From a3e8ae918b92f773990acdd77c1c440cc4f5eecb Mon Sep 17 00:00:00 2001 From: Julian Simioni Date: Sun, 11 Mar 2018 22:39:19 -0400 Subject: [PATCH] Rewrite Dockerfile There were a couple problems with the current dockerfile: * It set the userid of the processes running in the container to 9999, without creating a user with that ID. This leads to confusion and an annoying message when you run an interactive bash session (the shell PS1 would display something like `I have no name!@1438586f786e:~$` * It tried to run `chown` on _all_ code files after running NPM install. This takes a really long time * It did not copy `package.json` and run `npm install` before copying other files. This means even a one line code change causes the image rebuild process to re-run `npm install`, which takes 30 seconds or so Now the image creates and uses a pelias user, sets permissions correctly from the start to avoid `chown`, and only runs `npm install` when it absolutely has to. --- Dockerfile | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0f0eefe1..bd91cd16 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,7 @@ # base image FROM pelias/baseimage +RUN useradd -ms /bin/bash pelias +USER pelias # maintainer information LABEL maintainer="pelias.team@gmail.com" @@ -7,23 +9,17 @@ LABEL maintainer="pelias.team@gmail.com" EXPOSE 3100 # Where the app is built and run inside the docker fs -ENV WORK=/opt/pelias +ENV WORK=/home/pelias +WORKDIR ${WORK} -# Used indirectly for saving npm logs etc. -ENV HOME=/opt/pelias +# copy package.json first to prevent npm install being rerun when only code changes +COPY ./package.json ${WORK} +RUN npm install -WORKDIR ${WORK} COPY . ${WORK} -# Build and set permissions for arbitrary non-root user -RUN npm install && \ - npm test && \ - chmod -R a+rwX . - -# Don't run as root, because there's no reason to (https://docs.docker.com/engine/articles/dockerfile_best-practices/#user). -# This also reveals permission problems on local Docker. -RUN chown -R 9999:9999 ${WORK} -USER 9999 +# only allow containers to succeed if tests pass +RUN npm test # start service CMD [ "npm", "start" ]