SS-867 Added docker file and gpg public key for data encryption

.github/workflows/serve-encrypt.yml

@@ -0,0 +1,68 @@
+name: Serve-Encrypt workflow
+
+on:
+  push:
+    paths:
+      - "serve-encrypt/**"
+  # Adds ability to run this workflow manually
+  workflow_dispatch:
+    inputs:
+      logLevel:
+        description: 'Log level'
+        required: true
+        default: 'warning'
+        type: choice
+        options:
+        - info
+        - warning
+        - debug
+      tags:
+        description: 'Manual run'
+        required: false
+        type: boolean
+
+jobs:
+
+  push: 
+    if: | 
+      github.ref == 'refs/heads/main' &&
+      github.repository == 'scilifelabdatacentre/serve-images'
+
+    runs-on: ubuntu-latest
+    concurrency:
+      group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
+      cancel-in-progress: true
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: 'Checkout github action'
+        uses: actions/checkout@main
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ghcr.io/scilifelabdatacentre/serve-encrypt
+          tags: |
+            type=raw,value={{date 'YYMMDD-HHmm' tz='Europe/Stockholm'}}
+
+      - name: 'Login to GHCR'
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{github.actor}}
+          password: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Publish image to GHCR
+        uses: docker/build-push-action@v3
+        with:
+          file: ./serve-encrypt/Dockerfile
+          context: ./serve-encrypt
+          push: true
+          build-args: version=${{ github.ref_name }}
+          tags: |
+            ${{ steps.meta.outputs.tags }}
+            ghcr.io/scilifelabdatacentre/serve-encrypt:latest
+          labels: ${{ steps.meta.outputs.labels }}

examples/streamlit/Dockerfile

@@ -11,7 +11,10 @@ WORKDIR $HOME/app
 RUN apt-get update && apt-get install --no-install-recommends -y \
     build-essential \
     software-properties-common \ 
-    curl
+    curl \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
 
 COPY requirements.txt requirements.txt
 COPY app.py app.py

serve-encrypt/Dockerfile

@@ -0,0 +1,31 @@
+# Use an official Debian as a parent image for a lightweight build
+FROM debian:stable-slim
+
+# Set the GNUPGHOME environment variable
+ENV GNUPGHOME=/home/pguser/.gnupg
+
+# Install PostgreSQL client and GPG
+# Create a non-root user and group (using user ID 1000 and group ID 1000 for compatibility)
+# Fixed commands for Debian
+RUN apt-get update \
+	&& apt-get install --no-install-recommends -y gnupg2=2.2.* curl=7.88.* postgresql-client-15=15.*  \
+	&& apt-get clean \
+	&& rm -rf /var/lib/apt/lists/* \
+	&& groupadd -g 1000 pguser \
+	&& useradd -m -u 1000 -g pguser pguser
+
+# Set working directory
+WORKDIR /home/pguser
+
+# Copy the GPG public key
+COPY gpg-public-key /home/pguser/gpg-public-key
+
+# Import the GPG key
+# The command to switch users before running a command has also been adjusted for Debian compatibility
+RUN chown pguser:pguser /home/pguser/gpg-public-key && \
+    chmod 600 /home/pguser/gpg-public-key && \
+    su pguser -c 'gpg --import /home/pguser/gpg-public-key'
+
+# Switch to the non-root user
+USER pguser
+

serve-encrypt/gpg-public-key

@@ -0,0 +1,13 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZdi2zRYJKwYBBAHaRw8BAQdAWiUZyQidLNI7H5h2guFRX7Z5XMq7xlezOTPU
+4E7WLSy0IU1vbnR5UHl0aG9uIDxzZXJ2ZUBzY2lsaWZlbGFiLnNlPoiZBBMWCgBB
+FiEEFMj00C+87r6gxkIweUw2dG7WihkFAmXYts0CGwMFCQWjmoAFCwkIBwICIgIG
+FQoJCAsCBBYCAwECHgcCF4AACgkQeUw2dG7WihluEAD/e0/fe2ZWu+qsbANLrIeC
+SDcuUOhOjyExEqYUsYBuxxAA+wbnERFA6nO19tZEEVBXYz0yIbSQyCKh4CTPoUBj
+4g4EuDgEZdi2zRIKKwYBBAGXVQEFAQEHQKyr292yAwCT0lK/RaU+BBAFaSywvgvp
+0YXqHyjrHBUQAwEIB4h+BBgWCgAmFiEEFMj00C+87r6gxkIweUw2dG7WihkFAmXY
+ts0CGwwFCQWjmoAACgkQeUw2dG7Wihli3AEAqd2f5uOgNylWH0HeLfnAR2xUz69G
+lQdnr5MH33bDUu0A/1Q7OvzCTXQmjxFrAyqEn8UDs3y+wCri3z0OfX49ElgK
+=pyub
+-----END PGP PUBLIC KEY BLOCK-----

serve-filemanager/Dockerfile

@@ -7,9 +7,9 @@ COPY filebrowser.json /.filebrowser.json
 
 COPY startup.sh /usr/local/bin/startup.sh
 RUN apk add --update --no-cache \
-    wget \
-    zip \
-    unzip \
+    wget~=1.21 \
+    zip~=3 \
+    unzip~=6 \
     && adduser -D -u 1000 -g 1000 -h $HOME $USER \
     && chmod +x /usr/local/bin/startup.sh \
     && rm -rf /var/lib/apt/lists/*