-
Notifications
You must be signed in to change notification settings - Fork 4
/
Dockerfile
73 lines (54 loc) · 2.28 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
FROM node:14.18.1-alpine as builder
WORKDIR /opt/reporting-hub-bop-settlements-ui
ENV PATH /opt/reporting-hub-bop-settlements-ui/node_modules/.bin:$PATH
# Install build dependencies
RUN apk add --no-cache -t build-dependencies python3 git make gcc g++ libtool autoconf automake \
&& cd $(npm root -g)/npm \
&& npm config set unsafe-perm true \
&& npm install -g node-gyp
COPY package.json /opt/reporting-hub-bop-settlements-ui/
COPY yarn.lock /opt/reporting-hub-bop-settlements-ui/
RUN yarn --frozen-lockfile
COPY ./ /opt/reporting-hub-bop-settlements-ui/
# Adds the package version and commit hash
ARG REACT_APP_NAME
ENV REACT_APP_NAME=$REACT_APP_NAME
ARG REACT_APP_VERSION
ENV REACT_APP_VERSION=$REACT_APP_VERSION
ARG REACT_APP_COMMIT
ENV REACT_APP_COMMIT=$REACT_APP_COMMIT
# Build production application files
RUN yarn build
# Second part, create a config at boostrap via entrypoint and and serve it
FROM nginx:1.16.0-alpine
# Create user with uid 1001. Mojaloop helm templates default to uid 1001 for
# running containers as non-root for better security
RUN addgroup -g 1001 appuser && \
adduser -S -u 1001 -g appuser appuser
# Give user permission to clean up ngnix configuration files
RUN chown -R appuser:appuser /etc/nginx
WORKDIR /usr/share/nginx/html
# Copy build over from builder
COPY --from=builder /opt/reporting-hub-bop-settlements-ui/dist/ /usr/share/nginx/html
# Remove nginx config
RUN rm /etc/nginx/conf.d/default.conf /etc/nginx/nginx.conf
# Copy over local config and script
COPY nginx/nginx.conf /etc/nginx/nginx.conf
COPY nginx/start.sh /usr/share/nginx/start.sh
# Copy over scripts that enable runtime configuration
COPY docker/entrypoint.sh /usr/share/nginx/html/entrypoint.sh
COPY docker/loadRuntimeConfig.sh /usr/share/nginx/html/loadRuntimeConfig.sh
# Give appuser permissions to nginx
RUN chown -R appuser:appuser \
/usr/share/nginx \
/var/cache/nginx \
/var/run/
# Make scripts executable
RUN chmod +x /usr/share/nginx/html/entrypoint.sh
RUN chmod +x /usr/share/nginx/html/loadRuntimeConfig.sh
USER appuser
EXPOSE 8083
ENTRYPOINT ["/usr/share/nginx/html/entrypoint.sh"]
CMD ["sh", "/usr/share/nginx/start.sh"]
# TODO: Need to add 8083 to image-scan whitelist
# Investigate Feed data unavailable, cannot perform CVE scan for distro: alpine:3.14.2