Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build: FORMS-1799 node update for security fixes #1599

Merged
merged 4 commits into from
Feb 5, 2025
Merged

build: FORMS-1799 node update for security fixes #1599

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
da4cc81
build: FORMS-1799 update node image
WalterMoar Feb 4, 2025
8e8bcd6
build: remove VARIANT argument
WalterMoar Feb 4, 2025
bd519c1
refactor: fix sonar complaints about dockerfile
WalterMoar Feb 4, 2025
d6ba595
refactor: fix sonar complaints about dockerfile
WalterMoar Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 17 additions & 7 deletions .devcontainer/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,21 @@
ARG VARIANT="20.18.1-bookworm"
ARG VARIANT="20.18.2-bookworm"
FROM node:${VARIANT}

# Install some extras such as vim for interactive rebases. Also some
# Cypress prerequisites for running in Debian containers:
# https://docs.cypress.io/app/get-started/install-cypress#UbuntuDebian

RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
# Cypress prerequisites for running in Debian containers:
# https://docs.cypress.io/app/get-started/install-cypress#UbuntuDebian
libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libnss3 libxss1 \
libasound2 libxtst6 xauth xvfb \
# For interactive git rebases
vim
libasound2 \
libgbm-dev \
libgtk-3-0 \
libgtk2.0-0 \
libnotify-dev \
libnss3 \
libxss1 \
libxtst6 \
vim \
xauth \
xvfb \
Comment on lines +10 to +20
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sonar wants the new packages to be in alphabetical order. While I'm usually 100% onboard with alphabetizing things, this does make it a bit more effort to check that we have all the Cypress prerequisites (in case those change).

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this is not a production image we could just ignore it in Sonar. Up to you... but I would be ok with ignoring this file.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it's good to follow the Sonar recommendation - I don't think we'll be checking the Cypress prerequisites that often.

&& apt-get clean
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sonar recommended the clean step to help reduce image size.

5 changes: 1 addition & 4 deletions .devcontainer/devcontainer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,7 @@

"build": {
"dockerfile": "Dockerfile",
"context": "..",
"args": {
"VARIANT": "20.18.1-bookworm"
}
"context": ".."
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While we could just update the value of this VARIANT argument and leave the Dockerfile as-is, I think it will be less confusing for future updates if we just remove this and update the Dockerfile value.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good. Fine with me.

},

"features": {
Expand Down
19 changes: 12 additions & 7 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,22 @@
FROM docker.io/node:20.18.1-alpine3.21
FROM docker.io/node:20.18.2-alpine3.21

ENV NO_UPDATE_NOTIFIER=true
WORKDIR /opt/app-root/src/app
COPY . /opt/app-root/src

# Run the npm tasks to set up the various parts of the application. Then create
# the /.npm directory and grant access to group 0 to allow npm v9 to work
# See: https://docs.openshift.com/container-platform/4.11/openshift_images/create-images.html#use-uid_create-images

RUN npm run all:ci \
&& npm run all:build \
&& npm run frontend:purge \
&& npm run components:clean \
&& npm run components:purge
&& npm run components:purge \
&& mkdir /.npm \
&& chgrp -R 0 /.npm \
&& chmod -R g=u /.npm

EXPOSE 8000
# Create the /.npm directory and grant access to group 0 to allow npm v9 to work
# See: https://docs.openshift.com/container-platform/4.11/openshift_images/create-images.html#use-uid_create-images
RUN mkdir /.npm
RUN chgrp -R 0 /.npm && \
chmod -R g=u /.npm
Comment on lines -14 to -16
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sonar recommended combining RUN steps so that there are fewer layers in the image.


CMD ["npm", "run", "start"]