5ad3449e3b
Install bot_bottle via pip in Dockerfile.gateway instead of COPYing individual .py files flat under /app/. This eliminates the try/except import shims in egress_addon_core, dlp_detectors, egress_addon, supervise, supervise_server, and git_http_backend that existed only to support the flat-bundle layout. Adds bot_bottle/constants.py as a single source of truth for IDENTITY_HEADER and GIT_GATE_TIMEOUT_SECS, removing the duplicated literal definitions in egress_addon.py, supervise_server.py, git_http_backend.py, and git_gate_render.py. Test files updated to match: test_supervise_server.py drops the sys.path.insert hack in favour of direct package imports; the egress_addon test shims no longer pre-populate sys.modules with a bare egress_addon_core alias.
131 lines
6.4 KiB
Docker
131 lines
6.4 KiB
Docker
# Gateway data-plane image (PRD 0024 bundle shape; PRD 0070 gateway).
|
|
#
|
|
# The egress / git-gate / supervise *data plane* — one image, run by
|
|
# the consolidated per-host gateway (PRD 0070). It is NOT the
|
|
# orchestrator control plane: that is the separate, lean
|
|
# `bot-bottle-orchestrator` image (Dockerfile.orchestrator, #384), which
|
|
# ships only python + the stdlib-only `bot_bottle` package and none of
|
|
# this image's mitmproxy / git / gitleaks payload.
|
|
#
|
|
# Collapses the prior per-daemon images (egress, git-gate,
|
|
# supervise) into one. A small stdlib-Python init supervisor at
|
|
# /app/gateway_init.py spawns all daemons, forwards SIGTERM, and
|
|
# propagates per-daemon stdout/stderr to the container log with a
|
|
# `[name]` prefix. See PRD 0024 for the rationale.
|
|
#
|
|
# Layout:
|
|
#
|
|
# /usr/bin/gitleaks gitleaks binary
|
|
# /app/egress_addon.py mitmproxy addon entry point
|
|
# /app/egress-entrypoint.sh mitmdump launcher
|
|
# /app/supervise_server.py supervise MCP server entry point
|
|
# /app/gateway_init.py PID 1 supervisor entry point
|
|
# /app/git_http_backend.py git-http entry point
|
|
# /usr/local/lib/python*/bot_bottle/ installed package (all shared modules)
|
|
# /etc/egress/routes.yaml bind-mounted at run time
|
|
# /etc/git-gate/pre-receive docker-cp'd at start time
|
|
# /git-gate-entrypoint.sh docker-cp'd at start time
|
|
# /git-gate/creds/* docker-cp'd at start time
|
|
# /git/* bare repos, populated at runtime
|
|
# /run/supervise/bot-bottle.db bind-mounted at run time
|
|
# /home/mitmproxy/.mitmproxy/ mitmproxy CA dir
|
|
#
|
|
# Exposed ports inside the container:
|
|
# 9099 egress (mitmproxy, agent-facing HTTPS proxy)
|
|
# 9418 git-gate (git-daemon)
|
|
# 9420 git-gate smart HTTP (VM-backend agent-facing transport)
|
|
# 9100 supervise (MCP HTTP)
|
|
|
|
# Based on `python:3.12-slim` (Debian trixie) rather than the
|
|
# `mitmproxy/mitmproxy` image (Debian bookworm) so the whole stack —
|
|
# gateway here, and the firecracker infra image that builds FROM this —
|
|
# lands on trixie, whose buildah (1.39) can build agent Dockerfiles that
|
|
# use heredocs. mitmproxy is pip-installed to the same effect as the
|
|
# upstream image. (bookworm's buildah is 1.28, which can't parse
|
|
# `RUN ... <<EOF`; see the infra image + PR discussion.)
|
|
FROM python:3.12-slim
|
|
|
|
# Runtime system deps:
|
|
# git supplies the `git daemon` subcommand (no separate package)
|
|
# plus the core `git` binary the pre-receive hook invokes.
|
|
# openssh-client supplies the upstream SSH transport the
|
|
# pre-receive hook uses to forward accepted refs.
|
|
# ca-certificates is needed for mitmdump upstream TLS.
|
|
RUN apt-get update \
|
|
&& apt-get install -y --no-install-recommends \
|
|
git openssh-client ca-certificates \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# mitmdump (the egress data plane). The upstream mitmproxy image baked
|
|
# this in; on the plain python base we pip-install the same pinned
|
|
# version. Its CA dir is set explicitly via `--set confdir=` in
|
|
# egress-entrypoint.sh, so it doesn't depend on a `mitmproxy` home user.
|
|
RUN pip install --no-cache-dir mitmproxy==11.1.3
|
|
|
|
# gitleaks (the pre-receive hook's secret scanner). Installed from its
|
|
# official release, pinned by version + SHA256 and verified — rather than
|
|
# using a third-party image as a build stage (supply-chain surface, and it
|
|
# would pin us to that image's cadence). python (already present) does the
|
|
# download so we add no curl/wget. trixie apt also ships gitleaks, but an
|
|
# older 8.16; the pinned download keeps the verified 8.30.1.
|
|
#
|
|
# Arch-aware: the asset + SHA are picked from the build's target
|
|
# architecture so an arm64 host (Apple Silicon) gets the arm64 binary
|
|
# rather than an x86_64 one that dies with "Exec format error" the first
|
|
# time the pre-receive hook runs it. TARGETARCH is auto-populated by
|
|
# BuildKit; the dpkg fallback keeps it correct under a legacy builder.
|
|
ARG GITLEAKS_VERSION=8.30.1
|
|
ARG GITLEAKS_SHA256_AMD64=551f6fc83ea457d62a0d98237cbad105af8d557003051f41f3e7ca7b3f2470eb
|
|
ARG GITLEAKS_SHA256_ARM64=e4a487ee7ccd7d3a7f7ec08657610aa3606637dab924210b3aee62570fb4b080
|
|
ARG TARGETARCH
|
|
RUN arch="${TARGETARCH:-$(dpkg --print-architecture)}" \
|
|
&& case "$arch" in \
|
|
amd64) asset="linux_x64"; sha="${GITLEAKS_SHA256_AMD64}" ;; \
|
|
arm64) asset="linux_arm64"; sha="${GITLEAKS_SHA256_ARM64}" ;; \
|
|
*) echo "unsupported gitleaks target arch: $arch" >&2; exit 1 ;; \
|
|
esac \
|
|
&& url="https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_${asset}.tar.gz" \
|
|
&& python3 -c "import sys,urllib.request; urllib.request.urlretrieve(sys.argv[1], '/tmp/gitleaks.tar.gz')" "$url" \
|
|
&& echo "${sha} /tmp/gitleaks.tar.gz" | sha256sum -c - \
|
|
&& tar -xzf /tmp/gitleaks.tar.gz -C /usr/bin gitleaks \
|
|
&& rm /tmp/gitleaks.tar.gz
|
|
|
|
# Install bot_bottle as a proper package so entry-point scripts can use
|
|
# `from bot_bottle.X import Y` absolute imports. A rename or a missing
|
|
# module is caught at pip-install time — not at container runtime.
|
|
COPY pyproject.toml /src/
|
|
COPY bot_bottle/ /src/bot_bottle/
|
|
RUN pip install --no-cache-dir /src/
|
|
|
|
# Entry-point scripts invoked by gateway_init.py. These live at /app/
|
|
# so the supervisor, shell entrypoint, and ENTRYPOINT all reach them at
|
|
# known fixed paths. Their sibling imports all go through bot_bottle.*
|
|
# (the installed package above), not flat /app/ neighbours.
|
|
COPY bot_bottle/egress_addon.py /app/egress_addon.py
|
|
COPY bot_bottle/supervise_server.py /app/supervise_server.py
|
|
COPY bot_bottle/gateway_init.py /app/gateway_init.py
|
|
COPY bot_bottle/git_http_backend.py /app/git_http_backend.py
|
|
COPY bot_bottle/egress_entrypoint.sh /app/egress-entrypoint.sh
|
|
RUN chmod +x /app/egress-entrypoint.sh
|
|
|
|
# Pre-create runtime directories the compose renderer + start
|
|
# step expect to exist. `docker cp` does not create intermediate
|
|
# dirs, and bind mounts won't either if the parent is missing.
|
|
RUN mkdir -p \
|
|
/etc/egress \
|
|
/etc/git-gate \
|
|
/git-gate/creds \
|
|
/git \
|
|
/run/supervise \
|
|
/home/mitmproxy/.mitmproxy
|
|
|
|
# Documentation only — the compose renderer publishes whichever
|
|
# subset the bottle uses.
|
|
EXPOSE 8888 9099 9418 9420 9100
|
|
|
|
WORKDIR /app
|
|
|
|
# PID 1 is the supervisor. It owns signal handling and exit-code
|
|
# propagation; no `exec` chain in the entrypoint itself.
|
|
ENTRYPOINT ["python3", "/app/gateway_init.py"]
|