Add container security section

11-development-workflow/Makefile

@@ -0,0 +1,39 @@
+DEV_COMPOSE_FILE=docker-compose-dev.yml
+DEBUG_COMPOSE_FILE=docker-compose-debug.yml
+
+### DOCKER COMPOSE COMMANDS
+
+.PHONY: compose-build
+compose-build:
+	docker compose -f $(DEV_COMPOSE_FILE) build
+
+.PHONY: compose-up
+compose-up:
+	docker compose -f $(DEV_COMPOSE_FILE) up
+
+.PHONY: compose-up-build
+compose-up-build:
+	docker compose -f $(DEV_COMPOSE_FILE) up --build
+
+.PHONY: compose-up-debug-build
+compose-up-debug-build:
+	docker compose -f $(DEV_COMPOSE_FILE) -f $(DEBUG_COMPOSE_FILE) up --build
+
+.PHONY: compose-down
+compose-down:
+	docker compose -f $(DEV_COMPOSE_FILE) down
+
+###
+
+DOCKERCONTEXT_DIR:=../05-example-web-application/
+DOCKERFILE_DIR:=../10-development-workflow/
+
+.PHONY: docker-build-all
+docker-build-all:
+	docker build -t api-node -f ${DOCKERFILE_DIR}/api-node/Dockerfile.dev ${DOCKERCONTEXT_DIR}/api-node/
+	docker build -t api-golang -f ${DOCKERFILE_DIR}/api-golang/Dockerfile.dev ${DOCKERCONTEXT_DIR}/api-golang/
+
+.PHONY: run-tests
+run-tests:
+	docker run -t api-golang go test -v ./...
+	docker run -it api-node npm run test

11-development-workflow/api-golang/Dockerfile.dev

@@ -0,0 +1,22 @@
+# Pin specific version for stability
+# using  bullseye instead of alpine because of:
+##  runtime/cgo
+## cgo: C compiler "gcc" not found: exec: "gcc": executable file not found in $PATH
+FROM golang:1.19-bullseye
+
+WORKDIR /app 
+
+# Install air for hot reload
+RUN go install github.com/cosmtrek/air@latest
+
+# Install delve for debugging
+RUN go install github.com/go-delve/delve/cmd/dlv@latest
+
+# Copy only files required to install dependencies (better layer caching)
+COPY go.mod go.sum ./
+
+RUN go mod download
+
+COPY . .
+
+CMD ["air", "-c", ".air.toml"]

11-development-workflow/api-golang/README.md

@@ -0,0 +1,19 @@
+Remote debugging setup (vscode `launch.json`):
+
+```json
+    {
+      "name": "Docker: Attach to Golang",
+      "type": "go",
+      "debugAdapter": "dlv-dap",
+      "mode": "remote",
+      "request": "attach",
+      "port": 4000,
+      "remotePath": "/app",
+      "substitutePath": [
+        {
+          "from": "${workspaceFolder}/docker-course/devops-directive-docker-course/05-example-web-application/api-golang",
+          "to": "/app"
+        }
+      ]
+    }
+```

11-development-workflow/api-node/Dockerfile.dev

@@ -0,0 +1,25 @@
+# Pin specific version for stability
+# Use alpine for reduced image size
+FROM node:19.4-alpine as dev
+
+# Specify working directory other than /
+WORKDIR /usr/src/app
+
+# Copy only files required to install
+# dependencies (better layer caching)
+COPY package*.json ./
+
+# Install only production dependencies
+# Use cache mount to speed up install of existing dependencies
+RUN --mount=type=cache,target=/usr/src/app/.npm \
+  npm set cache /usr/src/app/.npm && \
+  npm install
+
+# Copy remaining source code AFTER installing dependencies. 
+# Again, copy only the necessary files
+COPY . .
+
+# Indicate expected port
+EXPOSE 3000
+
+CMD [ "npm", "run", "dev" ]

11-development-workflow/api-node/README.md

@@ -0,0 +1,12 @@
+Remote debugging setup (vscode `launch.json`):
+
+```json
+    {
+      "name": "Docker: Attach to Node",
+      "type": "node",
+      "request": "attach",
+      "localRoot": "${workspaceFolder}/docker-course/devops-directive-docker-course/05-example-web-application/api-node",
+      "remoteRoot": "/usr/src/app",
+      "port": 9229
+    },
+```

11-development-workflow/docker-compose-debug.yml

@@ -0,0 +1,27 @@
+# Overlay configuration to enable debuggers
+services:
+  api-node:
+    command: 
+      - "npm"
+      - "run"
+      - "debug-docker"
+    ports:
+      - "3000:3000"
+      # inspect debug port
+      - "9229:9229"
+  api-golang:
+    command: 
+      - "dlv"
+      - "debug"
+      - "/app/main.go"
+      - "--listen=:4000"
+      - "--headless=true"
+      - "--log=true"
+      - "--log-output=debugger,debuglineerr,gdbwire,lldbout,rpc"
+      - "--accept-multiclient"
+      - "--continue"
+      - "--api-version=2"
+    ports:
+      - "8080:8080"
+      # delve debug port
+      - "4000:4000"

11-development-workflow/docker-compose-dev.yml

@@ -0,0 +1,62 @@
+services:
+  client-react-vite:
+    build:
+      context: ../05-example-web-application/client-react/
+      dockerfile: ../../06-building-container-images/client-react/Dockerfile.3
+    ports:
+      - 5173:5173
+    volumes:
+      - type: bind
+        source: ../05-example-web-application/client-react/
+        target: /usr/src/app/
+      - type: volume
+        target: /usr/src/app/node_modules 
+      - type: bind
+        source: ../08-running-containers/client-react/vite.config.js
+        target: /usr/src/app/vite.config.js
+    restart: unless-stopped
+  api-node:
+    build:
+      context: ../05-example-web-application/api-node/
+      dockerfile: ../../10-development-workflow/api-node/Dockerfile.dev
+      target: dev
+    volumes:
+      - type: bind
+        source: ../05-example-web-application/api-node/
+        target: /usr/src/app/
+      - type: volume
+        target: /usr/src/app/node_modules 
+    init: true
+    depends_on:
+      - db
+    environment:
+      - DATABASE_URL=postgres://postgres:foobarbaz@db:5432/postgres
+    ports:
+      - "3000:3000"
+    restart: unless-stopped
+  api-golang:
+    build:
+      context: ../05-example-web-application/api-golang/
+      dockerfile: ../../10-development-workflow/api-golang/Dockerfile.dev
+    volumes:
+      - type: bind
+        source: ../05-example-web-application/api-golang/
+        target: /app/
+    init: true
+    depends_on:
+      - db
+    environment:
+      - DATABASE_URL=postgres://postgres:foobarbaz@db:5432/postgres
+    ports:
+      - "8080:8080"
+    restart: unless-stopped
+  db:
+    image: postgres:15.1-alpine
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=foobarbaz
+    ports:
+      - 5432:5432
+volumes:
+  pgdata: