Make push required input on build action (#16)

* make push required input on build action * Validate image inputs * pass image tags * use nonroot * add nonroot user * install dev deps * noonroot owns all the /app files * fix order * eff it use root for now.
mozilla · Mar 14, 2024 · 09b83d9 · 09b83d9
1 parent b3c34a6
commit 09b83d9
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 3 deletions.
diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml
@@ -2,7 +2,7 @@ name: 'Docker Build'
 description: 'Builds docker image'
 inputs:
   push:
-    required: false
+    required: true
     description: "Build and push image to registry (cannot be used together with load)"
     default: "false"
 

diff --git a/.github/actions/run/action.yml b/.github/actions/run/action.yml
@@ -13,6 +13,17 @@ inputs:
 runs:
   using: 'composite'
   steps:
+    - name: Validate inputs
+      shell: bash
+      run: |
+        if [[ -z "${{ inputs.image }}" ]]; then
+          echo "Image is required"
+          exit 1
+        fi
+        if [[ -z "${{ inputs.run }}" ]]; then
+          echo "Run is required"
+          exit 1
+        fi
     - name: Run Docker Container
       shell: bash
       run: |
@@ -25,7 +36,7 @@ runs:
         cat <<EOF > root.sh
         #!/bin/bash
         whoami
-        su -s /bin/bash -c './exec.sh' olympia
+        su -s /bin/bash -c './exec.sh' root
         EOF
 
         # Make both files executable

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -7,21 +7,27 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - uses: ./.github/actions/build
+      id: build
     - name: Test
       uses: ./.github/actions/run
       with:
+        image: ${{ steps.build.outputs.tags }}
         run: |
           echo "Testing"
+          npm ci
           npm run test
   lint:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
     - uses: ./.github/actions/build
+      id: build
     - name: Lint
       uses: ./.github/actions/run
       with:
+        image: ${{ steps.build.outputs.tags }}
         run: |
           echo "Linting"
+          npm ci
           npm run lint
 
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,8 @@
 FROM node:18 as base
 
+
 WORKDIR /app
-COPY --chown=node package*.json /app/
+COPY package*.json /app/
 
 RUN /bin/bash <<EOF
 npm install
@@ -23,5 +24,6 @@ RUN npm i --omit=dev --no-save
 
 EXPOSE 3000
 
+
 CMD ["npm", "run", "start"]