Commit 22aa9643 authored by Sebastien Moretti's avatar Sebastien Moretti Committed by service epd
Browse files

Start Dockerfile

parent 078a1f4c
FROM centos:centos7 AS builder
ARG UCNEBASE_VERSION
ARG BUILD_DATE
# METADATA
# Use Open Containers Initiative (OCI)
# See https://rehansaeed.com/docker-labels-depth/
# See https://github.com/opencontainers/image-spec/blob/master/annotations.md
# Exist also another structured label initiative: http://label-schema.org/ superceded by OCI now
LABEL org.opencontainers.image.title="UCNEbase: a database of ultra-conserved non-coding elements and genomic regulatory blocks"
LABEL org.opencontainers.image.version=$UCNEBASE_VERSION
LABEL org.opencontainers.image.vendor="SIB Swiss Institute of Bioinformatics"
LABEL org.opencontainers.image.authors="sebastien.moretti@sib.swiss"
LABEL org.opencontainers.image.url="https://gitlab.sib.swiss/EPD/UCNEbase_web"
LABEL org.opencontainers.image.source="https://gitlab.sib.swiss/EPD/UCNEbase_web"
LABEL org.opencontainers.image.documentation="https://gitlab.sib.swiss/EPD/UCNEbase_web"
LABEL org.opencontainers.image.licenses="????????????????????????????????????????????????????????????"
LABEL org.opencontainers.image.description="UCNEbase is a free, web-accessible information resource on the \
evolution and genomic organization of ultra-conserved non-coding elements (UCNEs)"
LABEL org.opencontainers.image.created=$BUILD_DATE
# INSTALLATION
ENV USER=ucnebase
# In a single layer to save time AND space
RUN echo '# OS update' \
&& yum check-update \
&& yum update -y \
&& echo '# Install OS requirements' \
&& yum install perl httpd mysql-community-server php-mysqlnd \
&& echo '# Install UCNEbase' \
&& echo '# CLEANING' \
&& echo '## So try to remove manually useless stuff' \
&& yum removed *-devel gcc \
&& yum clean all \
&& groupadd -g 1001 ${USER} && useradd -r -u 1001 -g ${USER} ${USER}
# SECURITY
## Control root access
USER ${USER}
ENV HOME=/home/${USER}
WORKDIR ${HOME}
##Rest of Dockerfile with this user
ENV LC_ALL="C"
# TEST
RUN ....... || true
HEALTHCHECK CMD ....... || exit 1
#See https://docs.docker.com/engine/reference/commandline/build/
# https://stackify.com/docker-build-a-beginners-guide-to-building-docker-images/
# https://docs.docker.com/engine/reference/commandline/exec/
# https://developers.redhat.com/blog/2016/03/09/more-about-docker-images-size/
## ucnebase:0.0.1 is the built image target, usually (lowercase) name:version
## Dockerfile is the Dockerfile, the commands used to build the image
## Dockerfile example: https://github.com/ElmerCSC/elmerfem/blob/devel/docker/elmerice.dockerfile
# https://github.com/ComparativeGenomicsToolkit/cactus/blob/master/Dockerfile
# https://github.com/ComparativeGenomicsToolkit/Comparative-Annotation-Toolkit/blob/master/Dockerfile
# Build Docker image
export UCNEBASE_VERSION=0.0.1
docker build -t ucnebase:$UCNEBASE_VERSION --no-cache=true --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --build-arg UCNEBASE_VERSION=$UCNEBASE_VERSION -f Dockerfile . 2>&1 >UCNEbase.Dockerfile.log
# List Docker local images (imported or built)
docker images
# Purging All Unused or Dangling Images, Containers, Volumes, and Networks
# see https://www.digitalocean.com/community/tutorials/how-to-remove-docker-images-containers-and-volumes
docker system prune
# Inspect images
docker inspect ucnebase:$UCNEBASE_VERSION
# Show running containers
docker ps
# Run bash in the Docker image
docker run --name UCNEbase --rm -i -t ucnebase:$UCNEBASE_VERSION bash
# Mounting/binding a local repository (,readonly can be added to force readonly mounting)
--mount type=bind,source=/software,target=/software
- UCNEBASE_VERSION is the container version
- --name assignes a name to the running container
- --rm automatically removes the container when it exits
- -i opens an interactive session with the container
- -t allocates a pseudo-TTY
####### Container Security
# See https://www.hpe.com/us/en/insights/articles/5-ways-to-secure-your-containers-1904.html
# https://blog.sqreen.com/docker-security/
# https://www.techrepublic.com/article/5-tips-for-securing-your-docker-containers/
# https://thenewstack.io/how-to-lock-down-the-kernel-to-secure-the-container/
# https://about.gitlab.com/blog/2019/08/27/beginners-guide-container-security/
# https://techbeacon.com/enterprise-it/how-secure-containers-actions-every-enterprise-should-take
# https://wiki.aquasec.com/display/containers/Container+Security+Best+Practices
####### Sign container in Docker hub
# See https://docs.docker.com/engine/security/trust/
#
# Enable Docker Content Trust
export DOCKER_CONTENT_TRUST=1
# Sign and Push Images with Docker Content Trust
# Log into Docker Hub with Docker 1.8+
docker login
#With Docker Content Trust enabled, push an image to Hub. When you push, Docker will note you have no keys, create them, and prompt you for a passphrase to encrypt them:
docker tag ucnebase:$UCNEBASE_VERSION sibswiss/ucnebase:$UCNEBASE_VERSION
docker -D push sibswiss/ucnebase:$UCNEBASE_VERSION
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment