Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@gperdomor/nx-docker
Advanced tools
![Docker builder](https://github.com/gperdomor/nx-tools/workflows/Docker%20builder/badge.svg)
This builder provides a wrapper around github docker action
The first step is configure the builder in your angular.json
or workspace.json
, so add something like this to every project you need to dockerize:
"docker": {
"builder": "@gperdomor/nx-docker:build",
"options": {
"repository": "gperdomor/api",
"socket": "/var/run/docker.sock" // required to run local builds in your machine, make sure docker is running
}
}
You can customize your ci using environment variables
"docker": {
"builder": "@gperdomor/nx-docker:build",
"options": {
"repository": "$PROJECT_PATH/api",
"dockerfile": "apps/api/Dockerfile",
"registry": "$CI_REGISTRY",
"username": "$CI_REGISTRY_USER",
"password": "$CI_REGISTRY_PASSWORD",
"tags": "latest",
"push": true,
"socket": "/var/run/docker.sock"
}
}
To check all posible options please check the official docker action or this schema.json file
To use with Gitlab CI just only need add something like this to your pipeline:
build:
image: gperdomor/nx-docker:13.12-alpine
services:
- docker:19.03-dind
variables:
GIT_DEPTH: 0
DOCKER_TLS_CERTDIR: '/certs'
GITHUB_SHA: $CI_COMMIT_SHA
GITHUB_REF: refs/heads/$CI_COMMIT_BRANCH
script:
- npm i
- npm run nx affected -- --target=docker --base=remotes/origin/master
Because this is a wrapper of the Github Action, you need set GITHUB_SHA
and GITHUB_REF
if tag_with_sha: true
and tag_with_ref: true
Also you need configure other enviroment variables depending on your builder options,
To use with Github Actions just only need add something like this to your workflow
name: Build
# This workflow is triggered on pushes to the repository.
on: [push]
jobs:
build:
name: Docker build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/setup-node@v1
with:
node-version: 13.x
- name: Install dependencies
run: npm ci
env:
CYPRESS_INSTALL_BINARY: 0
DISABLE_OPENCOLLECTIVE: 1
- name: 'nx build'
run: npm run nx affected -- --target=docker --all
env: # Add custom variables needed
CI_REGISTRY: docker.pkg.github.com
CI_PROJECT_PATH: ${{ github.repository }}
CI_REGISTRY_USER: gperdomor
CI_REGISTRY_PASSWORD: ${{ github.token }}
FAQs
![Docker builder](https://github.com/gperdomor/nx-tools/workflows/Docker%20builder/badge.svg)
We found that @gperdomor/nx-docker demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.