build: bump docker image base, set node_env=prod (#479)

* build: bump docker image base, set node_env=prod

Signed-off-by: rare-magma <rare-magma@posteo.eu>

* docs: add release note

Signed-off-by: rare-magma <rare-magma@posteo.eu>

* build: use COPY commands

Signed-off-by: rare-magma <rare-magma@posteo.eu>

---------

Signed-off-by: rare-magma <rare-magma@posteo.eu>

Dockerfile

@@ -1,11 +1,11 @@
-FROM node:18-bullseye as base
+FROM node:18-bookworm as base
 RUN apt-get update && apt-get install -y openssl
 WORKDIR /app
-ADD .yarn ./.yarn
-ADD yarn.lock package.json .yarnrc.yml ./
+COPY .yarn ./.yarn
+COPY yarn.lock package.json .yarnrc.yml ./
 RUN yarn workspaces focus --all --production
 
-FROM node:18-bullseye-slim as prod
+FROM node:18-bookworm-slim as prod
 RUN apt-get update && apt-get install tini && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 
 ARG USERNAME=actual
@@ -16,10 +16,11 @@ RUN groupadd --gid $USER_GID $USERNAME \
 RUN mkdir /data && chown -R ${USERNAME}:${USERNAME} /data
 
 WORKDIR /app
+ENV NODE_ENV production
 COPY --from=base /app/node_modules /app/node_modules
-ADD package.json app.js ./
-ADD src ./src
-ADD migrations ./migrations
+COPY package.json app.js ./
+COPY src ./src
+COPY migrations ./migrations
 ENTRYPOINT ["/usr/bin/tini","-g",  "--"]
 EXPOSE 5006
 CMD ["node", "app.js"]

docker/edge-alpine.Dockerfile

@@ -1,21 +1,21 @@
-FROM alpine:3.17 as base
+FROM alpine:3.18 as base
 RUN apk add --no-cache nodejs yarn npm python3 openssl build-base jq curl
 WORKDIR /app
-ADD .yarn ./.yarn
-ADD yarn.lock package.json .yarnrc.yml ./
+COPY .yarn ./.yarn
+COPY yarn.lock package.json .yarnrc.yml ./
 RUN if [ "$(uname -m)" = "armv7l" ]; then yarn config set taskPoolConcurrency 2; yarn config set networkConcurrency 5; fi
 RUN yarn workspaces focus --all --production
 RUN if [ "$(uname -m)" = "armv7l" ]; then npm install bcrypt better-sqlite3 --build-from-source; fi
 
 RUN mkdir /public
-ADD artifacts.json /tmp/artifacts.json
+COPY artifacts.json /tmp/artifacts.json
 RUN jq -r '[.artifacts[] | select(.workflow_run.head_branch == "master" and .workflow_run.head_repository_id == .workflow_run.repository_id)][0]' /tmp/artifacts.json > /tmp/latest-build.json
 
 ARG GITHUB_TOKEN
 RUN curl -L -o /tmp/desktop-client.zip --header "Authorization: Bearer ${GITHUB_TOKEN}" $(jq -r '.archive_download_url' /tmp/latest-build.json)
 RUN unzip /tmp/desktop-client.zip -d /public
 
-FROM alpine:3.17 as prod
+FROM alpine:3.18 as prod
 RUN apk add --no-cache nodejs tini
 
 ARG USERNAME=actual
@@ -25,11 +25,12 @@ RUN addgroup -S ${USERNAME} -g ${USER_GID} && adduser -S ${USERNAME} -G ${USERNA
 RUN mkdir /data && chown -R ${USERNAME}:${USERNAME} /data
 
 WORKDIR /app
+ENV NODE_ENV production
 COPY --from=base /app/node_modules /app/node_modules
 COPY --from=base /public /public
-ADD package.json app.js ./
-ADD src ./src
-ADD migrations ./migrations
+COPY package.json app.js ./
+COPY src ./src
+COPY migrations ./migrations
 ENTRYPOINT ["/sbin/tini","-g",  "--"]
 ENV ACTUAL_WEB_ROOT=/public
 EXPOSE 5006

docker/edge-ubuntu.Dockerfile

@@ -1,20 +1,20 @@
-FROM node:18-bullseye as base
+FROM node:18-bookworm as base
 RUN apt-get update && apt-get install -y openssl jq
 WORKDIR /app
-ADD .yarn ./.yarn
-ADD yarn.lock package.json .yarnrc.yml ./
+COPY .yarn ./.yarn
+COPY yarn.lock package.json .yarnrc.yml ./
 RUN if [ "$(uname -m)" = "armv7l" ]; then yarn config set taskPoolConcurrency 2; yarn config set networkConcurrency 5; fi
 RUN yarn workspaces focus --all --production
 
 RUN mkdir /public
-ADD artifacts.json /tmp/artifacts.json
+COPY artifacts.json /tmp/artifacts.json
 RUN jq -r '[.artifacts[] | select(.workflow_run.head_branch == "master" and .workflow_run.head_repository_id == .workflow_run.repository_id)][0]' /tmp/artifacts.json > /tmp/latest-build.json
 
 ARG GITHUB_TOKEN
 RUN curl -L -o /tmp/desktop-client.zip --header "Authorization: Bearer ${GITHUB_TOKEN}" $(jq -r '.archive_download_url' /tmp/latest-build.json)
 RUN unzip /tmp/desktop-client.zip -d /public
 
-FROM node:18-bullseye-slim as prod
+FROM node:18-bookworm-slim as prod
 RUN apt-get update && apt-get install tini && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 
 ARG USERNAME=actual
@@ -25,11 +25,12 @@ RUN groupadd --gid $USER_GID $USERNAME \
 RUN mkdir /data && chown -R ${USERNAME}:${USERNAME} /data
 
 WORKDIR /app
+ENV NODE_ENV production
 COPY --from=base /app/node_modules /app/node_modules
 COPY --from=base /public /public
-ADD package.json app.js ./
-ADD src ./src
-ADD migrations ./migrations
+COPY package.json app.js ./
+COPY src ./src
+COPY migrations ./migrations
 ENTRYPOINT ["/usr/bin/tini","-g",  "--"]
 ENV ACTUAL_WEB_ROOT=/public
 EXPOSE 5006

docker/stable-alpine.Dockerfile

@@ -1,13 +1,13 @@
-FROM alpine:3.17 as base
+FROM alpine:3.18 as base
 RUN apk add --no-cache nodejs yarn npm python3 openssl build-base
 WORKDIR /app
-ADD .yarn ./.yarn
-ADD yarn.lock package.json .yarnrc.yml ./
+COPY .yarn ./.yarn
+COPY yarn.lock package.json .yarnrc.yml ./
 RUN if [ "$(uname -m)" = "armv7l" ]; then yarn config set taskPoolConcurrency 2; yarn config set networkConcurrency 5; fi
 RUN yarn workspaces focus --all --production
 RUN if [ "$(uname -m)" = "armv7l" ]; then npm install bcrypt better-sqlite3 --build-from-source; fi
 
-FROM alpine:3.17 as prod
+FROM alpine:3.18 as prod
 RUN apk add --no-cache nodejs tini
 
 ARG USERNAME=actual
@@ -17,10 +17,11 @@ RUN addgroup -S ${USERNAME} -g ${USER_GID} && adduser -S ${USERNAME} -G ${USERNA
 RUN mkdir /data && chown -R ${USERNAME}:${USERNAME} /data
 
 WORKDIR /app
+ENV NODE_ENV production
 COPY --from=base /app/node_modules /app/node_modules
-ADD package.json app.js ./
-ADD src ./src
-ADD migrations ./migrations
+COPY package.json app.js ./
+COPY src ./src
+COPY migrations ./migrations
 ENTRYPOINT ["/sbin/tini","-g",  "--"]
 EXPOSE 5006
 CMD ["node", "app.js"]

docker/stable-ubuntu.Dockerfile

@@ -1,12 +1,12 @@
-FROM node:18-bullseye as base
+FROM node:18-bookworm as base
 RUN apt-get update && apt-get install -y openssl
 WORKDIR /app
-ADD .yarn ./.yarn
-ADD yarn.lock package.json .yarnrc.yml ./
+COPY .yarn ./.yarn
+COPY yarn.lock package.json .yarnrc.yml ./
 RUN if [ "$(uname -m)" = "armv7l" ]; then yarn config set taskPoolConcurrency 2; yarn config set networkConcurrency 5; fi
 RUN yarn workspaces focus --all --production
 
-FROM node:18-bullseye-slim as prod
+FROM node:18-bookworm-slim as prod
 RUN apt-get update && apt-get install tini && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 
 ARG USERNAME=actual
@@ -17,10 +17,11 @@ RUN groupadd --gid $USER_GID $USERNAME \
 RUN mkdir /data && chown -R ${USERNAME}:${USERNAME} /data
 
 WORKDIR /app
+ENV NODE_ENV production
 COPY --from=base /app/node_modules /app/node_modules
-ADD package.json app.js ./
-ADD src ./src
-ADD migrations ./migrations
+COPY package.json app.js ./
+COPY src ./src
+COPY migrations ./migrations
 ENTRYPOINT ["/usr/bin/tini","-g",  "--"]
 EXPOSE 5006
 CMD ["node", "app.js"]

upcoming-release-notes/479.md

@@ -0,0 +1,6 @@
+---
+category: Maintenance
+authors: [rare-magma]
+---
+
+Updates the docker images base version and set node_env env variable to production