Adding the langage SDK specific docker images (#4837)

* [WIP] Adding the langage SDK specific docker images Fixes: #3789 * add multiple os build This introduces multiple containers images with various different OS's. The base build is based on debian (symlinked from the Dockerfile.debian) build. We also have UBi based images, and alpine based images * Adding the langage SDK specific docker images Fixes: #3789 * remove alpine builds * test docker readme sync * fix description * fix name of sync task Co-authored-by: Lee Briggs <lee@leebriggs.co.uk>
2020-06-18 01:35:45 +01:00 · 2020-06-18 01:35:45 +01:00 · 83406b97f8
parent 9cdddd2566
commit 83406b97f8
25 changed files with 696 additions and 0 deletions
--- a/.github/workflows/container-build.yml
+++ b/.github/workflows/container-build.yml
@ -0,0 +1,126 @@
+name: pulumi sdk containers build
+on:
+  repository_dispatch:
+    types:
+      - docker-build
+      - 
+env:
+  VERSION: ${{ github.event.client_payload.ref }}
+
+jobs:
+  base:
+    name: base sdk image build
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@master
+      - name: Build base image
+        uses: jaxxstorm/action-docker-build@release/v3.beta
+        with:
+          repository: pulumi/pulumi-base
+          buildkit: true
+          username: "pulumibot"
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+          dockerfile: docker/base/Dockerfile
+          additional-tags: ${{ env.VERSION }}
+          tag-latest: true
+          build-args: PULUMI_VERSION=${{ env.VERSION }}
+      - uses: meeDamian/sync-readme@v1.0.6
+        name: Sync readme to Docker Hub
+        with:
+          user: "pulumibot"
+          pass: ${{ secrets.DOCKER_HUB_TOKEN }}
+          slug: pulumi/pulumi-base
+          readme: docker/README.md
+          description: Pulumi CLI container - bring your own SDK
+
+  base_os:
+    name: os base sdk image build
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ "ubi", "debian" ]
+    steps:
+      - uses: actions/checkout@master
+      - name: Build base image
+        uses: jaxxstorm/action-docker-build@release/v3.beta
+        with:
+          repository: pulumi/pulumi-base
+          buildkit: true
+          username: "pulumibot"
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+          dockerfile: docker/base/Dockerfile.${{ matrix.os }}
+          additional-tags: ${{ env.VERSION }}-${{ matrix.os }}
+          tag-latest: false
+          build-args: PULUMI_VERSION=${{ env.VERSION }}
+
+  sdk:
+    name: language sdk image
+    runs-on: ubuntu-latest
+    needs: base
+    strategy:
+      fail-fast: false
+      matrix:
+        sdk: [ "nodejs", "python", "dotnet", "go" ]
+    steps:
+      - uses: actions/checkout@master
+      - name: Build image
+        uses: jaxxstorm/action-docker-build@release/v3.beta
+        with:
+          repository: pulumi/pulumi-${{matrix.sdk}}
+          buildkit: true
+          username: "pulumibot"
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+          dockerfile: docker/${{ matrix.sdk }}/Dockerfile
+          additional-tags: ${{ env.VERSION }}
+          build-args: PULUMI_VERSION=${{ env.VERSION }}
+      - uses: meeDamian/sync-readme@v1.0.6
+        name: Sync readme to Docker Hub
+        with:
+          user: "pulumibot"
+          pass: ${{ secrets.DOCKER_HUB_TOKEN }}
+          slug: pulumi/pulumi-${{matrix.sdk}}
+          readme: docker/README.md
+          description: Pulumi CLI container for ${{ matrix.sdk }}
+
+  os_sdk:
+    name: os language sdk image
+    runs-on: ubuntu-latest
+    needs: base_os
+    strategy:
+      fail-fast: false
+      matrix:
+        sdk: [ "nodejs", "python", "dotnet", "go" ]
+        os: [ "ubi", "debian" ]
+    steps:
+      - uses: actions/checkout@master
+      - name: Build image
+        uses: jaxxstorm/action-docker-build@release/v3.beta
+        with:
+          repository: pulumi/pulumi-${{matrix.sdk}}
+          buildkit: true
+          username: "pulumibot"
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+          dockerfile: docker/${{ matrix.sdk }}/Dockerfile.${{ matrix.os }}
+          additional-tags: ${{ env.VERSION }}-${{ matrix.os }}
+          build-args: PULUMI_VERSION=${{ env.VERSION }}
+
+  image-scan:
+    name: scan container images
+    runs-on: ubuntu-latest
+    needs: os_sdk
+    strategy:
+      matrix:
+        image: [ "base", "nodejs", "python", "go" ]
+        os: [ "ubi" ]
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check Docker images for vulnerabilities
+        uses: snyk/actions/docker@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: pulumi/pulumi-${{matrix.image}}:${{ env.VERSION }}-${{ matrix.os }}
+          args: --severity-threshold=high --file=docker/${{matrix.image}}/Dockerfile.${{ matrix.os }}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -31,6 +31,9 @@ CHANGELOG
 - Fix GitHub Actions environment detection for PRs.
  [#4817](https://github.com/pulumi/pulumi/pull/4817)

+- Adding language sdk specific docker containers.
+  [#4837](https://github.com/pulumi/pulumi/pull/4837)
+
 ## 2.4.0 (2020-06-10)
 - Turn program generation NYIs into diagnostic errors
 [#4794](https://github.com/pulumi/pulumi/pull/4794)
--- a/1
+++ b/1
@ -79,6 +79,7 @@ publish_tgz:
 publish_packages:
 	$(call STEP_MESSAGE)
 	./scripts/publish_packages.sh
+	pulumictl create containers ${VERSION}

 # Run the integration tests for our DockerHub containers. We do so only via the
 # "Travis Cron" job type, because (1) the tests can only be ran _after_ we publish
--- a/docker/README.md
+++ b/docker/README.md
@ -0,0 +1,75 @@
+# Pulumi Docker images
+
+This image is an alternative to the [Pulumi docker image](https://hub.docker.com/r/pulumi/pulumi)
+The `pulumi/pulumi` image is quite large because it has to bundle all the SDKs that Pulumi supports:
+
+  - Go
+  - Python
+  - NodeJS
+  - DotNet
+
+This container is a slimmer container for the specific SDK. It contains the `pulumi` binary, the `pulumi` language runtime
+for that SDK and any additional necessary language components..
+
+## Images
+
+We build a matrix of images for differing Pulumi language SDKs and operating systems. The OS base images we use are:
+
+  - registry.access.redhat.com/ubi8/ubi-minimal (ubi)
+  - debian:buster-slim (debian)
+
+### Base Image
+
+The base image just contains the pulumi binaries and language runtimes, but _not_ the SDK runtimes. If you use the base
+image, you'll have to install Go/Python/Dotnet/NodeJS yourself. The image format is:
+
+```
+pulumi/pulumi-base:<PULUMI_VERSION>-<OS>
+```
+
+The default image without the OS is based on Debian Buster, and can be used like so:
+
+```
+pulumi/pulumi-base:<PULUMI_VERSION>
+```
+
+### SDK Images
+
+Images with the SDK runtimes are generated in the following format:
+
+```
+pulumi/pulumi-<PULUM_SDK>:<PULUMI_VERSION>-<OS>
+```
+
+The default image without the OS is based on Debian Buster, and can be used like so:
+
+```
+pulumi/pulumi-base-<PULUMI_SDK>:<PULUMI_VERSION>
+```
+
+### Image Size
+
+Each of the images are much smaller than the combined Pulumi container. They are in the region of approx 150MB (compressed size)
+depending on the operating system it has been built on
+
+### Operating Systems
+
+We currently build images based on both [Debian Buster](https://wiki.debian.org/DebianBuster) and with the [RedHat Universal Base Image](https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image)/
+
+### UBI Images
+
+The UBI images use `microdnf` as a package manager, not yum. See [this](https://github.com/rpm-software-management/microdnf) page for more information.
+
+## Usage
+
+In order to try and keep the images flexible and try to meet as many use cases as possible, none of these images have `CMD` or entrypoint set, so you'll need to specify the commands you want to run, for example:
+
+```
+docker run -e PULUMI_ACCESS_TOKEN=<TOKEN> -v "$(pwd)":/pulumi/projects $IMG /bin/bash -c "npm ci && pulumi preview -s <stackname>"
+```
+
+## Considerations
+
+These images _do not_ include additional tools you might want to use when running a pulumi provider. For example, if 
+you're using the [pulumi-kubernetes](https://github.com/pulumi/pulumi-kubernetes) with [Helm](https://helm.sh/), you'll 
+need to use these images as a base image, or install the `helm` command as part of your CI setup.
--- a/docker/base/Dockerfile
+++ b/docker/base/Dockerfile
@ -0,0 +1,33 @@
+# syntax = docker/dockerfile:experimental
+FROM debian:buster-slim AS builder
+ARG PULUMI_VERSION=latest
+RUN apt-get update -y && \
+      apt-get upgrade -y && \
+      apt-get install -y \
+      curl \
+      build-essential \
+      git
+
+# Install the Pulumi SDK, including the CLI and language runtimes.
+RUN if [ "$PULUMI_VERSION" = "latest" ]; then \
+    curl -fsSL https://get.pulumi.com/ | bash; \
+  else \
+    curl -fsSL https://get.pulumi.com/ | bash -s -- --version $PULUMI_VERSION ; \
+  fi
+
+# The runtime container
+# This is our base container, so let's copy all the runtimes to .pulumi/bin
+FROM debian:buster-slim
+WORKDIR /pulumi
+COPY --from=builder /root/.pulumi/bin bin
+
+RUN --mount=target=/var/lib/apt/lists,type=cache \
+    --mount=target=/var/cache/apt,type=cache \
+    apt-get update -y && \
+    apt-get upgrade -y && \
+    apt-get install -y \
+    git \
+    ca-certificates
+
+ENV PATH "/pulumi/bin:${PATH}"
+CMD ["pulumi"]
--- a/docker/base/Dockerfile.alpine
+++ b/docker/base/Dockerfile.alpine
@ -0,0 +1,33 @@
+# syntax = docker/dockerfile:experimental
+FROM alpine:3.12.0 AS builder
+ARG PULUMI_VERSION=latest
+RUN apk update && \
+      apk upgrade && \
+      apk add \
+      curl \
+      make \
+      libc6-compat \
+      gcc \
+      git
+# Install the Pulumi SDK, including the CLI and language runtimes.
+RUN if [ "$PULUMI_VERSION" = "latest" ]; then \
+    curl -fsSL https://get.pulumi.com/ | sh; \
+  else \
+    curl -fsSL https://get.pulumi.com/ | sh -s -- --version $PULUMI_VERSION ; \
+  fi
+
+# The runtime container
+# This is our base container, so let's copy all the runtimes to .pulumi/bin
+FROM alpine:3.12.0
+WORKDIR /pulumi
+COPY --from=builder /root/.pulumi/bin bin
+
+RUN apk update && \
+    apk upgrade && \
+    apk add \
+    git \
+    libc6-compat \
+    ca-certificates
+
+ENV PATH "/pulumi/bin:${PATH}"
+CMD ["pulumi"]
--- a/docker/base/Dockerfile.debian
+++ b/docker/base/Dockerfile.debian
@ -0,0 +1 @@
+Dockerfile
--- a/docker/base/Dockerfile.ubi
+++ b/docker/base/Dockerfile.ubi
@ -0,0 +1,32 @@
+# syntax = docker/dockerfile:experimental
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest as builder
+ARG PULUMI_VERSION=latest
+RUN --mount=target=/var/cache/yum,type=cache \
+      microdnf install -y \
+      curl \
+      make \
+      gcc \
+      git \
+      tar \
+      gcc-c++
+# Install the Pulumi SDK, including the CLI and language runtimes.
+RUN if [ "$PULUMI_VERSION" = "latest" ]; then \
+    curl -fsSL https://get.pulumi.com/ | bash; \
+  else \
+    curl -fsSL https://get.pulumi.com/ | bash -s -- --version $PULUMI_VERSION ; \
+  fi
+
+# The runtime container
+# This is our base container, so let's copy all the runtimes to .pulumi/bin
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+WORKDIR /pulumi
+COPY --from=builder /root/.pulumi/bin bin
+
+RUN --mount=target=/var/cache/yum,type=cache \
+    microdnf install -y \
+    git \
+    tar \
+    ca-certificates
+
+ENV PATH "/pulumi/bin:${PATH}"
+CMD ["pulumi"]
--- a/docker/dotnet/Dockerfile
+++ b/docker/dotnet/Dockerfile
@ -0,0 +1,47 @@
+# syntax = docker/dockerfile:experimental
+# Interim container so we can copy pulumi binaries
+# Must be defined first
+ARG PULUMI_VERSION=latest
+ARG PULUMI_IMAGE=pulumi/pulumi-base
+FROM ${PULUMI_IMAGE}:${PULUMI_VERSION} as pulumi
+
+# Build container
+FROM ubuntu:bionic AS builder
+WORKDIR /dotnet
+RUN apt-get update -y && \
+      apt-get install -y \
+      curl \
+      gpg
+RUN curl -o - https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /tmp/microsoft.asc.gpg; \
+    curl -o /tmp/microsoft-prod.list https://packages.microsoft.com/config/debian/10/prod.list
+
+# The runtime container
+FROM debian:buster-slim
+WORKDIR /pulumi/projects
+
+ARG RUNTIME_VERSION="3.1"
+
+# We need to install ca certs before copying the ms prod debs packages
+RUN --mount=target=/var/lib/apt/lists,type=cache \
+    --mount=target=/var/cache/apt,type=cache \
+    apt-get update -y && \
+    apt-get install -y \
+    ca-certificates
+
+COPY --from=builder /tmp/microsoft.asc.gpg /etc/apt/trusted.gpg.d/microsoft.asc.gpg
+COPY --from=builder /tmp/microsoft-prod.list /etc/apt/sources.list.d/microsoft-prod.list
+
+# Install needed tools, like git
+RUN --mount=target=/var/lib/apt/lists,type=cache \
+    --mount=target=/var/cache/apt,type=cache \
+    apt-get update -y && \
+    apt-get install -y \
+    git \
+    dotnet-sdk-${RUNTIME_VERSION}
+
+# Uses the workdir, copies from pulumi interim container
+COPY --from=pulumi /pulumi/bin/pulumi /pulumi/bin/pulumi
+COPY --from=pulumi /pulumi/bin/*-dotnet* /pulumi/bin/
+ENV PATH "/pulumi/bin:${PATH}"
+
+CMD ["pulumi"]
--- a/docker/dotnet/Dockerfile.alpine
+++ b/docker/dotnet/Dockerfile.alpine
@ -0,0 +1,26 @@
+# syntax = docker/dockerfile:experimental
+# Interim container so we can copy pulumi binaries
+# Must be defined first
+ARG PULUMI_VERSION=latest
+ARG PULUMI_IMAGE=pulumi/pulumi-base
+ARG RUNTIME_VERSION="3.1"
+FROM ${PULUMI_IMAGE}:${PULUMI_VERSION}-alpine as pulumi
+
+# The runtime container
+FROM mcr.microsoft.com/dotnet/core/sdk:${RUNTIME_VERSION}-alpine3.12
+WORKDIR /pulumi/projects
+
+# We need to install ca certs before copying the ms prod debs packages
+RUN apk update && \
+    apk upgrade && \
+    apk add \
+    ca-certificates \
+    git \
+    libc6-compat
+
+# Uses the workdir, copies from pulumi interim container
+COPY --from=pulumi /pulumi/bin/pulumi /pulumi/bin/pulumi
+COPY --from=pulumi /pulumi/bin/*-dotnet* /pulumi/bin/
+ENV PATH "/pulumi/bin:${PATH}"
+
+CMD ["pulumi"]
--- a/docker/dotnet/Dockerfile.debian
+++ b/docker/dotnet/Dockerfile.debian
@ -0,0 +1 @@
+Dockerfile
--- a/docker/dotnet/Dockerfile.ubi
+++ b/docker/dotnet/Dockerfile.ubi
@ -0,0 +1,25 @@
+# syntax = docker/dockerfile:experimental
+# Interim container so we can copy pulumi binaries
+# Must be defined first
+ARG PULUMI_VERSION=latest
+ARG PULUMI_IMAGE=pulumi/pulumi-base
+ARG RUNTIME_VERSION=3.1
+FROM ${PULUMI_IMAGE}:${PULUMI_VERSION}-ubi as pulumi
+
+# The runtime container
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+WORKDIR /pulumi/projects
+
+RUN --mount=target=/var/cache/yum,type=cache \
+    microdnf install -y \
+    ca-certificates \
+    tar \
+    dotnet \
+    git
+
+# Uses the workdir, copies from pulumi interim container
+COPY --from=pulumi /pulumi/bin/pulumi /pulumi/bin/pulumi
+COPY --from=pulumi /pulumi/bin/*-dotnet* /pulumi/bin/
+ENV PATH "/pulumi/bin:${PATH}"
+
+CMD ["pulumi"]
--- a/docker/go/Dockerfile
+++ b/docker/go/Dockerfile
@ -0,0 +1,51 @@
+# syntax = docker/dockerfile:experimental
+# Interim container so we can copy pulumi binaries
+# Must be defined first
+ARG PULUMI_VERSION=latest
+ARG PULUMI_IMAGE=pulumi/pulumi-base
+FROM ${PULUMI_IMAGE}:${PULUMI_VERSION} as pulumi
+
+# Build container
+FROM ubuntu:bionic AS builder
+
+# Set go versions
+ARG RUNTIME_VERSION=1.14.4
+
+WORKDIR /golang
+RUN apt-get update -y && \
+      apt-get install -y \
+      curl \
+      git \
+      build-essential \
+      tar \
+      git
+RUN curl -fsSLo /tmp/go.tgz https://golang.org/dl/go${RUNTIME_VERSION}.linux-amd64.tar.gz; \
+    mkdir -p bin; \
+    tar -C /golang -xzf /tmp/go.tgz; \
+    rm /tmp/go.tgz; \
+    export PATH="/golang/go/bin:${PATH}"; \
+    go version
+
+# The runtime container
+FROM debian:buster-slim
+WORKDIR /pulumi/projects
+
+# Install needed tools, like git
+RUN --mount=target=/var/lib/apt/lists,type=cache \
+    --mount=target=/var/cache/apt,type=cache \
+    apt-get update -y && \
+    apt-get install -y \
+    git \
+    ca-certificates; \
+    mkdir -p /go
+
+# Uses the workdir
+COPY --from=builder /golang/go /usr/local
+# Uses the workdir, copies from pulumi interim container
+COPY --from=pulumi /pulumi/bin/pulumi /pulumi/bin/pulumi
+COPY --from=pulumi /pulumi/bin/pulumi-language-go /pulumi/bin/pulumi-language-go
+COPY --from=pulumi /pulumi/bin/pulumi-analyzer-policy /pulumi/bin/pulumi-analyzer-policy
+ENV GOPATH=/go
+ENV PATH "/pulumi/bin:${PATH}"
+
+CMD ["pulumi"]
--- a/docker/go/Dockerfile.alpine
+++ b/docker/go/Dockerfile.alpine
@ -0,0 +1,29 @@
+# syntax = docker/dockerfile:experimental
+# Interim container so we can copy pulumi binaries
+# Must be defined first
+ARG PULUMI_VERSION=latest
+ARG PULUMI_IMAGE=pulumi/pulumi-base
+ARG RUNTIME_VERSION=1.14.4
+FROM ${PULUMI_IMAGE}:${PULUMI_VERSION}-alpine as pulumi
+
+# The runtime container
+FROM golang:${RUNTIME_VERSION}-alpine3.12
+WORKDIR /pulumi/projects
+
+# Install needed tools, like git
+RUN apk update && \
+    apk upgrade && \
+    apk add \
+    git \
+    libc6-compat \
+    ca-certificates; \
+    mkdir -p /go
+
+# Uses the workdir, copies from pulumi interim container
+COPY --from=pulumi /pulumi/bin/pulumi /pulumi/bin/pulumi
+COPY --from=pulumi /pulumi/bin/pulumi-language-go /pulumi/bin/pulumi-language-go
+COPY --from=pulumi /pulumi/bin/pulumi-analyzer-policy /pulumi/bin/pulumi-analyzer-policy
+ENV GOPATH=/go
+ENV PATH "/pulumi/bin:${PATH}"
+
+CMD ["pulumi"]
--- a/docker/go/Dockerfile.debian
+++ b/docker/go/Dockerfile.debian
@ -0,0 +1 @@
+Dockerfile
--- a/docker/go/Dockerfile.ubi
+++ b/docker/go/Dockerfile.ubi
@ -0,0 +1,49 @@
+# syntax = docker/dockerfile:experimental
+# Interim container so we can copy pulumi binaries
+# Must be defined first
+ARG PULUMI_VERSION=latest
+ARG PULUMI_IMAGE=pulumi/pulumi-base
+FROM ${PULUMI_IMAGE}:${PULUMI_VERSION} as pulumi
+
+# Build container
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest AS builder
+
+# Set go versions
+ARG RUNTIME_VERSION=1.14.4
+
+WORKDIR /golang
+RUN microdnf install -y \
+      curl \
+      make \
+      gcc \
+      git \
+      tar \
+      gcc-c++
+RUN curl -fsSLo /tmp/go.tgz https://golang.org/dl/go${RUNTIME_VERSION}.linux-amd64.tar.gz; \
+    mkdir -p bin; \
+    tar -C /golang -xzf /tmp/go.tgz; \
+    rm /tmp/go.tgz; \
+    export PATH="/golang/go/bin:${PATH}"; \
+    go version
+
+# The runtime container
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+WORKDIR /pulumi/projects
+
+# Install needed tools, like git
+RUN microdnf install -y \
+    git \
+    tar \
+    ca-certificates; \
+    mkdir -p /go
+
+# Uses the workdir
+COPY --from=builder /golang/go /usr/local
+# Uses the workdir, copies from pulumi interim container
+COPY --from=pulumi /pulumi/bin/pulumi /pulumi/bin/pulumi
+COPY --from=pulumi /pulumi/bin/pulumi-language-go /pulumi/bin/pulumi-language-go
+COPY --from=pulumi /pulumi/bin/pulumi-analyzer-policy /pulumi/bin/pulumi-analyzer-policy
+ENV GOPATH=/go
+ENV PATH "/pulumi/bin:${PATH}"
+
+CMD ["pulumi"]
--- a/docker/nodejs/Dockerfile
+++ b/docker/nodejs/Dockerfile
@ -0,0 +1,26 @@
+# syntax = docker/dockerfile:experimental
+# Interim container so we can copy pulumi binaries
+# Must be defined first
+ARG PULUMI_VERSION=latest
+ARG RUNTIME_VERSION=13.14.0
+ARG PULUMI_IMAGE=pulumi/pulumi-base
+FROM ${PULUMI_IMAGE}:${PULUMI_VERSION} as pulumi
+
+# The runtime container
+FROM node:${RUNTIME_VERSION}-buster-slim
+WORKDIR /pulumi/projects
+
+# Install needed tools, like git
+RUN --mount=target=/var/lib/apt/lists,type=cache \
+    --mount=target=/var/cache/apt,type=cache \
+    apt-get update -y && \
+    apt-get install -y \
+    git \
+    ca-certificates
+
+# Uses the workdir, copies from pulumi interim container
+COPY --from=pulumi /pulumi/bin/pulumi /pulumi/bin/pulumi
+COPY --from=pulumi /pulumi/bin/*-nodejs* /pulumi/bin/
+ENV PATH "/pulumi/bin:${PATH}"
+
+CMD ["pulumi"]
--- a/docker/nodejs/Dockerfile.alpine
+++ b/docker/nodejs/Dockerfile.alpine
@ -0,0 +1,26 @@
+# syntax = docker/dockerfile:experimental
+# Interim container so we can copy pulumi binaries
+# Must be defined first
+ARG PULUMI_VERSION=latest
+ARG RUNTIME_VERSION=12.18.0
+ARG PULUMI_IMAGE=pulumi/pulumi-base
+FROM ${PULUMI_IMAGE}:${PULUMI_VERSION} as pulumi
+
+# The runtime container
+FROM node:${RUNTIME_VERSION}-alpine3.12
+WORKDIR /pulumi/projects
+
+# Install needed tools, like git
+RUN apk update && \
+    apk upgrade && \
+    apk add \
+    git \
+    libc6-compat \
+    ca-certificates
+
+# Uses the workdir, copies from pulumi interim container
+COPY --from=pulumi /pulumi/bin/pulumi /pulumi/bin/pulumi
+COPY --from=pulumi /pulumi/bin/*-nodejs* /pulumi/bin/
+ENV PATH "/pulumi/bin:${PATH}"
+
+CMD ["pulumi"]
--- a/docker/nodejs/Dockerfile.debian
+++ b/docker/nodejs/Dockerfile.debian
@ -0,0 +1 @@
+Dockerfile
--- a/docker/nodejs/Dockerfile.ubi
+++ b/docker/nodejs/Dockerfile.ubi
@ -0,0 +1,27 @@
+# syntax = docker/dockerfile:experimental
+# Interim container so we can copy pulumi binaries
+# Must be defined first
+ARG PULUMI_VERSION=latest
+ARG PULUMI_IMAGE=pulumi/pulumi-base
+FROM ${PULUMI_IMAGE}:${PULUMI_VERSION} as pulumi
+
+# The runtime container
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+WORKDIR /pulumi/projects
+
+COPY dnf/nodejs.module /etc/dnf/modules.d/nodejs.module
+
+# Install needed tools, like git
+RUN --mount=target=/var/cache/yum,type=cache \
+    microdnf install -y \
+    git \
+    tar \
+    nodejs \
+    ca-certificates
+
+# Uses the workdir, copies from pulumi interim container
+COPY --from=pulumi /pulumi/bin/pulumi /pulumi/bin/pulumi
+COPY --from=pulumi /pulumi/bin/*-nodejs* /pulumi/bin/
+ENV PATH "/pulumi/bin:${PATH}"
+
+CMD ["pulumi"]
--- a/docker/nodejs/dnf/nodejs.module
+++ b/docker/nodejs/dnf/nodejs.module
@ -0,0 +1,5 @@
+[nodejs] 
+name=nodejs 
+stream=12
+profiles= 
+state=enabled
--- a/docker/python/Dockerfile
+++ b/docker/python/Dockerfile
@ -0,0 +1,26 @@
+# syntax = docker/dockerfile:experimental
+# Interim container so we can copy pulumi binaries
+# Must be defined first
+ARG PULUMI_VERSION=latest
+ARG RUNTIME_VERSION=3.7.7
+ARG PULUMI_IMAGE=pulumi/pulumi-base
+FROM ${PULUMI_IMAGE}:${PULUMI_VERSION} as pulumi
+
+# The runtime container
+FROM python:${RUNTIME_VERSION}-slim-buster
+WORKDIR /pulumi/projects
+
+# Install needed tools, like git
+RUN --mount=target=/var/lib/apt/lists,type=cache \
+    --mount=target=/var/cache/apt,type=cache \
+    apt-get update -y && \
+    apt-get install -y \
+    git \
+    ca-certificates
+
+# Uses the workdir, copies from pulumi interim container
+COPY --from=pulumi /pulumi/bin/pulumi /pulumi/bin/pulumi
+COPY --from=pulumi /pulumi/bin/*-python* /pulumi/bin/
+ENV PATH "/pulumi/bin:${PATH}"
+
+CMD ["pulumi"]
--- a/docker/python/Dockerfile.alpine
+++ b/docker/python/Dockerfile.alpine
@ -0,0 +1,26 @@
+# syntax = docker/dockerfile:experimental
+# Interim container so we can copy pulumi binaries
+# Must be defined first
+ARG PULUMI_VERSION=latest
+ARG RUNTIME_VERSION=3.8.3
+ARG PULUMI_IMAGE=pulumi/pulumi-base
+FROM ${PULUMI_IMAGE}:${PULUMI_VERSION}-alpine as pulumi
+
+# The runtime container
+FROM python:${RUNTIME_VERSION}-alpine3.12
+WORKDIR /pulumi/projects
+
+# Install needed tools, like git
+RUN apk update && \
+    apk upgrade && \
+    apk add \
+    git \
+    libc6-compat \
+    ca-certificates
+
+# Uses the workdir, copies from pulumi interim container
+COPY --from=pulumi /pulumi/bin/pulumi /pulumi/bin/pulumi
+COPY --from=pulumi /pulumi/bin/*-python* /pulumi/bin/
+ENV PATH "/pulumi/bin:${PATH}"
+
+CMD ["pulumi"]
--- a/docker/python/Dockerfile.debian
+++ b/docker/python/Dockerfile.debian
@ -0,0 +1 @@
+Dockerfile
--- a/docker/python/Dockerfile.ubi
+++ b/docker/python/Dockerfile.ubi
@ -0,0 +1,25 @@
+# syntax = docker/dockerfile:experimental
+# Interim container so we can copy pulumi binaries
+# Must be defined first
+ARG PULUMI_VERSION=latest
+ARG PULUMI_IMAGE=pulumi/pulumi-base
+FROM ${PULUMI_IMAGE}:${PULUMI_VERSION} as pulumi
+
+# The runtime container
+FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+WORKDIR /pulumi/projects
+
+# Install needed tools, like git
+RUN --mount=target=/var/cache/yum,type=cache \
+    microdnf install -y \
+    git \
+    tar \
+    python3 \
+    ca-certificates
+
+# Uses the workdir, copies from pulumi interim container
+COPY --from=pulumi /pulumi/bin/pulumi /pulumi/bin/pulumi
+COPY --from=pulumi /pulumi/bin/*-python* /pulumi/bin/
+ENV PATH "/pulumi/bin:${PATH}"
+
+CMD ["pulumi"]