fix(ci): stop pulling Alpine packages from the geo-blocked CDN
The CI server can't reach dl-cdn.alpinelinux.org (TLS error) — only the Nexus mirror is reachable, and it proxies Docker images, not apk packages. - frontend: drop `apk add libc6-compat` (vestigial Next.js-template line; the deps stage only runs `npm ci` and the build/runtime stages never had it). - 5 Go services (file/gateway/notification/payment/render): replace `apk add ca-certificates tzdata` with copying ca-certificates.crt from the golang builder stage + embedding tzdata via `go build -tags timetzdata`. No more apk -> no dependency on the Alpine CDN. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
+4
-1
@@ -1,6 +1,9 @@
|
|||||||
# ── Stage 1: install dependencies ────────────────────────────────────────────
|
# ── Stage 1: install dependencies ────────────────────────────────────────────
|
||||||
FROM mirror.soroushasadi.com/node:20-alpine AS deps
|
FROM mirror.soroushasadi.com/node:20-alpine AS deps
|
||||||
RUN apk add --no-cache libc6-compat
|
# NOTE: do NOT `apk add libc6-compat` here — the deps stage only runs `npm ci`
|
||||||
|
# (which doesn't need it) and the build/runtime stages omit it anyway. Pulling it
|
||||||
|
# reaches Alpine's public CDN (dl-cdn.alpinelinux.org), which is unreachable from
|
||||||
|
# the CI server (only the Nexus mirror is) and fails the whole build.
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
COPY package.json package-lock.json* ./
|
COPY package.json package-lock.json* ./
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ ENV GOPROXY=https://mirror.kargadan.ir/repository/go-group/ GOSUMDB=off
|
|||||||
WORKDIR /src
|
WORKDIR /src
|
||||||
# Dependencies are vendored — build fully offline (proxy.golang.org is geo-blocked from some regions)
|
# Dependencies are vendored — build fully offline (proxy.golang.org is geo-blocked from some regions)
|
||||||
COPY . .
|
COPY . .
|
||||||
RUN CGO_ENABLED=0 GOOS=linux go build -mod=vendor -o /file-svc ./cmd/server
|
RUN CGO_ENABLED=0 GOOS=linux go build -tags timetzdata -mod=vendor -o /file-svc ./cmd/server
|
||||||
|
|
||||||
FROM mirror.soroushasadi.com/alpine:3.20
|
FROM mirror.soroushasadi.com/alpine:3.20
|
||||||
RUN apk add --no-cache ca-certificates tzdata
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
||||||
COPY --from=build /file-svc /file-svc
|
COPY --from=build /file-svc /file-svc
|
||||||
EXPOSE 8080
|
EXPOSE 8080
|
||||||
ENTRYPOINT ["/file-svc"]
|
ENTRYPOINT ["/file-svc"]
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ ENV GOPROXY=https://mirror.kargadan.ir/repository/go-group/ GOSUMDB=off
|
|||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
# Dependencies are vendored — build fully offline (proxy.golang.org is geo-blocked from some regions)
|
# Dependencies are vendored — build fully offline (proxy.golang.org is geo-blocked from some regions)
|
||||||
COPY . .
|
COPY . .
|
||||||
RUN CGO_ENABLED=0 GOOS=linux go build -mod=vendor -ldflags="-s -w" -o gateway ./cmd/server
|
RUN CGO_ENABLED=0 GOOS=linux go build -tags timetzdata -mod=vendor -ldflags="-s -w" -o gateway ./cmd/server
|
||||||
|
|
||||||
FROM mirror.soroushasadi.com/alpine:3.20
|
FROM mirror.soroushasadi.com/alpine:3.20
|
||||||
RUN apk add --no-cache ca-certificates tzdata
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY --from=builder /app/gateway .
|
COPY --from=builder /app/gateway .
|
||||||
EXPOSE 8080
|
EXPOSE 8080
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ ENV GOPROXY=https://mirror.kargadan.ir/repository/go-group/ GOSUMDB=off
|
|||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
# Dependencies are vendored — build fully offline (proxy.golang.org is geo-blocked from some regions)
|
# Dependencies are vendored — build fully offline (proxy.golang.org is geo-blocked from some regions)
|
||||||
COPY . .
|
COPY . .
|
||||||
RUN CGO_ENABLED=0 GOOS=linux go build -mod=vendor -ldflags="-s -w" -o notification-svc ./cmd/server
|
RUN CGO_ENABLED=0 GOOS=linux go build -tags timetzdata -mod=vendor -ldflags="-s -w" -o notification-svc ./cmd/server
|
||||||
|
|
||||||
FROM mirror.soroushasadi.com/alpine:3.20
|
FROM mirror.soroushasadi.com/alpine:3.20
|
||||||
RUN apk add --no-cache ca-certificates tzdata
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY --from=builder /app/notification-svc .
|
COPY --from=builder /app/notification-svc .
|
||||||
EXPOSE 8080
|
EXPOSE 8080
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ ENV GOPROXY=https://mirror.kargadan.ir/repository/go-group/ GOSUMDB=off
|
|||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
# Dependencies are vendored — build fully offline (proxy.golang.org is geo-blocked from some regions)
|
# Dependencies are vendored — build fully offline (proxy.golang.org is geo-blocked from some regions)
|
||||||
COPY . .
|
COPY . .
|
||||||
RUN CGO_ENABLED=0 GOOS=linux go build -mod=vendor -ldflags="-s -w" -o payment-svc ./cmd/server
|
RUN CGO_ENABLED=0 GOOS=linux go build -tags timetzdata -mod=vendor -ldflags="-s -w" -o payment-svc ./cmd/server
|
||||||
|
|
||||||
FROM mirror.soroushasadi.com/alpine:3.20
|
FROM mirror.soroushasadi.com/alpine:3.20
|
||||||
RUN apk add --no-cache ca-certificates tzdata
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY --from=builder /app/payment-svc .
|
COPY --from=builder /app/payment-svc .
|
||||||
EXPOSE 8080
|
EXPOSE 8080
|
||||||
|
|||||||
@@ -3,10 +3,10 @@ ENV GOPROXY=https://mirror.kargadan.ir/repository/go-group/ GOSUMDB=off
|
|||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
# Dependencies are vendored — build fully offline (proxy.golang.org is geo-blocked from some regions)
|
# Dependencies are vendored — build fully offline (proxy.golang.org is geo-blocked from some regions)
|
||||||
COPY . .
|
COPY . .
|
||||||
RUN CGO_ENABLED=0 GOOS=linux go build -mod=vendor -ldflags="-s -w" -o render-svc ./cmd/server
|
RUN CGO_ENABLED=0 GOOS=linux go build -tags timetzdata -mod=vendor -ldflags="-s -w" -o render-svc ./cmd/server
|
||||||
|
|
||||||
FROM mirror.soroushasadi.com/alpine:3.20
|
FROM mirror.soroushasadi.com/alpine:3.20
|
||||||
RUN apk add --no-cache ca-certificates tzdata
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY --from=builder /app/render-svc .
|
COPY --from=builder /app/render-svc .
|
||||||
EXPOSE 8080
|
EXPOSE 8080
|
||||||
|
|||||||
Reference in New Issue
Block a user