|
|
|
@ -1,5 +1,7 @@ |
|
|
|
# base image |
|
|
|
# base image |
|
|
|
FROM pelias/baseimage |
|
|
|
FROM pelias/baseimage |
|
|
|
|
|
|
|
RUN useradd -ms /bin/bash pelias |
|
|
|
|
|
|
|
USER pelias |
|
|
|
|
|
|
|
|
|
|
|
# maintainer information |
|
|
|
# maintainer information |
|
|
|
LABEL maintainer="pelias.team@gmail.com" |
|
|
|
LABEL maintainer="pelias.team@gmail.com" |
|
|
|
@ -7,23 +9,17 @@ LABEL maintainer="pelias.team@gmail.com" |
|
|
|
EXPOSE 3100 |
|
|
|
EXPOSE 3100 |
|
|
|
|
|
|
|
|
|
|
|
# Where the app is built and run inside the docker fs |
|
|
|
# Where the app is built and run inside the docker fs |
|
|
|
ENV WORK=/opt/pelias |
|
|
|
ENV WORK=/home/pelias |
|
|
|
|
|
|
|
WORKDIR ${WORK} |
|
|
|
|
|
|
|
|
|
|
|
# Used indirectly for saving npm logs etc. |
|
|
|
# copy package.json first to prevent npm install being rerun when only code changes |
|
|
|
ENV HOME=/opt/pelias |
|
|
|
COPY ./package.json ${WORK} |
|
|
|
|
|
|
|
RUN npm install |
|
|
|
|
|
|
|
|
|
|
|
WORKDIR ${WORK} |
|
|
|
|
|
|
|
COPY . ${WORK} |
|
|
|
COPY . ${WORK} |
|
|
|
|
|
|
|
|
|
|
|
# Build and set permissions for arbitrary non-root user |
|
|
|
# only allow containers to succeed if tests pass |
|
|
|
RUN npm install && \ |
|
|
|
RUN npm test |
|
|
|
npm test && \ |
|
|
|
|
|
|
|
chmod -R a+rwX . |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Don't run as root, because there's no reason to (https://docs.docker.com/engine/articles/dockerfile_best-practices/#user). |
|
|
|
|
|
|
|
# This also reveals permission problems on local Docker. |
|
|
|
|
|
|
|
RUN chown -R 9999:9999 ${WORK} |
|
|
|
|
|
|
|
USER 9999 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# start service |
|
|
|
# start service |
|
|
|
CMD [ "npm", "start" ] |
|
|
|
CMD [ "npm", "start" ] |
|
|
|
|
Julian Simioni
7 years ago
committed by
GitHub