From 2215897bee9521340f7779564a6ad1ab69029a01 Mon Sep 17 00:00:00 2001 From: Aleksandr Kitov Date: Tue, 17 Oct 2023 11:26:29 +0200 Subject: [PATCH] fix(alpine-node-nginx): build own node@14 base image --- .github/workflows/alpine-node.yml | 27 ++++- packages/alpine-node-nginx/Dockerfile | 3 +- packages/alpine-node-nginx/README.md | 2 +- .../node-14-alpine-3.18/Dockerfile | 108 ++++++++++++++++++ .../node-14-alpine-3.18/README.md | 10 ++ .../node-14-alpine-3.18/docker-entrypoint.sh | 11 ++ 6 files changed, 155 insertions(+), 6 deletions(-) create mode 100644 packages/alpine-node-nginx/node-14-alpine-3.18/Dockerfile create mode 100644 packages/alpine-node-nginx/node-14-alpine-3.18/README.md create mode 100755 packages/alpine-node-nginx/node-14-alpine-3.18/docker-entrypoint.sh diff --git a/.github/workflows/alpine-node.yml b/.github/workflows/alpine-node.yml index 5253dd22..d974a87d 100644 --- a/.github/workflows/alpine-node.yml +++ b/.github/workflows/alpine-node.yml @@ -5,19 +5,38 @@ on: push: branches: - master + paths: + - packages/alpine-node-nginx/** env: # version that would be tagged as latest LATEST_VERSION: 14.21.3 jobs: + + # build node@14 with alpine 3.18 + buildOldNode: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Build and push Docker images + uses: docker/build-push-action@v1 + with: + path: packages/alpine-node-nginx/node-14-alpine-3.18/ + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_ACCESS_TOKEN }} + repository: alfabankui/arui-scripts + tags: 14.21.3-alpine-3.18 + build: strategy: matrix: versions: [ - { node: 14.21.3, alpine: 3.16 }, - { node: 16.20.0, alpine: 3.18 }, - { node: 18.18.2, alpine: 3.18 }, + { node: 14.21.3, alpine: 3.18, image: alfabankui/nodejs }, + { node: 16.20.2, alpine: 3.18, image: node }, + { node: 18.18.2, alpine: 3.18, image: node }, ] runs-on: ubuntu-latest steps: @@ -31,5 +50,5 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_ACCESS_TOKEN }} repository: alfabankui/arui-scripts - build_args: NODE_VERSION=${{ matrix.versions.node }},ALPINE_VERSION=${{ matrix.versions.alpine }} + build_args: NODE_VERSION=${{ matrix.versions.node }},ALPINE_VERSION=${{ matrix.versions.alpine }},NODE_BASE_IMAGE=${{ matrix.versions.image }} tags: ${{ matrix.versions.node == env.LATEST_VERSION && format('{0},latest', matrix.versions.node) || matrix.version.node }} diff --git a/packages/alpine-node-nginx/Dockerfile b/packages/alpine-node-nginx/Dockerfile index 7a12e1b1..ce7e4b9f 100644 --- a/packages/alpine-node-nginx/Dockerfile +++ b/packages/alpine-node-nginx/Dockerfile @@ -1,5 +1,6 @@ ARG NODE_VERSION=latest ARG ALPINE_VERSION=3.14 +ARG NODE_BASE_IMAGE=node # Copied from https://github.com/fholzer/docker-nginx-brotli/blob/master/Dockerfile # this is a build container, target one is in the end @@ -138,7 +139,7 @@ RUN \ ## end copy -FROM node:${NODE_VERSION}-alpine${ALPINE_VERSION} +FROM ${NODE_BASE_IMAGE}:${NODE_VERSION}-alpine${ALPINE_VERSION} COPY --from=0 /tmp/runDeps.txt /tmp/runDeps.txt COPY --from=0 /etc/nginx /etc/nginx diff --git a/packages/alpine-node-nginx/README.md b/packages/alpine-node-nginx/README.md index ad362618..1459495a 100644 --- a/packages/alpine-node-nginx/README.md +++ b/packages/alpine-node-nginx/README.md @@ -9,7 +9,7 @@ alpine-node-nginx на данный момент это `14.21.3`. Другие доступные версии: - 14.21.3 -- 16.20.0 +- 16.20.2 - 18.16.0 ### Локальная сборка контейнера diff --git a/packages/alpine-node-nginx/node-14-alpine-3.18/Dockerfile b/packages/alpine-node-nginx/node-14-alpine-3.18/Dockerfile new file mode 100644 index 00000000..bd34333e --- /dev/null +++ b/packages/alpine-node-nginx/node-14-alpine-3.18/Dockerfile @@ -0,0 +1,108 @@ +# based on https://github.com/nodejs/docker-node/blob/6c20762ebfb6ab35c874c4fe540a55ab8fd6c49d/20/alpine3.18/Dockerfile +# and https://hub.docker.com/layers/library/node/14.21.3-alpine3.17/images/sha256-4e84c956cd276af9ed14a8b2939a734364c2b0042485e90e1b97175e73dfd548?context=explore +FROM alpine:3.18 + +ENV NODE_VERSION 14.21.3 + +RUN addgroup -g 1000 node \ + && adduser -u 1000 -G node -s /bin/sh -D node \ + && apk add --no-cache \ + libstdc++ \ + && apk add --no-cache --virtual .build-deps \ + curl \ + && ARCH= && alpineArch="$(apk --print-arch)" \ + && case "${alpineArch##*-}" in \ + x86_64) \ + ARCH='x64' \ + CHECKSUM="39c334bd7ef3a6e5a5a396e08b3edbe335d86161bbfba222c75aa4a3518af942" \ + ;; \ + *) ;; \ + esac \ + && if [ -n "${CHECKSUM}" ]; then \ + set -eu; \ + curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ + echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ + else \ + echo "Building from source" \ + # backup build + && apk add --no-cache --virtual .build-deps-full \ + binutils-gold \ + g++ \ + gcc \ + gnupg \ + libgcc \ + linux-headers \ + make \ + python3 \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 4ED778F539E3634C779C87C6D7062848A1AB005C \ + 141F07595B7B3FFE74309A937405533BE57C7D57 \ + 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + 61FC681DFB92A079F1685E77973F295594EC4689 \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xf "node-v$NODE_VERSION.tar.xz" \ + && cd "node-v$NODE_VERSION" \ + && ./configure \ + && make -j$(getconf _NPROCESSORS_ONLN) V= \ + && make install \ + && apk del .build-deps-full \ + && cd .. \ + && rm -Rf "node-v$NODE_VERSION" \ + && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ + fi \ + && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version + +ENV YARN_VERSION 1.22.19 + +RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apk del .build-deps-yarn \ + # smoke test + && yarn --version + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/packages/alpine-node-nginx/node-14-alpine-3.18/README.md b/packages/alpine-node-nginx/node-14-alpine-3.18/README.md new file mode 100644 index 00000000..4c2a80ee --- /dev/null +++ b/packages/alpine-node-nginx/node-14-alpine-3.18/README.md @@ -0,0 +1,10 @@ +# Базовый образ nodejs@14 на основе alpine 3.18 + +Часть проектов все еще живет на node@14. alpine@3.16, на котором основан последний официальный базовый образ 14 ноды +содержит пакеты с уязвимостями. Поэтому просто собираем свой образ с 14 нодой на alpine 3.18 + +Код основан на: +- [Dockerfile node 20](https://github.com/nodejs/docker-node/blob/6c20762ebfb6ab35c874c4fe540a55ab8fd6c49d/20/alpine3.18/Dockerfile) +- [Dockerfile node 14](https://hub.docker.com/layers/library/node/14.21.3-alpine3.17/images/sha256-4e84c956cd276af9ed14a8b2939a734364c2b0042485e90e1b97175e73dfd548?context=explore) + +Этот образ должен умереть вместе с удалением nodejs@14. diff --git a/packages/alpine-node-nginx/node-14-alpine-3.18/docker-entrypoint.sh b/packages/alpine-node-nginx/node-14-alpine-3.18/docker-entrypoint.sh new file mode 100755 index 00000000..1b3116e5 --- /dev/null +++ b/packages/alpine-node-nginx/node-14-alpine-3.18/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@"