-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
45 lines (35 loc) · 1.75 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
FROM alpine:3
WORKDIR /redis-commander
# optional build arg to let the hardening process remove all package manager (apk, npm, yarn) too to not allow
# installation of packages anymore, default: do not remove "apk" to allow others to use this as a base image
# for own images
ARG REMOVE_APK=0
ENV SERVICE_USER=redis
ENV HOME=/redis-commander
ENV NODE_ENV=production
# only single copy command for most parts as other files are ignored via .dockerignore
# to create less layers
COPY . .
# for Openshift compatibility set project config dir itself group root and make it group writeable
RUN apk update \
&& apk upgrade \
&& apk add --no-cache ca-certificates dumb-init sed jq nodejs npm yarn icu-libs icu-data-full \
&& update-ca-certificates \
&& echo -e "\n---- Create runtime user and fix file access rights ----------" \
&& adduser "${SERVICE_USER}" -h "${HOME}" -G root -S -u 1000 \
&& chown -R root.root "${HOME}" \
&& chown -R "${SERVICE_USER}" "${HOME}/config" \
&& chmod g+w "${HOME}/config" \
&& chmod ug+r,o-rwx "${HOME}"/config/*.json \
&& echo -e "\n---- Check config file syntax --------------------------------" \
&& for i in "${HOME}"/config/*.json; do echo "checking config file $i"; cat "$i" | jq empty; ret=$?; if [ $ret -ne 0 ]; then exit $ret; fi; done \
&& echo -e "\n---- Installing app ------------------------------------------" \
&& npm install --production -s \
&& echo -e "\n---- Cleanup and hardening -----------------------------------" \
&& "${HOME}/docker/harden.sh" \
&& rm -rf /tmp/* /root/.??* /root/cache /var/cache/apk/*
USER 1000
HEALTHCHECK --interval=1m --timeout=2s CMD ["/redis-commander/bin/healthcheck.js"]
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD ["/redis-commander/docker/entrypoint.sh"]
EXPOSE 8081