From 99c930149bfef1eb490a5a73030a673efaf06da3 Mon Sep 17 00:00:00 2001 From: Zui Young Date: Fri, 17 Jan 2025 13:26:53 +0800 Subject: [PATCH 1/4] Migrate to playwright image --- Dockerfile | 85 ++++++++++++++++++++++++------------------------------ 1 file changed, 38 insertions(+), 47 deletions(-) diff --git a/Dockerfile b/Dockerfile index 901f148f..462763e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,60 +1,51 @@ -# Use Node LTS alpine distribution -FROM node:lts-alpine3.18 - -# Installation of packages for oobee and chromium -RUN apk add build-base gcompat g++ make python3 zip bash git chromium openjdk11-jre - -# Installation of VeraPDF -RUN echo $' \n\ - \n\ - \n\ - \n\ - /opt/verapdf \n\ - \n\ - \n\ - \n\ - \n\ - \n\ - \n\ - \n\ - \n\ - \n\ - \n\ - ' >> /opt/verapdf-auto-install-docker.xml - -RUN wget "https://github.com/GovTechSG/oobee/releases/download/cache/verapdf-installer.zip" -P /opt -RUN unzip /opt/verapdf-installer.zip -d /opt -RUN latest_version=$(ls -d /opt/verapdf-greenfield-* | sort -V | tail -n 1) && [ -n "$latest_version" ] && \ - "$latest_version/verapdf-install" "/opt/verapdf-auto-install-docker.xml" -RUN rm -rf /opt/verapdf-installer.zip /opt/verapdf-greenfield-* - -# Set oobee directory -WORKDIR /app +# Use Microsoft Playwright image as base image +# Node version is v20.16.0 +FROM mcr.microsoft.com/playwright:v1.46.0-noble + +# Installation of packages for oobee and runner +RUN apt-get update && apt-get install -y zip git + +WORKDIR /app/oobee -# Copy package.json to working directory, perform npm install before copying the remaining files -COPY package*.json ./ +# Clone oobee repository +RUN git clone --branch master https://github.com/GovTechSG/oobee.git /app/oobee + +# OR Copy oobee files from local directory +# COPY . . # Environment variables for node and Playwright ENV NODE_ENV=production ENV PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD="true" -ENV PLAYWRIGHT_BROWSERS_PATH="/opt/ms-playwright" -ENV PATH="/opt/verapdf:${PATH}" -# Install dependencies -RUN npm install --force --omit=dev +# Install oobee dependencies +RUN npm ci --omit=dev + +# Compile TypeScript for oobee +RUN npm run build || true # true exits with code 0 - workaround for TS errors # Install Playwright browsers -RUN npx playwright install chromium webkit +RUN npx playwright install chromium # Add non-privileged user -RUN addgroup -S oobee && adduser -S -G oobee oobee -RUN chown -R oobee:oobee ./ +# Create a group named "purple" +RUN groupadd -r purple -# Run everything after as non-privileged user. -USER oobee +# Create a user named "purple" and assign it to the group "purple" +RUN useradd -r -g purple purple -# Copy application and support files -COPY . . +# Create a dedicated directory for the "purple" user and set permissions +RUN mkdir -p /home/purple && chown -R purple:purple /home/purple -# Compile TypeScript -RUN npm run build || true # true exits with code 0 - temp workaround until errors are resolved +WORKDIR /app + +# Set the ownership of the oobee directory to the user "purple" +RUN chown -R purple:purple /app + +# Copy any application and support files +# COPY . . + +# Install any app dependencies for your application +# RUN npm ci --omit=dev + +# Run everything after as non-privileged user. +USER purple From 191ab469f498d8883bc5cc580a98fd115808bec1 Mon Sep 17 00:00:00 2001 From: Zui Young Date: Fri, 17 Jan 2025 13:28:00 +0800 Subject: [PATCH 2/4] Switch to local file copy --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 462763e2..6b0d8479 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,10 +8,10 @@ RUN apt-get update && apt-get install -y zip git WORKDIR /app/oobee # Clone oobee repository -RUN git clone --branch master https://github.com/GovTechSG/oobee.git /app/oobee +# RUN git clone --branch master https://github.com/GovTechSG/oobee.git /app/oobee # OR Copy oobee files from local directory -# COPY . . +COPY . . # Environment variables for node and Playwright ENV NODE_ENV=production From cec8f1e024900d406a298da393e88376807c3b7c Mon Sep 17 00:00:00 2001 From: Zui Young Date: Fri, 17 Jan 2025 13:30:38 +0800 Subject: [PATCH 3/4] Change dir to oobee --- .github/workflows/docker-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-test.yml b/.github/workflows/docker-test.yml index 9c36342f..c296651c 100644 --- a/.github/workflows/docker-test.yml +++ b/.github/workflows/docker-test.yml @@ -36,7 +36,7 @@ jobs: run: | docker exec oobee-container cat logs/*/*.txt || true - name: Copy Results from Docker Container - run: docker cp oobee-container:/app/results ./results + run: docker cp oobee-container:/app/oobee/results ./results - name: Zip Results run: zip -r results.zip ./results From 0b5f558422ea88a825200410c14cc0c124ad8012 Mon Sep 17 00:00:00 2001 From: Zui Young Date: Fri, 17 Jan 2025 13:31:58 +0800 Subject: [PATCH 4/4] cd to oobee --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 6b0d8479..d544b688 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,5 +47,8 @@ RUN chown -R purple:purple /app # Install any app dependencies for your application # RUN npm ci --omit=dev +# For oobee to be run from present working directory, comment out as necessary +WORKDIR /app/oobee + # Run everything after as non-privileged user. USER purple