generated from DTS-STN/next-template
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Dockerfile
157 lines (124 loc) · 4.21 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
FROM node:20.17.0-alpine3.20 AS base
WORKDIR /base
COPY package*.json ./
RUN npm ci && npm cache clean --force
COPY . .
FROM base AS build
# Build envs
ARG HOSTALIAS_CERT
ENV HOSTALIAS_CERT=$HOSTALIAS_CERT
ARG HOSTALIAS_ROOT_CERT
ENV HOSTALIAS_ROOT_CERT=$HOSTALIAS_ROOT_CERT
ARG AUTH_ECAS_CA
ENV AUTH_ECAS_CA=$AUTH_ECAS_CA
ARG LOGGING_LEVEL=info
ENV LOGGING_LEVEL=$LOGGING_LEVEL
ARG AEM_GRAPHQL_ENDPOINT=https://www.canada.ca/graphql/execute.json/decd-endc/
ENV AEM_GRAPHQL_ENDPOINT=$AEM_GRAPHQL_ENDPOINT
ARG AUTH_ECAS_BASE_URL
ENV AUTH_ECAS_BASE_URL=$AUTH_ECAS_BASE_URL
ARG MSCA_BASE_URL
ENV MSCA_BASE_URL=$MSCA_BASE_URL
ARG MSCA_EQ_BASE_URL
ENV MSCA_EQ_BASE_URL=$MSCA_EQ_BASE_URL
ARG MSCA_ECAS_RASC_BASE_URL
ENV MSCA_ECAS_RASC_BASE_URL=$MSCA_ECAS_RASC_BASE_URL
ENV NODE_ENV=production
WORKDIR /build
COPY --from=base /base ./
RUN mkdir -p /usr/local/share/ca-certificates/ && \
echo ${HOSTALIAS_CERT} | \
sed 's/\\n/\n/g' | \
xargs > \
/usr/local/share/ca-certificates/env.crt && \
chmod 644 /usr/local/share/ca-certificates/env.crt && \
echo ${AUTH_ECAS_CA} | \
sed 's/\\n/\n/g' | \
xargs > \
/usr/local/share/ca-certificates/ecas_env.crt && \
chmod 644 /usr/local/share/ca-certificates/ecas_env.crt && \
mkdir -p /etc/ssl/certs/ && \
echo ${HOSTALIAS_ROOT_CERT} | \
sed 's/\\n/\n/g' | \
xargs > \
/etc/ssl/certs/root.crt && \
chmod 644 /etc/ssl/certs/root.crt && \
npm run build
FROM node:20.17.0-alpine3.20 AS production
ENV NODE_ENV=production
ARG user=nodeuser
ARG group=nodegroup
ARG home=/srv/app
ARG MSCA_NG_CERT_LOCATION=/usr/local/share/ca-certificates/env.crt
ENV MSCA_NG_CERT_LOCATION=$MSCA_NG_CERT_LOCATION
ARG ECAS_CERT_LOCATION=/usr/local/share/ca-certificates/ecas_env.crt
ENV ECAS_CERT_LOCATION=$ECAS_CERT_LOCATION
RUN addgroup \
-S ${group} \
--gid 1001 && \
adduser \
--disabled-password \
--gecos "" \
--uid 1001 \
--home ${home} \
--ingroup ${group} \
${user}
WORKDIR ${home}
COPY --from=build /etc/ssl/certs/root.crt /etc/ssl/certs/root.crt
COPY --from=build --chown=${user}:${group} /usr/local/share/ca-certificates/env.crt ${MSCA_NG_CERT_LOCATION}
COPY --from=build --chown=${user}:${group} /usr/local/share/ca-certificates/ecas_env.crt ${ECAS_CERT_LOCATION}
RUN apk update && \
apk add ca-certificates && \
rm -rf /var/cache/apk/* && \
update-ca-certificates
USER ${user}
COPY --from=build --chown=${user}:${group} /build/next.config.js ./
COPY --from=build --chown=${user}:${group} /build/package*.json ./
COPY --from=build --chown=${user}:${group} /build/.next ./.next
COPY --from=build --chown=${user}:${group} /build/public ./public
# COPY --from=build --chown=${user}:${group} /build/certs/srv113-i-lab-hrdc-drhc-gc-ca-chain.pem ./certs/
RUN VERSION_NEXT=`node -p -e "require('./package-lock.json').packages['node_modules/next'].version"` && npm install --no-package-lock --no-save next@"$VERSION_NEXT" && npm cache clean --force
# Runtime envs -- will default to build args if no env values are specified at docker run
ARG LOGGING_LEVEL=info
ENV LOGGING_LEVEL=$LOGGING_LEVEL
ARG AEM_GRAPHQL_ENDPOINT
ENV AEM_GRAPHQL_ENDPOINT=$AEM_GRAPHQL_ENDPOINT
ARG MSCA_BASE_URL
ENV MSCA_BASE_URL=$MSCA_BASE_URL
ARG MSCA_EQ_BASE_URL
ENV MSCA_EQ_BASE_URL=$MSCA_EQ_BASE_URL
ARG MSCA_ECAS_RASC_BASE_URL
ENV MSCA_ECAS_RASC_BASE_URL=$MSCA_ECAS_RASC_BASE_URL
# ECAS/next-auth env start
ARG NEXTAUTH_SECRET
ENV NEXTAUTH_SECRET=$NEXTAUTH_SECRET
ARG NEXTAUTH_URL
ENV NEXTAUTH_URL=$NEXTAUTH_URL
ARG CLIENT_SECRET
ENV CLIENT_SECRET=$CLIENT_SECRET
ARG CLIENT_ID
ENV CLIENT_ID=$CLIENT_ID
ARG AUTH_ECAS_BASE_URL
ENV AUTH_ECAS_BASE_URL=$AUTH_ECAS_BASE_URL
ARG AUTH_ECAS_WELL_KNOWN
ENV AUTH_ECAS_WELL_KNOWN=$AUTH_ECAS_WELL_KNOWN
ARG AUTH_ECAS_AUTHORIZATION
ENV AUTH_ECAS_AUTHORIZATION=$AUTH_ECAS_AUTHORIZATION
ARG AUTH_ECAS_TOKEN
ENV AUTH_ECAS_TOKEN=$AUTH_ECAS_TOKEN
ARG AUTH_ECAS_USERINFO
ENV AUTH_ECAS_USERINFO=$AUTH_ECAS_USERINFO
ARG AUTH_PRIVATE
ENV AUTH_PRIVATE=$AUTH_PRIVATE
ARG AUTH_DISABLED
ENV AUTH_DISABLED=$AUTH_DISABLED
ARG AUTH_ECAS_GLOBAL_LOGOUT_URL
ENV AUTH_ECAS_GLOBAL_LOGOUT_URL=$AUTH_ECAS_GLOBAL_LOGOUT_URL
ENV NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/ecas_env.crt
# ECAS/next-auth env end
ARG PORT=3000
ENV PORT=${PORT}
ARG HOSTNAME=localhost
ENV HOSTNAME=${HOSTNAME}
EXPOSE ${PORT}
CMD npm run start