From 4f4c76d6979a090822c9c556e6f56512cd81e865 Mon Sep 17 00:00:00 2001
From: Mariusz Sabath <mrsabath@gmail.com>
Date: Thu, 21 Sep 2023 15:34:47 -0400
Subject: [PATCH] Introduce Docker files for running Tornjak on Openshift
 (#304)

* UBI migration for frontend

Signed-off-by: Andrew Block <andy.block@gmail.com>

* Updated backend for UBI based container

Signed-off-by: Andrew Block <andy.block@gmail.com>

* Updated permissions on frontend container

Signed-off-by: Andrew Block <andy.block@gmail.com>

---------

Signed-off-by: Andrew Block <andy.block@gmail.com>
Co-authored-by: Andrew Block <andy.block@gmail.com>
---
 Dockerfile.backend-container.ubi  | 19 +++++++++++++++
 Dockerfile.frontend-container.ubi | 40 +++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 Dockerfile.backend-container.ubi
 create mode 100644 Dockerfile.frontend-container.ubi

diff --git a/Dockerfile.backend-container.ubi b/Dockerfile.backend-container.ubi
new file mode 100644
index 00000000..b99672d1
--- /dev/null
+++ b/Dockerfile.backend-container.ubi
@@ -0,0 +1,19 @@
+FROM registry.access.redhat.com/ubi8-micro:latest
+RUN mkdir -p /opt/spire
+
+WORKDIR /opt/spire
+ENTRYPOINT ["/opt/spire/run_backend.sh"]
+
+# Add init
+COPY run_backend.sh run_backend.sh
+COPY bin/tornjak-backend tornjak-backend
+
+# add a version link to the image description
+ARG version
+ARG github_sha
+LABEL org.opencontainers.image.description="Tornjak backend ($version): https://github.com/spiffe/tornjak/releases/tag/$version" \
+      org.opencontainers.image.source="https://github.com/spiffe/tornjak" \
+      org.opencontainers.image.documentation="https://github.com/spiffe/tornjak/tree/main/docs" 
+# create env. variables with the build details
+ENV VERSION=$version
+ENV GITHUB_SHA=$github_sha
diff --git a/Dockerfile.frontend-container.ubi b/Dockerfile.frontend-container.ubi
new file mode 100644
index 00000000..523ae9f3
--- /dev/null
+++ b/Dockerfile.frontend-container.ubi
@@ -0,0 +1,40 @@
+## Build stage
+FROM registry.access.redhat.com/ubi8/nodejs-18:latest AS build
+WORKDIR /opt/app-root/src
+COPY --chown=1001:0 tornjak-frontend .
+RUN npm install && \
+    npm run build
+
+## Runtime stage
+FROM registry.access.redhat.com/ubi8/nodejs-18-minimal:latest AS runtime
+WORKDIR /opt/app-root/src
+COPY --from=build --chown=1001:0 /opt/app-root/src/build ./build
+COPY --from=build --chown=1001:0 /opt/app-root/src/.env.prod .
+
+# Install serve package and react-inject-env
+RUN npm install -g npm@9.7.1 && \
+    npm install --location=global serve && \
+    npm install react-inject-env
+
+# Update permissions after build
+USER 0
+RUN chmod -R g+rw  /opt/app-root/src
+USER 1001
+
+    
+# Set dynamic port, defualt 3000
+ENV PORT_FE=3000
+EXPOSE $PORT_FE
+
+# moving env.js to fix "access denied" error when running in restricted (read-only) env
+ENTRYPOINT npx react-inject-env set -n tmp/env.js && serve -s build -p $PORT_FE
+
+# add a version link to the image description
+ARG version
+ARG github_sha
+LABEL org.opencontainers.image.description="Tornjak frontend ($version): https://github.com/spiffe/tornjak/releases/tag/$version" \
+      org.opencontainers.image.source="https://github.com/spiffe/tornjak" \
+      org.opencontainers.image.documentation="https://github.com/spiffe/tornjak/tree/main/docs" 
+# create env. variables with the build details
+ENV VERSION=$version
+ENV GITHUB_SHA=$github_sha