Start Dockerfile

docker/Dockerfile

+FROM centos:centos7 AS builder
+
+ARG UCNEBASE_VERSION
+ARG BUILD_DATE
+
+# METADATA
+# Use Open Containers Initiative (OCI)
+# See https://rehansaeed.com/docker-labels-depth/
+# See https://github.com/opencontainers/image-spec/blob/master/annotations.md
+# Exist also another structured label initiative: http://label-schema.org/ superceded by OCI now
+LABEL org.opencontainers.image.title="UCNEbase: a database of ultra-conserved non-coding elements and genomic regulatory blocks"
+LABEL org.opencontainers.image.version=$UCNEBASE_VERSION
+LABEL org.opencontainers.image.vendor="SIB Swiss Institute of Bioinformatics"
+LABEL org.opencontainers.image.authors="sebastien.moretti@sib.swiss"
+LABEL org.opencontainers.image.url="https://gitlab.sib.swiss/EPD/UCNEbase_web"
+LABEL org.opencontainers.image.source="https://gitlab.sib.swiss/EPD/UCNEbase_web"
+LABEL org.opencontainers.image.documentation="https://gitlab.sib.swiss/EPD/UCNEbase_web"
+LABEL org.opencontainers.image.licenses="????????????????????????????????????????????????????????????"
+LABEL org.opencontainers.image.description="UCNEbase is a free, web-accessible information resource on the \
+evolution and genomic organization of ultra-conserved non-coding elements (UCNEs)"
+LABEL org.opencontainers.image.created=$BUILD_DATE
+
+
+# INSTALLATION
+ENV USER=ucnebase
+# In a single layer to save time AND space
+RUN echo '# OS update' \
+	&& yum check-update \
+	&& yum update  -y \
+	&&        echo '# Install OS requirements' \
+	&& yum install perl httpd mysql-community-server php-mysqlnd \
+	&&        echo '# Install UCNEbase' \
+	&& echo '# CLEANING' \
+	&& echo '## So try to remove manually useless stuff' \
+	&& yum removed *-devel gcc \
+	&& yum clean all \
+	&& groupadd -g 1001 ${USER} && useradd -r -u 1001 -g ${USER} ${USER}
+
+
+# SECURITY
+## Control root access
+USER ${USER}
+ENV HOME=/home/${USER}
+WORKDIR ${HOME}
+##Rest of Dockerfile with this user
+ENV LC_ALL="C"
+
+
+# TEST
+RUN ....... || true
+
+HEALTHCHECK CMD ....... || exit 1
+

docker/README.docker

+#See https://docs.docker.com/engine/reference/commandline/build/
+#    https://stackify.com/docker-build-a-beginners-guide-to-building-docker-images/
+#    https://docs.docker.com/engine/reference/commandline/exec/
+#    https://developers.redhat.com/blog/2016/03/09/more-about-docker-images-size/
+
+
+## ucnebase:0.0.1        is the built image target, usually (lowercase) name:version
+## Dockerfile            is the Dockerfile, the commands used to build the image
+## Dockerfile example: https://github.com/ElmerCSC/elmerfem/blob/devel/docker/elmerice.dockerfile
+#                      https://github.com/ComparativeGenomicsToolkit/cactus/blob/master/Dockerfile
+#                      https://github.com/ComparativeGenomicsToolkit/Comparative-Annotation-Toolkit/blob/master/Dockerfile
+
+# Build Docker image
+export UCNEBASE_VERSION=0.0.1
+docker build -t ucnebase:$UCNEBASE_VERSION --no-cache=true --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --build-arg UCNEBASE_VERSION=$UCNEBASE_VERSION  -f Dockerfile .  2>&1 >UCNEbase.Dockerfile.log
+
+# List Docker local images (imported or built)
+docker images
+
+# Purging All Unused or Dangling Images, Containers, Volumes, and Networks
+# see https://www.digitalocean.com/community/tutorials/how-to-remove-docker-images-containers-and-volumes
+docker system prune
+
+# Inspect images
+docker inspect  ucnebase:$UCNEBASE_VERSION
+
+# Show running containers
+docker ps
+
+
+# Run bash in the Docker image
+docker run --name UCNEbase --rm -i -t ucnebase:$UCNEBASE_VERSION bash
+	# Mounting/binding a local repository (,readonly can be added to force readonly mounting)
+	--mount type=bind,source=/software,target=/software
+
+	- UCNEBASE_VERSION is the container version
+	- --name assignes a name to the running container
+	- --rm automatically removes the container when it exits
+	- -i opens an interactive session with the container
+	- -t allocates a pseudo-TTY

docker/README.docker.hub

+####### Container Security
+# See https://www.hpe.com/us/en/insights/articles/5-ways-to-secure-your-containers-1904.html
+#     https://blog.sqreen.com/docker-security/
+#     https://www.techrepublic.com/article/5-tips-for-securing-your-docker-containers/
+#     https://thenewstack.io/how-to-lock-down-the-kernel-to-secure-the-container/
+#     https://about.gitlab.com/blog/2019/08/27/beginners-guide-container-security/
+#     https://techbeacon.com/enterprise-it/how-secure-containers-actions-every-enterprise-should-take
+#     https://wiki.aquasec.com/display/containers/Container+Security+Best+Practices
+
+####### Sign container in Docker hub
+# See https://docs.docker.com/engine/security/trust/
+#
+# Enable Docker Content Trust
+export DOCKER_CONTENT_TRUST=1
+# Sign and Push Images with Docker Content Trust
+# Log into Docker Hub with Docker 1.8+
+docker login
+#With Docker Content Trust enabled, push an image to Hub. When you push, Docker will note you have no keys, create them, and prompt you for a passphrase to encrypt them:
+docker tag ucnebase:$UCNEBASE_VERSION sibswiss/ucnebase:$UCNEBASE_VERSION
+docker -D push sibswiss/ucnebase:$UCNEBASE_VERSION
+