Compare commits

...

4 Commits

Author SHA1 Message Date
dc732efdb7 feature(dockerfile): multi-stage build
- install node dependencies in builder stage
- final stage based on alpine with minimal nodejs installation
- npm not present, prevents idiotic lingering security issues
- 50% smaller final image
2022-02-26 21:59:05 -07:00
ec07b94cd3 chore(ide): update docker build args 2022-02-26 20:49:52 -07:00
ef87879b60 chore(dockerfile): bump alpine base version 2022-02-26 20:46:28 -07:00
48745eccbb chore(ide): add Rider docker build configuration 2022-02-26 20:46:09 -07:00
5 changed files with 74 additions and 22 deletions

View File

@ -0,0 +1,15 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="GitToolBoxProjectSettings">
<option name="commitMessageIssueKeyValidationOverride">
<BoolValueOverride>
<option name="enabled" value="true" />
</BoolValueOverride>
</option>
<option name="commitMessageValidationConfigOverride">
<CommitMessageValidationOverride>
<option name="enabled" value="true" />
</CommitMessageValidationOverride>
</option>
</component>
</project>

View File

@ -0,0 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="MarkdownSettings">
<enabledExtensions>
<entry key="MermaidLanguageExtension" value="false" />
<entry key="PlantUMLLanguageExtension" value="false" />
</enabledExtensions>
</component>
</project>

View File

@ -0,0 +1,28 @@
<component name="ProjectRunConfigurationManager">
<configuration default="false" name="build/Dockerfile" type="docker-deploy" factoryName="dockerfile" server-name="Docker LOCAL">
<deployment type="dockerfile">
<settings>
<option name="imageTag" value="docker.asifbacchus.dev/ab-livereload/ab-livereload:2.7.1" />
<option name="buildArgs">
<list>
<DockerEnvVarImpl>
<option name="name" value="INTERNAL_VERSION" />
<option name="value" value="3.0.0" />
</DockerEnvVarImpl>
<DockerEnvVarImpl>
<option name="name" value="GIT_COMMIT" />
<option name="value" value="" />
</DockerEnvVarImpl>
<DockerEnvVarImpl>
<option name="name" value="BUILD_DATE" />
<option name="value" value="2022-02-26" />
</DockerEnvVarImpl>
</list>
</option>
<option name="buildOnly" value="true" />
<option name="sourceFilePath" value="build/Dockerfile" />
</settings>
</deployment>
<method v="2" />
</configuration>
</component>

View File

@ -2,30 +2,40 @@
# allow dynamic building by specifying base image elements as build-args
ARG NODE_VERSION=16
ARG ALPINE_VERSION=3.14
FROM node:${NODE_VERSION}-alpine${ALPINE_VERSION}
ARG ALPINE_VERSION=3.15
FROM node:${NODE_VERSION}-alpine${ALPINE_VERSION} as builder
ARG NODE_VERSION
ARG ALPINE_VERSION
# install node dependences
WORKDIR /build
COPY [ "package.json", "package-lock.json", "./" ]
RUN npm ci --production
# final container
FROM alpine:${ALPINE_VERSION} as final
ARG NODE_VERSION
ARG ALPINE_VERSION
# create new node user with set UID and GID from build-args and create volume directories
ARG NODE_UID=9999
ARG NODE_GID=9999
RUN deluser --remove-home node \
&& addgroup -g ${NODE_GID} -S node \
RUN addgroup -g ${NODE_GID} -S node \
&& adduser -G node -S -u ${NODE_UID} node \
&& mkdir /watch /certs \
&& chown root:node /certs \
&& chmod 770 /certs
# create default volumes in-case user forgets, expose default port
# create default volumes in case user forgets, expose default port
VOLUME [ "/watch", "/certs" ]
EXPOSE 35729
# add tini, timezone support and create certificate directories
# add tini, timezone support, nodejs and create certificate directories
RUN apk --update --no-cache add \
tini \
tzdata \
openssl \
nodejs~${NODE_VERSION} \
&& apk --update --no-cache upgrade
# labels
@ -42,8 +52,6 @@ LABEL org.opencontainers.image.vendor="Asif Bacchus <asif@asifbacchus.dev>"
# default environment variables
ENV NODE_ENV=production
ENV NPM_CONFIG_PREFIX=/home/node/.npm-global
ENV PATH=/home/node/.npm-global/bin:$PATH
ENV TZ="Etc/UTC"
ENV LR_PORT=35729
ENV LR_EXTS="html,xml,css,js,jsx,ts,tsx,php,py"
@ -53,22 +61,14 @@ ENV LR_DEBUG=true
ENV LR_HTTPS=true
ENV CERT_HOSTNAME=""
# install node-livereload and express as node user then switch back to root user
USER node
# set-up application and copy dependencies from builder
WORKDIR /home/node
COPY --chown=node:node [ "package.json", "package-lock.json", "/home/node/" ]
RUN mkdir -p .npm-global/bin .npm-global/lib \
&& npm config set fund false \
&& npm config set update-notifier false \
&& npm install --save
COPY --chown=node:node [ "ab-livereload.js", "/home/node/"]
# copy scripts and fix-up all permissions
USER root
COPY [ "selfsigned.cnf", "/etc/selfsigned.cnf" ]
COPY [ "entrypoint.sh", "/usr/local/bin/entrypoint.sh" ]
RUN chown node:node /home/node/* \
&& chmod 644 /home/node/package* /home/node/ab-livereload.js \
COPY --chown=node:node [ "ab-livereload.js", "/home/node/"]
COPY --from=builder [ "/build/node_modules", "/home/node/node_modules" ]
RUN chown -R node:node /home/node/* \
&& chmod 644 /home/node/ab-livereload.js \
&& chmod 755 /usr/local/bin/entrypoint.sh \
&& chmod 644 /etc/selfsigned.cnf

View File

@ -1,6 +1,6 @@
{
"name": "ab-livereload",
"version": "1.0.0",
"version": "3.0.0",
"dependencies": {
"express": "^4.17.1",
"livereload": "^0.9.3"