diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..cd34a12 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,19 @@ +version: "3.9" +services: + web: + build: + args: + - APP_ENV=Development + context: . + environment: + - ASPNETCORE_ENVIRONMENT=Development + depends_on: + - db + ports: + - 8080:8080 + db: + image: "mcr.microsoft.com/mssql/server:2019-CU17-ubuntu-20.04@sha256:f54a84b8a802afdfa91a954e8ddfcec9973447ce8efec519adf593b54d49bedf" + environment: + - ACCEPT_EULA=Y + - MSSQL_PID=Express + - SA_PASSWORD=yourStrong(!)Password diff --git a/dockerfile b/dockerfile index 06aa730..76632cc 100644 --- a/dockerfile +++ b/dockerfile @@ -2,7 +2,7 @@ # docker build -f ./dockerfile . --build-arg APP_ENV=dev # build backend -FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS serviceBuild +FROM mcr.microsoft.com/dotnet/sdk:6.0@sha256:dd19f6aa2774de9fde18c78970bc4fdebc695bd824c73371b6faec306a18b230 AS service-build # copy backend files into 'service' folder in prep for dotnet commands COPY service /service @@ -16,14 +16,14 @@ RUN dotnet build RUN dotnet test --no-build # setup frontend -FROM node:12 AS clientBuild +FROM node:16@sha256:bf1609ac718dda03940e2be4deae1704fb77cd6de2bed8bf91d4bbbc9e88b497 AS client-build ARG APP_ENV RUN echo APP_ENV = ${APP_ENV} RUN npm config set unsafe-perm true COPY client /client # copy auto-generated TS files from API bulid -COPY --from=serviceBuild /client/src/app/generated/. client/src/app/generated/ +COPY --from=service-build /client/src/app/generated/. client/src/app/generated/ # build frontend WORKDIR /client @@ -32,16 +32,23 @@ ENV REACT_APP_ENV=${APP_ENV} RUN npm run build # copy our frontend into published app's wwwroot folder -FROM serviceBuild AS publisher -COPY --from=clientBuild /client/build /app/wwwroot/ +FROM service-build AS publisher +COPY --from=client-build /client/build /app/wwwroot/ # build & publish our API -ARG ASPNETCORE_ENVIRONMENT RUN dotnet publish /service/Microsoft.DSX.ProjectTemplate.API/Microsoft.DSX.ProjectTemplate.API.csproj -c Release -o /app # build runtime image (contains full stack) -FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 +FROM mcr.microsoft.com/dotnet/aspnet:6.0@sha256:6ca5c440d36869d4b83059cf16f111bb4dec371c08b6e935186cc696e89cc0ba WORKDIR /app -EXPOSE 80 COPY --from=publisher /app ./ +# run as non-privileged user +RUN groupadd -g 1000 appuser && \ + useradd -r -u 1000 -g appuser appuser && \ + chown -R appuser:appuser /app && \ + chmod -R 755 /app +USER appuser +# use non-privileged port +ENV ASPNETCORE_URLS="http://+:8080" +EXPOSE 8080 ENTRYPOINT ["dotnet", "Microsoft.DSX.ProjectTemplate.API.dll"] diff --git a/service/Microsoft.DSX.ProjectTemplate.API/Properties/launchSettings.json b/service/Microsoft.DSX.ProjectTemplate.API/Properties/launchSettings.json index 57b5d2e..e8c9114 100644 --- a/service/Microsoft.DSX.ProjectTemplate.API/Properties/launchSettings.json +++ b/service/Microsoft.DSX.ProjectTemplate.API/Properties/launchSettings.json @@ -13,7 +13,7 @@ "launchBrowser": true, "launchUrl": "swagger", "environmentVariables": { - "ASPNETCORE_ENVIRONMENT": "Development" + "ASPNETCORE_ENVIRONMENT": "Local" } }, "Console": { @@ -21,7 +21,7 @@ "launchBrowser": true, "launchUrl": "swagger", "environmentVariables": { - "ASPNETCORE_ENVIRONMENT": "Development" + "ASPNETCORE_ENVIRONMENT": "Local" }, "applicationUrl": "https://localhost:44345/" } diff --git a/service/Microsoft.DSX.ProjectTemplate.API/appsettings.Development.json b/service/Microsoft.DSX.ProjectTemplate.API/appsettings.Development.json index e203e94..a4e141a 100644 --- a/service/Microsoft.DSX.ProjectTemplate.API/appsettings.Development.json +++ b/service/Microsoft.DSX.ProjectTemplate.API/appsettings.Development.json @@ -1,4 +1,7 @@ { + "ConnectionStrings": { + "Database": "Server=db;Database=master;User=sa;Password=yourStrong(!)Password;" + }, "Logging": { "LogLevel": { "Default": "Debug",