Skip to content

Commit

Permalink
dep updates/alpine 3.20.1
Browse files Browse the repository at this point in the history
Signed-off-by: Zoey <[email protected]>
  • Loading branch information
Zoey2936 committed Jun 21, 2024
1 parent ec47bdc commit 9cafbd1
Show file tree
Hide file tree
Showing 7 changed files with 54 additions and 50 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/caddy-fmt.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
uses: actions/checkout@v4
- name: Read version
id: version
run: echo "version=$(cat Caddy.Dockerfile | grep -wE "FROM caddy:*" | head -1 | sed "s|FROM caddy:\([0-9.]\+\).*|\1|g")" >> $GITHUB_OUTPUT
run: echo "version=$(cat Caddy.Dockerfile | grep "^COPY --from=caddy:.*$" | head -1 | sed "s|COPY --from=caddy:\([0-9.]\+\).*|\1|g")" >> $GITHUB_OUTPUT
- name: caddy-fmt
run: |
docker run --rm -v ${{ github.workspace }}/Caddyfile:/etc/caddy/Caddyfile caddy:${{ steps.version.outputs.version }} caddy fmt --overwrite /etc/caddy/Caddyfile
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/caddy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ jobs:
username: ${{ steps.un.outputs.un }}
password: ${{ github.token }}
- name: Build
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
if: ${{ github.event_name != 'pull_request' }}
with:
context: .
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ jobs:
sed -i "s|\"0.0.0\"|\"$version\"|g" frontend/package.json
sed -i "s|\"0.0.0\"|\"$version\"|g" backend/package.json
- name: Build
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
if: ${{ github.event_name != 'pull_request' }}
with:
context: .
Expand All @@ -80,7 +80,7 @@ jobs:
id: pr
run: echo "pr=$(echo pr-${{ github.ref_name }} | sed "s|refs/pull/:||g" | sed "s|/merge||g")" >> $GITHUB_OUTPUT
- name: Build (PR)
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
if: ${{ github.event_name == 'pull_request' }}
with:
context: .
Expand Down
6 changes: 2 additions & 4 deletions Caddy.Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
FROM caddy:2.8.4 as caddy

FROM alpine:3.20.0
FROM alpine:3.20.1
RUN apk add --no-cache ca-certificates tzdata
COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
COPY --from=caddy:2.8.4 /usr/bin/caddy /usr/bin/caddy
COPY Caddyfile /etc/caddy/Caddyfile

CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]
78 changes: 42 additions & 36 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,46 +1,53 @@
# syntax=docker/dockerfile:labs
FROM --platform="$BUILDPLATFORM" alpine:3.20.0 as frontend
COPY frontend /build/frontend
COPY global/certbot-dns-plugins.json /build/frontend/certbot-dns-plugins.json
FROM --platform="$BUILDPLATFORM" alpine:3.20.1 AS frontend
COPY frontend /app
COPY global/certbot-dns-plugins.json /app/certbot-dns-plugins.json
ARG NODE_ENV=production \
NODE_OPTIONS=--openssl-legacy-provider
WORKDIR /build/frontend
WORKDIR /app/frontend
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates nodejs yarn git python3 py3-pip build-base && \
apk add --no-cache ca-certificates nodejs yarn git python3 py3-pip build-base file && \
yarn global add clean-modules && \
pip install setuptools --no-cache-dir --break-system-packages && \
yarn --no-lockfile install && \
clean-modules --yes && \
yarn --no-lockfile build && \
yarn cache clean --all
COPY darkmode.css /build/frontend/dist/css/darkmode.css
COPY security.txt /build/frontend/dist/.well-known/security.txt
yarn cache clean --all && \
clean-modules --yes && \
find /app/node_modules/dist -name "*.node" -exec file {} \;
COPY darkmode.css /app/dist/css/darkmode.css
COPY security.txt /app/dist/.well-known/security.txt


FROM --platform="$BUILDPLATFORM" alpine:3.20.0 as backend
FROM --platform="$BUILDPLATFORM" alpine:3.20.1 AS build-backend
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
COPY backend /build/backend
COPY global/certbot-dns-plugins.json /build/backend/certbot-dns-plugins.json
COPY backend /app
COPY global/certbot-dns-plugins.json /app/certbot-dns-plugins.json
ARG NODE_ENV=production \
TARGETARCH
WORKDIR /build/backend
WORKDIR /app
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates nodejs yarn && \
apk add --no-cache ca-certificates nodejs yarn file && \
yarn global add clean-modules && \
if [ "$TARGETARCH" = "amd64" ]; then \
npm_config_target_platform=linux npm_config_target_arch=x64 yarn install --no-lockfile; \
npm_config_target_platform=linux npm_config_target_arch=x64 yarn install --no-lockfile && \
for file in $(find /app/node_modules -name "*.node" -exec file {} \; | grep -v "x86-64" | sed "s|\(.*\):.*|\1|g"); do rm -v "$file"; done; \
elif [ "$TARGETARCH" = "arm64" ]; then \
npm_config_target_platform=linux npm_config_target_arch=arm64 yarn install --no-lockfile; \
npm_config_target_platform=linux npm_config_target_arch=arm64 yarn install --no-lockfile && \
for file in $(find /app/node_modules -name "*.node" -exec file {} \; | grep -v "aarch64" | sed "s|\(.*\):.*|\1|g"); do rm -v "$file"; done; \
fi && \
clean-modules --yes && \
yarn cache clean --all
yarn cache clean --all && \
clean-modules --yes
FROM alpine:3.20.1 AS strip-backend
COPY --from=build-backend /app /app
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates binutils file && \
find /app/node_modules -name "*.node" -exec strip -s {} \; && \
find /app/node_modules -name "*.node" -exec file {} \;


FROM --platform="$BUILDPLATFORM" alpine:3.20.0 as crowdsec
FROM --platform="$BUILDPLATFORM" alpine:3.20.1 AS crowdsec
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]

ARG CSNB_VER=v1.0.8

WORKDIR /src
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates git build-base && \
Expand All @@ -59,15 +66,14 @@ RUN apk upgrade --no-cache -a && \
echo "APPSEC_FAILURE_ACTION=deny" | tee -a /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \
sed -i "s|BOUNCING_ON_TYPE=all|BOUNCING_ON_TYPE=ban|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf

FROM zoeyvid/nginx-quic:290-python
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]

ARG CRS_VER=v4.3.0

FROM zoeyvid/nginx-quic:294-python
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
COPY rootfs /
COPY --from=zoeyvid/certbot-docker:38 /usr/local /usr/local
COPY --from=zoeyvid/curl-quic:388 /usr/local/bin/curl /usr/local/bin/curl
COPY --from=zoeyvid/certbot-docker:42 /usr/local /usr/local
COPY --from=zoeyvid/curl-quic:397 /usr/local/bin/curl /usr/local/bin/curl

ARG CRS_VER=v4.3.0
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates tzdata tini \
nodejs \
Expand All @@ -90,24 +96,24 @@ RUN apk upgrade --no-cache -a && \
yarn global add nginxbeautifier && \
apk del --no-cache luarocks5.1 lua5.1-dev lua5.1-sec build-base git yarn

COPY --from=backend /build/backend /app
COPY --from=frontend /build/frontend/dist /html/frontend
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins /usr/local/nginx/lib/lua/plugins
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua /usr/local/nginx/lib/lua/crowdsec.lua
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html /usr/local/nginx/conf/conf.d/include/ban.html
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf
COPY --from=strip-backend /app /app
COPY --from=frontend /app/dist /html/frontend
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins /usr/local/nginx/lib/lua/plugins
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua /usr/local/nginx/lib/lua/crowdsec.lua
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html /usr/local/nginx/conf/conf.d/include/ban.html
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf

RUN ln -s /usr/local/acme.sh/acme.sh /usr/local/bin/acme.sh && \
ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \
ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \
ln -s /app/index.js /usr/local/bin/index.js

LABEL com.centurylinklabs.watchtower.monitor-only="true"
ENV NODE_ENV=production \
NODE_CONFIG_DIR=/data/etc/npm \
DB_SQLITE_FILE=/data/etc/npm/database.sqlite
LABEL com.centurylinklabs.watchtower.monitor-only="true"
ENV PUID=0 \
PGID=0 \
NIBEP=48693 \
Expand Down
10 changes: 5 additions & 5 deletions backend/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
"gravatar": "1.8.2",
"jsonwebtoken": "9.0.2",
"knex": "3.1.0",
"liquidjs": "10.13.1",
"liquidjs": "10.14.0",
"lodash": "4.17.21",
"moment": "2.30.1",
"mysql": "2.18.1",
Expand All @@ -29,11 +29,11 @@
"author": "Jamie Curnow <[email protected]> and ZoeyVid <[email protected]>",
"license": "MIT",
"devDependencies": {
"@eslint/js": "9.4.0",
"eslint": "9.4.0",
"@eslint/js": "9.5.0",
"eslint": "9.5.0",
"eslint-config-prettier": "9.1.0",
"eslint-plugin-prettier": "5.1.3",
"globals": "15.4.0",
"prettier": "3.3.1"
"globals": "15.6.0",
"prettier": "3.3.2"
}
}
2 changes: 1 addition & 1 deletion frontend/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
"mini-css-extract-plugin": "1.6.2",
"moment": "2.30.1",
"node-sass": "7.0.3",
"nodemon": "3.1.3",
"nodemon": "3.1.4",
"numeral": "2.0.6",
"sass-loader": "10.5.2",
"style-loader": "4.0.0",
Expand Down

0 comments on commit 9cafbd1

Please sign in to comment.