🐳 Docker Updates

.dockerignore

@@ -6,20 +6,24 @@ out/
 .github/
 # ignore all .gitignore files
 **/.gitignore
-**/.turbo
 
 # no need for .vscode
 .vscode
 
 *.md
-!README*.md
 
 # https://nodejs.org/en/docs/guides/nodejs-docker-webapp/#dockerignore-file
 **/node_modules
 npm-debug.log
 
+# Docker Stuff
 .dockerignore
+**/Dockerfile
 
-# Svelte-kit specific stuff
+# Netlify
 **/.netlify
-**/svelte-kit
+netlify.toml
+
+# Other stuff
+renovate.json
+**/.turbo

.github/actions/build-docker-image-cache/action.yml

@@ -14,7 +14,6 @@ inputs:
     required: true
     description: "tags to add to the image"
 
-
 runs:
   using: composite
   steps:

.github/containerscan/allowedlist.yaml

@@ -1,6 +1,4 @@
 general:
-  vulnerabilities:
-    - CVE-2021-3807 # ansi-regex vulnerability.
   bestPracticeViolations:
     - DKL-DI-0006 # avoid latest tag
     - CIS-DI-0005 # avoid insecure registry

apps/bot/Dockerfile

@@ -6,7 +6,7 @@ FROM node:16-alpine3.12 AS base
 # Ensure we prune workspace so we don't unnecessarily build so much
 
 FROM base AS turboed
-RUN yarn global add turbo
+RUN yarn global add turbo@1.1.1
 
 # Prune the workspace for the `frontend` app
 FROM turboed AS pruner
@@ -28,16 +28,15 @@ RUN yarn --pure-lockfile --no-cache
 FROM installer AS builder
 WORKDIR /app
 COPY --from=pruner /app/out/full/ .
+COPY --from=pruner /app/turbo.json ./turbo.json
 RUN yarn turbo run build --scope=bot --include-dependencies --no-deps
 # Clear dev dependencies (e.g. turbo, tsc)
 RUN npm prune --production
 
 # Start the app
 # Copy over `build/index.js` 
-FROM base AS runner
-RUN apk add --no-cache dumb-init
-WORKDIR /app
-USER node
-COPY --chown=node:node --from=builder /app/apps/bot/build/index.js ./index.js
+FROM ghcr.io/joshuanianji/scratch-node-dumb-init:16.12.0 as runner
+COPY --from=builder /app/apps/bot/build/index.js /index.js
 ENV NODE_ENV production
-CMD ["dumb-init", "node", "index.js"]
+
+CMD ["node", "index.js"]

apps/server/Dockerfile

@@ -7,7 +7,7 @@ FROM node:16-alpine3.12 AS base
 # Ensure we prune workspace so we don't unnecessarily build so much
 
 FROM base AS turboed
-RUN yarn global add turbo
+RUN yarn global add turbo@1.1.1
 
 # Prune the workspace for the `frontend` app
 # Use the turboed image to use the `turbo` command before we install dependencies.
@@ -30,17 +30,15 @@ RUN yarn --pure-lockfile --no-cache
 FROM installer AS builder
 WORKDIR /app
 COPY --from=pruner /app/out/full/ .
+COPY --from=pruner /app/turbo.json ./turbo.json
 RUN yarn turbo run build --scope=server --include-dependencies --no-deps
 
 # Copy over `build/index.js` and assets folder
-FROM base AS runner
-RUN apk add --no-cache dumb-init
-WORKDIR /app
-COPY --chown=node:node --from=builder /app/apps/server/build/index.js ./index.js
-COPY --chown=node:node --from=builder /app/apps/server/assets/ ./assets/
+FROM ghcr.io/joshuanianji/scratch-node-dumb-init:16.12.0 as runner
+COPY --from=builder /app/apps/server/build/index.js /index.js
+COPY --from=builder /app/apps/server/assets/ /assets/
 EXPOSE 3001
-USER node
 ENV NODE_ENV production
-CMD ["dumb-init", "node", "index.js"]
+CMD ["node", "index.js"]
 
-HEALTHCHECK CMD curl --fail http://localhost:3001 || exit 1   
+HEALTHCHECK CMD curl --fail http://localhost:3001 || exit 1

turbo.json

@@ -1,16 +1,12 @@
 {
+  "baseBranch": "origin/main",
   "pipeline": {
     "start": {
       "cache": false
     },
     "build": {
-      "dependsOn": [
-        "^build"
-      ],
-      "outputs": [
-        "dist/**",
-        ".next/**"
-      ]
+      "dependsOn": ["^build"],
+      "outputs": ["dist/**", ".next/**"]
     },
     "lint": {
       "outputs": []