Skip to content
Permalink
Browse files

Non root user and fwatchdow standarization

AlpineFunction additional Dockerfiles
Fix Coffe, node nonroot user and change workdir
DnCore nonroot and updated to 2.1, new README
Fix golang user and watchdog
Java user and watchdog fix
Watchdog and user for node image
Fix python user and watchdog
Fix R username and watchdog
Captainsintent user and fwatchdog
ChangeColorIntent change username, fwatchdog and directory
CHelloWorld remove tmp, disabled lock, fwatchdog and user
DockerHubStats user, fwatchdog and dependencies
Change figlet to use base alpine image
Improve figlet ARM
Set base image GIF-Maker
MarkDownRender change base image
NodeInfo change base image
PhantomJS user and fwatchdog
Resize Image
SentimentAnalysis user and watchdog
WebhookStach change root image
Replace user faas with app
Upgrade alpine to latest version
Revert vendor folders
Upgrade alpine:3.9
  • Loading branch information...
paurosello authored and alexellis committed Jun 26, 2019
1 parent e8b3818 commit 2b37a0133ac7d70e38c20da840e26c1ddf04b993
Showing with 181 additions and 150 deletions.
  1. +4 −1 sample-functions/AlpineFunction/Dockerfile
  2. +4 −1 sample-functions/AlpineFunction/Dockerfile.arm64
  3. +4 −1 sample-functions/AlpineFunction/Dockerfile.armhf
  4. +8 −5 sample-functions/BaseFunctions/R/Dockerfile
  5. +7 −4 sample-functions/BaseFunctions/coffee/Dockerfile
  6. +11 −8 sample-functions/BaseFunctions/dncore/Dockerfile
  7. +9 −0 sample-functions/BaseFunctions/dncore/README.md
  8. +1 −1 sample-functions/BaseFunctions/dncore/src/root.csproj
  9. +8 −4 sample-functions/BaseFunctions/golang/Dockerfile
  10. +8 −4 sample-functions/BaseFunctions/java/Dockerfile
  11. +8 −4 sample-functions/BaseFunctions/node/Dockerfile
  12. +8 −4 sample-functions/BaseFunctions/python/Dockerfile
  13. +13 −9 sample-functions/CHelloWorld/src/Dockerfile
  14. +10 −4 sample-functions/CaptainsIntent/Dockerfile
  15. +9 −5 sample-functions/ChangeColorIntent/Dockerfile
  16. +9 −9 sample-functions/DockerHubStats/Dockerfile
  17. +1 −1 sample-functions/DockerHubStats/Dockerfile.armhf
  18. +1 −5 sample-functions/HostnameIntent/Dockerfile
  19. +1 −6 sample-functions/MarkdownRender/Dockerfile
  20. +1 −6 sample-functions/NodeInfo/Dockerfile
  21. +2 −7 sample-functions/NodeInfo/Dockerfile.arm64
  22. +2 −7 sample-functions/NodeInfo/Dockerfile.armhf
  23. +7 −4 sample-functions/Phantomjs/Dockerfile
  24. +7 −3 sample-functions/ResizeImageMagick/Dockerfile
  25. +9 −5 sample-functions/ResizeImageMagick/Dockerfile.armhf
  26. +6 −6 sample-functions/SentimentAnalysis/Dockerfile
  27. +16 −7 sample-functions/SentimentAnalysis/Dockerfile.armhf
  28. +1 −6 sample-functions/WebhookStash/Dockerfile
  29. +2 −9 sample-functions/figlet/Dockerfile
  30. +2 −9 sample-functions/figlet/Dockerfile.armhf
  31. +2 −5 sample-functions/gif-maker/Dockerfile
@@ -1,12 +1,15 @@
FROM openfaas/classic-watchdog:0.14.4 as watchdog

FROM alpine:3.9
FROM alpine:3.10

COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
RUN chmod +x /usr/bin/fwatchdog

# Populate example here
# ENV fprocess="wc -l"

RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app
USER 1000

HEALTHCHECK --interval=5s CMD [ -e /tmp/.lock ] || exit 1
CMD ["fwatchdog"]
@@ -1,12 +1,15 @@
FROM openfaas/classic-watchdog:0.14.4 as watchdog

FROM alpine:3.9
FROM alpine:3.10

COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
RUN chmod +x /usr/bin/fwatchdog

# Populate example here
# ENV fprocess="wc -l"

RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app
USER 1000

HEALTHCHECK --interval=5s CMD [ -e /tmp/.lock ] || exit 1
CMD ["fwatchdog"]
@@ -1,12 +1,15 @@
FROM openfaas/classic-watchdog:0.14.4 as watchdog

FROM alpine:3.9
FROM alpine:3.10

COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
RUN chmod +x /usr/bin/fwatchdog

# Populate example here
# ENV fprocess="wc -l"

RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app
USER 1000

HEALTHCHECK --interval=5s CMD [ -e /tmp/.lock ] || exit 1
CMD ["fwatchdog"]
@@ -1,16 +1,19 @@
FROM openfaas/classic-watchdog:0.14.4 as watchdog

FROM artemklevtsov/r-alpine:latest

RUN apk --no-cache add curl \
&& curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \
&& chmod +x /usr/bin/fwatchdog
COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
RUN chmod +x /usr/bin/fwatchdog

WORKDIR /root/
WORKDIR /application/

COPY handler.R .

ENV fprocess="Rscript handler.R"

RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app
USER 1000

HEALTHCHECK --interval=1s CMD [ -e /tmp/.lock ] || exit 1

CMD ["fwatchdog"]

@@ -1,10 +1,11 @@
FROM openfaas/classic-watchdog:0.14.4 as watchdog

FROM node:6.9.1-alpine

RUN apk --no-cache add curl \
&& curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \
&& chmod +x /usr/bin/fwatchdog
COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
RUN chmod +x /usr/bin/fwatchdog

WORKDIR /root/
WORKDIR /application/

COPY package.json .

@@ -17,4 +18,6 @@ ENV fprocess="coffee handler.coffee"

HEALTHCHECK --interval=1s CMD [ -e /tmp/.lock ] || exit 1

USER 1000

CMD ["fwatchdog"]
@@ -1,18 +1,21 @@
FROM microsoft/dotnet:sdk
FROM openfaas/classic-watchdog:0.14.4 as watchdog

RUN apt-get update && apt-get install -y curl \
&& curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \
&& chmod +x /usr/bin/fwatchdog \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
FROM mcr.microsoft.com/dotnet/core/sdk:2.1 as build

COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
RUN chmod +x /usr/bin/fwatchdog

ENV DOTNET_CLI_TELEMETRY_OPTOUT 1

WORKDIR /root/
WORKDIR /application/
COPY src src
WORKDIR /root/src
WORKDIR /application/src
RUN dotnet restore
RUN dotnet build

ENV fprocess="dotnet ./bin/Debug/netcoreapp1.1/root.dll"
FROM build as runner
RUN groupadd -g 1000 -r faas && useradd -r -g faas -u 1000 faas -m
USER 1000
ENV fprocess="dotnet ./bin/Debug/netcoreapp2.1/root.dll"
EXPOSE 8080
CMD ["fwatchdog"]
@@ -0,0 +1,9 @@
# DnCore Example
DotNet seems to have an issue where the following message can bee seen on STDOUT:
```
realpath(): Permission denied
realpath(): Permission denied
realpath(): Permission denied
```

This messages can be ignored and the issue can be followed at: https://github.com/dotnet/core-setup/issues/4038
@@ -2,7 +2,7 @@

<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>netcoreapp1.1</TargetFramework>
<TargetFramework>netcoreapp2.1</TargetFramework>
</PropertyGroup>

</Project>
@@ -1,3 +1,5 @@
FROM openfaas/classic-watchdog:0.14.4 as watchdog

FROM golang:1.9.7-alpine

MAINTAINER alexellis2@gmail.com
@@ -8,11 +10,13 @@ COPY . /go/src/github.com/openfaas/faas/sample-functions/golang

RUN go install

RUN apk --no-cache add curl \
&& curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \
&& chmod +x /usr/bin/fwatchdog
COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
RUN chmod +x /usr/bin/fwatchdog

ENV fprocess "/go/bin/golang"
HEALTHCHECK --interval=1s CMD [ -e /tmp/.lock ] || exit 1

CMD [ "/usr/bin/fwatchdog"]
RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app
USER 1000

CMD [ "fwatchdog"]
@@ -1,16 +1,20 @@
FROM openfaas/classic-watchdog:0.14.4 as watchdog

FROM openjdk:8u121-jdk-alpine

RUN apk --no-cache add curl \
&& curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \
&& chmod +x /usr/bin/fwatchdog
COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
RUN chmod +x /usr/bin/fwatchdog

WORKDIR /root/
WORKDIR /application/

COPY Handler.java .
RUN javac Handler.java

ENV fprocess="java Handler"

RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app
USER 1000

HEALTHCHECK --interval=1s CMD [ -e /tmp/.lock ] || exit 1

CMD ["fwatchdog"]
@@ -1,15 +1,19 @@
FROM openfaas/classic-watchdog:0.14.4 as watchdog

FROM node:6.9.1-alpine

RUN apk --no-cache add curl \
&& curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \
&& chmod +x /usr/bin/fwatchdog
WORKDIR /root/
COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
RUN chmod +x /usr/bin/fwatchdog

WORKDIR /application/

COPY package.json .

RUN npm i
COPY handler.js .

USER 1000

ENV fprocess="node handler.js"

HEALTHCHECK --interval=1s CMD [ -e /tmp/.lock ] || exit 1
@@ -1,15 +1,19 @@
FROM openfaas/classic-watchdog:0.14.4 as watchdog

FROM python:2.7-alpine

RUN apk --no-cache add curl \
&& curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \
&& chmod +x /usr/bin/fwatchdog
COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
RUN chmod +x /usr/bin/fwatchdog

WORKDIR /root/
WORKDIR /application/

COPY handler.py .

ENV fprocess="python handler.py"

RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app
USER 1000

HEALTHCHECK --interval=1s CMD [ -e /tmp/.lock ] || exit 1

CMD ["fwatchdog"]
@@ -1,10 +1,12 @@
FROM alpine:3.8 as builder
RUN apk add --no-cache curl \
&& curl -SL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \
&& chmod +x /usr/bin/fwatchdog \
&& apk --no-cache del curl
FROM openfaas/classic-watchdog:0.14.4 as watchdog

WORKDIR /root/
FROM alpine:3.10 as builder
COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
RUN chmod +x /usr/bin/fwatchdog

WORKDIR /application/

RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app

RUN apk add --no-cache gcc \
musl-dev
@@ -18,11 +20,13 @@ FROM scratch

COPY --from=builder /main /
COPY --from=builder /usr/bin/fwatchdog /
COPY --from=builder /tmp /tmp

ENV fprocess="/main"
ENV suppress_lock=true

COPY --from=builder /etc/passwd /etc/passwd

HEALTHCHECK --interval=5s CMD [ -e /tmp/.lock ] || exit 1
USER 1000

CMD ["/fwatchdog"]
CMD ["fwatchdog"]

@@ -1,9 +1,12 @@
FROM alpine:3.8
FROM openfaas/classic-watchdog:0.14.4 as watchdog

FROM alpine:3.10
RUN apk --update add nodejs nodejs-npm

RUN apk --no-cache add curl \
&& curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \
&& chmod +x /usr/bin/fwatchdog
COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
RUN chmod +x /usr/bin/fwatchdog

WORKDIR /application/

COPY package.json .
COPY handler.js .
@@ -12,4 +15,7 @@ COPY sample.json .

RUN npm i
ENV fprocess="node handler.js"

USER 1000

CMD ["fwatchdog"]
@@ -1,16 +1,20 @@
FROM alpine:3.8
FROM openfaas/classic-watchdog:0.14.4 as watchdog

FROM alpine:3.10
RUN apk --update add nodejs nodejs-npm

RUN apk --no-cache add curl \
&& curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \
&& chmod +x /usr/bin/fwatchdog
COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
RUN chmod +x /usr/bin/fwatchdog

WORKDIR /application/

COPY package.json .
RUN npm i
COPY handler.js .
COPY sendColor.js .
COPY sample_response.json .

USER 1000

ENV fprocess="node handler.js"
CMD ["fwatchdog"]
CMD ["fwatchdog"]
@@ -1,26 +1,26 @@
FROM openfaas/classic-watchdog:0.14.4 as watchdog

FROM golang:1.9.7-alpine as builder

MAINTAINER alex@openfaas.com
ENTRYPOINT []

RUN apk --no-cache add make curl \
&& curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \
&& chmod +x /usr/bin/fwatchdog

WORKDIR /go/src/github.com/openfaas/faas/sample-functions/DockerHubStats

COPY . /go/src/github.com/openfaas/faas/sample-functions/DockerHubStats
RUN set -ex && apk add make && make install

RUN make install

FROM alpine:3.8
FROM alpine:3.10

# Needed to reach the hub
RUN apk --no-cache add ca-certificates

COPY --from=builder /usr/bin/fwatchdog /usr/bin/fwatchdog
COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
RUN chmod +x /usr/bin/fwatchdog
COPY --from=builder /go/bin/DockerHubStats /usr/bin/DockerHubStats
ENV fprocess "/usr/bin/DockerHubStats"

RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app
USER 1000

HEALTHCHECK --interval=5s CMD [ -e /tmp/.lock ] || exit 1
CMD ["/usr/bin/fwatchdog"]
@@ -13,7 +13,7 @@ COPY . /go/src/github.com/openfaas/faas/sample-functions/DockerHubStats

RUN make install

FROM alpine:3.8
FROM alpine:3.10

# Needed to reach the hub
RUN apk --no-cache add ca-certificates
@@ -1,10 +1,6 @@
FROM alpine:3.8
FROM functions/alpine:latest
RUN apk --update add nodejs nodejs-npm

RUN apk --no-cache add curl \
&& curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \
&& chmod +x /usr/bin/fwatchdog

COPY package.json .
COPY handler.js .
COPY sample.json .

0 comments on commit 2b37a01

Please sign in to comment.
You can’t perform that action at this time.