|
| 1 | +ARG python_version=3.6.13 |
| 2 | +ARG rust_version=1.46 |
| 3 | + |
| 4 | +# This image could be replaced with an "indy" image from another repo, |
| 5 | +# such as the indy-sdk |
| 6 | +FROM rust:${rust_version}-slim-buster as indy-builder |
| 7 | + |
| 8 | +ARG user=indy |
| 9 | +ENV HOME="/home/$user" |
| 10 | +WORKDIR $HOME |
| 11 | +RUN mkdir -p .local/bin .local/etc .local/lib |
| 12 | + |
| 13 | +# Install environment |
| 14 | +RUN apt-get update -y && \ |
| 15 | + apt-get install -y --no-install-recommends \ |
| 16 | + automake \ |
| 17 | + build-essential \ |
| 18 | + ca-certificates \ |
| 19 | + cmake \ |
| 20 | + curl \ |
| 21 | + git \ |
| 22 | + libbz2-dev \ |
| 23 | + libffi-dev \ |
| 24 | + libgmp-dev \ |
| 25 | + liblzma-dev \ |
| 26 | + libncurses5-dev \ |
| 27 | + libncursesw5-dev \ |
| 28 | + libsecp256k1-dev \ |
| 29 | + libsodium-dev \ |
| 30 | + libsqlite3-dev \ |
| 31 | + libssl-dev \ |
| 32 | + libtool \ |
| 33 | + libzmq3-dev \ |
| 34 | + pkg-config \ |
| 35 | + zlib1g-dev && \ |
| 36 | + rm -rf /var/lib/apt/lists/* |
| 37 | + |
| 38 | +# set to --release for smaller, optimized library |
| 39 | +ARG indy_build_flags=--release |
| 40 | + |
| 41 | +ARG indy_version=1.16.0 |
| 42 | +ARG indy_sdk_url=https://codeload.github.com/hyperledger/indy-sdk/tar.gz/refs/tags/v${indy_version} |
| 43 | + |
| 44 | +# make local libs and binaries accessible |
| 45 | +ENV PATH="$HOME/.local/bin:$PATH" |
| 46 | +ENV LIBRARY_PATH="$HOME/.local/lib:$LIBRARY_PATH" |
| 47 | + |
| 48 | +# Download and extract indy-sdk |
| 49 | +RUN mkdir indy-sdk && \ |
| 50 | + curl "${indy_sdk_url}" | tar -xz -C indy-sdk |
| 51 | + |
| 52 | +# Build and install indy-sdk |
| 53 | +WORKDIR $HOME/indy-sdk |
| 54 | +RUN cd indy-sdk*/libindy && \ |
| 55 | + cargo build ${indy_build_flags} && \ |
| 56 | + cp target/*/libindy.so "$HOME/.local/lib" && \ |
| 57 | + cargo clean |
| 58 | + |
| 59 | +# Package python3-indy |
| 60 | +RUN tar czvf ../python3-indy.tgz -C indy-sdk*/wrappers/python . |
| 61 | + |
| 62 | +# grab the latest sdk code for the postgres plug-in |
| 63 | +WORKDIR $HOME |
| 64 | +ARG indy_postgres_url=${indy_sdk_url} |
| 65 | +RUN mkdir indy-postgres && \ |
| 66 | + curl "${indy_postgres_url}" | tar -xz -C indy-postgres |
| 67 | + |
| 68 | +# Build and install postgres_storage plugin |
| 69 | +WORKDIR $HOME/indy-postgres |
| 70 | +RUN cd indy-sdk*/experimental/plugins/postgres_storage && \ |
| 71 | + cargo build ${indy_build_flags} && \ |
| 72 | + cp target/*/libindystrgpostgres.so "$HOME/.local/lib" && \ |
| 73 | + cargo clean |
| 74 | + |
| 75 | +# Clean up SDK |
| 76 | +WORKDIR $HOME |
| 77 | +RUN rm -rf indy-sdk indy-postgres |
| 78 | + |
| 79 | + |
| 80 | +# Indy Base Image |
| 81 | +# This image could be replaced with an "indy-python" image from another repo, |
| 82 | +# such as the indy-sdk |
| 83 | +FROM python:${python_version}-slim-buster as indy-base |
| 84 | + |
| 85 | +ARG uid=1001 |
| 86 | +ARG user=indy |
| 87 | +ARG indy_version |
| 88 | + |
| 89 | +ENV HOME="/home/$user" \ |
| 90 | + APP_ROOT="$HOME" \ |
| 91 | + LC_ALL=C.UTF-8 \ |
| 92 | + LANG=C.UTF-8 \ |
| 93 | + PIP_NO_CACHE_DIR=off \ |
| 94 | + PYTHONUNBUFFERED=1 \ |
| 95 | + PYTHONIOENCODING=UTF-8 \ |
| 96 | + RUST_LOG=warning \ |
| 97 | + SHELL=/bin/bash \ |
| 98 | + SUMMARY="indy-python base image" \ |
| 99 | + DESCRIPTION="aries-cloudagent provides a base image for running Hyperledger Aries agents in Docker. \ |
| 100 | + This image provides all the necessary dependencies to use the indy-sdk in python. Based on Debian Buster." |
| 101 | + |
| 102 | +LABEL summary="$SUMMARY" \ |
| 103 | + description="$DESCRIPTION" \ |
| 104 | + io.k8s.description="$DESCRIPTION" \ |
| 105 | + io.k8s.display-name="indy-python $indy_version" \ |
| 106 | + name="indy-python" \ |
| 107 | + version="$indy_version" \ |
| 108 | + maintainer="" |
| 109 | + |
| 110 | +# Add indy user |
| 111 | +RUN useradd -U -ms /bin/bash -u $uid $user |
| 112 | + |
| 113 | +# Install environment |
| 114 | +RUN apt-get update -y && \ |
| 115 | + apt-get install -y --no-install-recommends \ |
| 116 | + apt-transport-https \ |
| 117 | + ca-certificates \ |
| 118 | + bzip2 \ |
| 119 | + curl \ |
| 120 | + git \ |
| 121 | + less \ |
| 122 | + libffi6 \ |
| 123 | + libgmp10 \ |
| 124 | + liblzma5 \ |
| 125 | + libncurses5 \ |
| 126 | + libncursesw5 \ |
| 127 | + libsecp256k1-0 \ |
| 128 | + libzmq5 \ |
| 129 | + net-tools \ |
| 130 | + openssl \ |
| 131 | + sqlite3 \ |
| 132 | + vim-tiny \ |
| 133 | + zlib1g && \ |
| 134 | + rm -rf /var/lib/apt/lists/* /usr/share/doc/* |
| 135 | + |
| 136 | +WORKDIR $HOME |
| 137 | + |
| 138 | +# Copy build results |
| 139 | +COPY --from=indy-builder --chown=$user:$user $HOME . |
| 140 | + |
| 141 | +RUN mkdir -p $HOME/.local/bin |
| 142 | + |
| 143 | +# Add local binaries and aliases to path |
| 144 | +ENV PATH="$HOME/.local/bin:$PATH" |
| 145 | + |
| 146 | +# Make libraries resolvable by python |
| 147 | +ENV LD_LIBRARY_PATH="$HOME/.local/lib:$LD_LIBRARY_PATH" |
| 148 | +RUN echo "$HOME/.local/lib" > /etc/ld.so.conf.d/local.conf && ldconfig |
| 149 | + |
| 150 | +# Install python3-indy |
| 151 | +RUN pip install --no-cache-dir python3-indy.tgz && rm python3-indy.tgz |
| 152 | + |
| 153 | +# - In order to drop the root user, we have to make some directories writable |
| 154 | +# to the root group as OpenShift default security model is to run the container |
| 155 | +# under random UID. |
| 156 | +RUN usermod -a -G 0 $user |
| 157 | + |
| 158 | +# Create standard directories to allow volume mounting and set permissions |
| 159 | +# Note: PIP_NO_CACHE_DIR environment variable should be cleared to allow caching |
| 160 | +RUN mkdir -p \ |
| 161 | + $HOME/.cache/pip/http \ |
| 162 | + $HOME/.indy-cli/networks \ |
| 163 | + $HOME/.indy_client/wallet \ |
| 164 | + $HOME/.indy_client/pool \ |
| 165 | + $HOME/.indy_client/ledger-cache \ |
| 166 | + $HOME/ledger/sandbox/data \ |
| 167 | + $HOME/log |
| 168 | + |
| 169 | +# The root group needs access the directories under $HOME/.indy_client for the container to function in OpenShift. |
| 170 | +# Also ensure the permissions on the python 'site-packages' folder are set correctly. |
| 171 | +RUN chown -R $user:root $HOME/.indy_client \ |
| 172 | + && chmod -R ug+rw $HOME/log $HOME/ledger $HOME/.cache $HOME/.indy_client |
| 173 | + |
| 174 | +USER $user |
| 175 | + |
| 176 | +CMD ["bash"] |
| 177 | + |
| 178 | + |
| 179 | +# ACA-Py Test |
| 180 | +# Used to run ACA-Py unit tests with Indy |
| 181 | +FROM indy-base as acapy-test |
| 182 | + |
| 183 | +USER indy |
| 184 | + |
| 185 | +RUN mkdir src test-reports |
| 186 | + |
| 187 | +WORKDIR /home/indy/src |
| 188 | + |
| 189 | +RUN mkdir -p test-reports && chown -R indy:indy test-reports && chmod -R ug+rw test-reports |
| 190 | + |
| 191 | +ADD requirements*.txt ./ |
| 192 | + |
| 193 | +USER root |
| 194 | +RUN pip3 install --no-cache-dir \ |
| 195 | + -r requirements.txt \ |
| 196 | + -r requirements.askar.txt \ |
| 197 | + -r requirements.bbs.txt \ |
| 198 | + -r requirements.dev.txt |
| 199 | + |
| 200 | +ADD --chown=indy:root . . |
| 201 | +USER indy |
| 202 | + |
| 203 | +ENTRYPOINT ["/bin/bash", "-c", "pytest \"$@\"", "--"] |
| 204 | + |
| 205 | +# ACA-Py Builder |
| 206 | +# Build ACA-Py wheel using setuptools |
| 207 | +FROM python:${python_version}-slim-buster AS acapy-builder |
| 208 | + |
| 209 | +WORKDIR /src |
| 210 | + |
| 211 | +ADD . . |
| 212 | + |
| 213 | +RUN pip install setuptools wheel |
| 214 | +RUN python setup.py sdist bdist_wheel |
| 215 | + |
| 216 | + |
| 217 | +# ACA-Py Indy |
| 218 | +# Install wheel from builder and commit final image |
| 219 | +FROM indy-base AS main |
| 220 | + |
| 221 | +ARG uid=1001 |
| 222 | +ARG user=indy |
| 223 | +ARG acapy_version |
| 224 | +ARG acapy_reqs=[askar,bbs] |
| 225 | + |
| 226 | +ENV HOME="/home/$user" \ |
| 227 | + APP_ROOT="$HOME" \ |
| 228 | + LC_ALL=C.UTF-8 \ |
| 229 | + LANG=C.UTF-8 \ |
| 230 | + PIP_NO_CACHE_DIR=off \ |
| 231 | + PYTHONUNBUFFERED=1 \ |
| 232 | + PYTHONIOENCODING=UTF-8 \ |
| 233 | + RUST_LOG=warning \ |
| 234 | + SHELL=/bin/bash \ |
| 235 | + SUMMARY="aries-cloudagent image" \ |
| 236 | + DESCRIPTION="aries-cloudagent provides a base image for running Hyperledger Aries agents in Docker. \ |
| 237 | + This image layers the python implementation of aries-cloudagent $acapy_version. \ |
| 238 | + This image includes indy-sdk and supporting libraries." |
| 239 | + |
| 240 | +LABEL summary="$SUMMARY" \ |
| 241 | + description="$DESCRIPTION" \ |
| 242 | + io.k8s.description="$DESCRIPTION" \ |
| 243 | + io.k8s.display-name="aries-cloudagent $acapy_version" \ |
| 244 | + name="aries-cloudagent" \ |
| 245 | + version="$acapy_version" \ |
| 246 | + maintainer="" |
| 247 | + |
| 248 | +# Create standard directories to allow volume mounting and set permissions |
| 249 | +# Note: PIP_NO_CACHE_DIR environment variable should be cleared to allow caching |
| 250 | +RUN mkdir -p $HOME/.aries_cloudagent |
| 251 | + |
| 252 | +# The root group needs access the directories under $HOME/.indy_client for the container to function in OpenShift. |
| 253 | +# Also ensure the permissions on the python 'site-packages' folder are set correctly. |
| 254 | +RUN chmod -R ug+rw $HOME/.aries_cloudagent |
| 255 | + |
| 256 | +COPY --from=acapy-builder /src/dist/aries_cloudagent*.whl . |
| 257 | + |
| 258 | +RUN pip install --no-cache-dir --find-links=. aries_cloudagent${acapy_reqs} && rm aries_cloudagent*.whl |
| 259 | + |
| 260 | +ENTRYPOINT ["aca-py"] |
0 commit comments