From 98a4a612541f623e032db31e08f418506706da96 Mon Sep 17 00:00:00 2001
From: Oleg Valter <o.a.philippov@gmail.com>
Date: Sun, 17 Nov 2024 21:32:08 +0300
Subject: [PATCH] Docker all the way: - installing Node.js from a base slim
 image; - added dedicated user for node; - ensured only what's barely
 necessary to run Node.js is copied from base image;

---
 docker/Dockerfile     | 45 ++++++++++++++++++++++++++++++++--------
 docker/Dockerfile.arm | 45 ++++++++++++++++++++++++++++++++--------
 docker/Dockerfile.dev | 48 +++++++++++++++++++++++++++++++++++--------
 3 files changed, 111 insertions(+), 27 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index ef6bdc9ee..8944ffb63 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,20 +1,18 @@
-FROM ruby:3.1.2-bullseye
+FROM ruby:3.1.2-bullseye AS ruby
+FROM node:12.18.3-slim AS node
 
+FROM ruby AS build
+
+# Set all encoding to UTF-8
 ENV RUBYOPT="-KU -E utf-8:utf-8"
+
+# Install additional dependencies not present in the base image
 RUN apt-get update && \
     apt-get install -y bison \
     build-essential \
     libxslt-dev \
     default-mysql-server
 
-# Install nodejs and imagemagick
-WORKDIR /opt
-RUN wget https://nodejs.org/dist/v12.18.3/node-v12.18.3-linux-x64.tar.xz && \
-    tar xf node-v12.18.3-linux-x64.tar.xz
-
-ENV NODEJS_HOME=/opt/node-v12.18.3-linux-x64/bin
-ENV PATH=$NODEJS_HOME:$PATH
-
 # Add core code to container
 WORKDIR /code
 COPY . /code
@@ -22,6 +20,35 @@ COPY . /code
 RUN gem install bundler:2.4.13
 RUN bundle install
 
+# cherry pick only what we really need to run Node.js
+COPY --from=node /usr/local/bin/node /usr/local/bin
+COPY --from=node /usr/local/bin/nodejs /usr/local/bin
+COPY --from=node /usr/local/bin/npm /usr/local/bin
+COPY --from=node /usr/local/bin/npx /usr/local/bin
+COPY --from=node /usr/local/bin/yarn /usr/local/bin
+COPY --from=node /usr/local/bin/yarnpkg /usr/local/bin
+COPY --from=node /usr/local/include/node /usr/local/include
+COPY --from=node /usr/local/lib/node_modules /usr/local/lib
+COPY --from=node /usr/local/share/doc/node /usr/local/share/doc
+COPY --from=node /usr/local/share/man/man1/node.1 /usr/local/share/man/man1
+COPY --from=node /usr/local/share/systemtap/tapset/node.stp /usr/local/share/systemtap/tapset
+COPY --from=node /opt/yarn-v1.22.4 /opt/yarn-v1.22.4
+
+FROM build
+
+# setup a dedicated user for Node.js
+RUN groupadd --gid 1000 node 
+RUN useradd --uid 1000 \
+            --gid node \
+            --shell /bin/bash \
+            --create-home node
+
+# setup Node.js environment
+ENV NODEJS_HOME=/opt/node-v12.18.3-linux-x64/bin
+ENV PATH=$NODEJS_HOME:$PATH
+
+WORKDIR /code
+
 EXPOSE 80 443 3000
 ENTRYPOINT ["/bin/bash"]
 CMD ["/code/docker/entrypoint.sh"]
diff --git a/docker/Dockerfile.arm b/docker/Dockerfile.arm
index ef6bdc9ee..b6790b416 100644
--- a/docker/Dockerfile.arm
+++ b/docker/Dockerfile.arm
@@ -1,20 +1,18 @@
-FROM ruby:3.1.2-bullseye
+FROM ruby:3.1.2-bullseye AS ruby
+FROM node:12.18.3-slim AS node
 
+FROM ruby AS build
+
+# Set all encoding to UTF-8
 ENV RUBYOPT="-KU -E utf-8:utf-8"
+
+# Install additional dependencies not present in the base image
 RUN apt-get update && \
     apt-get install -y bison \
     build-essential \
     libxslt-dev \
     default-mysql-server
 
-# Install nodejs and imagemagick
-WORKDIR /opt
-RUN wget https://nodejs.org/dist/v12.18.3/node-v12.18.3-linux-x64.tar.xz && \
-    tar xf node-v12.18.3-linux-x64.tar.xz
-
-ENV NODEJS_HOME=/opt/node-v12.18.3-linux-x64/bin
-ENV PATH=$NODEJS_HOME:$PATH
-
 # Add core code to container
 WORKDIR /code
 COPY . /code
@@ -22,6 +20,35 @@ COPY . /code
 RUN gem install bundler:2.4.13
 RUN bundle install
 
+# cherry pick only what we really need to run Node.js
+COPY --from=node /usr/local/bin/node /usr/local/bin
+COPY --from=node /usr/local/bin/nodejs /usr/local/bin
+COPY --from=node /usr/local/bin/npm /usr/local/bin
+COPY --from=node /usr/local/bin/npx /usr/local/bin
+COPY --from=node /usr/local/bin/yarn /usr/local/bin
+COPY --from=node /usr/local/bin/yarnpkg /usr/local/bin
+COPY --from=node /usr/local/include/node /usr/local/include
+COPY --from=node /usr/local/lib/node_modules /usr/local/lib
+COPY --from=node /usr/local/share/doc/node /usr/local/share/doc
+COPY --from=node /usr/local/share/man/man1/node.1 /usr/local/share/man/man1
+COPY --from=node /usr/local/share/systemtap/tapset/node.stp /usr/local/share/systemtap/tapset
+COPY --from=node /opt/yarn-v1.22.4 /opt/yarn-v1.22.4
+
+FROM build
+
+# setup a dedicated user for Node.js
+RUN groupadd --gid 1000 node 
+RUN useradd --uid 1000 \
+            --gid node \
+            --shell /bin/bash \
+            --create-home node
+
+# setup Node.js environment
+ENV NODEJS_HOME=/usr/local/bin/node
+ENV PATH=$NODEJS_HOME:$PATH
+
+WORKDIR /code
+
 EXPOSE 80 443 3000
 ENTRYPOINT ["/bin/bash"]
 CMD ["/code/docker/entrypoint.sh"]
diff --git a/docker/Dockerfile.dev b/docker/Dockerfile.dev
index e0131b96d..994452878 100644
--- a/docker/Dockerfile.dev
+++ b/docker/Dockerfile.dev
@@ -1,20 +1,18 @@
-FROM ruby:3.1.2-bullseye
+FROM ruby:3.1.2-bullseye AS ruby
+FROM node:12.18.3-slim AS node
 
+FROM ruby AS build
+
+# Set all encoding to UTF-8
 ENV RUBYOPT="-KU -E utf-8:utf-8"
+
+# Install additional dependencies not present in the base image
 RUN apt-get update && \
     apt-get install -y bison \
     build-essential \
     libxslt-dev \
     default-mysql-server
 
-# Install nodejs
-WORKDIR /opt
-RUN wget https://nodejs.org/dist/v12.18.3/node-v12.18.3-linux-x64.tar.xz && \
-    tar xf node-v12.18.3-linux-x64.tar.xz
-
-ENV NODEJS_HOME=/opt/node-v12.18.3-linux-x64/bin
-ENV PATH=$NODEJS_HOME:$PATH
-
 # Add core code to container
 WORKDIR /code
 COPY . /code
@@ -22,8 +20,40 @@ COPY . /code
 RUN gem install bundler:2.4.13
 RUN bundle install
 
+# cherry pick only what we really need to run Node.js
+COPY --from=node /usr/local/bin/node /usr/local/bin
+COPY --from=node /usr/local/bin/nodejs /usr/local/bin
+COPY --from=node /usr/local/bin/npm /usr/local/bin
+COPY --from=node /usr/local/bin/npx /usr/local/bin
+COPY --from=node /usr/local/bin/yarn /usr/local/bin
+COPY --from=node /usr/local/bin/yarnpkg /usr/local/bin
+COPY --from=node /usr/local/include/node /usr/local/include
+COPY --from=node /usr/local/lib/node_modules /usr/local/lib
+COPY --from=node /usr/local/share/doc/node /usr/local/share/doc
+COPY --from=node /usr/local/share/man/man1/node.1 /usr/local/share/man/man1
+COPY --from=node /usr/local/share/systemtap/tapset/node.stp /usr/local/share/systemtap/tapset
+COPY --from=node /opt/yarn-v1.22.4 /opt/yarn-v1.22.4
+
+FROM build
+
+# setup a dedicated user for Node.js
+RUN groupadd --gid 1000 node 
+RUN useradd --uid 1000 \
+            --gid node \
+            --shell /bin/bash \
+            --create-home node
+
+# setup Node.js environment
+ENV NODEJS_HOME=/usr/local/bin/node
+ENV PATH=$NODEJS_HOME:$PATH
+
+WORKDIR /code
+
 EXPOSE 80 443 3000
 
+RUN ls -1 /
+RUN [ ! -f "/db-created" ] && echo 1 || echo 2
+
 RUN /code/docker/entrypoint.sh dev
 
 # ensures continued running of the container