#0000 - Add cron scheduling and workflow dispatch, enhance Docker image configuration
- Introduced a nightly cron schedule and manual dispatch for the workflow. - Improved Dockerfile for readability, added non-root user setup, and cleaned up apt cache. - Upgraded Node.js installation process and enhanced system package organization.
This commit is contained in:
parent
6095ba1cac
commit
91fabbe9c4
2 changed files with 61 additions and 44 deletions
|
@ -2,6 +2,9 @@ on:
|
|||
push:
|
||||
branches:
|
||||
- 'master'
|
||||
schedule:
|
||||
- cron: '0 0 * * *'
|
||||
workflow_dispatch:
|
||||
jobs:
|
||||
docker-master:
|
||||
runs-on: docker
|
||||
|
|
102
Dockerfile
102
Dockerfile
|
@ -1,55 +1,69 @@
|
|||
FROM debian:12
|
||||
|
||||
# Metadata
|
||||
LABEL maintainer="guillaume@van-hemmen.com"
|
||||
|
||||
# Build arguments
|
||||
ARG ARG_TZ="Europe/Paris"
|
||||
ARG ARG_NODE_MAJOR=22
|
||||
|
||||
RUN ln -snf /usr/share/zoneinfo/$ARG_TZ /etc/localtime && echo $ARG_TZ > /etc/timezone && \
|
||||
apt-get update && apt-get install -y ca-certificates curl gnupg && \
|
||||
mkdir -p /etc/apt/keyrings && \
|
||||
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \
|
||||
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${ARG_NODE_MAJOR}.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \
|
||||
apt-get update && apt-get install -y nodejs sudo && \
|
||||
# System configuration and timezone setup
|
||||
RUN ln -snf /usr/share/zoneinfo/$ARG_TZ /etc/localtime && \
|
||||
echo $ARG_TZ > /etc/timezone
|
||||
|
||||
# Install system packages in a single RUN to reduce layers
|
||||
# Split into logical groups for better readability
|
||||
RUN apt-get update && \
|
||||
apt-get upgrade -y && \
|
||||
apt-get install -y \
|
||||
ca-certificates \
|
||||
fonts-liberation \
|
||||
libappindicator3-1 \
|
||||
libasound2 \
|
||||
libatk-bridge2.0-0 \
|
||||
libatk1.0-0 \
|
||||
libc6 \
|
||||
libcairo2 \
|
||||
libcups2 \
|
||||
libdbus-1-3 \
|
||||
libexpat1 \
|
||||
libfontconfig1 \
|
||||
libgbm1 \
|
||||
libgcc1 \
|
||||
libglib2.0-0 \
|
||||
libgtk-3-0 \
|
||||
libnspr4 \
|
||||
libnss3 \
|
||||
libpango-1.0-0 \
|
||||
libpangocairo-1.0-0 \
|
||||
libstdc++6 \
|
||||
libx11-6 \
|
||||
libx11-xcb1 \
|
||||
libxcb1 \
|
||||
libxcomposite1 \
|
||||
libxcursor1 \
|
||||
libxdamage1 \
|
||||
libxext6 \
|
||||
libxfixes3 \
|
||||
libxi6 \
|
||||
libxrandr2 \
|
||||
libxrender1 \
|
||||
libxss1 \
|
||||
libxtst6 \
|
||||
lsb-release \
|
||||
wget \
|
||||
jq
|
||||
# Development tools
|
||||
build-essential \
|
||||
git \
|
||||
python3 \
|
||||
# System utilities
|
||||
ca-certificates \
|
||||
curl \
|
||||
gnupg2 \
|
||||
procps \
|
||||
sudo \
|
||||
unzip \
|
||||
wget \
|
||||
nano \
|
||||
jq && \
|
||||
# Clean up apt cache to reduce image size
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN npm install -g yarn
|
||||
# User setup and security configuration
|
||||
# Create non-root user 'coder' with sudo privileges
|
||||
RUN useradd -m -s /bin/bash -G sudo coder && \
|
||||
echo "coder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/coder
|
||||
|
||||
# Configure shell environment
|
||||
RUN echo "PS1='🐳 \[\033[1;36m\] \[\033[1;34m\]\W\[\033[0;35m\] \[\033[1;36m\]# \[\033[0m\]'" > /home/coder/.bashrc && \
|
||||
chown coder:coder /home/coder/.bashrc && \
|
||||
chown -R coder:coder /workspaces
|
||||
|
||||
# Run trivy to scan the system
|
||||
RUN apt-get update && apt-get install -y trivy && \
|
||||
trivy filesystem --exit-code 1 --no-progress / && \
|
||||
apt-get remove -y trivy && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Switch to non-root user
|
||||
USER coder
|
||||
|
||||
# Configure bash environment
|
||||
ENV BASH_ENV /home/coder/.bash_env
|
||||
RUN touch "${BASH_ENV}" && \
|
||||
echo '. "${BASH_ENV}"' >> ~/.bashrc
|
||||
|
||||
# Install Node.js using NVM
|
||||
RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | PROFILE="${BASH_ENV}" bash && \
|
||||
. $BASH_ENV && \
|
||||
nvm install ${ARG_NODE_MAJOR} && \
|
||||
nvm alias default ${ARG_NODE_MAJOR} && \
|
||||
nvm use ${ARG_NODE_MAJOR} && \
|
||||
npm i -g yarn patch-package
|
||||
|
||||
# Install Firebase CLI
|
||||
RUN curl -sL firebase.tools | bash
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue