From 19f517a946cda269810d75e9f9c01cefe5b8490d Mon Sep 17 00:00:00 2001 From: omaroughriss Date: Tue, 1 Jul 2025 16:29:06 +0200 Subject: [PATCH] Update --- .github/workflows/cicd.yml | 9 +++++++-- Dockerfile | 39 +++++++++++++++++--------------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index bb55c40e..61ad0e81 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -15,6 +15,11 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + - name: Set up SSH agent + uses: webfactory/ssh-agent@v0.8.1 + with: + ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -30,9 +35,9 @@ jobs: with: context: . push: true + ssh: default build-args: | - SSH_PRIVATE_KEY=${{ secrets.SSH_PRIVATE_KEY }} ENV_VARS=${{ secrets.ENV_VARS }} tags: | ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ gitea.sha }} \ No newline at end of file + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ gitea.sha }} \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 880169bc..c2a5373a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,33 +1,28 @@ -# Install dependencies only when needed +# syntax=docker/dockerfile:1.4 FROM node:19-alpine AS deps - -WORKDIR leCoffre-front +WORKDIR /leCoffre-front COPY package.json ./ ARG ENV_VARS RUN echo "${ENV_VARS}" > .env -RUN apk update && apk add openssh-client git +RUN apk update && apk add --no-cache openssh-client git -ARG SSH_PRIVATE_KEY -RUN mkdir -p /root/.ssh && \ - echo "${SSH_PRIVATE_KEY}" > /root/.ssh/id_rsa && \ - chmod 600 /root/.ssh/id_rsa && \ - eval "$(ssh-agent -s)" && \ - ssh-add /root/.ssh/id_rsa && \ +# Forward SSH agent via BuildKit (clé jamais écrite dans l'image) +RUN --mount=type=ssh \ + mkdir -p /root/.ssh && \ ssh-keyscan git.4nkweb.com >> /root/.ssh/known_hosts RUN npm install --frozen-lockfile # Rebuild the source code only when needed FROM node:19-alpine AS builder +WORKDIR /leCoffre-front -WORKDIR leCoffre-front - -COPY --from=deps leCoffre-front/node_modules ./node_modules -COPY --from=deps leCoffre-front/package.json package.json -COPY --from=deps leCoffre-front/.env ./.env +COPY --from=deps /leCoffre-front/node_modules ./node_modules +COPY --from=deps /leCoffre-front/package.json ./package.json +COPY --from=deps /leCoffre-front/.env ./.env COPY tsconfig.json tsconfig.json COPY next.config.js next.config.js COPY src src @@ -36,17 +31,17 @@ RUN npm run build # Production image, copy all the files and run next FROM node:19-alpine AS production +WORKDIR /leCoffre-front -WORKDIR leCoffre-front - +# Création de l’utilisateur non-root RUN adduser -D lecoffreuser --uid 10000 && chown -R lecoffreuser . COPY public ./public -COPY --from=builder --chown=lecoffreuser leCoffre-front/node_modules ./node_modules -COPY --from=builder --chown=lecoffreuser leCoffre-front/.next ./.next -COPY --from=builder --chown=lecoffreuser leCoffre-front/next.config.js ./next.config.js -COPY --from=builder --chown=lecoffreuser leCoffre-front/package.json ./package.json -COPY --from=builder --chown=lecoffreuser leCoffre-front/.env ./.env +COPY --from=builder --chown=lecoffreuser /leCoffre-front/node_modules ./node_modules +COPY --from=builder --chown=lecoffreuser /leCoffre-front/.next ./.next +COPY --from=builder --chown=lecoffreuser /leCoffre-front/next.config.js ./next.config.js +COPY --from=builder --chown=lecoffreuser /leCoffre-front/package.json ./package.json +COPY --from=builder --chown=lecoffreuser /leCoffre-front/.env ./.env USER lecoffreuser