Switch to Chainguard base images for frontend and backend containers

[gooosetavo]

First Check

• I added a very descriptive title here.
• I used the GitHub search to find a similar question and didn't find it.
• I searched in the documentation/README.
• I already searched in Google "How to do X" and didn't find any information.
• I already read and followed all the tutorial in the docs/README and didn't find an answer.

Commit to Help

• I commit to help with one of those options 👆

Example Code

Please see the commit referenced below.

Description

Problem: The frontend and backend images work fine for basic proofs of concepts, but could benefit from a more secure baseline. This would help downstream users deploy the resulting images into a production setting with a lower barrier to entry. There's a free option which is gaining popularity across Linux container projects by the company Chainguard.

With some minor modifications to the frontend and backend images' Dockerfiles, such as those in this commit, users can benefit from Chainguard's free Python and Node images which are built with security in mind. Their free open source images are continuously updated (daily) to mitigate security vulnerability findings, and would be

Additionally, the compose and Dockerfile files in the mentioned commit were modified to allow for users using Linux security context labels (i.e. SELinux w/ Podman Desktop) to build/mount files. I haven't tried this with Docker yet, but it should be a seamless change. Below I've shown scan results after building/running the resulting images successfully and scanning them with Anchore's Grype tool.

Backend image scan results^. The top half are the results after scanning the backend (arm64) image as-is from the project's master branch while the bottom half shows the image, based on Chainguard, using modifications in the commit above.

Frontend image scan results^. The top half are the results after scanning the backend (arm64) image as-is from the project's master branch while the bottom half shows the image, based on Chainguard, using modifications in the commit above. Note, this uses both the Node and Nginx images, just as the original Dockerfile does, where the resulting image is actually the Chainguard Nginx image.

Below are the respective sizes for all 4 images as well, note how the Chainguard versions are considerably smaller.

There still needs to be a bit of work done to assess/validate functionality, particularly for cross platform (x86_64/amd64 and arm64) images, but I was able to at least build and run the docker compose stack successfully and verified some basic functionality.

Operating System

macOS

Operating System Details

MacOS
M1 Macbook 14"

Python Version

3.12

Additional Context

I'm using Podman Desktop which causes a few issues, particularly with regard to applications requiring access to the Docker socket (i.e. Traefik).