-
Notifications
You must be signed in to change notification settings - Fork 104
/
Copy pathDockerfile
104 lines (78 loc) · 3.26 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors
#
# SPDX-License-Identifier: Apache-2.0
############# builder #############
FROM node:22-alpine3.20 AS builder
WORKDIR /volume
RUN apk add --no-cache tini \
# tini and node binaries
&& mkdir -p ./sbin ./usr/local/bin \
&& cp /sbin/tini ./sbin/ \
&& cp /usr/local/bin/node ./usr/local/bin/ \
# root ca certificates
&& mkdir -p ./etc/ssl \
&& cp -r /etc/ssl/certs ./etc/ssl \
# node user
&& echo 'node:x:1000:1000:node,,,:/home/node:/sbin/nologin' > ./etc/passwd \
&& echo 'node:x:1000:node' > ./etc/group \
&& mkdir -p ./home/node \
&& chown 1000:1000 ./home/node \
# libc, libgcc and libstdc++ libraries
&& mkdir -p ./lib ./usr/lib \
&& alpineArch="$(apk --print-arch)" \
&& cp -d /lib/ld-musl-$alpineArch.so.* ./lib \
&& cp -d /lib/libc.musl-$alpineArch.so.* ./lib \
&& cp -d /usr/lib/libgcc_s.so.* ./usr/lib \
&& cp -d /usr/lib/libstdc++.so.* ./usr/lib
WORKDIR /app
COPY . .
# validate zero-installs project and disable network
RUN yarn config set enableNetwork false
RUN yarn install --immutable --immutable-cache
# check and report found duplicate dependencies
RUN yarn dedupe --check
# check that the constraints are met
RUN yarn constraints
# run lint
RUN yarn workspace @gardener-dashboard/logger run lint-sarif
RUN yarn workspace @gardener-dashboard/request run lint-sarif
RUN yarn workspace @gardener-dashboard/kube-config run lint-sarif
RUN yarn workspace @gardener-dashboard/kube-client run lint-sarif
RUN yarn workspace @gardener-dashboard/monitor run lint-sarif
# run test --coverage
RUN yarn workspace @gardener-dashboard/logger run test --coverage
RUN yarn workspace @gardener-dashboard/request run test --coverage
RUN yarn workspace @gardener-dashboard/kube-config run test --coverage
RUN yarn workspace @gardener-dashboard/kube-client run test --coverage
RUN yarn workspace @gardener-dashboard/monitor run test --coverage
############# node-scratch #############
FROM scratch AS node-scratch
ENV NODE_ENV="production"
COPY --from=builder /volume /
WORKDIR /app
USER node
VOLUME ["/home/node"]
ENTRYPOINT [ "tini", "--", "node"]
############# dashboard-builder #############
FROM builder AS dashboard-builder
# run lint
RUN yarn workspace @gardener-dashboard/backend run lint-sarif
RUN yarn workspace @gardener-dashboard/frontend run lint-sarif
# run test --coverage
RUN yarn workspace @gardener-dashboard/backend run test --coverage
RUN yarn workspace @gardener-dashboard/frontend run test --coverage
# bump version
RUN yarn workspace @gardener-dashboard/backend version "$(cat VERSION)"
RUN yarn workspace @gardener-dashboard/frontend version "$(cat VERSION)"
# run frontend build
RUN yarn workspace @gardener-dashboard/frontend run build
# build application
RUN yarn workspace @gardener-dashboard/backend prod-install --pack /app/dist \
&& find /app/dist/.yarn -mindepth 1 -name cache -prune -o -exec rm -rf {} + \
&& mv /app/frontend/dist /app/dist/public \
&& chown -R 1000:1000 /app/dist
############# dashboard #############
FROM node-scratch AS dashboard
COPY --from=dashboard-builder /app/dist .
ENTRYPOINT [ "tini", "--", "node", "--require=/app/.pnp.cjs", "--loader=/app/.pnp.loader.mjs"]
CMD ["server.js"]