forked from progrium/buildstep
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Dockerfile.cedar-14
71 lines (57 loc) · 3.46 KB
/
Dockerfile.cedar-14
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
FROM heroku/cedar:14
# herokuish 0.3.36 (released in March 2018) is the last version based on cedar-14. It's very old.
# We can't upgrade further without getting rid of cedar and upgrading to a more recent version of the
# underlying OS on the container image
RUN curl https://github.com/gliderlabs/herokuish/releases/download/v0.3.33/herokuish_0.3.33_linux_x86_64.tgz \
--silent -L | tar -xzC /bin
# install herokuish supported buildpacks and entrypoints
RUN /bin/herokuish buildpack install
# Add perl buildpack for morph
RUN /bin/herokuish buildpack install https://github.com/miyagawa/heroku-buildpack-perl.git 2da7480a8339f01968ce3979655555a0ade20564
# Add certificate authority used by mitmproxy
# Also needs to be identical to the cert at mitmproxy/mitmproxy-ca-cert.pem in
# https://github.com/openaustralia/morph
ADD mitmproxy-ca-cert.pem /usr/local/share/ca-certificates/mitmproxy-ca-cert.crt
RUN update-ca-certificates
# From https://askubuntu.com/questions/1366704/how-to-install-latest-ca-certificates-on-ubuntu-14#comment2352285_1366719
# This removes expired root certificates
RUN cp /etc/ca-certificates.conf /etc/ca-certificates.conf.orig
RUN cat /etc/ca-certificates.conf.orig | sed 's|mozilla/DST_Root_CA_X3.crt|!mozilla//DST_Root_CA_X3.crt|g' > /etc/ca-certificates.conf
RUN dpkg-reconfigure -fnoninteractive ca-certificates
# Add prerun script which will disable output buffering for ruby
ADD prerun.rb /usr/local/lib/prerun.rb
# Postgres doesn't support this ancient version of Ubuntu and we don't
# need it. So commenting out of apt sources
RUN sed -e '/postgresql/ s/^#*/#/' -i /etc/apt/sources.list
# poppler-utils has a more recent pdftohtml than the pdftohtml package
# pdftohtml is needed by the python scraperwiki library
# libffi-dev needed by python cffi
# time is needed directly by morph.io for scraper run measurements
RUN apt-get update && apt-get install -y time libblas-dev liblapack-dev gfortran swig protobuf-compiler libprotobuf-dev libsqlite3-dev poppler-utils libffi-dev
# PhantomJS has been deprecated
RUN apt-get install -y phantomjs
# Version of chromedriver needs to match up with the version of chrome installed
# As of June 27 2022, Google Chrome version 103.0.5060.53 is installed
# There doesn't seem to a way that I can see to force a particular (old) version of
# Chrome to be installed. Sigh.
# Install chromedriver
RUN wget https://chromedriver.storage.googleapis.com/103.0.5060.53/chromedriver_linux64.zip && \
unzip chromedriver_linux64.zip && \
rm chromedriver_linux64.zip && \
mv chromedriver /usr/local/bin && \
chmod ugo+x /usr/local/bin/chromedriver
# Install chrome
RUN curl -sS -o - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - && \
echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list && \
apt-get update && \
apt-get -y install google-chrome-stable
# We also need to make chrome trust our CA cert
RUN apt-get -y install libnss3-tools && \
mkdir -p /app/.pki/nssdb && \
certutil -d sql:/app/.pki/nssdb -N --empty-password && \
certutil -d sql:/app/.pki/nssdb -A -t "C,," -n "mitmproxy ca cert" -i /usr/local/share/ca-certificates/mitmproxy-ca-cert.crt
# Make python pip use the new ca certificate. Wouldn't it be great if it used
# the system ca certificates by default? Well, it doesn't.
# Setting the PIP_CERT environment variable didn't work but this does
# TODO Remove this once compiles don't send traffic to mitmproxy
ADD pip.conf /etc/pip.conf