packages/docker-pnpm
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: packages:fef09beaf3270a4f1a08bf3892c6f2c864b0fe3f
Branches Tags
packages:main
...
compare: packages:e2d3258d40659244fe854272fb83e6e1397d1f0a
Branches Tags
packages:main

2 Commits
fef09beaf3 ... e2d3258d40

Author SHA1 Message Date
Lukas | AstroGD
e2d3258d40
fix: Docker build warnings
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-02-23 18:38:56 +01:00
Lukas | AstroGD
b031dc1ac3
feat: Second registry, security hardening 
- Added second registry
- Added non-root user
- Added supply-chain attestation flags
 2025-02-23 17:58:02 +01:00
3 changed files with 83 additions and 11 deletions
Show Stats Expand all files Collapse all files

74
.drone.yml
View File

@ -11,6 +11,8 @@ steps:
- name: build-lts
image: plugins/docker
settings:
purge: false
build_args: --provenance=true --sbom=true
username:
from_secret: registry_username
password:
@ -20,9 +22,27 @@ steps:
- lts-alpine
- lts
dockerfile: lts/Dockerfile
- name: build-lts-astrogd
image: plugins/docker
depends_on:
- build-lts
settings:
registry: registry.astrogd.cloud
build_args: --provenance=true --sbom=true
username:
from_secret: astrogd_registry_username
password:
from_secret: astrogd_registry_key
repo: registry.astrogd.cloud/pnpm
tags:
- lts-alpine
- lts
dockerfile: lts/Dockerfile
- name: build-latest
image: plugins/docker
settings:
purge: false
build_args: --provenance=true --sbom=true
username:
from_secret: registry_username
password:
@ -32,6 +52,22 @@ steps:
- latest-alpine
- latest
dockerfile: latest/Dockerfile
- name: build-latest-astrogd
image: plugins/docker
depends_on:
- build-latest
settings:
registry: registry.astrogd.cloud
build_args: --provenance=true --sbom=true
username:
from_secret: astrogd_registry_username
password:
from_secret: astrogd_registry_key
repo: registry.astrogd.cloud/pnpm
tags:
- latest-alpine
- latest
dockerfile: latest/Dockerfile
---
kind: pipeline
@ -46,6 +82,8 @@ steps:
- name: build-lts
image: plugins/docker
settings:
purge: false
build_args: --provenance=true --sbom=true
username:
from_secret: registry_username
password:
@ -55,9 +93,27 @@ steps:
- lts-alpine
- lts
dockerfile: lts/Dockerfile
- name: build-lts-astrogd
image: plugins/docker
depends_on:
- build-lts
settings:
registry: registry.astrogd.cloud
build_args: --provenance=true --sbom=true
username:
from_secret: astrogd_registry_username
password:
from_secret: astrogd_registry_key
repo: registry.astrogd.cloud/pnpm
tags:
- lts-alpine
- lts
dockerfile: lts/Dockerfile
- name: build-latest
image: plugins/docker
settings:
purge: false
build_args: --provenance=true --sbom=true
username:
from_secret: registry_username
password:
@ -67,9 +123,25 @@ steps:
- latest-alpine
- latest
dockerfile: latest/Dockerfile
- name: build-latest-astrogd
image: plugins/docker
depends_on:
- build-latest
settings:
registry: registry.astrogd.cloud
build_args: --provenance=true --sbom=true
username:
from_secret: astrogd_registry_username
password:
from_secret: astrogd_registry_key
repo: registry.astrogd.cloud/pnpm
tags:
- latest-alpine
- latest
dockerfile: latest/Dockerfile
---
kind: signature
hmac: e751fb83a80f0db2389261287d1d9abd39dbfb0a3abf0984b8c03e92235872d3
hmac: 4273bd6d4fadc37a81c8efee1273325e1ee914798eb00baf73790d4a100eed62
...

10
latest/Dockerfile
View File

@ -1,5 +1,5 @@
FROM node:alpine as BASE
ENV PNPM_HOME="./.pnpm" \
PATH="$PNPM_HOME:$PATH"
RUN npm i -g pnpm@latest &&\
apk add --no-cache openssl
FROM node:alpine AS base
ENV PNPM_HOME="./.pnpm"
RUN wget -qO- https://get.pnpm.io/install.sh | ENV="$HOME/.shrc" SHELL="$(which sh)" sh - &&\
apk add --no-cache openssl
USER node

10
lts/Dockerfile
View File

@ -1,5 +1,5 @@
FROM node:lts-alpine as BASE
ENV PNPM_HOME="./.pnpm" \
PATH="$PNPM_HOME:$PATH"
RUN npm i -g pnpm@latest &&\
apk add --no-cache openssl
FROM node:lts-alpine AS base
ENV PNPM_HOME="./.pnpm"
RUN wget -qO- https://get.pnpm.io/install.sh | ENV="$HOME/.shrc" SHELL="$(which sh)" sh - &&\
apk add --no-cache openssl
USER node