Merge pull request #17 from mrmeyers99/alpine-3.14-better

Run docker as a non root user to work around permissions issue caused by upgrading to alpine 3.14
Bandwidth · Dec 15, 2021 · 2099351 · 2099351
2 parents 64283b3 + 4f51727
commit 2099351
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 28 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,11 +1,15 @@
-FROM alpine:3.13
+FROM node:16-alpine3.14
 
-RUN apk --update --no-cache add nodejs npm python3 py3-pip jq curl bash git docker && \
-	ln -sf /usr/bin/python3 /usr/bin/python
+RUN apk --update --no-cache add python3 py3-pip jq curl bash git docker sudo && \
+    ln -sf /usr/bin/python3 /usr/bin/python && \
+    addgroup github && adduser -G github -D github && \
+    echo '%github ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/github
 
 COPY --from=golang:alpine /usr/local/go/ /usr/local/go/
 ENV PATH="/usr/local/go/bin:${PATH}"
 
 COPY entrypoint.sh /entrypoint.sh
 
+USER github:github
+
 ENTRYPOINT ["/entrypoint.sh"]
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -10,36 +10,34 @@ function parseInputs(){
 	fi
 }
 
-function installTypescript(){
-	npm install typescript
+function installNpmPackage(){
+	package=$1
+	scope=$2
+	echo "Install $package with scope $scope"
+
+	if [ "${INPUT_DEBUG_LOG}" == "true" ] && [ "$scope" == "local" ]; then
+		npm install $package
+	elif [ "${INPUT_DEBUG_LOG}" == "true" ] && [ "$scope" == "global" ]; then
+		sudo npm install -g $package
+	elif [ "$scope" == "local" ]; then
+		npm install $package --log-level=error --no-fund --no-audit $package >/dev/null 2>&1
+	else
+		sudo npm install -g --log-level=error --no-fund --no-audit $package >/dev/null 2>&1
+	fi
+
+	if [ "${?}" -ne 0 ]; then
+		echo "Failed to install $package"
+	else
+		echo "Successful install $package"
+	fi
 }
 
 function installAwsCdk(){
 	echo "Install aws-cdk ${INPUT_CDK_VERSION}"
 	if [ "${INPUT_CDK_VERSION}" == "latest" ]; then
-		if [ "${INPUT_DEBUG_LOG}" == "true" ]; then
-			npm install -g aws-cdk
-		else
-			npm install -g aws-cdk >/dev/null 2>&1
-		fi
-
-		if [ "${?}" -ne 0 ]; then
-			echo "Failed to install aws-cdk ${INPUT_CDK_VERSION}"
-		else
-			echo "Successful install aws-cdk ${INPUT_CDK_VERSION}"
-		fi
+	  installNpmPackage aws-cdk global
 	else
-		if [ "${INPUT_DEBUG_LOG}" == "true" ]; then
-			npm install -g aws-cdk@${INPUT_CDK_VERSION}
-		else
-			npm install -g aws-cdk@${INPUT_CDK_VERSION} >/dev/null 2>&1
-		fi
-
-		if [ "${?}" -ne 0 ]; then
-			echo "Failed to install aws-cdk ${INPUT_CDK_VERSION}"
-		else
-			echo "Successful install aws-cdk ${INPUT_CDK_VERSION}"
-		fi
+		installNpmPackage aws-cdk@${INPUT_CDK_VERSION} global
 	fi
 }
 
@@ -99,7 +97,7 @@ ${output}
 function main(){
 	parseInputs
 	cd ${GITHUB_WORKSPACE}/${INPUT_WORKING_DIR}
-	installTypescript
+	installNpmPackage typescript local
 	installAwsCdk
 	installPipRequirements
 	runCdk ${INPUT_CDK_ARGS}