-
Notifications
You must be signed in to change notification settings - Fork 4
/
Dockerfile
82 lines (55 loc) · 2.82 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# syntax=docker/dockerfile:1
FROM docker.io/curlimages/curl:8.10.1@sha256:d9b4541e214bcd85196d6e92e2753ac6d0ea699f0af5741f8c6cccbfcf00ef4b AS crypt-lib
ARG TARGETARCH
WORKDIR /cryptd
ARG CRYPTD_VERSION=7.0.14
ARG CRYPTD_OS=debian12
# debian doesn't suppport arm architecture for now, if we switch to ubuntu we can uncomment the arm bit
RUN case "${TARGETARCH}" in \
'amd64') \
cryptd_arch="x86_64"; \
;; \
# 'arm64') \
# cryptd_arch="aarch64"; \
# ;; \
*) echo >&2 "error: unsupported architecture ($TARGETARCH)"; exit 1; ;; \
esac; \
curl -fsSL "https://downloads.mongodb.com/linux/mongo_crypt_shared_v1-linux-${cryptd_arch}-enterprise-${CRYPTD_OS}-${CRYPTD_VERSION}.tgz" -o "/tmp/mongo_crypt_shared.tgz" \
&& tar -xvf "/tmp/mongo_crypt_shared.tgz" --no-same-permissions --no-same-owner -C "/cryptd"
########################################################################################################################
FROM docker.io/library/node:20.18.0-bookworm-slim@sha256:967bab29ecde5d59a6dd781054bf9021eee8116068e1f5cb139750b6bc6a75e9 AS build
ENV NODE_ENV=production
WORKDIR /build-dir
COPY package.json .
COPY package-lock.json .
RUN npm ci
COPY . .
########################################################################################################################
# create a CRUD Service image that does not support automatic CSFLE
# and therefore it can be employed by everybody in any MongoDB product
FROM docker.io/library/node:20.18.0-bookworm-slim@sha256:967bab29ecde5d59a6dd781054bf9021eee8116068e1f5cb139750b6bc6a75e9 AS crud-service-no-encryption
ARG COMMIT_SHA
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install --assume-yes --no-install-recommends \
tini \
&& apt-get autoremove --assume-yes \
&& rm -rf /var/lib/apt/lists/*
ENV NODE_ENV=production
ENV LOG_LEVEL=info
ENV HTTP_PORT=3000
ENV SERVICE_PREFIX=/
ENV EXPOSE_METRICS=true
ENV ENABLE_TRACING=false
EXPOSE ${HTTP_PORT}
WORKDIR /home/node/app
COPY --from=build /build-dir ./
HEALTHCHECK --start-period=5s CMD wget -qO- http://localhost:${HTTP_PORT}/-/healthz &> /dev/null || exit 1
USER node
ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ./node_modules/.bin/lc39 ./index.js --port=${HTTP_PORT} --log-level=${LOG_LEVEL} --prefix=${SERVICE_PREFIX} --expose-metrics=${EXPOSE_METRICS} --enable-tracing=${ENABLE_TRACING}
########################################################################################################################
# extend previous stage to add the support to automatic MongoDB CSFLE feature,
# which can be leveraged by users adopting a MongoDB Atlas or MongoDB enterprise products
FROM crud-service-no-encryption AS crud-service-with-encryption
ENV CRYPT_SHARED_LIB_PATH=/cryptd/mongo_crypt_v1.so
COPY --from=crypt-lib /cryptd/lib/mongo_crypt_v1.so /cryptd/mongo_crypt_v1.so