Skip to main content

Browse the archive

Revision fc90b8ca7d43f10fd9acee4985b89446c87d1801 authored by Kathy Tran on 12 January 2024, 01:41:05 UTC, committed by Kathy Tran on 12 January 2024, 01:41:05 UTC 
Save some test things
1 parent 0c6564c
Raw File
Dockerfile 
FROM eclipse-temurin:17.0.3_7-jdk-focal

# Update the APT cache
# Prepare for Java download
RUN apt-get update \
    && apt-get upgrade -y \
    && apt-get install -y --no-install-recommends
# Note locale settings seem redundant, temurin already has en_US.UTF-8 set
#    locales \
#    && apt-get clean \
#    && rm -rf /var/lib/apt/lists/* \
#    && localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
# ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'

# Copy the jar not ending in 's', to make sure we get don't get the one ending in 'sources'
COPY dockstore-webservice/target/dockstore-webservice*[^s].jar /home

RUN mkdir /dockstore_logs && chmod a+rx /dockstore_logs

# Include galaxy language plugin
ARG galaxy_plugin_version=0.0.8
RUN apt-get install -y wget
RUN mkdir -p /root/.dockstore/language-plugins
RUN wget -P /root/.dockstore/language-plugins https://artifacts.oicr.on.ca/artifactory/collab-release/com/github/galaxyproject/dockstore-galaxy-interface/dockstore-galaxy-interface/${galaxy_plugin_version}/dockstore-galaxy-interface-${galaxy_plugin_version}.jar

# Wipe them out, all of them, to reduce CVEs
RUN apt-get purge -y -- \
    *python* \
    wget \
    bzip2 \
    fonts-dejavu-core \
    fontconfig* \
    binutils* \
    cpio \
    *ssh* \
    && \
    apt-get -y autoremove

# healthcheck relies on curl, curl relies on part of ssh
# Install aide, file integrity verification
RUN apt update && \
     apt install curl cron aide aide-common -y --no-install-recommends && \
     aideinit && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
RUN update-aide.conf && cp /var/lib/aide/aide.conf.autogenerated /etc/aide/aide.conf
# Ignore these directories
RUN printf "\n!/var/log\n!/tmp/\n!/var/lib\n!/etc/aide\n" >> /etc/aide/aide.conf
# Add a script to send daily reports to dockstore-security lambda
RUN echo "#!/bin/bash\nset -e\n\nset -C\necho \""{\\\"aide-report\\\": {\\\"hostname\\\": \\\"\$\(hostname\)\\\", \\\"report\\\": \\\"\$\(aide -c /etc/aide/aide.conf -u\; cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db\)\\\"}}"\" | curl -X POST https://api.dockstore-security.org/csp-report --data-binary @-" > /etc/cron.daily/aide
RUN chmod a+x /etc/cron.daily/aide
RUN rm /etc/cron.daily/apt-compat /etc/cron.daily/dpkg
RUN aide -c /etc/aide/aide.conf --update || true
RUN cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db

CMD ["/home/init_webservice.sh"]
back to top