Optimize container size

.dockerignore

@@ -0,0 +1,24 @@
+node_modules
+npm-debug.log
+.git
+.gitignore
+README.md
+.env
+.env.*
+config/*.env
+dist
+build
+coverage
+logs
+*.log
+.DS_Store
+.vscode
+.idea
+*.md
+docker-compose*.yml
+Dockerfile
+.github
+.gitlab-ci.yml
+.travis.yml
+.circleci
+

.github/workflows/staging-pipeline.yml

@@ -38,7 +38,6 @@ jobs:
   publish:
     needs: run-linters
     runs-on: ubuntu-latest
-    if: github.event_name == 'push'
     permissions:
       contents: read
       packages: write
@@ -58,11 +57,12 @@ jobs:
         with:
           push: true
           tags: |
-            ghcr.io/giveth/impact-graph:staging
             ghcr.io/giveth/impact-graph:${{ github.sha }}
+
   deploy:
     needs: publish
     runs-on: ubuntu-latest
+    if: github.event_name == 'push'
     steps:
       - name: SSH and Redeploy
         uses: appleboy/[email protected]

Dockerfile

@@ -1,19 +1,20 @@
-#https://hub.docker.com/_/node?tab=tags&page=1
-FROM node:20.11.0-alpine3.18
+# https://hub.docker.com/_/node?tab=tags&page=1
+# Build stage
+FROM node:22-alpine AS builder
 
 WORKDIR /usr/src/app
 
-
 COPY package*.json ./
 COPY patches ./patches
 COPY tsconfig.json .
 
-
-RUN apk add --update alpine-sdk
-RUN apk add git python3
-RUN apk add --no-cache  chromium --repository=http://dl-cdn.alpinelinux.org/alpine/v3.18/main
-RUN npm ci
-RUN npm i -g ts-node
+# Combine RUN commands to reduce layers
+RUN apk add --update --no-cache \
+    git \
+    patch \
+    python3 \
+    build-base && \
+    npm ci
 
 # When building docker images, docker caches the steps, so it's better to put the lines that would have lots of changes
 # last, then when changing these steps the previous steps would use cache and move forward fast
@@ -22,4 +23,24 @@ COPY src ./src
 COPY test ./test
 COPY migration ./migration
 
-RUN npm run build
+RUN npm run build && npm prune --omit=dev
+
+# Production stage
+FROM node:22-alpine
+
+WORKDIR /usr/src/app
+
+ENV NODE_ENV=production
+
+# Add non-root user for security before copying files with ownership
+RUN addgroup -g 1001 -S nodejs && adduser -S nodejs -u 1001
+
+# Copy built files from builder stage (assign ownership to non-root user)
+COPY --chown=nodejs:nodejs package*.json ./
+COPY --from=builder --chown=nodejs:nodejs /usr/src/app/node_modules ./node_modules
+COPY --from=builder --chown=nodejs:nodejs /usr/src/app/build ./build
+
+# Create .adminjs directory with proper permissions for adminjs to write bundles
+RUN mkdir -p /usr/src/app/.adminjs && chown -R nodejs:nodejs /usr/src/app/.adminjs
+
+USER nodejs

README.md

@@ -255,8 +255,8 @@ Access the admin dashboard at `/admin` with these default credentials (in develo
 Creating an admin user manually:
 
 ```sql
--- First generate the hash with bcrypt
-const bcrypt = require('bcrypt');
+-- First generate the hash with bcryptjs
+const bcrypt = require('bcryptjs');
 bcrypt.hash(
   'yourPassword',
   Number('yourSalt'),

migration/1672836674875-createTestAdminUser.ts

@@ -1,7 +1,7 @@
 import { MigrationInterface, QueryRunner } from 'typeorm';
 import config from '../src/config';
 // eslint-disable-next-line @typescript-eslint/no-var-requires
-const bcrypt = require('bcrypt');
+const bcrypt = require('bcryptjs');
 
 export class createTestAdminUser1672836674875 implements MigrationInterface {
   async up(queryRunner: QueryRunner): Promise<void> {

migration/1681125863016-create_some_test_admi_users.ts

@@ -1,9 +1,9 @@
 import { MigrationInterface, QueryRunner } from 'typeorm';
 import config from '../src/config';
-import { generateRandomEtheriumAddress } from '../test/testUtils';
 import { UserRole } from '../src/entities/user';
+import { generateRandomEtheriumAddress } from '../src/utils/utils';
 // eslint-disable-next-line @typescript-eslint/no-var-requires
-const bcrypt = require('bcrypt');
+const bcrypt = require('bcryptjs');
 
 export class createSomeTestAdmiUsers1681125863016
   implements MigrationInterface