Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Demo - add dockerfile & api route #111

Closed
wants to merge 1 commit into from
Closed

Demo - add dockerfile & api route #111

wants to merge 1 commit into from

Conversation

wvl94
Copy link
Contributor

@wvl94 wvl94 commented Nov 13, 2024
edited by firstmatebot bot
Loading

💡 PR Summary generated by FirstMate

Overview: Added a Dockerfile and a new API route for enhanced functionality.

Changes:
Dockerfile creation:

  • Added a Dockerfile to containerize the application using Node.js 19-alpine.
  • Set working directory, user permissions, and exposed port 8080 for the app.

API route update:

  • Introduced a new route /get/:id in exampleRouter.js for fetching data by ID.

Configuration adjustment:

  • Changed default server port from 8080 to 80 in appConfig.js for consistency.

TLDR: This PR adds a Dockerfile for containerization, introduces a new API route, and updates the default server port. Review the Dockerfile and new route implementation for key changes.

Generated by FirstMate and automatically updated on every commit.

@firstmatebot FirstMateBot
Copy link

firstmatebot bot commented Nov 13, 2024
edited
Loading

PR Review

⚠️ It seems that you can still improve the quality of your PR:

    ❌ Documentation drift: Update documentation for port changes (8080 and 80).
    ❌ Security issues: Missing permission middleware on '/get/:id' route.
    ❌ Docker best practices: Implement multi-stage build in Dockerfile for optimization.

Generated by Firstmate to make sure you can focus on coding new features.

firstmatebot[bot]
firstmatebot bot reviewed Nov 13, 2024
View reviewed changes
Dockerfile
Comment on lines +2 to +12
ENV PORT 8080

WORKDIR /usr/src/app

RUN addgroup -S appgroup && adduser -S appuser -G appgroup
USER appuser

RUN apk add --no-cache git
COPY . .
EXPOSE 8080
CMD ["npm", "start", "--no-update-notifier"]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alt text

You changed the application to run on port 8080 in the Dockerfile. Additionally, the default server port in appConfig.js was changed to 80. These changes are important and should be reflected in the documentation to ensure users know how to start the application correctly and which ports to use.

Example documentation update:

## Running the Application

To start the application, use the following command:

```bash
docker run -p 8080:8080 your-image-name

The application will run on port 8080 by default.

Configuration

The default server port is set to 80. You can override this by setting the PORT environment variable.

firstmatebot[bot]
firstmatebot bot reviewed Nov 13, 2024
View reviewed changes
src/routes/exampleRouter.js
Comment on lines +12 to +13
router.route("/get/:id").get(exampleController.getById)

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alt text

The route '/get/:id' is missing the grantAccessByPermissionMiddleware, which is essential for proper permission checks. Update the route definition to include this middleware as follows:

+ router.route("/get/:id").get(grantAccessByPermissionMiddleware([API_PERMISSIONS.PUBLIC_ENDPOINT]), exampleController.getById)

(Based on guideline 'Routes should check permissions')

@firstmatebot FirstMateBot
Copy link

firstmatebot bot commented Nov 13, 2024
edited
Loading

alt text

I analysed the failed pipeline job Validate docker:

Failure Analysis

The pipeline crashed during the Docker build step, specifically when trying to install git using the command apk add --no-cache git. The error logs indicate a permission issue:

ERROR: Unable to lock database: Permission denied
ERROR: Failed to open apk database: Permission denied

This suggests that the RUN command is being executed as a non-root user (appuser), which does not have the necessary permissions to install packages. The relevant part of the Dockerfile is:

7 |     USER appuser
9 | >>> RUN apk add --no-cache git

Suggested Fix

To resolve this issue, you can modify the Dockerfile to switch back to the root user before running the apk add command. Here’s how you can adjust the Dockerfile:

7 |     USER appuser
+ 8 |     USER root
9 | >>> RUN apk add --no-cache git
10 |     USER appuser

This change allows the apk add command to execute with the necessary permissions, and then you can switch back to the appuser for subsequent commands.

@wvl94 wvl94 closed this Nov 13, 2024
@firstmatebot FirstMateBot
Copy link

firstmatebot bot commented Nov 13, 2024
edited
Loading

PR Review

⚠️ It seems that you can still improve the quality of your PR:

    ❌ Documentation drift: Update documentation for new port configuration (8080) in Dockerfile and appConfig.js.
    ❌ Security issues: Missing permission checks on '/get/:id' route; implement grantAccessByPermissionMiddleware.
    ❌ Docker best practices: Dockerfile lacks multi-stage builds; restructure for efficiency.

Generated by Firstmate to make sure you can focus on coding new features.

firstmatebot[bot]
firstmatebot bot reviewed Nov 13, 2024
View reviewed changes
Dockerfile
Comment on lines +2 to +12
ENV PORT 8080

WORKDIR /usr/src/app

RUN addgroup -S appgroup && adduser -S appuser -G appgroup
USER appuser

RUN apk add --no-cache git
COPY . .
EXPOSE 8080
CMD ["npm", "start", "--no-update-notifier"]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alt text

You changed the application to run on port 8080 in the Dockerfile and modified the default server port to 80 in appConfig.js. This change seems important, so it might be smart to update the documentation accordingly. Make sure to specify the correct port for running the application.

Example documentation update:

### Running the Application

To start the application, use the following command:

```bash
docker run -p 8080:8080 your-image-name

The application will be accessible at http://localhost:8080.

firstmatebot[bot]
firstmatebot bot reviewed Nov 13, 2024
View reviewed changes
src/routes/exampleRouter.js
Comment on lines +12 to +13
router.route("/get/:id").get(exampleController.getById)

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alt text

The route '/get/:id' does not implement the grantAccessByPermissionMiddleware function for permission checks. According to the security guidelines, all routes must include this middleware. Update the route as follows:

router.route("/get/:id").get(grantAccessByPermissionMiddleware([API_PERMISSIONS.PUBLIC_ENDPOINT]), exampleController.getById);

(Based on guideline 'Routes should check permissions')

firstmatebot[bot]
firstmatebot bot reviewed Nov 13, 2024
View reviewed changes
Dockerfile
Comment on lines +1 to +12
FROM node:19-alpine
ENV PORT 8080

WORKDIR /usr/src/app

RUN addgroup -S appgroup && adduser -S appuser -G appgroup
USER appuser

RUN apk add --no-cache git
COPY . .
EXPOSE 8080
CMD ["npm", "start", "--no-update-notifier"]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alt text

Your Dockerfile does not utilize multi-stage builds, which can significantly reduce the final image size and improve build efficiency. Consider restructuring it as follows:

# Stage 1: Build
FROM node:19-alpine AS builder
WORKDIR /usr/src/app
COPY package*.json ./
RUN npm install
COPY . .

# Stage 2: Production
FROM node:19-alpine
WORKDIR /usr/src/app
COPY --from=builder /usr/src/app .
EXPOSE 8080
CMD ["npm", "start", "--no-update-notifier"]

(Based on guideline 'Dockerfiles should use multi-stage builds')

@firstmatebot FirstMateBot
Copy link

firstmatebot bot commented Nov 13, 2024
edited
Loading

alt text

I analysed the failed pipeline job Validate docker:

Failure Analysis

The pipeline crashed during the Docker build step, specifically when trying to install git using the command apk add --no-cache git. The error logs indicate a permission issue:

ERROR: Unable to lock database: Permission denied
ERROR: Failed to open apk database: Permission denied

This suggests that the RUN command is being executed as a non-root user (appuser), which does not have the necessary permissions to install packages. The relevant part of the Dockerfile is:

USER appuser
RUN apk add --no-cache git

Suggested Fix

To resolve this issue, you can switch back to the root user before running the apk add command and then switch back to appuser afterward. Modify the Dockerfile as follows:

- USER appuser
+ USER root
RUN apk add --no-cache git
+ USER appuser

This change allows the installation of git with the required permissions while maintaining the application’s security by running the application as a non-root user afterward.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@firstmatebot firstmatebot[bot] firstmatebot[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@wvl94