From ac1442c640645b1b80b98fc3c25504df439ea1fa Mon Sep 17 00:00:00 2001 From: Calvin Bui <3604363+calvinbui@users.noreply.github.com> Date: Thu, 11 Jun 2020 11:31:46 +1000 Subject: [PATCH 1/3] use env for USER instruction --- Dockerfile | 2 +- Dockerfile.arm32v7 | 2 +- Dockerfile.arm64v8 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index ea28aa3ab..fd1120f6a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,6 +22,6 @@ ENV UID 911 RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} && \ apk add -U darkhttpd -USER darkhttpd +USER ${USER} ENTRYPOINT ["darkhttpd","/www/", "--no-listing"] \ No newline at end of file diff --git a/Dockerfile.arm32v7 b/Dockerfile.arm32v7 index 2113df58f..0b83a06f3 100644 --- a/Dockerfile.arm32v7 +++ b/Dockerfile.arm32v7 @@ -31,6 +31,6 @@ RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} & apk add -U darkhttpd && \ rm /usr/bin/qemu-arm-static -USER darkhttpd +USER ${USER} ENTRYPOINT ["darkhttpd","/www/","--no-listing"] diff --git a/Dockerfile.arm64v8 b/Dockerfile.arm64v8 index 90d35f355..c007d0495 100644 --- a/Dockerfile.arm64v8 +++ b/Dockerfile.arm64v8 @@ -31,6 +31,6 @@ RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} & apk add -U darkhttpd && \ rm /usr/bin/qemu-aarch64-static -USER darkhttpd +USER ${USER} ENTRYPOINT ["darkhttpd","/www/","--no-listing"] From d10b219db596bb215db502b42e19443b8924fd56 Mon Sep 17 00:00:00 2001 From: Calvin Bui <3604363+calvinbui@users.noreply.github.com> Date: Thu, 11 Jun 2020 11:32:24 +1000 Subject: [PATCH 2/3] copy artifacts later in the build step with permissions --- Dockerfile | 4 ++-- Dockerfile.arm32v7 | 3 ++- Dockerfile.arm64v8 | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index fd1120f6a..29fda0ed7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,8 +12,6 @@ RUN yarn build # production stage FROM alpine:3.11 -COPY --from=build-stage /app/dist /www/ - ENV USER darkhttpd ENV GROUP darkhttpd ENV GID 911 @@ -24,4 +22,6 @@ RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} & USER ${USER} +COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/ + ENTRYPOINT ["darkhttpd","/www/", "--no-listing"] \ No newline at end of file diff --git a/Dockerfile.arm32v7 b/Dockerfile.arm32v7 index 0b83a06f3..d1ef1389e 100644 --- a/Dockerfile.arm32v7 +++ b/Dockerfile.arm32v7 @@ -20,7 +20,6 @@ RUN wget https://github.com/multiarch/qemu-user-static/releases/download/${QEMU_ FROM arm32v7/alpine:3.11 COPY --from=qemu qemu-arm-static /usr/bin/ -COPY --from=build-stage /app/dist /www/ ENV USER darkhttpd ENV GROUP darkhttpd @@ -33,4 +32,6 @@ RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} & USER ${USER} +COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/ + ENTRYPOINT ["darkhttpd","/www/","--no-listing"] diff --git a/Dockerfile.arm64v8 b/Dockerfile.arm64v8 index c007d0495..2f26d09e8 100644 --- a/Dockerfile.arm64v8 +++ b/Dockerfile.arm64v8 @@ -20,7 +20,6 @@ RUN wget https://github.com/multiarch/qemu-user-static/releases/download/${QEMU_ FROM arm64v8/alpine:3.11 COPY --from=qemu qemu-aarch64-static /usr/bin/ -COPY --from=build-stage /app/dist /www/ ENV USER darkhttpd ENV GROUP darkhttpd @@ -33,4 +32,6 @@ RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} & USER ${USER} +COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/ + ENTRYPOINT ["darkhttpd","/www/","--no-listing"] From e6596ca6eea8792cb6b1a6a2e1c48b8ed44093cd Mon Sep 17 00:00:00 2001 From: Calvin Bui <3604363+calvinbui@users.noreply.github.com> Date: Thu, 11 Jun 2020 11:42:56 +1000 Subject: [PATCH 3/3] freeze-lockfile option on yarn --- Dockerfile | 2 +- Dockerfile.arm32v7 | 2 +- Dockerfile.arm64v8 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 29fda0ed7..205d759fe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ FROM node:lts-alpine as build-stage WORKDIR /app COPY package*.json ./ -RUN yarn install +RUN yarn install --frozen-lockfile COPY . . RUN yarn build diff --git a/Dockerfile.arm32v7 b/Dockerfile.arm32v7 index d1ef1389e..7664f6611 100644 --- a/Dockerfile.arm32v7 +++ b/Dockerfile.arm32v7 @@ -4,7 +4,7 @@ FROM node:lts-alpine as build-stage WORKDIR /app COPY package*.json ./ -RUN yarn install +RUN yarn install --frozen-lockfile COPY . . RUN yarn build diff --git a/Dockerfile.arm64v8 b/Dockerfile.arm64v8 index 2f26d09e8..0175341d9 100644 --- a/Dockerfile.arm64v8 +++ b/Dockerfile.arm64v8 @@ -4,7 +4,7 @@ FROM node:lts-alpine as build-stage WORKDIR /app COPY package*.json ./ -RUN yarn install +RUN yarn install --frozen-lockfile COPY . . RUN yarn build