From 2b37a0133ac7d70e38c20da840e26c1ddf04b993 Mon Sep 17 00:00:00 2001 From: Pau Rosello Date: Wed, 26 Jun 2019 11:35:02 +0200 Subject: [PATCH] Non root user and fwatchdow standarization AlpineFunction additional Dockerfiles Fix Coffe, node nonroot user and change workdir DnCore nonroot and updated to 2.1, new README Fix golang user and watchdog Java user and watchdog fix Watchdog and user for node image Fix python user and watchdog Fix R username and watchdog Captainsintent user and fwatchdog ChangeColorIntent change username, fwatchdog and directory CHelloWorld remove tmp, disabled lock, fwatchdog and user DockerHubStats user, fwatchdog and dependencies Change figlet to use base alpine image Improve figlet ARM Set base image GIF-Maker MarkDownRender change base image NodeInfo change base image PhantomJS user and fwatchdog Resize Image SentimentAnalysis user and watchdog WebhookStach change root image Replace user faas with app Upgrade alpine to latest version Revert vendor folders Upgrade alpine:3.9 --- sample-functions/AlpineFunction/Dockerfile | 5 +++- .../AlpineFunction/Dockerfile.arm64 | 5 +++- .../AlpineFunction/Dockerfile.armhf | 5 +++- sample-functions/BaseFunctions/R/Dockerfile | 13 +++++++---- .../BaseFunctions/coffee/Dockerfile | 11 +++++---- .../BaseFunctions/dncore/Dockerfile | 19 ++++++++------- .../BaseFunctions/dncore/README.md | 9 ++++++++ .../BaseFunctions/dncore/src/root.csproj | 2 +- .../BaseFunctions/golang/Dockerfile | 12 ++++++---- .../BaseFunctions/java/Dockerfile | 12 ++++++---- .../BaseFunctions/node/Dockerfile | 12 ++++++---- .../BaseFunctions/python/Dockerfile | 12 ++++++---- sample-functions/CHelloWorld/src/Dockerfile | 22 ++++++++++-------- sample-functions/CaptainsIntent/Dockerfile | 14 +++++++---- sample-functions/ChangeColorIntent/Dockerfile | 14 +++++++---- sample-functions/DockerHubStats/Dockerfile | 18 +++++++-------- .../DockerHubStats/Dockerfile.armhf | 2 +- sample-functions/HostnameIntent/Dockerfile | 6 +---- sample-functions/MarkdownRender/Dockerfile | 7 +----- sample-functions/NodeInfo/Dockerfile | 7 +----- sample-functions/NodeInfo/Dockerfile.arm64 | 9 ++------ sample-functions/NodeInfo/Dockerfile.armhf | 9 ++------ sample-functions/Phantomjs/Dockerfile | 11 +++++---- sample-functions/ResizeImageMagick/Dockerfile | 10 +++++--- .../ResizeImageMagick/Dockerfile.armhf | 14 +++++++---- sample-functions/SentimentAnalysis/Dockerfile | 12 +++++----- .../SentimentAnalysis/Dockerfile.armhf | 23 +++++++++++++------ sample-functions/WebhookStash/Dockerfile | 7 +----- sample-functions/figlet/Dockerfile | 11 ++------- sample-functions/figlet/Dockerfile.armhf | 11 ++------- sample-functions/gif-maker/Dockerfile | 7 ++---- 31 files changed, 181 insertions(+), 150 deletions(-) create mode 100644 sample-functions/BaseFunctions/dncore/README.md diff --git a/sample-functions/AlpineFunction/Dockerfile b/sample-functions/AlpineFunction/Dockerfile index 3fe5c814..36e52305 100644 --- a/sample-functions/AlpineFunction/Dockerfile +++ b/sample-functions/AlpineFunction/Dockerfile @@ -1,6 +1,6 @@ FROM openfaas/classic-watchdog:0.14.4 as watchdog -FROM alpine:3.9 +FROM alpine:3.10 COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog RUN chmod +x /usr/bin/fwatchdog @@ -8,5 +8,8 @@ RUN chmod +x /usr/bin/fwatchdog # Populate example here # ENV fprocess="wc -l" +RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app +USER 1000 + HEALTHCHECK --interval=5s CMD [ -e /tmp/.lock ] || exit 1 CMD ["fwatchdog"] diff --git a/sample-functions/AlpineFunction/Dockerfile.arm64 b/sample-functions/AlpineFunction/Dockerfile.arm64 index 3fe5c814..36e52305 100644 --- a/sample-functions/AlpineFunction/Dockerfile.arm64 +++ b/sample-functions/AlpineFunction/Dockerfile.arm64 @@ -1,6 +1,6 @@ FROM openfaas/classic-watchdog:0.14.4 as watchdog -FROM alpine:3.9 +FROM alpine:3.10 COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog RUN chmod +x /usr/bin/fwatchdog @@ -8,5 +8,8 @@ RUN chmod +x /usr/bin/fwatchdog # Populate example here # ENV fprocess="wc -l" +RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app +USER 1000 + HEALTHCHECK --interval=5s CMD [ -e /tmp/.lock ] || exit 1 CMD ["fwatchdog"] diff --git a/sample-functions/AlpineFunction/Dockerfile.armhf b/sample-functions/AlpineFunction/Dockerfile.armhf index 3fe5c814..36e52305 100644 --- a/sample-functions/AlpineFunction/Dockerfile.armhf +++ b/sample-functions/AlpineFunction/Dockerfile.armhf @@ -1,6 +1,6 @@ FROM openfaas/classic-watchdog:0.14.4 as watchdog -FROM alpine:3.9 +FROM alpine:3.10 COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog RUN chmod +x /usr/bin/fwatchdog @@ -8,5 +8,8 @@ RUN chmod +x /usr/bin/fwatchdog # Populate example here # ENV fprocess="wc -l" +RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app +USER 1000 + HEALTHCHECK --interval=5s CMD [ -e /tmp/.lock ] || exit 1 CMD ["fwatchdog"] diff --git a/sample-functions/BaseFunctions/R/Dockerfile b/sample-functions/BaseFunctions/R/Dockerfile index 9342534c..5426708b 100644 --- a/sample-functions/BaseFunctions/R/Dockerfile +++ b/sample-functions/BaseFunctions/R/Dockerfile @@ -1,16 +1,19 @@ +FROM openfaas/classic-watchdog:0.14.4 as watchdog + FROM artemklevtsov/r-alpine:latest -RUN apk --no-cache add curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog -WORKDIR /root/ +WORKDIR /application/ COPY handler.R . ENV fprocess="Rscript handler.R" +RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app +USER 1000 + HEALTHCHECK --interval=1s CMD [ -e /tmp/.lock ] || exit 1 CMD ["fwatchdog"] - diff --git a/sample-functions/BaseFunctions/coffee/Dockerfile b/sample-functions/BaseFunctions/coffee/Dockerfile index 718487b4..a5bd6359 100644 --- a/sample-functions/BaseFunctions/coffee/Dockerfile +++ b/sample-functions/BaseFunctions/coffee/Dockerfile @@ -1,10 +1,11 @@ +FROM openfaas/classic-watchdog:0.14.4 as watchdog + FROM node:6.9.1-alpine -RUN apk --no-cache add curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog -WORKDIR /root/ +WORKDIR /application/ COPY package.json . @@ -17,4 +18,6 @@ ENV fprocess="coffee handler.coffee" HEALTHCHECK --interval=1s CMD [ -e /tmp/.lock ] || exit 1 +USER 1000 + CMD ["fwatchdog"] diff --git a/sample-functions/BaseFunctions/dncore/Dockerfile b/sample-functions/BaseFunctions/dncore/Dockerfile index 033f81d2..5bae8a9b 100644 --- a/sample-functions/BaseFunctions/dncore/Dockerfile +++ b/sample-functions/BaseFunctions/dncore/Dockerfile @@ -1,18 +1,21 @@ -FROM microsoft/dotnet:sdk +FROM openfaas/classic-watchdog:0.14.4 as watchdog -RUN apt-get update && apt-get install -y curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +FROM mcr.microsoft.com/dotnet/core/sdk:2.1 as build + +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog ENV DOTNET_CLI_TELEMETRY_OPTOUT 1 -WORKDIR /root/ +WORKDIR /application/ COPY src src -WORKDIR /root/src +WORKDIR /application/src RUN dotnet restore RUN dotnet build -ENV fprocess="dotnet ./bin/Debug/netcoreapp1.1/root.dll" +FROM build as runner +RUN groupadd -g 1000 -r faas && useradd -r -g faas -u 1000 faas -m +USER 1000 +ENV fprocess="dotnet ./bin/Debug/netcoreapp2.1/root.dll" EXPOSE 8080 CMD ["fwatchdog"] diff --git a/sample-functions/BaseFunctions/dncore/README.md b/sample-functions/BaseFunctions/dncore/README.md new file mode 100644 index 00000000..c19a7219 --- /dev/null +++ b/sample-functions/BaseFunctions/dncore/README.md @@ -0,0 +1,9 @@ +# DnCore Example +DotNet seems to have an issue where the following message can bee seen on STDOUT: +``` +realpath(): Permission denied +realpath(): Permission denied +realpath(): Permission denied +``` + +This messages can be ignored and the issue can be followed at: https://github.com/dotnet/core-setup/issues/4038 \ No newline at end of file diff --git a/sample-functions/BaseFunctions/dncore/src/root.csproj b/sample-functions/BaseFunctions/dncore/src/root.csproj index abb9969a..23df6047 100755 --- a/sample-functions/BaseFunctions/dncore/src/root.csproj +++ b/sample-functions/BaseFunctions/dncore/src/root.csproj @@ -2,7 +2,7 @@ Exe - netcoreapp1.1 + netcoreapp2.1 diff --git a/sample-functions/BaseFunctions/golang/Dockerfile b/sample-functions/BaseFunctions/golang/Dockerfile index c424a421..18f9c603 100644 --- a/sample-functions/BaseFunctions/golang/Dockerfile +++ b/sample-functions/BaseFunctions/golang/Dockerfile @@ -1,3 +1,5 @@ +FROM openfaas/classic-watchdog:0.14.4 as watchdog + FROM golang:1.9.7-alpine MAINTAINER alexellis2@gmail.com @@ -8,11 +10,13 @@ COPY . /go/src/github.com/openfaas/faas/sample-functions/golang RUN go install -RUN apk --no-cache add curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog ENV fprocess "/go/bin/golang" HEALTHCHECK --interval=1s CMD [ -e /tmp/.lock ] || exit 1 -CMD [ "/usr/bin/fwatchdog"] +RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app +USER 1000 + +CMD [ "fwatchdog"] diff --git a/sample-functions/BaseFunctions/java/Dockerfile b/sample-functions/BaseFunctions/java/Dockerfile index cd2d80d9..1848a1ec 100644 --- a/sample-functions/BaseFunctions/java/Dockerfile +++ b/sample-functions/BaseFunctions/java/Dockerfile @@ -1,16 +1,20 @@ +FROM openfaas/classic-watchdog:0.14.4 as watchdog + FROM openjdk:8u121-jdk-alpine -RUN apk --no-cache add curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog -WORKDIR /root/ +WORKDIR /application/ COPY Handler.java . RUN javac Handler.java ENV fprocess="java Handler" +RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app +USER 1000 + HEALTHCHECK --interval=1s CMD [ -e /tmp/.lock ] || exit 1 CMD ["fwatchdog"] diff --git a/sample-functions/BaseFunctions/node/Dockerfile b/sample-functions/BaseFunctions/node/Dockerfile index 503434c9..784e5e0c 100644 --- a/sample-functions/BaseFunctions/node/Dockerfile +++ b/sample-functions/BaseFunctions/node/Dockerfile @@ -1,15 +1,19 @@ +FROM openfaas/classic-watchdog:0.14.4 as watchdog + FROM node:6.9.1-alpine -RUN apk --no-cache add curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog -WORKDIR /root/ +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog + +WORKDIR /application/ COPY package.json . RUN npm i COPY handler.js . +USER 1000 + ENV fprocess="node handler.js" HEALTHCHECK --interval=1s CMD [ -e /tmp/.lock ] || exit 1 diff --git a/sample-functions/BaseFunctions/python/Dockerfile b/sample-functions/BaseFunctions/python/Dockerfile index 8434c378..d78c4812 100644 --- a/sample-functions/BaseFunctions/python/Dockerfile +++ b/sample-functions/BaseFunctions/python/Dockerfile @@ -1,15 +1,19 @@ +FROM openfaas/classic-watchdog:0.14.4 as watchdog + FROM python:2.7-alpine -RUN apk --no-cache add curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog -WORKDIR /root/ +WORKDIR /application/ COPY handler.py . ENV fprocess="python handler.py" +RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app +USER 1000 + HEALTHCHECK --interval=1s CMD [ -e /tmp/.lock ] || exit 1 CMD ["fwatchdog"] diff --git a/sample-functions/CHelloWorld/src/Dockerfile b/sample-functions/CHelloWorld/src/Dockerfile index 7abe35be..5dd05668 100644 --- a/sample-functions/CHelloWorld/src/Dockerfile +++ b/sample-functions/CHelloWorld/src/Dockerfile @@ -1,10 +1,12 @@ -FROM alpine:3.8 as builder -RUN apk add --no-cache curl \ - && curl -SL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog \ - && apk --no-cache del curl +FROM openfaas/classic-watchdog:0.14.4 as watchdog -WORKDIR /root/ +FROM alpine:3.10 as builder +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog + +WORKDIR /application/ + +RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app RUN apk add --no-cache gcc \ musl-dev @@ -18,11 +20,13 @@ FROM scratch COPY --from=builder /main / COPY --from=builder /usr/bin/fwatchdog / -COPY --from=builder /tmp /tmp ENV fprocess="/main" +ENV suppress_lock=true -HEALTHCHECK --interval=5s CMD [ -e /tmp/.lock ] || exit 1 +COPY --from=builder /etc/passwd /etc/passwd -CMD ["/fwatchdog"] +USER 1000 + +CMD ["fwatchdog"] diff --git a/sample-functions/CaptainsIntent/Dockerfile b/sample-functions/CaptainsIntent/Dockerfile index 6ebf7186..a7921c9a 100644 --- a/sample-functions/CaptainsIntent/Dockerfile +++ b/sample-functions/CaptainsIntent/Dockerfile @@ -1,9 +1,12 @@ -FROM alpine:3.8 +FROM openfaas/classic-watchdog:0.14.4 as watchdog + +FROM alpine:3.10 RUN apk --update add nodejs nodejs-npm -RUN apk --no-cache add curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog + +WORKDIR /application/ COPY package.json . COPY handler.js . @@ -12,4 +15,7 @@ COPY sample.json . RUN npm i ENV fprocess="node handler.js" + +USER 1000 + CMD ["fwatchdog"] diff --git a/sample-functions/ChangeColorIntent/Dockerfile b/sample-functions/ChangeColorIntent/Dockerfile index 1a9c4f4a..a3369537 100644 --- a/sample-functions/ChangeColorIntent/Dockerfile +++ b/sample-functions/ChangeColorIntent/Dockerfile @@ -1,9 +1,12 @@ -FROM alpine:3.8 +FROM openfaas/classic-watchdog:0.14.4 as watchdog + +FROM alpine:3.10 RUN apk --update add nodejs nodejs-npm -RUN apk --no-cache add curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog + +WORKDIR /application/ COPY package.json . RUN npm i @@ -11,6 +14,7 @@ COPY handler.js . COPY sendColor.js . COPY sample_response.json . +USER 1000 ENV fprocess="node handler.js" -CMD ["fwatchdog"] +CMD ["fwatchdog"] \ No newline at end of file diff --git a/sample-functions/DockerHubStats/Dockerfile b/sample-functions/DockerHubStats/Dockerfile index 70e60596..34f4ff13 100644 --- a/sample-functions/DockerHubStats/Dockerfile +++ b/sample-functions/DockerHubStats/Dockerfile @@ -1,26 +1,26 @@ +FROM openfaas/classic-watchdog:0.14.4 as watchdog + FROM golang:1.9.7-alpine as builder MAINTAINER alex@openfaas.com ENTRYPOINT [] -RUN apk --no-cache add make curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog - WORKDIR /go/src/github.com/openfaas/faas/sample-functions/DockerHubStats - COPY . /go/src/github.com/openfaas/faas/sample-functions/DockerHubStats +RUN set -ex && apk add make && make install -RUN make install - -FROM alpine:3.8 +FROM alpine:3.10 # Needed to reach the hub RUN apk --no-cache add ca-certificates -COPY --from=builder /usr/bin/fwatchdog /usr/bin/fwatchdog +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog COPY --from=builder /go/bin/DockerHubStats /usr/bin/DockerHubStats ENV fprocess "/usr/bin/DockerHubStats" +RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app +USER 1000 + HEALTHCHECK --interval=5s CMD [ -e /tmp/.lock ] || exit 1 CMD ["/usr/bin/fwatchdog"] diff --git a/sample-functions/DockerHubStats/Dockerfile.armhf b/sample-functions/DockerHubStats/Dockerfile.armhf index 0b1c39d3..3dc66a84 100644 --- a/sample-functions/DockerHubStats/Dockerfile.armhf +++ b/sample-functions/DockerHubStats/Dockerfile.armhf @@ -13,7 +13,7 @@ COPY . /go/src/github.com/openfaas/faas/sample-functions/DockerHubStats RUN make install -FROM alpine:3.8 +FROM alpine:3.10 # Needed to reach the hub RUN apk --no-cache add ca-certificates diff --git a/sample-functions/HostnameIntent/Dockerfile b/sample-functions/HostnameIntent/Dockerfile index ae57fb34..1159d8fc 100644 --- a/sample-functions/HostnameIntent/Dockerfile +++ b/sample-functions/HostnameIntent/Dockerfile @@ -1,10 +1,6 @@ -FROM alpine:3.8 +FROM functions/alpine:latest RUN apk --update add nodejs nodejs-npm -RUN apk --no-cache add curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog - COPY package.json . COPY handler.js . COPY sample.json . diff --git a/sample-functions/MarkdownRender/Dockerfile b/sample-functions/MarkdownRender/Dockerfile index 99fc5390..39d428e9 100644 --- a/sample-functions/MarkdownRender/Dockerfile +++ b/sample-functions/MarkdownRender/Dockerfile @@ -3,10 +3,6 @@ FROM golang:1.9.7-alpine as builder MAINTAINER alex@openfaas.com ENTRYPOINT [] -RUN apk --no-cache add make curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog - WORKDIR /go/src/github.com/openfaas/faas/sample-functions/MarkdownRender COPY handler.go . @@ -14,12 +10,11 @@ COPY vendor vendor RUN go install -FROM alpine:3.8 +FROM functions/alpine:latest # Needed to reach the hub RUN apk --no-cache add ca-certificates -COPY --from=builder /usr/bin/fwatchdog /usr/bin/fwatchdog COPY --from=builder /go/bin/MarkdownRender /usr/bin/MarkdownRender ENV fprocess "/usr/bin/MarkdownRender" diff --git a/sample-functions/NodeInfo/Dockerfile b/sample-functions/NodeInfo/Dockerfile index 59181014..92107b55 100644 --- a/sample-functions/NodeInfo/Dockerfile +++ b/sample-functions/NodeInfo/Dockerfile @@ -1,9 +1,4 @@ -FROM openfaas/classic-watchdog:0.14.4 as watchdog - -FROM alpine:3.9 - -COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog -RUN chmod +x /usr/bin/fwatchdog +FROM functions/alpine:latest RUN apk --update add nodejs nodejs-npm diff --git a/sample-functions/NodeInfo/Dockerfile.arm64 b/sample-functions/NodeInfo/Dockerfile.arm64 index 59181014..5579e5db 100644 --- a/sample-functions/NodeInfo/Dockerfile.arm64 +++ b/sample-functions/NodeInfo/Dockerfile.arm64 @@ -1,9 +1,4 @@ -FROM openfaas/classic-watchdog:0.14.4 as watchdog - -FROM alpine:3.9 - -COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog -RUN chmod +x /usr/bin/fwatchdog +FROM functions/alpine:latest RUN apk --update add nodejs nodejs-npm @@ -13,4 +8,4 @@ COPY main.js . RUN npm i ENV fprocess="node main.js" -CMD ["fwatchdog"] +CMD ["fwatchdog"] \ No newline at end of file diff --git a/sample-functions/NodeInfo/Dockerfile.armhf b/sample-functions/NodeInfo/Dockerfile.armhf index 59181014..5579e5db 100644 --- a/sample-functions/NodeInfo/Dockerfile.armhf +++ b/sample-functions/NodeInfo/Dockerfile.armhf @@ -1,9 +1,4 @@ -FROM openfaas/classic-watchdog:0.14.4 as watchdog - -FROM alpine:3.9 - -COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog -RUN chmod +x /usr/bin/fwatchdog +FROM functions/alpine:latest RUN apk --update add nodejs nodejs-npm @@ -13,4 +8,4 @@ COPY main.js . RUN npm i ENV fprocess="node main.js" -CMD ["fwatchdog"] +CMD ["fwatchdog"] \ No newline at end of file diff --git a/sample-functions/Phantomjs/Dockerfile b/sample-functions/Phantomjs/Dockerfile index 7ce68f71..5db2bb83 100644 --- a/sample-functions/Phantomjs/Dockerfile +++ b/sample-functions/Phantomjs/Dockerfile @@ -1,11 +1,14 @@ +FROM openfaas/classic-watchdog:0.14.4 as watchdog + FROM alexellis2/phantomjs-docker:latest -RUN apt-get update && apt-get install -y curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog ENV fprocess="phantomjs /dev/stdin" +RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app +USER 1000 + HEALTHCHECK --interval=5s CMD [ -e /tmp/.lock ] || exit 1 CMD ["fwatchdog"] diff --git a/sample-functions/ResizeImageMagick/Dockerfile b/sample-functions/ResizeImageMagick/Dockerfile index f4e7ac6a..8cf55510 100644 --- a/sample-functions/ResizeImageMagick/Dockerfile +++ b/sample-functions/ResizeImageMagick/Dockerfile @@ -1,11 +1,15 @@ +FROM openfaas/classic-watchdog:0.14.4 as watchdog + FROM v4tech/imagemagick -RUN apk --no-cache add curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog ENV fprocess "convert - -resize 50% fd:1" +RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app +USER 1000 + EXPOSE 8080 CMD [ "/usr/bin/fwatchdog"] diff --git a/sample-functions/ResizeImageMagick/Dockerfile.armhf b/sample-functions/ResizeImageMagick/Dockerfile.armhf index 691f4736..a2139fcc 100644 --- a/sample-functions/ResizeImageMagick/Dockerfile.armhf +++ b/sample-functions/ResizeImageMagick/Dockerfile.armhf @@ -1,14 +1,18 @@ -FROM arm32v6/alpine:3.8 +FROM openfaas/classic-watchdog:0.14.4 as watchdog + +FROM arm32v6/alpine:3.10 RUN apk --no-cache add imagemagick -RUN apk --no-cache add curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog-armhf > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog ENV fprocess "convert - -resize 50% fd:1" +RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app +USER 1000 + EXPOSE 8080 HEALTHCHECK --interval=1s CMD [ -e /tmp/.lock ] || exit 1 -CMD [ "/usr/bin/fwatchdog"] +CMD [ "/usr/bin/fwatchdog"] \ No newline at end of file diff --git a/sample-functions/SentimentAnalysis/Dockerfile b/sample-functions/SentimentAnalysis/Dockerfile index 78272940..416a4852 100644 --- a/sample-functions/SentimentAnalysis/Dockerfile +++ b/sample-functions/SentimentAnalysis/Dockerfile @@ -1,18 +1,18 @@ +FROM openfaas/classic-watchdog:0.14.4 as watchdog + FROM python:2.7-alpine RUN pip install textblob && \ python -m textblob.download_corpora -RUN apk --no-cache add curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog -RUN addgroup -S app \ - && adduser -S -g app app +RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app +USER 1000 WORKDIR /home/app -USER app COPY requirements.txt . RUN pip install -r requirements.txt diff --git a/sample-functions/SentimentAnalysis/Dockerfile.armhf b/sample-functions/SentimentAnalysis/Dockerfile.armhf index b74ee78d..87dd02b1 100644 --- a/sample-functions/SentimentAnalysis/Dockerfile.armhf +++ b/sample-functions/SentimentAnalysis/Dockerfile.armhf @@ -1,19 +1,28 @@ +FROM openfaas/classic-watchdog:0.14.4 as watchdog + FROM arm32v7/python:2.7-slim RUN pip install textblob && \ python -m textblob.download_corpora -RUN apt-get update && apt-get install -y curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog-armhf > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog +RUN chmod +x /usr/bin/fwatchdog -WORKDIR /root/ +RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app +USER 1000 + +WORKDIR /home/app + +COPY requirements.txt . +RUN pip install -r requirements.txt + +RUN python -m textblob.download_corpora COPY handler.py . - ENV fprocess="python handler.py" -HEALTHCHECK --interval=1s CMD [ -e /tmp/.lock ] || exit 1 +HEALTHCHECK --interval=3s CMD [ -e /tmp/.lock ] || exit 1 CMD ["fwatchdog"] + + diff --git a/sample-functions/WebhookStash/Dockerfile b/sample-functions/WebhookStash/Dockerfile index d8d11154..9270e267 100644 --- a/sample-functions/WebhookStash/Dockerfile +++ b/sample-functions/WebhookStash/Dockerfile @@ -3,10 +3,6 @@ FROM golang:1.9.7-alpine as builder MAINTAINER alex@openfaas.com ENTRYPOINT [] -RUN apk --no-cache add make curl \ - && curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog - WORKDIR /go/src/github.com/openfaas/faas/sample-functions/WebhookStash COPY handler.go . @@ -14,12 +10,11 @@ COPY handler.go . RUN go install -FROM alpine:3.8 +FROM functions/alpine:latest # Needed to reach the hub RUN apk --no-cache add ca-certificates -COPY --from=builder /usr/bin/fwatchdog /usr/bin/fwatchdog COPY --from=builder /go/bin/WebhookStash /usr/bin/WebhookStash ENV fprocess "/usr/bin/WebhookStash" diff --git a/sample-functions/figlet/Dockerfile b/sample-functions/figlet/Dockerfile index 90879d91..f1bda965 100644 --- a/sample-functions/figlet/Dockerfile +++ b/sample-functions/figlet/Dockerfile @@ -1,15 +1,8 @@ -FROM openfaas/classic-watchdog:0.14.4 as watchdog - -FROM alpine:3.9 - -COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog -RUN chmod +x /usr/bin/fwatchdog +FROM functions/alpine:latest RUN apk add --no-cache figlet -# Populate example here ENV fprocess="figlet" HEALTHCHECK --interval=5s CMD [ -e /tmp/.lock ] || exit 1 -CMD ["fwatchdog"] - +CMD ["fwatchdog"] \ No newline at end of file diff --git a/sample-functions/figlet/Dockerfile.armhf b/sample-functions/figlet/Dockerfile.armhf index 90879d91..f1bda965 100644 --- a/sample-functions/figlet/Dockerfile.armhf +++ b/sample-functions/figlet/Dockerfile.armhf @@ -1,15 +1,8 @@ -FROM openfaas/classic-watchdog:0.14.4 as watchdog - -FROM alpine:3.9 - -COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog -RUN chmod +x /usr/bin/fwatchdog +FROM functions/alpine:latest RUN apk add --no-cache figlet -# Populate example here ENV fprocess="figlet" HEALTHCHECK --interval=5s CMD [ -e /tmp/.lock ] || exit 1 -CMD ["fwatchdog"] - +CMD ["fwatchdog"] \ No newline at end of file diff --git a/sample-functions/gif-maker/Dockerfile b/sample-functions/gif-maker/Dockerfile index 5dbf6089..d5b8d4c9 100644 --- a/sample-functions/gif-maker/Dockerfile +++ b/sample-functions/gif-maker/Dockerfile @@ -1,9 +1,6 @@ -FROM alpine:3.8 +FROM functions/alpine:latest -RUN apk --no-cache add ffmpeg gifsicle curl \ - && curl -LS https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ - && chmod +x /usr/bin/fwatchdog \ - && apk del curl +RUN apk add ffmpeg gifsicle WORKDIR /root/ COPY entry.sh . ENV fprocess="./entry.sh"