Improve Docker run (envsubst, Alpine, documented env file) (#870)

* Add template for secret.json - Move to faster and lighter Alpine base image * Update documentation * Update documentation * Fix Github token config for secret.json * Extend env file for Docker runtime configuration - Update documentation - Add gh_token for GH personal access token to secret template * Change http to https in infoSite * Update .dockerignore * Update .gitignore * Update dockerignore * Remove ENV directive from Dockerfile - Environment is needed at runtime, not at buildtime * Docker: contain secret.json in private/ - Incorporates fix from 7c8b0e3d * Use localhost in example env * Use baseUrl in GitHub redirect * Move GH personal token retrieval up - To remove duplicate Promise.then() * Typo in shields.example.env
2017-05-07 20:13:02 +02:00
parent f97d5a6bd4
commit 15f24fbcce
7 changed files with 63 additions and 14 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1 +1,4 @@
-node_modules/
+node_modules/
+shields.env
+.git/
+.gitignore
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,7 @@
 /ServerScript
 /private
 /index.html
+/shields.env

 # Folder view configuration files
 .DS_Store
--- a/18
+++ b/18
@@ -1,3 +1,17 @@
-FROM node:6.4.0-onbuild
-ENV INFOSITE http://shields.io
+FROM node:6.9.2-alpine
+
+RUN apk add --update gettext
+
+RUN mkdir -p /usr/src/app
+RUN mkdir /usr/src/app/private
+WORKDIR /usr/src/app
+
+ARG NODE_ENV
+ENV NODE_ENV $NODE_ENV
+COPY package.json /usr/src/app/
+RUN npm install
+COPY . /usr/src/app
+
+CMD envsubst < secret.tpl.json > ./private/secret.json && npm start
+
 EXPOSE 80
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -136,16 +136,17 @@ You can build and run the server locally using Docker. First build an image:
 ```console
 $ docker build -t shields .
 Sending build context to Docker daemon 3.923 MB
-Step 0 : FROM node:6.4.0-onbuild
 …
-Removing intermediate container c4678889953f
 Successfully built 4471b442c220
 ```

+Optionally, create a file called `shields.env` that contains the needed configuration. See
+`secret.example.env` for an example.
+
 Then run the container:

 ```console
-$ docker run --rm -p 8080:80 -v "$(pwd)/private/secret.json":/usr/src/app/secret.json --name shields shields
+$ docker run --rm -p 8080:80 --env-file shields.env --name shields shields

 > gh-badges@1.1.2 start /usr/src/app
 > node server.js
@@ -172,6 +173,8 @@ bintray_apikey
 bintray_user
 gh_client_id
 gh_client_secret
+gh_token
+gitter_dev_secret
 shieldsIps
 shieldsSecret
 sl_insight_apiToken
@@ -180,6 +183,9 @@ sl_insight_userUuid

 (Gathered from `cat private/secret.json | jq keys | grep -o '".*"' | sed 's/"//g'`.)

+The `secret.tpl.json` is a template file used by the Docker container to set the secrets based on
+environment variables.
+
 # Main Server Sysadmin

 - Servers in DNS round-robin:
--- a/lib/github-auth.js
+++ b/lib/github-auth.js
@@ -2,6 +2,7 @@ var querystring = require('querystring');
 var request = require('request');
 var autosave = require('json-autosave');
 var serverSecrets;
+var baseUrl = process.env.BASE_URL || "https://shields.io";
 try {
  // Everything that cannot be checked in but is useful server-side
  // is stored in this JSON data.
@@ -14,6 +15,12 @@ autosave(githubUserTokensFile, {data:[]}).then(function(f) {
  for (var i = 0; i < githubUserTokens.data.length; i++) {
    addGithubToken(githubUserTokens.data[i]);
  }
+  // Personal tokens allow access to GitHub private repositories.
+  // You can manage your personal GitHub token at
+  // <https://github.com/settings/tokens>.
+  if (serverSecrets && serverSecrets.gh_token) {
+    addGithubToken(serverSecrets.gh_token);
+  }
 }).catch(function(e) { console.error('Could not create ' + githubUserTokensFile); });

 function setRoutes(server) {
@@ -23,7 +30,7 @@ function setRoutes(server) {
    }
    var query = querystring.stringify({
      client_id: serverSecrets.gh_client_id,
-      redirect_uri: 'https://img.shields.io/github-auth/done',
+      redirect_uri: baseUrl + '/github-auth/done',
    });
    ask.res.statusCode = 302;  // Found.
    ask.res.setHeader('Location', 'https://github.com/login/oauth/authorize?' + query);
@@ -200,13 +207,6 @@ function rmGithubToken(token) {
  }
 }

-// Personal tokens allow access to GitHub private repositories.
-// You can manage your personal GitHub token at
-// <https://github.com/settings/tokens>.
-if (serverSecrets && serverSecrets.gh_token) {
-  addGithubToken(serverSecrets.gh_token);
-}
-
 // Act like request(), but tweak headers and query to avoid hitting a rate
 // limit.
 function githubRequest(request, url, query, cb) {
--- a/secret.tpl.json
+++ b/secret.tpl.json
@@ -0,0 +1,6 @@
+{
+  "gh_client_id": "${GH_CLIENT_ID}",
+  "gh_client_secret": "${GH_CLIENT_SECRET}",
+  "shieldsIps": [ "${SHIELDS_IP}" ],
+  "gh_token": "${GH_TOKEN}"
+}
--- a/shields.example.env
+++ b/shields.example.env
@@ -0,0 +1,19 @@
+# Base URL for redirects etc.
+BASE_URL=http://localhost:8080
+# Where your homepage is
+INFOSITE=http://localhost:8080/try.html
+
+# GitHub settings
+GITHUB_URL=https://api.github.com
+# Create your GitHub OAuth application here: https://github.com/settings/developers
+GH_CLIENT_ID=insert_client_id
+GH_CLIENT_SECRET=insert_client_secret
+# Create your Personal Access Token here: https://github.com/settings/tokens
+GH_TOKEN=insert_token
+
+# Server settings
+PORT=80
+BIND_ADDRESS=::
+
+# IP address of your Shields server. You may use DNS here instead of IP, but that's less secure
+SHIELDS_IP=insert_shields_ip