From 2eeeb7d057577206aa0c4dc9d4e6d41866fb632e Mon Sep 17 00:00:00 2001 From: Claudio Date: Wed, 31 Jan 2024 14:48:07 -0800 Subject: [PATCH] FIN-459 - PIE-1157 - Implement Docker Container Best Practices * Docker USER directive added to Service * make test feature added This change needs to be tested before considered good for production. The app will be running as user "appuser" instead as root, we need to make sure there are not side effects due this change. --- Dockerfile | 4 ++++ Makefile | 8 +++++++- docker-compose.yml | 10 ++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 docker-compose.yml diff --git a/Dockerfile b/Dockerfile index f759768..bb29888 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,5 +11,9 @@ RUN bundle config --local set without 'development test' \ && bundle config --local deployment true \ && bundle install --jobs 20 --retry 5 +RUN adduser --disabled-password -u 1001 appuser \ + && chown -R appuser:appuser /app + +USER appuser:appuser ENV RACK_ENV production CMD ["bundle", "exec", "ruby", "fomotograph.rb", "-p", "4567"] diff --git a/Makefile b/Makefile index b129c43..5aae0ec 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,13 @@ export all: build test: - @echo "Nothing to test..." + docker-compose up -d --build && sleep 10 + # docker-compose exec test curl http://app:4567/healthcheck + docker-compose exec test curl http://app:4567/products.json -o /tmp/test1 + docker-compose exec test jq '.' /tmp/test1 + docker-compose exec test curl http://app:4567/erasurez -o /tmp/test2 + docker-compose exec test jq '.' /tmp/test2 + docker-compose down build: docker build -t $(SERVICE_NAME) . diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..e7665b2 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,10 @@ +version: '3' +services: + app: + build: + context: . + ports: + - "4567:4567" + test: + image: cimg/base:2024.01 + command: sleep 1000