dep updates/alpine 3.20.1

Signed-off-by: Zoey <zoey@z0ey.de>
2024-06-11 09:18:58 +02:00 · 2024-06-11 09:18:58 +02:00 · 22fa2f04ab
commit 22fa2f04ab
parent ec47bdc3e8
7 changed files with 54 additions and 50 deletions
--- a/.github/workflows/caddy-fmt.yml
+++ b/.github/workflows/caddy-fmt.yml
@ -16,7 +16,7 @@ jobs:
        uses: actions/checkout@v4
      - name: Read version
        id: version
-        run: echo "version=$(cat Caddy.Dockerfile | grep -wE "FROM caddy:*" | head -1 | sed "s|FROM caddy:\([0-9.]\+\).*|\1|g")" >> $GITHUB_OUTPUT
+        run: echo "version=$(cat Caddy.Dockerfile | grep "^COPY --from=caddy:.*$" | head -1 | sed "s|COPY --from=caddy:\([0-9.]\+\).*|\1|g")" >> $GITHUB_OUTPUT
      - name: caddy-fmt
        run: |
          docker run --rm -v ${{ github.workspace }}/Caddyfile:/etc/caddy/Caddyfile caddy:${{ steps.version.outputs.version }} caddy fmt --overwrite /etc/caddy/Caddyfile
--- a/.github/workflows/caddy.yml
+++ b/.github/workflows/caddy.yml
@ -41,7 +41,7 @@ jobs:
          username: ${{ steps.un.outputs.un }}
          password: ${{ github.token }}
      - name: Build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        if: ${{ github.event_name != 'pull_request' }}
        with:
          context: .
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -60,7 +60,7 @@ jobs:
          sed -i "s|\"0.0.0\"|\"$version\"|g" frontend/package.json
          sed -i "s|\"0.0.0\"|\"$version\"|g" backend/package.json
      - name: Build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        if: ${{ github.event_name != 'pull_request' }}
        with:
          context: .
@ -80,7 +80,7 @@ jobs:
        id: pr
        run: echo "pr=$(echo pr-${{ github.ref_name }} | sed "s|refs/pull/:||g" | sed "s|/merge||g")" >> $GITHUB_OUTPUT
      - name: Build (PR)
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        if: ${{ github.event_name == 'pull_request' }}
        with:
          context: .
--- a/Caddy.Dockerfile
+++ b/Caddy.Dockerfile
@ -1,8 +1,6 @@
-FROM caddy:2.8.4 as caddy
-
-FROM alpine:3.20.0
+FROM alpine:3.20.1
 RUN apk add --no-cache ca-certificates tzdata
-COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
+COPY --from=caddy:2.8.4 /usr/bin/caddy /usr/bin/caddy
 COPY Caddyfile /etc/caddy/Caddyfile

 CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]
--- a/66
+++ b/66
@ -1,46 +1,53 @@
 # syntax=docker/dockerfile:labs
-FROM --platform="$BUILDPLATFORM" alpine:3.20.0 as frontend
-COPY frontend                        /build/frontend
-COPY global/certbot-dns-plugins.json /build/frontend/certbot-dns-plugins.json
+FROM --platform="$BUILDPLATFORM" alpine:3.20.1 AS frontend
+COPY frontend                        /app
+COPY global/certbot-dns-plugins.json /app/certbot-dns-plugins.json
 ARG NODE_ENV=production \
    NODE_OPTIONS=--openssl-legacy-provider
-WORKDIR /build/frontend
+WORKDIR /app/frontend
 RUN apk upgrade --no-cache -a && \
-    apk add --no-cache ca-certificates nodejs yarn git python3 py3-pip build-base && \
+    apk add --no-cache ca-certificates nodejs yarn git python3 py3-pip build-base file && \
    yarn global add clean-modules && \
    pip install setuptools --no-cache-dir --break-system-packages && \
    yarn --no-lockfile install && \
-    clean-modules --yes && \
    yarn --no-lockfile build && \
-    yarn cache clean --all
-COPY darkmode.css /build/frontend/dist/css/darkmode.css
-COPY security.txt /build/frontend/dist/.well-known/security.txt
+    yarn cache clean --all && \
+    clean-modules --yes && \
+    find /app/dist -name "*.node" -exec file {} \;
+COPY darkmode.css /app/dist/css/darkmode.css
+COPY security.txt /app/dist/.well-known/security.txt


-FROM --platform="$BUILDPLATFORM" alpine:3.20.0 as backend
+FROM --platform="$BUILDPLATFORM" alpine:3.20.1 AS build-backend
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-COPY backend                         /build/backend
-COPY global/certbot-dns-plugins.json /build/backend/certbot-dns-plugins.json
+COPY backend                         /app
+COPY global/certbot-dns-plugins.json /app/certbot-dns-plugins.json
 ARG NODE_ENV=production \
    TARGETARCH
-WORKDIR /build/backend
+WORKDIR /app
 RUN apk upgrade --no-cache -a && \
-    apk add --no-cache ca-certificates nodejs yarn && \
+    apk add --no-cache ca-certificates nodejs yarn file && \
    yarn global add clean-modules && \
    if [ "$TARGETARCH" = "amd64" ]; then \
-      npm_config_target_platform=linux npm_config_target_arch=x64 yarn install --no-lockfile; \
+      npm_config_target_platform=linux npm_config_target_arch=x64 yarn install --no-lockfile && \
+      for file in $(find /app/node_modules -name "*.node" -exec file {} \; | grep -v "x86-64" | sed "s|\(.*\):.*|\1|g"); do rm -v "$file"; done; \
    elif [ "$TARGETARCH" = "arm64" ]; then \
-      npm_config_target_platform=linux npm_config_target_arch=arm64 yarn install --no-lockfile; \
+      npm_config_target_platform=linux npm_config_target_arch=arm64 yarn install --no-lockfile && \
+      for file in $(find /app/node_modules -name "*.node" -exec file {} \; | grep -v "aarch64" | sed "s|\(.*\):.*|\1|g"); do rm -v "$file"; done; \
    fi && \
-    clean-modules --yes && \
-    yarn cache clean --all
+    yarn cache clean --all && \
+    clean-modules --yes
+FROM alpine:3.20.1 AS strip-backend
+COPY --from=build-backend /app /app
+RUN apk upgrade --no-cache -a && \
+    apk add --no-cache ca-certificates binutils file && \
+    find /app/node_modules -name "*.node" -exec strip -s {} \; && \
+    find /app/node_modules -name "*.node" -exec file {} \;


-FROM --platform="$BUILDPLATFORM" alpine:3.20.0 as crowdsec
+FROM --platform="$BUILDPLATFORM" alpine:3.20.1 AS crowdsec
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-
 ARG CSNB_VER=v1.0.8
-
 WORKDIR /src
 RUN apk upgrade --no-cache -a && \
    apk add --no-cache ca-certificates git build-base && \
@ -59,15 +66,14 @@ RUN apk upgrade --no-cache -a && \
    echo "APPSEC_FAILURE_ACTION=deny" | tee -a /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \
    sed -i "s|BOUNCING_ON_TYPE=all|BOUNCING_ON_TYPE=ban|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf

-FROM zoeyvid/nginx-quic:290-python
+
+FROM zoeyvid/nginx-quic:294-python
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+COPY rootfs /
+COPY --from=zoeyvid/certbot-docker:42 /usr/local          /usr/local
+COPY --from=zoeyvid/curl-quic:397     /usr/local/bin/curl /usr/local/bin/curl

 ARG CRS_VER=v4.3.0
-
-COPY rootfs /
-COPY --from=zoeyvid/certbot-docker:38 /usr/local          /usr/local
-COPY --from=zoeyvid/curl-quic:388     /usr/local/bin/curl /usr/local/bin/curl
-
 RUN apk upgrade --no-cache -a && \
    apk add --no-cache ca-certificates tzdata tini \
    nodejs \
@ -90,8 +96,8 @@ RUN apk upgrade --no-cache -a && \
    yarn global add nginxbeautifier && \
    apk del --no-cache luarocks5.1 lua5.1-dev lua5.1-sec build-base git yarn

-COPY --from=backend  /build/backend                                             /app
-COPY --from=frontend /build/frontend/dist                                       /html/frontend
+COPY --from=strip-backend  /app                                                       /app
+COPY --from=frontend       /app/dist                                                  /html/frontend
 COPY --from=crowdsec       /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins            /usr/local/nginx/lib/lua/plugins
 COPY --from=crowdsec       /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua       /usr/local/nginx/lib/lua/crowdsec.lua
 COPY --from=crowdsec       /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html     /usr/local/nginx/conf/conf.d/include/ban.html
@ -104,10 +110,10 @@ RUN ln -s /usr/local/acme.sh/acme.sh /usr/local/bin/acme.sh && \
    ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \
    ln -s /app/index.js /usr/local/bin/index.js

+LABEL com.centurylinklabs.watchtower.monitor-only="true"
 ENV NODE_ENV=production \
    NODE_CONFIG_DIR=/data/etc/npm \
    DB_SQLITE_FILE=/data/etc/npm/database.sqlite
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
 ENV PUID=0 \
    PGID=0 \
    NIBEP=48693 \
--- a/backend/package.json
+++ b/backend/package.json
@ -16,7 +16,7 @@
    "gravatar": "1.8.2",
    "jsonwebtoken": "9.0.2",
    "knex": "3.1.0",
-    "liquidjs": "10.13.1",
+    "liquidjs": "10.14.0",
    "lodash": "4.17.21",
    "moment": "2.30.1",
    "mysql": "2.18.1",
@ -29,11 +29,11 @@
  "author": "Jamie Curnow <jc@jc21.com> and ZoeyVid <zoeyvid@zvcdn.de>",
  "license": "MIT",
  "devDependencies": {
-    "@eslint/js": "9.4.0",
-    "eslint": "9.4.0",
+    "@eslint/js": "9.5.0",
+    "eslint": "9.5.0",
    "eslint-config-prettier": "9.1.0",
    "eslint-plugin-prettier": "5.1.3",
-    "globals": "15.4.0",
-    "prettier": "3.3.1"
+    "globals": "15.6.0",
+    "prettier": "3.3.2"
  }
 }
--- a/frontend/package.json
+++ b/frontend/package.json
@ -28,7 +28,7 @@
    "mini-css-extract-plugin": "1.6.2",
    "moment": "2.30.1",
    "node-sass": "7.0.3",
-    "nodemon": "3.1.3",
+    "nodemon": "3.1.4",
    "numeral": "2.0.6",
    "sass-loader": "10.5.2",
    "style-loader": "4.0.0",