Overhaul Admin and Public Dockerfiles (#285)

* Format Caddyfiles

* Switch from rhel/ubi8 to alpine in Dockerfiles

* Add wildcarded path for node_modules in .dockerignore

* Update lockfiles

* Node 14 alpine and overhauled Dockerfiles

* Reduce files in images, revise env.js and root paths

.dockerignore

@@ -28,11 +28,11 @@ docker-compose.y*ml
 .ps1
 
 # Node
-node_modules
+**/node_modules/
 nodemon*.json
 npm-debug.log
 npm-debug.log.*
 
 # Generated/transpiled files
-dist
-.dist
+**/dist/
+**/.dist/

.github/openshift/deploy.admin.yml

@@ -144,7 +144,7 @@ objects:
                 periodSeconds: 30
                 timeoutSeconds: 5
               volumeMounts:
-                - mountPath: /app/dist/${COMPONENT}/assets/env
+                - mountPath: /dist/assets/env
                   name: env-config
                 - mountPath: /data
                   name: caddy-data

.github/openshift/deploy.public.yml

@@ -144,7 +144,7 @@ objects:
                 periodSeconds: 30
                 timeoutSeconds: 5
               volumeMounts:
-                - mountPath: /app/dist/${COMPONENT}/assets/env
+                - mountPath: /dist/assets/env
                   name: env-config
                 - mountPath: /data
                   name: caddy-data

admin/Caddyfile

@@ -3,35 +3,35 @@
 #        Then access local frontend app: http://localhost:4300/admin/
 
 :4200 {
-    redir /admin /admin/
+	redir /admin /admin/
 
-    log {
-        level ERROR
-        format json
-        output stdout
-    }
+	log {
+		level ERROR
+		format json
+		output stdout
+	}
 
-    # Good practice to compress responses.
-    encode zstd gzip
+	# Good practice to compress responses.
+	encode zstd gzip
 
-    # If 'root' directive is used, it has to be before other directives such as 'try_files'.
-    root ./dist/admin
+	# If 'root' directive is used, it has to be before other directives such as 'try_files'.
+	root * /dist
 
-    header {
-        # allow caching for 5 minutes, for refreshing after deployments.
-        Cache-Control "public, max-age=300"
+	header {
+		# allow caching for 5 minutes, for refreshing after deployments.
+		Cache-Control "admin, max-age=300"
 
-        # Multi-lines for header's Content-Security-Policy won't work, it has to be enclosed in double quote as one line.
-        Content-Security-Policy "connect-src 'self' https://*.gov.bc.ca http://*.gov.bc.ca;form-action 'self';img-src 'self' https://server.arcgisonline.com data: https://services.arcgisonline.com data: https://maps.gov.bc.ca;frame-src 'self' https://*.gov.bc.ca;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;"
-
-        # For connect-src (Content-Security-Policy): add "*" if testing locally, will also need to bypass CORS in the API.
-        # For frame-src (Content-Security-Policy): gov.bc.ca is for keycloak.
-    }
+		# Multi-lines for header's Content-Security-Policy won't work, it has to be enclosed in double quote as one line.
+		Content-Security-Policy "connect-src 'self' https://*.gov.bc.ca http://*.gov.bc.ca;form-action 'self';img-src 'self' https://server.arcgisonline.com data: https://services.arcgisonline.com data: https://maps.gov.bc.ca;frame-src 'self' https://*.gov.bc.ca;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;"
 
-   # 'handle_path' does the match of the path and stripping the matched prefix out.
-    handle_path /admin/* {
-        try_files {path} {path}/ {file} /index.html
-    }
+		# For connect-src (Content-Security-Policy): add "*" if testing locally, will also need to bypass CORS in the API.
+		# For frame-src (Content-Security-Policy): gov.bc.ca is for keycloak.
+	}
 
-    file_server
+	# 'handle_path' does the match of the path and stripping the matched prefix out.
+	handle_path /admin/* {
+		try_files {path} {path}/ {file} /index.html
+	}
+
+	file_server
 }

admin/Dockerfile

@@ -1,44 +1,37 @@
-# RedHat UBI 8 with nodejs 14
-FROM registry.access.redhat.com/ubi8/nodejs-14:1-75.1652296492 as builder
+# Global args
+ARG build_dir=admin
+ARG port=4200
 
-# Install packages, build and keep only prod packages
+
+# Build container
+FROM node:14.21.2-alpine3.17 AS build
+
+# Install dependencies and build static content
+ARG build_dir
 WORKDIR /app
-COPY . ./
-USER root
+COPY ./libs ./libs
+COPY ./${build_dir} ./${build_dir}
 RUN cd libs && \
     npm ci && \
-    cd ../admin && \
+    cd ../${build_dir} && \
     npm ci && \
-    npm run build:admin && \
-    rm -rf node_modules
+    npm run build:${build_dir} && \
+    rm -rf node_modules ../libs/node_modules
 
-# Deployment container
-# FROM registry.access.redhat.com/ubi8/ubi-micro
-FROM caddy:2
 
-# Vars - configured for local development
-ENV FOM_ENV=dev
+# Deploy container
+FROM caddy:2.4.6-alpine
 
-# Node packages and dependencies
-COPY --from=builder /usr/bin/node /usr/bin/
-COPY --from=builder /usr/lib64/libz.so.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libbrotlidec.so.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libbrotlienc.so.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libcrypto.so.1.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libssl.so.1.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libstdc++.so.6 /usr/lib64/
-COPY --from=builder /usr/lib64/libgcc_s.so.1 /usr/lib64/
-COPY --from=builder /usr/lib64/libbrotlicommon.so.1 /usr/lib64/
-
-# Copy over app
-WORKDIR /app
-COPY --from=builder /app/admin/dist ./dist
-COPY --from=builder /app/admin ./admin
-COPY --from=builder /app/admin/Caddyfile .
+# Envar
+ENV FOM_ENV=dev
 
-# Expose port - mostly a convention, for readability
-EXPOSE 4200
+# Copy over Caddyfile and static content
+ARG build_dir
+COPY --from=build /app/${build_dir}/dist/${build_dir} /dist
+COPY --from=build /app/${build_dir}/Caddyfile /etc/caddy/Caddyfile
 
-# Start up command
+# Port, health check and user
+ARG port
+EXPOSE ${port}
+HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost/:${port}
 USER 1001
-ENTRYPOINT ["caddy", "run"]