Guillaume "B.B." Van Hemmen
109e09b941
This PR addresses the issue where `npx` and `node` were not available in the action pipelines. Additionally, it removes the reliance on `nvm` for installation. Instead, the latest available LTS version of Node.js is installed during the image build process, ensuring compatibility and seamless execution in the pipelines. This closes #2 Reviewed-on: #3 Co-authored-by: Guillaume "B.B." Van Hemmen <GuillaumeHemmen@noreply.git.van-hemmen.com> Co-committed-by: Guillaume "B.B." Van Hemmen <GuillaumeHemmen@noreply.git.van-hemmen.com>
77 lines
2.6 KiB
Docker
77 lines
2.6 KiB
Docker
FROM debian:12
|
|
|
|
# Metadata
|
|
LABEL maintainer="guillaume@van-hemmen.com"
|
|
|
|
# Build arguments
|
|
ARG ARG_TZ="Europe/Paris"
|
|
ARG ARG_NODE_MAJOR=22
|
|
ARG GITIGNORE_URL="https://www.toptal.com/developers/gitignore/api/linux,jetbrains+all,visualstudio,visualstudiocode"
|
|
|
|
# System configuration and timezone setup
|
|
RUN ln -snf /usr/share/zoneinfo/$ARG_TZ /etc/localtime && \
|
|
echo $ARG_TZ > /etc/timezone
|
|
|
|
# Install system packages in a single RUN to reduce layers
|
|
# Split into logical groups for better readability
|
|
RUN apt-get update && \
|
|
apt-get upgrade -y && \
|
|
apt-get install -y \
|
|
build-essential \
|
|
ca-certificates \
|
|
curl \
|
|
git \
|
|
gnupg2 \
|
|
jq \
|
|
nano \
|
|
procps \
|
|
python3 \
|
|
sudo \
|
|
unzip \
|
|
wget && \
|
|
# Clean up apt cache to reduce image size
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# -------------------------------------------------------------------
|
|
# Install Node.js from the official NodeSource repository (no NVM)
|
|
# -------------------------------------------------------------------
|
|
RUN curl -fsSL "https://deb.nodesource.com/setup_${ARG_NODE_MAJOR}.x" | bash - && \
|
|
apt-get update && apt-get install -y nodejs && \
|
|
# Clean up apt cache to reduce image size
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
|
|
# -------------------------------------------------------------------
|
|
# Global npm tools
|
|
# -------------------------------------------------------------------
|
|
RUN npm i -g yarn patch-package
|
|
|
|
# User setup and security configuration
|
|
# Create non-root user 'coder' with sudo privileges
|
|
RUN useradd -m -s /bin/bash -G sudo coder && \
|
|
echo "coder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/coder
|
|
|
|
# Configure shell environment and git global configuration
|
|
RUN echo "PS1='🐳 \[\033[1;36m\] \[\033[1;34m\]\W\[\033[0;35m\] \[\033[1;36m\]# \[\033[0m\]'" > /home/coder/.bashrc && \
|
|
mkdir -p /workspaces && \
|
|
chown coder:coder /home/coder/.bashrc && \
|
|
chown -R coder:coder /workspaces
|
|
|
|
# Run trivy to scan the system. Exit code is set to 0 as 1 would never allow to pass the scan due to debian known vulns
|
|
RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
|
|
&& trivy filesystem --exit-code 0 --no-progress / \
|
|
&& rm -rf /usr/local/bin/trivy
|
|
|
|
# Switch to non-root user
|
|
USER coder
|
|
|
|
# Set up global gitignore
|
|
RUN curl -sL ${GITIGNORE_URL} -o /home/coder/.gitignore && \
|
|
git config --global core.excludesfile /home/coder/.gitignore
|
|
|
|
# Install Firebase CLI
|
|
RUN curl -sL firebase.tools | bash
|
|
|
|
|
|
# optional: verify installation \
|
|
RUN echo "node version $(node --version) | npm version $(npm --version)"
|