From b713fb5650d9d3a55f78567a3d0af151401f32c4 Mon Sep 17 00:00:00 2001 From: Jonas Janz <5434875+PixelJonas@users.noreply.github.com> Date: Tue, 25 Oct 2022 21:18:37 +0200 Subject: [PATCH] feat(docker) revert ubuntu base image (#863) * feat(docker) revert ubuntu base image This PR reverts the base image for immich-server back to alpine Adds LICENSE to all Images Quiets apt-get commands when building ensures write-permission for root group on app folders Signed-off-by: PixelJonas <5434875+PixelJonas@users.noreply.github.com> * Test build old Docker content * Revert and retry Signed-off-by: PixelJonas <5434875+PixelJonas@users.noreply.github.com> Co-authored-by: Alex Tran --- machine-learning/Dockerfile | 21 +++++++++++++++------ machine-learning/LICENSE | 21 +++++++++++++++++++++ nginx/Dockerfile | 3 +++ nginx/LICENSE | 21 +++++++++++++++++++++ server/Dockerfile | 33 +++++++++++++-------------------- server/LICENSE | 21 +++++++++++++++++++++ web/Dockerfile | 14 ++++++++++---- web/LICENSE | 21 +++++++++++++++++++++ 8 files changed, 125 insertions(+), 30 deletions(-) create mode 100644 machine-learning/LICENSE create mode 100644 nginx/LICENSE create mode 100644 server/LICENSE create mode 100644 web/LICENSE diff --git a/machine-learning/Dockerfile b/machine-learning/Dockerfile index d9b505f15b..b69b501efc 100644 --- a/machine-learning/Dockerfile +++ b/machine-learning/Dockerfile @@ -7,8 +7,9 @@ WORKDIR /usr/src/app COPY package.json package-lock.json ./ -RUN apt-get update -RUN apt-get install gcc g++ make cmake python3 python3-pip ffmpeg -y +RUN apt-get update > /dev/null \ + && apt-get install --no-install-recommends -y gcc g++ make cmake python3 python3-pip ffmpeg > /dev/null \ + && apt-get clean && rm -rf /var/lib/apt/lists/* RUN npm ci RUN npm rebuild @tensorflow/tfjs-node --build-from-source @@ -23,6 +24,9 @@ FROM node:16-bullseye-slim ARG DEBIAN_FRONTEND=noninteractive +COPY LICENSE /licenses/LICENSE.txt +COPY LICENSE /LICENSE + WORKDIR /usr/src/app COPY package.json package-lock.json ./ @@ -30,13 +34,18 @@ COPY entrypoint.sh ./ RUN mkdir -p /usr/src/app/dist \ && mkdir -p /usr/src/app/node_modules \ - && apt-get update \ - && apt-get install -y ffmpeg \ - && rm -rf /var/cache/apt/lists + && mkdir -p /usr/src/app/.reverse-geocoding-dump \ + && apt-get update > /dev/null \ + && apt-get install --no-install-recommends -y ffmpeg > /dev/null \ + && apt-get clean \ + && rm -rf /var/cache/apt/lists/* COPY --from=builder /usr/src/app/node_modules ./node_modules COPY --from=builder /usr/src/app/dist ./dist RUN npm prune --production -# CMD [ "node", "dist/main" ] +RUN chown -R node:0 /usr/src/app \ + && chmod -R g=u /usr/src/app + +RUN addgroup node root \ No newline at end of file diff --git a/machine-learning/LICENSE b/machine-learning/LICENSE new file mode 100644 index 0000000000..a72f398805 --- /dev/null +++ b/machine-learning/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 Hau Tran + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/nginx/Dockerfile b/nginx/Dockerfile index b1bbe3d00e..ef3a9a2647 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,5 +1,8 @@ FROM docker.io/nginxinc/nginx-unprivileged:latest +COPY LICENSE /licenses/LICENSE.txt +COPY LICENSE /LICENSE + COPY nginx.conf "/etc/nginx/nginx.conf" CMD nginx -g "daemon off;" \ No newline at end of file diff --git a/nginx/LICENSE b/nginx/LICENSE new file mode 100644 index 0000000000..a72f398805 --- /dev/null +++ b/nginx/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 Hau Tran + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/server/Dockerfile b/server/Dockerfile index 0793be04be..ccad886a5d 100644 --- a/server/Dockerfile +++ b/server/Dockerfile @@ -1,19 +1,10 @@ -# Build stage -FROM node:16-slim as builder +FROM node:16-alpine3.14 as builder WORKDIR /usr/src/app COPY package.json package-lock.json ./ -RUN apt-get update && \ - apt-get install -y --no-install-recommends \ - build-essential \ - python3 \ - libheif-dev \ - libvips-dev \ - ffmpeg && \ - apt-get -y clean && apt-get autoremove -y && apt-get purge -y --auto-remove && rm -rf /var/lib/apt/lists/* - +RUN apk add --update-cache build-base python3 libheif vips-dev ffmpeg RUN npm ci COPY . . @@ -21,27 +12,29 @@ COPY . . RUN npm run build # Prod stage -FROM node:16-slim +FROM node:16-alpine3.14 WORKDIR /usr/src/app +COPY LICENSE /licenses/LICENSE.txt +COPY LICENSE /LICENSE COPY package.json package-lock.json ./ COPY start-server.sh start-microservices.sh ./ -RUN mkdir -p /usr/src/app/dist - -RUN apt-get update && \ - apt-get install -y --no-install-recommends \ - libheif-dev \ - libvips-dev \ - ffmpeg && \ - apt-get -y clean && apt-get autoremove -y && apt-get purge -y --auto-remove && rm -rf /var/lib/apt/lists/* +RUN mkdir -p /usr/src/app/dist \ + && mkdir /usr/src/app/.reverse-geocoding-dump \ + && apk add --no-cache libheif vips ffmpeg COPY --from=builder /usr/src/app/node_modules ./node_modules COPY --from=builder /usr/src/app/dist ./dist RUN npm prune --production +RUN chown -R node:0 /usr/src/app \ + && chmod -R g=u /usr/src/app + +RUN addgroup node root + VOLUME /usr/src/app/upload EXPOSE 3001 diff --git a/server/LICENSE b/server/LICENSE new file mode 100644 index 0000000000..a72f398805 --- /dev/null +++ b/server/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 Hau Tran + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/web/Dockerfile b/web/Dockerfile index 9986b8fce6..af35b489fc 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -1,11 +1,13 @@ # Our Node base image FROM node:16-alpine3.14 as base +COPY LICENSE /licenses/LICENSE.txt +COPY LICENSE /LICENSE + WORKDIR /usr/src/app -RUN chown node:node /usr/src/app - -RUN apk add --no-cache setpriv +RUN chown node:node /usr/src/app && \ + apk add --no-cache setpriv COPY --chown=node:node package*.json ./ @@ -13,7 +15,11 @@ RUN npm ci COPY --chown=node:node . . -RUN npm run build +RUN npm run build \ + && chown -R node:0 /usr/src/app \ + && chmod -R g=u /usr/src/app + +RUN addgroup node root EXPOSE 3000 diff --git a/web/LICENSE b/web/LICENSE new file mode 100644 index 0000000000..a72f398805 --- /dev/null +++ b/web/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 Hau Tran + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE.