From 6cb27526d896d93198cde75fc2af914155087441 Mon Sep 17 00:00:00 2001
From: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
Date: Tue, 7 May 2024 16:16:20 +0200
Subject: Make ui filesystem readonly

- remove nginx.template and docker_entrypoint from repo [1]
- add version.properties file

[1] they will be mounted via the chart since files can't be modified (using envsubst) in a readonly filesystem
Issue-ID: PORTALNG-96
Change-Id: Ic3352be45b104ffb2b620532d07470cb8247e4d3
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
---
 Dockerfile            |  8 +++-----
 docker_entrypoint.sh  | 31 -----------------------------
 server/nginx.template | 55 ---------------------------------------------------
 version               |  1 -
 version.properties    | 13 ++++++++++++
 5 files changed, 16 insertions(+), 92 deletions(-)
 delete mode 100755 docker_entrypoint.sh
 delete mode 100644 server/nginx.template
 delete mode 100644 version
 create mode 100644 version.properties

diff --git a/Dockerfile b/Dockerfile
index de1c28d..31cc8cb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,13 +13,11 @@ COPY . .
 RUN npm run build -- --configuration production
 
 FROM nginxinc/nginx-unprivileged:alpine-slim
-USER root
-RUN apk add --no-cache gettext # required for envsubst in docker_entrypoint.sh
 USER nginx
 
-COPY --chown=nginx:nginx server/nginx* ./
-COPY --chown=nginx:nginx docker_entrypoint.sh .
 COPY --from=builder --chown=nginx:nginx /usr/src/app/dist/frontend /usr/share/nginx/html
-ENTRYPOINT ["/docker_entrypoint.sh"]
+
+# Overwrite existing entrypoint from base image
+ENTRYPOINT []
 EXPOSE ${NGINX_PORT}
 CMD ["nginx", "-g", "daemon off;"]
diff --git a/docker_entrypoint.sh b/docker_entrypoint.sh
deleted file mode 100755
index 9c04a97..0000000
--- a/docker_entrypoint.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/usr/bin/env sh
-#
-#
-# Copyright (c) 2022. Deutsche Telekom AG
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-#
-#
-
-set -eu
-
-export CLUSTER_NAMESERVER_IP=$(grep 'nameserver' /etc/resolv.conf | awk '{print $2}') # dynamically retrieve nameserver on startup
-envsubst '${BFF_URL} ${NGINX_PORT} ${KEYCLOAK_URL} ${KEYCLOAK_REALM} ${KEYCLOAK_INTERNAL_URL} ${CLUSTER_NAMESERVER_IP}' < ./nginx.template > /etc/nginx/conf.d/default.conf
-
-# dynamically set Angular environment config upon container startup
-envsubst < /usr/share/nginx/html/assets/env.template.js > /usr/share/nginx/html/assets/env.js
-
-exec "$@"
diff --git a/server/nginx.template b/server/nginx.template
deleted file mode 100644
index e3dd750..0000000
--- a/server/nginx.template
+++ /dev/null
@@ -1,55 +0,0 @@
-# if run in local docker container add this resolver for the DNS to connect to Keycloak
-resolver ${CLUSTER_NAMESERVER_IP};
-
-server {
-    listen       ${NGINX_PORT};
-
-    location / {
-        root /usr/share/nginx/html;
-        index index.html;
-        try_files $uri $uri/ /index.html =404;
-    }
-
-    location /api/ {
-        set                 $upstream           ${BFF_URL};
-        rewrite             /api/(.*) /$1 break;
-        add_header          Access-Control-Allow-Origin *;
-        proxy_pass                              $upstream/$1$is_args$args;
-        proxy_set_header    Host                $host;
-        proxy_set_header    X-Real-IP           $remote_addr;
-        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-        proxy_set_header    X-Forwarded-Host    $host;
-        proxy_set_header    X-Forwarded-Server  $host;
-        proxy_set_header    X-Forwarded-Port    $server_port;
-        proxy_set_header    X-Forwarded-Proto   $scheme;
-        proxy_http_version 1.1;
-    }
-
-    location /auth/ {
-            set                 $upstream           ${KEYCLOAK_INTERNAL_URL};
-            rewrite             /auth/(.*) /$1 break;
-            add_header          Access-Control-Allow-Origin *;
-            proxy_pass                              $upstream/$1$is_args$args;
-            proxy_http_version                     1.1;
-            proxy_set_header    Host               $host;
-            proxy_set_header    X-Real-IP          $remote_addr;
-            proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
-            proxy_set_header    X-Forwarded-Host   $host;
-            proxy_set_header    X-Forwarded-Server $host;
-            proxy_set_header    X-Forwarded-Port   $server_port;
-            proxy_set_header    X-Forwarded-Proto  $scheme;
-    }
-}
-
-##
-# Gzip Settings
-##
-gzip on;
-gzip_vary on;
-gzip_proxied any;
-gzip_min_length 1100;
-gzip_comp_level 6;
-gzip_buffers 16 8k;
-gzip_http_version 1.1;
-gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
-
diff --git a/version b/version
deleted file mode 100644
index 6e8bf73..0000000
--- a/version
+++ /dev/null
@@ -1 +0,0 @@
-0.1.0
diff --git a/version.properties b/version.properties
new file mode 100644
index 0000000..5294d92
--- /dev/null
+++ b/version.properties
@@ -0,0 +1,13 @@
+# Versioning variables
+# Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... )
+# because they are used in Jenkins, whose plug-in doesn't support
+
+major=0
+minor=1
+patch=0
+
+base_version=${major}.${minor}.${patch}
+
+# Release must be completed with git revision # in Jenkins
+release_version=${base_version}
+snapshot_version=${base_version}-SNAPSHOT
\ No newline at end of file
-- 
cgit 1.2.3-korg