- Add cron scheduling and workflow dispatch, enhance Docker image configuration

- Introduced a nightly cron schedule and manual dispatch for the workflow.
- Improved Dockerfile for readability, added non-root user setup, and cleaned up apt cache.
- Upgraded Node.js installation process and enhanced system package organization.
This commit is contained in:
Guillaume "B.B." Van Hemmen 2025-06-25 16:05:19 +00:00
parent 6095ba1cac
commit 91fabbe9c4
2 changed files with 61 additions and 44 deletions

View file

@ -2,6 +2,9 @@ on:
push:
branches:
- 'master'
schedule:
- cron: '0 0 * * *'
workflow_dispatch:
jobs:
docker-master:
runs-on: docker

View file

@ -1,55 +1,69 @@
FROM debian:12
# Metadata
LABEL maintainer="guillaume@van-hemmen.com"
# Build arguments
ARG ARG_TZ="Europe/Paris"
ARG ARG_NODE_MAJOR=22
RUN ln -snf /usr/share/zoneinfo/$ARG_TZ /etc/localtime && echo $ARG_TZ > /etc/timezone && \
apt-get update && apt-get install -y ca-certificates curl gnupg && \
mkdir -p /etc/apt/keyrings && \
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${ARG_NODE_MAJOR}.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \
apt-get update && apt-get install -y nodejs sudo && \
# System configuration and timezone setup
RUN ln -snf /usr/share/zoneinfo/$ARG_TZ /etc/localtime && \
echo $ARG_TZ > /etc/timezone
# Install system packages in a single RUN to reduce layers
# Split into logical groups for better readability
RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y \
ca-certificates \
fonts-liberation \
libappindicator3-1 \
libasound2 \
libatk-bridge2.0-0 \
libatk1.0-0 \
libc6 \
libcairo2 \
libcups2 \
libdbus-1-3 \
libexpat1 \
libfontconfig1 \
libgbm1 \
libgcc1 \
libglib2.0-0 \
libgtk-3-0 \
libnspr4 \
libnss3 \
libpango-1.0-0 \
libpangocairo-1.0-0 \
libstdc++6 \
libx11-6 \
libx11-xcb1 \
libxcb1 \
libxcomposite1 \
libxcursor1 \
libxdamage1 \
libxext6 \
libxfixes3 \
libxi6 \
libxrandr2 \
libxrender1 \
libxss1 \
libxtst6 \
lsb-release \
wget \
jq
# Development tools
build-essential \
git \
python3 \
# System utilities
ca-certificates \
curl \
gnupg2 \
procps \
sudo \
unzip \
wget \
nano \
jq && \
# Clean up apt cache to reduce image size
rm -rf /var/lib/apt/lists/*
RUN npm install -g yarn
# User setup and security configuration
# Create non-root user 'coder' with sudo privileges
RUN useradd -m -s /bin/bash -G sudo coder && \
echo "coder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/coder
# Configure shell environment
RUN echo "PS1='🐳 \[\033[1;36m\] \[\033[1;34m\]\W\[\033[0;35m\] \[\033[1;36m\]# \[\033[0m\]'" > /home/coder/.bashrc && \
chown coder:coder /home/coder/.bashrc && \
chown -R coder:coder /workspaces
# Run trivy to scan the system
RUN apt-get update && apt-get install -y trivy && \
trivy filesystem --exit-code 1 --no-progress / && \
apt-get remove -y trivy && \
rm -rf /var/lib/apt/lists/*
# Switch to non-root user
USER coder
# Configure bash environment
ENV BASH_ENV /home/coder/.bash_env
RUN touch "${BASH_ENV}" && \
echo '. "${BASH_ENV}"' >> ~/.bashrc
# Install Node.js using NVM
RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | PROFILE="${BASH_ENV}" bash && \
. $BASH_ENV && \
nvm install ${ARG_NODE_MAJOR} && \
nvm alias default ${ARG_NODE_MAJOR} && \
nvm use ${ARG_NODE_MAJOR} && \
npm i -g yarn patch-package
# Install Firebase CLI
RUN curl -sL firebase.tools | bash