diff --git a/.npmignore b/.npmignore index 3e77095b0..4b1edeec4 100644 --- a/.npmignore +++ b/.npmignore @@ -2,6 +2,7 @@ .DS_Store /*.tgz /.bowerrc +/.dockerignore /.editorconfig /.env /.gitignore @@ -9,6 +10,8 @@ /.jscsrc /.npmignore /.npmrc +/.travis.yml +/docker /Dockerfile /bower.json /component.json diff --git a/Dockerfile b/Dockerfile index 224bf9a8e..97885cba0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,13 @@ FROM openstf/base:v1.0.1 -# Add a user for the app. +# Add a user for building and running the app. RUN useradd --system \ + --create-home \ + --shell /usr/sbin/nologin \ + stf-build && \ + useradd --system \ --no-create-home \ --shell /usr/sbin/nologin \ - --home-dir /app \ stf # Sneak the stf executable into $PATH. @@ -18,14 +21,29 @@ WORKDIR /app EXPOSE 3000 # Copy app source. -COPY . /app/ - -# Get the rest of the dependencies and build. -RUN export PATH=/app/node_modules/.bin:$PATH && \ - npm install && \ - bower install --allow-root && \ - gulp build && \ - npm prune --production +COPY . /tmp/build/ + +# Give permissions to our build user. +RUN mkdir -p /app && \ + chown -R stf-build:stf-build /tmp/build /app + +# Switch over to the build user. +USER stf-build + +# Run the build. +RUN set -x && \ + cd /tmp/build && \ + export PATH=$PWD/node_modules/.bin:$PATH && \ + npm install --loglevel http && \ + npm pack && \ + tar xzf stf-*.tgz --strip-components 1 -C /app && \ + bower cache clean && \ + npm prune --production && \ + mv node_modules /app && \ + npm cache clean && \ + rm -rf ~/.node-gyp && \ + cd /app && \ + rm -rf /tmp/* # Switch to weak user. USER stf