Skip to content

Instantly share code, notes, and snippets.

:octocat:
Wahoo!

Renato Mefi renatomefi

:octocat:
Wahoo!
Block or report user

Report or block renatomefi

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View Article-dockerfile-unit-testing-script-run.md
$ chmod +x ./test.sh
$ ./test.sh ./test.sh alpine-app        
Starting a container for 'alpine-app'
=============== test session starts =======================================================
platform linux2 -- Python 2.7.15, pytest-4.3.0, py-1.8.0, pluggy-0.9.0 -- /usr/bin/python2
rootdir: /tests, inifile:
plugins: testinfra-1.19.0
collected 1 item                                                                                                                                                                            
View Article-dockerfile-unit-testing-script.sh
#!/bin/bash
#
# A simple script to start a Docker container
# and run Testinfra in it
# Original script: https://gist.github.com/renatomefi/bbf44d4e8a2614b1390416c6189fbb8e
# Author: @renatomefi https://twitter.com/renatomefi
#
set -eEuo pipefail
View Article-dockerfile-unit-testing-alpine39-run.md

Let's update from 3.8 to 3.9

FROM alpine:3.9

RUN addgroup -g 1000 app \
    && adduser -u 1000 -D -G app app

Build it again

View Article-dockerfile-unit-testing-pytest-run.md

Let's first build and run our newly image with a sleep time, thus pytest will have time to execute the test in it, no worries, this won't be the final solution

$ docker build -t alpine-app .
$ docker run --rm -d alpine-app sleep 60
7ecbe3205a3e9e871d4bc73237ee374d75e1e8508b008d578f2538ce937b2aa5

We want now to copy the running container ID, and let's put it in the Testinfra command so it knows what container we want to test

View Article-dockerfile-unit-testing-pytest-user.md

./test/test_user.py

def test_user_is_present(host):
    user_name = 'app'
    group_name = 'app'
    home_dir = '/home/app'
    shell = '/sbin/halt'
View Article-dockerfile-unit-testing-cat-passwd.md
$ docker build -t alpine-app -f - . <<Dockerfile 
FROM alpine:3.8
RUN addgroup -g 1000 app \
    && adduser -u 1000 -D -G app app
Dockerfile
Sending build context to Docker daemon  69.68kB
Step 1/2 : FROM alpine:3.8
 ---> 491e0ff7a8d5
Step 2/2 : RUN addgroup -g 1000 app     && adduser -u 1000 -D -G app app
View Article-dockerfile-unit-testing-Dockerfile-alpine38.md

./Dockerfile

FROM alpine:3.8

RUN addgroup -g 1000 app \
    && adduser -u 1000 -D -G app app
@renatomefi
renatomefi / Dockerfile
Created Sep 20, 2018
A mongo Dockerfile with SSL support out of the box
View Dockerfile
FROM mongo:4.0
# Works with Mongo 3.2 till 4.0
WORKDIR /etc/ssl
# If you want to validate the certifacate you should have it somewhere else an copy here, otherwise you won't be able to
RUN set -xe \
&& openssl req -newkey rsa:2048 -new -x509 -days 365 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key -subj "/C=NL/ST=Noord Holland/L=Amsterdam/O=Me/OU=Somewhere/CN=mongo" \
&& cat mongodb-cert.key mongodb-cert.crt > mongodb.pem
ENTRYPOINT ["mongod", "--sslMode", "requireSSL", "--sslPEMKeyFile", "/etc/ssl/mongodb.pem"]
View Article-dockerfile-security-scan-clair-whitelist.md

Global whitelist

This will allow this CVEs to be ignored in any image, format is: CVE:Package name

generalwhitelist:
  CVE-2016-9843: zlib
  CVE-2017-1000158: python
View Article-dockerfile-security-scan-clair-v2.0.0.md
$ clair-scanner --ip 172.17.0.1 quay.io/coreos/clair:v2.0.0
2018/09/17 20:15:31 [INFO] ▶ Start clair-scanner
2018/09/17 20:15:35 [INFO] ▶ Server listening on port 9279
2018/09/17 20:15:35 [INFO] ▶ Analyzing 30784cae2b30e82860239f7de81fc755f69bc58a77d52c2d8318ac1162247f66
2018/09/17 20:15:35 [INFO] ▶ Analyzing 858cb12d7179e8919fe9eb4d9235f3c6c5b42a3a990b4bc4d98b7d065cd6d410
2018/09/17 20:15:35 [INFO] ▶ Analyzing dcb049bb3bf0b86e0066e3aed414200c380d6d5ca00fd583ed958b2ac897596c
2018/09/17 20:15:35 [INFO] ▶ Analyzing 8c676d6c9c7d6b0b5d635bda83b80bea5ee2464ef7c5f22540c541d6345f7713
2018/09/17 20:15:35 [INFO] ▶ Analyzing 97d0cd0812dcf22015d9ffb01bc8d634765aab9774a134daedd75456abc3490a
2018/09/17 20:15:35 [INFO] ▶ Analyzing ea9c1b92c10ef25434adf1a68b87bd82830286fca881dcef5d11df9ce84847b3
You can’t perform that action at this time.