-
Notifications
You must be signed in to change notification settings - Fork 13
Expand file tree
/
Copy pathDockerfile.api
More file actions
143 lines (123 loc) · 5.47 KB
/
Dockerfile.api
File metadata and controls
143 lines (123 loc) · 5.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
FROM ghcr.io/disic/designgouv-confiture/base:3.16.2
ARG VERSION=1.0
# Used by sentry:sourcemaps script in backend package.json
ARG SENTRY_ORG
ARG SENTRY_PROJECT
ARG SENTRY_AUTH_TOKEN
# Include all workspaces so that we can install them all from root folder
# See "yarn install --immutable" further down
# Associated issues:
# - [Individual lockfile per workspace](https://github.com/yarnpkg/berry/issues/1223)
# - [[Feature] "yarn workspaces focus" option --immutable](https://github.com/yarnpkg/berry/issues/1803)
COPY package.json yarn.lock .yarnrc.yml CHANGELOG.md ROADMAP.md /tmp/
COPY confiture-rest-api /tmp/confiture-rest-api
COPY confiture-web-app /tmp/confiture-web-app
USER root
# For some reason, installing nodejs with the following command fixes the compatibility issues when we install the desired version later
# From: https://github.com/nodejs/node/issues/41058#issuecomment-998966573
RUN apk -UvX http://dl-4.alpinelinux.org/alpine/edge/main add -u nodejs
# Needed for RGAA files (see "postinstall" script)
RUN apk update && apk add git
ENV NODE_VERSION=22.14.0 YARN_VERSION=4.9.2
RUN addgroup -g 1000 node \
&& adduser -u 1000 -G node -s /bin/sh -D node \
&& apk upgrade \
&& apk add --no-cache \
libstdc++ \
&& apk add --no-cache --virtual .build-deps \
curl \
&& ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \
&& case "${alpineArch##*-}" in \
x86_64) ARCH='x64' CHECKSUM="87f163387ac85df69df6eeb863a6b6a1aa789b49cda1c495871c0fe360634db3" OPENSSL_ARCH=linux-x86_64;; \
x86) OPENSSL_ARCH=linux-elf;; \
aarch64) OPENSSL_ARCH=linux-aarch64;; \
arm*) OPENSSL_ARCH=linux-armv4;; \
ppc64le) OPENSSL_ARCH=linux-ppc64le;; \
s390x) OPENSSL_ARCH=linux-s390x;; \
*) ;; \
esac \
&& if [ -n "${CHECKSUM}" ]; then \
set -eu; \
curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \
echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
&& ln -s /usr/local/bin/node /usr/local/bin/nodejs; \
else \
echo "Building from source" \
# backup build
&& apk add --no-cache --virtual .build-deps-full \
binutils-gold \
g++ \
gcc \
gnupg \
libgcc \
linux-headers \
make \
python3 \
py-setuptools \
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
&& export GNUPGHOME="$(mktemp -d)" \
# gpg keys listed at https://github.com/nodejs/node#release-keys
&& for key in \
C0D6248439F1D5604AAFFB4021D900FFDB233756 \
DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
CC68F5A3106FF448322E48ED27F5E38D5B0A215F \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
108F52B48DB57BB0CC439B2997B01419BD92F80A \
A363A499291CBBC940DD62E41F10027AF002F8B0 \
; do \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
done \
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
&& gpgconf --kill all \
&& rm -rf "$GNUPGHOME" \
&& grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
&& tar -xf "node-v$NODE_VERSION.tar.xz" \
&& cd "node-v$NODE_VERSION" \
&& ./configure \
&& make -j$(getconf _NPROCESSORS_ONLN) V= \
&& make install \
&& apk del .build-deps-full \
&& cd .. \
&& rm -Rf "node-v$NODE_VERSION" \
&& rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \
fi \
&& rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \
# Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451
&& find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \
&& apk del .build-deps \
# smoke tests
&& node --version \
&& npm --version
# create nginx user \
RUN adduser -D -u 2003 dinum_backend
# install application \
WORKDIR /home/dinum_backend
# Beware: simple "mv" does not move hidden files (starting with ".")
RUN mv /tmp/* .
RUN mv /tmp/.yarnrc.yml ./
RUN corepack enable && corepack prepare yarn@${YARN_VERSION} --activate
# Install from root working directory (all workspaces taken into account)
# so that the yarn.lock should match the copied one (--immutable is important)
# Note: postinstall needs to be executed (automatically done)
RUN yarn install --immutable
WORKDIR /home/dinum_backend/confiture-rest-api
RUN yarn workspace confiture-rest-api run build
RUN yarn workspace confiture-rest-api run sentry:sourcemaps
# set correct permissions
RUN cp /root/.profile /home/dinum_backend/.profile
RUN chown -R dinum_backend:dinum_backend /home/dinum_backend
RUN chmod -R go= /home/dinum_backend
# Entrypoint is tini, add command to execute
CMD [ "node", "dist/main" ]
# rootless
USER "dinum_backend"
# source /home/dinum_backend/.profile even if not login shell
ENV ENV="/home/dinum_backend/.profile"
# expose port
EXPOSE 4000