chore: initial new build process

app/Dockerfile

@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi9/s2i-base@sha256:9af1318d4d016b4aab0723aafdaf739972065919559107eadaccac4c8f350f37
+FROM node:18-alpine AS base
 
 ENV SUMMARY="An image for the CONN-CCBC-portal app" \
   DESCRIPTION="This image contains the compiled CONN-CCBC-portal node app"
@@ -13,70 +13,52 @@ LABEL summary="$SUMMARY" \
   maintainer="Romer, Meherzad CITZ:EX <Meherzad.Romer@gov.bc.ca>"
 
 ENV USER_ID=1001
-ENV APP_HOME=/root
-ENV HOME=/root
+ENV APP_HOME=/application
+#ENV HOME=/root
 ARG GIT_HASH
 ENV GIT_HASH=${GIT_HASH}
 
 WORKDIR ${APP_HOME}
 
-RUN INSTALL_PKGS="yarn-1.22.18-1" && \
-  yum -y update && \
-  curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo > /etc/yum.repos.d/yarn.repo && \
-  rpm --import https://dl.yarnpkg.com/rpm/pubkey.gpg && \
-  yum -y install --setopt=tsflags=nodocs $INSTALL_PKGS && \
-  rpm -V $INSTALL_PKGS && \
-  yum -y clean all --enablerepo='*' && \
-  rm -rf /var/cache
-
-# Install asdf package manager
-RUN git clone https://github.com/asdf-vm/asdf.git ${APP_HOME}/asdf --branch v0.8.1 && \
-  cd ${APP_HOME}/asdf && \
-  git checkout v0.8.1
-ENV BASH_ENV="${APP_HOME}/asdf/asdf.sh"
-# Because asdf is loaded via BASH_ENV, all commands using adsf need to be executed using /usr/bin/env bash -c
-SHELL ["/usr/bin/env", "bash", "-c"]
-
-# The app container only needs yarn and node; make sure they're installed
-COPY .tool-versions ${APP_HOME}/.tool-versions
-RUN sed -i -nr '/node|yarn/p' ${APP_HOME}/.tool-versions && \
-  cat ${APP_HOME}/.tool-versions | cut -f 1 -d ' ' | xargs -n 1 asdf plugin-add && \
-  asdf plugin-update --all && \
-  asdf install && \
-  asdf reshim && \
-  pushd ${APP_HOME}/.asdf/installs/nodejs/$(awk '/^nodejs/ { print $2 }' .tool-versions)/lib && \
-  npm i npm corepack && \
-  rm -f package.json package-lock.json && \
-  popd
-
-ADD https://github.com/Yelp/dumb-init/releases/download/v1.2.0/dumb-init_1.2.0_amd64 /usr/local/bin/dumb-init
-RUN chmod +x /usr/local/bin/dumb-init
-ENTRYPOINT ["dumb-init", "--", "/usr/bin/env", "bash", "-c"]
-
-COPY app/ ${APP_HOME}/
-
-# FIX CVE-2022-29244
-RUN rm -rf /usr/local/bin/npm \
-  && rm -rf /root/.npm
+# 1. Install dependencies only when needed
+FROM base AS deps
+# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
+RUN apk add --no-cache libc6-compat
+
+WORKDIR ${APP_HOME}
+COPY app/package.json .
+COPY app/yarn.lock .
+
+RUN yarn --frozen-lockfile
+
+# 2. Rebuild the source code only when needed
+FROM base AS builder
+WORKDIR ${APP_HOME}
+COPY --from=deps ${APP_HOME}/node_modules ./node_modules
+COPY app/ .
+# This will do the trick, use the corresponding env file for each environment.
+RUN yarn build:relay && yarn build:server && yarn build:next
+
+# 3. Production image, copy all the files and run next
+FROM base AS runner
+WORKDIR ${APP_HOME}
 
 ENV NODE_ENV=production
-ENV ENABLE_ANALYTICS=true
-
-RUN PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1 CYPRESS_INSTALL_BINARY=0 \
-  yarn install --frozen-lockfile --production=false && \
-  yarn build:relay && \
-  yarn build:server && \
-  yarn build:next && \
-  yarn install --frozen-lockfile --production=true && \
-  yarn cache clean && \
-  # Make everything in the home group-writable to support OpenShift's restricted SCC
-  # Needs to be done as root to chown
-  # same layer as yarn install to keep re-chowned files from using up several hundred MBs more space
-  chown -R ${USER_ID}:0 ${APP_HOME} && \
-  chmod -R g+rwX ${APP_HOME}
 
-EXPOSE 3000 9000
+RUN addgroup -g 1001 -S nodejs
+RUN adduser -S nextjs -u 1001
+
+COPY --from=builder ${APP_HOME}/public ./public
+
+# Automatically leverage output traces to reduce image size
+# https://nextjs.org/docs/advanced-features/output-file-tracing
+#COPY --from=builder --chown=nextjs:nodejs ${APP_HOME}/.next/ ./
+#COPY --from=builder --chown=nextjs:nodejs ${APP_HOME}/.next/static ./.next/static
+#COPY --from=builder --chown=nextjs:nodejs ${APP_HOME}/dist ./dist
+COPY --from=builder --chown=${USER_ID}:0 --chmod=g+rwX ${APP_HOME} ./
+
 USER ${USER_ID}
-WORKDIR ${APP_HOME}
 
-CMD ["yarn start"]
+EXPOSE 3000 9000
+
+CMD node --unhandled-rejections=strict --enable-network-family-autoselection dist/server.js

app/next.config.js

@@ -1,6 +1,7 @@
 /** @type {import('next').NextConfig} */
 const { withSentryConfig } = require('@sentry/nextjs');
 const convictConfig = require('./config');
+const SentryWebpackPlugin = require('@sentry/webpack-plugin');
 
 const moduleExports = {
   poweredByHeader: false,
@@ -40,6 +41,25 @@ const moduleExports = {
       newConfig.resolve.fallback.fs = false;
     }
     newConfig.experiments = { topLevelAwait: true, layers: true };
+    // Ask Webpack to replace @sentry/node imports with @sentry/browser when
+    // building the browser's bundle
+    if (!isServer) {
+      // eslint-disable-next-line no-param-reassign
+      config.resolve.alias['@sentry/node'] = '@sentry/browser';
+    }
+    // The Sentry webpack plugin gets pushed to the webpack plugins to build
+    // and upload the source maps to sentry.
+    config.plugins.push(
+      new SentryWebpackPlugin({
+        include: '.next',
+        configFile: 'sentry.properties',
+        release: process.env.GIT_HASH,
+        ignore: ['node_modules'],
+        urlPrefix: '~/_next',
+        dryRun: true,
+        silent: true,
+      })
+    );
 
     return newConfig;
   },

app/package.json

@@ -160,7 +160,7 @@
     "nodemon": "^2.0.20",
     "prettier": "^3.2.5",
     "react-dom": "^18.2.0",
-    "relay-compiler": "^13.2.0",
+    "relay-compiler": "14",
     "relay-test-utils": "^13.2.0",
     "supertest": "^6.3.4",
     "ts-jest": "^28.0.2",

app/yarn.lock

@@ -12214,10 +12214,10 @@ regexpp@^3.2.0:
   resolved "https://registry.yarnpkg.com/regexpp/-/regexpp-3.2.0.tgz#0425a2768d8f23bad70ca4b90461fa2f1213e1b2"
   integrity sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg==
 
-relay-compiler@^13.2.0:
-  version "13.2.0"
-  resolved "https://registry.yarnpkg.com/relay-compiler/-/relay-compiler-13.2.0.tgz#06dd416e19e1cd22008b89499726ea5eb342c36e"
-  integrity sha512-GGLWTJYqQ5jQLMXlq++Fl17f4gMuvmIi3+xU/TrD4UqWZLI3qhxE0NFAmOvg6xgBQ8xtCMhP066kv+3bhL+7Aw==
+relay-compiler@14:
+  version "14.1.0"
+  resolved "https://registry.yarnpkg.com/relay-compiler/-/relay-compiler-14.1.0.tgz#88e9c531eb14a6a31e6f14663982124d780bd1b6"
+  integrity sha512-P8+CXm+Hq96z5NNwYl7hyGo5GgvMZDs9mXBRv7txUbJO4Ql9mXio3+D9EX3VfevRWTuE4ahM37i3Ssx1H604vA==
 
 relay-nextjs@^0.8.0:
   version "0.8.0"