Skip to content

Commit

Permalink
SS-867 Added docker file and gpg public key for data encryption (#72)
Browse files Browse the repository at this point in the history
* added docker file and gpg public key for data encryption

---------

Co-authored-by: alfredeen <johan.alfredeen@gmail.com>
  • Loading branch information
churnikov and alfredeen authored Mar 12, 2024
1 parent 5439902 commit 0cf4fbf
Show file tree
Hide file tree
Showing 5 changed files with 119 additions and 4 deletions.
68 changes: 68 additions & 0 deletions .github/workflows/serve-encrypt.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
name: Serve-Encrypt workflow

on:
push:
paths:
- "serve-encrypt/**"
# Adds ability to run this workflow manually
workflow_dispatch:
inputs:
logLevel:
description: 'Log level'
required: true
default: 'warning'
type: choice
options:
- info
- warning
- debug
tags:
description: 'Manual run'
required: false
type: boolean

jobs:

push:
if: |
github.ref == 'refs/heads/main' &&
github.repository == 'scilifelabdatacentre/serve-images'
runs-on: ubuntu-latest
concurrency:
group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
cancel-in-progress: true
permissions:
contents: read
packages: write

steps:
- name: 'Checkout github action'
uses: actions/checkout@main

- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/scilifelabdatacentre/serve-encrypt
tags: |
type=raw,value={{date 'YYMMDD-HHmm' tz='Europe/Stockholm'}}
- name: 'Login to GHCR'
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{github.actor}}
password: ${{secrets.GITHUB_TOKEN}}

- name: Publish image to GHCR
uses: docker/build-push-action@v3
with:
file: ./serve-encrypt/Dockerfile
context: ./serve-encrypt
push: true
build-args: version=${{ github.ref_name }}
tags: |
${{ steps.meta.outputs.tags }}
ghcr.io/scilifelabdatacentre/serve-encrypt:latest
labels: ${{ steps.meta.outputs.labels }}
5 changes: 4 additions & 1 deletion examples/streamlit/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@ WORKDIR $HOME/app
RUN apt-get update && apt-get install --no-install-recommends -y \
build-essential \
software-properties-common \
curl
curl \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*


COPY requirements.txt requirements.txt
COPY app.py app.py
Expand Down
31 changes: 31 additions & 0 deletions serve-encrypt/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Use an official Debian as a parent image for a lightweight build
FROM debian:stable-slim

# Set the GNUPGHOME environment variable
ENV GNUPGHOME=/home/pguser/.gnupg

# Install PostgreSQL client and GPG
# Create a non-root user and group (using user ID 1000 and group ID 1000 for compatibility)
# Fixed commands for Debian
RUN apt-get update \
&& apt-get install --no-install-recommends -y gnupg2=2.2.* curl=7.88.* postgresql-client-15=15.* \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& groupadd -g 1000 pguser \
&& useradd -m -u 1000 -g pguser pguser

# Set working directory
WORKDIR /home/pguser

# Copy the GPG public key
COPY gpg-public-key /home/pguser/gpg-public-key

# Import the GPG key
# The command to switch users before running a command has also been adjusted for Debian compatibility
RUN chown pguser:pguser /home/pguser/gpg-public-key && \
chmod 600 /home/pguser/gpg-public-key && \
su pguser -c 'gpg --import /home/pguser/gpg-public-key'

# Switch to the non-root user
USER pguser

13 changes: 13 additions & 0 deletions serve-encrypt/gpg-public-key
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZdi2zRYJKwYBBAHaRw8BAQdAWiUZyQidLNI7H5h2guFRX7Z5XMq7xlezOTPU
4E7WLSy0IU1vbnR5UHl0aG9uIDxzZXJ2ZUBzY2lsaWZlbGFiLnNlPoiZBBMWCgBB
FiEEFMj00C+87r6gxkIweUw2dG7WihkFAmXYts0CGwMFCQWjmoAFCwkIBwICIgIG
FQoJCAsCBBYCAwECHgcCF4AACgkQeUw2dG7WihluEAD/e0/fe2ZWu+qsbANLrIeC
SDcuUOhOjyExEqYUsYBuxxAA+wbnERFA6nO19tZEEVBXYz0yIbSQyCKh4CTPoUBj
4g4EuDgEZdi2zRIKKwYBBAGXVQEFAQEHQKyr292yAwCT0lK/RaU+BBAFaSywvgvp
0YXqHyjrHBUQAwEIB4h+BBgWCgAmFiEEFMj00C+87r6gxkIweUw2dG7WihkFAmXY
ts0CGwwFCQWjmoAACgkQeUw2dG7Wihli3AEAqd2f5uOgNylWH0HeLfnAR2xUz69G
lQdnr5MH33bDUu0A/1Q7OvzCTXQmjxFrAyqEn8UDs3y+wCri3z0OfX49ElgK
=pyub
-----END PGP PUBLIC KEY BLOCK-----
6 changes: 3 additions & 3 deletions serve-filemanager/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@ COPY filebrowser.json /.filebrowser.json

COPY startup.sh /usr/local/bin/startup.sh
RUN apk add --update --no-cache \
wget \
zip \
unzip \
wget~=1.21 \
zip~=3 \
unzip~=6 \
&& adduser -D -u 1000 -g 1000 -h $HOME $USER \
&& chmod +x /usr/local/bin/startup.sh \
&& rm -rf /var/lib/apt/lists/*
Expand Down

0 comments on commit 0cf4fbf

Please sign in to comment.