getodk · lognaturel · Dec 9, 2023 · Nov 27, 2023 · Nov 27, 2023 · Nov 27, 2023
diff --git a/nginx.dockerfile b/nginx.dockerfile
@@ -1,10 +1,17 @@
-FROM node:20.10 as intermediate
+FROM node:20.10-slim as intermediate
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        git \
+    && rm -rf /var/lib/apt/lists/*
 
 COPY ./ ./
 RUN files/prebuild/write-version.sh
 ARG OIDC_ENABLED
 RUN OIDC_ENABLED="$OIDC_ENABLED" files/prebuild/build-frontend.sh
 
+
+
 # when upgrading, look for upstream changes to redirector.conf
 # also, confirm setup-odk.sh strips out HTTP-01 ACME challenge location
 FROM jonasal/nginx-certbot:4.2.0

diff --git a/secrets.dockerfile b/secrets.dockerfile
@@ -1,2 +1,3 @@
-FROM node:20.10
+FROM node:20.10-slim
+
 COPY files/enketo/generate-secrets.sh ./
diff --git a/service.dockerfile b/service.dockerfile
@@ -1,38 +1,69 @@
 ARG node_version=20.10
-FROM node:${node_version} as intermediate
 
+
+
+FROM node:${node_version}-slim as pgdg
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        ca-certificates \
+        curl \
+        gpg \
+    && rm -rf /var/lib/apt/lists/* \
+    && update-ca-certificates
+RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ $(grep -oP 'VERSION_CODENAME=\K\w+' /etc/os-release)-pgdg main" \
+      | tee /etc/apt/sources.list.d/pgdg.list \
+    && curl https://www.postgresql.org/media/keys/ACCC4CF8.asc \
+      | gpg --dearmor > /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg
+
+
+
+FROM node:${node_version}-slim as intermediate
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        git \
+    && rm -rf /var/lib/apt/lists/*
 COPY . .
 RUN mkdir /tmp/sentry-versions
 RUN git describe --tags --dirty > /tmp/sentry-versions/central
-WORKDIR server
+WORKDIR /server
 RUN git describe --tags --dirty > /tmp/sentry-versions/server
-WORKDIR ../client
+WORKDIR /client
 RUN git describe --tags --dirty > /tmp/sentry-versions/client
 
-FROM node:${node_version}
 
-WORKDIR /usr/odk
 
-RUN apt-get update && apt-get install wait-for-it && rm -rf /var/lib/apt/lists/*
+FROM node:${node_version}-slim
 
-RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ $(grep -oP 'VERSION_CODENAME=\K\w+' /etc/os-release)-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list && \
-  curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg && \
-  apt-get update && \
-  apt-get install -y cron gettext postgresql-client-14
+ARG node_version
+LABEL org.opencontainers.image.source="https://github.com/getodk/central"
 
-COPY files/service/crontab /etc/cron.d/odk
+WORKDIR /usr/odk
 
 COPY server/package*.json ./
-
-RUN npm clean-install --omit=dev --legacy-peer-deps --no-audit --fund=false --update-notifier=false
+COPY --from=pgdg /etc/apt/sources.list.d/pgdg.list \
+    /etc/apt/sources.list.d/pgdg.list
+COPY --from=pgdg /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg \
+    /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        gpg \
+        cron \
+        wait-for-it \
+        gettext \
+        procps \
+        postgresql-client-14 \
+        netcat-traditional \
+    && rm -rf /var/lib/apt/lists/* \
+    && npm clean-install --omit=dev --legacy-peer-deps --no-audit \
+        --fund=false --update-notifier=false
 
 COPY server/ ./
 COPY files/service/scripts/ ./
 
 COPY files/service/config.json.template /usr/share/odk/
+COPY files/service/crontab /etc/cron.d/odk
 COPY files/service/odk-cmd /usr/bin/
 
 COPY --from=intermediate /tmp/sentry-versions/ ./sentry-versions
 
 EXPOSE 8383
-