From 58a57417541d32c10d71e6d9a3b5ec54dcf8976e Mon Sep 17 00:00:00 2001 From: Leonard Jonathan Oh Date: Tue, 31 Oct 2023 19:18:50 +0000 Subject: [PATCH] Enhancement (ci): Refactor Dockerfiles to reduce image size --- Dockerfile.daemon | 58 ++++++++++++++++++++++------------------------- Dockerfile.web | 39 +++++++++++++++---------------- 2 files changed, 47 insertions(+), 50 deletions(-) diff --git a/Dockerfile.daemon b/Dockerfile.daemon index e4725d17..ed7e16e1 100644 --- a/Dockerfile.daemon +++ b/Dockerfile.daemon @@ -1,4 +1,27 @@ -FROM perl:5.38.0-slim-buster AS base +FROM alpine:latest AS build + +RUN set -eux; \ + # Download the GeoIP binary. Maxmind discontinued distributing the GeoLite Legacy databases. See: https://support.maxmind.com/geolite-legacy-discontinuation-notice/ + # So let's download it from our fork of GeoLiteCity.dat + wget -qO- https://github.com/startersclan/GeoLiteCity-data/raw/c14d99c42446f586e3ca9c89fe13714474921d65/GeoLiteCity.dat > /GeoLiteCity.dat; \ + # Download the GeoIP2 binary. Maxmind discontinued distributing the GeoLite2 databases publicly, so a license key is needed. See: https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/ + # In order to obtain the secret MAXMIND_LICENSE_KEY, we assume we have a sidecar secrets-server which will serve the secret MAXMIND_LICENSE_KEY at: http://localhost:8000/MAXMIND_LICENSE_KEY + wget -qO- https://cdn.jsdelivr.net/npm/geolite2-city@1.0.0/GeoLite2-City.mmdb.gz > /GeoLite2-City.mmdb.gz; \ + gzip -d /GeoLite2-City.mmdb.gz; + +# Copy scripts and set permissions +COPY scripts /scripts +RUN set -eux; \ + mv -v /GeoLiteCity.dat /scripts/GeoLiteCity/GeoLiteCity.dat; \ + mv -v /GeoLite2-City.mmdb /scripts/GeoLiteCity/GeoLite2-City.mmdb; \ + find /scripts -type d -exec chmod 750 {} \;; \ + find /scripts -type f -exec chmod 640 {} \;; \ + find /scripts -type f -name '*.sh' -exec chmod 750 {} \;; \ + find /scripts -type f -name '*.pl' -exec chmod 750 {} \;; \ + find /scripts -type f -name 'run_*' -exec chmod 750 {} \;; \ + ls -al /scripts/* + +FROM perl:5.38.0-slim-buster AS dev # Install modules RUN set -eux; \ @@ -45,41 +68,14 @@ RUN set -eux; \ openssl \ && rm -rf /var/lib/apt/lists/* -RUN set -eux; \ - mkdir -p /scripts /scripts/GeoLiteCity; \ - cd /scripts/GeoLiteCity; \ - # Download the GeoIP binary. Maxmind discontinued distributing the GeoLite Legacy databases. See: https://support.maxmind.com/geolite-legacy-discontinuation-notice/ - # So let's download it from our fork of GeoLiteCity.dat - wget -qO- https://github.com/startersclan/GeoLiteCity-data/raw/c14d99c42446f586e3ca9c89fe13714474921d65/GeoLiteCity.dat > GeoLiteCity.dat; \ - chmod 666 GeoLiteCity.dat; \ - # Download the GeoIP2 binary. Maxmind discontinued distributing the GeoLite2 databases publicly, so a license key is needed. See: https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/ - # In order to obtain the secret MAXMIND_LICENSE_KEY, we assume we have a sidecar secrets-server which will serve the secret MAXMIND_LICENSE_KEY at: http://localhost:8000/MAXMIND_LICENSE_KEY - wget -qO- https://cdn.jsdelivr.net/npm/geolite2-city@1.0.0/GeoLite2-City.mmdb.gz > GeoLite2-City.mmdb.gz; \ - gzip -d GeoLite2-City.mmdb.gz; \ - chmod 666 GeoLite2-City.mmdb; \ - ls -al +COPY --from=build /scripts /scripts -# Copy scripts and set permissions -COPY scripts /scripts2 -RUN set -eux; \ - ls /scripts2 | grep -v GeoLiteCity | while read -r i; do mv -v "/scripts2/$i" /scripts; done; \ - mv -v /scripts2/GeoLiteCity/* /scripts/GeoLiteCity/; \ - rm -rf /scripts2; \ - find /scripts; \ - find /scripts -type d -exec chmod 750 {} \;; \ - find /scripts -type f -exec chmod 640 {} \;; \ - find /scripts -type f -name '*.sh' -exec chmod 750 {} \;; \ - find /scripts -type f -name '*.pl' -exec chmod 750 {} \;; \ - find /scripts -type f -name 'run_*' -exec chmod 750 {} \;; +WORKDIR /scripts EXPOSE 27500/udp STOPSIGNAL SIGINT -WORKDIR /scripts - ENTRYPOINT ["perl", "./hlstats.pl"] -FROM base AS dev - -FROM base AS prod +FROM dev AS prod diff --git a/Dockerfile.web b/Dockerfile.web index 97956c21..78b611dc 100644 --- a/Dockerfile.web +++ b/Dockerfile.web @@ -1,7 +1,21 @@ -FROM php:8.1-fpm-alpine AS base -ARG TARGETPLATFORM -ARG BUILDPLATFORM -RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" +ARG IMAGE=php:8.1-fpm-alpine +FROM $IMAGE AS build + +# Set permissions for 'www-data' user +# COPY --chown=www-data:www-data --chmod=640 /web /web +COPY ./web /web +RUN set -eux; \ + chown -R www-data:www-data /web; \ + find /web -type d -exec chmod 750 {} \; ; \ + find /web -type f -exec chmod 640 {} \; ; + +COPY ./heatmaps /heatmaps +RUN set -eux; \ + chown -R www-data:www-data /heatmaps; \ + find /heatmaps -type d -exec chmod 750 {} \; ; \ + find /heatmaps -type f -exec chmod 640 {} \; ; + +FROM $IMAGE AS dev # Install nginx and supervisor for multi-process container RUN apk add --no-cache ca-certificates nginx supervisor @@ -67,8 +81,6 @@ WORKDIR /web CMD ["/usr/bin/supervisord", "-c", "/supervisor.conf", "--pidfile", "/run/supervisord.pid"] -FROM base AS dev - FROM dev AS prod # Disable xdebug @@ -76,16 +88,5 @@ RUN set -eux; \ rm /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini; \ php -m; -# Set permissions for 'www-data' user -# COPY --chown=www-data:www-data --chmod=640 /web /web -COPY ./web /web -RUN set -eux; \ - chown -R www-data:www-data /web; \ - find /web -type d -exec chmod 750 {} \; ; \ - find /web -type f -exec chmod 640 {} \; ; - -COPY ./heatmaps /heatmaps -RUN set -eux; \ - chown -R www-data:www-data /heatmaps; \ - find /heatmaps -type d -exec chmod 750 {} \; ; \ - find /heatmaps -type f -exec chmod 640 {} \; ; +COPY --from=build /web /web +COPY --from=build /heatmaps /heatmaps