Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: New Upgraded Dockerfiles #4271

Draft
wants to merge 9 commits into
base: next
Choose a base branch
from
Draft

Feat: New Upgraded Dockerfiles #4271

wants to merge 9 commits into from

Conversation

peaklabs-dev
Copy link
Member

@peaklabs-dev peaklabs-dev commented Nov 13, 2024
edited
Loading

Needs Attention

  • It is not complety working yet as I still get this error and I am unsure how to fix it:
coolify               | s6-applyuidgid: fatal: unable to set supplementary group list: Operation not permitted
coolify               | s6-rc: warning: unable to start service init-script: command exited 111
coolify               | /run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
coolify               | /run/s6/basedir/scripts/rc.init: fatal: stopping the container.
coolify               | [13-Nov-2024 16:42:34] NOTICE: Finishing ...
coolify               | [13-Nov-2024 16:42:34] NOTICE: exiting, bye-bye!

Note

These things from the example Dockerfile of Serversideup are Probably also needed

# We can pass USER_ID and GROUP_ID as build arguments
# to ensure the www-data user has the same UID and GID
# as the user running Docker.
ARG USER_ID
ARG GROUP_ID

# Switch to root so we can set the user ID and group ID
USER root

# Set the user ID and group ID for www-data
RUN docker-php-serversideup-set-id www-data $USER_ID:$GROUP_ID  && \
    docker-php-serversideup-set-file-permissions --owner $USER_ID:$GROUP_ID --service nginx

# Drop privileges back to www-data    
USER www-data

############################################
# CI image
############################################
FROM base AS ci

# Sometimes CI images need to run as root
# so we set the ROOT user and configure
# the PHP-FPM pool to run as www-data
USER root
RUN echo "user = www-data" >> /usr/local/etc/php-fpm.d/docker-php-serversideup-pool.conf && \
    echo "group = www-data" >> /usr/local/etc/php-fpm.d/docker-php-serversideup-pool.conf

Changes

  • feat: New production dockerfile.
  • feat: Config caching added to the dockerfile
  • feat: use alpine as it is much smaller
  • feat: only copy what is needed not the hole repo
  • chore: upgrade all dep

Security Fixes

  • The new docker image is much smaller and much more secure:

Old Image Vulnerabilities: Old image has 229 vulnerabilities and 669 packages
image

New image vulnerabilities: Only 6 vulnerabilities and only 466 packages

image

@peaklabs-dev peaklabs-dev added the 🏔️ Peaklabs A label for PRs from Peaklabs. label Nov 13, 2024
@peaklabs-dev peaklabs-dev removed the 🏔️ Peaklabs A label for PRs from Peaklabs. label Nov 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@peaklabs-dev