From f2b1bec47c0c7de7299216495c885ae050d597e7 Mon Sep 17 00:00:00 2001
From: Ben Hardill <ben@flowforge.com>
Date: Thu, 9 Oct 2025 22:53:01 +0100
Subject: [PATCH] Convert to Docker Secrets

---
 file-server/Dockerfile        | 6 +-----
 flowforge-docker/Dockerfile   | 7 +------
 node-red-container/Dockerfile | 6 +-----
 3 files changed, 3 insertions(+), 16 deletions(-)

diff --git a/file-server/Dockerfile b/file-server/Dockerfile
index fe48b2f..9334353 100644
--- a/file-server/Dockerfile
+++ b/file-server/Dockerfile
@@ -1,16 +1,12 @@
 FROM node:20-alpine
 
-ARG REGISTRY
-ARG REGISTRY_TOKEN
 ARG TAG
-RUN if [[ ! -z "$REGISTRY_TOKEN" ]]; then echo "//$REGISTRY/:_authToken=$REGISTRY_TOKEN" >> ~/.npmrc ; fi
-RUN if [[ ! -z "$REGISTRY" ]] ; then npm config set @flowfuse:registry "https://$REGISTRY"; fi
 
 WORKDIR /usr/src/flowforge-file-server
 RUN mkdir app bin etc var
 COPY package.json /usr/src/flowforge-file-server/app
 WORKDIR /usr/src/flowforge-file-server/app
-RUN npm install --production --no-audit --no-fund
+RUN --mount=type=secret,id=npm,target=/root/.npmrc npm install --production --no-audit --no-fund
 ENV FLOWFORGE_HOME=/usr/src/flowforge-file-server
 
 LABEL org.label-schema.name="FlowFuse File Storage" \
diff --git a/flowforge-docker/Dockerfile b/flowforge-docker/Dockerfile
index 88c24ee..1de44a7 100644
--- a/flowforge-docker/Dockerfile
+++ b/flowforge-docker/Dockerfile
@@ -1,10 +1,5 @@
 FROM node:20-alpine
 
-ARG REGISTRY
-ARG REGISTRY_TOKEN
-RUN if [[ ! -z "$REGISTRY_TOKEN" ]]; then echo "//$REGISTRY/:_authToken=$REGISTRY_TOKEN" >> ~/.npmrc ; fi
-RUN if [[ ! -z "$REGISTRY" ]] ; then npm config set @flowfuse:registry "https://$REGISTRY"; fi
-
 RUN apk add --no-cache --virtual build-base g++ make py3-pip sqlite-dev python3 git
 
 WORKDIR /usr/src/forge
@@ -15,7 +10,7 @@ RUN ./install-device-cache.sh && rm install-device-cache.sh
 WORKDIR /usr/src/forge
 COPY package.json /usr/src/forge/app
 WORKDIR /usr/src/forge/app
-RUN npm install --production --no-audit --no-fund 
+RUN --mount=type=secret,id=npm,target=/root/.npmrc npm install --production --no-audit --no-fund 
 
 ENV FLOWFORGE_HOME=/usr/src/forge
 
diff --git a/node-red-container/Dockerfile b/node-red-container/Dockerfile
index 44dc427..f3c78bf 100644
--- a/node-red-container/Dockerfile
+++ b/node-red-container/Dockerfile
@@ -1,10 +1,6 @@
 FROM nodered/node-red:3.1.15-18
 
-ARG REGISTRY
-ARG REGISTRY_TOKEN
 ARG BUILD_TAG=latest
-RUN if [[ ! -z "$REGISTRY_TOKEN" ]]; then echo "//$REGISTRY/:_authToken=$REGISTRY_TOKEN" >> ~/.npmrc ; fi
-RUN if [[ ! -z "$REGISTRY" ]] ; then npm config set @flowfuse:registry "https://$REGISTRY"; fi
 
 COPY healthcheck.js /healthcheck.js
 
@@ -21,7 +17,7 @@ RUN chown -R node-red:node-red /usr/src/flowforge-nr-launcher
 RUN ln -s /usr/src/flowforge-nr-launcher /usr/src/flowfuse-nr-launcher
 
 USER node-red
-RUN npm install @flowfuse/nr-launcher@${BUILD_TAG}
+RUN --mount=type=secret,id=npm,target=/usr/src/node-red/.npmrc npm install @flowfuse/nr-launcher@${BUILD_TAG}
 
 USER root
 RUN mkdir -p /data/storage