From 0dfeeed4dd5099424b1f9734939bb870aa856c4c Mon Sep 17 00:00:00 2001
From: jpsl <joao.luis@pdmfc.com>
Date: Wed, 1 Jun 2022 09:59:30 +0100
Subject: [PATCH] #74 - docker/api/ Dockerfile revision

---
 docker/api/Dockerfile              | 53 +++++++++++++++++++++-------
 docker/api/docker-compose-eth.yml  |  2 +-
 docker/api/docker-compose.yml      |  4 ++-
 docker/api/traceability/Dockerfile | 56 +++++++++++++++++++++---------
 4 files changed, 84 insertions(+), 31 deletions(-)

diff --git a/docker/api/Dockerfile b/docker/api/Dockerfile
index f4eab72e..bcc0f307 100644
--- a/docker/api/Dockerfile
+++ b/docker/api/Dockerfile
@@ -1,24 +1,51 @@
-FROM node:14.16-buster
+# Docker image build for Finished Goods Traceability (FGT)
+#
+FROM node:14.17.4-alpine
 
-RUN npm install -g node-gyp
+# The tag, branch or commit hash to clone.
+ARG GIT_BRANCH
+ENV GIT_BRANCH=${GIT_BRANCH:-master}
 
-ENV TARGET_FOLDER_NAME="fgt-workspace"
-RUN git clone https://github.com/PharmaLedger-IMI/fgt-workspace.git $TARGET_FOLDER_NAME
+RUN apk --no-cache add git curl && apk add --no-cache --upgrade bash
 
-RUN cd $TARGET_FOLDER_NAME && \
+RUN npm install -g node-gyp 
+
+# create folder fgt-workspace and change its owner to pre-existing user 'node'
+RUN mkdir -p /fgt-workspace
+
+#checkov:skip=CKV_DOCKER_3: "Ensure that a user for the container has been created"
+WORKDIR /fgt-workspace
+
+# Build the software - Note: Clone by specific tag or branch
+RUN git clone -b ${GIT_BRANCH} --single-branch --depth 1 https://github.com/PharmaLedger-IMI/fgt-workspace.git . && \
     npm install --unsafe-perm
 
-# Copy the API HUB Configs (BDNS, domains, etc)
-COPY config/ $TARGET_FOLDER_NAME/apihub-root/external-volume/config/
+# copy bdns+domain configuration files from local context
+COPY config/ apihub-root/external-volume/config/
+
+# Remove all Git related files and directories - see https://gist.github.com/facelordgists/80e868ff5e315878ecd6
+RUN find . \( -name ".git" -o -name ".gitignore" -o -name ".gitmodules" -o -name ".gitattributes" \) -exec rm -rf -- {} +
+
+# Save some space by removing directories not needed in production
+RUN rm -rf docs workdocs
+
+# git no longer needed for runtime
+RUN apk del git
+
+RUN chown -R node /fgt-workspace
+
+USER node
 
-# Start the server, run build-all, run the ROLE specific API and run the swagger instance<
-RUN cd $TARGET_FOLDER_NAME && \
-    echo 'npm run server & \n sleep 5s \n npm run build-all \n cd fgt-api && npm run boot-api & \n tail -f /dev/null' >> startup-script.sh
-RUN cd $TARGET_FOLDER_NAME && cat startup-script.sh
+CMD ["npm", "run", "server"]
+# The command above starts the apihub server, and never returns.
+# tracebility must additionally execute "npm run build-all".
+# participants must additionally execute "npm run build-all ; cd fgt-api && npm run boot-api " (or npm run boot-api-helm).
+# That needs to be perfomed by external tool.
 
+# APIHub & Dashboard - traceability only has apihub.
 EXPOSE 8080/tcp
+# FGT API - different for Wholesaler & Pharmacy
 EXPOSE 8081/tcp
+# Swagger
 EXPOSE 3009/tcp
 
-CMD cd $TARGET_FOLDER_NAME && \
-    bash startup-script.sh
diff --git a/docker/api/docker-compose-eth.yml b/docker/api/docker-compose-eth.yml
index 29efa0e2..dd281a6a 100644
--- a/docker/api/docker-compose-eth.yml
+++ b/docker/api/docker-compose-eth.yml
@@ -7,7 +7,7 @@ services:
         ipv4_address: 172.16.63.51
       qbn-net:
         ipv4_address: 172.16.16.51
-    command: ["/bin/bash", "-c", "cd /fgt-workspace && bash startup-eth-script.sh"]
+    command: ["/bin/bash", "-c", "cd /fgt-workspace ; npm run switch-to-test-chain ; npm run server & ( sleep 5s ; npm run build-all ; tail -f /dev/null )"]
 
 networks:
   qbn-net:
diff --git a/docker/api/docker-compose.yml b/docker/api/docker-compose.yml
index fedd20b9..09aacef2 100644
--- a/docker/api/docker-compose.yml
+++ b/docker/api/docker-compose.yml
@@ -10,6 +10,8 @@ x-participant-def:
     timeout: 3s
     retries: 100
     start_period: 40s
+  command: ["/bin/bash", "-c", "cd /fgt-workspace ; npm run server & ( sleep 5s ; npm run build-all ; cd fgt-api ; npm run boot-api )"]
+  # the command above is not for the tracebility apihub, so it must be overridden on fgt-workspace.
 x-mah-def:
   &mah-def
   << : *participant-def
@@ -121,7 +123,7 @@ services:
       timeout: 3s
       retries: 100
       start_period: 20s
-    command: ["/bin/bash", "-c", "cd /fgt-workspace && bash startup-noeth-script.sh"]
+    command: ["/bin/bash", "-c", "cd /fgt-workspace ; npm run switch-to-simul-chain ; npm run server & ( sleep 5s ; npm run build-all ; tail -f /dev/null )"]
 
   mah-roche:
     << : *mah-def
diff --git a/docker/api/traceability/Dockerfile b/docker/api/traceability/Dockerfile
index aa216d50..47322cc8 100644
--- a/docker/api/traceability/Dockerfile
+++ b/docker/api/traceability/Dockerfile
@@ -1,28 +1,52 @@
-FROM node:14.16-buster
+# Docker image build for Finished Goods Traceability (FGT)
+#
+FROM node:14.17.4-alpine
+
+# The tag, branch or commit hash to clone.
+ARG GIT_BRANCH
+ENV GIT_BRANCH=${GIT_BRANCH:-master}
+
+RUN apk --no-cache add git curl && apk add --no-cache --upgrade bash
 
 RUN npm install -g node-gyp
 
-ENV TARGET_FOLDER_NAME="fgt-workspace"
-RUN git clone https://github.com/PharmaLedger-IMI/fgt-workspace.git $TARGET_FOLDER_NAME
+# create folder fgt-workspace and change its owner to pre-existing user 'node'
+RUN mkdir -p /fgt-workspace
+
+#checkov:skip=CKV_DOCKER_3: "Ensure that a user for the container has been created"
+WORKDIR /fgt-workspace
 
-RUN cd $TARGET_FOLDER_NAME && \
+# Build the software - Note: Clone by specific tag or branch
+RUN git clone -b ${GIT_BRANCH} --single-branch --depth 1 https://github.com/PharmaLedger-IMI/fgt-workspace.git . && \
     npm install --unsafe-perm
 
-COPY config/ $TARGET_FOLDER_NAME/apihub-root/external-volume/config/
+# copy bdns+domain configuration files from local context
+COPY config/ apihub-root/external-volume/config/
+
+# Remove all Git related files and directories - see https://gist.github.com/facelordgists/80e868ff5e315878ecd6
+RUN find . \( -name ".git" -o -name ".gitignore" -o -name ".gitmodules" -o -name ".gitattributes" \) -exec rm -rf -- {} +
+
+# Save some space by removing directories not needed in production
+RUN rm -rf docs workdocs
+
+# git no longer needed for runtime
+RUN apk del git
 
-RUN cd $TARGET_FOLDER_NAME && \
-    echo 'npm run server & \n sleep 5s \n npm run build-all \n tail -f /dev/null' >> startup-script.sh
-RUN cd $TARGET_FOLDER_NAME && cat startup-script.sh
+# this is very slow, specially on the node_modules folder
+RUN chown -R node /fgt-workspace
 
-# #30 alternative startup script with ethAdapter
-RUN cd $TARGET_FOLDER_NAME && \
-    echo 'npm run switch-to-test-chain ; source startup-script.sh' >> startup-eth-script.sh
+USER node
 
-# #30 alternative startup script without ethAdapter
-RUN cd $TARGET_FOLDER_NAME && \
-    echo 'npm run switch-to-simul-chain ; source startup-script.sh' >> startup-noeth-script.sh
+CMD ["npm", "run", "server"]
+# The command above starts the apihub server, and never returns.
+# tracebility must additionally execute "npm run build-all".
+# participants must additionally execute "npm run build-all ; cd fgt-api && npm run boot-api " (or npm run boot-api-helm).
+# That needs to be perfomed by external tool.
 
+# APIHub & Dashboard - traceability only has apihub.
 EXPOSE 8080/tcp
+# FGT API - different for Wholesaler & Pharmacy
+# EXPOSE 8081/tcp
+# Swagger
+# EXPOSE 3009/tcp
 
-CMD cd $TARGET_FOLDER_NAME && \
-    bash startup-script.sh