From 9cafbd1c53ff86e0b13304966a470a7418ecf8fd Mon Sep 17 00:00:00 2001 From: Zoey Date: Tue, 11 Jun 2024 09:18:58 +0200 Subject: [PATCH] dep updates/alpine 3.20.1 Signed-off-by: Zoey --- .github/workflows/caddy-fmt.yml | 2 +- .github/workflows/caddy.yml | 2 +- .github/workflows/docker.yml | 4 +- Caddy.Dockerfile | 6 +-- Dockerfile | 78 ++++++++++++++++++--------------- backend/package.json | 10 ++--- frontend/package.json | 2 +- 7 files changed, 54 insertions(+), 50 deletions(-) diff --git a/.github/workflows/caddy-fmt.yml b/.github/workflows/caddy-fmt.yml index 05cc8432c..903126a90 100644 --- a/.github/workflows/caddy-fmt.yml +++ b/.github/workflows/caddy-fmt.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v4 - name: Read version id: version - run: echo "version=$(cat Caddy.Dockerfile | grep -wE "FROM caddy:*" | head -1 | sed "s|FROM caddy:\([0-9.]\+\).*|\1|g")" >> $GITHUB_OUTPUT + run: echo "version=$(cat Caddy.Dockerfile | grep "^COPY --from=caddy:.*$" | head -1 | sed "s|COPY --from=caddy:\([0-9.]\+\).*|\1|g")" >> $GITHUB_OUTPUT - name: caddy-fmt run: | docker run --rm -v ${{ github.workspace }}/Caddyfile:/etc/caddy/Caddyfile caddy:${{ steps.version.outputs.version }} caddy fmt --overwrite /etc/caddy/Caddyfile diff --git a/.github/workflows/caddy.yml b/.github/workflows/caddy.yml index f2248574b..cc116bec1 100644 --- a/.github/workflows/caddy.yml +++ b/.github/workflows/caddy.yml @@ -41,7 +41,7 @@ jobs: username: ${{ steps.un.outputs.un }} password: ${{ github.token }} - name: Build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 if: ${{ github.event_name != 'pull_request' }} with: context: . diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index e03d40ef0..13e341676 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -60,7 +60,7 @@ jobs: sed -i "s|\"0.0.0\"|\"$version\"|g" frontend/package.json sed -i "s|\"0.0.0\"|\"$version\"|g" backend/package.json - name: Build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 if: ${{ github.event_name != 'pull_request' }} with: context: . @@ -80,7 +80,7 @@ jobs: id: pr run: echo "pr=$(echo pr-${{ github.ref_name }} | sed "s|refs/pull/:||g" | sed "s|/merge||g")" >> $GITHUB_OUTPUT - name: Build (PR) - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 if: ${{ github.event_name == 'pull_request' }} with: context: . diff --git a/Caddy.Dockerfile b/Caddy.Dockerfile index de4648e9f..93818cdd9 100644 --- a/Caddy.Dockerfile +++ b/Caddy.Dockerfile @@ -1,8 +1,6 @@ -FROM caddy:2.8.4 as caddy - -FROM alpine:3.20.0 +FROM alpine:3.20.1 RUN apk add --no-cache ca-certificates tzdata -COPY --from=caddy /usr/bin/caddy /usr/bin/caddy +COPY --from=caddy:2.8.4 /usr/bin/caddy /usr/bin/caddy COPY Caddyfile /etc/caddy/Caddyfile CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"] diff --git a/Dockerfile b/Dockerfile index e82d3ada2..9ecc73b94 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,46 +1,53 @@ # syntax=docker/dockerfile:labs -FROM --platform="$BUILDPLATFORM" alpine:3.20.0 as frontend -COPY frontend /build/frontend -COPY global/certbot-dns-plugins.json /build/frontend/certbot-dns-plugins.json +FROM --platform="$BUILDPLATFORM" alpine:3.20.1 AS frontend +COPY frontend /app +COPY global/certbot-dns-plugins.json /app/certbot-dns-plugins.json ARG NODE_ENV=production \ NODE_OPTIONS=--openssl-legacy-provider -WORKDIR /build/frontend +WORKDIR /app/frontend RUN apk upgrade --no-cache -a && \ - apk add --no-cache ca-certificates nodejs yarn git python3 py3-pip build-base && \ + apk add --no-cache ca-certificates nodejs yarn git python3 py3-pip build-base file && \ yarn global add clean-modules && \ pip install setuptools --no-cache-dir --break-system-packages && \ yarn --no-lockfile install && \ - clean-modules --yes && \ yarn --no-lockfile build && \ - yarn cache clean --all -COPY darkmode.css /build/frontend/dist/css/darkmode.css -COPY security.txt /build/frontend/dist/.well-known/security.txt + yarn cache clean --all && \ + clean-modules --yes && \ + find /app/node_modules/dist -name "*.node" -exec file {} \; +COPY darkmode.css /app/dist/css/darkmode.css +COPY security.txt /app/dist/.well-known/security.txt -FROM --platform="$BUILDPLATFORM" alpine:3.20.0 as backend +FROM --platform="$BUILDPLATFORM" alpine:3.20.1 AS build-backend SHELL ["/bin/ash", "-eo", "pipefail", "-c"] -COPY backend /build/backend -COPY global/certbot-dns-plugins.json /build/backend/certbot-dns-plugins.json +COPY backend /app +COPY global/certbot-dns-plugins.json /app/certbot-dns-plugins.json ARG NODE_ENV=production \ TARGETARCH -WORKDIR /build/backend +WORKDIR /app RUN apk upgrade --no-cache -a && \ - apk add --no-cache ca-certificates nodejs yarn && \ + apk add --no-cache ca-certificates nodejs yarn file && \ yarn global add clean-modules && \ if [ "$TARGETARCH" = "amd64" ]; then \ - npm_config_target_platform=linux npm_config_target_arch=x64 yarn install --no-lockfile; \ + npm_config_target_platform=linux npm_config_target_arch=x64 yarn install --no-lockfile && \ + for file in $(find /app/node_modules -name "*.node" -exec file {} \; | grep -v "x86-64" | sed "s|\(.*\):.*|\1|g"); do rm -v "$file"; done; \ elif [ "$TARGETARCH" = "arm64" ]; then \ - npm_config_target_platform=linux npm_config_target_arch=arm64 yarn install --no-lockfile; \ + npm_config_target_platform=linux npm_config_target_arch=arm64 yarn install --no-lockfile && \ + for file in $(find /app/node_modules -name "*.node" -exec file {} \; | grep -v "aarch64" | sed "s|\(.*\):.*|\1|g"); do rm -v "$file"; done; \ fi && \ - clean-modules --yes && \ - yarn cache clean --all + yarn cache clean --all && \ + clean-modules --yes +FROM alpine:3.20.1 AS strip-backend +COPY --from=build-backend /app /app +RUN apk upgrade --no-cache -a && \ + apk add --no-cache ca-certificates binutils file && \ + find /app/node_modules -name "*.node" -exec strip -s {} \; && \ + find /app/node_modules -name "*.node" -exec file {} \; -FROM --platform="$BUILDPLATFORM" alpine:3.20.0 as crowdsec +FROM --platform="$BUILDPLATFORM" alpine:3.20.1 AS crowdsec SHELL ["/bin/ash", "-eo", "pipefail", "-c"] - ARG CSNB_VER=v1.0.8 - WORKDIR /src RUN apk upgrade --no-cache -a && \ apk add --no-cache ca-certificates git build-base && \ @@ -59,15 +66,14 @@ RUN apk upgrade --no-cache -a && \ echo "APPSEC_FAILURE_ACTION=deny" | tee -a /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \ sed -i "s|BOUNCING_ON_TYPE=all|BOUNCING_ON_TYPE=ban|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf -FROM zoeyvid/nginx-quic:290-python -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] - -ARG CRS_VER=v4.3.0 +FROM zoeyvid/nginx-quic:294-python +SHELL ["/bin/ash", "-eo", "pipefail", "-c"] COPY rootfs / -COPY --from=zoeyvid/certbot-docker:38 /usr/local /usr/local -COPY --from=zoeyvid/curl-quic:388 /usr/local/bin/curl /usr/local/bin/curl +COPY --from=zoeyvid/certbot-docker:42 /usr/local /usr/local +COPY --from=zoeyvid/curl-quic:397 /usr/local/bin/curl /usr/local/bin/curl +ARG CRS_VER=v4.3.0 RUN apk upgrade --no-cache -a && \ apk add --no-cache ca-certificates tzdata tini \ nodejs \ @@ -90,24 +96,24 @@ RUN apk upgrade --no-cache -a && \ yarn global add nginxbeautifier && \ apk del --no-cache luarocks5.1 lua5.1-dev lua5.1-sec build-base git yarn -COPY --from=backend /build/backend /app -COPY --from=frontend /build/frontend/dist /html/frontend -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins /usr/local/nginx/lib/lua/plugins -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua /usr/local/nginx/lib/lua/crowdsec.lua -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html /usr/local/nginx/conf/conf.d/include/ban.html -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf -COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf +COPY --from=strip-backend /app /app +COPY --from=frontend /app/dist /html/frontend +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins /usr/local/nginx/lib/lua/plugins +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua /usr/local/nginx/lib/lua/crowdsec.lua +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html /usr/local/nginx/conf/conf.d/include/ban.html +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf +COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf RUN ln -s /usr/local/acme.sh/acme.sh /usr/local/bin/acme.sh && \ ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \ ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \ ln -s /app/index.js /usr/local/bin/index.js +LABEL com.centurylinklabs.watchtower.monitor-only="true" ENV NODE_ENV=production \ NODE_CONFIG_DIR=/data/etc/npm \ DB_SQLITE_FILE=/data/etc/npm/database.sqlite -LABEL com.centurylinklabs.watchtower.monitor-only="true" ENV PUID=0 \ PGID=0 \ NIBEP=48693 \ diff --git a/backend/package.json b/backend/package.json index 448157cfc..bd0aade09 100644 --- a/backend/package.json +++ b/backend/package.json @@ -16,7 +16,7 @@ "gravatar": "1.8.2", "jsonwebtoken": "9.0.2", "knex": "3.1.0", - "liquidjs": "10.13.1", + "liquidjs": "10.14.0", "lodash": "4.17.21", "moment": "2.30.1", "mysql": "2.18.1", @@ -29,11 +29,11 @@ "author": "Jamie Curnow and ZoeyVid ", "license": "MIT", "devDependencies": { - "@eslint/js": "9.4.0", - "eslint": "9.4.0", + "@eslint/js": "9.5.0", + "eslint": "9.5.0", "eslint-config-prettier": "9.1.0", "eslint-plugin-prettier": "5.1.3", - "globals": "15.4.0", - "prettier": "3.3.1" + "globals": "15.6.0", + "prettier": "3.3.2" } } diff --git a/frontend/package.json b/frontend/package.json index 78f3d80a3..b866b7e79 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -28,7 +28,7 @@ "mini-css-extract-plugin": "1.6.2", "moment": "2.30.1", "node-sass": "7.0.3", - "nodemon": "3.1.3", + "nodemon": "3.1.4", "numeral": "2.0.6", "sass-loader": "10.5.2", "style-loader": "4.0.0",