forked from eclipse-edc/DataDashboard
-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: revert "ci: non-root container image (#437)" for MS8 as it cha…
…nges a port This reverts commit 7f732a1.
- Loading branch information
1 parent
776e70c
commit 8d0d2ce
Showing
4 changed files
with
17 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,42 +1,37 @@ | ||
# Stage 1: Install node modules | ||
FROM docker.io/library/node:lts as npm-install | ||
FROM node:lts as npm-install | ||
|
||
WORKDIR /app | ||
COPY ./package*.json /app/ | ||
RUN npm install | ||
|
||
# Stage 2: Build Project | ||
FROM docker.io/library/node:lts as build | ||
FROM node:lts as build | ||
|
||
WORKDIR /app | ||
COPY --from=npm-install /app/node_modules /app/node_modules | ||
COPY ./ /app/ | ||
RUN npm run ng build --no-progress --configuration=production | ||
|
||
# Stage 3: Serve app with nginx | ||
FROM docker.io/nginxinc/nginx-unprivileged:1.25-alpine3.18 | ||
FROM nginx:1.25.2-alpine | ||
|
||
# Temporarily switch to root to install packages and create symlink in restricted location | ||
USER root | ||
RUN apk add --no-cache jq curl | ||
RUN apk update && apk add jq esh --no-cache | ||
|
||
COPY --from=build /app/dist/edc-demo-client /usr/share/nginx/html | ||
COPY --from=build /app/src/assets /usr/share/nginx/html/assets | ||
COPY docker/default.conf.template etc/nginx/templates/default.conf.template | ||
# Before starting nginx, apply ENV vars to create app-config.json from EDC_UI_* ENV Vars | ||
# Use an entrypoint drop-in instead of modifying the default entrypoint or command, | ||
# so that the automatic envsubst templating is not disabled. | ||
COPY docker/99-generate-app-config.sh /docker-entrypoint.d/99-generate-app-config.sh | ||
COPY docker/default.conf.esh etc/nginx/conf.d/default.conf.esh | ||
|
||
RUN ln -sf /tmp/app-config.json /usr/share/nginx/html/assets/config/app-config.json \ | ||
# Nginx is configured to reject symlinks that point to a file owned by a different user, for security reasons | ||
&& chown --no-dereference nginx:root /usr/share/nginx/html/assets/config/app-config.json | ||
ENV NGINX_BIND="" | ||
ENV NGINX_PORT=80 | ||
|
||
# Switch back to unprivileged user for runtime | ||
USER nginx:nginx | ||
HEALTHCHECK --interval=2s --timeout=5s --retries=10 \ | ||
CMD curl -f http://${NGINX_BIND:"localhost"}:$NGINX_PORT/ || exit 1 | ||
|
||
ENV NGINX_BIND="0.0.0.0" | ||
ENV NGINX_PORT=8080 | ||
# Before starting nginx, apply ENV vars: | ||
# (1) Apply NGINX_BIND and NGINX_PORT to nginx.conf | ||
# (2) Create app-config.json from EDC_UI_* ENV Vars | ||
CMD esh -o /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.esh \ | ||
&& jq -n 'env | with_entries( select(.key | startswith("EDC_UI_") ) )' > /usr/share/nginx/html/assets/config/app-config.json \ | ||
&& nginx -g "daemon off;" | ||
|
||
HEALTHCHECK --interval=2s --timeout=5s --retries=10 \ | ||
CMD curl -f http://$NGINX_BIND:$NGINX_PORT/ || exit 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters