cubetiq/calpine-node
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: cubetiq:main
Branches Tags
cubetiq:master cubetiq:main cubetiq:v14 cubetiq:v16
..
compare: cubetiq:v14
Branches Tags
cubetiq:main cubetiq:v14 cubetiq:v16 cubetiq:master

1 Commits
main ... v14

Author SHA1 Message Date
Sambo Chea
daef0ef378 Removed default image tag for version 14 2021-12-23 09:30:04 +07:00
13 changed files with 112 additions and 327 deletions
Expand all files Collapse all files

60
.github/workflows/codacy.yml vendored
View File

@@ -1,60 +0,0 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow checks out code, performs a Codacy security scan
# and integrates the results with the
# GitHub Advanced Security code scanning feature. For more information on
# the Codacy security scan action usage and parameters, see
# https://github.com/codacy/codacy-analysis-cli-action.
# For more information on Codacy Analysis CLI in general, see
# https://github.com/codacy/codacy-analysis-cli.
name: Codacy Security Scan
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '44 1 * * 2'
permissions:
contents: read
jobs:
codacy-security-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Codacy Security Scan
runs-on: ubuntu-latest
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout code
uses: actions/checkout@v3
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
- name: Run Codacy Analysis CLI
uses: codacy/codacy-analysis-cli-action@db33ad5cfab49143adf0db6e890cf4bb9fb37b1c
with:
# Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
# You can also omit the token and run the tools that support default configurations
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
verbose: true
output: results.sarif
format: sarif
# Adjust severity of non-security issues
gh-code-scanning-compat: true
# Force 0 exit code to allow SARIF file generation
# This will handover control about PR rejection to the GitHub side
max-allowed-issues: 2147483647
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif

6
.github/workflows/docker-publish.yml vendored
View File

@@ -10,16 +10,16 @@ jobs:
steps:
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v2
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_SECRET }}
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v2
-
name: Build and Push from Makefile
run: |

48
.github/workflows/snyk-container.yml vendored
View File

@@ -1,48 +0,0 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# A sample workflow which checks out the code, builds a container
# image using Docker and scans that image for vulnerabilities using
# Snyk. The results are then uploaded to GitHub Security Code Scanning
#
# For more examples, including how to limit scans to only high-severity
# issues, monitor images for newly disclosed vulnerabilities in Snyk and
# fail PR checks for new vulnerabilities, see https://github.com/snyk/actions/
name: Snyk Container
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '19 16 * * 0'
jobs:
snyk:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Build a Docker image
run: docker build -t your/image-to-test .
- name: Run Snyk to check Docker image for vulnerabilities
# Snyk can be used to break the build when it detects vulnerabilities.
# In this case we want to upload the issues to GitHub Code Scanning
continue-on-error: true
uses: snyk/actions/docker@806182742461562b67788a64410098c9d9b96adb
env:
# In order to use the Snyk Action you will need to have a Snyk API token.
# More details in https://github.com/snyk/actions#getting-your-snyk-token
# or you can signup for free at https://snyk.io/login
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: your/image-to-test
args: --file=Dockerfile
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif

1
.gitignore vendored
View File

@@ -1 +0,0 @@
.vscode/

108
Dockerfile
View File

@@ -1,21 +1,103 @@
FROM cubetiq/calpine-node:slim
FROM cubetiq/calpine-os-linux:latest
LABEL maintainer="sombochea@cubetiqs.com"
# Install PNPM
RUN npm install -g pnpm@latest
# Build with root access
USER root
# Update NPM package
RUN npm install -g npm@latest
ENV NODE_VERSION 14.16.0
ENV USER_UID 1001
# Install yarn from npm package
RUN npm install -g yarn@latest --force
RUN addgroup -g ${USER_UID} node \
&& adduser -u ${USER_UID} -G node -s /bin/sh -D node \
&& apk add --no-cache \
libstdc++ \
&& apk add --no-cache --virtual .build-deps \
curl \
&& ARCH= && alpineArch="$(apk --print-arch)" \
&& case "${alpineArch##*-}" in \
x86_64) \
ARCH='x64' \
CHECKSUM="53cd618bd0cd387d79e954383d67b540ebfbefee9e261800eefff60e1bf38644" \
;; \
*) ;; \
esac \
&& if [ -n "${CHECKSUM}" ]; then \
set -eu; \
curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \
echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
&& ln -s /usr/local/bin/node /usr/local/bin/nodejs; \
else \
echo "Building from source" \
# backup build
&& apk add --no-cache --virtual .build-deps-full \
binutils-gold \
g++ \
gcc \
gnupg \
libgcc \
linux-headers \
make \
python3 \
# gpg keys listed at https://github.com/nodejs/node#release-keys
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
74F12602B6F1C4E913FAA37AD3A89613643B6201 \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
A48C2BEE680E841632CD4E44F07496B3EB3C1762 \
108F52B48DB57BB0CC439B2997B01419BD92F80A \
B9E2F5981AA6E0CD28160D9FF13993A75599653C \
; do \
gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
done \
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
&& grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
&& tar -xf "node-v$NODE_VERSION.tar.xz" \
&& cd "node-v$NODE_VERSION" \
&& ./configure \
&& make -j$(getconf _NPROCESSORS_ONLN) V= \
&& make install \
&& apk del .build-deps-full \
&& cd .. \
&& rm -Rf "node-v$NODE_VERSION" \
&& rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \
fi \
&& rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \
&& apk del .build-deps \
# smoke tests
&& node --version \
&& npm --version
# Checking packages version
RUN echo "NODE: $(node --version)" \
&& echo "NPM: $(npm --version)" \
&& echo "NPX: $(npx --version)" \
&& echo "YARN: $(yarn --version)" \
&& echo "PNPM: $(pnpm --version)"
ENV YARN_VERSION 1.22.5
RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
&& for key in \
6A010C5166006599AA17F08146C2130DFD2497F5 \
; do \
gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
done \
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
&& mkdir -p /opt \
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \
&& rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
&& apk del .build-deps-yarn \
# smoke test
&& yarn --version
COPY entrypoint.sh /usr/local/bin/

111
Dockerfile.16-15-0
View File

@@ -1,111 +0,0 @@
FROM cubetiq/calpine-os-linux:latest
LABEL maintainer="sombochea@cubetiqs.com"
# Build with root access
USER root
ENV NODE_VERSION 16.15.0
ENV NODE_SHA256 4db62cabc0647fc18f537ed10b5573f3c23ffb4d4434e40713e7e472f1ed4e55
ENV USER_UID 1001
RUN addgroup -g ${USER_UID} node \
&& adduser -u ${USER_UID} -G node -s /bin/sh -D node \
&& apk add --no-cache \
libstdc++ \
&& apk add --no-cache --virtual .build-deps \
curl \
&& ARCH= && alpineArch="$(apk --print-arch)" \
&& case "${alpineArch##*-}" in \
x86_64) \
ARCH='x64' \
CHECKSUM=$NODE_SHA256 \
;; \
*) ;; \
esac \
&& if [ -n "${CHECKSUM}" ]; then \
set -eu; \
DL_ROOT="https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \
echo "Downloading Node.js from ${DL_ROOT}"; \
curl -fsSLO --compressed $DL_ROOT; \
echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
&& ln -s /usr/local/bin/node /usr/local/bin/nodejs; \
else \
echo "Building from source" \
# backup build
&& apk add --no-cache --virtual .build-deps-full \
binutils-gold \
g++ \
gcc \
gnupg \
libgcc \
linux-headers \
make \
python3 \
# gpg keys listed at https://github.com/nodejs/node#release-keys
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
74F12602B6F1C4E913FAA37AD3A89613643B6201 \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
A48C2BEE680E841632CD4E44F07496B3EB3C1762 \
108F52B48DB57BB0CC439B2997B01419BD92F80A \
B9E2F5981AA6E0CD28160D9FF13993A75599653C \
; do \
gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
done \
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
&& grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
&& tar -xf "node-v$NODE_VERSION.tar.xz" \
&& cd "node-v$NODE_VERSION" \
&& ./configure \
&& make -j$(getconf _NPROCESSORS_ONLN) V= \
&& make install \
&& apk del .build-deps-full \
&& cd .. \
&& rm -Rf "node-v$NODE_VERSION" \
&& rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \
fi \
&& rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \
&& apk del .build-deps \
# smoke tests
&& node --version \
&& npm --version
ENV YARN_VERSION 1.22.18
RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
&& for key in \
6A010C5166006599AA17F08146C2130DFD2497F5 \
; do \
gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
done \
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
&& mkdir -p /opt \
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \
&& rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
&& apk del .build-deps-yarn \
# smoke test
&& yarn --version
COPY entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["entrypoint.sh"]
CMD [ "node" ]

12
Dockerfile.git
View File

@@ -1,12 +0,0 @@
FROM cubetiq/calpine-node:latest
LABEL maintainer="sombochea@cubetiqs.com"
RUN apk update && apk add --no-cache git
COPY entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["entrypoint.sh"]
CMD [ "node" ]

18
Dockerfile.slim
View File

@@ -1,18 +0,0 @@
FROM node:18-alpine
LABEL maintainer="sombochea@cubetiqs.com"
# Update NPM package
RUN npm install -g npm@latest
# Checking packages version
RUN echo "NODE: $(node --version)" \
&& echo "NPM: $(npm --version)" \
&& echo "NPX: $(npx --version)"
COPY entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["entrypoint.sh"]
CMD [ "node" ]

38
Makefile
View File

@@ -1,44 +1,10 @@
DOCKER_IMAGE=cubetiq/calpine-node
DOCKER_IMAGE_GIT=cubetiq/calpine-node-git
DOCKER_IMAGE_NAME=${DOCKER_IMAGE}:18
DOCKER_IMAGE=cubetiq/calpine-node:14
build:
@echo 'Starting docker build with slim'
docker build -f Dockerfile.slim . -t ${DOCKER_IMAGE}:slim
@echo 'Starting docker push with slim'
docker push ${DOCKER_IMAGE}:slim
@echo 'Starting docker build'
docker build . -t ${DOCKER_IMAGE}
@echo 'Starting docker push'
docker tag ${DOCKER_IMAGE} ${DOCKER_IMAGE_NAME}
docker tag ${DOCKER_IMAGE}
docker push ${DOCKER_IMAGE}
docker push ${DOCKER_IMAGE_NAME}
@echo 'Starting docker build with git'
docker build -f Dockerfile.git . -t ${DOCKER_IMAGE_GIT}
@echo 'Starting docker push with git'
docker push ${DOCKER_IMAGE_GIT}
.PHONY:build
test:
@echo 'Starting docker build with slim'
docker build -f Dockerfile.slim . -t ${DOCKER_IMAGE}:slim
@echo 'Starting docker build'
docker build . -t ${DOCKER_IMAGE}
@echo 'Starting docker run with slim'
docker run --rm -it ${DOCKER_IMAGE}:slim --version
@echo 'Starting docker run'
docker run --rm -it ${DOCKER_IMAGE} --version
@echo 'Starting docker run with git'
docker run --rm -it ${DOCKER_IMAGE_GIT} --version
.PHONY:test

21
README.md
View File

@@ -1,26 +1,21 @@
# CUBETIQ Alpine OS Linux with Nodejs 18
# CUBETIQ Alpine OS Linux with Nodejs 14
![Docker Image Size (latest by date)](https://img.shields.io/docker/image-size/cubetiq/calpine-node)
![Docker Pulls](https://img.shields.io/docker/pulls/cubetiq/calpine-node)
- CUBETIQ Alpine OS Linux (Latest)
- Nodejs 18
- PNPM 8 (8.7.5)
- CUBETIQ Alpine OS Linux (3.13.3)
- Nodejs 14 (14.16.0)
# [Docker Hub](https://hub.docker.com/r/cubetiq/calpine-node)
```shell
docker push cubetiq/calpine-node:latest
docker push cubetiq/calpine-node:14
```
# Usage
```shell
docker run --rm -it cubetiq/calpine-node:latest /bin/sh
docker run --rm -it cubetiq/calpine-node:14 /bin/sh
```
# Example
```Dockerfile
FROM cubetiq/calpine-node:latest
LABEL maintainer="sombochea@cubetiqs.com"
@@ -29,17 +24,15 @@ WORKDIR /usr/src/app
COPY . /usr/src/app
RUN pnpm install
RUN yarn
CMD [ "node" , "index.js"]
```
# Contributors
- Sambo Chea <sombochea@cubetiqs.com>
- Sambo Chea <sombochea@cubetiqs.com>
# License
```text
MIT License

2
examples/excel2json/Dockerfile
View File

@@ -11,6 +11,6 @@ WORKDIR /app
COPY . /app
RUN pnpm install
RUN yarn
CMD [ "node" , "index.js"]

2
examples/sayhello/Dockerfile
View File

@@ -5,6 +5,6 @@ WORKDIR /usr/src/app
COPY . /usr/src/app
RUN pnpm install
RUN yarn
CMD [ "node" , "index.js"]

6
renovate.json
View File

@@ -1,6 +0,0 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
]
}