local builds & secrets

docker/Dockerfile

@@ -43,6 +43,6 @@ RUN yarn install
 RUN rm -rf /etc/services.d/frontend RUN rm -f /etc/nginx/conf.d/dev.conf
 
 VOLUME [ "/data", "/etc/letsencrypt" ]
-CMD [ "/init" ]
+ENTRYPOINT [ "/init" ]
 
 HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health

docker/dev/Dockerfile

@@ -1,9 +1,9 @@
 FROM jc21/alpine-nginx-full:node
 LABEL maintainer="Jamie Curnow <jc@jc21.com>"
 
-ENV S6_LOGGING=0
 ENV SUPPRESS_NO_CONFIG_WARNING=1
 ENV S6_FIX_ATTRS_HIDDEN=1
+ENV NODE_ENV=production
 
 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& apk update \
@@ -11,22 +11,24 @@ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& python3 -m ensurepip \
 	&& rm -rf /var/cache/apk/*
 
-# Task
-RUN cd /usr \
-	&& curl -sL https://taskfile.dev/install.sh | sh \
-	&& cd /root
-
-COPY rootfs /
-RUN rm -f /etc/nginx/conf.d/production.conf
-
 # s6 overlay
-RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \
-	&& tar -xzf /tmp/s6-overlay-amd64.tar.gz -C /
+COPY scripts/install-s6 /tmp/install-s6
+RUN /tmp/install-s6 "${TARGETPLATFORM}" && rm -f /tmp/install-s6
 
 EXPOSE 80
 EXPOSE 81
 EXPOSE 443
 
-ENTRYPOINT [ "/init" ]
+COPY docker/rootfs      /
+ADD backend             /app
+ADD frontend/dist       /app/frontend
+COPY global             /app/global
 
-HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health
+WORKDIR /app
+RUN yarn install
+
+# Remove frontend service not required for prod, dev nginx config as well
+RUN rm -rf /etc/services.d/frontend RUN rm -f /etc/nginx/conf.d/dev.conf
+
+VOLUME [ "/data", "/etc/letsencrypt" ]
+ENTRYPOINT [ "/init" ]

docker/dev/docker-compose.yaml

@@ -28,8 +28,8 @@ services:
 
   npm:
     build:   
-      context: ../
-      dockerfile: ./dev/Dockerfile
+      context: ../../
+      dockerfile: ./docker/dev/Dockerfile
       # args:
       #   TARGETPLATFORM: arm64v8
     image: npm:test              # provide a name and tag for the image

docker/rootfs/etc/cont-init.d/01_envfile.sh

@@ -2,10 +2,11 @@
 # ref: https://github.com/linuxserver/docker-baseimage-alpine/blob/master/root/etc/cont-init.d/01-envfile
 
 # in s6, environmental variables are written as text files for s6 to monitor
-for FILENAME in $(find /var/run/s6/container_environment/ | grep "^.*__FILE"); do
-    echo "[secret-init] Evaluating ${FILENAME}"
+# seach through full-path filenames for files ending in "__FILE"
+for FILENAME in $(find /var/run/s6/container_environment/ | grep "__FILE$"); do
+    echo "[secret-init] Evaluating ${FILENAME##*/}"
 
-    # set SECRETFILE to the contents of the variable
+    # set SECRETFILE to the contents of the full-path textfile
     SECRETFILE=$(cat ${FILENAME})
     # SECRETFILE=${FILENAME}
     echo "[secret-init] Setting SECRETFILE to ${SECRETFILE}..."  # DEBUG - rm for prod!
@@ -13,16 +14,16 @@ for FILENAME in $(find /var/run/s6/container_environment/ | grep "^.*__FILE"); d
     # if SECRETFILE exists / is not null
     if [[ -f ${SECRETFILE} ]]; then
         # strip the appended "__FILE" from environmental variable name ...
-        STRIPFILE=$(echo $FILENAME | sed "s/__FILE//g")   
+        STRIPFILE=$(echo ${FILENAME} | sed "s/__FILE//g") 
         echo "[secret-init] Set STRIPFILE to ${STRIPFILE}"  # DEBUG - rm for prod!
-
+        
         # ... and set value to contents of secretfile
         # since s6 uses text files, this is effectively "export ..."
-        cat ${SECRETFILE} > ${STRIPFILE}
+        cat $(${SECRETFILE} | xargs) > ${STRIPFILE}
         echo "[secret-init] Set ${STRIPFILE} to $(cat ${STRIPFILE})"  # DEBUG - rm for prod!"
-        echo "[secret-init] Success! ${STRIPFILE##*/} set from ${FILENAME##*/}"
+        echo "[secret-init] Success! ${STRIPFILE} set from ${FILENAME}"
 
     else
-        echo "[secret-init] cannot find secret in ${FILENAME##*/}"
+        echo "[secret-init] cannot find secret in ${FILENAME}"
     fi
 done