From 00c2a01d1abb9fcdda79efb48fa65d19e0cd60bc Mon Sep 17 00:00:00 2001 From: Kazuki Ota Date: Tue, 28 Nov 2023 14:15:00 +0900 Subject: [PATCH] Improve image. (#5) * WIP: Invert exit code. * WIP: difference with deno_docker * WIP * update. --- .github/workflows/push.json | 6 +----- .github/workflows/push.yaml | 5 +---- README.md | 18 ++++++++++++++---- src/alpine.dockerfile | 6 ++---- src/distroless.dockerfile | 8 +++++++- 5 files changed, 25 insertions(+), 18 deletions(-) diff --git a/.github/workflows/push.json b/.github/workflows/push.json index 8f53057..c6b6bac 100644 --- a/.github/workflows/push.json +++ b/.github/workflows/push.json @@ -18,11 +18,7 @@ "run": "echo value=$(curl -Ls https://api.github.com/repos/denoland/deno/releases/latest | yq '.tag_name') >> ${{github.output}}" }, { "name": "compare dockerhub tag and deno latest version", - "run": "curl -Ls https://registry.hub.docker.com/v2/repositories/dojyorin/deno/tags?page_size=100 | yq '\"v\" + .results[].name' | grep -q ${{steps.deno_v.outputs.value}}" - }, { - "if": "${{failure()}}", - "name": "detect latest version - ${{steps.deno_v.outputs.value}}", - "run": "true" + "run": "! curl -Ls https://registry.hub.docker.com/v2/repositories/dojyorin/deno/tags?page_size=100 | yq '\"v\" + .results[].name' | grep -q ${{steps.deno_v.outputs.value}}" }] }, "build": { diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index 3086d89..6a10565 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -13,10 +13,7 @@ jobs: name: get deno latest version run: echo value=$(curl -Ls https://api.github.com/repos/denoland/deno/releases/latest | yq '.tag_name') >> ${{github.output}} - name: compare dockerhub tag and deno latest version - run: curl -Ls https://registry.hub.docker.com/v2/repositories/dojyorin/deno/tags?page_size=100 | yq '"v" + .results[].name' | grep -q ${{steps.deno_v.outputs.value}} - - if: ${{failure()}} - name: detect latest version - ${{steps.deno_v.outputs.value}} - run: "true" + run: '! curl -Ls https://registry.hub.docker.com/v2/repositories/dojyorin/deno/tags?page_size=100 | yq ''"v" + .results[].name'' | grep -q ${{steps.deno_v.outputs.value}}' build: name: 'build: ${{matrix.distro}}' runs-on: ubuntu-latest diff --git a/README.md b/README.md index 26cfc4e..c04ba90 100644 --- a/README.md +++ b/README.md @@ -12,11 +12,11 @@ This image is published on DockerHub and synchronized with latest version of [de - Distroless: [dojyorin/deno:distroless](https://hub.docker.com/r/dojyorin/deno/tags?name=distroless) (default) - Alpine: [dojyorin/deno:alpine](https://hub.docker.com/r/dojyorin/deno/tags?name=alpine) -# Usage +# How to use Easy to introduce in your project. -**⚠Notes** -- When starting container, be sure to add `--init` flag (`docker run`) or `init: true` property (`docker-compose.yml`) to avoid [PID 1 Problem](https://www.docker.com/blog/keep-nodejs-rockin-in-docker/#:~:text=PID%201%20Problem). +**⚠ Notes ⚠** +- When starting container, be sure to add `--init` flag (`docker run`) or `init: true` property (`docker-compose.yml`) to avoid [PID 1 Problem](https://www.docker.com/blog/keep-nodejs-rockin-in-docker#:~:text=PID%201%20Problem). - For security reasons, default runtime user is `nonroot` in distroless and `nobody` in other distributions. **As single image** @@ -50,4 +50,14 @@ FROM dojyorin/deno:latest COPY /project/* /project/ EXPOSE 8000 CMD ["run", "/project/main.ts"] -``` \ No newline at end of file +``` + +# Difference with official image + +This project was created to solve the problems faced by [deno_docker](https://github.com/denoland/deno_docker) official images. + +- [tini](https://github.com/krallin/tini) is redundant +- Alpine dependent on third-party image +- Using old debian in Distroless (Uses 11, latest is 12) + +If official images solve those issues, this project will be unnecessary... \ No newline at end of file diff --git a/src/alpine.dockerfile b/src/alpine.dockerfile index 48d32e9..056b6a2 100644 --- a/src/alpine.dockerfile +++ b/src/alpine.dockerfile @@ -13,11 +13,9 @@ ENV LD_LIBRARY_PATH="/usr/local/lib" COPY --from=deno --chown=root:root --chmod=755 /tmp/deno /usr/local/bin/ COPY --from=cc --chown=root:root --chmod=755 /lib/*-linux-gnu/* /usr/local/lib/ +COPY --from=cc --chown=root:root --chmod=755 /lib64/* /lib64/ -RUN mkdir /lib64 && \ - ln -s /usr/local/lib/ld-linux-*.so.2 /lib64/ && \ - sed -i -e 's|nobody:/|nobody:/home/nobody|' /etc/passwd && \ - install -d -o nobody -g nobody -m 700 /home/nobody +RUN sed -i -e 's|nobody:/|nobody:/home/nobody|' /etc/passwd && install -d -o nobody -g nobody -m 700 /home/nobody USER nobody ENTRYPOINT ["/usr/local/bin/deno"] \ No newline at end of file diff --git a/src/distroless.dockerfile b/src/distroless.dockerfile index 2dfe4e4..1d6f1c0 100644 --- a/src/distroless.dockerfile +++ b/src/distroless.dockerfile @@ -5,9 +5,15 @@ ARG DENO_VERSION RUN apk --update --no-cache add curl RUN curl -Ls https://github.com/denoland/deno/releases/download/${DENO_VERSION}/deno-$(arch)-unknown-linux-gnu.zip | unzip -q -d /tmp - -FROM gcr.io/distroless/cc-debian12:latest +FROM gcr.io/distroless/cc-debian12:latest AS cc + +FROM gcr.io/distroless/static-debian12:latest + +ENV LD_LIBRARY_PATH="/usr/local/lib" COPY --from=deno --chown=root:root --chmod=755 /tmp/deno /usr/local/bin/ +COPY --from=cc --chown=root:root --chmod=755 /lib/*-linux-gnu/* /usr/local/lib/ +COPY --from=cc --chown=root:root --chmod=755 /lib64/* /lib64/ USER nonroot ENTRYPOINT ["/usr/local/bin/deno"] \ No newline at end of file