From 3f1a20339f116fc9308d6817156cc29a8cee2f87 Mon Sep 17 00:00:00 2001 From: Inkvi Date: Thu, 14 Nov 2024 13:10:01 -0800 Subject: [PATCH] Refactor Dockerfile to build TypeScript project Remove global ts-node installation and add build step for TypeScript. Copy tsconfig.json and update CMD to run compiled JavaScript. Adjust package.json scripts to include build and start commands. --- .github/workflows/docker-publish.yml | 2 +- .github/workflows/vuln-scan.yml | 2 +- .gitignore | 135 +++++++++++++++++++++++++++ Dockerfile | 12 ++- package-lock.json | 60 ++++++++++++ package.json | 3 + 6 files changed, 207 insertions(+), 7 deletions(-) create mode 100644 .gitignore diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 388f538..9a30223 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -58,7 +58,7 @@ jobs: cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache,mode=max - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.21.0 + uses: aquasecurity/trivy-action@0.28.0 with: image-ref: ${{ env.IMAGE_NAME }}:latest format: 'table' diff --git a/.github/workflows/vuln-scan.yml b/.github/workflows/vuln-scan.yml index 8fa8202..4a5e9e9 100644 --- a/.github/workflows/vuln-scan.yml +++ b/.github/workflows/vuln-scan.yml @@ -15,7 +15,7 @@ jobs: docker build -t signer . - name: Peptide vulnerability scan - uses: aquasecurity/trivy-action@0.21.0 + uses: aquasecurity/trivy-action@0.28.0 with: image-ref: 'signer' format: 'table' diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..64f44c7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,135 @@ +### Node template +# Logs +logs +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* +lerna-debug.log* +.pnpm-debug.log* + +# Diagnostic reports (https://nodejs.org/api/report.html) +report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json + +# Runtime data +pids +*.pid +*.seed +*.pid.lock + +# Directory for instrumented libs generated by jscoverage/JSCover +lib-cov + +# Coverage directory used by tools like istanbul +coverage +*.lcov + +# nyc test coverage +.nyc_output + +# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) +.grunt + +# Bower dependency directory (https://bower.io/) +bower_components + +# node-waf configuration +.lock-wscript + +# Compiled binary addons (https://nodejs.org/api/addons.html) +build/Release + +# Dependency directories +node_modules/ +jspm_packages/ + +# Snowpack dependency directory (https://snowpack.dev/) +web_modules/ + +# TypeScript cache +*.tsbuildinfo + +# Optional npm cache directory +.npm + +# Optional eslint cache +.eslintcache + +# Optional stylelint cache +.stylelintcache + +# Microbundle cache +.rpt2_cache/ +.rts2_cache_cjs/ +.rts2_cache_es/ +.rts2_cache_umd/ + +# Optional REPL history +.node_repl_history + +# Output of 'npm pack' +*.tgz + +# Yarn Integrity file +.yarn-integrity + +# dotenv environment variable files +.env +.env.development.local +.env.test.local +.env.production.local +.env.local + +# parcel-bundler cache (https://parceljs.org/) +.cache +.parcel-cache + +# Next.js build output +.next +out + +# Nuxt.js build / generate output +.nuxt +dist + +# Gatsby files +.cache/ +# Comment in the public line in if your project uses Gatsby and not Next.js +# https://nextjs.org/blog/next-9-1#public-directory-support +# public + +# vuepress build output +.vuepress/dist + +# vuepress v2.x temp and cache directory +.temp +.cache + +# Docusaurus cache and generated files +.docusaurus + +# Serverless directories +.serverless/ + +# FuseBox cache +.fusebox/ + +# DynamoDB Local files +.dynamodb/ + +# TernJS port file +.tern-port + +# Stores VSCode versions used for testing VSCode extensions +.vscode-test + +# yarn v2 +.yarn/cache +.yarn/unplugged +.yarn/build-state.yml +.yarn/install-state.gz +.pnp.* + + +### Rest +.idea/ diff --git a/Dockerfile b/Dockerfile index 7fcf97b..35d9792 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,8 +2,6 @@ FROM node:18-alpine WORKDIR /app -RUN npm install -g ts-node - COPY package*.json ./ RUN addgroup -g 333 polymer && adduser -D -u 333 -G polymer polymer @@ -12,9 +10,13 @@ USER polymer RUN npm install -COPY src src +COPY tsconfig.json ./ +COPY src src -EXPOSE 8000 +# Build TypeScript files +RUN npm run build -CMD ["ts-node", "src/server.ts"] +EXPOSE 8000 +# Run compiled JavaScript instead of TypeScript +CMD ["node", "dist/server.js"] diff --git a/package-lock.json b/package-lock.json index d926b54..b5b2447 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,6 +16,7 @@ "asn1js": "^3.0.5", "axios": "^1.7.4", "bn.js": "^5.2.1", + "cross-spawn": "^7.0.5", "ethers": "^6.13.1", "fast-crc32c": "github:ChainSafe/node-fast-crc32c", "fastify": "^4.27.0", @@ -1052,6 +1053,19 @@ "node-fetch": "^2.6.12" } }, + "node_modules/cross-spawn": { + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.5.tgz", + "integrity": "sha512-ZVJrKKYunU38/76t0RMOulHOnUcbU9GbpWKAOZ0mhjr7CX6FVrH+4FrAapSOekrgFQ3f/8gwMEuIft0aKq6Hug==", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, "node_modules/debug": { "version": "4.3.4", "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", @@ -1773,6 +1787,11 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==" + }, "node_modules/isomorphic-ws": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/isomorphic-ws/-/isomorphic-ws-5.0.0.tgz", @@ -1920,6 +1939,14 @@ "wrappy": "1" } }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "engines": { + "node": ">=8" + } + }, "node_modules/pino": { "version": "9.0.0", "resolved": "https://registry.npmjs.org/pino/-/pino-9.0.0.tgz", @@ -2225,6 +2252,25 @@ "resolved": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", "integrity": "sha512-MATJdZp8sLqDl/68LfQmbP8zKPLQNV6BIZoIgrscFDQ+RsvK/BxeDQOgyxKKoh0y/8h3BqVFnCqQ/gd+reiIXA==" }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "engines": { + "node": ">=8" + } + }, "node_modules/sonic-boom": { "version": "3.8.1", "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-3.8.1.tgz", @@ -2779,6 +2825,20 @@ "webidl-conversions": "^3.0.0" } }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, "node_modules/which-typed-array": { "version": "1.1.15", "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.15.tgz", diff --git a/package.json b/package.json index deaa5d8..0bcd051 100644 --- a/package.json +++ b/package.json @@ -5,6 +5,8 @@ "description": "", "main": "index.js", "scripts": { + "build": "tsc", + "start": "node dist/server.js", "test": "echo \"Error: no test specified\" && exit 1" }, "keywords": [], @@ -18,6 +20,7 @@ "asn1js": "^3.0.5", "axios": "^1.7.4", "bn.js": "^5.2.1", + "cross-spawn": "^7.0.5", "ethers": "^6.13.1", "fast-crc32c": "github:ChainSafe/node-fast-crc32c", "fastify": "^4.27.0",