diff --git a/bitwarden_license/src/Scim/Dockerfile b/bitwarden_license/src/Scim/Dockerfile index a0c5c88e49..fca3d83572 100644 --- a/bitwarden_license/src/Scim/Dockerfile +++ b/bitwarden_license/src/Scim/Dockerfile @@ -1,7 +1,7 @@ ############################################### # Build stage # ############################################### -FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build # Docker buildx supplies the value for this arg ARG TARGETPLATFORM @@ -9,11 +9,11 @@ ARG TARGETPLATFORM # Determine proper runtime value for .NET # We put the value in a file to be read by later layers. RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ - RID=linux-x64 ; \ + RID=linux-musl-x64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ - RID=linux-arm64 ; \ + RID=linux-musl-arm64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ - RID=linux-arm ; \ + RID=linux-musl-arm ; \ fi \ && echo "RID=$RID" > /tmp/rid.txt @@ -37,21 +37,21 @@ RUN . /tmp/rid.txt && dotnet publish \ ############################################### # App stage # ############################################### -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21 ARG TARGETPLATFORM LABEL com.bitwarden.product="bitwarden" ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_URLS=http://+:5000 ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates +ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false EXPOSE 5000 -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - gosu \ - curl \ - krb5-user \ - && rm -rf /var/lib/apt/lists/* +RUN apk add --no-cache curl \ + krb5 \ + icu-libs \ + shadow \ + && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu # Copy app from the build stage WORKDIR /app diff --git a/bitwarden_license/src/Scim/entrypoint.sh b/bitwarden_license/src/Scim/entrypoint.sh index 41930504d3..b3cffa33bd 100644 --- a/bitwarden_license/src/Scim/entrypoint.sh +++ b/bitwarden_license/src/Scim/entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Setup diff --git a/bitwarden_license/src/Sso/Dockerfile b/bitwarden_license/src/Sso/Dockerfile index d5d012b416..cbd049b9bd 100644 --- a/bitwarden_license/src/Sso/Dockerfile +++ b/bitwarden_license/src/Sso/Dockerfile @@ -1,7 +1,7 @@ ############################################### # Build stage # ############################################### -FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build # Docker buildx supplies the value for this arg ARG TARGETPLATFORM @@ -9,11 +9,11 @@ ARG TARGETPLATFORM # Determine proper runtime value for .NET # We put the value in a file to be read by later layers. RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ - RID=linux-x64 ; \ + RID=linux-musl-x64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ - RID=linux-arm64 ; \ + RID=linux-musl-arm64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ - RID=linux-arm ; \ + RID=linux-musl-arm ; \ fi \ && echo "RID=$RID" > /tmp/rid.txt @@ -37,21 +37,21 @@ RUN . /tmp/rid.txt && dotnet publish \ ############################################### # App stage # ############################################### -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21 ARG TARGETPLATFORM LABEL com.bitwarden.product="bitwarden" ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_URLS=http://+:5000 ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates +ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false EXPOSE 5000 -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - gosu \ - curl \ - krb5-user \ - && rm -rf /var/lib/apt/lists/* +RUN apk add --no-cache curl \ + krb5 \ + icu-libs \ + shadow \ + && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu # Copy app from the build stage WORKDIR /app diff --git a/bitwarden_license/src/Sso/entrypoint.sh b/bitwarden_license/src/Sso/entrypoint.sh index c762659fb3..1d0f6d6a42 100644 --- a/bitwarden_license/src/Sso/entrypoint.sh +++ b/bitwarden_license/src/Sso/entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Setup diff --git a/src/Admin/Dockerfile b/src/Admin/Dockerfile index 0d6fd4cc78..648ff1be91 100644 --- a/src/Admin/Dockerfile +++ b/src/Admin/Dockerfile @@ -1,40 +1,41 @@ +############################################### +# Node.js build stage # +############################################### +FROM node:20-alpine3.21 AS node-build + +WORKDIR /app +COPY src/Admin/package*.json ./ +COPY /src/Admin/ . +RUN npm ci +RUN npm run build + ############################################### # Build stage # ############################################### -FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build # Docker buildx supplies the value for this arg ARG TARGETPLATFORM # Determine proper runtime value for .NET RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ - RID=linux-x64 ; \ + RID=linux-musl-x64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ - RID=linux-arm64 ; \ + RID=linux-musl-arm64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ - RID=linux-arm ; \ + RID=linux-musl-arm ; \ fi \ && echo "RID=$RID" > /tmp/rid.txt -# Set up Node -ARG NODE_VERSION=20 -RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash - \ - && apt-get update \ - && apt-get install -y nodejs \ - && npm install -g npm@latest && \ - rm -rf /var/lib/apt/lists/* - # Copy required project files WORKDIR /source COPY . ./ # Restore project dependencies and tools WORKDIR /source/src/Admin -RUN npm ci RUN . /tmp/rid.txt && dotnet restore -r $RID # Build project -RUN npm run build RUN . /tmp/rid.txt && dotnet publish \ -c release \ --no-restore \ @@ -46,25 +47,27 @@ RUN . /tmp/rid.txt && dotnet publish \ ############################################### # App stage # ############################################### -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21 ARG TARGETPLATFORM LABEL com.bitwarden.product="bitwarden" ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_URLS=http://+:5000 ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates +ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false EXPOSE 5000 -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - gosu \ - curl \ - krb5-user \ - && rm -rf /var/lib/apt/lists/* +RUN apk add --no-cache curl \ + icu-libs \ + tzdata \ + krb5 \ + shadow \ + && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu # Copy app from the build stage WORKDIR /app COPY --from=build /source/src/Admin/out /app +COPY --from=node-build /app/wwwroot /app/wwwroot COPY ./src/Admin/entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1 diff --git a/src/Admin/entrypoint.sh b/src/Admin/entrypoint.sh index 4d7d238d25..d003e4ec17 100644 --- a/src/Admin/entrypoint.sh +++ b/src/Admin/entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Setup diff --git a/src/Api/Dockerfile b/src/Api/Dockerfile index 29adde878c..ef4c0c3ad8 100644 --- a/src/Api/Dockerfile +++ b/src/Api/Dockerfile @@ -1,7 +1,7 @@ ############################################### # Build stage # ############################################### -FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build # Docker buildx supplies the value for this arg ARG TARGETPLATFORM @@ -9,11 +9,11 @@ ARG TARGETPLATFORM # Determine proper runtime value for .NET # We put the value in a file to be read by later layers. RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ - RID=linux-x64 ; \ + RID=linux-musl-x64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ - RID=linux-arm64 ; \ + RID=linux-musl-arm64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ - RID=linux-arm ; \ + RID=linux-musl-arm ; \ fi \ && echo "RID=$RID" > /tmp/rid.txt @@ -37,21 +37,21 @@ RUN . /tmp/rid.txt && dotnet publish \ ############################################### # App stage # ############################################### -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21 ARG TARGETPLATFORM LABEL com.bitwarden.product="bitwarden" ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_URLS=http://+:5000 ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates +ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false EXPOSE 5000 -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - gosu \ - curl \ - krb5-user \ - && rm -rf /var/lib/apt/lists/* +RUN apk add --no-cache curl \ + krb5 \ + icu-libs \ + shadow \ + && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu # Copy app from the build stage WORKDIR /app diff --git a/src/Api/entrypoint.sh b/src/Api/entrypoint.sh index d89a4648ec..5e2addb503 100644 --- a/src/Api/entrypoint.sh +++ b/src/Api/entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Setup diff --git a/src/Billing/Dockerfile b/src/Billing/Dockerfile index 5eb4e9c0e0..ced8763577 100644 --- a/src/Billing/Dockerfile +++ b/src/Billing/Dockerfile @@ -1,7 +1,7 @@ ############################################### # Build stage # ############################################### -FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build # Docker buildx supplies the value for this arg ARG TARGETPLATFORM @@ -9,11 +9,11 @@ ARG TARGETPLATFORM # Determine proper runtime value for .NET # We put the value in a file to be read by later layers. RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ - RID=linux-x64 ; \ + RID=linux-musl-x64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ - RID=linux-arm64 ; \ + RID=linux-musl-arm64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ - RID=linux-arm ; \ + RID=linux-musl-arm ; \ fi \ && echo "RID=$RID" > /tmp/rid.txt @@ -37,20 +37,20 @@ RUN . /tmp/rid.txt && dotnet publish \ ############################################### # App stage # ############################################### -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21 ARG TARGETPLATFORM LABEL com.bitwarden.product="bitwarden" ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_URLS=http://+:5000 ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates +ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false EXPOSE 5000 -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - gosu \ - curl \ - && rm -rf /var/lib/apt/lists/* +RUN apk add --no-cache curl \ + icu-libs \ + shadow \ + && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu # Copy app from the build stage WORKDIR /app diff --git a/src/Billing/entrypoint.sh b/src/Billing/entrypoint.sh index 66540416f5..8b6a312ea1 100644 --- a/src/Billing/entrypoint.sh +++ b/src/Billing/entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Setup diff --git a/src/Events/Dockerfile b/src/Events/Dockerfile index 3a6342ef7a..913e94da45 100644 --- a/src/Events/Dockerfile +++ b/src/Events/Dockerfile @@ -1,7 +1,7 @@ ############################################### # Build stage # ############################################### -FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build # Docker buildx supplies the value for this arg ARG TARGETPLATFORM @@ -9,11 +9,11 @@ ARG TARGETPLATFORM # Determine proper runtime value for .NET # We put the value in a file to be read by later layers. RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ - RID=linux-x64 ; \ + RID=linux-musl-x64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ - RID=linux-arm64 ; \ + RID=linux-musl-arm64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ - RID=linux-arm ; \ + RID=linux-musl-arm ; \ fi \ && echo "RID=$RID" > /tmp/rid.txt @@ -37,21 +37,21 @@ RUN . /tmp/rid.txt && dotnet publish \ ############################################### # App stage # ############################################### -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21 ARG TARGETPLATFORM LABEL com.bitwarden.product="bitwarden" ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_URLS=http://+:5000 ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates +ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false EXPOSE 5000 -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - gosu \ - curl \ - krb5-user \ - && rm -rf /var/lib/apt/lists/* +RUN apk add --no-cache curl \ + icu-libs \ + krb5 \ + shadow \ + && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu # Copy app from the build stage WORKDIR /app diff --git a/src/Events/entrypoint.sh b/src/Events/entrypoint.sh index 92b19195ea..0497ceed60 100644 --- a/src/Events/entrypoint.sh +++ b/src/Events/entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Setup diff --git a/src/EventsProcessor/Dockerfile b/src/EventsProcessor/Dockerfile index 928af7fb86..433552d321 100644 --- a/src/EventsProcessor/Dockerfile +++ b/src/EventsProcessor/Dockerfile @@ -1,7 +1,7 @@ ############################################### # Build stage # ############################################### -FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build # Docker buildx supplies the value for this arg ARG TARGETPLATFORM @@ -9,11 +9,11 @@ ARG TARGETPLATFORM # Determine proper runtime value for .NET # We put the value in a file to be read by later layers. RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ - RID=linux-x64 ; \ + RID=linux-musl-x64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ - RID=linux-arm64 ; \ + RID=linux-musl-arm64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ - RID=linux-arm ; \ + RID=linux-musl-arm ; \ fi \ && echo "RID=$RID" > /tmp/rid.txt @@ -37,20 +37,20 @@ RUN . /tmp/rid.txt && dotnet publish \ ############################################### # App stage # ############################################### -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21 ARG TARGETPLATFORM LABEL com.bitwarden.product="bitwarden" ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_URLS=http://+:5000 ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates +ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false EXPOSE 5000 -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - gosu \ - curl \ - && rm -rf /var/lib/apt/lists/* +RUN apk add --no-cache curl \ + icu-libs \ + shadow \ + && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu # Copy app from the build stage WORKDIR /app diff --git a/src/EventsProcessor/entrypoint.sh b/src/EventsProcessor/entrypoint.sh index e0d2dc0230..f5757bc180 100644 --- a/src/EventsProcessor/entrypoint.sh +++ b/src/EventsProcessor/entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Setup diff --git a/src/Icons/Dockerfile b/src/Icons/Dockerfile index 16c88e22fa..5cd2b405d4 100644 --- a/src/Icons/Dockerfile +++ b/src/Icons/Dockerfile @@ -1,18 +1,18 @@ ############################################### # Build stage # ############################################### -FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build # Docker buildx supplies the value for this arg ARG TARGETPLATFORM # Determine proper runtime value for .NET RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ - RID=linux-x64 ; \ + RID=linux-musl-x64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ - RID=linux-arm64 ; \ + RID=linux-musl-arm64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ - RID=linux-arm ; \ + RID=linux-musl-arm ; \ fi \ && echo "RID=$RID" > /tmp/rid.txt @@ -36,20 +36,21 @@ RUN . /tmp/rid.txt && dotnet publish \ ############################################### # App stage # ############################################### -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21 ARG TARGETPLATFORM LABEL com.bitwarden.product="bitwarden" ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_URLS=http://+:5000 ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates +ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false EXPOSE 5000 -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - gosu \ - curl \ - && rm -rf /var/lib/apt/lists/* +RUN apk add --no-cache curl \ + krb5 \ + icu-libs \ + shadow \ + && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu # Copy app from the build stage WORKDIR /app diff --git a/src/Icons/entrypoint.sh b/src/Icons/entrypoint.sh index c65d3b308d..13bc1114aa 100644 --- a/src/Icons/entrypoint.sh +++ b/src/Icons/entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Setup diff --git a/src/Identity/Dockerfile b/src/Identity/Dockerfile index 9b9ae41334..41f23f6957 100644 --- a/src/Identity/Dockerfile +++ b/src/Identity/Dockerfile @@ -1,7 +1,7 @@ ############################################### # Build stage # ############################################### -FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build # Docker buildx supplies the value for this arg ARG TARGETPLATFORM @@ -9,11 +9,11 @@ ARG TARGETPLATFORM # Determine proper runtime value for .NET # We put the value in a file to be read by later layers. RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ - RID=linux-x64 ; \ + RID=linux-musl-x64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ - RID=linux-arm64 ; \ + RID=linux-musl-arm64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ - RID=linux-arm ; \ + RID=linux-musl-arm ; \ fi \ && echo "RID=$RID" > /tmp/rid.txt @@ -37,21 +37,21 @@ RUN . /tmp/rid.txt && dotnet publish \ ############################################### # App stage # ############################################### -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21 ARG TARGETPLATFORM LABEL com.bitwarden.product="bitwarden" ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_URLS=http://+:5000 ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates +ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false EXPOSE 5000 -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - gosu \ - curl \ - krb5-user \ - && rm -rf /var/lib/apt/lists/* +RUN apk add --no-cache curl \ + krb5 \ + icu-libs \ + shadow \ + && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu # Copy app from the build stage WORKDIR /app diff --git a/src/Identity/entrypoint.sh b/src/Identity/entrypoint.sh index f5f84cc220..7141058c80 100644 --- a/src/Identity/entrypoint.sh +++ b/src/Identity/entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Setup diff --git a/src/Notifications/Dockerfile b/src/Notifications/Dockerfile index 9cbc10e664..4aefaa9b90 100644 --- a/src/Notifications/Dockerfile +++ b/src/Notifications/Dockerfile @@ -1,7 +1,7 @@ ############################################### # Build stage # ############################################### -FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build # Docker buildx supplies the value for this arg ARG TARGETPLATFORM @@ -9,11 +9,11 @@ ARG TARGETPLATFORM # Determine proper runtime value for .NET # We put the value in a file to be read by later layers. RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ - RID=linux-x64 ; \ + RID=linux-musl-x64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ - RID=linux-arm64 ; \ + RID=linux-musl-arm64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ - RID=linux-arm ; \ + RID=linux-musl-arm ; \ fi \ && echo "RID=$RID" > /tmp/rid.txt @@ -37,20 +37,20 @@ RUN . /tmp/rid.txt && dotnet publish \ ############################################### # App stage # ############################################### -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21 ARG TARGETPLATFORM LABEL com.bitwarden.product="bitwarden" ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_URLS=http://+:5000 ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates +ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false EXPOSE 5000 -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - gosu \ - curl \ - && rm -rf /var/lib/apt/lists/* +RUN apk add --no-cache curl \ + icu-libs \ + shadow \ + && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu # Copy app from the build stage WORKDIR /app diff --git a/src/Notifications/entrypoint.sh b/src/Notifications/entrypoint.sh index d95324de2f..4c5759675b 100644 --- a/src/Notifications/entrypoint.sh +++ b/src/Notifications/entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Setup diff --git a/util/Attachments/Dockerfile b/util/Attachments/Dockerfile index 24a315e99d..4ab1d0c11b 100644 --- a/util/Attachments/Dockerfile +++ b/util/Attachments/Dockerfile @@ -1,7 +1,7 @@ ############################################### # Build stage # ############################################### -FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build # Docker buildx supplies the value for this arg ARG TARGETPLATFORM @@ -9,11 +9,11 @@ ARG TARGETPLATFORM # Determine proper runtime value for .NET # We put the value in a file to be read by later layers. RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ - RID=linux-x64 ; \ + RID=linux-musl-x64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ - RID=linux-arm64 ; \ + RID=linux-musl-arm64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ - RID=linux-arm ; \ + RID=linux-musl-arm ; \ fi \ && echo "RID=$RID" > /tmp/rid.txt @@ -38,20 +38,20 @@ RUN . /tmp/rid.txt && dotnet publish \ ############################################### # App stage # ############################################### -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21 ARG TARGETPLATFORM LABEL com.bitwarden.product="bitwarden" ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_URLS=http://+:5000 ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates +ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false EXPOSE 5000 -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - gosu \ - curl \ - && rm -rf /var/lib/apt/lists/* +RUN apk add --no-cache curl \ + icu-libs \ + shadow \ + && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu # Copy app from the build stage WORKDIR /bitwarden_server diff --git a/util/Attachments/entrypoint.sh b/util/Attachments/entrypoint.sh index 1de574dc43..2c0942a148 100644 --- a/util/Attachments/entrypoint.sh +++ b/util/Attachments/entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Setup @@ -23,11 +23,11 @@ if [ "$(id -u)" = "0" ] then # Create user and group - groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || - groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 - useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || - usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 - mkhomedir_helper $USERNAME + addgroup -g "$LGID" -S "$GROUPNAME" 2>/dev/null || true + adduser -u "$LUID" -G "$GROUPNAME" -S -D -H "$USERNAME" 2>/dev/null || true + mkdir -p /home/$USERNAME + chown $USERNAME:$GROUPNAME /home/$USERNAME + # The rest... diff --git a/util/MsSqlMigratorUtility/Dockerfile b/util/MsSqlMigratorUtility/Dockerfile index 990c25a7fb..b8bd7ff4a1 100644 --- a/util/MsSqlMigratorUtility/Dockerfile +++ b/util/MsSqlMigratorUtility/Dockerfile @@ -1,7 +1,7 @@ ############################################### # Build stage # ############################################### -FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build # Docker buildx supplies the value for this arg ARG TARGETPLATFORM @@ -9,11 +9,11 @@ ARG TARGETPLATFORM # Determine proper runtime value for .NET # We put the value in a file to be read by later layers. RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ - RID=linux-x64 ; \ + RID=linux-musl-x64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ - RID=linux-arm64 ; \ + RID=linux-musl-arm64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ - RID=linux-arm ; \ + RID=linux-musl-arm ; \ fi \ && echo "RID=$RID" > /tmp/rid.txt @@ -38,15 +38,18 @@ RUN . /tmp/rid.txt && dotnet publish \ ############################################### # App stage # ############################################### -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21 AS app ARG TARGETPLATFORM LABEL com.bitwarden.product="bitwarden" ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates +ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false # Copy app from the build stage WORKDIR /app COPY --from=build /source/util/MsSqlMigratorUtility/out /app +RUN apk add --no-cache icu-libs + ENTRYPOINT ["sh", "-c", "/app/MsSqlMigratorUtility \"${MSSQL_CONN_STRING}\" ${@}", "--" ] diff --git a/util/Nginx/Dockerfile b/util/Nginx/Dockerfile index d0d05b0bf7..a497ccd17f 100644 --- a/util/Nginx/Dockerfile +++ b/util/Nginx/Dockerfile @@ -1,15 +1,13 @@ -FROM --platform=$BUILDPLATFORM nginx:stable +FROM --platform=$BUILDPLATFORM nginx:stable-alpine3.21 ARG TARGETPLATFORM LABEL com.bitwarden.product="bitwarden" ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - gosu \ - curl \ - && rm -rf /var/lib/apt/lists/* +RUN apk add --no-cache curl \ + shadow \ + && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu COPY util/Nginx/nginx.conf /etc/nginx COPY util/Nginx/proxy.conf /etc/nginx diff --git a/util/Nginx/Dockerfile-k8s b/util/Nginx/Dockerfile-k8s deleted file mode 100644 index 9f0d89ee1d..0000000000 --- a/util/Nginx/Dockerfile-k8s +++ /dev/null @@ -1,40 +0,0 @@ -FROM nginx:stable - -LABEL com.bitwarden.product="bitwarden" - -ENV USERNAME="bitwarden" -ENV GROUPNAME="bitwarden" - -RUN apt-get update && \ - apt-get install -y --no-install-recommends \ - gosu \ - curl && \ - rm -rf /var/lib/apt/lists/* - -COPY nginx.conf /etc/nginx/nginx.conf -COPY proxy.conf /etc/nginx/proxy.conf -COPY mime.types /etc/nginx/mime.types -COPY security-headers.conf /etc/nginx/security-headers.conf -COPY security-headers-ssl.conf /etc/nginx/security-headers.conf - -COPY setup-bwuser.sh / - -EXPOSE 8000 - -EXPOSE 8080 -EXPOSE 8443 - -RUN chmod +x /setup-bwuser.sh - -RUN ./setup-bwuser.sh $USERNAME $GROUPNAME - -RUN mkdir -p /var/run/nginx && \ - touch /var/run/nginx/nginx.pid -RUN chown -R $USERNAME:$GROUPNAME /var/run/nginx && \ - chown -R $USERNAME:$GROUPNAME /var/cache/nginx && \ - chown -R $USERNAME:$GROUPNAME /var/log/nginx - - -HEALTHCHECK CMD curl --insecure -Lfs https://localhost:8443/alive || curl -Lfs http://localhost:8080/alive || exit 1 - -USER bitwarden diff --git a/util/Nginx/entrypoint.sh b/util/Nginx/entrypoint.sh index 0cf8a58888..0d4fa73802 100644 --- a/util/Nginx/entrypoint.sh +++ b/util/Nginx/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Setup diff --git a/util/Nginx/setup-bwuser.sh b/util/Nginx/setup-bwuser.sh index b17454722a..88e05a90a3 100644 --- a/util/Nginx/setup-bwuser.sh +++ b/util/Nginx/setup-bwuser.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Setup @@ -32,8 +32,7 @@ fi # Create user and group -groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || -groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 -useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || -usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 -mkhomedir_helper $USERNAME +addgroup -g "$LGID" -S "$GROUPNAME" 2>/dev/null || true +adduser -u "$LUID" -G "$GROUPNAME" -S -D -H "$USERNAME" 2>/dev/null || true +mkdir -p /home/$USERNAME +chown $USERNAME:$GROUPNAME /home/$USERNAME diff --git a/util/Setup/Dockerfile b/util/Setup/Dockerfile index b94c1f564c..fe1c8ea74b 100644 --- a/util/Setup/Dockerfile +++ b/util/Setup/Dockerfile @@ -1,7 +1,7 @@ ############################################### # Build stage # ############################################### -FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS build # Docker buildx supplies the value for this arg ARG TARGETPLATFORM @@ -9,11 +9,11 @@ ARG TARGETPLATFORM # Determine proper runtime value for .NET # We put the value in a file to be read by later layers. RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ - RID=linux-x64 ; \ + RID=linux-musl-x64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ - RID=linux-arm64 ; \ + RID=linux-musl-arm64 ; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ - RID=linux-arm ; \ + RID=linux-musl-arm ; \ fi \ && echo "RID=$RID" > /tmp/rid.txt @@ -38,18 +38,18 @@ RUN . /tmp/rid.txt && dotnet publish \ ############################################### # App stage # ############################################### -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine ARG TARGETPLATFORM LABEL com.bitwarden.product="bitwarden" com.bitwarden.project="setup" - ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates +ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ +RUN apk add --no-cache curl \ openssl \ - gosu \ - && rm -rf /var/lib/apt/lists/* + icu-libs \ + shadow \ + && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu # Copy app from the build stage WORKDIR /app diff --git a/util/Setup/Helpers.cs b/util/Setup/Helpers.cs index 07a8e0b1ef..1f091b674f 100644 --- a/util/Setup/Helpers.cs +++ b/util/Setup/Helpers.cs @@ -128,7 +128,7 @@ public static class Helpers if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { var escapedArgs = cmd.Replace("\"", "\\\""); - process.StartInfo.FileName = "/bin/bash"; + process.StartInfo.FileName = "/bin/sh"; process.StartInfo.Arguments = $"-c \"{escapedArgs}\""; } else diff --git a/util/Setup/entrypoint.sh b/util/Setup/entrypoint.sh index b981d760a9..417a6bb8a9 100644 --- a/util/Setup/entrypoint.sh +++ b/util/Setup/entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Setup