heckyel/kiro-server-dind
0
0
Fork 0
Code Issues Pull Requests Releases Activity
Files
f9a15c21603330c4374badafa675506380c201e2
kiro-server-dind/Dockerfile
Astound f9a15c2160 fix DL3046
2025-09-24 20:11:34 -05:00

144 lines
5.9 KiB
Docker
Raw Blame History

# SPDX-License-Identifier: GPL-3.0-or-later
# Copyright (C) 2025 Jesus E.
FROM debian:bookworm-slim
ARG TARGETARCH
ENV ARCH=${TARGETARCH:-amd64}
ENV DEBIAN_FRONTEND=noninteractive
ENV LANG=en_US.UTF-8
ENV LC_ALL=en_US.UTF-8
# Versiones de herramientas
ENV KUBECTL_VERSION=1.33.0 \
HELM_VERSION=3.18.4 \
K9S_VERSION=0.50.8 \
KUBECTL_DATE=2025-05-01 \
TFLINT_VERSION=0.58.1 \
GITLEAKS_VERSION=8.27.2 \
BFG_VERSION=1.15.0
# --- Dependencias base (X11, openbox, etc.) ---
RUN set -eux; \
apt-get update && \
apt-get upgrade -y && \
apt-get install --no-install-recommends -y \
bash bash-completion ca-certificates curl wget unzip xz-utils \
dbus doas sudo nano git make \
openbox xvfb x11vnc novnc websockify \
fonts-dejavu \
dumb-init net-tools iproute2 \
menu python3-xdg python3 python3-pip python3-venv pipx \
libnss3 libnspr4 libxss1 libasound2 libxshmfence1 \
libatk1.0-0 libatk-bridge2.0-0 libvte-2.91-0 libgtk-3-0 \
libgbm1 libdrm2 libpango-1.0-0 libcairo2 libxcomposite1 \
libxrandr2 libxdamage1 libxfixes3 libxext6 libx11-6 \
supervisor dbus-x11 firefox-esr htop xdg-utils xfce4-terminal wmctrl locales \
default-jre dos2unix file fuse3 gh gnupg golang iptables jq lsb-release lsof \
nodejs npm openssh-client passwd patch shellcheck siege tar tree uidmap virtualenv; \
echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
locale-gen && \
apt-get clean && rm -rf /var/lib/apt/lists/*
RUN ln -sf /usr/share/novnc/vnc.html /usr/share/novnc/index.html
# --- Instalar Kiro ---
WORKDIR /opt
RUN curl -L "https://prod.download.desktop.kiro.dev/releases/202509172055--distro-linux-x64-tar-gz/202509172055-distro-linux-x64.tar.gz" -o kiro.tar.gz && \
mkdir -p /opt/kiro && \
tar -xzf kiro.tar.gz -C /opt/kiro --strip-components=1 && \
rm kiro.tar.gz && \
ln -s /opt/kiro/bin/kiro /usr/local/bin/kiro
COPY kiro.desktop /usr/share/applications/kiro.desktop
COPY kiro.wrapper /usr/local/bin/kiro-wrapper
RUN chmod +x /usr/local/bin/kiro-wrapper
# --- Herramientas DevOps ---
# Trivy
RUN curl -fsSL https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor > /usr/share/keyrings/trivy.gpg && \
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" > /etc/apt/sources.list.d/trivy.list && \
apt-get update && apt-get install --no-install-recommends -y trivy && rm -rf /var/lib/apt/lists/*
# Docker CLI
RUN install -m 0755 -d /etc/apt/keyrings && \
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc && \
chmod a+r /etc/apt/keyrings/docker.asc && \
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian bookworm stable" > /etc/apt/sources.list.d/docker.list && \
apt-get update && apt-get install --no-install-recommends -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin && \
rm -rf /var/lib/apt/lists/*
# AWS CLI
RUN set -e; \
case "$ARCH" in \
amd64) AWS_ARCH="x86_64" ;; \
arm64) AWS_ARCH="aarch64" ;; \
*) echo "Unsupported ARCH: $ARCH" && exit 1 ;; \
esac && \
curl -o awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-${AWS_ARCH}.zip" && \
unzip awscliv2.zip && ./aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli --update && \
rm -rf awscliv2.zip aws/
# kubectl
RUN curl -o kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/${KUBECTL_VERSION}/${KUBECTL_DATE}/bin/linux/${ARCH}/kubectl && \
chmod +x kubectl && mv kubectl /usr/local/bin/
# eksctl
RUN curl -sLO "https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_Linux_${ARCH}.tar.gz" && \
tar -xzf eksctl_Linux_${ARCH}.tar.gz -C /tmp && \
mv /tmp/eksctl /usr/local/bin && rm eksctl_Linux_${ARCH}.tar.gz
# Helm
RUN curl -sLO "https://get.helm.sh/helm-v${HELM_VERSION}-linux-${ARCH}.tar.gz" && \
tar -xzf helm-v${HELM_VERSION}-linux-${ARCH}.tar.gz && \
mv linux-${ARCH}/helm /usr/local/bin/ && \
rm -rf linux-${ARCH} helm-v${HELM_VERSION}-linux-${ARCH}.tar.gz
# k9s
RUN curl -sLO "https://github.com/derailed/k9s/releases/download/v${K9S_VERSION}/k9s_linux_${ARCH}.deb" && \
dpkg -i k9s_linux_${ARCH}.deb && rm k9s_linux_${ARCH}.deb
# TFlint
RUN curl -sLO "https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/tflint_linux_${ARCH}.zip" && \
unzip -q tflint_linux_${ARCH}.zip && \
mv tflint /usr/local/bin/ && \
rm tflint_linux_${ARCH}.zip
# Gitleaks
RUN set -e; \
case "$ARCH" in \
amd64) GITLEAKS_ARCH="x64" ;; \
arm64) GITLEAKS_ARCH="arm64" ;; \
*) echo "Unsupported ARCH: $ARCH" && exit 1 ;; \
esac && \
curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_${GITLEAKS_ARCH}.tar.gz" -o gitleaks.tar.gz && \
tar -xzf gitleaks.tar.gz gitleaks && \
mv gitleaks /usr/local/bin/gitleaks && chmod +x /usr/local/bin/gitleaks && \
rm gitleaks.tar.gz
# BFG
RUN curl -L -o /usr/local/bin/bfg.jar "https://repo1.maven.org/maven2/com/madgag/bfg/${BFG_VERSION}/bfg-${BFG_VERSION}.jar" && \
printf '#!/bin/sh\nexec java -jar /usr/local/bin/bfg.jar "$@"\n' > /usr/local/bin/bfg && \
chmod +x /usr/local/bin/bfg
# --- Configuración usuario ---
ENV DOCKER_USER=coder UID=1000 GID=1000
RUN groupadd -g $GID $DOCKER_USER && \
useradd -l -m -u $UID -g $GID -s /bin/bash $DOCKER_USER && \
echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
groupadd -f docker && usermod -aG docker $DOCKER_USER
# Archivos locales
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY desktop-wrapper.sh /usr/local/bin/desktop-wrapper.sh
RUN chmod +x /usr/local/bin/desktop-wrapper.sh
USER coder
WORKDIR /home/coder
VOLUME ["/home/coder"]
EXPOSE 8080
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD ["supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
Reference in New Issue View Git Blame Copy Permalink