From 59d59eb0487179caff37d9c40665d39bfe2bb856 Mon Sep 17 00:00:00 2001
From: Michael Schramm <michael.schramm@gmail.com>
Date: Tue, 16 Jun 2020 10:45:52 +0200
Subject: [PATCH] reduce docker layer size

---
 CHANGELOG.md |  5 +++++
 Dockerfile   | 24 ++++++++++++++++++------
 api          |  2 +-
 ui           |  2 +-
 4 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 44a1f5a0..b0548950 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,9 +9,14 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Added
 ### Changed
+
+- minify containers to reduce layer size
+
 ### Fixed
 ### Security
 
+- container now runs as non root user
+
 ## [0.9.5] - 2020-06-10
  
 ### Added
diff --git a/Dockerfile b/Dockerfile
index 619225a0..40faa6f9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 ## Build API
-FROM node:12 as api
+FROM node:12-alpine as api
 
 WORKDIR /usr/src/app
 
@@ -9,26 +9,38 @@ RUN yarn install --frozen-lockfile
 RUN yarn export
 
 ## Build APP
-FROM node:12 as app
+FROM node:12-alpine as app
 LABEL maintainer="OhMyForm <admin@ohmyform.com>"
 
 WORKDIR /usr/src/app
 
+RUN apk update && apk add curl bash && rm -rf /var/cache/apk/*
+
+# install node-prune (https://github.com/tj/node-prune)
+RUN curl -sfL https://install.goreleaser.com/github.com/tj/node-prune.sh | bash -s -- -b /usr/local/bin
+
+
 COPY api/ .
 COPY --from=api /usr/src/app/out /usr/src/app/public
 
 RUN yarn install --frozen-lockfile
 RUN yarn build
+
+# remove development dependencies
+RUN npm prune --production
+
+# run node prune
+RUN /usr/local/bin/node-prune
+
 ## Glue
-RUN addgroup --gid 9999 ohmyform && adduser --disabled-login --uid 9999 --gid 9999 ohmyform && \
-      touch /usr/src/app/src/schema.gql && chown ohmyform:ohmyform /usr/src/app/src/schema.gql
+RUN touch /usr/src/app/src/schema.gql && chown 9999:9999 /usr/src/app/src/schema.gql
 
 ## Production Image.
-FROM node:12
+FROM node:12-alpine
 
 WORKDIR /usr/src/app
 COPY --from=app /usr/src/app /usr/src/app
-RUN addgroup --gid 9999 ohmyform && adduser --disabled-login --uid 9999 --gid 9999 ohmyform
+RUN addgroup --gid 9999 ohmyform && adduser -D --uid 9999 -G ohmyform ohmyform
 ENV PORT=3000 \
     SECRET_KEY=ChangeMe \
     CREATE_ADMIN=FALSE \
diff --git a/api b/api
index 522db49d..99fd0b4d 160000
--- a/api
+++ b/api
@@ -1 +1 @@
-Subproject commit 522db49d0ad3543d849d7a7e44df6dc7299d388f
+Subproject commit 99fd0b4dc7412e72ca3324810cc1baf6a7790c21
diff --git a/ui b/ui
index e124aa1d..84f23706 160000
--- a/ui
+++ b/ui
@@ -1 +1 @@
-Subproject commit e124aa1d676d03a68fc15353b44898e75ef2b398
+Subproject commit 84f23706b5dbea2f77890b8836065892fc2a180b