From 9ba61c346f2f3518e4e613036c4b00059afa19c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20Louz=C3=A1n?= Date: Mon, 30 Jul 2018 12:08:12 +0200 Subject: [PATCH] refactor(docker): multistage build / support for running as random uid - refactor env directives - move startup cmd to `docker-bin` directory to avoid it being included in the npm package --- .dockerignore | 4 ++-- Dockerfile | 35 +++++++++++++++--------------- {bin => docker-bin}/uid_entrypoint | 0 3 files changed, 19 insertions(+), 20 deletions(-) rename {bin => docker-bin}/uid_entrypoint (100%) diff --git a/.dockerignore b/.dockerignore index d784c9dc0..459d0e2e8 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,6 +1,6 @@ # we try to avoid adding files to the docker images that change often # or that are not needed for running the docker image -# tis greatly reduces the amount of times we need to rerun `npm install` when building image locally +# this greatly reduces the amount of times we need to rerun `npm install` when building image locally # https://codefresh.io/blog/not-ignore-dockerignore/ # https://docs.docker.com/engine/reference/builder/#dockerignore-file @@ -28,6 +28,6 @@ coverage/ jsconfig.json *.iml -# let's not get to recursive ;) +# let's not get too recursive ;) Dockerfile* docker-compose*.yaml diff --git a/Dockerfile b/Dockerfile index e7fae6c35..c010398f3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,8 @@ FROM node:10.3-alpine as builder +ENV NODE_ENV=production \ + VERDACCIO_BUILD_REGISTRY=https://registry.npmjs.org/ + RUN apk --no-cache add openssl ca-certificates wget && \ wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub && \ wget -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.25-r0/glibc-2.25-r0.apk && \ @@ -8,9 +11,6 @@ RUN apk --no-cache add openssl ca-certificates wget && \ WORKDIR /opt/verdaccio-build COPY . . -ENV NODE_ENV=production \ - VERDACCIO_BUILD_REGISTRY=https://registry.npmjs.org/ - RUN yarn config set registry $VERDACCIO_BUILD_REGISTRY && \ yarn install --production=false && \ yarn lint && \ @@ -24,36 +24,35 @@ RUN yarn config set registry $VERDACCIO_BUILD_REGISTRY && \ FROM node:10.3-alpine LABEL maintainer="https://github.com/verdaccio/verdaccio" +ENV VERDACCIO_APPDIR=/opt/verdaccio \ + VERDACCIO_USER_NAME=verdaccio \ + VERDACCIO_USER_UID=10001 \ + VERDACCIO_PORT=4873 \ + VERDACCIO_PROTOCOL=http +ENV PATH=$VERDACCIO_APPDIR/docker-bin:$PATH \ + HOME=$VERDACCIO_APPDIR + +WORKDIR $VERDACCIO_APPDIR + RUN apk --no-cache add openssl dumb-init RUN mkdir -p /verdaccio/storage /verdaccio/plugins /verdaccio/conf -ENV VERDACCIO_APPDIR=/opt/verdaccio -WORKDIR $VERDACCIO_APPDIR - COPY --from=builder /opt/verdaccio-build . ADD conf/docker.yaml /verdaccio/conf/config.yaml -ENV PATH=${VERDACCIO_APPDIR}/bin:${PATH} \ - HOME=${VERDACCIO_APPDIR} \ - VERDACCIO_USER_NAME=verdaccio \ - VERDACCIO_USER_UID=10001 - -RUN adduser -u ${VERDACCIO_USER_UID} -S -D -h ${VERDACCIO_APPDIR} -g "${VERDACCIO_USER_NAME} user" -s /sbin/nologin ${VERDACCIO_USER_NAME} && \ - chmod -R +x ${VERDACCIO_APPDIR}/bin && \ - chown -R ${VERDACCIO_USER_UID}:root /verdaccio/storage && \ +RUN adduser -u $VERDACCIO_USER_UID -S -D -h $VERDACCIO_APPDIR -g "$VERDACCIO_USER_NAME user" -s /sbin/nologin $VERDACCIO_USER_NAME && \ + chmod -R +x $VERDACCIO_APPDIR/bin $VERDACCIO_APPDIR/docker-bin && \ + chown -R $VERDACCIO_USER_UID:root /verdaccio/storage && \ chmod -R g=u /verdaccio/storage /etc/passwd USER $VERDACCIO_USER_UID -ENV VERDACCIO_PORT 4873 -ENV VERDACCIO_PROTOCOL http - EXPOSE $VERDACCIO_PORT VOLUME /verdaccio/storage ENTRYPOINT ["uid_entrypoint"] -CMD $VERDACCIO_APPDIR/bin/verdaccio --config /verdaccio/conf/config.yaml --listen $VERDACCIO_PROTOCOL://0.0.0.0:${VERDACCIO_PORT} +CMD $VERDACCIO_APPDIR/bin/verdaccio --config /verdaccio/conf/config.yaml --listen $VERDACCIO_PROTOCOL://0.0.0.0:$VERDACCIO_PORT diff --git a/bin/uid_entrypoint b/docker-bin/uid_entrypoint similarity index 100% rename from bin/uid_entrypoint rename to docker-bin/uid_entrypoint