Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docker Hub Image #37

Open
wants to merge 25 commits into
base: master
Choose a base branch
from
Open

Docker Hub Image #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
5bec28c
Add basic Dockerfile
bytesnz Jan 9, 2021
61c8f37
Create Github action for publish docker image on release
bytesnz Jan 9, 2021
ace0a83
Modify Dockerfile with suggested changes
bytesnz May 29, 2021
e7e6c44
Clean Dockefile
bytesnz Oct 22, 2021
304ca08
Add trivy test to docker build action
bytesnz Oct 22, 2021
2b7fffd
Merge branch 'master' into add-dockerfile
bytesnz Oct 22, 2021
72319ae
Remove unused var and move label to main container
bytesnz Oct 23, 2021
0ed6413
first pass at Docker README
bytesnz Oct 26, 2021
094109b
update Dockerfile label
bytesnz Oct 26, 2021
d924d26
Rewrite dockerfile to include tests
bytesnz Feb 1, 2022
55ccc56
Make aquasec check error when issue found
bytesnz Feb 2, 2022
a53db93
Remove Codacy badge and add details about building
bytesnz Feb 6, 2022
6520106
Add information about using docker image behind proxy
bytesnz Feb 6, 2022
cefdcb4
Clean and add references to the docker README
bytesnz Feb 7, 2022
9d63a99
Merge remote-tracking branch 'upstream/master' into add-dockerfile
bytesnz Feb 22, 2022
abb70bd
Update Dockerfile for changes
bytesnz Feb 22, 2022
ef0266c
Ensures Docker image uses tested package versions
DougReeder Feb 22, 2022
ff66f68
Ensure bin/armadietto.js has unix line endings
bytesnz Mar 29, 2022
d848bf1
Update location of config file to match main README
bytesnz Mar 29, 2022
e6b5d89
Merge remote-tracking branch 'upstream/master' into add-dockerfile
bytesnz May 5, 2022
2d1207b
Updates dependencies to fix vulnerabilities in ejs and minimist
DougReeder May 2, 2022
98a9f55
Merge remote-tracking branch 'upstream/master' into add-dockerfile
bytesnz Jul 10, 2022
19bfd49
Merge remote-tracking branch 'upstream/fix-injection-vulnerability' i…
bytesnz Jul 10, 2022
6b06312
Make sure job runs on tags
bytesnz Jul 10, 2022
098ddaf
Merge pull request #7 from DougReeder/add-dockerfile
bytesnz Oct 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
102 changes: 102 additions & 0 deletions .github/workflows/docker-hub.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
name: Docker Image CI

on:
release:
types: [published]
push:
branches:
- '*'
tags:
- '*'

jobs:
version:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- id: version
name: Get and check version
run: |
export VERSION=$(echo $GITHUB_REF | sed -re 's/^.*\/([0-9a-zA-Z._-]+)$/\1/')
echo "::set-output name=version::$VERSION"
echo version is $VERSION
build:
runs-on: ubuntu-latest
needs:
- version
env:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
steps:
- uses: actions/checkout@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Build
uses: docker/build-push-action@v2
with:
context: .
file: ./docker/Dockerfile
tags: ${{ env.DOCKER_USER }}/armadietto:${{ needs.version.outputs.version }}
outputs: type=docker,dest=/tmp/docker.tar
- name: Upload artifact
uses: actions/upload-artifact@v2
with:
name: docker
path: /tmp/docker.tar
sec_test:
runs-on: ubuntu-latest
needs:
- version
- build
env:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
steps:
- name: Download artifacts
uses: actions/download-artifact@v2
with:
name: docker
path: /tmp
- name: Load docker image
run: docker load --input /tmp/docker.tar
- name: Run security tests
continue-on-error: true
run: |
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image --exit-code 1 $DOCKER_USER/armadietto:${{ needs.version.outputs.version }}
#e2e_test:
# runs-on: ubuntu-latest
# needs:
# - version
# - build
# steps:
# - uses: actions/checkout@v2
# - name: Download artifacts
# uses: actions/download-artifact@v2
# with:
# name: docker
# path: /tmp
# - name: Load docker image
# run: docker load --input /tmp/docker.tar
publish:
if: github.ref_type == 'tag'
runs-on: ubuntu-latest
needs:
- version
- sec_test
#- e2e_test
env:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
steps:
- name: Download artifacts
uses: actions/download-artifact@v2
with:
name: docker
path: /tmp
- name: Load docker image
run: docker load --input /tmp/docker.tar
- name: Publish Docker image
run: |
docker login -u $DOCKER_USER -p $DOCKER_TOKEN
docker push $DOCKER_USER/armadietto:${{ needs.version.outputs.version }}
docker tag $DOCKER_USER/armadietto:${{ needs.version.outputs.version }} $DOCKER_USER/armadietto
docker push $DOCKER_USER/armadietto
63 changes: 63 additions & 0 deletions docker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
FROM alpine:latest as build
DougReeder marked this conversation as resolved.
Show resolved Hide resolved

ARG PKG_MANAGER="npm"
ARG INSTALL_COMMAND="npm ci --production"

RUN mkdir /opt/armadietto
WORKDIR /opt/armadietto

RUN apk add nodejs $PKG_MANAGER

COPY package.json ./
COPY package-lock.json ./
DougReeder marked this conversation as resolved.
Show resolved Hide resolved

RUN $INSTALL_COMMAND

FROM alpine:latest

LABEL description="Armadietto Node.js web service (a remoteStorage server)"

ARG CONFIG_PATH_STORAGE="/usr/share/armadietto"
ARG CONFIG_PATH_LOGS="/opt/armadietto/logs"
ARG PROJECT_NAME="armadietto"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line is doubled (see line 5).

Copy link
Author

@bytesnz bytesnz Oct 23, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One for each container (build and the main container), thought it isn't used in the build container, so can delete it... done.

ARG PORT="8000"
ARG USER="armadietto"

ENV NODE_ENV=production
ENV PROJECT_NAME=$PROJECT_NAME
ENV PORT=$PORT

RUN mkdir /opt/armadietto
WORKDIR /opt/armadietto


RUN apk add nodejs
Copy link
Contributor

@JakubNer JakubNer Jan 16, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it OK to always bring in latest version? Should this be explicitly controlled? I guess same for alpine:latest on line 1.

I'm cool with it as it is, just thinking out loud, in light of recent debacles.

Was also looking for "dynamic" bits between October and now that could cause my failures building. But I don't think this is it either.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure what the default tag there points to, but latest active LTS makes most sense to me for node.js.


RUN adduser -u 6582 -HD $PROJECT_NAME

RUN mkdir -m 0700 $CONFIG_PATH_STORAGE
RUN mkdir -m 0700 $CONFIG_PATH_LOGS
RUN chown $PROJECT_NAME $CONFIG_PATH_STORAGE
RUN chown $PROJECT_NAME $CONFIG_PATH_LOGS

COPY --from=build /opt/armadietto/node_modules/ node_modules/
COPY package.json ./
COPY README.md ./
COPY lib/ lib/
COPY bin/ bin/

# Ensure bin file (esp the bang line) has unix eol
RUN dos2unix bin/armadietto.js

RUN ln -s /opt/armadietto/bin/armadietto.js /usr/local/bin/armadietto

COPY docker/config.json /etc/armadietto/conf

VOLUME $CONFIG_PATH_STORAGE
VOLUME $CONFIG_PATH_LOGS
EXPOSE $PORT
USER $PROJECT_NAME

CMD armadietto -c /etc/armadietto/conf

HEALTHCHECK --start-period=10s CMD wget -q -O /dev/null http://127.0.0.1:$PORT/
98 changes: 98 additions & 0 deletions docker/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
# armadietto [![Build Status](https://secure.travis-ci.org/remotestorage/armadietto.svg)](http://travis-ci.org/remotestorage/armadietto) [![js-semistandard-style](https://img.shields.io/badge/code%20style-semistandard-brightgreen.svg?style=flat-square)](https://github.com/Flet/semistandard)

> ### WARNING
> Please do not consider `armadietto` production ready, this project is still
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not an issue with this PR, but wondering out loud, what is the gate at which we consider Armadietto production ready? I think hard to assess how many production workloads are already running on top of it?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question! I think it merits its own issue or forums topic.

> considered experimental. As with any alpha-stage storage technology, you
> MUST expect that it will eat your data and take precautions against this. You
> SHOULD expect that its APIs and storage schemas will change before it is
> labelled stable.

## What is this?

Armadietto is a [RemoteStorage](https://remotestorage.io) server written for Node.js.

This is a complete rewrite of [reStore](https://github.com/jcoglan/restore).

It is also available as the
[armadietto](https://www.npmjs.com/package/armadietto) NPM package.

## Usage

```
docker run -d -p 8000:8000 remotestorage/armadietto:latest
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Under MacOS 11.6.2, with Docker Desktop 4.4.2, this line alone evokes the error
Unable to find image 'remotestorage/armadietto:latest' locally
Should there be a build step?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Will work once it has been published, but yes, will add info about building.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added in a53db93

Copy link
Author

@bytesnz bytesnz Feb 6, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have just added info about running the docker image behind a proxy as well as it is quite a common thing to do 723f843 6520106

```

### Configuration

The default configuration file for armadietto can be found within the docker
container in `/etc/armadietto/conf` and contains the following
configuration:

```json
{
"allow_signup": true,
"storage_path": "/usr/share/armadietto",
"cache_views": true,
"http": {
"host": "0.0.0.0",
"port": 8000
},
"https": {
"enable": false,
"force": false,
"port": 4443,
"cert": "/etc/letsencrypt/live/example.com/cert.pem",
"key": "/etc/letsencrypt/live/example.com/privkey.pem"
},
"logging": {
"log_dir": "logs",
"stdout": ["info"],
"log_files": ["error"]
},
"basePath": ""
}
```

A custom configuration file can be used by mounting it in the container

```
docker run -d -v /my/custom/armadietto.conf.json:/etc/armadietto/conf:ro -p 8000:8000 remotestorage/armadietto:latest
```

A suitable data directory should also be mounted in the container to
ensure data is persisted.

```
docker run -d -v /data/armadietto:/usr/share/armadietto -p 8000:8000 remotestorage/armadietto:latest
```

*Note:* The data and log folders and their contents must be writable and
readable by the container user, which is by default the `armadietto` user
(UID 6582).

### Behind a Proxy

To use armadietto behind a proxy, ensure the `X-Forwarded-Host` and
`X-Forwareded-Proto` headers are passed to armadietto to ensure it uses the
correct address. For more information, see the
[notes](https://github.com/remotestorage/armadietto/tree/master/notes)
folder in the armadietto git repository.

## Development

The armadietto docker image is built using the
[armadietto](https://github.com/remotestorage/armadietto) git repository
and the [`docker/Dockerfile`](https://github.com/remotestorage/armadietto/blob/master/docker/Dockerfile)
[Dockerfile](https://docs.docker.com/engine/reference/builder/). To build
the image yourself, clone the git repository and use the
[`docker build`](https://docs.docker.com/engine/reference/commandline/build/) command.

```
git clone https://github.com/remotestorage/armadietto
cd armadietto
docker build -t remotestorage/armadietto -f docker/Dockerfile .
```

Further information about the development of armadietto can be found in the
[DEVELOPMENT.md](https://github.com/remotestorage/armadietto/blob/master/DEVELOPMENT.md)
file in git repository.
23 changes: 23 additions & 0 deletions docker/config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
{
"allow_signup": true,
"storage_path": "/usr/share/armadietto",
"cache_views": true,
"http": {
"host": "0.0.0.0",
"port": 8000
},
"https": {
"enable": false,
"force": false,
"port": 4443,
"cert": "/etc/letsencrypt/live/example.com/cert.pem",
"key": "/etc/letsencrypt/live/example.com/privkey.pem"
},
"logging": {
"log_dir": "logs",
"stdout": ["info"],
"log_files": ["error"]
},
"basePath": ""
}

Loading