image-renovate/Dockerfile

# git.auengun.net/homelab/image-renovate
# Copyright (C) 2024  GregoryDosh

ARG RENOVATE_VERSION
FROM ghcr.io/renovatebot/renovate:${RENOVATE_VERSION}

USER root

#############################
# Setup Env for Homelab PKI #
#############################
# renovate: datasource=github-releases depName=smallstep/cli
ENV STEP_VERSION=v0.28.7
LABEL net.auengun.step.version=${STEP_VERSION}

ADD https://spm-ca.pages.dev/assets/spm-root.crt /usr/local/share/ca-certificates/spm-cert.crt
RUN update-ca-certificates && \
    cp /usr/local/share/ca-certificates/spm-cert.crt /spm-root.crt && \
    mkdir ./step && \
    export STEP_URL="https://github.com/smallstep/cli/releases/download/${STEP_VERSION}/step_linux_${STEP_VERSION##v}_amd64.tar.gz" && \
    curl -s "$STEP_URL" -L -o - | tar xvz --strip-components=1 -C ./step && \
    cp ./step/bin/step /usr/local/bin && \
    rm -rf ./step /root/.cache/pip && \
    chown 1000:1000 /spm-root.crt

# Git
RUN git config --global http."https://git.auengun.net/".sslCAInfo /spm-root.crt && \
    git config --system --add safe.directory '/workspace'

############################
# Vulnerability Management #
############################
# https://github.com/jsonnet-bundler/jsonnet-bundler
# Last Released v0.5.1 / 2022-06-22
RUN rm -rf /opt/containerbase/tools/jb/

# renovate: datasource=docker depName=docker.io/library/docker versioning=semver
ENV DOCKER_VERSION=28.5.1
RUN rm -rf /opt/containerbase/tools/docker \
    install-tool docker ${DOCKER_VERSION}

USER 1000

# Node
ENV NODE_EXTRA_CA_CERTS=/spm-root.crt

# Python
RUN pip config set global.cert /etc/ssl/certs/ca-certificates.crt
ENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt

# OpenSSL
ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt