From 6be84272c04b74a6e3ade0e6b1a6216134693820 Mon Sep 17 00:00:00 2001 From: "yongen.loong" Date: Fri, 26 Jul 2024 17:27:07 +0800 Subject: [PATCH 1/5] ci: sonarqube --- .github/workflows/pr.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/pr.yml diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml new file mode 100644 index 0000000..718320d --- /dev/null +++ b/.github/workflows/pr.yml @@ -0,0 +1,21 @@ +on: + pull_request: + types: [opened, synchronize, reopened] + +name: SonarQube +jobs: + sonarqube: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + # Disabling shallow clones is recommended for improving the relevancy of reporting + fetch-depth: 0 + - name: SonarQube Scan + uses: sonarsource/sonarqube-scan-action@v2.1.0 # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/official-sonarqube-scan + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + with: + args: > + -Dsonar.projectKey=aelf-playground-next \ No newline at end of file From 1f02de0961594e9d8fdad78fb642422c4f7a7551 Mon Sep 17 00:00:00 2001 From: "yongen.loong" Date: Fri, 26 Jul 2024 17:35:59 +0800 Subject: [PATCH 2/5] fix: sonarqube issues --- Dockerfile | 4 ++-- Dockerfile.development | 12 ------------ compose.yml | 21 --------------------- 3 files changed, 2 insertions(+), 35 deletions(-) delete mode 100644 Dockerfile.development delete mode 100644 compose.yml diff --git a/Dockerfile b/Dockerfile index 11498da..4341d1e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,8 +19,8 @@ RUN chown nextjs:nodejs .next # Automatically leverage output traces to reduce image size # https://nextjs.org/docs/advanced-features/output-file-tracing -COPY --chown=nextjs:nodejs ./.next/standalone ./ -COPY --chown=nextjs:nodejs ./.next/static ./.next/static +COPY --chown=nextjs:nodejs --chmod=755 ./.next/standalone ./ +COPY --chown=nextjs:nodejs --chmod=755 ./.next/static ./.next/static USER nextjs diff --git a/Dockerfile.development b/Dockerfile.development deleted file mode 100644 index 4857ba8..0000000 --- a/Dockerfile.development +++ /dev/null @@ -1,12 +0,0 @@ -# Run as a non-privileged user -FROM node:18 -RUN useradd -ms /bin/sh -u 1001 app -USER app - -# Install dependencies -WORKDIR /app -COPY --chown=app:app package.json package-lock.json ./ -RUN npm install - -# Copy source files into application directory -COPY --chown=app:app . /app \ No newline at end of file diff --git a/compose.yml b/compose.yml deleted file mode 100644 index b17e3f1..0000000 --- a/compose.yml +++ /dev/null @@ -1,21 +0,0 @@ -services: - frontend: - build: - context: . - dockerfile: Dockerfile.development - command: npm run dev - develop: - watch: - - action: sync - path: ./ - target: /app - ignore: - - node_modules/ - - action: rebuild - path: package.json - ports: - - 3000:3000 - environment: - - BUILD_SERVER_BASE_URL=http://backend:7020 - backend: - image: aelfactory/playground-service \ No newline at end of file From b973d862ba28216100e4f2d25b1f31744bc8bdb9 Mon Sep 17 00:00:00 2001 From: "yongen.loong" Date: Fri, 26 Jul 2024 18:02:31 +0800 Subject: [PATCH 3/5] fix: sonarqube issues --- Dockerfile | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4341d1e..96a0e2e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,33 +1,24 @@ -FROM node:20-alpine AS base +FROM cgr.dev/chainguard/node -# Production image, copy all the files and run next -FROM base AS runner WORKDIR /app - ENV NODE_ENV production + # Uncomment the following line in case you want to disable telemetry during runtime. # ENV NEXT_TELEMETRY_DISABLED 1 -RUN addgroup --system --gid 1001 nodejs -RUN adduser --system --uid 1001 nextjs - COPY ./public ./public # Set the correct permission for prerender cache RUN mkdir .next -RUN chown nextjs:nodejs .next +RUN chown node:node .next # Automatically leverage output traces to reduce image size # https://nextjs.org/docs/advanced-features/output-file-tracing -COPY --chown=nextjs:nodejs --chmod=755 ./.next/standalone ./ -COPY --chown=nextjs:nodejs --chmod=755 ./.next/static ./.next/static - -USER nextjs - -EXPOSE 3000 +COPY --chown=node:node ./.next/standalone ./ +COPY --chown=node:node ./.next/static ./.next/static -ENV PORT 3000 +ENV HOSTNAME=0.0.0.0 # server.js is created by next build from the standalone output # https://nextjs.org/docs/pages/api-reference/next-config-js/output -CMD HOSTNAME="0.0.0.0" node server.js \ No newline at end of file +CMD [ "server.js" ] \ No newline at end of file From 336216a43c1d5c5bf689e6d8a711e328d884240d Mon Sep 17 00:00:00 2001 From: "yongen.loong" Date: Fri, 26 Jul 2024 20:12:05 +0800 Subject: [PATCH 4/5] fix: sonarqube security issues --- Dockerfile | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 96a0e2e..28bfd0d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,14 +8,10 @@ ENV NODE_ENV production COPY ./public ./public -# Set the correct permission for prerender cache -RUN mkdir .next -RUN chown node:node .next - # Automatically leverage output traces to reduce image size # https://nextjs.org/docs/advanced-features/output-file-tracing -COPY --chown=node:node ./.next/standalone ./ -COPY --chown=node:node ./.next/static ./.next/static +COPY ./.next/standalone ./ +COPY ./.next/static ./.next/static ENV HOSTNAME=0.0.0.0 From 709b56af78adb620f0bab6f16e60b7539e538a43 Mon Sep 17 00:00:00 2001 From: "yongen.loong" Date: Fri, 26 Jul 2024 20:17:09 +0800 Subject: [PATCH 5/5] user node --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 28bfd0d..8e71f6b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,6 +15,8 @@ COPY ./.next/static ./.next/static ENV HOSTNAME=0.0.0.0 +USER node + # server.js is created by next build from the standalone output # https://nextjs.org/docs/pages/api-reference/next-config-js/output CMD [ "server.js" ] \ No newline at end of file