From f42a2649345887493fc40fb9efaecd55eaaf402d Mon Sep 17 00:00:00 2001 From: Steve Freeman Date: Sun, 22 Mar 2026 11:28:54 -0400 Subject: [PATCH 1/4] Fixed bad permissions scheme in dockerfile --- packages/backend/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/backend/Dockerfile b/packages/backend/Dockerfile index c88d30e3..f1e43857 100644 --- a/packages/backend/Dockerfile +++ b/packages/backend/Dockerfile @@ -14,7 +14,8 @@ COPY packages/backend/src ./packages/backend/src RUN npm ci \ && npm run build:prod -w @mocker/backend \ && npm prune --omit=dev \ - && mkdir -p /usr/src/app/images + && mkdir -p /usr/src/app/images \ + && chmod 700 /usr/src/app/images FROM gcr.io/distroless/nodejs20-debian12:nonroot AS release ENV NODE_ENV=production \ From bf6bd3968fc505ce2d62db464e404f666211caa8 Mon Sep 17 00:00:00 2001 From: Steve Freeman Date: Sun, 22 Mar 2026 11:30:40 -0400 Subject: [PATCH 2/4] moved chmod to right locatoin --- packages/backend/Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/backend/Dockerfile b/packages/backend/Dockerfile index f1e43857..710b08c7 100644 --- a/packages/backend/Dockerfile +++ b/packages/backend/Dockerfile @@ -14,8 +14,7 @@ COPY packages/backend/src ./packages/backend/src RUN npm ci \ && npm run build:prod -w @mocker/backend \ && npm prune --omit=dev \ - && mkdir -p /usr/src/app/images \ - && chmod 700 /usr/src/app/images + && mkdir -p /usr/src/app/images FROM gcr.io/distroless/nodejs20-debian12:nonroot AS release ENV NODE_ENV=production \ @@ -28,6 +27,8 @@ COPY --from=build --chown=65532:65532 /usr/src/app/packages/backend/dist ./dist COPY --from=build --chown=65532:65532 /usr/src/app/node_modules ./node_modules COPY --from=build --chown=65532:65532 /usr/src/app/images ./images +RUN chmod 700 /usr/src/app/images + EXPOSE 80 CMD ["/usr/src/app/dist/index.js"] From cf12143f7c7e09dd6bc3e38bfdcbe56dde1e6e00 Mon Sep 17 00:00:00 2001 From: Steve Freeman Date: Sun, 22 Mar 2026 11:33:44 -0400 Subject: [PATCH 3/4] Added docker image build to CI pipeline --- .github/workflows/ci.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5ed900d6..0778b9ab 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -76,3 +76,13 @@ jobs: - uses: ./.github/actions/setup - name: Enforce 80% coverage run: npm run test:coverage + + docker-build: + name: Docker Build + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v4 + - name: Build Docker image + run: docker build -f packages/backend/Dockerfile -t mocker-backend:ci . From 975ffa68262c0210a43313d9e79a5c9795be13ba Mon Sep 17 00:00:00 2001 From: Steve Freeman Date: Sun, 22 Mar 2026 11:35:42 -0400 Subject: [PATCH 4/4] Fixed bad run command cuz distroless --- packages/backend/Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/packages/backend/Dockerfile b/packages/backend/Dockerfile index 710b08c7..a655b493 100644 --- a/packages/backend/Dockerfile +++ b/packages/backend/Dockerfile @@ -25,9 +25,7 @@ WORKDIR /usr/src/app # Copy backend build artifacts and writable path from build stage. COPY --from=build --chown=65532:65532 /usr/src/app/packages/backend/dist ./dist COPY --from=build --chown=65532:65532 /usr/src/app/node_modules ./node_modules -COPY --from=build --chown=65532:65532 /usr/src/app/images ./images - -RUN chmod 700 /usr/src/app/images +COPY --from=build --chown=65532:65532 --chmod=700 /usr/src/app/images ./images EXPOSE 80