Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docker Hub Image #37

Open
wants to merge 25 commits into
base: master
Choose a base branch
from
+445 −632
Open

Docker Hub Image #37

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
5bec28c
Add basic Dockerfile
bytesnz Jan 9, 2021
61c8f37
Create Github action for publish docker image on release
bytesnz Jan 9, 2021
ace0a83
Modify Dockerfile with suggested changes
bytesnz May 29, 2021
e7e6c44
Clean Dockefile
bytesnz Oct 22, 2021
304ca08
Add trivy test to docker build action
bytesnz Oct 22, 2021
2b7fffd
Merge branch 'master' into add-dockerfile
bytesnz Oct 22, 2021
72319ae
Remove unused var and move label to main container
bytesnz Oct 23, 2021
0ed6413
first pass at Docker README
bytesnz Oct 26, 2021
094109b
update Dockerfile label
bytesnz Oct 26, 2021
d924d26
Rewrite dockerfile to include tests
bytesnz Feb 1, 2022
55ccc56
Make aquasec check error when issue found
bytesnz Feb 2, 2022
a53db93
Remove Codacy badge and add details about building
bytesnz Feb 6, 2022
6520106
Add information about using docker image behind proxy
bytesnz Feb 6, 2022
cefdcb4
Clean and add references to the docker README
bytesnz Feb 7, 2022
9d63a99
Merge remote-tracking branch 'upstream/master' into add-dockerfile
bytesnz Feb 22, 2022
abb70bd
Update Dockerfile for changes
bytesnz Feb 22, 2022
ef0266c
Ensures Docker image uses tested package versions
DougReeder Feb 22, 2022
ff66f68
Ensure bin/armadietto.js has unix line endings
bytesnz Mar 29, 2022
d848bf1
Update location of config file to match main README
bytesnz Mar 29, 2022
e6b5d89
Merge remote-tracking branch 'upstream/master' into add-dockerfile
bytesnz May 5, 2022
2d1207b
Updates dependencies to fix vulnerabilities in ejs and minimist
DougReeder May 2, 2022
98a9f55
Merge remote-tracking branch 'upstream/master' into add-dockerfile
bytesnz Jul 10, 2022
19bfd49
Merge remote-tracking branch 'upstream/fix-injection-vulnerability' i…
bytesnz Jul 10, 2022
6b06312
Make sure job runs on tags
bytesnz Jul 10, 2022
098ddaf
Merge pull request #7 from DougReeder/add-dockerfile
bytesnz Oct 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions .github/workflows/docker-hub.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: Docker Image CI

on:
release:
types: [created]

jobs:
build:
runs-on: ubuntu-latest
env:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
steps:
- uses: actions/checkout@v2
- name: Build and publish Docker image
run: |
export VERSION=$(echo $GITHUB_REF | sed -re 's/^.*\/([0-9a-zA-Z._-]+)$/\1/')
test "$VERSION" != "$GITHUB_REF"
docker build --file docker/Dockerfile --tag $DOCKER_USER/armadietto:$VERSION .
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v cache:/root/.cache/ aquasec/trivy $DOCKER_USER/armadietto:$VERSION
docker login -u $DOCKER_USER -p $DOCKER_TOKEN
docker push $DOCKER_USER/armadietto:$VERSION
docker tag $DOCKER_USER/armadietto:$VERSION $DOCKER_USER/armadietto
docker push $DOCKER_USER/armadietto
54 changes: 54 additions & 0 deletions docker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
FROM alpine:latest as build
DougReeder marked this conversation as resolved.
Show resolved Hide resolved

ARG PKG_MANAGER="yarn"
ARG INSTALL_COMMAND="yarn install --pure-lockfile --production"

RUN mkdir /opt/armadietto
WORKDIR /opt/armadietto

RUN apk add nodejs $PKG_MANAGER

COPY package.json ./
COPY package-lock.json ./
DougReeder marked this conversation as resolved.
Show resolved Hide resolved
COPY yarn.lock ./

RUN $INSTALL_COMMAND

FROM alpine:latest

LABEL description="Armadietto NodeJS web service (a RemoteStorageJS backend)"
Copy link
Member

@raucao raucao Oct 23, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remoteStorage.js is only one client library for using/integrating the remoteStorage protocol. I'd suggest something like:

Suggested change
LABEL description="Armadietto NodeJS web service (a RemoteStorageJS backend)"
LABEL description="Armadietto node.js web service (a remoteStorage server)"

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me 👍


ARG CONFIG_PATH_STORAGE="/usr/share/armadietto"
ARG PROJECT_NAME="armadietto"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line is doubled (see line 5).

Copy link
Author

@bytesnz bytesnz Oct 23, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One for each container (build and the main container), thought it isn't used in the build container, so can delete it... done.

ARG PORT="8000"
ARG USER="armadietto"

ENV NODE_ENV=production
ENV PROJECT_NAME=$PROJECT_NAME
ENV PORT=$PORT

RUN mkdir /opt/armadietto
WORKDIR /opt/armadietto

RUN apk add nodejs
Copy link
Contributor

@JakubNer JakubNer Jan 16, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it OK to always bring in latest version? Should this be explicitly controlled? I guess same for alpine:latest on line 1.

I'm cool with it as it is, just thinking out loud, in light of recent debacles.

Was also looking for "dynamic" bits between October and now that could cause my failures building. But I don't think this is it either.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure what the default tag there points to, but latest active LTS makes most sense to me for node.js.

RUN mkdir -m 0700 $CONFIG_PATH_STORAGE
RUN adduser -u 6582 -HD $PROJECT_NAME
RUN chown $PROJECT_NAME $CONFIG_PATH_STORAGE

COPY --from=build /opt/armadietto/node_modules/ node_modules/
COPY package.json ./
COPY README.md ./
COPY lib/ lib/
COPY bin/ bin/

RUN ln -s /opt/armadietto/bin/armadietto.js /usr/local/bin/armadietto

COPY docker/config.json /etc/armadietto.conf.json
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting this up in k8s and I find myself changing /etc to /usr/local/etc to make it easier to mount my own config without clobbering the rest of the /etc folder: data file mount.

Maybe we can keep this as /usr/local/etc/..?

Copy link
Author

@bytesnz bytesnz Mar 21, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I agree with the not clobbering /etc. I did it based on the README, which has changed to /etc/armadietto/conf now (so should update it in this...?). With the docker image, you can store the conf file wherever you want, it just needs to be mounted in /etc, so it isn't too bad the way it is atm (in /etc)?


VOLUME $CONFIG_PATH_STORAGE
EXPOSE $PORT
USER $PROJECT_NAME

CMD $PROJECT_NAME -c /etc/armadietto.conf.json

HEALTHCHECK --start-period=10s CMD wget -q -O /dev/null http://127.0.0.1:$PORT/
18 changes: 18 additions & 0 deletions docker/config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"allow_signup": true,
"storage_path": "/usr/share/armadietto",
"cache_views": true,
"http": {
"host": "0.0.0.0",
"port": 8000
},
"https": {
"enable": false,
"force": false,
"port": 4443,
"cert": "/etc/letsencrypt/live/example.com/cert.pem",
"key": "/etc/letsencrypt/live/example.com/privkey.pem"
},
"basePath": ""
}