chore(ci): Dockerfile updates (#693)

Signed-off-by: OMPRAKASH MISHRA <[email protected]> Co-authored-by: afwilcox <[email protected]>
bcgov · Oct 9, 2024 · e2b7101 · e2b7101
1 parent 91c1b3b
commit e2b7101
Show file tree

Hide file tree

Showing 7 changed files with 34 additions and 71 deletions.
diff --git a/backend/Dockerfile b/backend/Dockerfile
@@ -1,6 +1,5 @@
-# https://catalog.redhat.com/software/containers/ubi8/nodejs-18-minimal/627d1c38e35da88581633bf1
-FROM registry.access.redhat.com/ubi8/nodejs-18-minimal:1-33.1679485315@sha256:74af9dc2b620022c77fcd712b811f64a03c1444ff1e9b9596a242b2edf3cf96f AS builder
-
+# Build
+FROM node:22-slim AS build
 # Install packages, build and keep only prod packages
 USER root
 WORKDIR /app
@@ -10,26 +9,15 @@ RUN npm ci --omit=dev && \
     npm run build
 
 # Deployment container
-FROM registry.access.redhat.com/ubi8/ubi-micro:8.7-6@sha256:af0a83c2fb7db1b63a5655c85f3f37d32b114443b8969fd8a40d47429cd87016
-
-# Set node to production 
-ENV NODE_ENV production
-
-# Node packages and dependencies
-COPY --from=builder /usr/bin/node /usr/bin/
-COPY --from=builder /usr/lib64/libz.so.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libbrotlidec.so.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libbrotlienc.so.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libcrypto.so.1.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libssl.so.1.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libstdc++.so.6 /usr/lib64/
-COPY --from=builder /usr/lib64/libgcc_s.so.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libbrotlicommon.so.1 /usr/lib64/
+# Deploy using minimal Distroless image
+FROM gcr.io/distroless/nodejs22-debian12:nonroot
+# Set node to production
+ENV NODE_ENV=production
 
 # Copy over app
 WORKDIR /app
-COPY --from=builder /app/node_modules ./node_modules
-COPY --from=builder /app/dist ./dist
+COPY --from=build /app/node_modules ./node_modules
+COPY --from=build /app/dist ./dist
 COPY ../templates /app/templates
 
 # Port and health check
@@ -38,6 +26,5 @@ HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost/:3000
 
 # Non-privileged user
 USER app
-
-# Start up command
-ENTRYPOINT ["node", "dist/main"]
+# max old space the heap size, 120MB with 200MB limit in deployment.
+CMD ["--max-old-space-size=120", "/app/dist/main"]
diff --git a/backend/src/app.module.ts b/backend/src/app.module.ts
@@ -1,5 +1,5 @@
 import "dotenv/config";
-import { MiddlewareConsumer, Module } from "@nestjs/common";
+import {MiddlewareConsumer, Module, RequestMethod} from "@nestjs/common";
 import { TypeOrmModule } from "@nestjs/typeorm";
 import { ConfigModule } from "@nestjs/config";
 import { AutomapperModule } from "@automapper/nestjs";
@@ -135,7 +135,7 @@ if (process.env.POSTGRESQL_PASSWORD != null) {
 export class AppModule {
   // let's add a middleware on all routes
   configure(consumer: MiddlewareConsumer) {
-    consumer.apply(HTTPLoggerMiddleware).forRoutes("*");
+    consumer.apply(HTTPLoggerMiddleware).exclude({ path: '', method: RequestMethod.ALL }).forRoutes("*");
     consumer.apply(RequestTokenMiddleware).forRoutes("v1/code-table", "v1/case", "v1/configuration");
   }
 }
diff --git a/charts/app/templates/backend/templates/deployment.yaml b/charts/app/templates/backend/templates/deployment.yaml
@@ -19,9 +19,6 @@ spec:
     metadata:
       annotations:
         rollme: {{ randAlphaNum 5 | quote }}
-        prometheus.io/scrape: 'true'
-        prometheus.io/port: '3000'
-        prometheus.io/path: '/api/metrics'
       labels:
         {{- include "backend.labels" . | nindent 8 }}
     spec:
@@ -125,4 +122,4 @@ spec:
                       - {{ .Release.Name }}
               topologyKey: "kubernetes.io/hostname"
 
-{{- end }}
+{{- end }}
diff --git a/charts/app/templates/webeoc/templates/deployment.yaml b/charts/app/templates/webeoc/templates/deployment.yaml
@@ -52,12 +52,8 @@ spec:
               containerPort: {{ .Values.webeoc.service.targetPort }}
               protocol: TCP
           readinessProbe:
-            exec:
-              command:
-                - /usr/bin/env
-                - bash
-                - -c
-                - ls
+            tcpSocket:
+              port: {{ .Values.webeoc.service.targetPort }}
             initialDelaySeconds: 5
             periodSeconds: 2
             timeoutSeconds: 2
@@ -66,12 +62,8 @@ spec:
           livenessProbe:
             successThreshold: 1
             failureThreshold: 3
-            exec:
-              command:
-                - /usr/bin/env
-                - bash
-                - -c
-                - ls
+            tcpSocket:
+              port: {{ .Values.webeoc.service.targetPort }}
             initialDelaySeconds: 15
             periodSeconds: 30
             timeoutSeconds: 5

diff --git a/frontend/Dockerfile b/frontend/Dockerfile
@@ -5,10 +5,9 @@ COPY . .
 RUN npm ci --omit=dev && \
     npm run build
 
-FROM caddy:2.7.6-alpine AS deploy
-COPY --from=build /app/Caddyfile /etc/caddy/Caddyfile
+FROM caddy:2.8.4-alpine AS deploy
 COPY --from=build /app/build /app/dist
-
+COPY Caddyfile /etc/caddy/Caddyfile
 EXPOSE 3000 3001
 USER 1001
 HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost/:3001/health || exit 1
diff --git a/webeoc/Dockerfile b/webeoc/Dockerfile
@@ -1,39 +1,26 @@
-# https://catalog.redhat.com/software/containers/ubi8/nodejs-18-minimal/627d1c38e35da88581633bf1
-FROM registry.access.redhat.com/ubi8/nodejs-18-minimal:1-33.1679485315@sha256:74af9dc2b620022c77fcd712b811f64a03c1444ff1e9b9596a242b2edf3cf96f AS builder
-
+# Build
+FROM node:22-slim AS build
 # Install packages, build and keep only prod packages
 USER root
 WORKDIR /app
 COPY *.json ./
 COPY ./src /app/src
 
-# Install dependencies
-RUN npm ci --omit=dev --ignore-scripts
-
-# Run build
-RUN npm run build
+RUN npm ci --omit=dev --ignore-scripts && \
+    npm run build
 
 # Deployment container
-FROM registry.access.redhat.com/ubi8/ubi-micro:8.7-6@sha256:af0a83c2fb7db1b63a5655c85f3f37d32b114443b8969fd8a40d47429cd87016
-
-# Set node to production 
-ENV NODE_ENV production
-
-# Node packages and dependencies
-COPY --from=builder /usr/bin/node /usr/bin/
-COPY --from=builder /usr/lib64/libz.so.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libbrotlidec.so.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libbrotlienc.so.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libcrypto.so.1.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libssl.so.1.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libstdc++.so.6 /usr/lib64/
-COPY --from=builder /usr/lib64/libgcc_s.so.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libbrotlicommon.so.1 /usr/lib64/
+# Deploy using minimal Distroless image
+FROM gcr.io/distroless/nodejs22-debian12:nonroot
+# Set node to production
+ENV NODE_EN=production
+
+
 
 # Copy over app
 WORKDIR /app
-COPY --from=builder /app/node_modules ./node_modules
-COPY --from=builder /app/dist ./dist
+COPY --from=build /app/node_modules ./node_modules
+COPY --from=build /app/dist ./dist
 
 # Port and health check
 EXPOSE 3002
@@ -42,5 +29,5 @@ HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost:3002/health
 # Non-privileged user
 USER app
 
-# Start up command
-ENTRYPOINT ["node", "dist/main"]
+# max old space the heap size, 80MB with 150MB limit in deployment.
+CMD ["--max-old-space-size=80", "/app/dist/main"]
diff --git a/webeoc/src/main.ts b/webeoc/src/main.ts
@@ -11,6 +11,7 @@ async function bootstrap() {
   const server = express();
   server.disable("x-powered-by");
   server.get("/health", (req, res) => res.status(200).send("ok"));
+  server.listen(3002);
   const app = await NestFactory.create(AppModule, new ExpressAdapter(server));
   await app.listen(3002);
 }