From b98ff3f50dfc7ee3754dd322168345f4458082be Mon Sep 17 00:00:00 2001
From: Nuno <rare-magma@posteo.eu>
Date: Sun, 3 Nov 2024 21:53:03 +0100
Subject: [PATCH] build: bump docker image base, set node_env=prod (#479)

* build: bump docker image base, set node_env=prod

Signed-off-by: rare-magma <rare-magma@posteo.eu>

* docs: add release note

Signed-off-by: rare-magma <rare-magma@posteo.eu>

* build: use COPY commands

Signed-off-by: rare-magma <rare-magma@posteo.eu>

---------

Signed-off-by: rare-magma <rare-magma@posteo.eu>
---
 Dockerfile                      | 15 ++++++++-------
 docker/edge-alpine.Dockerfile   | 17 +++++++++--------
 docker/edge-ubuntu.Dockerfile   | 17 +++++++++--------
 docker/stable-alpine.Dockerfile | 15 ++++++++-------
 docker/stable-ubuntu.Dockerfile | 15 ++++++++-------
 upcoming-release-notes/479.md   |  6 ++++++
 6 files changed, 48 insertions(+), 37 deletions(-)
 create mode 100644 upcoming-release-notes/479.md

diff --git a/Dockerfile b/Dockerfile
index ad5aa098e..028f514f9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,11 +1,11 @@
-FROM node:18-bullseye as base
+FROM node:18-bookworm as base
 RUN apt-get update && apt-get install -y openssl
 WORKDIR /app
-ADD .yarn ./.yarn
-ADD yarn.lock package.json .yarnrc.yml ./
+COPY .yarn ./.yarn
+COPY yarn.lock package.json .yarnrc.yml ./
 RUN yarn workspaces focus --all --production
 
-FROM node:18-bullseye-slim as prod
+FROM node:18-bookworm-slim as prod
 RUN apt-get update && apt-get install tini && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 
 ARG USERNAME=actual
@@ -16,10 +16,11 @@ RUN groupadd --gid $USER_GID $USERNAME \
 RUN mkdir /data && chown -R ${USERNAME}:${USERNAME} /data
 
 WORKDIR /app
+ENV NODE_ENV production
 COPY --from=base /app/node_modules /app/node_modules
-ADD package.json app.js ./
-ADD src ./src
-ADD migrations ./migrations
+COPY package.json app.js ./
+COPY src ./src
+COPY migrations ./migrations
 ENTRYPOINT ["/usr/bin/tini","-g",  "--"]
 EXPOSE 5006
 CMD ["node", "app.js"]
diff --git a/docker/edge-alpine.Dockerfile b/docker/edge-alpine.Dockerfile
index 7c3f57ec0..eece22ebc 100644
--- a/docker/edge-alpine.Dockerfile
+++ b/docker/edge-alpine.Dockerfile
@@ -1,21 +1,21 @@
-FROM alpine:3.17 as base
+FROM alpine:3.18 as base
 RUN apk add --no-cache nodejs yarn npm python3 openssl build-base jq curl
 WORKDIR /app
-ADD .yarn ./.yarn
-ADD yarn.lock package.json .yarnrc.yml ./
+COPY .yarn ./.yarn
+COPY yarn.lock package.json .yarnrc.yml ./
 RUN if [ "$(uname -m)" = "armv7l" ]; then yarn config set taskPoolConcurrency 2; yarn config set networkConcurrency 5; fi
 RUN yarn workspaces focus --all --production
 RUN if [ "$(uname -m)" = "armv7l" ]; then npm install bcrypt better-sqlite3 --build-from-source; fi
 
 RUN mkdir /public
-ADD artifacts.json /tmp/artifacts.json
+COPY artifacts.json /tmp/artifacts.json
 RUN jq -r '[.artifacts[] | select(.workflow_run.head_branch == "master" and .workflow_run.head_repository_id == .workflow_run.repository_id)][0]' /tmp/artifacts.json > /tmp/latest-build.json
 
 ARG GITHUB_TOKEN
 RUN curl -L -o /tmp/desktop-client.zip --header "Authorization: Bearer ${GITHUB_TOKEN}" $(jq -r '.archive_download_url' /tmp/latest-build.json)
 RUN unzip /tmp/desktop-client.zip -d /public
 
-FROM alpine:3.17 as prod
+FROM alpine:3.18 as prod
 RUN apk add --no-cache nodejs tini
 
 ARG USERNAME=actual
@@ -25,11 +25,12 @@ RUN addgroup -S ${USERNAME} -g ${USER_GID} && adduser -S ${USERNAME} -G ${USERNA
 RUN mkdir /data && chown -R ${USERNAME}:${USERNAME} /data
 
 WORKDIR /app
+ENV NODE_ENV production
 COPY --from=base /app/node_modules /app/node_modules
 COPY --from=base /public /public
-ADD package.json app.js ./
-ADD src ./src
-ADD migrations ./migrations
+COPY package.json app.js ./
+COPY src ./src
+COPY migrations ./migrations
 ENTRYPOINT ["/sbin/tini","-g",  "--"]
 ENV ACTUAL_WEB_ROOT=/public
 EXPOSE 5006
diff --git a/docker/edge-ubuntu.Dockerfile b/docker/edge-ubuntu.Dockerfile
index 99e4e757e..500b22654 100644
--- a/docker/edge-ubuntu.Dockerfile
+++ b/docker/edge-ubuntu.Dockerfile
@@ -1,20 +1,20 @@
-FROM node:18-bullseye as base
+FROM node:18-bookworm as base
 RUN apt-get update && apt-get install -y openssl jq
 WORKDIR /app
-ADD .yarn ./.yarn
-ADD yarn.lock package.json .yarnrc.yml ./
+COPY .yarn ./.yarn
+COPY yarn.lock package.json .yarnrc.yml ./
 RUN if [ "$(uname -m)" = "armv7l" ]; then yarn config set taskPoolConcurrency 2; yarn config set networkConcurrency 5; fi
 RUN yarn workspaces focus --all --production
 
 RUN mkdir /public
-ADD artifacts.json /tmp/artifacts.json
+COPY artifacts.json /tmp/artifacts.json
 RUN jq -r '[.artifacts[] | select(.workflow_run.head_branch == "master" and .workflow_run.head_repository_id == .workflow_run.repository_id)][0]' /tmp/artifacts.json > /tmp/latest-build.json
 
 ARG GITHUB_TOKEN
 RUN curl -L -o /tmp/desktop-client.zip --header "Authorization: Bearer ${GITHUB_TOKEN}" $(jq -r '.archive_download_url' /tmp/latest-build.json)
 RUN unzip /tmp/desktop-client.zip -d /public
 
-FROM node:18-bullseye-slim as prod
+FROM node:18-bookworm-slim as prod
 RUN apt-get update && apt-get install tini && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 
 ARG USERNAME=actual
@@ -25,11 +25,12 @@ RUN groupadd --gid $USER_GID $USERNAME \
 RUN mkdir /data && chown -R ${USERNAME}:${USERNAME} /data
 
 WORKDIR /app
+ENV NODE_ENV production
 COPY --from=base /app/node_modules /app/node_modules
 COPY --from=base /public /public
-ADD package.json app.js ./
-ADD src ./src
-ADD migrations ./migrations
+COPY package.json app.js ./
+COPY src ./src
+COPY migrations ./migrations
 ENTRYPOINT ["/usr/bin/tini","-g",  "--"]
 ENV ACTUAL_WEB_ROOT=/public
 EXPOSE 5006
diff --git a/docker/stable-alpine.Dockerfile b/docker/stable-alpine.Dockerfile
index e6b216520..cc0067856 100644
--- a/docker/stable-alpine.Dockerfile
+++ b/docker/stable-alpine.Dockerfile
@@ -1,13 +1,13 @@
-FROM alpine:3.17 as base
+FROM alpine:3.18 as base
 RUN apk add --no-cache nodejs yarn npm python3 openssl build-base
 WORKDIR /app
-ADD .yarn ./.yarn
-ADD yarn.lock package.json .yarnrc.yml ./
+COPY .yarn ./.yarn
+COPY yarn.lock package.json .yarnrc.yml ./
 RUN if [ "$(uname -m)" = "armv7l" ]; then yarn config set taskPoolConcurrency 2; yarn config set networkConcurrency 5; fi
 RUN yarn workspaces focus --all --production
 RUN if [ "$(uname -m)" = "armv7l" ]; then npm install bcrypt better-sqlite3 --build-from-source; fi
 
-FROM alpine:3.17 as prod
+FROM alpine:3.18 as prod
 RUN apk add --no-cache nodejs tini
 
 ARG USERNAME=actual
@@ -17,10 +17,11 @@ RUN addgroup -S ${USERNAME} -g ${USER_GID} && adduser -S ${USERNAME} -G ${USERNA
 RUN mkdir /data && chown -R ${USERNAME}:${USERNAME} /data
 
 WORKDIR /app
+ENV NODE_ENV production
 COPY --from=base /app/node_modules /app/node_modules
-ADD package.json app.js ./
-ADD src ./src
-ADD migrations ./migrations
+COPY package.json app.js ./
+COPY src ./src
+COPY migrations ./migrations
 ENTRYPOINT ["/sbin/tini","-g",  "--"]
 EXPOSE 5006
 CMD ["node", "app.js"]
diff --git a/docker/stable-ubuntu.Dockerfile b/docker/stable-ubuntu.Dockerfile
index eb02aad66..0f20d1925 100644
--- a/docker/stable-ubuntu.Dockerfile
+++ b/docker/stable-ubuntu.Dockerfile
@@ -1,12 +1,12 @@
-FROM node:18-bullseye as base
+FROM node:18-bookworm as base
 RUN apt-get update && apt-get install -y openssl
 WORKDIR /app
-ADD .yarn ./.yarn
-ADD yarn.lock package.json .yarnrc.yml ./
+COPY .yarn ./.yarn
+COPY yarn.lock package.json .yarnrc.yml ./
 RUN if [ "$(uname -m)" = "armv7l" ]; then yarn config set taskPoolConcurrency 2; yarn config set networkConcurrency 5; fi
 RUN yarn workspaces focus --all --production
 
-FROM node:18-bullseye-slim as prod
+FROM node:18-bookworm-slim as prod
 RUN apt-get update && apt-get install tini && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 
 ARG USERNAME=actual
@@ -17,10 +17,11 @@ RUN groupadd --gid $USER_GID $USERNAME \
 RUN mkdir /data && chown -R ${USERNAME}:${USERNAME} /data
 
 WORKDIR /app
+ENV NODE_ENV production
 COPY --from=base /app/node_modules /app/node_modules
-ADD package.json app.js ./
-ADD src ./src
-ADD migrations ./migrations
+COPY package.json app.js ./
+COPY src ./src
+COPY migrations ./migrations
 ENTRYPOINT ["/usr/bin/tini","-g",  "--"]
 EXPOSE 5006
 CMD ["node", "app.js"]
diff --git a/upcoming-release-notes/479.md b/upcoming-release-notes/479.md
new file mode 100644
index 000000000..17fd70b70
--- /dev/null
+++ b/upcoming-release-notes/479.md
@@ -0,0 +1,6 @@
+---
+category: Maintenance
+authors: [rare-magma]
+---
+
+Updates the docker images base version and set node_env env variable to production