From 8d35b6ddb60301248990c0d5ff5e114d3b390079 Mon Sep 17 00:00:00 2001 From: Fabian Meyer <3982806+meyfa@users.noreply.github.com> Date: Sun, 1 Dec 2024 15:52:57 +0100 Subject: [PATCH] feat: Optimize Docker image, build for amd64+arm64 (#173) --- .dockerignore | 30 +++++++++++++++++++++++------- .github/workflows/build.yml | 1 + .github/workflows/publish.yml | 1 + Dockerfile | 20 ++++++++++++++------ README.md | 11 +++++++++-- backend/tsconfig.json | 1 + package.json | 2 +- tsconfig.json | 1 + 8 files changed, 51 insertions(+), 16 deletions(-) diff --git a/.dockerignore b/.dockerignore index 74cdc3c..9b2b283 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,19 +1,35 @@ # Default ignored files -.env -.idea -node_modules/ -renovate.json -.github -README.md +**/.DS_Store +**/.env +**/node_modules + .gitignore .gitattributes +.github +.idea +.vscode + +README.md +CHANGELOG.md + +renovate.json +.release-please-manifest.json +release-please-config.json + +.dockerignore +Dockerfile # build folders and files -/dist +**/dist .nyc_output /tmp /coverage /junit.xml +# test folders and files +/test +/integration +/backend/test + # configuration /config diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 01b1e53..89a722e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,6 +25,7 @@ jobs: uses: docker/build-push-action@v6 with: context: ./ + platforms: linux/amd64,linux/arm64 push: false cache-from: type=gha cache-to: type=gha,mode=max diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 37cc8f2..b466425 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -44,6 +44,7 @@ jobs: uses: docker/build-push-action@v6 with: context: . + platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile index 8444a0a..4f793d0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,23 +6,31 @@ WORKDIR /app COPY package*.json ./ COPY backend/package*.json ./backend/ COPY frontend/package*.json ./frontend/ -RUN npm ci +# https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md#node-gyp-alpine +RUN apk add --no-cache --virtual .gyp python3 py-setuptools make g++ \ + && npm ci \ + && apk del .gyp # copy in app code and build it COPY . . RUN npm run build - # -- execution -- FROM node:20.18.1-alpine WORKDIR /app -# install PRODUCTION dependencies +RUN apk add --no-cache tini + +# install production dependencies COPY package*.json ./ COPY backend/package*.json ./backend/ COPY frontend/package*.json ./frontend/ -RUN npm ci --omit=dev -RUN apk add --no-cache tini + +# https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md#node-gyp-alpine +RUN apk add --no-cache --virtual .gyp python3 py-setuptools make g++ \ + && npm ci --omit=dev --workspace=backend --include-workspace-root \ + && npm cache clean --force \ + && apk del .gyp # add the already compiled code and the default config # (custom config must be set via volume) @@ -37,4 +45,4 @@ EXPOSE 8080 # use tini as init process since Node.js isn't designed to be run as PID 1 ENTRYPOINT ["/sbin/tini", "--"] -CMD ["node", "--disable-proto=delete", "dist/main.js"] +CMD ["node", "--enable-source-maps", "--disable-proto=delete", "dist/main.js"] diff --git a/README.md b/README.md index ad4752b..2c86f68 100644 --- a/README.md +++ b/README.md @@ -57,10 +57,17 @@ For more information, refer to the [Kubernetes RBAC documentation](https://kuber ### Docker -You can run Foreman via Docker using the following command: +You can run Foreman via Docker: ```sh -docker run -p 8080:8080 -v /path/to/config:/app/config contane/foreman:latest +docker run --detach \ + --restart=unless-stopped \ + --cap-drop=all \ + --security-opt=no-new-privileges \ + --read-only \ + --volume=/path/to/config:/app/config:ro \ + -p=8080:8080/tcp \ + contane/foreman:latest ``` Here, `/path/to/config` is the path to the configuration directory on the host, and Foreman will be accessible on diff --git a/backend/tsconfig.json b/backend/tsconfig.json index 84ca40f..6c84a30 100644 --- a/backend/tsconfig.json +++ b/backend/tsconfig.json @@ -9,6 +9,7 @@ "skipLibCheck": true, "forceConsistentCasingInFileNames": true, "declaration": true, + "inlineSourceMap": true, "outDir": "./dist" }, "include": [ diff --git a/package.json b/package.json index 3bf1d19..d0ff157 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "test": "npm run test:unit && npm run test:integration", "test:unit": "npm run test --workspaces --if-present && mocha --require tsx --recursive \"test/**/*.ts\"", "test:integration": "mocha --require tsx --recursive \"integration/**/*.ts\"", - "start": "node --disable-proto=delete dist/main.js" + "start": "node --enable-source-maps --disable-proto=delete dist/main.js" }, "repository": { "type": "git", diff --git a/tsconfig.json b/tsconfig.json index b56f3c6..261a0cb 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -9,6 +9,7 @@ "skipLibCheck": true, "forceConsistentCasingInFileNames": true, "declaration": false, + "inlineSourceMap": true, "outDir": "./dist" }, "include": [