Skip to content

Commit

Permalink
fix(alpine-node-nginx): build own node@14 base image
Browse files Browse the repository at this point in the history
  • Loading branch information
@Heymdall
Heymdall committed Oct 17, 2023
1 parent f343d8a commit 7f65ce4
Show file tree
Hide file tree
Showing 6 changed files with 155 additions and 6 deletions.
27 changes: 23 additions & 4 deletions .github/workflows/alpine-node.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,19 +5,38 @@ on:
push:
branches:
- master
paths:
- packages/alpine-node-nginx/**

env:
# version that would be tagged as latest
LATEST_VERSION: 14.21.3

jobs:

# build node@14 with alpine 3.18
buildOldNode:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2

- name: Build and push Docker images
uses: docker/build-push-action@v1
with:
path: packages/alpine-node-nginx/node-14-alpine-3.18/
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
repository: alfabankui/arui-scripts
tags: 14.21.3-alpine-3.18

build:
strategy:
matrix:
versions: [
{ node: 14.21.3, alpine: 3.16 },
{ node: 16.20.0, alpine: 3.18 },
{ node: 18.18.2, alpine: 3.18 },
{ node: 14.21.3, alpine: 3.18, image: alfabankui/nodejs },
{ node: 16.20.0, alpine: 3.18, image: node },
{ node: 18.18.2, alpine: 3.18, image: node },
]
runs-on: ubuntu-latest
steps:
Expand All @@ -31,5 +50,5 @@ jobs:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
repository: alfabankui/arui-scripts
build_args: NODE_VERSION=${{ matrix.versions.node }},ALPINE_VERSION=${{ matrix.versions.alpine }}
build_args: NODE_VERSION=${{ matrix.versions.node }},ALPINE_VERSION=${{ matrix.versions.alpine }},NODE_BASE_IMAGE=${{ matrix.versions.image }}
tags: ${{ matrix.versions.node == env.LATEST_VERSION && format('{0},latest', matrix.versions.node) || matrix.version.node }}
3 changes: 2 additions & 1 deletion packages/alpine-node-nginx/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
ARG NODE_VERSION=latest
ARG ALPINE_VERSION=3.14
ARG NODE_BASE_IMAGE=node

# Copied from https://github.com/fholzer/docker-nginx-brotli/blob/master/Dockerfile
# this is a build container, target one is in the end
Expand Down Expand Up @@ -138,7 +139,7 @@ RUN \
## end copy


FROM node:${NODE_VERSION}-alpine${ALPINE_VERSION}
FROM ${NODE_BASE_IMAGE}:${NODE_VERSION}-alpine${ALPINE_VERSION}

COPY --from=0 /tmp/runDeps.txt /tmp/runDeps.txt
COPY --from=0 /etc/nginx /etc/nginx
Expand Down
2 changes: 1 addition & 1 deletion packages/alpine-node-nginx/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ alpine-node-nginx
на данный момент это `14.21.3`. Другие доступные версии:

- 14.21.3
- 16.20.0
- 16.20.2
- 18.16.0

### Локальная сборка контейнера
Expand Down
108 changes: 108 additions & 0 deletions packages/alpine-node-nginx/node-14-alpine-3.18/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
# based on https://github.com/nodejs/docker-node/blob/6c20762ebfb6ab35c874c4fe540a55ab8fd6c49d/20/alpine3.18/Dockerfile
# and https://hub.docker.com/layers/library/node/14.21.3-alpine3.17/images/sha256-4e84c956cd276af9ed14a8b2939a734364c2b0042485e90e1b97175e73dfd548?context=explore
FROM alpine:3.18

ENV NODE_VERSION 14.21.3

RUN addgroup -g 1000 node \
&& adduser -u 1000 -G node -s /bin/sh -D node \
&& apk add --no-cache \
libstdc++ \
&& apk add --no-cache --virtual .build-deps \
curl \
&& ARCH= && alpineArch="$(apk --print-arch)" \
&& case "${alpineArch##*-}" in \
x86_64) \
ARCH='x64' \
CHECKSUM="39c334bd7ef3a6e5a5a396e08b3edbe335d86161bbfba222c75aa4a3518af942" \
;; \
*) ;; \
esac \
&& if [ -n "${CHECKSUM}" ]; then \
set -eu; \
curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \
echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
&& ln -s /usr/local/bin/node /usr/local/bin/nodejs; \
else \
echo "Building from source" \
# backup build
&& apk add --no-cache --virtual .build-deps-full \
binutils-gold \
g++ \
gcc \
gnupg \
libgcc \
linux-headers \
make \
python3 \
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
&& export GNUPGHOME="$(mktemp -d)" \
# gpg keys listed at https://github.com/nodejs/node#release-keys
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
141F07595B7B3FFE74309A937405533BE57C7D57 \
74F12602B6F1C4E913FAA37AD3A89613643B6201 \
DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
61FC681DFB92A079F1685E77973F295594EC4689 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
108F52B48DB57BB0CC439B2997B01419BD92F80A \
A363A499291CBBC940DD62E41F10027AF002F8B0 \
; do \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
done \
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
&& gpgconf --kill all \
&& rm -rf "$GNUPGHOME" \
&& grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
&& tar -xf "node-v$NODE_VERSION.tar.xz" \
&& cd "node-v$NODE_VERSION" \
&& ./configure \
&& make -j$(getconf _NPROCESSORS_ONLN) V= \
&& make install \
&& apk del .build-deps-full \
&& cd .. \
&& rm -Rf "node-v$NODE_VERSION" \
&& rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \
fi \
&& rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \
&& apk del .build-deps \
# smoke tests
&& node --version \
&& npm --version

ENV YARN_VERSION 1.22.19

RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
&& export GNUPGHOME="$(mktemp -d)" \
&& for key in \
6A010C5166006599AA17F08146C2130DFD2497F5 \
; do \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
done \
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
&& gpgconf --kill all \
&& rm -rf "$GNUPGHOME" \
&& mkdir -p /opt \
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \
&& rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
&& apk del .build-deps-yarn \
# smoke test
&& yarn --version

COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]

CMD [ "node" ]
10 changes: 10 additions & 0 deletions packages/alpine-node-nginx/node-14-alpine-3.18/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Базовый образ nodejs@14 на основе alpine 3.18

Часть проектов все еще живет на node@14. [email protected], на котором основан последний официальный базовый образ 14 ноды
содержит пакеты с уязвимостями. Поэтому просто собираем свой образ с 14 нодой на alpine 3.18

Код основан на:
- [Dockerfile node 20](https://github.com/nodejs/docker-node/blob/6c20762ebfb6ab35c874c4fe540a55ab8fd6c49d/20/alpine3.18/Dockerfile)
- [Dockerfile node 14](https://hub.docker.com/layers/library/node/14.21.3-alpine3.17/images/sha256-4e84c956cd276af9ed14a8b2939a734364c2b0042485e90e1b97175e73dfd548?context=explore)

Этот образ должен умереть вместе с удалением nodejs@14.
11 changes: 11 additions & 0 deletions packages/alpine-node-nginx/node-14-alpine-3.18/docker-entrypoint.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#!/bin/sh
set -e

# Run command with node if the first argument contains a "-" or is not a system command. The last
# part inside the "{}" is a workaround for the following bug in ash/dash:
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264
if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then
set -- node "$@"
fi

exec "$@"

0 comments on commit 7f65ce4

Please sign in to comment.