add node images

Signed-off-by: ivan katliarchuk <[email protected]>

Author: ivankatliarchuk

README.md

@@ -187,6 +187,7 @@ docker run --rm test "kubectl version --short --client=true" | awk '{print $3}'
 1. [X] Renovate configuration
 1. [ ] Use `requirementes.txt` file with python packages
 1. [X] Review missing images
+1. [ ] Build node images `node`
 
 <!-- resources -->
 [opa.badge]: https://github.com/cloudkats/docker-tools/actions/workflows/policy.opa.yaml/badge.svg

node/bookworm-build-container/Dockerfile

@@ -0,0 +1,62 @@
+#image from https://snyk.io/blog/choosing-the-best-node-js-docker-image/
+# notes from https://snyk.io/blog/10-best-practices-to-containerize-nodejs-web-applications-with-docker/
+
+# --------------> The build image
+FROM node:20.12.1-bookworm-slim AS build
+RUN apt-get update && apt-get install -y --no-install-recommends dumb-init
+
+ARG APP_VERSION
+ENV APP_VERSION=$APP_VERSION
+ENV APP_USER 999
+ENV APP_GROUP node
+ENV WORKDIR /usr/src/app
+#ENV NODE_ENV production #not needed in this stage
+
+# difficult to change /.npm to a different non-root path
+#ENV NPM_CONFIG_PREFIX=/home/node/.npm-global
+## optionally if you want to run npm global bin without specifying path
+#ENV PATH=$PATH:/home/node/.npm-global/bin
+
+RUN echo "APP_VERSION: $APP_VERSION"
+RUN echo "USER: $APP_USER"
+RUN echo "GROUP: $APP_GROUP"
+RUN echo "WORKDIR: $WORKDIR"
+
+# wont work without changing /.npm to non-root
+#ARG USER=$APP_USER:$APP_GROUP
+#USER ${APP_USER}
+
+WORKDIR $WORKDIR
+
+COPY package*.json ./
+
+# copy npmrc securely
+# and run npm ci to install node deps
+RUN --mount=type=secret,mode=0644,id=npmrc,target=/usr/src/app/.npmrc npm ci --only=production
+
+# --------------> The production image__
+FROM node:20.12.1-bookworm-slim AS production
+
+ENV APP_VERSION=$APP_VERSION
+ENV APP_USER 999
+ENV APP_GROUP node
+ENV WORKDIR /usr/src/app
+ENV NODE_ENV production
+
+WORKDIR $WORKDIR
+
+RUN echo "NODE_ENV: $NODE_ENV"
+RUN echo "WORKDIR: $WORKDIR"
+
+COPY --from=build /usr/bin/dumb-init /usr/bin/dumb-init
+COPY --chown=$APP_USER:$APP_GROUP --from=build /usr/src/app/node_modules /usr/src/app/node_modules
+
+COPY --chown=$APP_USER:$APP_GROUP . /usr/src/app
+
+ENV PORT 5000
+EXPOSE $PORT
+
+ARG USER=$APP_USER:$APP_GROUP
+USER ${APP_USER}
+
+CMD ["dumb-init", "node", "src/index.js"]

node/bookworm/Dockerfile

@@ -0,0 +1,42 @@
+# docker build -t node-local .
+# docker run --rm -it --entrypoint /bin/sh node-local
+FROM node:20-bookworm-slim
+
+# Setting working directory. All the path will be relative to WORKDIR
+WORKDIR /usr/src/app
+
+# ARG CI_JOB_TOKEN
+ENV HUSKY 0
+# ENV CI_JOB_TOKEN=$CI_JOB_TOKEN
+
+ENV APP_USER 999
+ENV APP_GROUP appuser
+
+COPY --chown=$APP_USER:$APP_GROUP ./build ./build
+COPY --chown=$APP_USER:$APP_GROUP ./public ./public
+
+WORKDIR /usr/src/app
+
+# Copying source files
+COPY --chown=$APP_USER:$APP_GROUP ./server ./server
+
+WORKDIR /usr/src/app/server
+
+# Remove files not needed
+RUN rm -f package-lock.json \
+	&& rm -f nodemon.json \
+	&& rm -f tsconfig.json \
+	&& rm -rf src \
+	&& ls
+
+EXPOSE 3003
+
+RUN echo "USER: $APP_USER" && echo "GROUP: $APP_GROUP"
+
+# create user and add to node group
+RUN useradd -l --system -s /bin/false -g node -u $APP_USER --badname $APP_USER
+
+USER $APP_USER
+
+#CMD ["node", "server/index.js"]
+CMD ["npm","run", "start"]