project setup

.dockerignore

@@ -0,0 +1,3 @@
+.github/
+.hadolint.yaml
+Makefile

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+# Default reviewers/codeowners for all code changes
+
+* @igorjs

.github/workflows/anchore.yml

@@ -0,0 +1,50 @@
+name: Anchore Container Scan
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow checks out code, builds an image, performs a container image
+# vulnerability scan with Anchore's Grype tool, and integrates the results with GitHub Advanced Security
+# code scanning feature.  For more information on the Anchore scan action usage
+# and parameters, see https://github.com/anchore/scan-action. For more
+# information on Anchore's container image scanning tool Grype, see
+# https://github.com/anchore/grype
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  schedule:
+      - cron: '0 0 1 * *' # At 00:00 on day-of-month 1.
+
+jobs:
+  scan:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Build the Docker image
+        run: docker build . --file Dockerfile --tag localbuild/testimage:latest
+
+      - name: Scan image
+        uses: anchore/scan-action@v3
+        id: scan
+        with:
+          image: "localbuild/testimage:latest"
+          fail-build: false
+          severity-cutoff: critical
+
+      - name: Inspect action SARIF report
+        run: cat ${{ steps.scan.outputs.sarif }}
+
+      - name: Upload Anchore Scan Report
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}

.github/workflows/hadolint.yml

@@ -0,0 +1,39 @@
+name: Hadolint
+
+on: [push]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v3
+
+      - name: Hadolint
+        uses: hadolint/[email protected]
+        with:
+          dockerfile: Dockerfile
+
+      - name: Add comments to Pull Request
+        uses: actions/github-script@v6
+        if: github.event_name == 'pull_request'
+        with:
+          script: |
+            const output = `
+            #### Hadolint: \`${{ steps.hadolint.outcome }}\`
+            \`\`\`
+            ${process.env.HADOLINT_RESULTS}
+            \`\`\`
+            `;
+
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })

.github/workflows/publish.yml

@@ -0,0 +1,97 @@
+name: Publish Docker Image
+
+on:
+  push:
+    branches: [ main ]
+  schedule:
+    - cron: '0 0 1 * *' # At 00:00 on day-of-month 1.
+  workflow_dispatch:
+
+env:
+  DOCKER_CLI_EXPERIMENTAL: enabled
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    timeout-minutes: 120
+
+    strategy:
+      matrix:
+        version: [16, 18, 20, lts]
+
+    permissions:
+      packages: write
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: 'main'
+          fetch-depth: 0
+
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ github.repository_owner }}/node
+#            ghcr.io/${{ github.repository_owner }}/node
+#            public.ecr.aws/${{ github.repository_owner }}/node
+          labels: |
+            org.opencontainers.image.authors=${{ github.repository_owner }}
+          tags: |
+            type=raw,value=${{ matrix.version }}-alpine
+          flavor: |
+            latest=false
+
+      - name: Set up QEMU
+        id: qemu
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          install: true
+          driver-opts: image=moby/buildkit:master
+
+      - name: Login to DockerHub
+        id: login-dockerhub
+        uses: docker/login-action@v3
+        with:
+          logout: false
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      # - name: Login to GitHub Container Registry
+      #   uses: docker/login-action@v3
+      #   with:
+      #     registry: ghcr.io
+      #     # username: ${{ github.repository_owner }}
+      #     username: ${{ github.actor }}
+      #     password: ${{ github.token }}
+
+      # - name: Login to Public ECR
+      #   uses: docker/login-action@v3
+      #   with:
+      #     registry: public.ecr.aws
+      #     username: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }}
+      #     password: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }}
+      #   env:
+      #     AWS_REGION: us-east-1
+
+      - name: Build and push Docker images
+        id: build-and-push
+        uses: docker/build-push-action@v5
+        continue-on-error: true
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          context: .
+          platforms: linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/ppc64le,linux/s390x
+          build-args: NODE_VERSION=${{ matrix.version }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.hadolint.yaml

@@ -0,0 +1,3 @@
+ignored:
+  - DL3013
+  - DL3018

Dockerfile

@@ -0,0 +1,28 @@
+ARG NODE_VERSION=lts
+FROM node:${NODE_VERSION}-alpine
+
+WORKDIR /work
+
+RUN apk --no-cache update && \
+    apk --no-cache add \
+        ca-certificates \
+        python3-dev \
+        python3 \
+        py-pip \
+        docker \
+        groff \
+        less \
+        bash \
+        make \
+        jq \
+        curl \
+        wget \
+        g++ \
+        zip \
+        git \
+        openssh && \
+    pip --no-cache-dir install awscli virtualenv && \
+    update-ca-certificates && \
+    rm -rf /var/cache/apk/*
+
+ENTRYPOINT [ "/bin/sh", "-c" ]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 ZeroConfigIO
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,7 @@
+IMAGE_NAME?=zeroconfigio/node:latest
+
+build:
+	docker build -t $(IMAGE_NAME) .
+
+lint:
+	docker run --rm -i -v $(PWD)/.hadolint.yaml:/root/.config/hadolint.yaml hadolint/hadolint:latest-alpine < Dockerfile

README.md

@@ -0,0 +1,36 @@
+# docker-node (alpine linux)
+
+![Security](https://github.com/ZeroConfigIO/docker-node/workflows/Anchore%20Container%20Scan/badge.svg)
+![Build](https://github.com/ZeroConfigIO/docker-node/workflows/Publish%20Docker%20Image/badge.svg)
+![Lint](https://github.com/ZeroConfigIO/docker-node/workflows/Hadolint/badge.svg)
+
+## Unofficial Docker image for NodeJS (alpine linux) deployments
+
+### Contents
+
+- alpine linux
+- python3
+- nodejs
+- awscli
+
+## Usage
+
+Command:
+
+```bash
+docker run -it --rm zeroconfigio/node:16-alpine "node --version"
+```
+
+Output Example:
+
+```bash
+v16.20.0
+```
+
+## Author
+
+[ZeroConfig.io](https://github.com/ZeroConfigIO)
+
+## License
+
+MIT Licensed. See [LICENSE](https://github.com/ZeroConfigIO/docker-node/blob/master/LICENSE) for full details.