From 210a0d3b83b1b739d7d2a63c40df592ce07b05f0 Mon Sep 17 00:00:00 2001 From: Chris Date: Fri, 25 Oct 2024 23:38:08 +0200 Subject: [PATCH 1/8] Removed VOLUME see issue 777. Added dockerfile linting --- .github/workflows/dockerfile-hadolint.yml | 30 +++++++++++++++++++ docker/.config/hadolint.yml | 3 ++ docker/CONTRIBUTING.md | 18 +++++++++++ docker/alpine/Dockerfile.build | 12 ++++---- docker/debian-bookworm/Dockerfile.build | 4 +-- docker/debian-bullseye/Dockerfile.build | 4 +-- docker/debian-buster/Dockerfile.build | 4 +-- docker/debian-buster/selfcontained/Dockerfile | 8 ++--- 8 files changed, 63 insertions(+), 20 deletions(-) create mode 100644 .github/workflows/dockerfile-hadolint.yml create mode 100644 docker/.config/hadolint.yml create mode 100644 docker/CONTRIBUTING.md diff --git a/.github/workflows/dockerfile-hadolint.yml b/.github/workflows/dockerfile-hadolint.yml new file mode 100644 index 000000000..b43458498 --- /dev/null +++ b/.github/workflows/dockerfile-hadolint.yml @@ -0,0 +1,30 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# GitHub recommends pinning actions to a commit SHA. +# To get a newer version, you will need to update the SHA. +# You can also reference a tag or branch, but the action may change without warning. + +name: Lint Dockerfile + +on: + push: + branches: + - '**' +jobs: + dockerfile_linting: + name: Dockerfile linting + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: | + ./docker/alpine/Dockerfile.build + ./docker/debian-bookworm/Dockerfile.build + ./docker/debian-bullseye/Dockerfile.build + ./docker/debian-buster/Dockerfile.build + ./docker/debian-buster/selfcontained/Dockerfile + config: ./docker/.config/hadolint.yml \ No newline at end of file diff --git a/docker/.config/hadolint.yml b/docker/.config/hadolint.yml new file mode 100644 index 000000000..c5f966d15 --- /dev/null +++ b/docker/.config/hadolint.yml @@ -0,0 +1,3 @@ +ignored: + - DL3008 + - DL3018 \ No newline at end of file diff --git a/docker/CONTRIBUTING.md b/docker/CONTRIBUTING.md new file mode 100644 index 000000000..755b6b41a --- /dev/null +++ b/docker/CONTRIBUTING.md @@ -0,0 +1,18 @@ +# PiGallery2 Docker Contribution guide (draft) + +Remember to update all the Dockerfiles. + +## Linting +To quality check your dockerfile changes you can use hadolint: + +1. Start the docker daemon if it's not already started: `sudo dockerd` +2. Change dir to the docker folder. +3. Run hadolint on the alpine dockerfile: `docker run --rm -i -v ./.config/hadolint.yml:/.config/hadolint.yaml hadolint/hadolint < ./alpine/Dockerfile.build` +4. Run hadolint on the debian-bookworm dockerfile: `docker run --rm -i -v ./.config/hadolint.yml:/.config/hadolint.yaml hadolint/hadolint < ./debian-bookworm/Dockerfile.build` +5. Run hadolint on the debian-bullseye dockerfile: `docker run --rm -i -v ./.config/hadolint.yml:/.config/hadolint.yaml hadolint/hadolint < ./debian-bullseye/Dockerfile.build` +6. Run hadolint on the debian-buster dockerfile: `docker run --rm -i -v ./.config/hadolint.yml:/.config/hadolint.yaml hadolint/hadolint < ./debian-buster/Dockerfile.build` +7. Run hadolint on the debian-buster selfcontained dockerfile: `docker run --rm -i -v ./.config/hadolint.yml:/.config/hadolint.yaml hadolint/hadolint < ./debian-buster/selfcontained/Dockerfile` +8. Fix errors and warnings or add them to ignore list of the [hadolint configuration file](./.config/hadolint.yml) if there is a good reason for that. Read more [here](https://github.com/hadolint/hadolint). + +### Building the docker image locally +TBD \ No newline at end of file diff --git a/docker/alpine/Dockerfile.build b/docker/alpine/Dockerfile.build index aa3c82b2a..a69375af5 100644 --- a/docker/alpine/Dockerfile.build +++ b/docker/alpine/Dockerfile.build @@ -1,8 +1,9 @@ #-----------------BUILDER----------------- #----------------------------------------- FROM node:18-alpine3.17 AS builder -RUN apk add --update-cache --repository https://alpine.global.ssl.fastly.net/alpine/v3.17/community/ \ - python3 build-base sqlite-dev sqlite-libs vips-dev vips-heif fftw-dev gcc g++ make libc6-compat && ln -snf /usr/bin/python3 /usr/bin/python +RUN apk add --no-cache --repository https://alpine.global.ssl.fastly.net/alpine/v3.17/community/ \ + python3 build-base sqlite-dev sqlite-libs vips-dev vips-heif fftw-dev gcc g++ make libc6-compat && ln -snf /usr/bin/python3 /usr/bin/python && \ + rm /var/cache/apk/* COPY pigallery2-release /app WORKDIR /app RUN npm install --unsafe-perm --fetch-timeout=90000 @@ -26,10 +27,10 @@ ENV NODE_ENV=production \ PI_DOCKER=true EXPOSE 80 -RUN apk add --update-cache --repository https://alpine.global.ssl.fastly.net/alpine/v3.17/community/ \ - vips vips-cpp vips-heif ffmpeg +RUN apk add --no-cache --repository https://alpine.global.ssl.fastly.net/alpine/v3.17/community/ \ + vips vips-cpp vips-heif ffmpeg && \ + rm /var/cache/apk/* COPY --from=builder /app /app -VOLUME ["/app/data/config", "/app/data/db", "/app/data/images", "/app/data/tmp"] # Run build time diagnostics to make sure the app would work after build is finished RUN ["node", "./src/backend/index", "--expose-gc", "--run-diagnostics", "--config-path=/app/diagnostics-config.json"] @@ -40,4 +41,3 @@ HEALTHCHECK --interval=40s --timeout=30s --retries=3 --start-period=60s \ # after a extensive job (like video converting), pigallery calls gc, to clean up everthing as fast as possible # Exec form entrypoint is need otherwise (using shell form) ENV variables are not properly passed down to the app ENTRYPOINT ["node", "./src/backend/index", "--expose-gc", "--config-path=/app/data/config/config.json"] - diff --git a/docker/debian-bookworm/Dockerfile.build b/docker/debian-bookworm/Dockerfile.build index 01cd7b244..31a49367e 100644 --- a/docker/debian-bookworm/Dockerfile.build +++ b/docker/debian-bookworm/Dockerfile.build @@ -1,7 +1,7 @@ #-----------------BUILDER----------------- #----------------------------------------- FROM node:18.19-bookworm AS builder -RUN apt update && apt install -y --no-install-recommends libvips-dev python3 +RUN apt-get update && apt-get install -y --no-install-recommends libvips-dev python3 COPY pigallery2-release /app WORKDIR /app RUN npm install --unsafe-perm --fetch-timeout=90000 @@ -30,7 +30,6 @@ RUN apt-get update \ && apt-get clean -q -y \ && rm -rf /var/lib/apt/lists/* COPY --from=builder /app /app -VOLUME ["/app/data/config", "/app/data/db", "/app/data/images", "/app/data/tmp"] # Run build time diagnostics to make sure the app would work after build is finished RUN ["node", "./src/backend/index", "--expose-gc", "--run-diagnostics", "--config-path=/app/diagnostics-config.json"] @@ -41,4 +40,3 @@ HEALTHCHECK --interval=40s --timeout=30s --retries=3 --start-period=60s \ # after a extensive job (like video converting), pigallery calls gc, to clean up everthing as fast as possible # Exec form entrypoint is need otherwise (using shell form) ENV variables are not properly passed down to the app ENTRYPOINT ["node", "./src/backend/index", "--expose-gc", "--config-path=/app/data/config/config.json"] - diff --git a/docker/debian-bullseye/Dockerfile.build b/docker/debian-bullseye/Dockerfile.build index e8c809ad8..e408bb677 100644 --- a/docker/debian-bullseye/Dockerfile.build +++ b/docker/debian-bullseye/Dockerfile.build @@ -1,7 +1,7 @@ #-----------------BUILDER----------------- #----------------------------------------- FROM node:18.19-bullseye AS builder -RUN apt update && apt install -y --no-install-recommends libvips-dev python3 +RUN apt-get update && apt-get install -y --no-install-recommends libvips-dev python3 COPY pigallery2-release /app WORKDIR /app RUN npm install --unsafe-perm --fetch-timeout=90000 @@ -30,7 +30,6 @@ RUN apt-get update \ && apt-get clean -q -y \ && rm -rf /var/lib/apt/lists/* COPY --from=builder /app /app -VOLUME ["/app/data/config", "/app/data/db", "/app/data/images", "/app/data/tmp"] # Run build time diagnostics to make sure the app would work after build is finished RUN ["node", "./src/backend/index", "--expose-gc", "--run-diagnostics", "--config-path=/app/diagnostics-config.json"] @@ -41,4 +40,3 @@ HEALTHCHECK --interval=40s --timeout=30s --retries=3 --start-period=60s \ # after a extensive job (like video converting), pigallery calls gc, to clean up everthing as fast as possible # Exec form entrypoint is need otherwise (using shell form) ENV variables are not properly passed down to the app ENTRYPOINT ["node", "./src/backend/index", "--expose-gc", "--config-path=/app/data/config/config.json"] - diff --git a/docker/debian-buster/Dockerfile.build b/docker/debian-buster/Dockerfile.build index 2c92a4bb3..9319338ab 100644 --- a/docker/debian-buster/Dockerfile.build +++ b/docker/debian-buster/Dockerfile.build @@ -1,7 +1,7 @@ #-----------------BUILDER----------------- #----------------------------------------- FROM node:18.19-buster AS builder -RUN apt update && apt install -y --no-install-recommends libvips-dev python3 +RUN apt-get update && apt-get install -y --no-install-recommends libvips-dev python3 COPY pigallery2-release /app WORKDIR /app RUN npm install --unsafe-perm --fetch-timeout=90000 @@ -30,7 +30,6 @@ RUN apt-get update \ && apt-get clean -q -y \ && rm -rf /var/lib/apt/lists/* COPY --from=builder /app /app -VOLUME ["/app/data/config", "/app/data/db", "/app/data/images", "/app/data/tmp"] # Run build time diagnostics to make sure the app would work after build is finished RUN ["node", "./src/backend/index", "--expose-gc", "--run-diagnostics", "--config-path=/app/diagnostics-config.json"] @@ -41,4 +40,3 @@ HEALTHCHECK --interval=40s --timeout=30s --retries=3 --start-period=60s \ # after a extensive job (like video converting), pigallery calls gc, to clean up everthing as fast as possible # Exec form entrypoint is need otherwise (using shell form) ENV variables are not properly passed down to the app ENTRYPOINT ["node", "./src/backend/index", "--expose-gc", "--config-path=/app/data/config/config.json"] - diff --git a/docker/debian-buster/selfcontained/Dockerfile b/docker/debian-buster/selfcontained/Dockerfile index 9ce203700..9dca4a152 100644 --- a/docker/debian-buster/selfcontained/Dockerfile +++ b/docker/debian-buster/selfcontained/Dockerfile @@ -10,9 +10,9 @@ RUN npm install --unsafe-perm \ && mkdir -p /build/release/data/db \ && mkdir -p /build/release/data/images \ && mkdir -p /build/release/data/tmp \ - && npm run create-release \ - && cd /build/release \ - && npm install --unsafe-perm + && npm run create-release +WORKDIR /build/release +RUN npm install --unsafe-perm #-----------------MAIN-------------------- #----------------------------------------- @@ -33,7 +33,6 @@ RUN apt-get update \ && apt-get clean -q -y \ && rm -rf /var/lib/apt/lists/* COPY --from=builder /build/release /app -VOLUME ["/app/data/config", "/app/data/db", "/app/data/images", "/app/data/tmp"] # Run build time diagnostics to make sure the app would work after build is finished RUN ["node", "./src/backend/index", "--expose-gc", "--run-diagnostics", "--config-path=/app/diagnostics-config.json"] @@ -44,4 +43,3 @@ HEALTHCHECK --interval=40s --timeout=30s --retries=3 --start-period=60s \ # after a extensive job (like video converting), pigallery calls gc, to clean up everthing as fast as possible # Exec form entrypoint is need otherwise (using shell form) ENV variables are not properly passed down to the app ENTRYPOINT ["node", "./src/backend/index", "--expose-gc", "--config-path=/app/data/config/config.json"] - From 7c86a6680182310eb9d0917842451acc281645a0 Mon Sep 17 00:00:00 2001 From: Chris Date: Fri, 25 Oct 2024 23:45:44 +0200 Subject: [PATCH 2/8] debugging hadolint --- .github/workflows/dockerfile-hadolint.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dockerfile-hadolint.yml b/.github/workflows/dockerfile-hadolint.yml index b43458498..7d2e5621a 100644 --- a/.github/workflows/dockerfile-hadolint.yml +++ b/.github/workflows/dockerfile-hadolint.yml @@ -19,12 +19,11 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: List Docker directory contents + run: ls -R ./docker - uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: | ./docker/alpine/Dockerfile.build ./docker/debian-bookworm/Dockerfile.build - ./docker/debian-bullseye/Dockerfile.build - ./docker/debian-buster/Dockerfile.build - ./docker/debian-buster/selfcontained/Dockerfile config: ./docker/.config/hadolint.yml \ No newline at end of file From 512725189bb3da9e826383d6cdbde56155d31073 Mon Sep 17 00:00:00 2001 From: Chris Date: Fri, 25 Oct 2024 23:47:48 +0200 Subject: [PATCH 3/8] another debugging test --- .github/workflows/dockerfile-hadolint.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/dockerfile-hadolint.yml b/.github/workflows/dockerfile-hadolint.yml index 7d2e5621a..d1b5ceb2e 100644 --- a/.github/workflows/dockerfile-hadolint.yml +++ b/.github/workflows/dockerfile-hadolint.yml @@ -23,7 +23,5 @@ jobs: run: ls -R ./docker - uses: hadolint/hadolint-action@v3.1.0 with: - dockerfile: | - ./docker/alpine/Dockerfile.build - ./docker/debian-bookworm/Dockerfile.build + dockerfile: ./docker/alpine/Dockerfile.build config: ./docker/.config/hadolint.yml \ No newline at end of file From 526eb940f41df1e2089db0bfd2a9d66445112efb Mon Sep 17 00:00:00 2001 From: Chris Date: Fri, 25 Oct 2024 23:51:53 +0200 Subject: [PATCH 4/8] Should lint all dockerfiles correctly --- .github/workflows/dockerfile-hadolint.yml | 28 +++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dockerfile-hadolint.yml b/.github/workflows/dockerfile-hadolint.yml index d1b5ceb2e..cc9a2fe25 100644 --- a/.github/workflows/dockerfile-hadolint.yml +++ b/.github/workflows/dockerfile-hadolint.yml @@ -7,21 +7,41 @@ # To get a newer version, you will need to update the SHA. # You can also reference a tag or branch, but the action may change without warning. -name: Lint Dockerfile +name: Lint Dockerfiles on: push: branches: - '**' + jobs: dockerfile_linting: name: Dockerfile linting runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: List Docker directory contents - run: ls -R ./docker - - uses: hadolint/hadolint-action@v3.1.0 + - name: Lint Alpine Dockerfile + uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ./docker/alpine/Dockerfile.build + config: ./docker/.config/hadolint.yml + - name: Lint Debian Bookworm Dockerfile + uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: ./docker/debian-bookworm/Dockerfile.build + config: ./docker/.config/hadolint.yml + - name: Lint Debian Bullseye Dockerfile + uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: ./docker/debian-bullseye/Dockerfile.build + config: ./docker/.config/hadolint.yml + - name: Lint Debian Buster Dockerfile + uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: ./docker/debian-buster/Dockerfile.build + config: ./docker/.config/hadolint.yml + - name: Lint Debian Buster Self-contained Dockerfile + uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: ./docker/debian-buster/selfcontained/Dockerfile config: ./docker/.config/hadolint.yml \ No newline at end of file From b7c2c36c16f75ed2a218c4bbae5b08ac0ee411d7 Mon Sep 17 00:00:00 2001 From: Chris Date: Sat, 26 Oct 2024 00:04:30 +0200 Subject: [PATCH 5/8] updated linting and docker files --- .github/workflows/dockerfile-hadolint.yml | 9 ++------- docker/CONTRIBUTING.md | 3 +-- docker/alpine/Dockerfile.build | 4 ++-- docker/debian-bookworm/Dockerfile.build | 2 +- docker/debian-bullseye/Dockerfile.build | 2 +- 5 files changed, 7 insertions(+), 13 deletions(-) diff --git a/.github/workflows/dockerfile-hadolint.yml b/.github/workflows/dockerfile-hadolint.yml index cc9a2fe25..0783a84e1 100644 --- a/.github/workflows/dockerfile-hadolint.yml +++ b/.github/workflows/dockerfile-hadolint.yml @@ -35,13 +35,8 @@ jobs: with: dockerfile: ./docker/debian-bullseye/Dockerfile.build config: ./docker/.config/hadolint.yml - - name: Lint Debian Buster Dockerfile + - name: Lint Debian Bullseye Self-contained Dockerfile uses: hadolint/hadolint-action@v3.1.0 with: - dockerfile: ./docker/debian-buster/Dockerfile.build - config: ./docker/.config/hadolint.yml - - name: Lint Debian Buster Self-contained Dockerfile - uses: hadolint/hadolint-action@v3.1.0 - with: - dockerfile: ./docker/debian-buster/selfcontained/Dockerfile + dockerfile: ./docker/debian-bullseye/selfcontained/Dockerfile config: ./docker/.config/hadolint.yml \ No newline at end of file diff --git a/docker/CONTRIBUTING.md b/docker/CONTRIBUTING.md index 755b6b41a..40ffe365d 100644 --- a/docker/CONTRIBUTING.md +++ b/docker/CONTRIBUTING.md @@ -10,8 +10,7 @@ To quality check your dockerfile changes you can use hadolint: 3. Run hadolint on the alpine dockerfile: `docker run --rm -i -v ./.config/hadolint.yml:/.config/hadolint.yaml hadolint/hadolint < ./alpine/Dockerfile.build` 4. Run hadolint on the debian-bookworm dockerfile: `docker run --rm -i -v ./.config/hadolint.yml:/.config/hadolint.yaml hadolint/hadolint < ./debian-bookworm/Dockerfile.build` 5. Run hadolint on the debian-bullseye dockerfile: `docker run --rm -i -v ./.config/hadolint.yml:/.config/hadolint.yaml hadolint/hadolint < ./debian-bullseye/Dockerfile.build` -6. Run hadolint on the debian-buster dockerfile: `docker run --rm -i -v ./.config/hadolint.yml:/.config/hadolint.yaml hadolint/hadolint < ./debian-buster/Dockerfile.build` -7. Run hadolint on the debian-buster selfcontained dockerfile: `docker run --rm -i -v ./.config/hadolint.yml:/.config/hadolint.yaml hadolint/hadolint < ./debian-buster/selfcontained/Dockerfile` +7. Run hadolint on the debian-bullseye selfcontained dockerfile: `docker run --rm -i -v ./.config/hadolint.yml:/.config/hadolint.yaml hadolint/hadolint < ./debian-bullseye/selfcontained/Dockerfile` 8. Fix errors and warnings or add them to ignore list of the [hadolint configuration file](./.config/hadolint.yml) if there is a good reason for that. Read more [here](https://github.com/hadolint/hadolint). ### Building the docker image locally diff --git a/docker/alpine/Dockerfile.build b/docker/alpine/Dockerfile.build index ce77f9e34..717f48ca0 100644 --- a/docker/alpine/Dockerfile.build +++ b/docker/alpine/Dockerfile.build @@ -1,7 +1,7 @@ #-----------------BUILDER----------------- #----------------------------------------- FROM node:18-alpine3.17 AS builder -RUN apk add --update-cache --repository https://alpine.global.ssl.fastly.net/alpine/v3.17/community/ \ +RUN apk add --no-cache --repository https://alpine.global.ssl.fastly.net/alpine/v3.17/community/ \ python3 build-base sqlite-dev sqlite-libs imagemagick-dev libraw-dev vips-dev vips-heif vips-magick fftw-dev gcc g++ make libc6-compat && ln -snf /usr/bin/python3 /usr/bin/python COPY pigallery2-release /app WORKDIR /app @@ -26,7 +26,7 @@ ENV NODE_ENV=production \ PI_DOCKER=true EXPOSE 80 -RUN apk add --update-cache --repository https://alpine.global.ssl.fastly.net/alpine/v3.17/community/ \ +RUN apk add --no-cache --repository https://alpine.global.ssl.fastly.net/alpine/v3.17/community/ \ vips vips-cpp vips-heif vips-magick ffmpeg COPY --from=builder /app /app diff --git a/docker/debian-bookworm/Dockerfile.build b/docker/debian-bookworm/Dockerfile.build index 49ba52d2b..9644ea903 100644 --- a/docker/debian-bookworm/Dockerfile.build +++ b/docker/debian-bookworm/Dockerfile.build @@ -1,7 +1,7 @@ #-----------------BUILDER----------------- #----------------------------------------- FROM node:18-bookworm AS builder -RUN apt update && apt install -y --no-install-recommends libvips-dev python3 +RUN apt-get update && apt-get install -y --no-install-recommends libvips-dev python3 COPY pigallery2-release /app WORKDIR /app RUN npm install --unsafe-perm --fetch-timeout=90000 diff --git a/docker/debian-bullseye/Dockerfile.build b/docker/debian-bullseye/Dockerfile.build index 4afefa2da..ac8a62767 100644 --- a/docker/debian-bullseye/Dockerfile.build +++ b/docker/debian-bullseye/Dockerfile.build @@ -1,7 +1,7 @@ #-----------------BUILDER----------------- #----------------------------------------- FROM node:18-bullseye AS builder -RUN apt update && apt install -y --no-install-recommends libvips-dev python3 +RUN apt-get update && apt-get install -y --no-install-recommends libvips-dev python3 COPY pigallery2-release /app WORKDIR /app RUN npm install --unsafe-perm --fetch-timeout=90000 From 8eb02f536a768beb55f6e5a0c595ddbe8bd8897a Mon Sep 17 00:00:00 2001 From: Chris Date: Sat, 26 Oct 2024 00:08:55 +0200 Subject: [PATCH 6/8] followed the recommendation for hadolint DL3019 --- docker/alpine/Dockerfile.build | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker/alpine/Dockerfile.build b/docker/alpine/Dockerfile.build index 717f48ca0..16024b5ec 100644 --- a/docker/alpine/Dockerfile.build +++ b/docker/alpine/Dockerfile.build @@ -4,6 +4,7 @@ FROM node:18-alpine3.17 AS builder RUN apk add --no-cache --repository https://alpine.global.ssl.fastly.net/alpine/v3.17/community/ \ python3 build-base sqlite-dev sqlite-libs imagemagick-dev libraw-dev vips-dev vips-heif vips-magick fftw-dev gcc g++ make libc6-compat && ln -snf /usr/bin/python3 /usr/bin/python COPY pigallery2-release /app +RUN rm /var/cache/apk/* WORKDIR /app RUN npm install --unsafe-perm --fetch-timeout=90000 RUN mkdir -p /app/data/config && \ @@ -29,6 +30,7 @@ EXPOSE 80 RUN apk add --no-cache --repository https://alpine.global.ssl.fastly.net/alpine/v3.17/community/ \ vips vips-cpp vips-heif vips-magick ffmpeg COPY --from=builder /app /app +RUN rm /var/cache/apk/* # Run build time diagnostics to make sure the app would work after build is finished RUN ["node", "./src/backend/index", "--expose-gc", "--run-diagnostics", "--config-path=/app/diagnostics-config.json", "--Server-Log-level=silly"] From bbae975128a0867b4a661aba790f462eb4b75c46 Mon Sep 17 00:00:00 2001 From: Chris Date: Sat, 26 Oct 2024 00:10:33 +0200 Subject: [PATCH 7/8] again a fix for linting --- docker/alpine/Dockerfile.build | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docker/alpine/Dockerfile.build b/docker/alpine/Dockerfile.build index 16024b5ec..169b13e94 100644 --- a/docker/alpine/Dockerfile.build +++ b/docker/alpine/Dockerfile.build @@ -2,9 +2,9 @@ #----------------------------------------- FROM node:18-alpine3.17 AS builder RUN apk add --no-cache --repository https://alpine.global.ssl.fastly.net/alpine/v3.17/community/ \ - python3 build-base sqlite-dev sqlite-libs imagemagick-dev libraw-dev vips-dev vips-heif vips-magick fftw-dev gcc g++ make libc6-compat && ln -snf /usr/bin/python3 /usr/bin/python -COPY pigallery2-release /app -RUN rm /var/cache/apk/* + python3 build-base sqlite-dev sqlite-libs imagemagick-dev libraw-dev vips-dev vips-heif vips-magick fftw-dev gcc g++ make libc6-compat && ln -snf /usr/bin/python3 /usr/bin/python && \ + rm /var/cache/apk/* + COPY pigallery2-release /app WORKDIR /app RUN npm install --unsafe-perm --fetch-timeout=90000 RUN mkdir -p /app/data/config && \ @@ -28,9 +28,9 @@ ENV NODE_ENV=production \ EXPOSE 80 RUN apk add --no-cache --repository https://alpine.global.ssl.fastly.net/alpine/v3.17/community/ \ - vips vips-cpp vips-heif vips-magick ffmpeg + vips vips-cpp vips-heif vips-magick ffmpeg && \ + rm /var/cache/apk/* COPY --from=builder /app /app -RUN rm /var/cache/apk/* # Run build time diagnostics to make sure the app would work after build is finished RUN ["node", "./src/backend/index", "--expose-gc", "--run-diagnostics", "--config-path=/app/diagnostics-config.json", "--Server-Log-level=silly"] From 74ee2f9986fc252a31f95db116de319cb0e9a822 Mon Sep 17 00:00:00 2001 From: Chris Date: Sat, 26 Oct 2024 00:12:34 +0200 Subject: [PATCH 8/8] accidental indent of COPY command --- docker/alpine/Dockerfile.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/alpine/Dockerfile.build b/docker/alpine/Dockerfile.build index 169b13e94..41d00e8f1 100644 --- a/docker/alpine/Dockerfile.build +++ b/docker/alpine/Dockerfile.build @@ -4,7 +4,7 @@ FROM node:18-alpine3.17 AS builder RUN apk add --no-cache --repository https://alpine.global.ssl.fastly.net/alpine/v3.17/community/ \ python3 build-base sqlite-dev sqlite-libs imagemagick-dev libraw-dev vips-dev vips-heif vips-magick fftw-dev gcc g++ make libc6-compat && ln -snf /usr/bin/python3 /usr/bin/python && \ rm /var/cache/apk/* - COPY pigallery2-release /app +COPY pigallery2-release /app WORKDIR /app RUN npm install --unsafe-perm --fetch-timeout=90000 RUN mkdir -p /app/data/config && \