* chore(dockerfile): move to distroless
- remove unnecessary env vars (these are provided via the deployment system)
- uses relative paths if in a working directory
* Amend entrypoint for use with distroless
* Update startup probe & docker compose readiness probe
* chore(Dockerfile): pin images by digest this ensures consistent builds with images pinned by SHA
* introduces a GitHub Action will create a PR to update the images when there is a new version, and will pin to that newer version SHA.
* Bump debian to 12 'bookworm'
* Bump pypi libraries
* except frontend-1, as only debian 11 is currently supported by openresty
* Bump debian packages
* Moves speckle-server, webhook-service, fileimport-service, monitoring-deployment, and test-deployment images to Distroless.
Partially addresses https://github.com/specklesystems/speckle-server/issues/883
* preview-service uses similar image for building and production stages
* explicitly include chromium-common dependency to prevent error in preview service
* Bump chromium packages due to package versions not being found
* Handle machine-id in distroless
- distroless has no shell, so node-machine-id will result in an error
- this commit introduces error handling and defaults to a uuid v4 in the case of an error
* Update binary location for readiness and liveness checks to match the binary location in Distroless
* Allow node binary path to be set as environment variable in fileimport service
* chore(node): upgrades to node 18
Node 16 was out of support (but not security upgrades), so bumping to next stable version.
https://github.com/specklesystems/speckle-server/issues/1187
* Update server liveness and readiness probes for node 18
* Bump web-ifc to 0.0.36
* Apply `--no-experimental-fetch` flag to fileimport-service to prevent issues in web-ifc (via emscripten) with node 18
- perf(server, webhook-service): production images are based on distroless
Reduces image file size by >40% for images which can use distroless base image. As
well as improving boot-up & restart time (via smaller download & load size), Distroless reduces the
attack surface area by removing almost all binaries & packages (e.g. shell, chown) that are not
necessary to run node.
- ensures distroless node images run tini
- removes fonts-dejavu-core and fontconfig from speckle-server
- Remove man and doc files if they exist
- args hoisted to top of Dockerfile and consolidated
- env vars consolidated to prevent additional layers
address https://github.com/specklesystems/speckle-server/issues/883
* Adds hadolint as pre-commit step
* Addresses all hadolint comments
* Use noninteractive apt-get frontend and clean after install
* dockerfile RUN statements are consolidated to prevent additional layers
* installed packages have pinned versions
* build(circleci): use speckle pre-commit runner with built-in hadolint
* Integrate pre-commit with husky bash script for git pre-commit hooks
* catches errors in bash
* if pre-commit is installed, it is run
* if optional additional binaries are installed, further pre-commit steps are run
* Update README with revised developer instructions
* Adds a pre-commit yarn script
* yarn first go
* fix frontend build cache loader
* yarn workspaces built server Docker
* build(yarn): add workspaces plugin config
* chore(package defs): clean package*.json -s
* chore(gitignore): ignore yarn error log
* build(yarn): update yarn lock
* build(preview-service webpack): add extra resolved path to preview service webpack config
because of yarn package hoisting, there are no package level node_modules folder anymore.
* build(docker): update dockerignore with yarn specific configs
* build(docker): update Dockerfiles for yarn workspaces utilization
* ci(circleci): update server test job to yarn
* ci(circle): disable cache restore
* ci(circleci): trying the node orb yarn-run
* ci(circleci): yarn-run again
* ci(circleci): disable node orb
* ci(circleci): change base node image for tests
* ci(circleci): add yarn cache
* ci(circleci): remove node install step
* ci(circleci): add server specific cache archives
* ci(circleci): test build and publish
* ci(circleci): change npm auth method to suit yarn
* ci(circleci): trying new builder image
* ci(circleci): another base image, maybe this works
* ci(circleci): force a specific docker engine version
* ci(circleci): add yarn version plugin and its changes
* ci(circleci): cleanup and remove temp branch config
* chore(package defs): moving from npm run to yarn
* explicitly specifying webpack4 as a frontend dep
* chore(package defs): replace npm with yarn everywhere
* docs(root readme): update with some yarn specific docs
* chore(root workspace): update dev scripts and package lock
* ci(circleci): enable package publish step with yarn
Co-authored-by: Fabians <fabis94@live.com>
Iain Sproat