Merge branch 'NOISSUE_unify-node-docker-tags' into 'main'

refactor(docker): use node slim images with major version (20|22) See merge request app/holi-unified-api!126

Merge branch 'NOISSUE_unify-node-docker-tags' into 'main'
d07fa46e · Ole Langbehn · 14c7af09 · 45a3f85a · d07fa46e · d07fa46e
Commit d07fa46e authored 5 months ago by Ole Langbehn
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -59,7 +59,7 @@ variables:
 ## common steps
 install_lint_test:
  stage: build
-  image: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/node:22-alpine'
+  image: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/node:22-slim'
  script:
    - yarn install
    - yarn lint
@@ -82,7 +82,7 @@ include:

 .build_mesh:
  needs: ['install_lint_test']
-  image: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/node:22-alpine'
+  image: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/node:22-slim'
  script:
    - yarn install
    - yarn run mesh build

--- a/Dockerfile
+++ b/Dockerfile
-FROM europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/node:22.5.1-alpine
+FROM europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/node:22-slim
+
+# install all dependencies for later steps
+RUN apt-get -y -qq update && apt-get install -y --no-install-recommends xz-utils ca-certificates curl \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/*

 # shell sanity with pipes (https://github.com/hadolint/hadolint/wiki/DL4006)
 # needed for installation of s6
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+SHELL ["/bin/bash", "-eo", "pipefail", "-c"]
+
+ # s6 for running ory oathkeeper proxy in the same container
+ARG S6_OVERLAY_VERSION=3.2.0.0

-# s6 for running ory oathkeeper proxy in the same container
-ARG S6_OVERLAY_VERSION=3.1.0.1
-RUN wget -c -q https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz -O - | tar -xJpC /
-RUN wget -c -q https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz -O - | tar -xJpC /
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
+RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp
+RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz
 ENTRYPOINT ["/init"]

 # start oathkeeper only when node is running (but we still need to wait until node opened the port, see oathkeeper/start.sh)
 ENV S6_CMD_WAIT_FOR_SERVICES=1

 # install oathkeeper
-RUN apk -U upgrade && apk --latest add curl ca-certificates
-RUN addgroup -S ory; adduser -S ory -G ory -D -H -s /bin/nologin
+RUN addgroup --system ory; adduser --system ory --group --disabled-login --no-create-home
 # hadolint ignore=SC3001
-RUN sh <(wget -c -q https://raw.githubusercontent.com/ory/meta/master/install.sh -O -) -d -b /opt/oathkeeper oathkeeper v0.40.7
+ADD https://raw.githubusercontent.com/ory/meta/master/install.sh /tmp
+RUN sh /tmp/install.sh -d -b /opt/oathkeeper oathkeeper v0.40.7

 # set up oathkeeper as background daemon
 COPY s6/run s6/finish /etc/services.d/node/
@@ -36,7 +44,7 @@ CMD ["/opt/oathkeeper/start.sh"]

 # install app
 WORKDIR /app
-ENV NODE_ENV production
+ENV NODE_ENV=production
 COPY tsconfig.json package.json yarn.lock .meshrc.yml logger.ts server.ts /app/
 COPY handlers /app/handlers
 COPY .mesh logger.ts /app/.mesh/

--- a/oathkeeper/start.sh
+++ b/oathkeeper/start.sh
-#!/command/with-contenv sh
+#!/command/with-contenv bash

-function check() {
+check() {
  curl --silent --output /dev/null http://localhost:4000/graphql -w "%{http_code}"
  return $?
 }

--- a/s6/finish
+++ b/s6/finish