Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/defra/defra-docker-node

Node.js Docker parent image
https://github.com/defra/defra-docker-node

Last synced: 6 days ago
JSON representation

Node.js Docker parent image

Host: GitHub
URL: https://github.com/defra/defra-docker-node
Owner: DEFRA
License: other
Created: 2020-03-19T14:30:12.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2024-08-15T14:36:42.000Z (3 months ago)
Last Synced: 2024-08-15T16:27:38.211Z (3 months ago)
Language: Dockerfile
Size: 99.6 KB
Stars: 1
Watchers: 6
Forks: 2
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Docker Node

This repository contains Node parent Docker image source code for Defra.

The following table lists the versions of node available, and the parent Node.js image they are based on:

| Node version | Parent image |
| ------------- | ----------------- |
| 18.20.4 | 18.20.4-alpine3.20 |
| 20.18.0 | 20.18.0-alpine3.20 |
| 22.11.0 | 22.11.0-alpine3.20 |

Two parent images are created for each version:

- defra-node
- defra-node-development

It is recommended that services use [multi-stage builds](https://docs.docker.com/develop/develop-images/multistage-build) to produce production and development images, each extending the appropriate parent, from a single Dockerfile.

[Examples](https://github.com/DEFRA/defra-docker-node/tree/master/examples) are provided to show how parent images can be extended for different types of services. These should be a good starting point for building Node services conforming to Defra standards.

## Building images locally

To build the images locally, run:
```
docker build . --no-cache --target .
```
(where `` is either `development` or `production`).

This will build an image using the default `BASE_VERSION` as set in the [Dockerfile](Dockerfile).

## Internal CA certificates

The image includes the certificate for the internal [CA](https://en.wikipedia.org/wiki/Certificate_authority) so that traffic can traverse the network without encountering issues.

## Versioning

Images should be tagged according to the Dockerfile version and the version of Node on which the image is based. For example, for Dockerfile version `1.0.0` based on Node `12.16.0`, the built image would be tagged `1.0.0-node12.16.0`.

Any new features or changes to supported Node or Alpine versions will be published as `minor` version updates. Any breaking changes to dependencies or how images can be consumed will be published as `major` updates.

## Example files

`Dockerfile.web` - This is an example web project, that requires a build step to create some static files that are used by the web front end.

`Dockerfile.service` - This is an example project that doesn't expose any external ports (a message based service). There is also no build step in this Dockerfile.

## CI/CD

On commit GitHub Actions will build both `node` and `node-development` images for the Node.js versions listed in the [image-matrix.json](image-matrix.json) file, and perform a vulnerability scan as described below.

In addition a commit to the master branch will push the images to the [defradigital](https://hub.docker.com/u/defradigital) organisation in Docker Hub using the version tag specified in the [JOB.env](JOB.env) file. This version tag is expected to be manually updated on each release.

In addition to the version, the images will also be tagged with the contents of the `tags` array from [image-matrix.json](image-matrix.json) when pushed to Docker Hub.

## Image vulnerability scanning

A GitHub Action runs a nightly Anchore Grype scan of the image published to Docker, and will build and scan pre-release images on push. At present the latest Node.js 16, 18 and 20 images are scanned.

This ensures Defra services that use the parent images are starting from a known secure foundation, and can limit patching to only newly added libraries.

For more details see [Image Scanning](IMAGE_SCANNING.md)

## Convenience script

A simple convenience script [bump](./bump) is provided to substitute version in the files `Dockerfile`, `README.md`, and `image-matrix.json`.

The 'from' and 'to' values to substitute are separated by a colon, and multiple arguments must be separated by a space.

i.e. `./bump 16.13.0:16.18.1 14.18.1:14.21.1` will replace all instances of `16.13.0` with `16.18.1` and all instances of `14.18.1` with `14.21.1`.

## Licence

THIS INFORMATION IS LICENSED UNDER THE CONDITIONS OF THE OPEN GOVERNMENT LICENCE found at:

The following attribution statement MUST be cited in your products and applications when using this information.

> Contains public sector information licensed under the Open Government license v3

### About the licence

The Open Government Licence (OGL) was developed by the Controller of Her Majesty's Stationery Office (HMSO) to enable information providers in the public sector to license the use and re-use of their information under a common open licence.

It is designed to encourage use and re-use of information freely and flexibly, with only a few conditions.