Added alpine3.14-nr (non root user)

Based on @tunnelpr0 PR #43 Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
nats-io · Nov 9, 2021 · f620eae · f620eae
1 parent edcf3e2
commit f620eae
Show file tree

Hide file tree

Showing 6 changed files with 98 additions and 0 deletions.
diff --git a/2.6.4/alpine3.14-nr/Dockerfile b/2.6.4/alpine3.14-nr/Dockerfile
@@ -0,0 +1,38 @@
+FROM alpine:3.14
+
+ENV NATS_SERVER 2.6.4
+
+RUN set -eux; \
+	apkArch="$(apk --print-arch)"; \
+	case "$apkArch" in \
+		aarch64) natsArch='arm64'; sha256='ff37771c0442e5921dd6867ef712c4029375a134f478b45469f5649b31ca06ae' ;; \
+		armhf) natsArch='arm6'; sha256='47b58410696fc2bbdd4b0c604f8a6df74b348bcf56efcff739a84f8c3da16f22' ;; \
+		armv7) natsArch='arm7'; sha256='071a52917aa7931dcce84d052e01310edd82d7399b5d699ddf9ad981af58fa5b' ;; \
+		x86_64) natsArch='amd64'; sha256='8a81d7c2c65f698875f5ed36cca842e37e51eb9bddb2374690d49bdc782aa6f5' ;; \
+		x86) natsArch='386'; sha256='659e085ed13d51acf52468e6e44257bf3dac3111ddf90ba065beb9a3c0a71b32' ;; \
+		*) echo >&2 "error: $apkArch is not supported!"; exit 1 ;; \
+	esac; \
+	\
+	wget -O nats-server.tar.gz "https://github.com/nats-io/nats-server/releases/download/v${NATS_SERVER}/nats-server-v${NATS_SERVER}-linux-${natsArch}.tar.gz"; \
+	echo "${sha256} *nats-server.tar.gz" | sha256sum -c -; \
+	\
+	apk add --no-cache ca-certificates; \
+	apk add --no-cache --virtual buildtmp; \
+	\
+	tar -xf nats-server.tar.gz; \
+	rm nats-server.tar.gz; \
+	mv "nats-server-v${NATS_SERVER}-linux-${natsArch}/nats-server" /usr/local/bin; \
+	rm -rf "nats-server-v${NATS_SERVER}-linux-${natsArch}"; \
+	\
+	apk del --no-cache --no-network buildtmp
+
+COPY nats-server.conf /etc/nats/nats-server.conf
+COPY docker-entrypoint.sh /usr/local/bin
+EXPOSE 4222 8222 6222
+RUN adduser -g '' -h / -s /bin/ash -H -D nats
+RUN chown root:nats /etc/nats/nats-server.conf /usr/local/bin/docker-entrypoint.sh
+RUN chmod 640 /etc/nats/nats-server.conf
+RUN chmod 750 /usr/local/bin/docker-entrypoint.sh
+USER nats
+ENTRYPOINT ["docker-entrypoint.sh"]
+CMD ["nats-server", "--config", "/etc/nats/nats-server.conf"]
diff --git a/2.6.4/alpine3.14-nr/docker-entrypoint.sh b/2.6.4/alpine3.14-nr/docker-entrypoint.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -e
+
+# this if will check if the first argument is a flag
+# but only works if all arguments require a hyphenated flag
+# -v; -SL; -f arg; etc will work, but not arg1 arg2
+if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then
+    set -- nats-server "$@"
+fi
+
+# else default to run whatever the user wanted like "bash" or "sh"
+exec "$@"
+
diff --git a/2.6.4/alpine3.14-nr/nats-server.conf b/2.6.4/alpine3.14-nr/nats-server.conf
@@ -0,0 +1,25 @@
+# Client port of 4222 on all interfaces
+port: 4222
+
+# HTTP monitoring port
+monitor_port: 8222
+
+# This is for clustering multiple servers together.
+cluster {
+
+  # Route connections to be received on any interface on port 6222
+  port: 6222
+
+  # Routes are protected, so need to use them with --routes flag
+  # e.g. --routes=nats-route://ruser:T0pS3cr3t@otherdockerhost:6222
+  authorization {
+    user: ruser
+    password: T0pS3cr3t
+    timeout: 2
+  }
+
+  # Routes are actively solicited and connected to from this server.
+  # This Docker image has none by default, but you can pass a
+  # flag to the gnatsd docker image to create one to an existing server.
+  routes = []
+}
diff --git a/tests/build-images.sh b/tests/build-images.sh
@@ -8,6 +8,11 @@ ver=(NATS_SERVER 2.6.4)
 	docker build --tag nats:2.6.4-alpine3.14 .
 )
 
+(
+	cd "${ver[1]}/alpine3.14-nr"
+	docker build --tag nats:2.6.4-alpine3.14-nr .
+)
+
 (
 	cd "${ver[1]}/scratch"
 	docker build --tag nats:2.6.4-scratch .

diff --git a/tests/run-images.sh b/tests/run-images.sh
@@ -3,6 +3,7 @@ set -ex
 
 images=(
 	'nats:2.6.4-alpine3.14'
+	'nats:2.6.4-alpine3.14-nr'
 	'nats:2.6.4-scratch'
 )
 

diff --git a/update.py b/update.py
@@ -11,6 +11,7 @@ def nats_server_env_list(ver: str) -> typing.List:
         f"./{ver}/windowsservercore-1809/Dockerfile",
         f"./{ver}/windowsservercore-ltsc2016/Dockerfile",
         f"./{ver}/alpine3.14/Dockerfile",
+        f"./{ver}/alpine3.14-nr/Dockerfile",
         "./tests/build-images-2016.ps1",
         "./tests/build-images.sh",
         "./tests/build-images-2019.ps1",
@@ -87,6 +88,20 @@ def update_alpine_arch_shasums(old_ver: str, new_ver: str, shasums: typing.Dict)
     with open(file, "w") as fd:
         fd.write(data)
 
+def update_alpine_nr_arch_shasums(old_ver: str, new_ver: str, shasums: typing.Dict):
+    file = f"{old_ver}/alpine3.14-nr/Dockerfile"
+    with open(file, "r") as fd:
+        data = fd.read()
+
+    for arch in ["arm64", "arm6", "arm7", "amd64", "386"]:
+        key = f"nats-server-v{new_ver}-linux-{arch}.tar.gz"
+        arch_sha = shasums[key]
+        r = re.compile(f"(natsArch='{arch}'; )"+r"sha256='[A-Fa-f0-9]{64}'")
+        data = r.sub(f"\g<1>sha256='{arch_sha}'", data)
+
+    with open(file, "w") as fd:
+        fd.write(data)
+
 def get_shasums(ver: str) -> typing.Dict:
     u = f"https://github.com/nats-io/nats-server/releases/download/v{ver}/SHA256SUMS"
     with urllib.request.urlopen(u) as resp:
@@ -127,6 +142,7 @@ def get_current_version(dir: str) -> str:
 
     update_nats_server_shasum_env(old_ver, new_ver, shasums)
     update_alpine_arch_shasums(old_ver, new_ver, shasums)
+    update_alpine_nr_arch_shasums(old_ver, new_ver, shasums)
 
     print("renaming directory...")
     os.rename(old_ver, new_ver)