mirror of
https://github.com/sartography/spiff-arena.git
synced 2025-02-02 20:53:33 +00:00
fc4dff6dfd
* upload trivy file only if it has been created w/ burnettk * fail only for critical and do not fail fast so we can get the scans for the other images as well w/ burnettk * update apt-get packages for connector proxy to fix trivy w/ burnettk * attempt to fix frontend and backend as well w/ burnettk * also update libaom w/ burnettk * remove test dockerfile w/ burnettk --------- Co-authored-by: jasquat <jasquat@users.noreply.github.com>
71 lines
1.7 KiB
Docker
71 lines
1.7 KiB
Docker
# Base image to share ENV vars that activate VENV.
|
|
FROM node:22.3.0-bookworm-slim AS base
|
|
|
|
RUN mkdir /app
|
|
|
|
WORKDIR /app
|
|
|
|
# curl for debugging
|
|
# procps for debugging
|
|
# vim ftw
|
|
RUN apt-get update \
|
|
&& apt-get clean -y \
|
|
&& apt-get install -y -q \
|
|
curl \
|
|
procps \
|
|
vim-tiny \
|
|
libkrb5support0 \
|
|
libexpat1 \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# this matches total memory on spiffworkflow-demo
|
|
ENV NODE_OPTIONS=--max_old_space_size=2048
|
|
|
|
|
|
######################## - SETUP
|
|
|
|
# Setup image for installing JS dependencies.
|
|
FROM base AS setup
|
|
|
|
COPY . /app/
|
|
|
|
RUN cp /app/package.json /app/package.json.bak
|
|
ADD justservewebserver.package.json /app/package.json
|
|
RUN npm ci --ignore-scripts
|
|
RUN cp -r /app/node_modules /app/node_modules.justserve
|
|
RUN cp /app/package.json.bak /app/package.json
|
|
|
|
# npm ci because it respects the lock file.
|
|
# --ignore-scripts because authors can do bad things in postinstall scripts.
|
|
# https://cheatsheetseries.owasp.org/cheatsheets/NPM_Security_Cheat_Sheet.html
|
|
# npx can-i-ignore-scripts can check that it's safe to ignore scripts.
|
|
RUN npm ci --ignore-scripts
|
|
|
|
RUN ./bin/build
|
|
|
|
|
|
######################## - FINAL
|
|
|
|
# Use nginx as the base image
|
|
FROM nginx:1.25.4-bookworm
|
|
|
|
RUN apt-get update \
|
|
&& apt-get clean -y \
|
|
&& apt-get install -y -q \
|
|
libkrb5support0 \
|
|
libexpat1 \
|
|
libaom3 \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Remove default nginx configuration
|
|
RUN rm -rf /etc/nginx/conf.d/*
|
|
|
|
# Copy the nginx configuration file
|
|
COPY docker_build/nginx.conf.template /var/tmp
|
|
|
|
# Copy the built static files into the nginx directory
|
|
COPY --from=setup /app/dist /usr/share/nginx/html
|
|
COPY --from=setup /app/bin /app/bin
|
|
|
|
CMD ["/app/bin/boot_server_in_docker"]
|