Skip to content
Snippets Groups Projects
Normal view Permalink
Dockerfile 2.18 KiB
Newer Older
Ole Langbehn's avatar
refactor(docker): use node slim images with major version (20|22)  
Ole Langbehn committed
1 
FROM europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/node:22-slim
Ole Langbehn's avatar
HOLI-1487 HOLI-1488 HOLI-1489 separate repo, docker, CI
Ole Langbehn committed
2
Ole Langbehn's avatar
fix more docker runtime issues  
Ole Langbehn committed
3 4 
# install all dependencies for later steps
RUN apt-get -y -qq update && apt-get install -y --no-install-recommends xz-utils ca-certificates curl \
Stephanie Freitag's avatar
HOLI-10281: check for dependency changes in docker as well  
Stephanie Freitag committed
5 6 
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*
Ole Langbehn's avatar
fix more docker runtime issues  
Ole Langbehn committed
7
Ole Langbehn's avatar
HOLI-1430 deploy oathkeeper  
Ole Langbehn committed
8 9 
# shell sanity with pipes (https://github.com/hadolint/hadolint/wiki/DL4006)
# needed for installation of s6
Ole Langbehn's avatar
fix build, move from alpine (apk) to debian (apt)  
Ole Langbehn committed
10 
SHELL ["/bin/bash", "-eo", "pipefail", "-c"]
Ole Langbehn's avatar
HOLI-1430 deploy oathkeeper  
Ole Langbehn committed
11
Stephanie Freitag's avatar
HOLI-10281: check for dependency changes in docker as well  
Stephanie Freitag committed
12 
# s6 for running ory oathkeeper proxy in the same container
Ole Langbehn's avatar
fix build, move from alpine (apk) to debian (apt)  
Ole Langbehn committed
13 14 15 16 17 18 
ARG S6_OVERLAY_VERSION=3.2.0.0

ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz
ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp
RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz
Ole Langbehn's avatar
HOLI-1430 deploy oathkeeper  
Ole Langbehn committed
19 20 21 22 23 24 
ENTRYPOINT ["/init"]

# start oathkeeper only when node is running (but we still need to wait until node opened the port, see oathkeeper/start.sh)
ENV S6_CMD_WAIT_FOR_SERVICES=1

# install oathkeeper
Ole Langbehn's avatar
fix build, move from alpine (apk) to debian (apt)  
Ole Langbehn committed
25 
RUN addgroup --system ory; adduser --system ory --group --disabled-login --no-create-home
Ole Langbehn's avatar
HOLI-1430 deploy oathkeeper  
Ole Langbehn committed
26 
# hadolint ignore=SC3001
Ole Langbehn's avatar
fix build, move from alpine (apk) to debian (apt)  
Ole Langbehn committed
27 28 
ADD https://raw.githubusercontent.com/ory/meta/master/install.sh /tmp
RUN sh /tmp/install.sh -d -b /opt/oathkeeper oathkeeper v0.40.7
Ole Langbehn's avatar
HOLI-1430 deploy oathkeeper  
Ole Langbehn committed
29 30 31 32 33 34 35 

# set up oathkeeper as background daemon
COPY s6/run s6/finish /etc/services.d/node/

# TODO https://github.com/just-containers/s6-overlay#dropping-privileges

# copy oathkeeper config
Daniel Bimschas's avatar
HOLI-4469: don't let unified-api crash on boot time / aggregate services at build time  
Daniel Bimschas committed
36 
COPY oathkeeper/config.yaml oathkeeper/rules-production.yaml oathkeeper/rules-staging.yaml oathkeeper/start.sh /opt/oathkeeper/
Ole Langbehn's avatar
HOLI-1430 deploy oathkeeper  
Ole Langbehn committed
37 38 39 40 41 42 43 44 45 

# expose oathkeeper proxy, not API
EXPOSE 4455

RUN chown -R ory:ory /opt/oathkeeper

CMD ["/opt/oathkeeper/start.sh"]

# install app
Ole Langbehn's avatar
HOLI-1487 HOLI-1488 HOLI-1489 separate repo, docker, CI
Ole Langbehn committed
46 
WORKDIR /app
Ole Langbehn's avatar
fix more docker runtime issues  
Ole Langbehn committed
47 
ENV NODE_ENV=production
Ole Langbehn's avatar
fix(docker): refactor Dockerfile  
Ole Langbehn committed
48 
COPY tsconfig.json package.json yarn.lock .meshrc.yml .yarnrc.yml logger.ts server.ts /app/
Stephanie Freitag's avatar
HOLI-6709: rename folder for handlers and include in docker image  
Stephanie Freitag committed
49 
COPY handlers /app/handlers
Daniel Bimschas's avatar
HOLI-4469: don't let unified-api crash on boot time / aggregate services at build time  
Daniel Bimschas committed
50 
COPY .mesh logger.ts /app/.mesh/
Ole Langbehn's avatar
fix(ci): corepack enable as root in Dockerfile  
Ole Langbehn committed
51 
RUN chown -R node:node /app && corepack enable
Ole Langbehn's avatar
HOLI-1487 HOLI-1488 HOLI-1489 separate repo, docker, CI
Ole Langbehn committed
52 
USER node
Ole Langbehn's avatar
fix(docker): use node_modules with yarn4 in docker  
Ole Langbehn committed
53
Ole Langbehn's avatar
fix(ci): enable corepack in docker  
Ole Langbehn committed
54 
# FIXME: use existing yarn cache to use consistent dependencies as in whole CI pipeline
Ole Langbehn's avatar
fix(ci): corepack enable as root in Dockerfile  
Ole Langbehn committed
55 
RUN yarn install --immutable --check-cache && yarn cache clean
Ole Langbehn's avatar
HOLI-1487 HOLI-1488 HOLI-1489 separate repo, docker, CI
Ole Langbehn committed
56
Ole Langbehn's avatar
HOLI-1430 deploy oathkeeper  
Ole Langbehn committed
57 58 
# switch back to root for s6 init
# hadolint ignore=DL3002
Ole Langbehn's avatar
bump the deployment for testing a hypothesis in debugging  
Ole Langbehn committed
59 
USER root