From 7d5dcf061cc35e8625db80dd1b4ba51bca21cb83 Mon Sep 17 00:00:00 2001 From: Adam Outler Date: Mon, 17 Nov 2025 15:09:57 -0500 Subject: [PATCH 1/5] Add VERSION file creation --- Dockerfile | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 42263d05..bce82c48 100755 --- a/Dockerfile +++ b/Dockerfile @@ -137,7 +137,7 @@ RUN install -d -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} -m 700 ${READ_WRITE_FO -exec chmod 750 {} \;" # Copy version information into the image -COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} .VERSION ${NETALERTX_APP}/.VERSION +COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} .[V]ERSION ${NETALERTX_APP}/.VERSION # Copy the virtualenv from the builder stage COPY --from=builder --chown=20212:20212 ${VIRTUAL_ENV} ${VIRTUAL_ENV} @@ -147,7 +147,14 @@ COPY --from=builder --chown=20212:20212 ${VIRTUAL_ENV} ${VIRTUAL_ENV} # This is done after the copy of the venv to ensure the venv is in place # although it may be quicker to do it before the copy, it keeps the image # layers smaller to do it after. -RUN apk add libcap && \ +RUN if [ -f .VERSION ]; then \ + cp .VERSION ${NETALERTX_APP}/.VERSION && \ + chown ${NETALERTX_USER}:${NETALERTX_GROUP} ${NETALERTX_APP}/.VERSION; \ + else \ + echo "DEVELOPMENT $(cd /app && git rev-parse --short HEAD 2>/dev/null || echo '00000000')" > ${NETALERTX_APP}/.VERSION && \ + chown ${NETALERTX_USER}:${NETALERTX_GROUP} ${NETALERTX_APP}/.VERSION; \ + fi && \ + apk add libcap && \ setcap cap_net_raw+ep /bin/busybox && \ setcap cap_net_raw,cap_net_admin+eip /usr/bin/nmap && \ setcap cap_net_raw,cap_net_admin+eip /usr/bin/arp-scan && \ From abc3e7144012709e5a827d4955f41ef7eb1e7c64 Mon Sep 17 00:00:00 2001 From: Adam Outler Date: Mon, 17 Nov 2025 20:45:52 +0000 Subject: [PATCH 2/5] Remove redundant chown; read only version. --- .devcontainer/Dockerfile | 10 ++++++++-- Dockerfile | 7 +++---- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 135c8b55..66b9fa98 100755 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -140,7 +140,7 @@ RUN install -d -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} -m 700 ${READ_WRITE_FO -exec chmod 750 {} \;" # Copy version information into the image -COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} .VERSION ${NETALERTX_APP}/.VERSION +COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} .[V]ERSION ${NETALERTX_APP}/.VERSION # Copy the virtualenv from the builder stage COPY --from=builder --chown=20212:20212 ${VIRTUAL_ENV} ${VIRTUAL_ENV} @@ -150,7 +150,13 @@ COPY --from=builder --chown=20212:20212 ${VIRTUAL_ENV} ${VIRTUAL_ENV} # This is done after the copy of the venv to ensure the venv is in place # although it may be quicker to do it before the copy, it keeps the image # layers smaller to do it after. -RUN apk add libcap && \ +RUN if [ -f .VERSION ]; then \ + cp .VERSION ${NETALERTX_APP}/.VERSION; \ + else \ + echo "DEVELOPMENT $(cd /app && git rev-parse --short HEAD 2>/dev/null || echo '00000000')" > ${NETALERTX_APP}/.VERSION; \ + fi && \ + chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} ${NETALERTX_APP}/.VERSION && \ + apk add libcap && \ setcap cap_net_raw+ep /bin/busybox && \ setcap cap_net_raw,cap_net_admin+eip /usr/bin/nmap && \ setcap cap_net_raw,cap_net_admin+eip /usr/bin/arp-scan && \ diff --git a/Dockerfile b/Dockerfile index bce82c48..b080a86e 100755 --- a/Dockerfile +++ b/Dockerfile @@ -148,12 +148,11 @@ COPY --from=builder --chown=20212:20212 ${VIRTUAL_ENV} ${VIRTUAL_ENV} # although it may be quicker to do it before the copy, it keeps the image # layers smaller to do it after. RUN if [ -f .VERSION ]; then \ - cp .VERSION ${NETALERTX_APP}/.VERSION && \ - chown ${NETALERTX_USER}:${NETALERTX_GROUP} ${NETALERTX_APP}/.VERSION; \ + cp .VERSION ${NETALERTX_APP}/.VERSION; \ else \ - echo "DEVELOPMENT $(cd /app && git rev-parse --short HEAD 2>/dev/null || echo '00000000')" > ${NETALERTX_APP}/.VERSION && \ - chown ${NETALERTX_USER}:${NETALERTX_GROUP} ${NETALERTX_APP}/.VERSION; \ + echo "DEVELOPMENT $(cd /app && git rev-parse --short HEAD 2>/dev/null || echo '00000000')" > ${NETALERTX_APP}/.VERSION; \ fi && \ + chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} ${NETALERTX_APP}/.VERSION && \ apk add libcap && \ setcap cap_net_raw+ep /bin/busybox && \ setcap cap_net_raw,cap_net_admin+eip /usr/bin/nmap && \ From 09c40e76b2f3acad2fa564f0c33bcdbfcc89cefa Mon Sep 17 00:00:00 2001 From: Adam Outler Date: Mon, 17 Nov 2025 20:47:11 +0000 Subject: [PATCH 3/5] No git in Dockerfile generation. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b080a86e..0ae471f6 100755 --- a/Dockerfile +++ b/Dockerfile @@ -150,7 +150,7 @@ COPY --from=builder --chown=20212:20212 ${VIRTUAL_ENV} ${VIRTUAL_ENV} RUN if [ -f .VERSION ]; then \ cp .VERSION ${NETALERTX_APP}/.VERSION; \ else \ - echo "DEVELOPMENT $(cd /app && git rev-parse --short HEAD 2>/dev/null || echo '00000000')" > ${NETALERTX_APP}/.VERSION; \ + echo "DEVELOPMENT 00000000" > ${NETALERTX_APP}/.VERSION; \ fi && \ chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} ${NETALERTX_APP}/.VERSION && \ apk add libcap && \ From e2633d02512e48054c80dc027b7f1a94c636724b Mon Sep 17 00:00:00 2001 From: Adam Outler Date: Mon, 17 Nov 2025 20:54:18 +0000 Subject: [PATCH 4/5] Update from docker v3 to v6 --- .github/workflows/docker_dev.yml | 2 +- .github/workflows/docker_prod.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker_dev.yml b/.github/workflows/docker_dev.yml index 27fdd687..add989f9 100755 --- a/.github/workflows/docker_dev.yml +++ b/.github/workflows/docker_dev.yml @@ -83,7 +83,7 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 with: context: . platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 diff --git a/.github/workflows/docker_prod.yml b/.github/workflows/docker_prod.yml index fa484de9..476fc904 100755 --- a/.github/workflows/docker_prod.yml +++ b/.github/workflows/docker_prod.yml @@ -72,7 +72,7 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 with: context: . platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 From bb365a5e8168056b076e793f5800075fa9c0fcad Mon Sep 17 00:00:00 2001 From: Adam Outler Date: Mon, 17 Nov 2025 20:57:18 +0000 Subject: [PATCH 5/5] UID 20212 for read only before definition. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0ae471f6..ca08b4c2 100755 --- a/Dockerfile +++ b/Dockerfile @@ -152,7 +152,7 @@ RUN if [ -f .VERSION ]; then \ else \ echo "DEVELOPMENT 00000000" > ${NETALERTX_APP}/.VERSION; \ fi && \ - chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} ${NETALERTX_APP}/.VERSION && \ + chown 20212:20212 ${NETALERTX_APP}/.VERSION && \ apk add libcap && \ setcap cap_net_raw+ep /bin/busybox && \ setcap cap_net_raw,cap_net_admin+eip /usr/bin/nmap && \