devcontainer-drupal/Dockerfile at main · UCEAP/devcontainer-drupal · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
FROM mcr.microsoft.com/devcontainers/php:8.3

# Change default umask and add user to web group so we can share write permission on web files
# Configure pam_umask to set umask to 002 (works regardless of /etc/login.defs content)
RUN sed -i 's/pam_umask\.so/pam_umask.so umask=002/' /etc/pam.d/common-session \
    && sed -i 's/pam_umask\.so/pam_umask.so umask=002/' /etc/pam.d/common-session-noninteractive
RUN usermod -aG www-data vscode

# Add glow for formatting command usage output (and because it's just nice)
RUN mkdir -p /etc/apt/keyrings \
    && curl -fsSL https://repo.charm.sh/apt/gpg.key | gpg --dearmor -o /etc/apt/keyrings/charm.gpg \
    && echo "deb [signed-by=/etc/apt/keyrings/charm.gpg] https://repo.charm.sh/apt/ * *" | tee /etc/apt/sources.list.d/charm.list

# Install MariaDB and Redis and PHP (incl Apache) and Cypress dependencies and Terraform and AWS CLI
RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
    && apt-get install -y libpng-dev libzip-dev libicu-dev libjpeg62-turbo-dev \
    && docker-php-ext-install mysqli pdo pdo_mysql intl \
    && docker-php-ext-configure gd --with-jpeg \
    && docker-php-ext-install gd \
    && pecl install redis zip \
    && docker-php-ext-enable redis zip \
    && apt-get install -y mariadb-client redis-tools mkdocs-material mkdocs-material-extensions \
    && apt-get install -y npm libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libnss3 libxss1 libasound2 libxtst6 xauth xvfb \
    && apt-get install -y dnsutils fd-find fzf glow lazygit luarocks pv ripgrep tmux vivid \
		&& apt-get install -y gnupg \
		&& wget -O- https://apt.releases.hashicorp.com/gpg | \
			gpg --dearmor | \
			sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg > /dev/null \
		&& gpg --no-default-keyring \
			--keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \
			--fingerprint \
		&& echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | \
			sudo tee /etc/apt/sources.list.d/hashicorp.list > /dev/null \
		&& apt update \
		&& apt-get install -y awscli azure-cli terraform \
    && apt-get clean -y && rm -rf /var/lib/apt/lists/*

# Install ast-grep and yarn
RUN npm i @ast-grep/cli -g \
    && npm i yarn -g

# Install a newer Neovim than what Debian provides.
RUN curl -LO https://github.com/neovim/neovim/releases/latest/download/nvim-linux-x86_64.tar.gz \
  && tar -C /opt -xzf nvim-linux-x86_64.tar.gz

# Configure PHP, make memory_limit and upload_max_filesize match Pantheon
RUN cp /usr/local/etc/php/php.ini-development /usr/local/etc/php/php.ini \
    && sed -i 's/memory_limit\s*=.*/memory_limit=2048M/g' /usr/local/etc/php/php.ini \
    && sed -i 's/;max_input_vars\s*=.*/max_input_vars=10000/g' /usr/local/etc/php/php.ini \
    && sed -i 's/post_max_size\s*=.*/post_max_size=100M/g' /usr/local/etc/php/php.ini \
    && sed -i 's/upload_max_filesize\s*=.*/upload_max_filesize=100M/g' /usr/local/etc/php/php.ini \
    && sed -i 's/variables_order\s*=.*/variables_order="EGPCS"/g' /usr/local/etc/php/php.ini

# Stop xdebug from spamming the console
RUN echo 'xdebug.log_level = 0' >> /usr/local/etc/php/conf.d/xdebug.ini

# Only use higher port for Apache, so that port forwarding is more consistent.
RUN sed -i 's/Listen\s*80$/# Listen 80/' /etc/apache2/ports.conf

# Enable Apache modules
RUN a2enmod expires headers rewrite

# Set umask for Apache to ensure group-writable files
RUN echo "umask 002" >> /etc/apache2/envvars

# Install terminus
RUN curl -L https://github.com/pantheon-systems/terminus/releases/latest/download/terminus.phar --output /usr/local/bin/terminus \
  && chmod +x /usr/local/bin/terminus \
	&& terminus self:plugin:install terminus-secrets-manager-plugin

# Install 1password-cli, see https://developer.1password.com/docs/cli/get-started/
RUN curl -sS https://downloads.1password.com/linux/keys/1password.asc \
  | gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg \
	&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" \
	| tee /etc/apt/sources.list.d/1password.list \
	&& mkdir -p /etc/debsig/policies/AC2D62742012EA22/ \
	&& curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol \
	| tee /etc/debsig/policies/AC2D62742012EA22/1password.pol \
	&& mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22 \
	&& curl -sS https://downloads.1password.com/linux/keys/1password.asc \
	| gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg \
	&& apt update && apt install 1password-cli

# Install starship prompt
RUN curl -sS https://starship.rs/install.sh | sh -s -- --yes

# Install atuin
#
# # The recommended way to install atuin is to use cargo, but that takes *forever*:
# USER vscode
# RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
# RUN PATH="$HOME/.cargo/bin:$PATH" cargo install atuin
#
# # So instead we download the latest precompiled binary for our cpu architecture:
RUN curl -sL $(curl -s https://api.github.com/repos/atuinsh/atuin/releases/latest | jq -r '.assets[] | select(.name == "atuin-'`uname -m`'-unknown-linux-gnu.tar.gz") | .browser_download_url') | tar zx --no-same-owner --wildcards --absolute-names --transform 's,[^/]*,/usr/local/bin,' '*/atuin'

# Our base image has an ancient version of gh cli in apt, so we download the latest version instead
RUN curl -sL $(curl -s https://api.github.com/repos/cli/cli/releases/latest | jq -r '.assets[] | select(.name | endswith("_linux_'`uname -m | sed s/aarch64/arm64/ | sed s/x86_64/amd64/`'.tar.gz")) | .browser_download_url') | tar zx --no-same-owner --wildcards --absolute-names --transform 's,[^/]*,/usr/local,' '*/gh'

# Copy our scripts and template files
COPY local /usr/local/