From 142996bdc1efec194ed30547cc95e9fbff8b4035 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 30 Sep 2021 21:37:52 +0000
Subject: [PATCH] fix: Dockerfile.debian to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN10-IMAGEMAGICK-539706
- https://snyk.io/vuln/SNYK-DEBIAN10-IMAGEMAGICK-539710
- https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1569403
- https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-567125
- https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-1063182
---
 Dockerfile.debian | 58 ++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 57 insertions(+), 1 deletion(-)
 mode change 120000 => 100644 Dockerfile.debian

diff --git a/Dockerfile.debian b/Dockerfile.debian
deleted file mode 120000
index f3c6884..0000000
--- a/Dockerfile.debian
+++ /dev/null
@@ -1 +0,0 @@
-./Dockerfile.bullseye
\ No newline at end of file
diff --git a/Dockerfile.debian b/Dockerfile.debian
new file mode 100644
index 0000000..b69ebb6
--- /dev/null
+++ b/Dockerfile.debian
@@ -0,0 +1,57 @@
+# syntax=docker/dockerfile:experimental
+
+FROM ruby:2.7-buster
+
+# Replace shell with bash so we can source files
+RUN rm /bin/sh && ln -s /bin/bash /bin/sh
+
+# Upgrade OS to bulleyes
+ENV DEBIAN_FRONTEND noninteractive
+RUN sed -i 's/deb http:\/\/deb.debian.org\/debian buster main/deb https:\/\/deb.debian.org\/debian\/ bullseye main/' /etc/apt/sources.list \
+  && apt update \
+  && apt upgrade -y \
+  && apt clean \
+  && apt update \
+  && apt autoremove -y
+
+# https://stackoverflow.com/questions/25899912/how-to-install-nvm-in-docker
+ENV NVM_DIR /usr/local/nvm
+ENV NODE_VERSION v12.8.1
+RUN mkdir $NVM_DIR \
+  && curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash \
+  && . $NVM_DIR/nvm.sh \
+  && nvm install $NODE_VERSION \
+  && nvm alias default $NODE_VERSION \
+  && nvm use default
+ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules
+ENV PATH      $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH
+RUN . ~/.bashrc && node -v
+
+RUN ln -s /usr/local/nvm/versions/node/$NODE_VERSION/bin/node /usr/bin/node
+RUN ln -s /usr/local/nvm/versions/node/$NODE_VERSION/bin/npm /usr/bin/npm
+
+# https://classic.yarnpkg.com/en/docs/install#debian-stable
+RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
+  && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \
+  && apt-get update && apt-get install -yqq --no-install-recommends yarn
+
+# Don't inherit local env settings when setting up bundler
+RUN unset BUNDLE_PATH
+RUN unset BUNDLE_BIN
+
+ENV GEM_HOME "/usr/local/bundle"
+ENV PATH $GEM_HOME/bin:$GEM_HOME/gems/bin:$PATH
+
+RUN gem install bundler -v 1.3.0
+# https://stackoverflow.com/questions/3116015/how-to-install-postgresqls-pg-gem-on-ubuntu#3116128
+RUN gem install pg -- --with-pg-lib=/usr/lib
+
+# https://github.com/locomotivecms/wagon/issues/340
+WORKDIR /
+COPY ./entrypoint.sh entrypoint.sh
+RUN chmod +x entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
+
+EXPOSE 3000
+CMD ["bundle", "exec", "rails", "s", "-p", "3000", "-b", "0.0.0.0"]
\ No newline at end of file