From 0eba932bff2941a29a3e2af22d49d6eff6f7b428 Mon Sep 17 00:00:00 2001
From: cn <cn@mycrobase.de>
Date: Fri, 16 Apr 2021 18:11:23 +0200
Subject: [PATCH] ci: use locally built gem file for testing Docker image build

---
 .github/workflows/ci.yml |  4 +++-
 Rakefile                 |  2 +-
 docker/Dockerfile        |  1 +
 docker/ci/Dockerfile     | 22 ++++++++++++++++++++++
 4 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 docker/ci/Dockerfile

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1e0c552..3e53d2e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -27,6 +27,7 @@ jobs:
       with:
         ruby-version: ${{ matrix.ruby-version }}
         bundler-cache: true  # runs 'bundle install' and caches installed gems automatically
+
     - name: Lint and Test
       run: |
         bundle exec rake ci
@@ -38,4 +39,5 @@ jobs:
     - name: Test building Docker image for dyndnsd
       uses: docker/build-push-action@v2
       with:
-        context: docker
+        context: .
+        file: docker/ci/Dockerfile
diff --git a/Rakefile b/Rakefile
index c183ea3..695d584 100644
--- a/Rakefile
+++ b/Rakefile
@@ -29,4 +29,4 @@ end
 task default: [:rubocop, :spec, 'bundle:audit', :solargraph]
 
 desc 'Run all tasks desired for CI'
-task ci: ['solargraph:init', :default, :hadolint]
+task ci: ['solargraph:init', :default, :hadolint, :build]
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 2cf7837..b622790 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -8,6 +8,7 @@ RUN apk --no-cache add openssl ca-certificates && \
     apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
     apk --no-cache add --virtual .build-deps linux-headers ruby-dev build-base tzdata && \
     gem install --no-document dyndnsd -v ${DYNDNSD_VERSION} && \
+    rm -rf /usr/lib/ruby/gems/*/cache/ && \
     # set timezone to Berlin
     cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
     apk del .build-deps
diff --git a/docker/ci/Dockerfile b/docker/ci/Dockerfile
new file mode 100644
index 0000000..e60a72c
--- /dev/null
+++ b/docker/ci/Dockerfile
@@ -0,0 +1,22 @@
+FROM alpine:3.13.5
+
+EXPOSE 5353 8080
+
+COPY pkg/dyndnsd-*.gem /tmp/dyndnsd.gem
+
+RUN apk --no-cache add openssl ca-certificates && \
+    apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
+    apk --no-cache add --virtual .build-deps linux-headers ruby-dev build-base tzdata && \
+    gem install --no-document /tmp/dyndnsd.gem && \
+    rm -rf /usr/lib/ruby/gems/*/cache/ && \
+    # set timezone to Berlin
+    cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
+    apk del .build-deps
+
+# Follow the principle of least privilege: run as unprivileged user.
+# Running as non-root enables running this image in platforms like OpenShift
+# that do not allow images running as root.
+# User ID 65534 is usually user 'nobody'.
+USER 65534
+
+ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"]