
ln -s /usr/local/bin/xdg-open-wrapper.sh /usr/bin/xdg-open
|
|
|
|
# Give user sudo access (common-utils feature will enhance this)
|
|
RUN echo "${USERNAME} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/devcontaineruser && \
|
|
chmod 0440 /etc/sudoers.d/devcontaineruser
|
|
|
|
# Toolchain installation with SHA256 verification
|
|
# Run "python3 toolchain.py" to update toolchain_config.env
|
|
ARG TARGETPLATFORM
|
|
COPY .devcontainer/toolchain_config.env /tmp/toolchain_config.env
|
|
RUN set -e; \
|
|
. /tmp/toolchain_config.env; \
|
|
if [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
|
|
TOOLCHAIN_URL="$TOOLCHAIN_ARM64_URL"; \
|
|
TOOLCHAIN_SHA256="$TOOLCHAIN_ARM64_SHA256"; \
|
|
ARCH="arm64"; \
|
|
elif [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
|
|
TOOLCHAIN_URL="$TOOLCHAIN_AMD64_URL"; \
|
|
TOOLCHAIN_SHA256="$TOOLCHAIN_AMD64_SHA256"; \
|
|
ARCH="amd64"; \
|
|
else \
|
|
echo "Unsupported platform: $TARGETPLATFORM"; \
|
|
exit 1; \
|
|
fi; \
|
|
echo "Target platform: $TARGETPLATFORM"; \
|
|
echo "Architecture: $ARCH"; \
|
|
echo "Installing toolchain from: $TOOLCHAIN_URL"; \
|
|
echo "Expected SHA256: $TOOLCHAIN_SHA256"; \
|
|
curl -fSL "$TOOLCHAIN_URL" -o /tmp/toolchain.tar.gz; \
|
|
echo "Verifying checksum..."; \
|
|
echo "$TOOLCHAIN_SHA256 /tmp/toolchain.tar.gz" | sha256sum -c -;
|
|
RUN echo "Extracting toolchain..."; \
|
|
mkdir -p /opt/mongodbtoolchain/revisions && tar -xzf /tmp/toolchain.tar.gz -C /opt/mongodbtoolchain/revisions; \
|
|
rm /tmp/toolchain.tar.gz; \
|
|
chown -R ${USERNAME} /opt/mongodbtoolchain;
|
|
|
|
# Evergreen CLI installation with SHA256 verification
|
|
# Run "python3 evergreen_cli.py" to update evergreen_cli_config.env
|
|
COPY .devcontainer/evergreen_cli_config.env /tmp/evergreen_cli_config.env
|
|
RUN set -e; \
|
|
. /tmp/evergreen_cli_config.env; \
|
|
if [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
|
|
EVERGREEN_CLI_URL="$EVERGREEN_CLI_ARM64_URL"; \
|
|
EVERGREEN_CLI_SHA256="$EVERGREEN_CLI_ARM64_SHA256"; \
|
|
ARCH="arm64"; \
|
|
elif [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
|
|
EVERGREEN_CLI_URL="$EVERGREEN_CLI_AMD64_URL"; \
|
|
EVERGREEN_CLI_SHA256="$EVERGREEN_CLI_AMD64_SHA256"; \
|
|
ARCH="amd64"; \
|
|
else \
|
|
echo "Unsupported platform for Evergreen CLI: $TARGETPLATFORM"; \
|
|
exit 1; \
|
|
fi; \
|
|
echo "Installing Evergreen CLI for: $ARCH"; \
|
|
echo "URL: $EVERGREEN_CLI_URL"; \
|
|
echo "Expected SHA256: $EVERGREEN_CLI_SHA256"; \
|
|
curl -fSL "$EVERGREEN_CLI_URL" -o /tmp/evergreen; \
|
|
echo "Verifying checksum..."; \
|
|
echo "$EVERGREEN_CLI_SHA256 /tmp/evergreen" | sha256sum -c -; \
|
|
echo "Installing to /usr/local/bin/evergreen..."; \
|
|
mv /tmp/evergreen /usr/local/bin/evergreen; \
|
|
chmod +x /usr/local/bin/evergreen; \
|
|
echo "Evergreen CLI installation complete"
|
|
|
|
USER $USERNAME
|
|
ENV USER=${USERNAME}
|
|
RUN /opt/mongodbtoolchain/revisions/*/scripts/install.sh; echo "Toolchain installation complete"
|
|
|
|
# Add MongoDB toolchain to PATH via system-wide profile
|
|
USER root
|
|
RUN echo 'export PATH="/opt/mongodbtoolchain/v5/bin:${PATH}"' > /etc/profile.d/02-mongodbtoolchain.sh \
|
|
&& chmod +x /etc/profile.d/02-mongodbtoolchain.sh
|
|
USER $USERNAME
|
|
|
|
# Create MongoDB data directory
|
|
USER root
|
|
RUN mkdir -p /data/db && chown -R ${USERNAME}:${USERNAME} /data/db
|
|
USER $USERNAME
|
|
|
|
# Bazel telemetry - configure system-wide defaults
|
|
# These will be imported by user's .bazelrc in post-create script
|
|
USER root
|
|
RUN mkdir -p /etc/devcontainer && \
|
|
echo "# MongoDB Devcontainer Bazel Configuration" > /etc/devcontainer/bazelrc && \
|
|
echo "common --bes_keywords=devcontainer:use=true" >> /etc/devcontainer/bazelrc && \
|
|
echo "common --bes_keywords=devcontainer:image=$BASE_IMAGE" >> /etc/devcontainer/bazelrc && \
|
|
chmod 644 /etc/devcontainer/bazelrc
|
|
USER $USERNAME
|
|
|
|
# Install pipx (Python package manager for tools)
|
|
# Add ~/.local/bin to PATH for pipx-installed tools
|
|
USER root
|
|
RUN echo 'export PATH="$HOME/.local/bin:${PATH}"' > /etc/profile.d/03-local-bin.sh \
|
|
&& chmod +x /etc/profile.d/03-local-bin.sh
|
|
USER $USERNAME
|
|
|
|
ENV PATH="/home/${USERNAME}/.local/bin:${PATH}"
|
|
RUN /opt/mongodbtoolchain/v5/bin/python3 -m venv /tmp/pipx-venv && \
|
|
/tmp/pipx-venv/bin/python -m pip install --upgrade "pip<20.3" && \
|
|
/tmp/pipx-venv/bin/python -m pip install pipx && \
|
|
/tmp/pipx-venv/bin/pipx install pipx --python /opt/mongodbtoolchain/v5/bin/python3 --force && \
|
|
rm -rf /tmp/pipx-venv
|
|
# Note: PATH is configured via /etc/profile.d, not ~/.bashrc, to avoid modifying home volume
|
|
|
|
# Install db-contrib-tool using pipx
|
|
RUN /home/${USERNAME}/.local/bin/pipx install db-contrib-tool
|
|
|
|
# Install poetry with pinned dependencies
|
|
COPY --chown=${USERNAME}:${USERNAME} poetry_requirements.txt /tmp/poetry_requirements.txt
|
|
RUN /home/${USERNAME}/.local/bin/pipx install poetry --pip-args="-r /tmp/poetry_requirements.txt" && \
|
|
rm /tmp/poetry_requirements.txt
|