22# https://github.com/nodejs/Release (looking for "LTS")
33FROM node:18-alpine3.19
44
5- # grab su-exec for easy step-down from root
6- RUN apk add --no-cache 'su-exec>=0.2'
7-
85RUN apk add --no-cache \
96# add "bash" for "[["
107 bash
118
9+ # grab gosu for easy step-down from root
10+ # https://github.com/tianon/gosu/releases
11+ ENV GOSU_VERSION 1.17
12+ RUN set -eux; \
13+ \
14+ apk add --no-cache --virtual .gosu-deps \
15+ ca-certificates \
16+ dpkg \
17+ gnupg \
18+ ; \
19+ \
20+ dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" ; \
21+ wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" ; \
22+ wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" ; \
23+ \
24+ # verify the signature
25+ export GNUPGHOME="$(mktemp -d)" ; \
26+ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
27+ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
28+ gpgconf --kill all; \
29+ rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
30+ \
31+ # clean up fetch dependencies
32+ apk del --no-network .gosu-deps; \
33+ \
34+ chmod +x /usr/local/bin/gosu; \
35+ # verify that the binary works
36+ gosu --version; \
37+ gosu nobody true
38+ RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (TODO remove in Ghost 6+)
39+
1240ENV NODE_ENV production
1341
1442ENV GHOST_CLI_VERSION 1.26.0
@@ -27,7 +55,7 @@ RUN set -eux; \
2755 \
2856 apkDel=; \
2957 \
30- installCmd='su-exec node ghost install "$GHOST_VERSION" --db mysql --dbhost mysql --no-prompt --no-stack --no-setup --dir "$GHOST_INSTALL"' ; \
58+ installCmd='gosu node ghost install "$GHOST_VERSION" --db mysql --dbhost mysql --no-prompt --no-stack --no-setup --dir "$GHOST_INSTALL"' ; \
3159 if ! eval "$installCmd" ; then \
3260 virtual='.build-deps-ghost' ; \
3361 apkDel="$apkDel $virtual" ; \
@@ -37,11 +65,11 @@ RUN set -eux; \
3765 \
3866# Tell Ghost to listen on all ips and not prompt for additional configuration
3967 cd "$GHOST_INSTALL" ; \
40- su-exec node ghost config --no-prompt --ip '::' --port 2368 --url 'http://localhost:2368' ; \
41- su-exec node ghost config paths.contentPath "$GHOST_CONTENT" ; \
68+ gosu node ghost config --no-prompt --ip '::' --port 2368 --url 'http://localhost:2368' ; \
69+ gosu node ghost config paths.contentPath "$GHOST_CONTENT" ; \
4270 \
4371# make a config.json symlink for NODE_ENV=development (and sanity check that it's correct)
44- su-exec node ln -s config.production.json "$GHOST_INSTALL/config.development.json" ; \
72+ gosu node ln -s config.production.json "$GHOST_INSTALL/config.development.json" ; \
4573 readlink -f "$GHOST_INSTALL/config.development.json" ; \
4674 \
4775# need to save initial content for pre-seeding empty volumes
@@ -65,7 +93,7 @@ RUN set -eux; \
6593 ')" ; \
6694 if echo "$packages" | grep 'undefined' ; then exit 1; fi; \
6795 for package in $packages; do \
68- installCmd='su-exec node yarn add "$package" --force' ; \
96+ installCmd='gosu node yarn add "$package" --force' ; \
6997 if ! eval "$installCmd" ; then \
7098# must be some non-amd64 architecture pre-built binaries aren't published for, so let's install some build deps and do-it-all-over-again
7199 virtualPackages='g++ make python3' ; \
@@ -85,8 +113,8 @@ RUN set -eux; \
85113 apk del --no-network $apkDel; \
86114 fi; \
87115 \
88- su-exec node yarn cache clean; \
89- su-exec node npm cache clean --force; \
116+ gosu node yarn cache clean; \
117+ gosu node npm cache clean --force; \
90118 npm cache clean --force; \
91119 rm -rv /tmp/yarn* /tmp/v8*
92120
0 commit comments