images/keystone/Dockerfile - atmosphere - Gitiles

 # Copyright (c) 2024 VEXXHOST, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.

 FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
 ARG KEYSTONE_GIT_REF=8ca73f758bb613a57815fbe4ae78e3d2afa4af49
 ADD --keep-git-dir=true https://opendev.org/openstack/keystone.git#${KEYSTONE_GIT_REF} /src/keystone
 RUN git -C /src/keystone fetch --unshallow
 RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
 pip3 install \
     --constraint /upper-constraints.txt \
         /src/keystone[ldap] \
         keystone-keycloak-backend==0.1.8
 EOF

 FROM registry.atmosphere.dev/library/openstack-python-runtime:main
 RUN <<EOF bash -xe
 apt-get update -qq
 apt-get install -qq -y --no-install-recommends \
     apache2 libapache2-mod-wsgi-py3
 apt-get clean
 rm -rf /var/lib/apt/lists/*
 EOF
 ARG MOD_AUTH_OPENIDC_VERSION=2.4.12.1
 ARG TARGETARCH
 RUN <<EOF bash -xe
 apt-get update -qq
 apt-get install -qq -y --no-install-recommends \
     curl
 curl -LO https://github.com/OpenIDC/mod_auth_openidc/releases/download/v${MOD_AUTH_OPENIDC_VERSION}/libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb
 apt-get install -y --no-install-recommends ./libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb
 a2enmod auth_openidc
 apt-get purge -y --auto-remove curl
 apt-get clean
 rm -rfv /var/lib/apt/lists/* libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb
 EOF
 COPY --from=build --link /var/lib/openstack /var/lib/openstack
	# Copyright (c) 2024 VEXXHOST, Inc.
	#
	# Licensed under the Apache License, Version 2.0 (the "License"); you may
	# not use this file except in compliance with the License. You may obtain
	# a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	# License for the specific language governing permissions and limitations
	# under the License.

	FROM registry.atmosphere.dev/library/openstack-venv-builder:main AS build
	ARG KEYSTONE_GIT_REF=8ca73f758bb613a57815fbe4ae78e3d2afa4af49
	ADD --keep-git-dir=true https://opendev.org/openstack/keystone.git#${KEYSTONE_GIT_REF} /src/keystone
	RUN git -C /src/keystone fetch --unshallow
	RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
	pip3 install \
	--constraint /upper-constraints.txt \
	/src/keystone[ldap] \
	keystone-keycloak-backend==0.1.8
	EOF

	FROM registry.atmosphere.dev/library/openstack-python-runtime:main
	RUN <<EOF bash -xe
	apt-get update -qq
	apt-get install -qq -y --no-install-recommends \
	apache2 libapache2-mod-wsgi-py3
	apt-get clean
	rm -rf /var/lib/apt/lists/*
	EOF
	ARG MOD_AUTH_OPENIDC_VERSION=2.4.12.1
	ARG TARGETARCH
	RUN <<EOF bash -xe
	apt-get update -qq
	apt-get install -qq -y --no-install-recommends \
	curl
	curl -LO https://github.com/OpenIDC/mod_auth_openidc/releases/download/v${MOD_AUTH_OPENIDC_VERSION}/libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb
	apt-get install -y --no-install-recommends ./libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb
	a2enmod auth_openidc
	apt-get purge -y --auto-remove curl
	apt-get clean
	rm -rfv /var/lib/apt/lists/* libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb
	EOF
	COPY --from=build --link /var/lib/openstack /var/lib/openstack