diff --git a/.github/workflows/_docker-build-deploy.yml b/.github/workflows/_docker-build-deploy.yml index 58e1af9..78533ab 100644 --- a/.github/workflows/_docker-build-deploy.yml +++ b/.github/workflows/_docker-build-deploy.yml @@ -12,6 +12,10 @@ on: dockerfile: required: true type: string + user-image: + required: false + type: string + default: appuser publish: required: true type: boolean @@ -68,6 +72,7 @@ jobs: BASE_IMAGE_TAG=${{ env.TAG }} TNA_DOCKER_IMAGE_VERSION=${{ env.TAG }} TNA_DOCKER_IMAGE_SOURCE=${{ github.server_url }}/${{ github.repository }}/blob/main/${{ inputs.docker-context }}/${{ inputs.dockerfile }} + USER_IMAGE=${{ inputs.user_image }} push: ${{ inputs.publish }} tags: ${{ env.IMAGE_ID }}:${{ env.TAG }} provenance: false @@ -86,6 +91,7 @@ jobs: BASE_IMAGE_TAG=latest TNA_DOCKER_IMAGE_VERSION=${{ env.TAG }} TNA_DOCKER_IMAGE_SOURCE=${{ github.server_url }}/${{ github.repository }}/blob/main/${{ inputs.docker-context }}/${{ inputs.dockerfile }} + USER_IMAGE=${{ inputs.user_image }} push: true tags: ${{ env.IMAGE_ID }}:latest provenance: false diff --git a/.github/workflows/branch-cleanup.yml b/.github/workflows/branch-cleanup.yml index 233f244..331910f 100644 --- a/.github/workflows/branch-cleanup.yml +++ b/.github/workflows/branch-cleanup.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - image-name: [tna-python, tna-python-django] + image-name: [tna-python, tna-python-root, tna-python-django, tna-python-django-root] steps: - name: Prepare image tag run: | diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 64ab6c3..5fb70b4 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -29,7 +29,8 @@ jobs: uses: ./.github/workflows/_docker-build-deploy.yml with: image-name: tna-python-root - docker-context: docker/tna-python-root + docker-context: docker/tna-python + user-image: root dockerfile: Dockerfile publish: true ignore-linting-rules: DL3002 @@ -50,7 +51,8 @@ jobs: uses: ./.github/workflows/_docker-build-deploy.yml with: image-name: tna-python-django-root - docker-context: docker/tna-python-django-root + docker-context: docker/tna-python-django + user-image: root dockerfile: Dockerfile publish: true ignore-linting-rules: DL3002 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b875a42..e23d65e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -26,12 +26,13 @@ jobs: uses: ./.github/workflows/_docker-build-deploy.yml with: image-name: tna-python-root - docker-context: docker/tna-python-root + docker-context: docker/tna-python + user-image: root dockerfile: Dockerfile publish: false ignore-linting-rules: DL3002 - python-django: + python-django: name: Python Django needs: python uses: ./.github/workflows/_docker-build-deploy.yml @@ -47,7 +48,8 @@ jobs: uses: ./.github/workflows/_docker-build-deploy.yml with: image-name: tna-python-django-root - docker-context: docker/tna-python-django-root + docker-context: docker/tna-python-django + user-image: root dockerfile: Dockerfile publish: false ignore-linting-rules: DL3002 diff --git a/docker/tna-python-django-root/Dockerfile b/docker/tna-python-django-root/Dockerfile deleted file mode 100644 index 2317bdc..0000000 --- a/docker/tna-python-django-root/Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -ARG BASE_IMAGE_TAG=latest -FROM ghcr.io/nationalarchives/tna-python-django:"$BASE_IMAGE_TAG" - -# ========================================== -# Switch to the root user which allows us to -# have full access to the file system -# ========================================== -USER root diff --git a/docker/tna-python-django/Dockerfile b/docker/tna-python-django/Dockerfile index ec06a35..82fd1a6 100644 --- a/docker/tna-python-django/Dockerfile +++ b/docker/tna-python-django/Dockerfile @@ -1,4 +1,5 @@ ARG BASE_IMAGE_TAG=latest + FROM ghcr.io/nationalarchives/tna-python:"$BASE_IMAGE_TAG" # ========================================== diff --git a/docker/tna-python-root/Dockerfile b/docker/tna-python-root/Dockerfile deleted file mode 100644 index 9d5fe1b..0000000 --- a/docker/tna-python-root/Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -ARG BASE_IMAGE_TAG=latest -FROM ghcr.io/nationalarchives/tna-python:"$BASE_IMAGE_TAG" - -# ========================================== -# Switch to the root user which allows us to -# have full access to the file system -# ========================================== -USER root diff --git a/docker/tna-python/Dockerfile b/docker/tna-python/Dockerfile index 86e9494..6cdbe6c 100644 --- a/docker/tna-python/Dockerfile +++ b/docker/tna-python/Dockerfile @@ -1,4 +1,6 @@ -FROM python:3.12-slim-bookworm +ARG USER_IMAGE=appuser + +FROM python:3.12-slim-bookworm AS root # ========================================== # Label this container image with a semantic @@ -160,6 +162,9 @@ ENV PATH="$POETRY_HOME/bin:$PATH" # ========================================== RUN rm -fR "$POETRY_HOME/venv/lib/python3.11/site-packages/setuptools-65.5.0.dist-info" + + +FROM root AS appuser # ========================================== # Now we have finished installing everything # at a system level, change the current user @@ -169,6 +174,10 @@ RUN rm -fR "$POETRY_HOME/venv/lib/python3.11/site-packages/setuptools-65.5.0.dis # ========================================== USER app + + +FROM "$USER_IMAGE" + # ========================================== # Install the latest LTS version of Node.js, # but keeping within the releases code-named @@ -192,4 +201,4 @@ RUN chmod +x /home/app/.local/bin/tna-build /home/app/.local/bin/tna-node /home/ # run, inspect and debug the container, even # though we have no application running # ========================================== -CMD ["tail", "-f", "/dev/null"] +CMD ["tail", "-f", "/dev/null"] \ No newline at end of file