build: FORMS-1799 node update for security fixes (bcgov#1599)

* build: FORMS-1799 update node image Update the node image to address security vulnerabilities reported by RedHat Advanced Cluster Security. * build: remove VARIANT argument While the VARIANT argument is useful in some situations, there's the possibility that the Dockerfile is updated with a newer image version but the argument in the devcontainer.json overrides it. Remove it and just use what's in the Dockerfile. * refactor: fix sonar complaints about dockerfile Sonar was complaining that the installed packages were not in alphabetical order. It was also complaining that the install wasn't cleaned afterwards. * refactor: fix sonar complaints about dockerfile Sonar was complaining that the multiple RUN commands should be combined. Good point!
bhuvan-aot · Feb 5, 2025 · 6146642 · 6146642
1 parent 38cbe50
commit 6146642
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 18 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,11 +1,21 @@
-ARG VARIANT="20.18.1-bookworm"
+ARG VARIANT="20.18.2-bookworm"
 FROM node:${VARIANT}
 
+# Install some extras such as vim for interactive rebases. Also some
+# Cypress prerequisites for running in Debian containers:
+# https://docs.cypress.io/app/get-started/install-cypress#UbuntuDebian
+
 RUN apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y \
-        # Cypress prerequisites for running in Debian containers:
-        # https://docs.cypress.io/app/get-started/install-cypress#UbuntuDebian
-        libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libnss3 libxss1 \
-        libasound2 libxtst6 xauth xvfb \
-        # For interactive git rebases
-        vim
+        libasound2 \
+        libgbm-dev \
+        libgtk-3-0 \
+        libgtk2.0-0 \
+        libnotify-dev \
+        libnss3 \
+        libxss1 \
+        libxtst6 \
+        vim \
+        xauth \
+        xvfb \
+    && apt-get clean
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -4,10 +4,7 @@
 
   "build": {
     "dockerfile": "Dockerfile",
-    "context": "..",
-    "args": {
-      "VARIANT": "20.18.1-bookworm"
-    }
+    "context": ".."
   },
 
   "features": {

diff --git a/Dockerfile b/Dockerfile
@@ -1,17 +1,22 @@
-FROM docker.io/node:20.18.1-alpine3.21
+FROM docker.io/node:20.18.2-alpine3.21
 
 ENV NO_UPDATE_NOTIFIER=true
 WORKDIR /opt/app-root/src/app
 COPY . /opt/app-root/src
+
+# Run the npm tasks to set up the various parts of the application. Then create
+# the /.npm directory and grant access to group 0 to allow npm v9 to work
+# See: https://docs.openshift.com/container-platform/4.11/openshift_images/create-images.html#use-uid_create-images
+
 RUN npm run all:ci \
   && npm run all:build \
   && npm run frontend:purge \
   && npm run components:clean \
-  && npm run components:purge
+  && npm run components:purge \
+  && mkdir /.npm \
+  && chgrp -R 0 /.npm \
+  && chmod -R g=u /.npm
+
 EXPOSE 8000
-# Create the /.npm directory and grant access to group 0 to allow npm v9 to work
-# See: https://docs.openshift.com/container-platform/4.11/openshift_images/create-images.html#use-uid_create-images
-RUN mkdir /.npm
-RUN chgrp -R 0 /.npm && \
-    chmod -R g=u /.npm
+
 CMD ["npm", "run", "start"]