ab-docker/ab-livereload
1
0
Fork 0
Code Issues Pull Requests Releases 7 Activity

feature(dockerfile): multi-stage build

Browse Source 
- install node dependencies in builder stage
- final stage based on alpine with minimal nodejs installation
- npm not present, prevents idiotic lingering security issues
- 50% smaller final image
This commit is contained in:
Asif Bacchus 2022-02-26 21:59:05 -07:00
parent ec07b94cd3
commit dc732efdb7
3 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.run/build_Dockerfile.run.xml
View File

@ -7,11 +7,11 @@
<list> <list>
<DockerEnvVarImpl> <DockerEnvVarImpl>
<option name="name" value="INTERNAL_VERSION" /> <option name="name" value="INTERNAL_VERSION" />
<option name="value" value="2.7.1" /> <option name="value" value="3.0.0" />
</DockerEnvVarImpl> </DockerEnvVarImpl>
<DockerEnvVarImpl> <DockerEnvVarImpl>
<option name="name" value="GIT_COMMIT" /> <option name="name" value="GIT_COMMIT" />
<option name="value" value="ef87879b60" /> <option name="value" value="" />
</DockerEnvVarImpl> </DockerEnvVarImpl>
<DockerEnvVarImpl> <DockerEnvVarImpl>
<option name="name" value="BUILD_DATE" /> <option name="name" value="BUILD_DATE" />

40
build/Dockerfile
View File

@ -3,29 +3,39 @@
# allow dynamic building by specifying base image elements as build-args # allow dynamic building by specifying base image elements as build-args
ARG NODE_VERSION=16 ARG NODE_VERSION=16
ARG ALPINE_VERSION=3.15 ARG ALPINE_VERSION=3.15
FROM node:${NODE_VERSION}-alpine${ALPINE_VERSION} FROM node:${NODE_VERSION}-alpine${ALPINE_VERSION} as builder
ARG NODE_VERSION
ARG ALPINE_VERSION
# install node dependences
WORKDIR /build
COPY [ "package.json", "package-lock.json", "./" ]
RUN npm ci --production
# final container
FROM alpine:${ALPINE_VERSION} as final
ARG NODE_VERSION ARG NODE_VERSION
ARG ALPINE_VERSION ARG ALPINE_VERSION
# create new node user with set UID and GID from build-args and create volume directories # create new node user with set UID and GID from build-args and create volume directories
ARG NODE_UID=9999 ARG NODE_UID=9999
ARG NODE_GID=9999 ARG NODE_GID=9999
RUN deluser --remove-home node \ RUN addgroup -g ${NODE_GID} -S node \
&& addgroup -g ${NODE_GID} -S node \
&& adduser -G node -S -u ${NODE_UID} node \ && adduser -G node -S -u ${NODE_UID} node \
&& mkdir /watch /certs \ && mkdir /watch /certs \
&& chown root:node /certs \ && chown root:node /certs \
&& chmod 770 /certs && chmod 770 /certs
# create default volumes in-case user forgets, expose default port # create default volumes in case user forgets, expose default port
VOLUME [ "/watch", "/certs" ] VOLUME [ "/watch", "/certs" ]
EXPOSE 35729 EXPOSE 35729
# add tini, timezone support and create certificate directories # add tini, timezone support, nodejs and create certificate directories
RUN apk --update --no-cache add \ RUN apk --update --no-cache add \
tini \ tini \
tzdata \ tzdata \
openssl \ openssl \
nodejs~${NODE_VERSION} \
&& apk --update --no-cache upgrade && apk --update --no-cache upgrade
# labels # labels
@ -42,8 +52,6 @@ LABEL org.opencontainers.image.vendor="Asif Bacchus <asif@asifbacchus.dev>"
# default environment variables # default environment variables
ENV NODE_ENV=production ENV NODE_ENV=production
ENV NPM_CONFIG_PREFIX=/home/node/.npm-global
ENV PATH=/home/node/.npm-global/bin:$PATH
ENV TZ="Etc/UTC" ENV TZ="Etc/UTC"
ENV LR_PORT=35729 ENV LR_PORT=35729
ENV LR_EXTS="html,xml,css,js,jsx,ts,tsx,php,py" ENV LR_EXTS="html,xml,css,js,jsx,ts,tsx,php,py"
@ -53,22 +61,14 @@ ENV LR_DEBUG=true
ENV LR_HTTPS=true ENV LR_HTTPS=true
ENV CERT_HOSTNAME="" ENV CERT_HOSTNAME=""
# install node-livereload and express as node user then switch back to root user # set-up application and copy dependencies from builder
USER node
WORKDIR /home/node WORKDIR /home/node
COPY --chown=node:node [ "package.json", "package-lock.json", "/home/node/" ]
RUN mkdir -p .npm-global/bin .npm-global/lib \
&& npm config set fund false \
&& npm config set update-notifier false \
&& npm install --save
COPY --chown=node:node [ "ab-livereload.js", "/home/node/"]
# copy scripts and fix-up all permissions
USER root
COPY [ "selfsigned.cnf", "/etc/selfsigned.cnf" ] COPY [ "selfsigned.cnf", "/etc/selfsigned.cnf" ]
COPY [ "entrypoint.sh", "/usr/local/bin/entrypoint.sh" ] COPY [ "entrypoint.sh", "/usr/local/bin/entrypoint.sh" ]
RUN chown node:node /home/node/* \ COPY --chown=node:node [ "ab-livereload.js", "/home/node/"]
&& chmod 644 /home/node/package* /home/node/ab-livereload.js \ COPY --from=builder [ "/build/node_modules", "/home/node/node_modules" ]
RUN chown -R node:node /home/node/* \
&& chmod 644 /home/node/ab-livereload.js \
&& chmod 755 /usr/local/bin/entrypoint.sh \ && chmod 755 /usr/local/bin/entrypoint.sh \
&& chmod 644 /etc/selfsigned.cnf && chmod 644 /etc/selfsigned.cnf

2
build/package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "ab-livereload", "name": "ab-livereload",
"version": "1.0.0", "version": "3.0.0",
"dependencies": { "dependencies": {
"express": "^4.17.1", "express": "^4.17.1",
"livereload": "^0.9.3" "livereload": "^0.9.3"