Compare commits
29 Commits
Author | SHA1 | Date |
---|---|---|
Adolfo Delorenzo | c9337417ae | |
Stefan Scherer | 13386236e4 | |
Stefan Scherer | 2376af82e7 | |
dependabot[bot] | e991a5ab73 | |
dependabot[bot] | 62e2117581 | |
Alex White | 4b6b5476c5 | |
zipperer | e43a605d37 | |
Stefan Scherer | eccb882c59 | |
Stefan Scherer | 3de6451f5c | |
Stefan Scherer | b66f1c3224 | |
Stephen Turner | 23e02b9a44 | |
dependabot[bot] | 5cccd65849 | |
Tony Brown | 9646231353 | |
Tim Gibson | 3cbe2e686e | |
Stefan Scherer | 172c616131 | |
Stefan Scherer | 6190776cb6 | |
Mathieu Champlon | 3323acf03e | |
Stefan Scherer | 559d5f335e | |
Stefan Scherer | 6916e6a595 | |
Corey Garvey | bb961ef28d | |
Harun Kilic | 0b402b3ebf | |
Veyndan Stuart | 4ed7232ea2 | |
Stefan Scherer | 9f31a47053 | |
dependabot[bot] | b1d106ea7c | |
Stefan Scherer | 288a57ea63 | |
Stefan Scherer | f232e36815 | |
Stefan Scherer | fe2686fe00 | |
Stefan Scherer | a33ed89ab3 | |
Stefan Scherer | f77065be98 |
|
@ -0,0 +1,12 @@
|
|||
name: Build
|
||||
on: [push, pull_request]
|
||||
jobs:
|
||||
build:
|
||||
name: Build
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Build
|
||||
uses: docker/build-push-action@v1
|
||||
with:
|
||||
push: false
|
|
@ -7,6 +7,7 @@ RUN pip install -r requirements.txt
|
|||
|
||||
# Run tests to validate app
|
||||
FROM node:12-alpine AS app-base
|
||||
RUN apk add --no-cache python g++ make
|
||||
WORKDIR /app
|
||||
COPY app/package.json app/yarn.lock ./
|
||||
RUN yarn install
|
||||
|
|
|
@ -10,7 +10,7 @@ pipeline {
|
|||
when {
|
||||
branch 'master'
|
||||
}
|
||||
sh "docker build docker/getting-started ."
|
||||
sh "docker build -t docker/getting-started ."
|
||||
|
||||
steps {
|
||||
withDockerRegistry([url: "", credentialsId: "dockerbuildbot-index.docker.io"]) {
|
||||
|
@ -19,4 +19,4 @@ pipeline {
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -37,6 +37,6 @@ docker-compose up
|
|||
|
||||
If you find typos or other issues with the tutorial, feel free to create a PR and suggest fixes!
|
||||
|
||||
If you have ideas on how to make the tutorial better or new content, please open an issue first before working on your idea. While we love input, we want to keep the tutorial is scoped to new-comers.
|
||||
If you have ideas on how to make the tutorial better or new content, please open an issue first before working on your idea. While we love input, we want to keep the tutorial scoped to newcomers.
|
||||
As such, we may reject ideas for more advanced requests and don't want you to lose any work you might
|
||||
have done. So, ask first and we'll gladly hear your thoughts!
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
# syntax=docker/dockerfile:1
|
||||
FROM node:12-alpine
|
||||
RUN apk add --no-cache python g++ make
|
||||
WORKDIR /app
|
||||
COPY . .
|
||||
RUN yarn install --production
|
||||
CMD ["node", "src/index.js"]
|
|
@ -8,9 +8,10 @@
|
|||
<link rel="stylesheet" href="css/font-awesome/all.min.css" crossorigin="anonymous" />
|
||||
<link href="https://fonts.googleapis.com/css?family=Lato&display=swap" rel="stylesheet" />
|
||||
<link rel="stylesheet" href="css/styles.css" />
|
||||
<title>Todo App</title>
|
||||
<title>Lista de compras</title>
|
||||
</head>
|
||||
<body>
|
||||
<center><h2>Lista de Compras</h2></center>
|
||||
<div id="root"></div>
|
||||
<script src="js/react.production.min.js"></script>
|
||||
<script src="js/react-dom.production.min.js"></script>
|
||||
|
|
|
@ -53,7 +53,7 @@ function TodoListCard() {
|
|||
<React.Fragment>
|
||||
<AddItemForm onNewItem={onNewItem} />
|
||||
{items.length === 0 && (
|
||||
<p className="text-center">No items yet! Add one above!</p>
|
||||
<p className="text-center">Adicionar um item</p>
|
||||
)}
|
||||
{items.map(item => (
|
||||
<ItemDisplay
|
||||
|
@ -96,7 +96,7 @@ function AddItemForm({ onNewItem }) {
|
|||
value={newItem}
|
||||
onChange={e => setNewItem(e.target.value)}
|
||||
type="text"
|
||||
placeholder="New Item"
|
||||
placeholder="Novo produto"
|
||||
aria-describedby="basic-addon1"
|
||||
/>
|
||||
<InputGroup.Append>
|
||||
|
@ -106,7 +106,7 @@ function AddItemForm({ onNewItem }) {
|
|||
disabled={!newItem.length}
|
||||
className={submitting ? 'disabled' : ''}
|
||||
>
|
||||
{submitting ? 'Adding...' : 'Add Item'}
|
||||
{submitting ? 'Adding...' : 'OK'}
|
||||
</Button>
|
||||
</InputGroup.Append>
|
||||
</InputGroup>
|
||||
|
|
|
@ -2592,9 +2592,9 @@ lodash.sortby@^4.7.0:
|
|||
integrity sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=
|
||||
|
||||
lodash@^4.17.11, lodash@^4.17.13:
|
||||
version "4.17.15"
|
||||
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.15.tgz#b447f6670a0455bbfeedd11392eff330ea097548"
|
||||
integrity sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==
|
||||
version "4.17.19"
|
||||
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.19.tgz#e48ddedbe30b3321783c5b4301fbd353bc1e4a4b"
|
||||
integrity sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==
|
||||
|
||||
loose-envify@^1.0.0:
|
||||
version "1.4.0"
|
||||
|
@ -4366,9 +4366,9 @@ xml-name-validator@^3.0.0:
|
|||
integrity sha512-A5CUptxDsvxKJEU3yO6DuWBSJz/qizqzJKOMIfUJHETbBw/sFaDxgd6fxm1ewUaM0jZ444Fc5vC5ROYurg/4Pw==
|
||||
|
||||
y18n@^4.0.0:
|
||||
version "4.0.0"
|
||||
resolved "https://registry.yarnpkg.com/y18n/-/y18n-4.0.0.tgz#95ef94f85ecc81d007c264e190a120f0a3c8566b"
|
||||
integrity sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==
|
||||
version "4.0.1"
|
||||
resolved "https://registry.yarnpkg.com/y18n/-/y18n-4.0.1.tgz#8db2b83c31c5d75099bb890b23f3094891e247d4"
|
||||
integrity sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==
|
||||
|
||||
yallist@^2.1.2:
|
||||
version "2.1.2"
|
||||
|
@ -4381,9 +4381,9 @@ yallist@^3.0.0, yallist@^3.0.3:
|
|||
integrity sha512-S+Zk8DEWE6oKpV+vI3qWkaK+jSbIK86pCwe2IF/xwIpQ8jEuxpw9NyaGjmp9+BoJv5FV2piqCDcoCtStppiq2A==
|
||||
|
||||
yargs-parser@^13.1.1:
|
||||
version "13.1.1"
|
||||
resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-13.1.1.tgz#d26058532aa06d365fe091f6a1fc06b2f7e5eca0"
|
||||
integrity sha512-oVAVsHz6uFrg3XQheFII8ESO2ssAf9luWuAd6Wexsu4F3OtIW0o8IribPXYrD4WC24LWtPrJlGy87y5udK+dxQ==
|
||||
version "13.1.2"
|
||||
resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-13.1.2.tgz#130f09702ebaeef2650d54ce6e3e5706f7a4fb38"
|
||||
integrity sha512-3lbsNRf/j+A4QuSZfDRA7HRSfWrzO0YjqTJd5kjAq37Zep1CEgaYmrH9Q3GwPiB9cHyd1Y1UwggGhJGoxipbzg==
|
||||
dependencies:
|
||||
camelcase "^5.0.0"
|
||||
decamelize "^1.2.0"
|
||||
|
|
2
build.sh
2
build.sh
|
@ -9,6 +9,6 @@ else
|
|||
fi
|
||||
|
||||
docker buildx build \
|
||||
--platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \
|
||||
--platform linux/amd64,linux/arm64 \
|
||||
-t docker/getting-started:latest \
|
||||
$( (( $WILL_PUSH == 1 )) && printf %s '--push' ) .
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 125 KiB |
|
@ -1,3 +1,46 @@
|
|||
## Security Scanning
|
||||
|
||||
When you have built an image, it is good practice to scan it for security vulnerabilities using the `docker scan` command.
|
||||
Docker has partnered with [Snyk](http://snyk.io) to provide the vulnerability scanning service.
|
||||
|
||||
For example, to scan the `getting-started` image you created earlier in the tutorial, you can just type
|
||||
|
||||
```bash
|
||||
docker scan getting-started
|
||||
```
|
||||
|
||||
The scan uses a constantly updated database of vulnerabilities, so the output you see will vary as new
|
||||
vulnerabilities are discovered, but it might look something like this:
|
||||
|
||||
```plaintext
|
||||
✗ Low severity vulnerability found in freetype/freetype
|
||||
Description: CVE-2020-15999
|
||||
Info: https://snyk.io/vuln/SNYK-ALPINE310-FREETYPE-1019641
|
||||
Introduced through: freetype/freetype@2.10.0-r0, gd/libgd@2.2.5-r2
|
||||
From: freetype/freetype@2.10.0-r0
|
||||
From: gd/libgd@2.2.5-r2 > freetype/freetype@2.10.0-r0
|
||||
Fixed in: 2.10.0-r1
|
||||
|
||||
✗ Medium severity vulnerability found in libxml2/libxml2
|
||||
Description: Out-of-bounds Read
|
||||
Info: https://snyk.io/vuln/SNYK-ALPINE310-LIBXML2-674791
|
||||
Introduced through: libxml2/libxml2@2.9.9-r3, libxslt/libxslt@1.1.33-r3, nginx-module-xslt/nginx-module-xslt@1.17.9-r1
|
||||
From: libxml2/libxml2@2.9.9-r3
|
||||
From: libxslt/libxslt@1.1.33-r3 > libxml2/libxml2@2.9.9-r3
|
||||
From: nginx-module-xslt/nginx-module-xslt@1.17.9-r1 > libxml2/libxml2@2.9.9-r3
|
||||
Fixed in: 2.9.9-r4
|
||||
```
|
||||
|
||||
The output lists the type of vulnerability, a URL to learn more, and importantly which version of the relevant library
|
||||
fixes the vulnerability.
|
||||
|
||||
There are several other options, which you can read about in the [docker scan documentation](https://docs.docker.com/engine/scan/).
|
||||
|
||||
As well as scanning your newly built image on the command line, you can also [configure Docker Hub](https://docs.docker.com/docker-hub/vulnerability-scanning/)
|
||||
to scan all newly pushed images automatically, and you can then see the results in both Docker Hub and Docker Desktop.
|
||||
|
||||
![Hub vulnerability scanning](hvs.png){: style=width:75% }
|
||||
{: .text-center }
|
||||
|
||||
## Image Layering
|
||||
|
||||
|
@ -222,6 +265,6 @@ into an nginx container. Cool, huh?
|
|||
## Recap
|
||||
|
||||
By understanding a little bit about how images are structured, we can build images faster and ship fewer changes.
|
||||
Scanning images gives us confidence that the containers we are running and distributing are secure.
|
||||
Multi-stage builds also help us reduce overall image size and increase final container security by separating
|
||||
build-time dependencies from runtime dependencies.
|
||||
|
||||
|
|
|
@ -37,8 +37,8 @@ For now, we will create the network first and attach the MySQL container at star
|
|||
docker network create todo-app
|
||||
```
|
||||
|
||||
1. Start a MySQL container and attach it the network. We're also going to define a few environment variables that the
|
||||
database will use to initialize the database (see the "Environment Variables" section in the [MySQL Docker Hub listing](https://hub.docker.com/_/mysql/)) (replace the ` \ ` characters with `` ` `` in Windows PowerShell).
|
||||
1. Start a MySQL container and attach it to the network. We're also going to define a few environment variables that the
|
||||
database will use to initialize the database (see the "Environment Variables" section in the [MySQL Docker Hub listing](https://hub.docker.com/_/mysql/)).
|
||||
|
||||
```bash
|
||||
docker run -d \
|
||||
|
@ -49,6 +49,17 @@ For now, we will create the network first and attach the MySQL container at star
|
|||
mysql:5.7
|
||||
```
|
||||
|
||||
If you are using PowerShell then use this command.
|
||||
|
||||
```powershell
|
||||
docker run -d `
|
||||
--network todo-app --network-alias mysql `
|
||||
-v todo-mysql-data:/var/lib/mysql `
|
||||
-e MYSQL_ROOT_PASSWORD=secret `
|
||||
-e MYSQL_DATABASE=todos `
|
||||
mysql:5.7
|
||||
```
|
||||
|
||||
You'll also see we specified the `--network-alias` flag. We'll come back to that in just a moment.
|
||||
|
||||
!!! info "Pro-tip"
|
||||
|
@ -156,7 +167,7 @@ The todo app supports the setting of a few environment variables to specify MySQ
|
|||
|
||||
A more secure mechanism is to use the secret support provided by your container orchestration framework. In most cases,
|
||||
these secrets are mounted as files in the running container. You'll see many apps (including the MySQL image and the todo app)
|
||||
also support env vars with a `_FILE` suffix to point to a file containing the file.
|
||||
also support env vars with a `_FILE` suffix to point to a file containing the variable.
|
||||
|
||||
As an example, setting the `MYSQL_PASSWORD_FILE` var will cause the app to use the contents of the referenced file
|
||||
as the connection password. Docker doesn't do anything to support these env vars. Your app will need to know to look for
|
||||
|
@ -165,11 +176,11 @@ The todo app supports the setting of a few environment variables to specify MySQ
|
|||
|
||||
With all of that explained, let's start our dev-ready container!
|
||||
|
||||
1. We'll specify each of the environment variables above, as well as connect the container to our app network (replace the ` \ ` characters with `` ` `` in Windows PowerShell).
|
||||
1. We'll specify each of the environment variables above, as well as connect the container to our app network.
|
||||
|
||||
```bash hl_lines="3 4 5 6 7"
|
||||
docker run -dp 3000:3000 \
|
||||
-w /app -v ${PWD}:/app \
|
||||
-w /app -v "$(pwd):/app" \
|
||||
--network todo-app \
|
||||
-e MYSQL_HOST=mysql \
|
||||
-e MYSQL_USER=root \
|
||||
|
@ -179,6 +190,20 @@ With all of that explained, let's start our dev-ready container!
|
|||
sh -c "yarn install && yarn run dev"
|
||||
```
|
||||
|
||||
If you are using PowerShell then use this command.
|
||||
|
||||
```powershell hl_lines="3 4 5 6 7"
|
||||
docker run -dp 3000:3000 `
|
||||
-w /app -v "$(pwd):/app" `
|
||||
--network todo-app `
|
||||
-e MYSQL_HOST=mysql `
|
||||
-e MYSQL_USER=root `
|
||||
-e MYSQL_PASSWORD=secret `
|
||||
-e MYSQL_DB=todos `
|
||||
node:12-alpine `
|
||||
sh -c "yarn install && yarn run dev"
|
||||
```
|
||||
|
||||
1. If we look at the logs for the container (`docker logs <container-id>`), we should see a message indicating it's
|
||||
using the mysql database.
|
||||
|
||||
|
@ -199,7 +224,7 @@ With all of that explained, let's start our dev-ready container!
|
|||
is **secret**.
|
||||
|
||||
```bash
|
||||
docker exec -ti <mysql-container-id> mysql -p todos
|
||||
docker exec -it <mysql-container-id> mysql -p todos
|
||||
```
|
||||
|
||||
And in the mysql shell, run the following:
|
||||
|
|
|
@ -38,6 +38,7 @@ see a few flaws in the Dockerfile below. But, don't worry! We'll go over them.
|
|||
|
||||
```dockerfile
|
||||
FROM node:12-alpine
|
||||
RUN apk add --no-cache python g++ make
|
||||
WORKDIR /app
|
||||
COPY . .
|
||||
RUN yarn install --production
|
||||
|
|
|
@ -14,7 +14,7 @@ changes and then restart the application. There are equivalent tools in most oth
|
|||
## Quick Volume Type Comparisons
|
||||
|
||||
Bind mounts and named volumes are the two main types of volumes that come with the Docker engine. However, additional
|
||||
volume drivers are available to support other uses cases ([SFTP](https://github.com/vieux/docker-volume-sshfs), [Ceph](https://ceph.com/geen-categorie/getting-started-with-the-docker-rbd-volume-plugin/), [NetApp](https://netappdvp.readthedocs.io/en/stable/), [S3](https://github.com/elementar/docker-s3-volume), and more).
|
||||
volume drivers are available to support other use cases ([SFTP](https://github.com/vieux/docker-volume-sshfs), [Ceph](https://ceph.com/geen-categorie/getting-started-with-the-docker-rbd-volume-plugin/), [NetApp](https://netappdvp.readthedocs.io/en/stable/), [S3](https://github.com/elementar/docker-s3-volume), and more).
|
||||
|
||||
| | Named Volumes | Bind Mounts |
|
||||
| - | ------------- | ----------- |
|
||||
|
@ -36,18 +36,27 @@ So, let's do it!
|
|||
|
||||
1. Make sure you don't have any previous `getting-started` containers running.
|
||||
|
||||
1. Run the following command (replace the ` \ ` characters with `` ` `` in Windows PowerShell). We'll explain what's going on afterwards:
|
||||
1. Run the following command. We'll explain what's going on afterwards:
|
||||
|
||||
```bash
|
||||
docker run -dp 3000:3000 \
|
||||
-w /app -v ${PWD}:/app \
|
||||
-w /app -v "$(pwd):/app" \
|
||||
node:12-alpine \
|
||||
sh -c "yarn install && yarn run dev"
|
||||
```
|
||||
|
||||
If you are using PowerShell then use this command.
|
||||
|
||||
```powershell
|
||||
docker run -dp 3000:3000 `
|
||||
-w /app -v "$(pwd):/app" `
|
||||
node:12-alpine `
|
||||
sh -c "yarn install && yarn run dev"
|
||||
```
|
||||
|
||||
- `-dp 3000:3000` - same as before. Run in detached (background) mode and create a port mapping
|
||||
- `-w /app` - sets the "working directory" or the current directory that the command will run from
|
||||
- `-v ${PWD}:/app` - bind mount the current directory from the host in the container into the `/app` directory
|
||||
- `-v "$(pwd):/app"` - bind mount the current directory from the host in the container into the `/app` directory
|
||||
- `node:12-alpine` - the image to use. Note that this is the base image for our app from the Dockerfile
|
||||
- `sh -c "yarn install && yarn run dev"` - the command. We're starting a shell using `sh` (alpine doesn't have `bash`) and
|
||||
running `yarn install` to install _all_ dependencies and then running `yarn run dev`. If we look in the `package.json`,
|
||||
|
|
|
@ -49,11 +49,11 @@ And now, we'll start migrating a service at a time into the compose file.
|
|||
|
||||
## Defining the App Service
|
||||
|
||||
To remember, this was the command we were using to define our app container (replace the ` \ ` characters with `` ` `` in Windows PowerShell).
|
||||
To remember, this was the command we were using to define our app container.
|
||||
|
||||
```bash
|
||||
docker run -dp 3000:3000 \
|
||||
-w /app -v ${PWD}:/app \
|
||||
-w /app -v "$(pwd):/app" \
|
||||
--network todo-app \
|
||||
-e MYSQL_HOST=mysql \
|
||||
-e MYSQL_USER=root \
|
||||
|
@ -63,6 +63,20 @@ docker run -dp 3000:3000 \
|
|||
sh -c "yarn install && yarn run dev"
|
||||
```
|
||||
|
||||
If you are using PowerShell then use this command.
|
||||
|
||||
```powershell
|
||||
docker run -dp 3000:3000 `
|
||||
-w /app -v "$(pwd):/app" `
|
||||
--network todo-app `
|
||||
-e MYSQL_HOST=mysql `
|
||||
-e MYSQL_USER=root `
|
||||
-e MYSQL_PASSWORD=secret `
|
||||
-e MYSQL_DB=todos `
|
||||
node:12-alpine `
|
||||
sh -c "yarn install && yarn run dev"
|
||||
```
|
||||
|
||||
1. First, let's define the service entry and the image for the container. We can pick any name for the service.
|
||||
The name will automatically become a network alias, which will be useful when defining our MySQL service.
|
||||
|
||||
|
@ -102,7 +116,7 @@ docker run -dp 3000:3000 \
|
|||
- 3000:3000
|
||||
```
|
||||
|
||||
1. Next, we'll migrate both the working directory (`-w /app`) and the volume mapping (`-v ${PWD}:/app`) by using
|
||||
1. Next, we'll migrate both the working directory (`-w /app`) and the volume mapping (`-v "$(pwd):/app"`) by using
|
||||
the `working_dir` and `volumes` definitions. Volumes also has a [short](https://docs.docker.com/compose/compose-file/#short-syntax-3) and [long](https://docs.docker.com/compose/compose-file/#long-syntax-3) syntax.
|
||||
|
||||
One advantage of Docker Compose volume definitions is we can use relative paths from the current directory.
|
||||
|
@ -145,7 +159,7 @@ docker run -dp 3000:3000 \
|
|||
|
||||
### Defining the MySQL Service
|
||||
|
||||
Now, it's time to define the MySQL service. The command that we used for that container was the following (replace the ` \ ` characters with `` ` `` in Windows PowerShell):
|
||||
Now, it's time to define the MySQL service. The command that we used for that container was the following:
|
||||
|
||||
```bash
|
||||
docker run -d \
|
||||
|
@ -156,6 +170,17 @@ docker run -d \
|
|||
mysql:5.7
|
||||
```
|
||||
|
||||
If you are using PowerShell then use this command.
|
||||
|
||||
```powershell
|
||||
docker run -d `
|
||||
--network todo-app --network-alias mysql `
|
||||
-v todo-mysql-data:/var/lib/mysql `
|
||||
-e MYSQL_ROOT_PASSWORD=secret `
|
||||
-e MYSQL_DATABASE=todos `
|
||||
mysql:5.7
|
||||
```
|
||||
|
||||
1. We will first define the new service and name it `mysql` so it automatically gets the network alias. We'll
|
||||
go ahead and specify the image to use as well.
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
mkdocs==1.0.4
|
||||
mkdocs-material==4.6.3
|
||||
mkdocs-minify-plugin==0.2.3
|
||||
pygments==2.6.1
|
||||
pygments==2.7.4
|
||||
pymdown-extensions==7.0
|
||||
|
|
Loading…
Reference in New Issue