Dockerfile for ansible + awscliv2 + gosu

ansible-awscli-gosu-Dockerfile

## $ docker build -t myansible .
## $ export AWS_PROFILE="..."
## $ docker run -it --rm -e AWS_PROFILE \
##                       -e MY_UID=$(id -u) -e MY_GID=$(id -g)  \
##                       -v ${HOME}/.aws/config:/home/user/.aws/config:ro \
##                       -v ${HOME}/.aws/credentials:/home/user/.aws/credentials:ro \
##                       -v ${HOME}/.ssh/:/home/user/.ssh/:ro \
##                       -v $(pwd):/work \
##                       --workdir=/work myansible ansible -i inventory all -m ping
 
FROM golang:1-bullseye as builder

# session-manager-plugin
RUN set -eux; \
        git clone https://github.com/aws/session-manager-plugin.git /tmp/session-manager-plugin; \
        cd /tmp/session-manager-plugin; \
        PLUGIN_VERSION="$( git tag --sort=-creatordate \
                | sort -V \
                | grep -E '[0-9]+\.[0-9]+\.[0-9]+$' \
                | tail -1 \
        )"; \
        git checkout "${PLUGIN_VERSION}"; \
        echo -n "${PLUGIN_VERSION}" > VERSION; \
	find /tmp/session-manager-plugin -name '*.go' -print0 | xargs -0 -n1 gofmt -w; \
        make clean checkstyle release-test pre-release build-linux-amd64 build-arm64 prepack-linux-amd64 prepack-linux-arm64; \
	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
        mv bin/linux_${dpkgArch}_plugin/session-manager-plugin /usr/bin/session-manager-plugin; \
	rm -rf tmp/session-manager-plugin; \
        chmod +x /usr/bin/session-manager-plugin; \
        /usr/bin/session-manager-plugin --version


FROM python:3-slim-bullseye as production

RUN set -ex; \
	if ! command -v gpg > /dev/null; then \
		apt-get update; \
		apt-get install -y --no-install-recommends \
			gnupg \
			dirmngr \
		; \
		rm -rf /var/lib/apt/lists/*; \
	fi

# See list of versions at https://github.com/aws/aws-cli/blob/v2/CHANGELOG.rst
ENV AWSCLI_VERSION 2.9.18
RUN set -eux; \
        savedAptMark="$(apt-mark showmanual)"; \
        apt-get update; \
        apt-get install -y --no-install-recommends ca-certificates curl unzip; \
	rm -rf /var/lib/apt/lists/*; \
	curl -o awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m)-${AWSCLI_VERSION}.zip"; \
	curl -o awscliv2.sig "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m)-${AWSCLI_VERSION}.zip.sig"; \
	export GNUPGHOME="$(mktemp -d)"; \
	gpg --batch --keyserver hkps://pgp.mit.edu --recv-keys FB5DB77FD5C118B80511ADA8A6310ACC4672475C; \
	gpg --batch --verify awscliv2.sig awscliv2.zip; \
	gpgconf --kill all; \
	unzip awscliv2.zip; \
	rm -rf "$GNUPGHOME" awscliv2.sig awscliv2.zip; \
        apt-mark auto '.*' > /dev/null; \
        [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
        apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
	./aws/install; \
	rm -rf ./aws; \
	aws --version


# grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.16
RUN set -eux; \
	savedAptMark="$(apt-mark showmanual)"; \
	apt-get update; \
	apt-get install -y --no-install-recommends ca-certificates wget; \
	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
	wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-${dpkgArch}"; \
	wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-${dpkgArch}.asc"; \
	export GNUPGHOME="$(mktemp -d)"; \
	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
	gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
	gpgconf --kill all; \
	rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
	apt-mark auto '.*' > /dev/null; \
	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
	rm -rf /var/lib/apt/lists/*; \
	chmod +x /usr/local/bin/gosu; \
	gosu --version; \
	gosu nobody true

ENV ANSIBLE_VERSION 5.10.0
RUN set -eux; \
	\
	savedAptMark="$(apt-mark showmanual)"; \
	apt-get update; \
	apt-get install -y --no-install-recommends \
		g++ \
		gcc \
		libyaml-dev \
		libpq-dev \
		libkrb5-dev \
		libssl-dev \
		libffi-dev \
		libxml2-dev \
		libxslt-dev \
		default-libmysqlclient-dev \
		default-mysql-client \
		postgresql-client \
		python3-dev \
		python3-yaml \
		python3-pip \
	; \
	pip install --no-cache-dir --no-compile ansible~="$ANSIBLE_VERSION" pyyaml pycrypto netaddr boto boto3 paramiko psycopg2 openshift \
		 dnspython mitogen PyMySQL pexpect jsondiff \
	; \
	apt-mark auto '.*' > /dev/null; \
	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
	rm -rf /var/lib/apt/lists/*; \
	ansible --version

RUN set -ex; \
	apt-get update; \
	apt-get install -y --no-install-recommends \
		git \
		openssh-client \
		jq \
		rsync \
		libpq5 \
		libyaml-0-2 \
		less \
		vim \
		sshpass \
	; \
	rm -rf /var/lib/apt/lists/*

COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh

COPY --from=builder /usr/bin/session-manager-plugin /usr/bin/session-manager-plugin

ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

ansible-awscli-gosu-entrypoint.sh

#!/bin/bash

USER_ID=${MY_UID:-1000}
GROUP_ID=${MY_GID:-1000}

groupadd -g $GROUP_ID -o user
useradd --shell /bin/bash -u $USER_ID -g $GROUP_ID -o -c "" -M user
export HOME=/home/user
install -d -o $USER_ID -g $GROUP_ID -m 0755 $HOME

exec /usr/local/bin/gosu user "$@"