1111# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1212# See the License for the specific language governing permissions and
1313# limitations under the License.
14+ #
1415
16+ # Stage 1: The "builder" stage, used to compile and install tools.
1517FROM marketplace.gcr.io/google/ubuntu2404 AS builder
1618
17- # TODO(https://github.com/googleapis/librarian/issues/901): Install the necssary dependencies and build tools.
19+ # Install all build dependencies and necessary tools.
1820RUN apt-get update && \
1921 apt-get install -y --no-install-recommends \
20- # Essential for compiling C code
2122 build-essential \
22- # For downloading secure files
23- wget \
24- ca-certificates \
25- # For running bazelisk commands
26- openjdk-17-jdk \
27- # --- Critical libraries for a complete Python build ---
28- libssl-dev \
29- zlib1g -dev \
23+ curl \
24+ xz-utils \
25+ bzip2 \
26+ gdb \
27+ lcov \
28+ pkg-config \
29+ # the below two lines are copied from googleapis dockerfile:
30+ python -dev-is-python3 \
3031 libbz2-dev \
3132 libffi-dev \
32- libsqlite3-dev \
33+ libgdbm-dev \
34+ libgdbm-compat-dev \
35+ liblzma-dev \
36+ libncurses5-dev \
3337 libreadline-dev \
34- # ------------------------------------------------------
35- && apt-get clean && \
38+ libsqlite3-dev \
39+ libssl-dev \
40+ lzma \
41+ lzma-dev \
42+ tk-dev \
43+ uuid-dev \
44+ zlib1g-dev \
45+ wget \
46+ zip \
47+ unzip \
48+ git \
49+ ca-certificates \
50+ openjdk-17-jdk && \
51+ apt-get clean && \
3652 rm -rf /var/lib/apt/lists/*
3753
3854# Set up environment variables for tool versions to make updates easier.
3955ENV PYTHON_VERSION=3.11.5
56+ ENV PROTOC_VERSION=25.3
4057ENV BAZELISK_VERSION=v1.26.0
4158
42- # Create a symbolic link for `python3` to point to our specific version.
43- ENV PATH /usr/local/bin/python3.11:$PATH
59+ # Install protoc
60+ RUN wget https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-x86_64.zip -O protoc.zip && \
61+ unzip protoc.zip -d /usr/local && \
62+ chmod +x /usr/local/bin/protoc && \
63+ rm protoc.zip
64+
65+ # Install Bazelisk
66+ RUN wget https://github.com/bazelbuild/bazelisk/releases/download/${BAZELISK_VERSION}/bazelisk-linux-amd64 -O /usr/local/bin/bazelisk && \
67+ chmod +x /usr/local/bin/bazelisk
4468
4569# Install Python from source
4670RUN wget https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz && \
@@ -51,24 +75,67 @@ RUN wget https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VER
5175 cd / && \
5276 rm -rf Python-${PYTHON_VERSION}*
5377
54- # TODO(https://github.com/googleapis/librarian/issues/904): Install protoc for gencode.
78+ # Create a symbolic link for `python3` to point to our specific version.
79+ # RUN ln -s /usr/local/bin/python3.11 /usr/local/bin/python3
80+ ENV PATH /usr/local/bin/python3.11:$PATH
5581
56- # Install Bazelisk
57- RUN wget https://github.com/bazelbuild/bazelisk/releases/download/${BAZELISK_VERSION}/bazelisk-linux-amd64 -O /usr/local/bin/bazelisk && \
58- chmod +x /usr/local/bin/bazelisk
82+ # Install only necessary runtime dependencies
83+ RUN apt-get update && \
84+ apt-get install -y --no-install-recommends \
85+ ca-certificates \
86+ openjdk-17-jdk \
87+ git && \
88+ apt-get clean && \
89+ rm -rf /var/lib/apt/lists/*
90+
91+ # --- Create a dedicated non-root user ---
92+ # Use arguments to make the user and group IDs configurable from the build command.
93+ ARG UID=1000
94+ ARG GID=1000
95+
96+ # Create the group and user, but only if they don't already exist.
97+ RUN if ! getent group $GID > /dev/null; then \
98+ groupadd -g $GID myuser; \
99+ fi && \
100+ if ! getent passwd $UID > /dev/null; then \
101+ useradd -u $UID -g $GID -ms /bin/bash myuser; \
102+ fi
59103
60- # TODO(https://github.com/googleapis/librarian/issues/902): Create a dedicate non-root user and
61- # switch to the non-root user to run subsequent commands.
104+ # Set ownership of the app directory now, before we copy files into it.
105+ RUN mkdir -p /app && chown $UID:$GID /app
62106
63- # Set the working directory in the container.
107+ # Switch to the non-root user. All subsequent commands will run as this user.
108+ USER $UID
109+
110+ # Set the working directory.
64111WORKDIR /app
65112
66- # TODO(https://github.com/googleapis/librarian/issues/907): Install Python dependencies from requirements.in.
67- # TODO(https://github.com/googleapis/librarian/issues/905): Install Synthtool by cloning its repo.
68- # TODO(https://github.com/googleapis/librarian/issues/906): Clone googleapis and run bazelisk build.
113+ # Disable Python's output buffering so logs appear in real-time.
114+ ENV PYTHONUNBUFFERED=1
115+
116+ # Install Python dependencies from requirements.in
117+ COPY --chown=$UID:$GID .generator/requirements.in .
118+ RUN python3.11 -m pip install --no-cache-dir -r requirements.in
119+
120+ # # Install synthtool by cloning its repo, as it's not on PyPI.
121+ RUN git clone --depth 1 https://github.com/googleapis/synthtool.git /tmp/synthtool && \
122+ python3.11 -m pip install /tmp/synthtool && \
123+ rm -rf /tmp/synthtool
124+
125+ # Copy your CLI script into the container and make it executable.
126+ COPY --chown=$UID:$GID .generator/cli.py .
127+ RUN chmod a+rx ./cli.py
128+
129+ # Run Bazel build:
130+ RUN git clone --depth 1 https://github.com/googleapis/googleapis.git /tmp/googleapis
131+
132+ # target=/root/.cache/bazel
133+ RUN --mount=type=cache,target=$HOME/.cache/bazel \
134+ cd /tmp/googleapis && \
135+ bazelisk build //google/cloud/language/v1:language-v1-py
69136
70- # Copy the CLI script into the container and set ownership.
71- COPY .generator/cli.py .
137+ RUN rm -rf /tmp/googleapis
72138
73- # Set the entrypoint for the container to run the script.
74- ENTRYPOINT ["python3.11" , "./cli.py" ]
139+ # Set the entrypoint for the container.
140+ # NOTE: 3.13 does not work.
141+ ENTRYPOINT ["python3.11" , "./cli.py" ]
0 commit comments