ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.ubi8

FROM redhat/ubi8
# Install Base Requirements
RUN dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
RUN dnf -y update && dnf install -y perl openssh-server unzip zip wget epel-release
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -P ""
# Install Additional Repos
# N.B https is not available for centos mirror, so adding independently verified checksum validation for http downloads
RUN wget 'https://vault.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/centos-gpg-keys-8-3.el8.noarch.rpm' -O /tmp/gpgkey.rpm
ARG GPG_CHECKSUM=79cda0505d8dd88b8277c1af9c55021319a0e516df8d24c893d740eac1d74feb
RUN ACTUAL_CHECKSUM=$(sha256sum /tmp/gpgkey.rpm | awk '{print $1}') \
    && if [ "$ACTUAL_CHECKSUM" != "$GPG_CHECKSUM" ]; then \
           echo "Checksum mismatch! Aborting installation."; \
           exit 1; \
       fi
RUN rpm -i '/tmp/gpgkey.rpm'
RUN wget 'https://vault.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/centos-stream-repos-8-3.el8.noarch.rpm' -O /tmp/centosrepos.rpm
ARG REPO_CHECKSUM=bd0c7fe3f1f6a08f4658cc0cc9b1c1a91e38f8bf60c3af2ed2ee220523ded269
RUN ACTUAL_CHECKSUM=$(sha256sum /tmp/centosrepos.rpm | awk '{print $1}') \
    && if [ "$ACTUAL_CHECKSUM" != "$REPO_CHECKSUM" ]; then \
           echo "Checksum mismatch! Aborting installation."; \
           exit 1; \
       fi
RUN rpm -i '/tmp/centosrepos.rpm'
# Modify baseurl for all Centos repos, mainly Appstream, BaseOS and Extras repos
RUN sed -i 's/#baseurl=http\:\/\/mirror/baseurl=http\:\/\/vault/g' /etc/yum.repos.d/CentOS-Stream-*
# dnf complains about needing to remove redhat-release (lets not)
RUN echo "exclude=redhat-release" >> /etc/dnf/dnf.conf
RUN dnf -y update
# New Centos repos installed after update, so baseurl needs to be changed again for new repos
RUN sed -i 's/#baseurl=http\:\/\/mirror/baseurl=http\:\/\/vault/g' /etc/yum.repos.d/CentOS-Stream-*
# Get latest jdk17 ga
RUN wget -q 'https://api.adoptium.net/v3/binary/latest/17/ga/linux/x64/jdk/hotspot/normal/eclipse?project=jdk' -O /tmp/jdk17.tar.gz
RUN gpg --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B
# Get sig file for latest jdk17 ga
RUN wget -q `curl -s 'https://api.adoptium.net/v3/assets/feature_releases/17/ga?architecture=x64&heap_size=normal&image_type=jdk&jvm_impl=hotspot&os=linux&page=0&page_size=1&project=jdk&vendor=eclipse' | grep signature_link | awk '{split($0,a,"\""); print a[4]}'` -O /tmp/jdk17.sig
RUN gpg --verify /tmp/jdk17.sig /tmp/jdk17.tar.gz
RUN mkdir -p /usr/lib/jvm/jdk17 && tar -xpzf /tmp/jdk17.tar.gz -C /usr/lib/jvm/jdk17 --strip-components=1
# Install ant via WGET
RUN wget -q -O /tmp/ant.zip 'https://archive.apache.org/dist/ant/binaries/apache-ant-1.10.5-bin.zip'
RUN wget -q -O /tmp/ant-contrib.tgz  https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.tar.gz
RUN echo "2e48f9e429d67708f5690bc307232f08440d01ebe414059292b6543971da9c7cd259c21533b9163b4dd753321c17bd917adf8407d03245a0945fc30a4e633163  /tmp/ant.zip" > /tmp/ant.sha512
RUN echo "0fd2771dca2b8b014a4cb3246715b32e20ad5d26754186d82eee781507a183d5e63064890b95eb27c091c93c1209528a0b18a6d7e6901899319492a7610e74ad  /tmp/ant-contrib.tgz" >> /tmp/ant.sha512
RUN sha512sum --check --strict /tmp/ant.sha512
RUN ln -s /usr/local/apache-ant-1.10.5/bin/ant /usr/bin/ant
RUN unzip -q -d /usr/local /tmp/ant.zip
RUN tar xpfz /tmp/ant-contrib.tgz -C /usr/local/apache-ant-1.10.5/lib --strip-components=2 ant-contrib/lib/ant-contrib.jar
# Housekeep Downloaded Archives
RUN rm /tmp/jdk17.tar.gz /tmp/ant.zip /tmp/ant-contrib.tgz /tmp/gpgkey.rpm /tmp/jdk17.sig
# Set up jenkins user
RUN useradd -m -d /home/jenkins jenkins
RUN mkdir /home/jenkins/.ssh
RUN echo "Jenkins_User_SSHKey" > /home/jenkins/.ssh/authorized_keys
RUN chown -R jenkins /home/jenkins/.ssh
RUN chmod -R og-rwx /home/jenkins/.ssh
# RUN service ssh start
CMD ["/usr/sbin/sshd","-D"]
RUN dnf install -y git curl make gcc xorg-x11-server-Xvfb libXrender libXi libXtst fontconfig fakeroot procps-ng hostname diffutils shared-mime-info
RUN dnf install -y coreutils --allowerasing
# Install SSL Test packages
RUN dnf install -y gnutls gnutls-utils nss nss-tools
# ENTRYPOINT /usr/lib/jvm/jdk17/bin/java
EXPOSE 22
# Start with docker run -p 2222:22 UUID