Skip to content

Create complete Apostrophe CMS Docker environment #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
killev merged 5 commits into from
Apr 13, 2025
Merged

Create complete Apostrophe CMS Docker environment #2

killev merged 5 commits into from
Apr 13, 2025

Conversation

@killev
Copy link
Collaborator

@killev killev commented Apr 13, 2025

  • Create Docker Compose with MongoDB, Redis, and Mongo Express
  • Add development environment with hot-reload support
  • Implement secure Dockerfile with non-root user
  • Configure persistent storage for database and cache
  • Add health checks for all services
  • Include comprehensive documentation

killev added 5 commits April 13, 2025 11:49
@killev
Create complete Apostrophe CMS Docker environment
492bb99 
- Create Docker Compose with MongoDB, Redis, and Mongo Express
- Add development environment with hot-reload support
- Implement secure Dockerfile with non-root user
- Configure persistent storage for database and cache
- Add health checks for all services
- Include comprehensive documentation
@killev
Remove lint action
28892b4
@killev
Fix specific version for wget
1a19124
@killev
Update wget's version to wget=1.25.0-r0
f358182
@killev
Add docker authorisation to check security issues
bbb3f6b
@github-actions
Copy link

github-actions bot commented Apr 13, 2025

🔍 Vulnerabilities of apostrophe-cms:test

📦 Image Reference apostrophe-cms:test
digestsha256:30ce8f2b2585a9dea7281c4bf96827dfc1323cf17fcca50fce3ddef39bd1f857
vulnerabilitiescritical: 0 high: 2 medium: 0 low: 0
platformlinux/amd64
size235 MB
packages1082
📦 Base Image node:23-alpine
also known as
  • 23-alpine3.21
  • 23.11-alpine
  • 23.11-alpine3.21
  • 23.11.0-alpine
  • 23.11.0-alpine3.21
  • alpine
  • alpine3.21
  • current-alpine
  • current-alpine3.21
digestsha256:0d468be7d2997dd2f6a3cda45e121a6b5140eb7ba3eba299a215030dbb0fb1ca
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 1 medium: 0 low: 0 async 1.5.2 (npm)

pkg:npm/async@1.5.2

high 7.8: CVE--2021--43138 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range<2.6.4
Fixed version2.6.4, 3.2.2
CVSS Score7.8
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score0.915%
EPSS Percentile74th percentile
Description

A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.

critical: 0 high: 1 medium: 0 low: 0 async 0.9.2 (npm)

pkg:npm/async@0.9.2

high 7.8: CVE--2021--43138 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range<2.6.4
Fixed version2.6.4, 3.2.2
CVSS Score7.8
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score0.915%
EPSS Percentile74th percentile
Description

A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.

@github-advanced-security
Copy link

github-advanced-security bot commented Apr 13, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@killev killev requested a review from Copilot April 13, 2025 11:30
Copilot AI reviewed Apr 13, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 7 out of 10 changed files in this pull request and generated no comments.

Files not reviewed (3)
  • Dockerfile: Language not supported
  • website/package-lock.json: Language not supported
  • website/package.json: Language not supported
Comments suppressed due to low confidence (2)

docker-compose.yml:23

  • The Apostrophe service healthcheck uses wget. Ensure that wget is installed in the image or consider an alternative command (e.g., using curl) to avoid potential failures in environments where wget is not available.
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/"]

docker-compose.yml:40

  • The MongoDB healthcheck command may misinterpret the nested quotes. Consider escaping the inner double quotes properly (e.g. using "ping") to ensure the command executes reliably.
      test: echo 'db.runCommand("ping").ok' | mongosh localhost:27017/test --quiet

@killev killev merged commit 34e57de into main Apr 13, 2025
3 checks passed
@killev killev deleted the add-docker-compose branch April 13, 2025 11:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@killev