LiquidCode/LiquidCode.Tester
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bd2ed7716c04b2f2cc984970439ba2107dab4841
LiquidCode.Tester/src/LiquidCode.Tester.Worker/Dockerfile
prixod bd2ed7716c fix privileges
2025-12-01 02:26:17 +04:00

105 lines
3.6 KiB
Docker
Raw Blame History

# Build stage
FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
ARG BUILD_CONFIGURATION=Release
WORKDIR /src
# Copy Common project
COPY ["src/LiquidCode.Tester.Common/LiquidCode.Tester.Common.csproj", "src/LiquidCode.Tester.Common/"]
# Copy Worker project
COPY ["src/LiquidCode.Tester.Worker/LiquidCode.Tester.Worker.csproj", "src/LiquidCode.Tester.Worker/"]
# Restore dependencies
RUN dotnet restore "src/LiquidCode.Tester.Worker/LiquidCode.Tester.Worker.csproj"
# Copy all source files
COPY . .
# Build
WORKDIR "/src/src/LiquidCode.Tester.Worker"
RUN dotnet build "./LiquidCode.Tester.Worker.csproj" -c $BUILD_CONFIGURATION -o /app/build
# Publish stage
FROM build AS publish
ARG BUILD_CONFIGURATION=Release
RUN dotnet publish "./LiquidCode.Tester.Worker.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false
# Final stage - use aspnet runtime with all compilers
FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS final
WORKDIR /app
# Install compilers and runtimes for all supported languages
RUN apt-get update && \
apt-get install -y --no-install-recommends \
# C++ compiler and build tools
g++ \
gcc \
make \
# Java Development Kit and Runtime
openjdk-17-jdk \
# Python
python3 \
python3-pip \
# Kotlin compiler
wget \
unzip \
&& wget -q https://github.com/JetBrains/kotlin/releases/download/v1.9.20/kotlin-compiler-1.9.20.zip -O /tmp/kotlin.zip \
&& unzip -q /tmp/kotlin.zip -d /opt \
&& rm /tmp/kotlin.zip \
&& ln -s /opt/kotlinc/bin/kotlinc /usr/local/bin/kotlinc \
&& ln -s /opt/kotlinc/bin/kotlin /usr/local/bin/kotlin \
# Cleanup
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Install Mono for C# compilation (csc)
RUN apt-get update && \
apt-get install -y --no-install-recommends \
ca-certificates \
gnupg \
&& gpg --homedir /tmp --no-default-keyring --keyring /usr/share/keyrings/mono-official-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF \
&& echo "deb [signed-by=/usr/share/keyrings/mono-official-archive-keyring.gpg] https://download.mono-project.com/repo/debian stable-buster main" | tee /etc/apt/sources.list.d/mono-official-stable.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends mono-devel \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Install Isolate sandbox for secure code execution
RUN apt-get update && \
apt-get install -y --no-install-recommends \
git \
libcap-dev \
libsystemd-dev \
pkg-config \
&& git clone https://github.com/ioi/isolate.git /tmp/isolate \
&& cd /tmp/isolate \
&& make isolate \
&& make install \
&& rm -rf /tmp/isolate \
&& apt-get remove -y git \
&& apt-get autoremove -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Create unprivileged user for running the worker service
RUN mkdir -p /var/local/lib/isolate && \
chmod 755 /var/local/lib/isolate
# Configure isolate directories and control-group root
RUN printf "box_root = /var/local/lib/isolate\nlock_root = /run/isolate/locks\ncg_root = /sys/fs/cgroup\nfirst_uid = 60000\nfirst_gid = 60000\nnum_boxes = 1000\n" > /usr/local/etc/isolate.conf && \
ln -sf /usr/local/etc/isolate.conf /usr/local/etc/isolate && \
mkdir -p /run/isolate/locks
# Copy published app
COPY --from=publish /app/publish .
# Create temp directory for compilation and testing with proper permissions
RUN mkdir -p /tmp/testing
ENV ASPNETCORE_URLS=http://+:8080
# Switch to unprivileged user
#USER workeruser
ENTRYPOINT ["dotnet", "LiquidCode.Tester.Worker.dll"]
Reference in New Issue View Git Blame Copy Permalink