{"id":50830707,"url":"https://github.com/okamyuji/dhi-migration","last_synced_at":"2026-06-13T22:32:18.258Z","repository":{"id":363480604,"uuid":"1230392423","full_name":"okamyuji/dhi-migration","owner":"okamyuji","description":"Docker Hardened Images (DHI) migration samples — before/after Dockerfiles for Go, Node.js, Python, and Rails 8 with gitleaks-based secret scanning.","archived":false,"fork":false,"pushed_at":"2026-06-09T03:57:12.000Z","size":17,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-09T05:26:14.619Z","etag":null,"topics":["dhi","distroless","docker","docker-hardened-images","dockerfile","gitleaks","golang","nodejs","python","rails","ruby","security"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/okamyuji.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-06T00:36:38.000Z","updated_at":"2026-06-09T03:57:10.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/okamyuji/dhi-migration","commit_stats":null,"previous_names":["okamyuji/dhi-migration"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/okamyuji/dhi-migration","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/okamyuji%2Fdhi-migration","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/okamyuji%2Fdhi-migration/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/okamyuji%2Fdhi-migration/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/okamyuji%2Fdhi-migration/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/okamyuji","download_url":"https://codeload.github.com/okamyuji/dhi-migration/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/okamyuji%2Fdhi-migration/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34303280,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-13T02:00:06.617Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dhi","distroless","docker","docker-hardened-images","dockerfile","gitleaks","golang","nodejs","python","rails","ruby","security"],"created_at":"2026-06-13T22:32:17.619Z","updated_at":"2026-06-13T22:32:18.251Z","avatar_url":"https://github.com/okamyuji.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dhi-migration\n\nDocker Hardened Images (DHI) への移行を、言語別の **before / after** Dockerfile で実例比較するサンプル集です。Zenn 記事の検証用リポジトリとして利用しています。\n\n## 構成\n\n| 言語 | ベース (before) | DHI (after) | サンプルアプリ |\n| --- | --- | --- | --- |\n| Go 1.25 | `golang:1.25` | `dhi.io/golang:1.25` | `cmd/server` HTTP `/health` |\n| Node.js 24 | `node:24-alpine` | `dhi.io/node:24-alpine3.21` | esbuild バンドル + `/health` |\n| Python 3.11 | `python:3.11-slim` | `dhi.io/python:3.11-debian12` | venv + `/health` |\n| Rails 8 (Ruby 3.4) | `ruby:3.4-slim` | `dhi.io/ruby:3.4-debian12` | API only Rails + Puma `/health` |\n\n各言語ディレクトリは `before/` と `after/` の 2 つの Dockerfile を持ち、同じアプリで「移行前」と「DHI 移行後」のイメージを並べて比較できます。\n\n## 動作確認\n\n例: Rails 8 サンプル\n\n```bash\n# before\ndocker build -t dhi-rails-before rails/before\ndocker run --rm -p 8080:8080 dhi-rails-before\ncurl -s localhost:8080/health\n# {\"status\":\"ok\",\"service\":\"dhi-rails-sample\",\"ruby\":\"3.4.9\",\"rails\":\"8.1.3\"}\n\n# after (DHI)\ndocker build -t dhi-rails-after rails/after\ndocker run --rm -p 8081:8080 dhi-rails-after\ncurl -s localhost:8081/health\n# {\"status\":\"ok\",\"service\":\"dhi-rails-sample\",\"ruby\":\"3.4.5\",\"rails\":\"8.1.3\"}\n```\n\n他言語も `\u003clang\u003e/before` / `\u003clang\u003e/after` を `docker build` するだけで同様に確認できます。\n\n## DHI 適用ポイント\n\n- **builder + runtime の 2 stage** に分離し、ビルド用 `*-dev` イメージとランタイム用 distroless イメージを使い分け\n- ランタイムは **`USER nonroot`** で起動\n- distroless ランタイムには **シェルが無い** ため、エントリポイントは exec 形式 (`CMD [\"...\"]`) で指定\n- Rails / Python のように **ネイティブの tzdata に依存する処理** は、`tzinfo-data` などのアプリ側パッケージで補う\n\n## セキュリティ\n\n- `pre-commit` で **gitleaks** を実行（コミット前にシークレット検出）\n- GitHub Actions でも同じ **gitleaks** をワークフロー実行（push / PR）\n- `.gitignore` は Go / Node / Python / Rails / Docker / 一般的な秘密情報パターンを網羅\n\n### pre-commit 導入\n\n```bash\npre-commit install\npre-commit run --all-files\n```\n\n## ライセンス\n\nSample / verification コードのため、特に明示的なライセンスは付与していません。\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fokamyuji%2Fdhi-migration","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fokamyuji%2Fdhi-migration","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fokamyuji%2Fdhi-migration/lists"}