From 46d47690a777cff6d047cc7a58a3349a15458805 Mon Sep 17 00:00:00 2001 From: sm47916 Date: Wed, 14 Jun 2023 09:58:00 +0200 Subject: [PATCH 1/8] update nodejs image --- docker-builds/base/Dockerfile | 116 +++++++++++++++++++++--- docker-builds/base/docker-entrypoint.sh | 11 +++ docker-builds/server/Dockerfile | 56 ++++++------ 3 files changed, 144 insertions(+), 39 deletions(-) create mode 100644 docker-builds/base/docker-entrypoint.sh diff --git a/docker-builds/base/Dockerfile b/docker-builds/base/Dockerfile index 5a5371ea..b302a795 100644 --- a/docker-builds/base/Dockerfile +++ b/docker-builds/base/Dockerfile @@ -1,19 +1,111 @@ -FROM node:11.14.0-stretch AS build_stage +# FROM ubuntu:20.04 as nvm_base +FROM buildpack-deps:bullseye as nvm_base +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NVM_DIR /usr/local/nvm +ENV NODE_VERSION 11.14.0 +# SHELL ["/bin/bash", "--login", "-c"] + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + i386) ARCH='x86';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 4ED778F539E3634C779C87C6D7062848A1AB005C \ + 141F07595B7B3FFE74309A937405533BE57C7D57 \ + 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + 61FC681DFB92A079F1685E77973F295594EC4689 \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + ; do \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version + + +ENV YARN_VERSION 1.22.19 + +RUN set -ex \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version + +COPY docker-builds/base/docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +#hadolint ignore=DL3008 RUN apt-get update \ && apt-get upgrade -y \ - && apt-get install -yqq --no-install-recommends clojure \ + && apt-get install -yqq --no-install-recommends curl wget ca-certificates clojure git ssh leiningen python2 \ && apt-get clean \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* \ + && ln -s /usr/bin/python2 /usr/bin/python + RUN git config --global url."https://".insteadOf git:// -ADD https://raw.githubusercontent.com/technomancy/leiningen/stable/bin/lein /usr/bin/lein -RUN chmod +x /usr/bin/lein && lein version -RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts -RUN mkdir -p /root/.config/truffle/ \ - && npm install --global truffle@~5.4.0 npm-check-updates +# hadolint ignore=SC2174 +RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts +ENV PYTHON=/usr/bin/python +ENV npm_config_user=root +RUN npm config set user 0 && \ + npm config set unsafe-perm true && \ + npm install --global truffle@~5.4 + +CMD [ "node" ] + + +# ADD https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh /tmp/install.sh +# RUN mkdir -p /usr/local/nvm && chmod +x /tmp/install.sh && bash /tmp/install.sh \ +# && . $NVM_DIR/nvm.sh \ +# && nvm install $NODE_VERSION \ +# && nvm alias default $NODE_VERSION \ +# && nvm use default + +# ENV NODE_PATH $NVM_DIR/v$-NODE_VERSION/lib/node_modules +# ENV PATH $NVM_DIR/v$NODE_VERSION/bin:$PATH +# ENV PYTHON /usr/bin/python +# RUN mkdir -p ~/.config/truffle \ +# && . $NVM_DIR/nvm.sh \ +# && npm install --global --unsafe-perm truffle@~5.4.0 npm-check-updates yarn -WORKDIR /build -VOLUME [ "/root/.m2" ] -VOLUME [ "/build" ] -VOLUME [ "/build/node_modules" ] +# WORKDIR /build +# VOLUME [ "~/.m2" ] +# VOLUME [ "/build" ] +# VOLUME [ "/build/node_modules" ] diff --git a/docker-builds/base/docker-entrypoint.sh b/docker-builds/base/docker-entrypoint.sh new file mode 100644 index 00000000..c742827c --- /dev/null +++ b/docker-builds/base/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" \ No newline at end of file diff --git a/docker-builds/server/Dockerfile b/docker-builds/server/Dockerfile index 799b03ef..55db3419 100644 --- a/docker-builds/server/Dockerfile +++ b/docker-builds/server/Dockerfile @@ -1,17 +1,14 @@ -FROM node:11.14.0-stretch AS build_stage +FROM docker.io/library/memefactory_base:local AS build_stage + ARG BUILD_ENV=qa ENV BUILD_ENV=${BUILD_ENV} ENV MEMEFACTORY_ENV=${BUILD_ENV} +ENV PYTHON=/usr/bin/python +ENV npm_config_user=root ENV SMART_CONTRACTS=./src/memefactory/shared/smart_contracts_${BUILD_ENV}.cljs ENV SMART_CONTRACTS_BUILD_PATH=./resources/public/contracts/build/ -RUN git config --global url."https://".insteadOf git:// -RUN apt-get update && apt-get install -yqq --no-install-recommends clojure -ADD https://raw.githubusercontent.com/technomancy/leiningen/stable/bin/lein /usr/bin/lein -RUN chmod +x /usr/bin/lein -RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts RUN mkdir -p /root/.config/truffle/ -RUN npm install --global truffle@~5.4.0 COPY . /build/ WORKDIR /build @@ -22,31 +19,36 @@ RUN truffle compile RUN lein cljsbuild once "server" -FROM node:11.14.0-stretch-slim +# FROM node:11.14.0-stretch-slim +# # fix debian repos +# RUN echo "deb [trusted=yes] http://archive.debian.org/debian stretch main non-free contrib" > /etc/apt/sources.list && \ +# echo 'deb-src [trusted=yes] http://archive.debian.org/debian/ stretch main non-free contrib' >> /etc/apt/sources.list && \ +# echo 'deb [trusted=yes] http://archive.debian.org/debian-security/ stretch/updates main non-free contrib' >> /etc/apt/sources.list -ARG BUILD_ENV=qa +# ARG BUILD_ENV=qa -ENV BUILD_ENV=${BUILD_ENV} -ENV MEMEFACTORY_ENV=${BUILD_ENV} -ENV CONFIG /configs/meme.config.edn +# ENV BUILD_ENV=${BUILD_ENV} +# ENV MEMEFACTORY_ENV=${BUILD_ENV} +# ENV CONFIG /configs/meme.config.edn + +# WORKDIR /memefactory -WORKDIR /memefactory +# # # twitter-bot needs to be able to write here +# RUN mkdir /tmp/memefactory -# # twitter-bot needs to be able to write here -RUN mkdir /tmp/memefactory +# # Python dependencies +# RUN apt-get update && apt-get upgrade -yqq \ +# && apt-get install --no-install-recommends -yq python-pip python-setuptools \ +# && apt-get clean \ +# && rm -rf /var/lib/apt/lists/* -# Python dependencies -RUN apt-get update && apt-get upgrade -yqq \ - && apt-get install --no-install-recommends -yq python-pip python-setuptools \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* -RUN pip install --no-cache-dir cryptography base58 +# RUN pip install --no-cache-dir cryptography base58 -# get compiled JS -COPY --from=build_stage /build/server /memefactory/server -COPY --from=build_stage /build/node_modules /memefactory/node_modules -COPY --from=build_stage /build/resources /memefactory/resources +# # get compiled JS +# COPY --from=build_stage /build/server /memefactory/server +# COPY --from=build_stage /build/node_modules /memefactory/node_modules +# COPY --from=build_stage /build/resources /memefactory/resources -ENTRYPOINT ["node", "server/memefactory.js"] -CMD ["--max-old-space-size=2048"] +# ENTRYPOINT ["node", "server/memefactory.js"] +# CMD ["--max-old-space-size=2048"] From 323ff5fb421840a03b2f50fc479a260c803a61a4 Mon Sep 17 00:00:00 2001 From: sm47916 Date: Fri, 16 Jun 2023 11:03:13 +0200 Subject: [PATCH 2/8] update dockerfiles --- .dockerignore | 3 +- docker-builds/base/Dockerfile | 101 +++++++++++++------------------- docker-builds/server/Dockerfile | 44 ++++++-------- docker-builds/ui/Dockerfile | 12 +--- package.json | 4 +- 5 files changed, 65 insertions(+), 99 deletions(-) diff --git a/.dockerignore b/.dockerignore index d6c8f61e..34f4e003 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,4 +1,5 @@ -code -a memefa-a gimeme/senappusls./bui./dockpteleqagitignore dockerclonode# Logs +.git +Logs logs *.log npm-debug.log* diff --git a/docker-builds/base/Dockerfile b/docker-builds/base/Dockerfile index b302a795..40f0903e 100644 --- a/docker-builds/base/Dockerfile +++ b/docker-builds/base/Dockerfile @@ -1,39 +1,38 @@ # FROM ubuntu:20.04 as nvm_base -FROM buildpack-deps:bullseye as nvm_base - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node +# FROM buildpack-deps:bullseye as nvm_base +FROM buildpack-deps:20.04 as nvm_base ENV NVM_DIR /usr/local/nvm ENV NODE_VERSION 11.14.0 -# SHELL ["/bin/bash", "--login", "-c"] +ENV YARN_VERSION 1.22.19 +ENV PYTHON=/usr/bin/python +ENV npm_config_user=root + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ + amd64) ARCH='x64';; \ + arm64) ARCH='arm64';; \ + *) echo "unsupported architecture"; exit 1 ;; \ esac \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 141F07595B7B3FFE74309A937405533BE57C7D57 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ - 61FC681DFB92A079F1685E77973F295594EC4689 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + 4ED778F539E3634C779C87C6D7062848A1AB005C \ + 141F07595B7B3FFE74309A937405533BE57C7D57 \ + 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + 61FC681DFB92A079F1685E77973F295594EC4689 \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ ; do \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ @@ -42,19 +41,16 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ - # smoke tests && node --version \ && npm --version - -ENV YARN_VERSION 1.22.19 - +# hadolint ignore=SC2043 RUN set -ex \ && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ @@ -64,7 +60,6 @@ RUN set -ex \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - # smoke test && yarn --version COPY docker-builds/base/docker-entrypoint.sh /usr/local/bin/ @@ -72,40 +67,24 @@ ENTRYPOINT ["docker-entrypoint.sh"] #hadolint ignore=DL3008 RUN apt-get update \ - && apt-get upgrade -y \ - && apt-get install -yqq --no-install-recommends curl wget ca-certificates clojure git ssh leiningen python2 \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - && ln -s /usr/bin/python2 /usr/bin/python - + && apt-get upgrade -y \ + && apt-get install -yqq --no-install-recommends ca-certificates clojure git leiningen python2 \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + && ln -s /usr/bin/python2 /usr/bin/python RUN git config --global url."https://".insteadOf git:// +RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts # hadolint ignore=SC2174 -RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts -ENV PYTHON=/usr/bin/python -ENV npm_config_user=root RUN npm config set user 0 && \ - npm config set unsafe-perm true && \ - npm install --global truffle@~5.4 + npm config set unsafe-perm true && \ + npm install --global truffle@~5.4 -CMD [ "node" ] +WORKDIR /build +VOLUME [ "~/.m2" ] +VOLUME [ "/build" ] +VOLUME [ "/build/node_modules" ] +CMD [ "node" ] -# ADD https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh /tmp/install.sh -# RUN mkdir -p /usr/local/nvm && chmod +x /tmp/install.sh && bash /tmp/install.sh \ -# && . $NVM_DIR/nvm.sh \ -# && nvm install $NODE_VERSION \ -# && nvm alias default $NODE_VERSION \ -# && nvm use default - -# ENV NODE_PATH $NVM_DIR/v$-NODE_VERSION/lib/node_modules -# ENV PATH $NVM_DIR/v$NODE_VERSION/bin:$PATH -# ENV PYTHON /usr/bin/python -# RUN mkdir -p ~/.config/truffle \ -# && . $NVM_DIR/nvm.sh \ -# && npm install --global --unsafe-perm truffle@~5.4.0 npm-check-updates yarn -# WORKDIR /build -# VOLUME [ "~/.m2" ] -# VOLUME [ "/build" ] -# VOLUME [ "/build/node_modules" ] diff --git a/docker-builds/server/Dockerfile b/docker-builds/server/Dockerfile index 55db3419..9f15847e 100644 --- a/docker-builds/server/Dockerfile +++ b/docker-builds/server/Dockerfile @@ -1,6 +1,6 @@ -FROM docker.io/library/memefactory_base:local AS build_stage +FROM memefactory_base:local AS build_stage -ARG BUILD_ENV=qa +ARG BUILD_ENV=prod ENV BUILD_ENV=${BUILD_ENV} ENV MEMEFACTORY_ENV=${BUILD_ENV} ENV PYTHON=/usr/bin/python @@ -19,36 +19,30 @@ RUN truffle compile RUN lein cljsbuild once "server" -# FROM node:11.14.0-stretch-slim -# # fix debian repos -# RUN echo "deb [trusted=yes] http://archive.debian.org/debian stretch main non-free contrib" > /etc/apt/sources.list && \ -# echo 'deb-src [trusted=yes] http://archive.debian.org/debian/ stretch main non-free contrib' >> /etc/apt/sources.list && \ -# echo 'deb [trusted=yes] http://archive.debian.org/debian-security/ stretch/updates main non-free contrib' >> /etc/apt/sources.list +FROM memefactory_base:local -# ARG BUILD_ENV=qa +ARG BUILD_ENV=qa -# ENV BUILD_ENV=${BUILD_ENV} -# ENV MEMEFACTORY_ENV=${BUILD_ENV} -# ENV CONFIG /configs/meme.config.edn +ENV BUILD_ENV=${BUILD_ENV} +ENV MEMEFACTORY_ENV=${BUILD_ENV} +ENV CONFIG /configs/meme.config.edn # WORKDIR /memefactory # # # twitter-bot needs to be able to write here -# RUN mkdir /tmp/memefactory - -# # Python dependencies -# RUN apt-get update && apt-get upgrade -yqq \ -# && apt-get install --no-install-recommends -yq python-pip python-setuptools \ -# && apt-get clean \ -# && rm -rf /var/lib/apt/lists/* - +# Python dependencies +RUN apt-get update && apt-get upgrade -yqq \ + && apt-get install --no-install-recommends -yq python-pip python-setuptools \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + && mkdir -p /tmp/memefactory -# RUN pip install --no-cache-dir cryptography base58 +RUN pip2 install --no-cache-dir cryptography base58 # # get compiled JS -# COPY --from=build_stage /build/server /memefactory/server -# COPY --from=build_stage /build/node_modules /memefactory/node_modules -# COPY --from=build_stage /build/resources /memefactory/resources +COPY --from=build_stage /build/server /memefactory/server +COPY --from=build_stage /build/node_modules /memefactory/node_modules +COPY --from=build_stage /build/resources /memefactory/resources -# ENTRYPOINT ["node", "server/memefactory.js"] -# CMD ["--max-old-space-size=2048"] +ENTRYPOINT ["node", "server/memefactory.js"] +CMD ["--max-old-space-size=2048"] diff --git a/docker-builds/ui/Dockerfile b/docker-builds/ui/Dockerfile index 0377dc49..453a19a2 100644 --- a/docker-builds/ui/Dockerfile +++ b/docker-builds/ui/Dockerfile @@ -1,21 +1,13 @@ -FROM node:11.14.0-stretch AS build_stage +FROM memefactory_base:local AS build_stage + ARG BUILD_ENV=prod ENV BUILD_ENV=${BUILD_ENV} ENV MEMEFACTORY_ENV=${BUILD_ENV} ENV SMART_CONTRACTS=./src/memefactory/shared/smart_contracts_${BUILD_ENV}.cljs ENV SMART_CONTRACTS_BUILD_PATH=./resources/public/contracts/build/ -RUN git config --global url."https://".insteadOf git:// - -RUN apt-get update && apt-get install -yqq --no-install-recommends clojure -ADD https://raw.githubusercontent.com/technomancy/leiningen/stable/bin/lein /usr/bin/lein -RUN chmod +x /usr/bin/lein - -RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts -RUN mkdir -p /root/.config/truffle/ COPY . /build/ WORKDIR /build -RUN npm install --global truffle@~5.4.0 RUN lein garden once \ && lein deps \ diff --git a/package.json b/package.json index c78adae0..9d9f7eb3 100644 --- a/package.json +++ b/package.json @@ -8,8 +8,8 @@ "deps": "yarn install --ignore-engines" }, "dependencies": { - "@openzeppelin/contracts": "^4.3.3", - "@openzeppelin/contracts-upgradeable": "^4.3.3", + "@openzeppelin/contracts": "4.7.3", + "@openzeppelin/contracts-upgradeable": "4.7.3", "@sentry/node": "4.6.6", "@truffle/hdwallet-provider": "^1.7.0", "babel-polyfill": "^6.26.0", From e3c7df75e9da559bbf454a17868f0911ffc1fd0e Mon Sep 17 00:00:00 2001 From: sm47916 Date: Fri, 16 Jun 2023 11:12:56 +0200 Subject: [PATCH 3/8] merge nodjs build into resulting image --- docker-builds/base/Dockerfile | 2 - docker-builds/server/Dockerfile | 89 ++++++++++++++++++++++- docker-builds/server/docker-entrypoint.sh | 11 +++ docker-builds/ui/Dockerfile | 89 ++++++++++++++++++++++- docker-builds/ui/docker-entrypoint.sh | 11 +++ 5 files changed, 198 insertions(+), 4 deletions(-) create mode 100644 docker-builds/server/docker-entrypoint.sh create mode 100644 docker-builds/ui/docker-entrypoint.sh diff --git a/docker-builds/base/Dockerfile b/docker-builds/base/Dockerfile index 40f0903e..4ac76899 100644 --- a/docker-builds/base/Dockerfile +++ b/docker-builds/base/Dockerfile @@ -1,5 +1,3 @@ -# FROM ubuntu:20.04 as nvm_base -# FROM buildpack-deps:bullseye as nvm_base FROM buildpack-deps:20.04 as nvm_base ENV NVM_DIR /usr/local/nvm diff --git a/docker-builds/server/Dockerfile b/docker-builds/server/Dockerfile index 9f15847e..455e54bf 100644 --- a/docker-builds/server/Dockerfile +++ b/docker-builds/server/Dockerfile @@ -1,4 +1,91 @@ -FROM memefactory_base:local AS build_stage +FROM buildpack-deps:20.04 as nvm_base + +ENV NVM_DIR /usr/local/nvm +ENV NODE_VERSION 11.14.0 +ENV YARN_VERSION 1.22.19 +ENV PYTHON=/usr/bin/python +ENV npm_config_user=root + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + arm64) ARCH='arm64';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 4ED778F539E3634C779C87C6D7062848A1AB005C \ + 141F07595B7B3FFE74309A937405533BE57C7D57 \ + 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + 61FC681DFB92A079F1685E77973F295594EC4689 \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + ; do \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + && node --version \ + && npm --version + +# hadolint ignore=SC2043 +RUN set -ex \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && yarn --version + +COPY docker-builds/base/docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +#hadolint ignore=DL3008 +RUN apt-get update \ + && apt-get upgrade -y \ + && apt-get install -yqq --no-install-recommends ca-certificates clojure git leiningen python2 \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + && ln -s /usr/bin/python2 /usr/bin/python +RUN git config --global url."https://".insteadOf git:// +RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts + +# hadolint ignore=SC2174 +RUN npm config set user 0 && \ + npm config set unsafe-perm true && \ + npm install --global truffle@~5.4 + +WORKDIR /build +VOLUME [ "~/.m2" ] +VOLUME [ "/build" ] +VOLUME [ "/build/node_modules" ] + +CMD [ "node" ] + +FROM nvm_base AS build_stage ARG BUILD_ENV=prod ENV BUILD_ENV=${BUILD_ENV} diff --git a/docker-builds/server/docker-entrypoint.sh b/docker-builds/server/docker-entrypoint.sh new file mode 100644 index 00000000..c742827c --- /dev/null +++ b/docker-builds/server/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" \ No newline at end of file diff --git a/docker-builds/ui/Dockerfile b/docker-builds/ui/Dockerfile index 453a19a2..b1b0fcfa 100644 --- a/docker-builds/ui/Dockerfile +++ b/docker-builds/ui/Dockerfile @@ -1,4 +1,91 @@ -FROM memefactory_base:local AS build_stage +FROM buildpack-deps:20.04 as nvm_base + +ENV NVM_DIR /usr/local/nvm +ENV NODE_VERSION 11.14.0 +ENV YARN_VERSION 1.22.19 +ENV PYTHON=/usr/bin/python +ENV npm_config_user=root + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + arm64) ARCH='arm64';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 4ED778F539E3634C779C87C6D7062848A1AB005C \ + 141F07595B7B3FFE74309A937405533BE57C7D57 \ + 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + 61FC681DFB92A079F1685E77973F295594EC4689 \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + ; do \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + && node --version \ + && npm --version + +# hadolint ignore=SC2043 +RUN set -ex \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && yarn --version + +COPY docker-builds/base/docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +#hadolint ignore=DL3008 +RUN apt-get update \ + && apt-get upgrade -y \ + && apt-get install -yqq --no-install-recommends ca-certificates clojure git leiningen python2 \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + && ln -s /usr/bin/python2 /usr/bin/python +RUN git config --global url."https://".insteadOf git:// +RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts + +# hadolint ignore=SC2174 +RUN npm config set user 0 && \ + npm config set unsafe-perm true && \ + npm install --global truffle@~5.4 + +WORKDIR /build +VOLUME [ "~/.m2" ] +VOLUME [ "/build" ] +VOLUME [ "/build/node_modules" ] + +CMD [ "node" ] + +FROM nvm_base AS build_stage ARG BUILD_ENV=prod ENV BUILD_ENV=${BUILD_ENV} diff --git a/docker-builds/ui/docker-entrypoint.sh b/docker-builds/ui/docker-entrypoint.sh new file mode 100644 index 00000000..c742827c --- /dev/null +++ b/docker-builds/ui/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" \ No newline at end of file From 9c67f36d454f72d3acc1549d85bea9dd9490c81f Mon Sep 17 00:00:00 2001 From: sm47916 Date: Fri, 16 Jun 2023 11:19:57 +0200 Subject: [PATCH 4/8] fix docker image --- docker-builds/server/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-builds/server/Dockerfile b/docker-builds/server/Dockerfile index 455e54bf..264b118a 100644 --- a/docker-builds/server/Dockerfile +++ b/docker-builds/server/Dockerfile @@ -106,9 +106,9 @@ RUN truffle compile RUN lein cljsbuild once "server" -FROM memefactory_base:local +FROM nvm_base -ARG BUILD_ENV=qa +ARG BUILD_ENV=prod ENV BUILD_ENV=${BUILD_ENV} ENV MEMEFACTORY_ENV=${BUILD_ENV} From 8323556b96cec826749c0da6d0204109cd757ee2 Mon Sep 17 00:00:00 2001 From: sm47916 Date: Fri, 16 Jun 2023 13:11:39 +0200 Subject: [PATCH 5/8] Switch to ubuntu 22.04, add missing packages --- docker-builds/base/Dockerfile | 4 ++-- docker-builds/server/Dockerfile | 15 +++------------ docker-builds/ui/Dockerfile | 4 ++-- 3 files changed, 7 insertions(+), 16 deletions(-) diff --git a/docker-builds/base/Dockerfile b/docker-builds/base/Dockerfile index 4ac76899..c0a43db0 100644 --- a/docker-builds/base/Dockerfile +++ b/docker-builds/base/Dockerfile @@ -1,4 +1,4 @@ -FROM buildpack-deps:20.04 as nvm_base +FROM buildpack-deps:22.04 as nvm_base ENV NVM_DIR /usr/local/nvm ENV NODE_VERSION 11.14.0 @@ -66,7 +66,7 @@ ENTRYPOINT ["docker-entrypoint.sh"] #hadolint ignore=DL3008 RUN apt-get update \ && apt-get upgrade -y \ - && apt-get install -yqq --no-install-recommends ca-certificates clojure git leiningen python2 \ + && apt-get install -yqq --no-install-recommends ca-certificates clojure git leiningen python2 python-pip python2-dev \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* \ && ln -s /usr/bin/python2 /usr/bin/python diff --git a/docker-builds/server/Dockerfile b/docker-builds/server/Dockerfile index 264b118a..0f4668f3 100644 --- a/docker-builds/server/Dockerfile +++ b/docker-builds/server/Dockerfile @@ -1,4 +1,4 @@ -FROM buildpack-deps:20.04 as nvm_base +FROM buildpack-deps:22.04 as nvm_base ENV NVM_DIR /usr/local/nvm ENV NODE_VERSION 11.14.0 @@ -66,7 +66,7 @@ ENTRYPOINT ["docker-entrypoint.sh"] #hadolint ignore=DL3008 RUN apt-get update \ && apt-get upgrade -y \ - && apt-get install -yqq --no-install-recommends ca-certificates clojure git leiningen python2 \ + && apt-get install -yqq --no-install-recommends ca-certificates clojure git leiningen python2 python-pip python2-dev \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* \ && ln -s /usr/bin/python2 /usr/bin/python @@ -90,8 +90,6 @@ FROM nvm_base AS build_stage ARG BUILD_ENV=prod ENV BUILD_ENV=${BUILD_ENV} ENV MEMEFACTORY_ENV=${BUILD_ENV} -ENV PYTHON=/usr/bin/python -ENV npm_config_user=root ENV SMART_CONTRACTS=./src/memefactory/shared/smart_contracts_${BUILD_ENV}.cljs ENV SMART_CONTRACTS_BUILD_PATH=./resources/public/contracts/build/ @@ -116,15 +114,8 @@ ENV CONFIG /configs/meme.config.edn # WORKDIR /memefactory -# # # twitter-bot needs to be able to write here -# Python dependencies -RUN apt-get update && apt-get upgrade -yqq \ - && apt-get install --no-install-recommends -yq python-pip python-setuptools \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - && mkdir -p /tmp/memefactory - RUN pip2 install --no-cache-dir cryptography base58 +RUN mkdir /tmp/memefactory # # get compiled JS COPY --from=build_stage /build/server /memefactory/server diff --git a/docker-builds/ui/Dockerfile b/docker-builds/ui/Dockerfile index b1b0fcfa..b9886136 100644 --- a/docker-builds/ui/Dockerfile +++ b/docker-builds/ui/Dockerfile @@ -1,4 +1,4 @@ -FROM buildpack-deps:20.04 as nvm_base +FROM buildpack-deps:22.04 as nvm_base ENV NVM_DIR /usr/local/nvm ENV NODE_VERSION 11.14.0 @@ -66,7 +66,7 @@ ENTRYPOINT ["docker-entrypoint.sh"] #hadolint ignore=DL3008 RUN apt-get update \ && apt-get upgrade -y \ - && apt-get install -yqq --no-install-recommends ca-certificates clojure git leiningen python2 \ + && apt-get install -yqq --no-install-recommends ca-certificates clojure git leiningen python2 python-pip python2-dev \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* \ && ln -s /usr/bin/python2 /usr/bin/python From 68c28f248990fc000b4a76bde62e2081812fbfa1 Mon Sep 17 00:00:00 2001 From: sm47916 Date: Mon, 19 Jun 2023 12:01:07 +0200 Subject: [PATCH 6/8] Fix workdir in docker image --- docker-builds/server/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-builds/server/Dockerfile b/docker-builds/server/Dockerfile index 0f4668f3..29c50fb5 100644 --- a/docker-builds/server/Dockerfile +++ b/docker-builds/server/Dockerfile @@ -112,7 +112,6 @@ ENV BUILD_ENV=${BUILD_ENV} ENV MEMEFACTORY_ENV=${BUILD_ENV} ENV CONFIG /configs/meme.config.edn -# WORKDIR /memefactory RUN pip2 install --no-cache-dir cryptography base58 RUN mkdir /tmp/memefactory @@ -121,6 +120,7 @@ RUN mkdir /tmp/memefactory COPY --from=build_stage /build/server /memefactory/server COPY --from=build_stage /build/node_modules /memefactory/node_modules COPY --from=build_stage /build/resources /memefactory/resources +WORKDIR /memefactory ENTRYPOINT ["node", "server/memefactory.js"] CMD ["--max-old-space-size=2048"] From f31d792a392f04b7d543e8e26081bf94e6012777 Mon Sep 17 00:00:00 2001 From: sm47916 Date: Mon, 19 Jun 2023 13:50:54 +0200 Subject: [PATCH 7/8] Fix library version --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 9d9f7eb3..7f3bd83f 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "source-map-support": "0.5.21", "tar-fs": "2.1.1", "twitter": "1.7.1", - "web3": "^1.6.1", + "web3": "1.6.1", "web3-utils": "1.6.1", "ws": "4.1.0" }, From 7a43111fed51e75d625e20f1eaa051d9d53d6e6f Mon Sep 17 00:00:00 2001 From: sm47916 Date: Mon, 19 Jun 2023 13:55:29 +0200 Subject: [PATCH 8/8] comment out nodejs lint --- .github/workflows/ci-checks.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci-checks.yml b/.github/workflows/ci-checks.yml index 58ecdbcd..4dd50637 100644 --- a/.github/workflows/ci-checks.yml +++ b/.github/workflows/ci-checks.yml @@ -35,20 +35,20 @@ jobs: - name: Scan project uses: ShiftLeftSecurity/scan-action@master - nodejs-lint: - runs-on: ubuntu-latest - strategy: - matrix: - node-version: ["11.14.0"] - steps: - - uses: actions/checkout@v2 - - name: Lint code using Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 - with: - node-version: ${{ matrix.node-version }} - - run: npm i -g yarn - - run: yarn deps - - run: yarn lint + # nodejs-lint: + # runs-on: ubuntu-latest + # strategy: + # matrix: + # node-version: ["11.14.0"] + # steps: + # - uses: actions/checkout@v2 + # - name: Lint code using Node.js ${{ matrix.node-version }} + # uses: actions/setup-node@v1 + # with: + # node-version: ${{ matrix.node-version }} + # - run: npm i -g yarn + # - run: yarn deps + # - run: yarn lint docker_checks: runs-on: ubuntu-latest