-
Notifications
You must be signed in to change notification settings - Fork 35
/
Copy pathDockerfile.reviewapp
133 lines (101 loc) · 3.98 KB
/
Dockerfile.reviewapp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
###########
# BUILDER #
###########
# Base builder so the ci build image hash is referenced once
FROM milmove/circleci-docker:milmove-app-3d9acdaa37c81a87b5fc1c6193a8e528dd56e4ed as builder
ENV CIRCLECI=docker
ENV REACT_APP_NODE_ENV=development
# hadolint ignore=DL3002
USER root
WORKDIR /build
COPY Makefile /build/
COPY scripts /build/scripts
FROM builder as server_deps
ENV GOPATH=/go
ENV PATH=/go/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin
RUN mkdir /go
## populate go module cache
COPY go.mod go.sum /build/
RUN go mod download
# Build the server first as that is needed for migrations
FROM server_deps as server_builder
# set args after module cache so mod cache isn't invalidated when
# changing branches
ARG GIT_BRANCH
ARG GIT_COMMIT
# copy everything else
COPY cmd /build/cmd
COPY swagger /build/swagger
COPY pkg /build/pkg
COPY public/static/react-file-viewer /public/static/react-file-viewer
# fake src dir to silence make
RUN mkdir /build/src
# fake the go-version via .tool-versions
RUN set -x \
&& touch .tool-versions \
&& make bin/rds-ca-2019-root.pem \
&& rm -f bin/milmove && make bin/milmove \
&& make bin/generate-test-data
# define migrations before client build since it doesn't need client
FROM alpine:3.20.3 as migrate
COPY --from=server_builder /build/bin/rds-ca-2019-root.pem /bin/rds-ca-2019-root.pem
COPY --from=server_builder /build/bin/milmove /bin/milmove
COPY --from=server_builder /build/bin/generate-test-data /bin/generate-test-data
COPY migrations/app/schema /migrate/schema
COPY migrations/app/secure /migrate/secure
COPY migrations/app/migrations_manifest.txt /migrate/migrations_manifest.txt
COPY config/tls/milmove-cert-bundle.p7b /config/tls/milmove-cert-bundle.p7b
COPY config/tls/dod-sw-ca-66.pem /config/tls/dod-sw-ca-75.pem
# While it's ok to have these certs copied locally, they should never be copied into Dockerfile.
COPY config/tls/devlocal-ca.key /config/tls/devlocal-ca.key
COPY config/tls/devlocal-ca.pem /config/tls/devlocal-ca.pem
# test data for generate-test-data
COPY pkg/testdatagen/testdata /pkg/testdatagen/testdata
# Install tools needed in container
# hadolint ignore=DL3018
RUN apk update && apk add ca-certificates --no-cache
WORKDIR /
USER nobody
# WARNING: devseed data is being deprecated on 11/08/2023. This function below will be deleted after this date.
ENTRYPOINT ["/bin/sh", "-c", \
"/bin/milmove migrate && /bin/generate-test-data --named-scenario='dev_seed' --db-env='development'" \
]
# build client after migrate since migrations don't need client
FROM builder as client_deps
# js dep needs
COPY .yarnrc \
config-overrides.js jsconfig.json package.json terser-rescript.js \
yarn.lock /build/
COPY .eslintignore .eslintrc.js .prettierignore .prettierrc \
/build/
COPY eslint-plugin-ato /build/eslint-plugin-ato
RUN set -x \
&& yarn
FROM client_deps as client_builder
# js build needs
# copy directories separately
COPY public /build/public
COPY src /build/src
RUN set -x \
&& ./scripts/copy-swagger-ui \
&& ./scripts/copy-react-file-viewer \
&& yarn build
#########
# FINAL #
#########
# hadolint ignore=DL3007
FROM gcr.io/distroless/base-debian11@sha256:ac69aa622ea5dcbca0803ca877d47d069f51bd4282d5c96977e0390d7d256455 as milmove
COPY --from=server_builder /build/bin/rds-ca-2019-root.pem /bin/rds-ca-2019-root.pem
COPY --from=server_builder /build/bin/milmove /bin/milmove
COPY --from=server_builder /build/swagger /swagger
# test data for testharness
COPY --from=server_builder /build/pkg/testdatagen/testdata /pkg/testdatagen/testdata
COPY --from=client_builder /build/build /build
COPY config/tls/milmove-cert-bundle.p7b /config/tls/milmove-cert-bundle.p7b
COPY config/tls/dod-sw-ca-66.pem /config/tls/dod-sw-ca-66.pem
# While it's ok to have these certs copied locally, they should never be copied into Dockerfile.
COPY config/tls/devlocal-ca.key /config/tls/devlocal-ca.key
COPY config/tls/devlocal-ca.pem /config/tls/devlocal-ca.pem
ENTRYPOINT ["/bin/milmove"]
CMD ["serve", "--logging-level=debug"]
EXPOSE 8080