From 91fabbe9c4c20fe5a1dc6ae8f86696bf761e7d06 Mon Sep 17 00:00:00 2001 From: Guiillaume Hemmen <guillaume@van-hemmen.com> Date: Wed, 25 Jun 2025 16:05:19 +0000 Subject: [PATCH] #0000 - Add cron scheduling and workflow dispatch, enhance Docker image configuration - Introduced a nightly cron schedule and manual dispatch for the workflow. - Improved Dockerfile for readability, added non-root user setup, and cleaned up apt cache. - Upgraded Node.js installation process and enhanced system package organization. --- .forgejo/workflows/docker-master.yaml | 3 + Dockerfile | 102 +++++++++++++++----------- 2 files changed, 61 insertions(+), 44 deletions(-) diff --git a/.forgejo/workflows/docker-master.yaml b/.forgejo/workflows/docker-master.yaml index c5baced..276d59f 100644 --- a/.forgejo/workflows/docker-master.yaml +++ b/.forgejo/workflows/docker-master.yaml @@ -2,6 +2,9 @@ on: push: branches: - 'master' + schedule: + - cron: '0 0 * * *' + workflow_dispatch: jobs: docker-master: runs-on: docker diff --git a/Dockerfile b/Dockerfile index d8e90e7..a1604a9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,55 +1,69 @@ FROM debian:12 +# Metadata LABEL maintainer="guillaume@van-hemmen.com" +# Build arguments ARG ARG_TZ="Europe/Paris" ARG ARG_NODE_MAJOR=22 -RUN ln -snf /usr/share/zoneinfo/$ARG_TZ /etc/localtime && echo $ARG_TZ > /etc/timezone && \ - apt-get update && apt-get install -y ca-certificates curl gnupg && \ - mkdir -p /etc/apt/keyrings && \ - curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ - echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${ARG_NODE_MAJOR}.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \ - apt-get update && apt-get install -y nodejs sudo && \ +# System configuration and timezone setup +RUN ln -snf /usr/share/zoneinfo/$ARG_TZ /etc/localtime && \ + echo $ARG_TZ > /etc/timezone + +# Install system packages in a single RUN to reduce layers +# Split into logical groups for better readability +RUN apt-get update && \ + apt-get upgrade -y && \ apt-get install -y \ - ca-certificates \ - fonts-liberation \ - libappindicator3-1 \ - libasound2 \ - libatk-bridge2.0-0 \ - libatk1.0-0 \ - libc6 \ - libcairo2 \ - libcups2 \ - libdbus-1-3 \ - libexpat1 \ - libfontconfig1 \ - libgbm1 \ - libgcc1 \ - libglib2.0-0 \ - libgtk-3-0 \ - libnspr4 \ - libnss3 \ - libpango-1.0-0 \ - libpangocairo-1.0-0 \ - libstdc++6 \ - libx11-6 \ - libx11-xcb1 \ - libxcb1 \ - libxcomposite1 \ - libxcursor1 \ - libxdamage1 \ - libxext6 \ - libxfixes3 \ - libxi6 \ - libxrandr2 \ - libxrender1 \ - libxss1 \ - libxtst6 \ - lsb-release \ - wget \ - jq + # Development tools + build-essential \ + git \ + python3 \ + # System utilities + ca-certificates \ + curl \ + gnupg2 \ + procps \ + sudo \ + unzip \ + wget \ + nano \ + jq && \ + # Clean up apt cache to reduce image size + rm -rf /var/lib/apt/lists/* -RUN npm install -g yarn +# User setup and security configuration +# Create non-root user 'coder' with sudo privileges +RUN useradd -m -s /bin/bash -G sudo coder && \ + echo "coder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/coder +# Configure shell environment +RUN echo "PS1='🐳 \[\033[1;36m\] \[\033[1;34m\]\W\[\033[0;35m\] \[\033[1;36m\]# \[\033[0m\]'" > /home/coder/.bashrc && \ + chown coder:coder /home/coder/.bashrc && \ + chown -R coder:coder /workspaces + +# Run trivy to scan the system +RUN apt-get update && apt-get install -y trivy && \ + trivy filesystem --exit-code 1 --no-progress / && \ + apt-get remove -y trivy && \ + rm -rf /var/lib/apt/lists/* + +# Switch to non-root user +USER coder + +# Configure bash environment +ENV BASH_ENV /home/coder/.bash_env +RUN touch "${BASH_ENV}" && \ + echo '. "${BASH_ENV}"' >> ~/.bashrc + +# Install Node.js using NVM +RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | PROFILE="${BASH_ENV}" bash && \ + . $BASH_ENV && \ + nvm install ${ARG_NODE_MAJOR} && \ + nvm alias default ${ARG_NODE_MAJOR} && \ + nvm use ${ARG_NODE_MAJOR} && \ + npm i -g yarn patch-package + +# Install Firebase CLI RUN curl -sL firebase.tools | bash