diff --git a/app/Dockerfile b/app/Dockerfile index ddea0b03da..ee05a395ee 100644 --- a/app/Dockerfile +++ b/app/Dockerfile @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi9/s2i-base@sha256:9af1318d4d016b4aab0723aafdaf739972065919559107eadaccac4c8f350f37 +FROM node:18-alpine AS base ENV SUMMARY="An image for the CONN-CCBC-portal app" \ DESCRIPTION="This image contains the compiled CONN-CCBC-portal node app" @@ -13,70 +13,52 @@ LABEL summary="$SUMMARY" \ maintainer="Romer, Meherzad CITZ:EX " ENV USER_ID=1001 -ENV APP_HOME=/root -ENV HOME=/root +ENV APP_HOME=/application +#ENV HOME=/root ARG GIT_HASH ENV GIT_HASH=${GIT_HASH} WORKDIR ${APP_HOME} -RUN INSTALL_PKGS="yarn-1.22.18-1" && \ - yum -y update && \ - curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo > /etc/yum.repos.d/yarn.repo && \ - rpm --import https://dl.yarnpkg.com/rpm/pubkey.gpg && \ - yum -y install --setopt=tsflags=nodocs $INSTALL_PKGS && \ - rpm -V $INSTALL_PKGS && \ - yum -y clean all --enablerepo='*' && \ - rm -rf /var/cache - -# Install asdf package manager -RUN git clone https://github.com/asdf-vm/asdf.git ${APP_HOME}/asdf --branch v0.8.1 && \ - cd ${APP_HOME}/asdf && \ - git checkout v0.8.1 -ENV BASH_ENV="${APP_HOME}/asdf/asdf.sh" -# Because asdf is loaded via BASH_ENV, all commands using adsf need to be executed using /usr/bin/env bash -c -SHELL ["/usr/bin/env", "bash", "-c"] - -# The app container only needs yarn and node; make sure they're installed -COPY .tool-versions ${APP_HOME}/.tool-versions -RUN sed -i -nr '/node|yarn/p' ${APP_HOME}/.tool-versions && \ - cat ${APP_HOME}/.tool-versions | cut -f 1 -d ' ' | xargs -n 1 asdf plugin-add && \ - asdf plugin-update --all && \ - asdf install && \ - asdf reshim && \ - pushd ${APP_HOME}/.asdf/installs/nodejs/$(awk '/^nodejs/ { print $2 }' .tool-versions)/lib && \ - npm i npm corepack && \ - rm -f package.json package-lock.json && \ - popd - -ADD https://github.com/Yelp/dumb-init/releases/download/v1.2.0/dumb-init_1.2.0_amd64 /usr/local/bin/dumb-init -RUN chmod +x /usr/local/bin/dumb-init -ENTRYPOINT ["dumb-init", "--", "/usr/bin/env", "bash", "-c"] - -COPY app/ ${APP_HOME}/ - -# FIX CVE-2022-29244 -RUN rm -rf /usr/local/bin/npm \ - && rm -rf /root/.npm +# 1. Install dependencies only when needed +FROM base AS deps +# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed. +RUN apk add --no-cache libc6-compat + +WORKDIR ${APP_HOME} +COPY app/package.json . +COPY app/yarn.lock . + +RUN yarn --frozen-lockfile + +# 2. Rebuild the source code only when needed +FROM base AS builder +WORKDIR ${APP_HOME} +COPY --from=deps ${APP_HOME}/node_modules ./node_modules +COPY app/ . +# This will do the trick, use the corresponding env file for each environment. +RUN yarn build:relay && yarn build:server && yarn build:next + +# 3. Production image, copy all the files and run next +FROM base AS runner +WORKDIR ${APP_HOME} ENV NODE_ENV=production -ENV ENABLE_ANALYTICS=true - -RUN PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1 CYPRESS_INSTALL_BINARY=0 \ - yarn install --frozen-lockfile --production=false && \ - yarn build:relay && \ - yarn build:server && \ - yarn build:next && \ - yarn install --frozen-lockfile --production=true && \ - yarn cache clean && \ - # Make everything in the home group-writable to support OpenShift's restricted SCC - # Needs to be done as root to chown - # same layer as yarn install to keep re-chowned files from using up several hundred MBs more space - chown -R ${USER_ID}:0 ${APP_HOME} && \ - chmod -R g+rwX ${APP_HOME} -EXPOSE 3000 9000 +RUN addgroup -g 1001 -S nodejs +RUN adduser -S nextjs -u 1001 + +COPY --from=builder ${APP_HOME}/public ./public + +# Automatically leverage output traces to reduce image size +# https://nextjs.org/docs/advanced-features/output-file-tracing +#COPY --from=builder --chown=nextjs:nodejs ${APP_HOME}/.next/ ./ +#COPY --from=builder --chown=nextjs:nodejs ${APP_HOME}/.next/static ./.next/static +#COPY --from=builder --chown=nextjs:nodejs ${APP_HOME}/dist ./dist +COPY --from=builder --chown=${USER_ID}:0 --chmod=g+rwX ${APP_HOME} ./ + USER ${USER_ID} -WORKDIR ${APP_HOME} -CMD ["yarn start"] +EXPOSE 3000 9000 + +CMD node --unhandled-rejections=strict --enable-network-family-autoselection dist/server.js diff --git a/app/next.config.js b/app/next.config.js index 7ba7ab5bd5..83350cbab9 100644 --- a/app/next.config.js +++ b/app/next.config.js @@ -1,6 +1,7 @@ /** @type {import('next').NextConfig} */ const { withSentryConfig } = require('@sentry/nextjs'); const convictConfig = require('./config'); +const SentryWebpackPlugin = require('@sentry/webpack-plugin'); const moduleExports = { poweredByHeader: false, @@ -40,6 +41,25 @@ const moduleExports = { newConfig.resolve.fallback.fs = false; } newConfig.experiments = { topLevelAwait: true, layers: true }; + // Ask Webpack to replace @sentry/node imports with @sentry/browser when + // building the browser's bundle + if (!isServer) { + // eslint-disable-next-line no-param-reassign + config.resolve.alias['@sentry/node'] = '@sentry/browser'; + } + // The Sentry webpack plugin gets pushed to the webpack plugins to build + // and upload the source maps to sentry. + config.plugins.push( + new SentryWebpackPlugin({ + include: '.next', + configFile: 'sentry.properties', + release: process.env.GIT_HASH, + ignore: ['node_modules'], + urlPrefix: '~/_next', + dryRun: true, + silent: true, + }) + ); return newConfig; }, diff --git a/app/package.json b/app/package.json index 200634aa5e..bb73eaef35 100644 --- a/app/package.json +++ b/app/package.json @@ -160,7 +160,7 @@ "nodemon": "^2.0.20", "prettier": "^3.2.5", "react-dom": "^18.2.0", - "relay-compiler": "^13.2.0", + "relay-compiler": "14", "relay-test-utils": "^13.2.0", "supertest": "^6.3.4", "ts-jest": "^28.0.2", diff --git a/app/yarn.lock b/app/yarn.lock index a3d26be173..6b180fb281 100644 --- a/app/yarn.lock +++ b/app/yarn.lock @@ -12214,10 +12214,10 @@ regexpp@^3.2.0: resolved "https://registry.yarnpkg.com/regexpp/-/regexpp-3.2.0.tgz#0425a2768d8f23bad70ca4b90461fa2f1213e1b2" integrity sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg== -relay-compiler@^13.2.0: - version "13.2.0" - resolved "https://registry.yarnpkg.com/relay-compiler/-/relay-compiler-13.2.0.tgz#06dd416e19e1cd22008b89499726ea5eb342c36e" - integrity sha512-GGLWTJYqQ5jQLMXlq++Fl17f4gMuvmIi3+xU/TrD4UqWZLI3qhxE0NFAmOvg6xgBQ8xtCMhP066kv+3bhL+7Aw== +relay-compiler@14: + version "14.1.0" + resolved "https://registry.yarnpkg.com/relay-compiler/-/relay-compiler-14.1.0.tgz#88e9c531eb14a6a31e6f14663982124d780bd1b6" + integrity sha512-P8+CXm+Hq96z5NNwYl7hyGo5GgvMZDs9mXBRv7txUbJO4Ql9mXio3+D9EX3VfevRWTuE4ahM37i3Ssx1H604vA== relay-nextjs@^0.8.0: version "0.8.0"