Dockerfile - atmosphere - Gitiles

 FROM ubuntu:jammy-20240227 AS ubuntu
 LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere

 FROM ubuntu AS helm
 ARG TARGETOS
 ARG TARGETARCH
 ARG HELM_VERSION=3.14.0
 ADD https://get.helm.sh/helm-v${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz /helm.tar.gz
 RUN tar -xzf /helm.tar.gz
 RUN mv /${TARGETOS}-${TARGETARCH}/helm /usr/bin/helm

 FROM ubuntu AS ubuntu-cloud-archive
 ADD --chmod=644 https://git.launchpad.net/ubuntu/+source/ubuntu-keyring/plain/keyrings/ubuntu-cloud-keyring.gpg /etc/apt/trusted.gpg.d/ubuntu-cloud-keyring.gpg
 ARG RELEASE
 RUN <<EOF bash -xe
 source /etc/os-release
 if [ "\${VERSION_CODENAME}" = "jammy" ]; then \
     if [ "${RELEASE}" = "yoga" ]; then \
         # NOTE: Yoga shipped with 22.04, so no need to add an extra repository.
         echo "" > /etc/apt/sources.list.d/cloudarchive.list; \
     elif [ "${RELEASE}" = "zed" ]; then \
         echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/${RELEASE} main" > /etc/apt/sources.list.d/cloudarchive.list; \
     elif [ "${RELEASE}" = "2023.1" ]; then \
         echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/antelope main" > /etc/apt/sources.list.d/cloudarchive.list; \
     elif [ "${RELEASE}" = "2023.2" ]; then \
         echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/bobcat main" > /etc/apt/sources.list.d/cloudarchive.list; \
     elif [ "${RELEASE}" = "master" ]; then \
         echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/caracal main" > /etc/apt/sources.list.d/cloudarchive.list; \
     else \
         echo "${RELEASE} is not supported on \${VERSION_CODENAME}"; \
         exit 1; \
     fi; \
 else
     echo "Unsupported release"; \
     exit 1; \
 fi
 EOF

 FROM alpine/git AS requirements
 ARG BRANCH
 ADD https://opendev.org/openstack/requirements.git#${BRANCH} /src
 RUN <<EOF sh -xe
 sed -i 's/cryptography===36.0.2/cryptography===42.0.4/' /src/upper-constraints.txt
 sed -i 's/cryptography===40.0.2/cryptography===42.0.4/' /src/upper-constraints.txt
 sed -i 's/cryptography===41.0.7/cryptography===42.0.4/' /src/upper-constraints.txt
 sed -i 's/Django===3.2.18/Django===3.2.24/' /src/upper-constraints.txt
 sed -i 's/Flask===2.2.3/Flask===2.2.5/' /src/upper-constraints.txt
 sed -i 's/Jinja2===3.1.2/Jinja2===3.1.3/' /src/upper-constraints.txt
 sed -i 's/oauthlib===3.2.0/oauthlib===3.2.2/' /src/upper-constraints.txt
 sed -i 's/paramiko===2.11.0/paramiko===3.4.0/' /src/upper-constraints.txt
 sed -i 's/paramiko===3.1.0/paramiko===3.4.0/' /src/upper-constraints.txt
 sed -i 's/protobuf===4.21.5/protobuf===4.21.6/' /src/upper-constraints.txt
 sed -i 's/pyOpenSSL===22.0.0/pyOpenSSL===24.0.0/' /src/upper-constraints.txt
 sed -i 's/pyOpenSSL===23.1.1/pyOpenSSL===24.0.0/' /src/upper-constraints.txt
 sed -i 's/requests===2.28.1/requests===2.31.0/' /src/upper-constraints.txt
 sed -i 's/requests===2.28.2/requests===2.31.0/' /src/upper-constraints.txt
 sed -i 's/sqlparse===0.4.2/sqlparse===0.4.4/' /src/upper-constraints.txt
 sed -i 's/urllib3===1.26.12/urllib3===1.26.18/' /src/upper-constraints.txt
 sed -i 's/urllib3===1.26.15/urllib3===1.26.18/' /src/upper-constraints.txt
 sed -i 's/Werkzeug===2.2.2/Werkzeug===2.3.8/' /src/upper-constraints.txt
 sed -i 's/Werkzeug===2.2.3/Werkzeug===2.3.8/' /src/upper-constraints.txt
 sed -i 's/zstd===1.5.2.5/zstd===1.5.4.0/' /src/upper-constraints.txt
 sed -i '/glance-store/d' /src/upper-constraints.txt
 sed -i '/horizon/d' /src/upper-constraints.txt
 EOF

 FROM ubuntu-cloud-archive AS openstack-venv-builder
 RUN <<EOF bash -xe
 apt-get update -qq
 apt-get install -qq -y --no-install-recommends \
     build-essential \
     git \
     libldap2-dev \
     libpcre3-dev \
     libsasl2-dev \
     libssl-dev \
     lsb-release \
     openssh-client \
     python3 \
     python3-dev \
     python3-pip \
     python3-venv
 EOF
 RUN <<EOF bash -xe
 python3 -m venv --upgrade-deps --system-site-packages /var/lib/openstack
 EOF
 ENV PATH=/var/lib/openstack/bin:$PATH
 COPY --link --from=requirements /src/upper-constraints.txt /upper-constraints.txt
 RUN <<EOF bash -xe
 pip3 install \
     --constraint /upper-constraints.txt \
         cryptography \
         pymysql \
         python-binary-memcached \
         python-memcached \
         uwsgi
 EOF

 FROM ubuntu-cloud-archive AS openstack-runtime
 RUN <<EOF bash -xe
 apt-get update -qq
 apt-get install -qq -y --no-install-recommends \
     ca-certificates \
     libpython3.10 \
     lsb-release \
     python3-distutils \
     sudo
 EOF
 ARG PROJECT
 ARG SHELL=/usr/sbin/nologin
 RUN \
     groupadd -g 42424 ${PROJECT} && \
     useradd -u 42424 -g 42424 -M -d /var/lib/${PROJECT} -s ${SHELL} -c "${PROJECT} User" ${PROJECT} && \
     mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} && \
     chown -Rv ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT}
 ENV PATH=/var/lib/openstack/bin:$PATH

 FROM alpine/git AS barbican-src
 ARG BARBICAN_GIT_REF
 ADD --keep-git-dir=true https://opendev.org/openstack/barbican.git#${BARBICAN_GIT_REF} /src
 RUN git -C /src fetch --unshallow

 FROM openstack-venv-builder AS barbican-build
 COPY --from=barbican-src --link /src /src/barbican
 RUN <<EOF bash -xe
 pip3 install \
     --constraint /upper-constraints.txt \
         /src/barbican \
         pykmip
 EOF

 FROM openstack-runtime AS barbican
 COPY --from=barbican-build --link /var/lib/openstack /var/lib/openstack

 FROM alpine/git AS magnum-src
 ARG MAGNUM_GIT_REF
 ADD --keep-git-dir=true https://opendev.org/openstack/magnum.git#${MAGNUM_GIT_REF} /src
 RUN git -C /src fetch --unshallow
 ARG RELEASE
 COPY patches/${RELEASE}/magnum /patches
 RUN if [ -n "$(ls -A /patches/*.patch)" ]; then git -C /src apply --verbose /patches/*; fi

 FROM openstack-venv-builder AS magnum-build
 COPY --from=magnum-src --link /src /src/magnum
 RUN <<EOF bash -xe
 pip3 install \
     --constraint /upper-constraints.txt \
         /src/magnum \
         magnum-cluster-api==0.16.0
 EOF

 FROM openstack-runtime AS magnum
 RUN <<EOF bash -xe
 apt-get update -qq
 apt-get install -qq -y --no-install-recommends \
     haproxy
 apt-get clean
 rm -rf /var/lib/apt/lists/*
 EOF
 COPY --from=helm --link /usr/bin/helm /usr/local/bin/helm
 COPY --from=magnum-build --link /var/lib/openstack /var/lib/openstack
	FROM ubuntu:jammy-20240227 AS ubuntu
	LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere

	FROM ubuntu AS helm
	ARG TARGETOS
	ARG TARGETARCH
	ARG HELM_VERSION=3.14.0
	ADD https://get.helm.sh/helm-v${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz /helm.tar.gz
	RUN tar -xzf /helm.tar.gz
	RUN mv /${TARGETOS}-${TARGETARCH}/helm /usr/bin/helm

	FROM ubuntu AS ubuntu-cloud-archive
	ADD --chmod=644 https://git.launchpad.net/ubuntu/+source/ubuntu-keyring/plain/keyrings/ubuntu-cloud-keyring.gpg /etc/apt/trusted.gpg.d/ubuntu-cloud-keyring.gpg
	ARG RELEASE
	RUN <<EOF bash -xe
	source /etc/os-release
	if [ "\${VERSION_CODENAME}" = "jammy" ]; then \
	if [ "${RELEASE}" = "yoga" ]; then \
	# NOTE: Yoga shipped with 22.04, so no need to add an extra repository.
	echo "" > /etc/apt/sources.list.d/cloudarchive.list; \
	elif [ "${RELEASE}" = "zed" ]; then \
	echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/${RELEASE} main" > /etc/apt/sources.list.d/cloudarchive.list; \
	elif [ "${RELEASE}" = "2023.1" ]; then \
	echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/antelope main" > /etc/apt/sources.list.d/cloudarchive.list; \
	elif [ "${RELEASE}" = "2023.2" ]; then \
	echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/bobcat main" > /etc/apt/sources.list.d/cloudarchive.list; \
	elif [ "${RELEASE}" = "master" ]; then \
	echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/caracal main" > /etc/apt/sources.list.d/cloudarchive.list; \
	else \
	echo "${RELEASE} is not supported on \${VERSION_CODENAME}"; \
	exit 1; \
	fi; \
	else
	echo "Unsupported release"; \
	exit 1; \
	fi
	EOF

	FROM alpine/git AS requirements
	ARG BRANCH
	ADD https://opendev.org/openstack/requirements.git#${BRANCH} /src
	RUN <<EOF sh -xe
	sed -i 's/cryptography===36.0.2/cryptography===42.0.4/' /src/upper-constraints.txt
	sed -i 's/cryptography===40.0.2/cryptography===42.0.4/' /src/upper-constraints.txt
	sed -i 's/cryptography===41.0.7/cryptography===42.0.4/' /src/upper-constraints.txt
	sed -i 's/Django===3.2.18/Django===3.2.24/' /src/upper-constraints.txt
	sed -i 's/Flask===2.2.3/Flask===2.2.5/' /src/upper-constraints.txt
	sed -i 's/Jinja2===3.1.2/Jinja2===3.1.3/' /src/upper-constraints.txt
	sed -i 's/oauthlib===3.2.0/oauthlib===3.2.2/' /src/upper-constraints.txt
	sed -i 's/paramiko===2.11.0/paramiko===3.4.0/' /src/upper-constraints.txt
	sed -i 's/paramiko===3.1.0/paramiko===3.4.0/' /src/upper-constraints.txt
	sed -i 's/protobuf===4.21.5/protobuf===4.21.6/' /src/upper-constraints.txt
	sed -i 's/pyOpenSSL===22.0.0/pyOpenSSL===24.0.0/' /src/upper-constraints.txt
	sed -i 's/pyOpenSSL===23.1.1/pyOpenSSL===24.0.0/' /src/upper-constraints.txt
	sed -i 's/requests===2.28.1/requests===2.31.0/' /src/upper-constraints.txt
	sed -i 's/requests===2.28.2/requests===2.31.0/' /src/upper-constraints.txt
	sed -i 's/sqlparse===0.4.2/sqlparse===0.4.4/' /src/upper-constraints.txt
	sed -i 's/urllib3===1.26.12/urllib3===1.26.18/' /src/upper-constraints.txt
	sed -i 's/urllib3===1.26.15/urllib3===1.26.18/' /src/upper-constraints.txt
	sed -i 's/Werkzeug===2.2.2/Werkzeug===2.3.8/' /src/upper-constraints.txt
	sed -i 's/Werkzeug===2.2.3/Werkzeug===2.3.8/' /src/upper-constraints.txt
	sed -i 's/zstd===1.5.2.5/zstd===1.5.4.0/' /src/upper-constraints.txt
	sed -i '/glance-store/d' /src/upper-constraints.txt
	sed -i '/horizon/d' /src/upper-constraints.txt
	EOF

	FROM ubuntu-cloud-archive AS openstack-venv-builder
	RUN <<EOF bash -xe
	apt-get update -qq
	apt-get install -qq -y --no-install-recommends \
	build-essential \
	git \
	libldap2-dev \
	libpcre3-dev \
	libsasl2-dev \
	libssl-dev \
	lsb-release \
	openssh-client \
	python3 \
	python3-dev \
	python3-pip \
	python3-venv
	EOF
	RUN <<EOF bash -xe
	python3 -m venv --upgrade-deps --system-site-packages /var/lib/openstack
	EOF
	ENV PATH=/var/lib/openstack/bin:$PATH
	COPY --link --from=requirements /src/upper-constraints.txt /upper-constraints.txt
	RUN <<EOF bash -xe
	pip3 install \
	--constraint /upper-constraints.txt \
	cryptography \
	pymysql \
	python-binary-memcached \
	python-memcached \
	uwsgi
	EOF

	FROM ubuntu-cloud-archive AS openstack-runtime
	RUN <<EOF bash -xe
	apt-get update -qq
	apt-get install -qq -y --no-install-recommends \
	ca-certificates \
	libpython3.10 \
	lsb-release \
	python3-distutils \
	sudo
	EOF
	ARG PROJECT
	ARG SHELL=/usr/sbin/nologin
	RUN \
	groupadd -g 42424 ${PROJECT} && \
	useradd -u 42424 -g 42424 -M -d /var/lib/${PROJECT} -s ${SHELL} -c "${PROJECT} User" ${PROJECT} && \
	mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} && \
	chown -Rv ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT}
	ENV PATH=/var/lib/openstack/bin:$PATH

	FROM alpine/git AS barbican-src
	ARG BARBICAN_GIT_REF
	ADD --keep-git-dir=true https://opendev.org/openstack/barbican.git#${BARBICAN_GIT_REF} /src
	RUN git -C /src fetch --unshallow

	FROM openstack-venv-builder AS barbican-build
	COPY --from=barbican-src --link /src /src/barbican
	RUN <<EOF bash -xe
	pip3 install \
	--constraint /upper-constraints.txt \
	/src/barbican \
	pykmip
	EOF

	FROM openstack-runtime AS barbican
	COPY --from=barbican-build --link /var/lib/openstack /var/lib/openstack

	FROM alpine/git AS magnum-src
	ARG MAGNUM_GIT_REF
	ADD --keep-git-dir=true https://opendev.org/openstack/magnum.git#${MAGNUM_GIT_REF} /src
	RUN git -C /src fetch --unshallow
	ARG RELEASE
	COPY patches/${RELEASE}/magnum /patches
	RUN if [ -n "$(ls -A /patches/.patch)" ]; then git -C /src apply --verbose /patches/; fi

	FROM openstack-venv-builder AS magnum-build
	COPY --from=magnum-src --link /src /src/magnum
	RUN <<EOF bash -xe
	pip3 install \
	--constraint /upper-constraints.txt \
	/src/magnum \
	magnum-cluster-api==0.16.0
	EOF

	FROM openstack-runtime AS magnum
	RUN <<EOF bash -xe
	apt-get update -qq
	apt-get install -qq -y --no-install-recommends \
	haproxy
	apt-get clean
	rm -rf /var/lib/apt/lists/*
	EOF
	COPY --from=helm --link /usr/bin/helm /usr/local/bin/helm
	COPY --from=magnum-build --link /var/lib/openstack /var/lib/openstack