From ad3ba2f53c91679a8d62d63cab3bf5f71e43ee2e Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Mon, 20 Dec 2021 15:52:38 +0100 Subject: [PATCH 01/11] Flexible base image for PEP Proxy. docker build -t pep-proxy \ --build-arg BUILDER=registry.access.redhat.com/ubi8/nodejs-14 \ --build-arg DISTRO=registry.access.redhat.com/ubi8/nodejs-14-minimal \ --build-arg PACKAGE_MANAGER=yum \ --build-arg USER=1001 . --no-cache --- extras/docker/.hadolint.yaml | 4 ++++ extras/docker/Dockerfile | 43 ++++++++++++++++++++++++++++-------- 2 files changed, 38 insertions(+), 9 deletions(-) create mode 100644 extras/docker/.hadolint.yaml diff --git a/extras/docker/.hadolint.yaml b/extras/docker/.hadolint.yaml new file mode 100644 index 0000000..550b171 --- /dev/null +++ b/extras/docker/.hadolint.yaml @@ -0,0 +1,4 @@ +ignored: + - DL3006 + - DL3008 + - DL3033 diff --git a/extras/docker/Dockerfile b/extras/docker/Dockerfile index 0c7583c..22a1352 100644 --- a/extras/docker/Dockerfile +++ b/extras/docker/Dockerfile @@ -1,9 +1,16 @@ -ARG NODE_VERSION=10 +ARG NODE_VERSION=14 ARG GITHUB_ACCOUNT=ging ARG GITHUB_REPOSITORY=fiware-pep-proxy ARG DOWNLOAD=latest ARG SOURCE_BRANCH=master +# Default Builder, distro and distroless build version +ARG BUILDER=node:${NODE_VERSION} +ARG DISTRO=node:${NODE_VERSION}-slim +ARG DISTROLESS=gcr.io/distroless/nodejs:${NODE_VERSION} +ARG PACKAGE_MANAGER=apt +ARG user=node + ######################################################################################## # # This build stage retrieves the source code from GitHub. The default download is the @@ -21,12 +28,13 @@ ARG SOURCE_BRANCH=master # --target=builder # ######################################################################################## -FROM node:${NODE_VERSION} AS builder +FROM ${BUILDER} AS builder ARG TARGET ARG GITHUB_ACCOUNT ARG GITHUB_REPOSITORY ARG DOWNLOAD ARG SOURCE_BRANCH +ARG PACKAGE_MANAGER SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -38,9 +46,23 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] # # hadolint ignore=DL3008 +USER root +RUN \ + # Ensure that the chosen package manger is supported by this Dockerfile + # also ensure that unzip is installed prior to downloading sources + if [ "${PACKAGE_MANAGER}" = "apt" ]; then \ + echo -e "\033[0;34mINFO: Using default \"${PACKAGE_MANAGER}\".\033[0m"; \ + apt-get install -y --no-install-recommends unzip; \ + elif [ "${PACKAGE_MANAGER}" = "yum" ]; then \ + echo -e "\033[0;33mWARNING: Overriding default package manager. Using \"${PACKAGE_MANAGER}\" .\033[0m"; \ + yum install -y unzip; \ + yum clean all; \ + else \ + echo -e "\033[0;31mERROR: Package Manager \"${PACKAGE_MANAGER}\" not supported.\033[0m"; \ + exit 1; \ + fi + RUN \ - # Ensure that unzip is installed prior to downloading - apt-get install -y --no-install-recommends unzip && \ if [ "${DOWNLOAD}" = "latest" ] ; \ then \ RELEASE="${SOURCE_BRANCH}"; \ @@ -64,7 +86,7 @@ WORKDIR /opt/fiware-pep-proxy # hadolint ignore=DL3008 RUN \ echo "INFO: npm install --production..." && \ - npm install --only=prod --no-package-lock --no-optional + npm install --only=prod --no-package-lock --no-optional --unsafe-perm ######################################################################################## # @@ -72,7 +94,8 @@ RUN \ # as defined below. # ######################################################################################## -FROM node:${NODE_VERSION} AS anon-user +FROM ${BUILDER} AS anon-user +USER root RUN sed -i -r "/^(root|nobody)/!d" /etc/passwd /etc/shadow /etc/group \ && sed -i -r 's#^(.*):[^:]*$#\1:/sbin/nologin#' /etc/passwd @@ -90,7 +113,7 @@ RUN sed -i -r "/^(root|nobody)/!d" /etc/passwd /etc/shadow /etc/group \ # ######################################################################################## -FROM gcr.io/distroless/nodejs:${NODE_VERSION} AS distroless +FROM ${DISTROLESS} AS distroless ARG GITHUB_ACCOUNT ARG GITHUB_REPOSITORY ARG NODE_VERSION @@ -132,10 +155,12 @@ HEALTHCHECK --interval=30s --timeout=3s --start-period=60s \ # ######################################################################################## -FROM node:${NODE_VERSION}-slim AS slim +FROM ${DISTRO} AS slim ARG GITHUB_ACCOUNT ARG GITHUB_REPOSITORY ARG NODE_VERSION +ARG PACKAGE_MANAGER + LABEL "maintainer"="FIWARE Identity Manager Team. DIT-UPM" LABEL "org.opencontainers.image.authors"="" @@ -150,7 +175,7 @@ LABEL "org.nodejs.version"=${NODE_VERSION} COPY --from=builder /opt/fiware-pep-proxy /opt/fiware-pep-proxy WORKDIR /opt/fiware-pep-proxy -USER node +USER ${user} ENV NODE_ENV=production # Ports used by application EXPOSE ${PEP_PROXY_PORT:-1027} From 2c871cbea9debb62a0746a669514f105662febc7 Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Mon, 20 Dec 2021 16:23:13 +0100 Subject: [PATCH 02/11] Capitialization --- extras/docker/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/extras/docker/Dockerfile b/extras/docker/Dockerfile index 22a1352..753c5ea 100644 --- a/extras/docker/Dockerfile +++ b/extras/docker/Dockerfile @@ -9,7 +9,7 @@ ARG BUILDER=node:${NODE_VERSION} ARG DISTRO=node:${NODE_VERSION}-slim ARG DISTROLESS=gcr.io/distroless/nodejs:${NODE_VERSION} ARG PACKAGE_MANAGER=apt -ARG user=node +ARG USER=node ######################################################################################## # @@ -159,7 +159,7 @@ FROM ${DISTRO} AS slim ARG GITHUB_ACCOUNT ARG GITHUB_REPOSITORY ARG NODE_VERSION -ARG PACKAGE_MANAGER +ARG USER LABEL "maintainer"="FIWARE Identity Manager Team. DIT-UPM" @@ -175,7 +175,7 @@ LABEL "org.nodejs.version"=${NODE_VERSION} COPY --from=builder /opt/fiware-pep-proxy /opt/fiware-pep-proxy WORKDIR /opt/fiware-pep-proxy -USER ${user} +USER ${USER} ENV NODE_ENV=production # Ports used by application EXPOSE ${PEP_PROXY_PORT:-1027} From cf54ba0225e6a51c3acc349b79798d09e56d27e4 Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Tue, 21 Dec 2021 14:51:50 +0100 Subject: [PATCH 03/11] Update docker linting --- .github/workflows/ci.yml | 7 ++++--- extras/docker/Dockerfile | 3 ++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 31759da..0626bb0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,6 +6,7 @@ name: CI pull_request: branches: - master + workflow_dispatch: jobs: lint-dockerfile: name: Lint Dockerfile @@ -15,9 +16,9 @@ jobs: uses: actions/checkout@v2 - name: Run Hadolint Dockerfile Linter uses: burdzwastaken/hadolint-action@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - HADOLINT_ACTION_DOCKERFILE_FOLDER: extras/docker + with: + dockerfile: extras/docker + ignore: DL3006 DL3008 DL3033 lint-markdown: name: Lint Markdown diff --git a/extras/docker/Dockerfile b/extras/docker/Dockerfile index 753c5ea..103ff7e 100644 --- a/extras/docker/Dockerfile +++ b/extras/docker/Dockerfile @@ -45,7 +45,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] # COPY . ${TARGET}/ # -# hadolint ignore=DL3008 +# hadolint ignore=DL3002 USER root RUN \ # Ensure that the chosen package manger is supported by this Dockerfile @@ -95,6 +95,7 @@ RUN \ # ######################################################################################## FROM ${BUILDER} AS anon-user +# hadolint ignore=DL3002 USER root RUN sed -i -r "/^(root|nobody)/!d" /etc/passwd /etc/shadow /etc/group \ && sed -i -r 's#^(.*):[^:]*$#\1:/sbin/nologin#' /etc/passwd From b54a73c3481a576de0292162385ae29d1eef7c22 Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Wed, 22 Dec 2021 10:54:37 +0100 Subject: [PATCH 04/11] Update README --- extras/docker/README.md | 58 ++++++++++++++++++++++++++++++++++------- 1 file changed, 48 insertions(+), 10 deletions(-) diff --git a/extras/docker/README.md b/extras/docker/README.md index 25cb018..1080114 100644 --- a/extras/docker/README.md +++ b/extras/docker/README.md @@ -32,26 +32,30 @@ sudo docker images Now you can run a new container from the image you have just created with: ```console -sudo docker run -d --name pep-proxy-container -v [host_config_file]:/opt/fiware-pep-proxy/config.js -p [host_port]:[container_port] pep-proxy-image +sudo docker run -d --name pep-proxy-container \ + -v [host_config_file]:/opt/fiware-pep-proxy/config.js \ + -p [host_port]:[container_port] pep-proxy-image ``` Where the different params mean: -- -d indicates that the container runs as a daemon -- --name is the name of the new container (you can use the name you want) -- -v stablishes a relation between a local folder (in your host computer) and a container's folder. In this case it is - used to pass to the container the configuration file that PEP Proxy needs to work. `host_config_file` has to be the - location of a local file with that configuration following the +- `-d` indicates that the container runs as a daemon +- `--name` is the name of the new container (you can use the name you want) +- `-v` stablishes a relation between a local folder (in your host computer) and a container's folder. In this case it + is used to pass to the container the configuration file that PEP Proxy needs to work. `host_config_file` has to be + the location of a local file with that configuration following the [config template](https://github.com/ging/fiware-pep-proxy/blob/master/config.js.template). -- -p stablishes a relation between a local port and a container's port. You can use the port you want in `host_port` +- `-p` stablishes a relation between a local port and a container's port. You can use the port you want in `host_port` but `container_port` has to be the same that you have set in `config.app_port` in your config file. If you have set `config.https` to `true` you have to use here the HTTPS port. -- the last param is the name of the image +- the final param is the name of the image Here is an example of this command: ```console -sudo docker run -d --name pep-proxy -v /home/root/workspace/fiware-pep-proxy/config.js:/opt/fiware-pep-proxy/config.js -p 80:80 pep-proxy-image +sudo docker run -d --name pep-proxy \ + -v /home/root/workspace/fiware-pep-proxy/config.js:/opt/fiware-pep-proxy/config.js \ + -p 80:80 pep-proxy-image ``` Once the container is running you can view the console logs using: @@ -73,11 +77,45 @@ this case you have only to execute the run command. But now the image name is fi is the release you want to use: ```console -sudo docker run -d --name pep-proxy-container -v [host_config_file]:/opt/fiware-pep-proxy/config.js -p [host_port]:[container_port] fiware/pep-proxy +sudo docker run -d --name pep-proxy-container \ + -v [host_config_file]:/opt/fiware-pep-proxy/config.js \ + -p [host_port]:[container_port] fiware/pep-proxy ``` > **Note** If you do not specify a version you are pulling from `latest` by default. +## Building using an alternative sources and Linux Distros + +The `Dockerfile` is flexible enough to be able to use +[alternative base images](https://kuberty.io/blog/best-os-for-docker/) should you wish. The base image defaults to using +the `node:slim` distro, but other base images can be injected using `--build-arg` parameters on the commmand line. For +example, to create a container based on +[Red Hat UBI (Universal Base Image) 8](https://developers.redhat.com/articles/2021/11/08/optimize-nodejs-images-ubi-8-nodejs-minimal-image) +add `BUILDER`, `DISTRO`, `PACKAGE_MANAGER` and `USER` parameters as shown: + +```console +sudo docker build -t pep-proxy \ + --build-arg BUILDER=registry.access.redhat.com/ubi8/nodejs-14 \ + --build-arg DISTRO=registry.access.redhat.com/ubi8/nodejs-14-minimal \ + --build-arg PACKAGE_MANAGER=yum \ + --build-arg USER=1001 . --no-cache +``` + +Currently, the following `--build-arg` parameters are supported: + +| Parameter | Description | +| ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `BUILDER` | Preferred [linux distro](https://kuberty.io/blog/best-os-for-docker/) to use whilst building the image, defaults to `node:${NODE_VERSION}` | +| `DISTRO` | Preferred [linux distro](https://kuberty.io/blog/best-os-for-docker/) to use for the final container image, defaults to `node:${NODE_VERSION}-slim` | +| `DISTROLESS` | Preferred [Distroless Image](https://betterprogramming.pub/how-to-harden-your-containers-with-distroless-docker-images-c2abd7c71fdb) to use for the final container. Distroless images can be built using `-target=distroless` , defaults to `gcr.io/distroless/nodejs:${NODE_VERSION}` | +| `DOWNLOAD` | The GitHub SHA or tag to download - defaults to `latest` | +| `GITHUB_ACCOUNT` | The GitHub Action to download the source files from, defaults to `ging` | +| `GITHUB_REPOSITORY` | The name of the GitHub repository to download the source files from, defaults to `fiware-pep-proxy` | +| `NODE_VERSION` | the version of Node.js to use | +| `PACKAGE_MANAGER` | Package manager to use whilst creating the build, defaults to `apt` | +| `SOURCE_BRANCH` | The GitHub repository branch to download the source files from, defaults to `master` | +| `USER` | User in the final container image, defaults to `node` | + ### Docker Environment Variables - `PEP_PROXY_PORT` - default value is `80` From f8c2d40826c74b1d0386210d6dc085700c5545e7 Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Wed, 22 Dec 2021 15:17:21 +0100 Subject: [PATCH 05/11] Use official hadolint action --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0626bb0..9473615 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,9 +15,9 @@ jobs: - name: Git checkout uses: actions/checkout@v2 - name: Run Hadolint Dockerfile Linter - uses: burdzwastaken/hadolint-action@master + uses: hadolint/hadolint-action@master with: - dockerfile: extras/docker + dockerfile: extras/docker/Dockerfile ignore: DL3006 DL3008 DL3033 lint-markdown: From 385fc525834398cb58fc4aad232849f3106555cf Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Wed, 22 Dec 2021 15:22:47 +0100 Subject: [PATCH 06/11] Move comment --- extras/docker/Dockerfile | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/extras/docker/Dockerfile b/extras/docker/Dockerfile index 103ff7e..e2ebed4 100644 --- a/extras/docker/Dockerfile +++ b/extras/docker/Dockerfile @@ -38,18 +38,12 @@ ARG PACKAGE_MANAGER SHELL ["/bin/bash", "-o", "pipefail", "-c"] -# As an Alternative for local development, just copy this Dockerfile into file the root of -# the repository and replace the whole RUN statement below by the following COPY statement -# in your local source using : -# -# COPY . ${TARGET}/ -# # hadolint ignore=DL3002 USER root +# Ensure that the chosen package manger is supported by this Dockerfile +# also ensure that unzip is installed prior to downloading sources RUN \ - # Ensure that the chosen package manger is supported by this Dockerfile - # also ensure that unzip is installed prior to downloading sources if [ "${PACKAGE_MANAGER}" = "apt" ]; then \ echo -e "\033[0;34mINFO: Using default \"${PACKAGE_MANAGER}\".\033[0m"; \ apt-get install -y --no-install-recommends unzip; \ @@ -62,6 +56,13 @@ RUN \ exit 1; \ fi +# As an Alternative for local development, just copy this Dockerfile into file the root of +# the repository and replace the whole RUN statement below by the following COPY statement +# in your local source using : +# +# COPY . ${TARGET}/ +# +# hadolint ignore=DL3059 RUN \ if [ "${DOWNLOAD}" = "latest" ] ; \ then \ From fd195cd9bb9d138364d0481d7dcd97fc22f85788 Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Wed, 22 Dec 2021 15:26:55 +0100 Subject: [PATCH 07/11] Move ignore --- extras/docker/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/extras/docker/Dockerfile b/extras/docker/Dockerfile index e2ebed4..4a3f7dd 100644 --- a/extras/docker/Dockerfile +++ b/extras/docker/Dockerfile @@ -43,6 +43,8 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] USER root # Ensure that the chosen package manger is supported by this Dockerfile # also ensure that unzip is installed prior to downloading sources + +# hadolint ignore=DL3059 RUN \ if [ "${PACKAGE_MANAGER}" = "apt" ]; then \ echo -e "\033[0;34mINFO: Using default \"${PACKAGE_MANAGER}\".\033[0m"; \ @@ -62,7 +64,6 @@ RUN \ # # COPY . ${TARGET}/ # -# hadolint ignore=DL3059 RUN \ if [ "${DOWNLOAD}" = "latest" ] ; \ then \ From 571c4cfd667af0d9b275bb7b6019357442f1625a Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Thu, 6 Jan 2022 11:22:12 +0100 Subject: [PATCH 08/11] Add alpine/apk option --- extras/docker/Dockerfile | 7 ++++--- extras/docker/README.md | 11 +++++++++++ 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/extras/docker/Dockerfile b/extras/docker/Dockerfile index 4a3f7dd..55b3b80 100644 --- a/extras/docker/Dockerfile +++ b/extras/docker/Dockerfile @@ -36,9 +36,6 @@ ARG DOWNLOAD ARG SOURCE_BRANCH ARG PACKAGE_MANAGER -SHELL ["/bin/bash", "-o", "pipefail", "-c"] - - # hadolint ignore=DL3002 USER root # Ensure that the chosen package manger is supported by this Dockerfile @@ -53,6 +50,9 @@ RUN \ echo -e "\033[0;33mWARNING: Overriding default package manager. Using \"${PACKAGE_MANAGER}\" .\033[0m"; \ yum install -y unzip; \ yum clean all; \ + elif [ "${PACKAGE_MANAGER}" = "apk" ]; then \ + echo -e "\033[0;33mWARNING: Overriding default package manager. Using \"${PACKAGE_MANAGER}\" .\033[0m"; \ + apk --no-cache --update-cache add gcc python3 python3-dev py-pip build-base wget curl; \ else \ echo -e "\033[0;31mERROR: Package Manager \"${PACKAGE_MANAGER}\" not supported.\033[0m"; \ exit 1; \ @@ -178,6 +178,7 @@ LABEL "org.nodejs.version"=${NODE_VERSION} COPY --from=builder /opt/fiware-pep-proxy /opt/fiware-pep-proxy WORKDIR /opt/fiware-pep-proxy +# Node by default, use 406 for Alpine, 1001 for UBI, USER ${USER} ENV NODE_ENV=production # Ports used by application diff --git a/extras/docker/README.md b/extras/docker/README.md index 1080114..d1e9eb1 100644 --- a/extras/docker/README.md +++ b/extras/docker/README.md @@ -101,6 +101,17 @@ sudo docker build -t pep-proxy \ --build-arg USER=1001 . --no-cache ``` +To create a container based on [Alpine Linux](https://alpinelinux.org/about/) add `BUILDER`, `DISTRO`, `PACKAGE_MANAGER` +and `USER` parameters as shown: + +```console +docker build -t pep-proxy \ + --build-arg BUILDER=node:16-alpine \ + --build-arg DISTRO=node:16-alpine \ + --build-arg PACKAGE_MANAGER=apk . \ + --build-arg USER=406 . --no-cache +``` + Currently, the following `--build-arg` parameters are supported: | Parameter | Description | From a46b7df39f08e0257ce6d65a489fcc5d5c01f9f3 Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Thu, 6 Jan 2022 11:32:20 +0100 Subject: [PATCH 09/11] Ignore Hadolint false positives. --- .github/workflows/ci.yml | 2 +- extras/docker/.hadolint.yaml | 2 ++ extras/docker/Dockerfile | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9473615..6a55920 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,7 +18,7 @@ jobs: uses: hadolint/hadolint-action@master with: dockerfile: extras/docker/Dockerfile - ignore: DL3006 DL3008 DL3033 + ignore: DL3006 DL3008 DL3018 DL3033 DL4006 lint-markdown: name: Lint Markdown diff --git a/extras/docker/.hadolint.yaml b/extras/docker/.hadolint.yaml index 550b171..e216373 100644 --- a/extras/docker/.hadolint.yaml +++ b/extras/docker/.hadolint.yaml @@ -1,4 +1,6 @@ ignored: - DL3006 - DL3008 + - DL3018 - DL3033 + - DL4006 diff --git a/extras/docker/Dockerfile b/extras/docker/Dockerfile index 55b3b80..8fc0562 100644 --- a/extras/docker/Dockerfile +++ b/extras/docker/Dockerfile @@ -41,7 +41,7 @@ USER root # Ensure that the chosen package manger is supported by this Dockerfile # also ensure that unzip is installed prior to downloading sources -# hadolint ignore=DL3059 +# hadolint ignore=SC2039 RUN \ if [ "${PACKAGE_MANAGER}" = "apt" ]; then \ echo -e "\033[0;34mINFO: Using default \"${PACKAGE_MANAGER}\".\033[0m"; \ From 1d23c89e8baa656736d3cf6c1adb63b35a4dd78a Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Thu, 6 Jan 2022 17:11:05 +0100 Subject: [PATCH 10/11] Copy license --- extras/docker/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/extras/docker/Dockerfile b/extras/docker/Dockerfile index 8fc0562..22ad6f5 100644 --- a/extras/docker/Dockerfile +++ b/extras/docker/Dockerfile @@ -79,7 +79,7 @@ RUN \ fi && \ RELEASE_CONCAT=$(echo "${RELEASE}" | tr / -); \ curl -s -L https://github.com/"${GITHUB_ACCOUNT}"/"${GITHUB_REPOSITORY}"/archive/"${RELEASE}".zip > source.zip && \ - unzip source.zip -x "*/test/**" "*/sanity/**" "*/extras/**" "*/doc/**" "*/.*" && \ + unzip source.zip -x "*/.github/**" "*/test/**" "*/sanity/**" "*/extras/**" "*/signatures/**" "*/doc/**" "*/.*" && \ rm source.zip && \ mv "${GITHUB_REPOSITORY}-${RELEASE_CONCAT}" /opt/fiware-pep-proxy @@ -176,6 +176,7 @@ LABEL "org.opencontainers.image.source"=https://github.com/${GITHUB_ACCOUNT}/${G LABEL "org.nodejs.version"=${NODE_VERSION} COPY --from=builder /opt/fiware-pep-proxy /opt/fiware-pep-proxy +COPY --from=builder /opt/fiware-pep-proxy/LICENSE /licenses/LICENSE WORKDIR /opt/fiware-pep-proxy # Node by default, use 406 for Alpine, 1001 for UBI, From 48ba5946639f355264636e9aaaeb67e03ca10658 Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Wed, 19 Jan 2022 14:30:22 +0100 Subject: [PATCH 11/11] Additional standard LABELS `description`,`name` and `summary` are standard UBI `LABELS`. These need to be present in the Dockerfile for the underlining `LABELS` from the base image are to be overwritten with meaningful descriptions. --- extras/docker/Dockerfile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/extras/docker/Dockerfile b/extras/docker/Dockerfile index 22ad6f5..7e7b10a 100644 --- a/extras/docker/Dockerfile +++ b/extras/docker/Dockerfile @@ -122,6 +122,10 @@ ARG GITHUB_REPOSITORY ARG NODE_VERSION LABEL "maintainer"="FIWARE Identity Manager Team. DIT-UPM" +LABEL "description"="Support for proxy functions within OAuth2-based authentication schemas. Also implements PEP functions within an XACML-based access control schema." +LABEL "name"="pep-proxy" +LABEL "summary"="PEP Proxy - Wilma (Distroless)" + LABEL "org.opencontainers.image.authors"="" LABEL "org.opencontainers.image.documentation"="https://fiware-idm.readthedocs.io/" LABEL "org.opencontainers.image.vendor"="Universidad Politécnica de Madrid." @@ -166,6 +170,10 @@ ARG USER LABEL "maintainer"="FIWARE Identity Manager Team. DIT-UPM" +LABEL "description"="Support for proxy functions within OAuth2-based authentication schemas. Also implements PEP functions within an XACML-based access control schema." +LABEL "name"="pep-proxy" +LABEL "summary"="PEP Proxy - Wilma" + LABEL "org.opencontainers.image.authors"="" LABEL "org.opencontainers.image.documentation"="https://fiware-idm.readthedocs.io/" LABEL "org.opencontainers.image.vendor"="Universidad Politécnica de Madrid."