Updated Dockerfile to include occmd

05c1b60e · Jan-Niclas Strüwer · 140c112b · 05c1b60e · 05c1b60e
Verified Commit 05c1b60e authored 1 year ago by Jan-Niclas Strüwer
--- a/Dockerfile
+++ b/Dockerfile
-# syntax=docker/dockerfile:experimental
-FROM python AS buildoccmd
-WORKDIR /workspace/app
+FROM eclipse-temurin:17-jdk AS build
+WORKDIR /app

-COPY occmd /workspace/app
+COPY . /app
+RUN ./gradlew clean build -x test
+RUN mkdir -p build/dependency && (cd build/dependency; jar -xf ../libs/*-SNAPSHOT.jar)

-RUN python3 -m venv .env
-RUN . .env/bin/activate && pip3 install -r ./requirements.txt
+FROM eclipse-temurin:17-jdk

-FROM eclipse-temurin AS build
-WORKDIR /workspace/app
+# Keeps Python from generating .pyc files in the container
+ENV PYTHONDONTWRITEBYTECODE=1

-COPY . /workspace/app
-RUN --mount=type=cache,target=/root/.gradle ./gradlew clean build -x test
-RUN mkdir -p build/dependency && (cd build/dependency; jar -xf ../libs/*-SNAPSHOT.jar)
+# Turns off buffering for easier container logging
+ENV PYTHONUNBUFFERED=1
+
+# Install dependencies needed to run OCCMD tool
+# file is needed by https://github.com/fkie-cad/fact_helper_file
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+    git \
+    python3 \
+    python3-pip \
+    file && \
+    rm -rf /var/lib/apt/lists/*
+
+# The base distro for eclipse-temurin doesn't have the newest pip version
+# which causes weired errors so we upgrade pip.
+RUN pip install --upgrade pip
+
+RUN git clone https://gitlab.opencode.de/opencode-analyzer/occmd-public.git
+RUN cd occmd-public && pip3 install -r ./requirements.txt
+COPY tools/occmd/occmdcfg.ini occmd-public

-FROM eclipse-temurin
 VOLUME /tmp
-ARG DEPENDENCY=/workspace/app/build/dependency
+ARG DEPENDENCY=/app/build/dependency
 COPY --from=build ${DEPENDENCY}/BOOT-INF/lib /app/lib
 COPY --from=build ${DEPENDENCY}/META-INF /app/META-INF
 COPY --from=build ${DEPENDENCY}/BOOT-INF/classes /app
-COPY --from=buildoccmd /workspace/app/occmd /app/tools

-ENTRYPOINT ["java","-cp","app:app/lib/*","dataProvider.Application"]
\ No newline at end of file
+ENTRYPOINT ["java","-cp","app:app/lib/*","de.fraunhofer.iem.dataprovider.DataProviderApplicationKt"]
--- a/tools/occmd/occmdcfg.ini
+++ b/tools/occmd/occmdcfg.ini
+[DEFAULT]
+resources_dir = /occmd/resources/
+
+[local_repo_db]
+# path to root of local OpenCoDE mirror
+path_db_raw =
+
+[CheckedInBinaries]
+# path to folder with files that define filetype blacklist
+blacklist_dir = %(resources_dir)s/checks/checked_in_binaries/blacklist
+# git cloneable URL of the repo with the blacklist
+blacklist_repo = https://gitlab.opencode.de/opencode-analyzer/occmd-tests-e2e/checked_in_binaries.git
+
+[Secrets]
+baselines_dir = %(resources_dir)s/checks/secrets
+
+[Dashboard]
+file = %(resources_dir)s/dashboard/dashboard.csv
+# list of valid PL names
+pl_whitelist = %(resources_dir)s/dashboard/pl_whitelist.txt
+pl_whitelist_wiki = %(resources_dir)s/dashboard/pl_whitelist_wiki.txt
+# timeout in seconds for the `cloc` invocation on the repository
+pl_loc_timeout = 60
+# number of processes the `cloc` tool can use
+pl_loc_ncpu = 4